[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Warning: Permanently added '10.128.0.77' (ECDSA) to the list of known hosts. executing program [ 82.283792][ T37] audit: type=1400 audit(1625146417.426:8): avc: denied { execmem } for pid=8451 comm="syz-executor174" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 82.298522][ T8451] [ 82.306790][ T8451] ====================================================== [ 82.313785][ T8451] WARNING: possible circular locking dependency detected [ 82.320780][ T8451] 5.13.0-syzkaller #0 Not tainted [ 82.325810][ T8451] ------------------------------------------------------ [ 82.332800][ T8451] syz-executor174/8451 is trying to acquire lock: [ 82.339187][ T8451] ffff88801eff1918 (&disk->open_mutex){+.+.}-{3:3}, at: del_gendisk+0x8b/0x770 [ 82.348182][ T8451] [ 82.348182][ T8451] but task is already holding lock: [ 82.355551][ T8451] ffffffff8cc7b308 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 82.365715][ T8451] [ 82.365715][ T8451] which lock already depends on the new lock. [ 82.365715][ T8451] [ 82.376091][ T8451] [ 82.376091][ T8451] the existing dependency chain (in reverse order) is: [ 82.385091][ T8451] [ 82.385091][ T8451] -> #1 (nbd_index_mutex){+.+.}-{3:3}: [ 82.392718][ T8451] __mutex_lock+0x12a/0x10a0 [ 82.397852][ T8451] nbd_open+0x7d/0x8a0 [ 82.402425][ T8451] blkdev_get_whole+0xa1/0x420 [ 82.407692][ T8451] blkdev_get_by_dev.part.0+0x30c/0xdd0 [ 82.413754][ T8451] blkdev_open+0x295/0x300 [ 82.418671][ T8451] do_dentry_open+0x4c8/0x11c0 [ 82.423953][ T8451] path_openat+0x1c0e/0x27e0 [ 82.429043][ T8451] do_filp_open+0x190/0x3d0 [ 82.434064][ T8451] do_sys_openat2+0x16d/0x420 [ 82.439240][ T8451] __x64_sys_open+0x119/0x1c0 [ 82.444416][ T8451] do_syscall_64+0x35/0xb0 [ 82.449330][ T8451] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 82.455727][ T8451] [ 82.455727][ T8451] -> #0 (&disk->open_mutex){+.+.}-{3:3}: [ 82.463530][ T8451] __lock_acquire+0x2a07/0x54a0 [ 82.468907][ T8451] lock_acquire+0x1ab/0x510 [ 82.473925][ T8451] __mutex_lock+0x12a/0x10a0 [ 82.479015][ T8451] del_gendisk+0x8b/0x770 [ 82.483848][ T8451] nbd_put.part.0+0x82/0x160 [ 82.488960][ T8451] nbd_genl_connect+0x1214/0x1660 [ 82.494501][ T8451] genl_family_rcv_msg_doit+0x228/0x320 [ 82.500550][ T8451] genl_rcv_msg+0x328/0x580 [ 82.505573][ T8451] netlink_rcv_skb+0x153/0x420 [ 82.510943][ T8451] genl_rcv+0x24/0x40 [ 82.515453][ T8451] netlink_unicast+0x533/0x7d0 [ 82.520719][ T8451] netlink_sendmsg+0x85b/0xda0 [ 82.525985][ T8451] sock_sendmsg+0xcf/0x120 [ 82.530912][ T8451] ____sys_sendmsg+0x6e8/0x810 [ 82.536196][ T8451] ___sys_sendmsg+0xf3/0x170 [ 82.541287][ T8451] __sys_sendmsg+0xe5/0x1b0 [ 82.546305][ T8451] do_syscall_64+0x35/0xb0 [ 82.551225][ T8451] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 82.557625][ T8451] [ 82.557625][ T8451] other info that might help us debug this: [ 82.557625][ T8451] [ 82.567826][ T8451] Possible unsafe locking scenario: [ 82.567826][ T8451] [ 82.575249][ T8451] CPU0 CPU1 [ 82.580590][ T8451] ---- ---- [ 82.585931][ T8451] lock(nbd_index_mutex); [ 82.590324][ T8451] lock(&disk->open_mutex); [ 82.597409][ T8451] lock(nbd_index_mutex); [ 82.604384][ T8451] lock(&disk->open_mutex); [ 82.608961][ T8451] [ 82.608961][ T8451] *** DEADLOCK *** [ 82.608961][ T8451] [ 82.617079][ T8451] 3 locks held by syz-executor174/8451: [ 82.622600][ T8451] #0: ffffffff8d948390 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 82.630783][ T8451] #1: ffffffff8d948448 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 [ 82.639717][ T8451] #2: ffffffff8cc7b308 