[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Warning: Permanently added '10.128.1.31' (ECDSA) to the list of known hosts. executing program [ 85.336838][ T37] audit: type=1400 audit(1622522702.073:8): avc: denied { execmem } for pid=8425 comm="syz-executor735" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 85.426266][ T8429] [ 85.428749][ T8429] ====================================================== [ 85.436162][ T8429] WARNING: possible circular locking dependency detected [ 85.443815][ T8429] 5.13.0-rc4-syzkaller #0 Not tainted [ 85.449182][ T8429] ------------------------------------------------------ [ 85.456308][ T8429] syz-executor735/8429 is trying to acquire lock: [ 85.463063][ T8429] ffffffff8ca6ab28 (brd_devices_mutex){+.+.}-{3:3}, at: brd_probe+0x31/0x250 [ 85.471872][ T8429] [ 85.471872][ T8429] but task is already holding lock: [ 85.479575][ T8429] ffffffff8c7dea28 (major_names_lock){+.+.}-{3:3}, at: blk_request_module+0x25/0x1d0 [ 85.489993][ T8429] [ 85.489993][ T8429] which lock already depends on the new lock. [ 85.489993][ T8429] [ 85.501061][ T8429] [ 85.501061][ T8429] the existing dependency chain (in reverse order) is: [ 85.511358][ T8429] [ 85.511358][ T8429] -> #3 (major_names_lock){+.+.}-{3:3}: [ 85.519608][ T8429] __mutex_lock+0x139/0x10c0 [ 85.524827][ T8429] __register_blkdev+0x2b/0x3e0 [ 85.530349][ T8429] register_mtd_blktrans+0x85/0x3c0 [ 85.537315][ T8429] do_one_initcall+0x103/0x650 [ 85.543194][ T8429] kernel_init_freeable+0x643/0x6cc [ 85.549318][ T8429] kernel_init+0xd/0x1b8 [ 85.554801][ T8429] ret_from_fork+0x1f/0x30 [ 85.560068][ T8429] [ 85.560068][ T8429] -> #2 (mtd_table_mutex){+.+.}-{3:3}: [ 85.568206][ T8429] __mutex_lock+0x139/0x10c0 [ 85.573506][ T8429] blktrans_open+0x69/0x600 [ 85.578531][ T8429] __blkdev_get+0x182/0xa30 [ 85.584114][ T8429] blkdev_get_by_dev+0x200/0x660 [ 85.589657][ T8429] blkdev_open+0x154/0x2b0 [ 85.595032][ T8429] do_dentry_open+0x4b9/0x11b0 [ 85.601230][ T8429] path_openat+0x1c0e/0x27e0 [ 85.607039][ T8429] do_filp_open+0x190/0x3d0 [ 85.612245][ T8429] do_sys_openat2+0x16d/0x420 [ 85.617639][ T8429] __x64_sys_open+0x119/0x1c0 [ 85.623309][ T8429] do_syscall_64+0x3a/0xb0 [ 85.628424][ T8429] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 85.634926][ T8429] [ 85.634926][ T8429] -> #1 (&bdev->bd_mutex){+.+.}-{3:3}: [ 85.643265][ T8429] __mutex_lock+0x139/0x10c0 [ 85.648797][ T8429] blkdev_get_by_dev+0x1f6/0x660 [ 85.654383][ T8429] __device_add_disk+0x7f2/0x1230 [ 85.660151][ T8429] brd_init+0x307/0x4cd [ 85.664829][ T8429] do_one_initcall+0x103/0x650 [ 85.670295][ T8429] kernel_init_freeable+0x643/0x6cc [ 85.676034][ T8429] kernel_init+0xd/0x1b8 [ 85.680968][ T8429] ret_from_fork+0x1f/0x30 [ 85.686041][ T8429] [ 85.686041][ T8429] -> #0 (brd_devices_mutex){+.+.}-{3:3}: [ 85.694314][ T8429] __lock_acquire+0x2a17/0x5230 [ 85.699879][ T8429] lock_acquire+0x1ab/0x740 [ 85.706297][ T8429] __mutex_lock+0x139/0x10c0 [ 85.712352][ T8429] brd_probe+0x31/0x250 [ 85.717561][ T8429] blk_request_module+0x111/0x1d0 [ 85.723413][ T8429] blkdev_get_no_open+0x1d8/0x250 [ 85.728960][ T8429] blkdev_get_by_dev+0x76/0x660 [ 85.734754][ T8429] blkdev_open+0x154/0x2b0 [ 85.740101][ T8429] do_dentry_open+0x4b9/0x11b0 [ 85.746024][ T8429] path_openat+0x1c0e/0x27e0 [ 85.751537][ T8429] do_filp_open+0x190/0x3d0 [ 85.756575][ T8429] do_sys_openat2+0x16d/0x420 [ 85.762761][ T8429] __x64_sys_openat+0x13f/0x1f0 [ 85.768701][ T8429] do_syscall_64+0x3a/0xb0 [ 85.773815][ T8429] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 85.781432][ T8429] [ 85.781432][ T8429] other info that might help us debug this: [ 85.781432][ T8429] [ 85.792818][ T8429] Chain exists of: [ 85.792818][ T8429] brd_devices_mutex --> mtd_table_mutex --> major_names_lock [ 85.792818][ T8429] [ 85.808072][ T8429] Possible unsafe locking scenario: [ 85.808072][ T8429] [ 85.816068][ T8429] CPU0 CPU1 [ 85.821666][ T8429] ---- ---- [ 85.827040][ T8429] lock(major_names_lock); [ 85.831734][ T8429] lock(mtd_table_mutex); [ 85.839035][ T8429] lock(major_names_lock); [ 85.846267][ T8429] lock(brd_devices_mutex); [ 85.850961][ T8429] [ 85.850961][ T8429] *** DEADLOCK *** [ 85.850961][ T8429] [ 85.859177][ T8429] 1 lock held by syz-executor735/8429: [ 85.864622][ T8429] #0: ffffffff8c7dea28 (major_names_lock){+.