{"id":"CVE-2024-42294","summary":"block: fix deadlock between sd_remove & sd_release","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove & sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task \"kworker/0:0\":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430]  __switch_to+0x174/0x338\n[ 2538.459436]  __schedule+0x628/0x9c4\n[ 2538.459442]  schedule+0x7c/0xe8\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459]  mutex_lock+0x30/0xd8\n[ 2538.459462]  del_gendisk+0xdc/0x350\n[ 2538.459466]  sd_remove+0x30/0x60\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474]  device_release_driver+0x18/0x28\n[ 2538.459478]  bus_remove_device+0x15c/0x174\n[ 2538.459483]  device_del+0x1d0/0x358\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\n[ 2538.459493]  scsi_forget_host+0x50/0x70\n[ 2538.459497]  scsi_remove_host+0x80/0x180\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514]  device_release_driver+0x18/0x28\n[ 2538.459518]  bus_remove_device+0x15c/0x174\n[ 2538.459523]  device_del+0x1d0/0x358\n[ 2538.459528]  usb_disable_device+0x84/0x194\n[ 2538.459532]  usb_disconnect+0xec/0x300\n[ 2538.459537]  hub_event+0xb80/0x1870\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\n[ 2538.459545]  worker_thread+0x244/0x334\n[ 2538.459549]  kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task \"fsck.\":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016]  __switch_to+0x174/0x338\n[ 2538.461021]  __schedule+0x628/0x9c4\n[ 2538.461025]  schedule+0x7c/0xe8\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051]  sd_release+0x50/0x94\n[ 2538.461054]  blkdev_put+0x190/0x28c\n[ 2538.461058]  blkdev_release+0x28/0x40\n[ 2538.461063]  __fput+0xf8/0x2a8\n[ 2538.461066]  __fput_sync+0x28/0x5c\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\n[ 2538.461073]  invoke_syscall+0x58/0x114\n[ 2538.461078]  el0_svc_common+0xac/0xe0\n[ 2538.461082]  do_el0_svc+0x1c/0x28\n[ 2538.461087]  el0_svc+0x38/0x68\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\n\n  T1:\t\t\t\tT2:\n  sd_remove\n  del_gendisk\n  __blk_mark_disk_dead\n  blk_freeze_queue_start\n  ++q-\u003emq_freeze_depth\n  \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(&disk-\u003eopen_mutex)\n  \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q-\u003emq_freeze_depth)\n  mutex_lock(&disk-\u003eopen_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don't try to acquire disk-\u003eopen_mutex after freezing\nthe queue.","modified":"2026-03-20T12:37:40.422959Z","published":"2024-08-17T09:09:02.984Z","related":["MGASA-2024-0309","MGASA-2024-0310","SUSE-SU-2024:3551-1","SUSE-SU-2024:3561-1","SUSE-SU-2024:3564-1","SUSE-SU-2025:20073-1","SUSE-SU-2025:20077-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42294.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42294.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42294"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"eec1be4c30df73238b936fa9f3653773a6f8b15c"},{"fixed":"5a5625a83eac91fdff1d5f0202ecfc45a31983c9"},{"fixed":"f5418f48a93b69ed9e6a2281eee06b412f14a544"},{"fixed":"7e04da2dc7013af50ed3a2beb698d5168d1e594b"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42294.json"}}],"schema_version":"1.7.5"}