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 82.650354][ T8451] [ 82.650354][ T8451] stack backtrace: [ 82.656236][ T8451] CPU: 1 PID: 8451 Comm: syz-executor174 Not tainted 5.13.0-syzkaller #0 [ 82.664625][ T8451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.674657][ T8451] Call Trace: [ 82.677919][ T8451] dump_stack_lvl+0xcd/0x134 [ 82.682508][ T8451] check_noncircular+0x25f/0x2e0 [ 82.687426][ T8451] ? print_circular_bug+0x1e0/0x1e0 [ 82.692604][ T8451] ? lockdep_lock+0xc6/0x200 [ 82.697181][ T8451] ? call_rcu_zapped+0xb0/0xb0 [ 82.701931][ T8451] __lock_acquire+0x2a07/0x54a0 [ 82.706760][ T8451] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 82.712719][ T8451] ? mark_lock+0xef/0x17b0 [ 82.717113][ T8451] ? ____sys_sendmsg+0x6e8/0x810 [ 82.722037][ T8451] ? ___sys_sendmsg+0xf3/0x170 [ 82.726784][ T8451] lock_acquire+0x1ab/0x510 [ 82.731325][ T8451] ? del_gendisk+0x8b/0x770 [ 82.735825][ T8451] ? lock_release+0x720/0x720 [ 82.740480][ T8451] ? find_held_lock+0x2d/0x110 [ 82.745240][ T8451] __mutex_lock+0x12a/0x10a0 [ 82.749814][ T8451] ? del_gendisk+0x8b/0x770 [ 82.754313][ T8451] ? kernfs_put.part.0+0x2c4/0x540 [ 82.759406][ T8451] ? del_gendisk+0x8b/0x770 [ 82.763902][ T8451] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 82.770125][ T8451] ? mutex_lock_io_nested+0xf00/0xf00 [ 82.775478][ T8451] ? kobj_kset_leave+0x12/0x200 [ 82.780322][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 82.786546][ T8451] ? kobject_put+0xb9/0x540 [ 82.791030][ T8451] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 82.796742][ T8451] ? kfree_const+0x35/0x60 [ 82.801137][ T8451] del_gendisk+0x8b/0x770 [ 82.805451][ T8451] ? nbd_config_put+0x5e8/0x8e0 [ 82.810284][ T8451] nbd_put.part.0+0x82/0x160 [ 82.814867][ T8451] nbd_genl_connect+0x1214/0x1660 [ 82.819875][ T8451] ? nbd_start_device+0xd50/0xd50 [ 82.824883][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xd7/0x290 [ 82.832150][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 82.838371][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 82.845729][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 82.852996][ T8451] genl_family_rcv_msg_doit+0x228/0x320 [ 82.858540][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 82.865893][ T8451] ? genl_op_from_small+0x23/0x3c0 [ 82.870985][ T8451] ? genl_get_cmd+0x3cf/0x480 [ 82.875651][ T8451] genl_rcv_msg+0x328/0x580 [ 82.880134][ T8451] ? genl_get_cmd+0x480/0x480 [ 82.884835][ T8451] ? nbd_start_device+0xd50/0xd50 [ 82.889854][ T8451] ? lock_release+0x720/0x720 [ 82.894512][ T8451] netlink_rcv_skb+0x153/0x420 [ 82.899259][ T8451] ? genl_get_cmd+0x480/0x480 [ 82.903915][ T8451] ? netlink_ack+0xa60/0xa60 [ 82.908514][ T8451] genl_rcv+0x24/0x40 [ 82.912519][ T8451] netlink_unicast+0x533/0x7d0 [ 82.917285][ T8451] ? netlink_attachskb+0x890/0x890 [ 82.922385][ T8451] netlink_sendmsg+0x85b/0xda0 [ 82.927130][ T8451] ? netlink_unicast+0x7d0/0x7d0 [ 82.932068][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 82.938301][ T8451] ? netlink_unicast+0x7d0/0x7d0 [ 82.943218][ T8451] sock_sendmsg+0xcf/0x120 [ 82.947615][ T8451] ____sys_sendmsg+0x6e8/0x810 [ 82.952370][ T8451] ? kernel_sendmsg+0x50/0x50 [ 82.957028][ T8451] ? do_recvmmsg+0x6d0/0x6d0 [ 82.961610][ T8451] ? lock_chain_count+0x20/0x20 [ 82.966451][ T8451] ? netlink_recvmsg+0x826/0xeb0 [ 82.971370][ T8451] ___sys_sendmsg+0xf3/0x170 [ 82.975958][ T8451] ? sendmsg_copy_msghdr+0x160/0x160 [ 82.981222][ T8451] ? __lock_acquire+0x162f/0x54a0 [ 82.986226][ T8451] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 82.992186][ T8451] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 