+.}-{3:3}, at: blk_request_module+0x25/0x1d0 [ 85.874653][ T8429] [ 85.874653][ T8429] stack backtrace: [ 85.880550][ T8429] CPU: 0 PID: 8429 Comm: syz-executor735 Not tainted 5.13.0-rc4-syzkaller #0 [ 85.889409][ T8429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.899768][ T8429] Call Trace: [ 85.903317][ T8429] dump_stack+0x141/0x1d7 [ 85.907656][ T8429] check_noncircular+0x25f/0x2e0 [ 85.912588][ T8429] ? print_circular_bug+0x1e0/0x1e0 [ 85.917956][ T8429] ? lock_chain_count+0x20/0x20 [ 85.922842][ T8429] ? lockdep_lock+0xc6/0x200 [ 85.927446][ T8429] ? call_rcu_zapped+0xb0/0xb0 [ 85.932216][ T8429] __lock_acquire+0x2a17/0x5230 [ 85.937056][ T8429] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 85.943136][ T8429] lock_acquire+0x1ab/0x740 [ 85.947890][ T8429] ? brd_probe+0x31/0x250 [ 85.952223][ T8429] ? lock_release+0x720/0x720 [ 85.957101][ T8429] __mutex_lock+0x139/0x10c0 [ 85.961945][ T8429] ? brd_probe+0x31/0x250 [ 85.966361][ T8429] ? brd_probe+0x31/0x250 [ 85.970689][ T8429] ? blk_request_module+0x25/0x1d0 [ 85.975787][ T8429] ? mutex_lock_io_nested+0xf20/0xf20 [ 85.981150][ T8429] ? find_held_lock+0x2d/0x110 [ 85.985915][ T8429] ? mutex_lock_io_nested+0xf20/0xf20 [ 85.991286][ T8429] ? ilookup+0xb3/0x230 [ 85.995430][ T8429] ? lock_downgrade+0x6e0/0x6e0 [ 86.000272][ T8429] ? do_raw_spin_lock+0x120/0x2b0 [ 86.005388][ T8429] ? rwlock_bug.part.0+0x90/0x90 [ 86.010464][ T8429] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 86.016799][ T8429] ? brd_lookup_page+0x1c0/0x1c0 [ 86.023110][ T8429] brd_probe+0x31/0x250 [ 86.027285][ T8429] ? brd_lookup_page+0x1c0/0x1c0 [ 86.032232][ T8429] blk_request_module+0x111/0x1d0 [ 86.037367][ T8429] blkdev_get_no_open+0x1d8/0x250 [ 86.042600][ T8429] blkdev_get_by_dev+0x76/0x660 [ 86.047976][ T8429] blkdev_open+0x154/0x2b0 [ 86.052404][ T8429] do_dentry_open+0x4b9/0x11b0 [ 86.057261][ T8429] ? blkdev_get_by_dev+0x660/0x660 [ 86.062465][ T8429] ? may_open+0x1f6/0x420 [ 86.066906][ T8429] path_openat+0x1c0e/0x27e0 [ 86.071588][ T8429] ? path_lookupat+0x850/0x850 [ 86.077357][ T8429] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 86.083352][ T8429] do_filp_open+0x190/0x3d0 [ 86.087870][ T8429] ? may_open_dev+0xf0/0xf0 [ 86.092361][ T8429] ? do_raw_spin_lock+0x120/0x2b0 [ 86.097401][ T8429] ? rwlock_bug.part.0+0x90/0x90 [ 86.102415][ T8429] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 86.108818][ T8429] ? _find_next_bit+0x1e3/0x260 [ 86.113653][ T8429] ? _raw_spin_unlock+0x24/0x40 [ 86.118526][ T8429] ? alloc_fd+0x2e6/0x660 [ 86.122949][ T8429] do_sys_openat2+0x16d/0x420 [ 86.127631][ T8429] ? build_open_flags+0x6f0/0x6f0 [ 86.132840][ T8429] ? __context_tracking_exit+0xb8/0xe0 [ 86.138487][ T8429] ? lock_downgrade+0x6e0/0x6e0 [ 86.143351][ T8429] __x64_sys_openat+0x13f/0x1f0 [ 86.148309][ T8429] ? __ia32_sys_open+0x1c0/0x1c0 [ 86.153463][ T8429] ? syscall_enter_from_user_mode+0x27/0x70 [ 86.159454][ T8429] do_syscall_64+0x3a/0xb0 [ 86.163980][ T8429] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 86.169881][ T8429] RIP: 0033:0x445359 [ 86.173774][ T8429] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 86.194209][ T8429] RSP: 002b:00007f56726152f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 86.203759][ T8429] RAX: ffffffffffffffda RBX: 00000000004cc4f0 RCX: 0000000000445359 [ 86.212266][ T8429] RDX: 0000000000000000 RSI: 0000000020002040 RDI: 00000000ffffff9c [ 86.220776][ T8429] RBP: 000000000049c034 R08: 00007f5672615700 R09: 0000000000000000 [ 8