[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.221' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.620879][ T8474] [ 71.623213][ T8474] ====================================================== [ 71.630307][ T8474] WARNING: possible circular locking dependency detected [ 71.637380][ T8474] 5.13.0-syzkaller #0 Not tainted [ 71.642372][ T8474] ------------------------------------------------------ [ 71.649360][ T8474] syz-executor683/8474 is trying to acquire lock: [ 71.655747][ T8474] ffff88801eaded18 (&disk->open_mutex){+.+.}-{3:3}, at: del_gendisk+0x8b/0x770 [ 71.664696][ T8474] [ 71.664696][ T8474] but task is already holding lock: [ 71.672037][ T8474] ffffffff8cc7cb68 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 71.682187][ T8474] [ 71.682187][ T8474] which lock already depends on the new lock. [ 71.682187][ T8474] [ 71.692564][ T8474] [ 71.692564][ T8474] the existing dependency chain (in reverse order) is: [ 71.701548][ T8474] [ 71.701548][ T8474] -> #1 (nbd_index_mutex){+.+.}-{3:3}: [ 71.709159][ T8474] __mutex_lock+0x12a/0x10a0 [ 71.714257][ T8474] nbd_open+0x7d/0x8a0 [ 71.718833][ T8474] blkdev_get_whole+0xa1/0x420 [ 71.724107][ T8474] blkdev_get_by_dev.part.0+0x30c/0xdd0 [ 71.730154][ T8474] blkdev_open+0x295/0x300 [ 71.735070][ T8474] do_dentry_open+0x4c8/0x11c0 [ 71.740338][ T8474] path_openat+0x1c0e/0x27e0 [ 71.745450][ T8474] do_filp_open+0x190/0x3d0 [ 71.750448][ T8474] do_sys_openat2+0x16d/0x420 [ 71.755619][ T8474] __x64_sys_open+0x119/0x1c0 [ 71.760790][ T8474] do_syscall_64+0x35/0xb0 [ 71.765698][ T8474] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.772087][ T8474] [ 71.772087][ T8474] -> #0 (&disk->open_mutex){+.+.}-{3:3}: [ 71.779879][ T8474] __lock_acquire+0x2a07/0x54a0 [ 71.785251][ T8474] lock_acquire+0x1ab/0x510 [ 71.790261][ T8474] __mutex_lock+0x12a/0x10a0 [ 71.795347][ T8474] del_gendisk+0x8b/0x770 [ 71.800332][ T8474] nbd_put.part.0+0x82/0x160 [ 71.805422][ T8474] nbd_genl_connect+0x1214/0x1660 [ 71.810940][ T8474] genl_family_rcv_msg_doit+0x228/0x320 [ 71.816980][ T8474] genl_rcv_msg+0x328/0x580 [ 71.821992][ T8474] netlink_rcv_skb+0x153/0x420 [ 71.827248][ T8474] genl_rcv+0x24/0x40 [ 71.833203][ T8474] netlink_unicast+0x533/0x7d0 [ 71.838463][ T8474] netlink_sendmsg+0x85b/0xda0 [ 71.843738][ T8474] sock_sendmsg+0xcf/0x120 [ 71.848653][ T8474] ____sys_sendmsg+0x6e8/0x810 [ 71.853914][ T8474] ___sys_sendmsg+0xf3/0x170 [ 71.859000][ T8474] __sys_sendmsg+0xe5/0x1b0 [ 71.864000][ T8474] do_syscall_64+0x35/0xb0 [ 71.868915][ T8474] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.875327][ T8474] [ 71.875327][ T8474] other info that might help us debug this: [ 71.875327][ T8474] [ 71.885531][ T8474] Possible unsafe locking scenario: [ 71.885531][ T8474] [ 71.892950][ T8474] CPU0 CPU1 [ 71.898285][ T8474] ---- ---- [ 71.903623][ T8474] lock(nbd_index_mutex); [ 71.908011][ T8474] lock(&disk->open_mutex); [ 71.915102][ T8474] lock(nbd_index_mutex); [ 71.922009][ T8474] lock(&disk->open_mutex); [ 71.926569][ T8474] [ 71.926569][ T8474] *** DEADLOCK *** [ 71.926569][ T8474] [ 71.934685][ T8474] 3 locks held by syz-executor683/8474: [ 71.940199][ T8474] #0: ffffffff8d94a490 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 71.948348][ T8474] #1: ffffffff8d94a548 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 [ 71.957277][ T8474] #2: ffffffff8cc7cb68 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 71.967856][ T8474] [ 71.967856][ T8474] stack backtrace: [ 71.973714][ T8474] CPU: 0 PID: 8474 Comm: syz-executor683 Not tainted 5.13.0-syzkaller #0 [ 71.982112][ T8474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.992151][ T8474] Call Trace: [ 71.995419][ T8474] dump_stack_lvl+0xcd/0x134 [ 71.999990][ T8474] check_noncircular+0x25f/0x2e0 [ 72.004916][ T8474] ? print_circular_bug+0x1e0/0x1e0 [ 72.010105][ T8474] ? kmem_cache_free+0x8e/0x5a0 [ 72.014944][ T8474] ? lockdep_lock+0xc6/0x200 [ 72.019511][ T8474] ? call_rcu_zapped+0xb0/0xb0 [ 72.024254][ T8474] __lock_acquire+0x2a07/0x54a0 [ 72.029083][ T8474] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.035036][ T8474] ? mark_held_locks+0x9f/0xe0 [ 72.039778][ T8474] lock_acquire+0x1ab/0x510 [ 72.044267][ T8474] ? del_gendisk+0x8b/0x770 [ 72.048746][ T8474] ? lock_release+0x720/0x720 [ 72.053397][ T8474] ? lockdep_hardirqs_on+0x79/0x100 [ 72.058574][ T8474] __mutex_lock+0x12a/0x10a0 [ 72.063139][ T8474] ? del_gendisk+0x8b/0x770 [ 72.067620][ T8474] ? lock_downgrade+0x6e0/0x6e0 [ 72.072462][ T8474] ? del_gendisk+0x8b/0x770 [ 72.076941][ T8474] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.083158][ T8474] ? mutex_lock_io_nested+0xf00/0xf00 [ 72.088505][ T8474] ? kobj_kset_leave+0x12/0x200 [ 72.093334][ T8474] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.099552][ T8474] ? kobject_put+0xb9/0x540 [ 72.104038][ T8474] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 72.109732][ T8474] ? kfree_const+0x35/0x60 [ 72.114129][ T8474] del_gendisk+0x8b/0x770 [ 72.118434][ T8474] ? nbd_config_put+0x5e8/0x8e0 [ 72.123259][ T8474] nbd_put.part.0+0x82/0x160 [ 72.127825][ T8474] nbd_genl_connect+0x1214/0x1660 [ 72.132826][ T8474] ? nbd_start_device+0xd50/0xd50 [ 72.137830][ T8474] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.144046][ T8474] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 72.151392][ T8474] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 72.158652][ T8474] genl_family_rcv_msg_doit+0x228/0x320 [ 72.164175][ T8474] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 72.171536][ T8474] ? genl_op_from_small+0x23/0x3c0 [ 72.176620][ T8474] ? genl_get_cmd+0x3cf/0x480 [ 72.181273][ T8474] genl_rcv_msg+0x328/0x580 [ 72.185751][ T8474] ? genl_get_cmd+0x480/0x480 [ 72.190398][ T8474] ? nbd_start_device+0xd50/0xd50 [ 72.195395][ T8474] ? lock_release+0x720/0x720 [ 72.200046][ T8474] netlink_rcv_skb+0x153/0x420 [ 72.204788][ T8474] ? genl_get_cmd+0x480/0x480 [ 72.209437][ T8474] ? netlink_ack+0xa60/0xa60 [ 72.213998][ T8474] genl_rcv+0x24/0x40 [ 72.217955][ T8474] netlink_unicast+0x533/0x7d0 [ 72.222695][ T8474] ? netlink_attachskb+0x890/0x890 [ 72.227781][ T8474] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.234018][ T8474] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.240233][ T8474] ? __phys_addr_symbol+0x2c/0x70 [ 72.245230][ T8474] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 72.250921][ T8474] ? __check_object_size+0x16e/0x3f0 [ 72.256192][ T8474] netlink_sendmsg+0x85b/0xda0 [ 72.260948][ T8474] ? netlink_unicast+0x7d0/0x7d0 [ 72.265861][ T8474] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.272077][ T8474] ? netlink_unicast+0x7d0/0x7d0 [ 72.276994][ T8474] sock_sendmsg+0xcf/0x120 [ 72.281387][ T8474] ____sys_sendmsg+0x6e8/0x810 [ 72.286140][ T8474] ? kernel_sendmsg+0x50/0x50 [ 72.290792][ T8474] ? do_recvmmsg+0x6d0/0x6d0 [ 72.295354][ T8474] ? lock_chain_count+0x20/0x20 [ 72.300177][ T8474] ? netlink_recvmsg+0x826/0xeb0 [ 72.305098][ T8474] ___sys_sendmsg+0xf3/0x170 [ 72.309659][ T8474] ? sendmsg_copy_msghdr+0x160/0x160 [ 72.314917][ T8474] ? __lock_acquire+0x162f/0x54a0 [ 72.319918][ T8474] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.325873][ T8474] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.331829][ T8474] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.338043][ T8474] ? __fget_light+0x215/0x280 [ 72.342697][ T8474] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.348913][ T8474] __sys_sendmsg+0xe5/0x1b0 [ 72.353403][ T8474] ? __sys_sendmsg_sock+0x30/0x30 [ 72.358402][ T8474] ? syscall_enter_from_user_mode+0x21/0x70 [ 72.364275][ T8474] do_syscall_64+0x35/0xb0 [ 72.368664][ T8474] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.374534][ T8474] RIP: 0033:0x43fa89 [ 72.378404][ T8474] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.397996][ T8474] RSP: 002b:00007ffd1c7429d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 72.406384][ T8474] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fa89 [ 72.414330][ T8474] RDX: 0000000000000000 RSI: 0000000020001880 RDI: 0000000000000004 [ 72.422272][ T8474] RBP: 00000000004034f0 R08: 0000000000000004 R09: 00000000004004a0 [ 72.430216][ T8474] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000403580 [ 72.438171][ T8474] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 72.458055][ T8474] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 72.469786][ T8474] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 72.478197][ T8474] CPU: 1 PID: 8474 Comm: syz-executor683 Not tainted 5.13.0-syzkaller #0 [ 72.486615][ T8474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.496668][ T8474] RIP: 0010:blk_mq_run_hw_queues+0x32b/0x4a0 [ 72.502656][ T8474] Code: ea 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 8b 45 00 89 db 48 8d 1c 98 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed [ 72.522252][ T8474] RSP: 0018:ffffc9000176f3b0 EFLAGS: 00010247 [ 72.528294][ T8474] RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 72.536240][ T8474] RDX: 0000000000000000 RSI: ffffffff83be8009 RDI: ffff8881466689d0 [ 72.544185][ T8474] RBP: ffff888146660000 R08: 0000000000000000 R09: ffff888146668947 [ 72.552132][ T8474] R10: ffffffff83be7e41 R11: 0000000000000000 R12: ffff888146668000 [ 72.560083][ T8474] R13: ffff88801dd2d4b0 R14: ffff8880287d8608 R15: 0000000000000001 [ 72.568034][ T8474] FS: 0000000001fe1300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 72.576950][ T8474] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.583526][ T8474] CR2: 00005592e6f25928 CR3: 0000000017d40000 CR4: 00000000001506e0 [ 72.591480][ T8474] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.599431][ T8474] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.607385][ T8474] Call Trace: [ 72.610658][ T8474] blk_freeze_queue_start+0xc4/0xe0 [ 72.615854][ T8474] blk_set_queue_dying+0x24/0x80 [ 72.620780][ T8474] blk_cleanup_queue+0x7b/0x1e0 [ 72.625627][ T8474] blk_cleanup_disk+0x33/0x80 [ 72.630292][ T8474] nbd_put.part.0+0x92/0x160 [ 72.634869][ T8474] nbd_genl_connect+0x1214/0x1660 [ 72.639874][ T8474] ? nbd_start_device+0xd50/0xd50 [ 72.644883][ T8474] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.651113][ T8474] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 72.658474][ T8474] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 72.665745][ T8474] genl_family_rcv_msg_doit+0x228/0x320 [ 72.671275][ T8474] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 72.678718][ T8474] ? genl_op_from_small+0x23/0x3c0 [ 72.683816][ T8474] ? genl_get_cmd+0x3cf/0x480 [ 72.688479][ T8474] genl_rcv_msg+0x328/0x580 [ 72.692964][ T8474] ? genl_get_cmd+0x480/0x480 [ 72.697622][ T8474] ? nbd_start_device+0xd50/0xd50 [ 72.702628][ T8474] ? lock_release+0x720/0x720 [ 72.707373][ T8474] netlink_rcv_skb+0x153/0x420 [ 72.712120][ T8474] ? genl_get_cmd+0x480/0x480 [ 72.716777][ T8474] ? netlink_ack+0xa60/0xa60 [ 72.721346][ T8474] genl_rcv+0x24/0x40 [ 72.725304][ T8474] netlink_unicast+0x533/0x7d0 [ 72.730068][ T8474] ? netlink_attachskb+0x890/0x890 [ 72.735161][ T8474] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.741381][ T8474] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.747686][ T8474] ? __phys_addr_symbol+0x2c/0x70 [ 72.752690][ T8474] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 72.758401][ T8474] ? __check_object_size+0x16e/0x3f0 [ 72.763676][ T8474] netlink_sendmsg+0x85b/0xda0 [ 72.768447][ T8474] ? netlink_unicast+0x7d0/0x7d0 [ 72.773366][ T8474] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.779587][ T8474] ? netlink_unicast+0x7d0/0x7d0 [ 72.784505][ T8474] sock_sendmsg+0xcf/0x120 [ 72.788905][ T8474] ____sys_sendmsg+0x6e8/0x810 [ 72.793653][ T8474] ? kernel_sendmsg+0x50/0x50 [ 72.798319][ T8474] ? do_recvmmsg+0x6d0/0x6d0 [ 72.802896][ T8474] ? lock_chain_count+0x20/0x20 [ 72.807739][ T8474] ? netlink_recvmsg+0x826/0xeb0 [ 72.812675][ T8474] ___sys_sendmsg+0xf3/0x170 [ 72.817256][ T8474] ? sendmsg_copy_msghdr+0x160/0x160 [ 72.822523][ T8474] ? __lock_acquire+0x162f/0x54a0 [ 72.827532][ T8474] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.833512][ T8474] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.839478][ T8474] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.845708][ T8474] ? __fget_light+0x215/0x280 [ 72.850376][ T8474] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.856604][ T8474] __sys_sendmsg+0xe5/0x1b0 [ 72.861096][ T8474] ? __sys_sendmsg_sock+0x30/0x30 [ 72.866104][ T8474] ? syscall_enter_from_user_mode+0x21/0x70 [ 72.871978][ T8474] do_syscall_64+0x35/0xb0 [ 72.876371][ T8474] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.882252][ T8474] RIP: 0033:0x43fa89 [ 72.886123][ T8474] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.905709][ T8474] RSP: 002b:00007ffd1c7429d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 72.914100][ T8474] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fa89 [ 72.922057][ T8474] RDX: 0000000000000000 RSI: 0000000020001880 RDI: 0000000000000004 [ 72.930007][ T8474] RBP: 00000000004034f0 R08: 0000000000000004 R09: 00000000004004a0 [ 72.937957][ T8474] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000403580 [ 72.945909][ T8474] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 72.953962][ T8474] Modules linked in: [ 72.960157][ T8474] ---[ end trace 0a7a6e1a9f6d9ac5 ]--- [ 72.965623][ T8474] RIP: 0010:blk_mq_run_hw_queues+0x32b/0x4a0 [ 72.971920][ T8474] Code: ea 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 8b 45 00 89 db 48 8d 1c 98 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed [ 72.991726][ T8474] RSP: 0018:ffffc9000176f3b0 EFLAGS: 00010247 [ 72.997799][ T8474] RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 73.006167][ T8474] RDX: 0000000000000000 RSI: ffffffff83be8009 RDI: ffff8881466689d0 [ 73.014240][ T8474] RBP: ffff888146660000 R08: 0000000000000000 R09: ffff888146668947 [ 73.022596][ T8474] R10: ffffffff83be7e41 R11: 0000000000000000 R12: ffff888146668000 [ 73.030621][ T8474] R13: ffff88801dd2d4b0 R14: ffff8880287d8608 R15: 0000000000000001 [ 73.038580][ T8474] FS: 0000000001fe1300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 73.047804][ T8474] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.054436][ T8474] CR2: 00007f6dd6e33000 CR3: 0000000017d40000 CR4: 00000000001506f0 [ 73.062471][ T8474] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.070465][ T8474] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.078436][ T8474] Kernel panic - not syncing: Fatal exception [ 73.085771][ T8474] Kernel Offset: disabled [ 73.090078][ T8474] Rebooting in 86400 seconds..