82.998144][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 83.004410][ T8451] ? __fget_light+0x215/0x280 [ 83.009067][ T8451] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 83.015302][ T8451] __sys_sendmsg+0xe5/0x1b0 [ 83.019800][ T8451] ? __sys_sendmsg_sock+0x30/0x30 [ 83.024805][ T8451] ? syscall_enter_from_user_mode+0x21/0x70 [ 83.030680][ T8451] do_syscall_64+0x35/0xb0 [ 83.035089][ T8451] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 83.040966][ T8451] RIP: 0033:0x43faa9 [ 83.044849][ T8451] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 83.064434][ T8451] RSP: 002b:00007fff4c9fec18 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.072834][ T8451] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043faa9 [ 83.080787][ T8451] RDX: 0000000000000000 RSI: 0000000020001880 RDI: 0000000000000004 [ 83.088739][ T8451] RBP: 0000000000403510 R08: 000000000000000c R09: 00000000004004a0 [ 83.096695][ T8451] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000004035a0 [ 83.104644][ T8451] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 Debian GNU/Linux 9 syzkaller ttyS0 [ 83.129420][ T8451] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 83.141152][ T8451] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 83.149563][ T8451] CPU: 0 PID: 8451 Comm: syz-executor174 Not tainted 5.13.0-syzkaller #0 [ 83.157982][ T8451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.168041][ T8451] RIP: 0010:blk_mq_run_hw_queues+0x32b/0x4a0 syzkaller[ login: 83.174034][ T8451] Code: ea 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 8b 45 00 89 db 48 8d 1c 98 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed [ 83.195091][ T8451] RSP: 0018:ffffc900017373b0 EFLAGS: 00010246 [ 83.201168][ T8451] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 83.209147][ T8451] RDX: 0000000000000000 RSI: ffffffff83be5d59 RDI: ffff88801efe3b10 [ 83.217126][ T8451] RBP: ffff88801efe6800 R08: 0000000000000000 R09: ffff88801efe3a87 [ 83.225130][ T8451] R10: ffffffff83be5b91 R11: 0000000000000000 R12: ffff88801efe3140 [ 83.233121][ T8451] R13: ffff88801eced0c0 R14: ffff8880185c9208 R15: 0000000000000001 [ 83.241142][ T8451] FS: 000000000133a300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 83.250111][ T8451] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 83.256698][ T8451] CR2: 000055944c0b0208 CR3: 000000001e189000 CR4: 00000000001506f0 [ 83.264688][ T8451] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 83.272671][ T8451] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 83.280647][ T8451] Call Trace: [ 83.283942][ T8451] blk_freeze_queue_start+0xc4/0xe0 [ 83.289213][ T8451] blk_set_queue_dying+0x24/0x80 [ 83.294164][ T8451] blk_cleanup_queue+0x7b/0x1e0 [ 83.299021][ T8451] blk_cleanup_disk+0x33/0x80 [ 83.303708][ T8451] nbd_put.part.0+0x92/0x160 [ 83.308315][ T8451] nbd_genl_connect+0x1214/0x1660 [ 83.313349][ T8451] ? nbd_start_device+0xd50/0xd50 [ 83.318383][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xd7/0x290 [ 83.325792][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 83.332090][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 83.339475][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 83.346769][ T8451] genl_family_rcv_msg_doit+0x228/0x320 [ 83.352322][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 83.359703][ T8451] ? genl_op_from_small+0x23/0x3c0 [ 83.364846][ T8451] ? genl_get_cmd+0x3cf/0x480 [ 83.369557][ T8451] genl_rcv_msg+0x328/0x580 [ 83.374105][ T8451] ? genl_get_cmd+0x480/0x480 [ 83.378803][ T8451] ? nbd_start_device+0xd50/0xd50 [ 83.383835][ T8451] ? lock_release+0x720/0x720 [ 83.388525][ T8451] netlink_rcv_skb+0x153/0x420 [ 83.393307][ T8451] ? genl_get_cmd+0x480/0x480 [ 83.398000][ T8451] ? netlink_ack+0xa60/0xa60 [ 83.402611][ T8451] genl_rcv+0x24/0x40 [ 83.406599][ T8451] netlink_unicast+0x533/0x7d0 [ 83.411373][ T8451] ? netlink_attachskb+0x890/0x890 [ 83.416492][ T8451] netlink_sendmsg+0x85b/0xda0 [ 83.421274][ T8451] ? netlink_unicast+0x7d0/0x7d0 [ 83.426236][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 83.432483][ T8451] ? netlink_unicast+0x7d0/0x7d0 [ 83.437427][ T8451] sock_sendmsg+0xcf/0x120 [ 83.441851][ T8451] ____sys_sendmsg+0x6e8/0x810 [ 83.446610][ T8451] ? kernel_sendmsg+0x50/0x50 [ 83.451360][ T8451] ? do_recvmmsg+0x6d0/0x6d0 [ 83.455968][ T8451] ? lock_chain_count+0x20/0x20 [ 83.460820][ T8451] ? netlink_recvmsg+0x826/0xeb0 [ 83.465777][ T8451] ___sys_sendmsg+0xf3/0x170 [ 83.470369][ T8451] ? sendmsg_copy_msghdr+0x160/0x160 [ 83.475663][ T8451] ? __lock_acquire+0x162f/0x54a0 [ 83.480705][ T8451] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 83.486713][ T8451] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 83.492702][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 83.498977][ T8451] ? __fget_light+0x215/0x280 [ 83.503801][ T8451] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 83.510060][ T8451] __sys_sendmsg+0xe5/0x1b0 [ 83.514578][ T8451] ? __sys_sendmsg_sock+0x30/0x30 [ 83.519620][ T8451] ? syscall_enter_from_user_mode+0x21/0x70 [ 83.525542][ T8451] do_syscall_64+0x35/0xb0 [ 83.529974][ T8451] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 83.535882][ T8451] RIP: 0033:0x43faa9 [ 83.539805][ T8451] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 83.559427][ T8451] RSP: 002b:00007fff4c9fec18 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.567842][ T8451] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043faa9 [ 83.575826][ T8451] RDX: 0000000000000000 RSI: 0000000020001880 RDI: 0000000000000004 [ 83.583811][ T8451] RBP: 0000000000403510 R08: 000000000000000c R09: 00000000004004a0 [ 83.591791][ T8451] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000004035a0 [ 83.599767][ T8451] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 83.607763][ T8451] Modules linked in: [ 83.612474][ T8451] ---[ end trace 41595f8a522e31b0 ]--- [ 83.618821][ T8451] RIP: 0010:blk_mq_run_hw_queues+0x32b/0x4a0 [ 83.624851][ T8451] Code: ea 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 8b 45 00 89 db 48 8d 1c 98 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed [ 83.644682][ T8451] RSP: 0018:ffffc900017373b0 EFLAGS: 00010246 [ 83.651181][ T8451] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 83.659274][ T8451] RDX: 0000000000000000 RSI: ffffffff83be5d59 RDI: ffff88801efe3b10 [ 83.667555][ T8451] RBP: ffff88801efe6800 R08: 0000000000000000 R09: ffff88801efe3a87 [ 83.675562][ T8451] R10: ffffffff83be5b91 R11: 0000000000000000 R12: ffff88801efe3140 [ 83.683585][ T8451] R13: ffff88801eced0c0 R14: ffff8880185c9208 R15: 0000000000000001 [ 83.691605][ T8451] FS: 000000000133a300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 83.700588][ T8451] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 83.707221][ T8451] CR2: 000055944c0b0208 CR3: 000000001e189000 CR4: 00000000001506f0 [ 83.715206][ T8451] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 83.723234][ T8451] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 83.731356][ T8451] Kernel panic - not syncing: Fatal exception [ 83.738265][ T8451] Kernel Offset: disabled [ 83.742583][ T8451] Rebooting in 86400 seconds..