[ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.62' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.604060][ T8439] netlink: 4 bytes leftover after parsing attributes in process `syz-executor974'. [ 71.621981][ T8439] [ 71.624329][ T8439] ====================================================== [ 71.631322][ T8439] WARNING: possible circular locking dependency detected [ 71.638313][ T8439] 5.14.0-rc6-syzkaller #0 Not tainted [ 71.643656][ T8439] ------------------------------------------------------ [ 71.650651][ T8439] syz-executor974/8439 is trying to acquire lock: [ 71.657059][ T8439] ffff88801df94518 (&disk->open_mutex){+.+.}-{3:3}, at: del_gendisk+0x8b/0x770 [ 71.666029][ T8439] [ 71.666029][ T8439] but task is already holding lock: [ 71.673370][ T8439] ffffffff8c4893e8 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 71.683523][ T8439] [ 71.683523][ T8439] which lock already depends on the new lock. [ 71.683523][ T8439] [ 71.693916][ T8439] [ 71.693916][ T8439] the existing dependency chain (in reverse order) is: [ 71.702906][ T8439] [ 71.702906][ T8439] -> #1 (nbd_index_mutex){+.+.}-{3:3}: [ 71.710523][ T8439] __mutex_lock+0x12a/0x10a0 [ 71.715713][ T8439] nbd_open+0x7d/0x8a0 [ 71.720282][ T8439] blkdev_get_whole+0xa1/0x420 [ 71.725544][ T8439] blkdev_get_by_dev.part.0+0x30c/0xdd0 [ 71.731588][ T8439] blkdev_open+0x295/0x300 [ 71.736499][ T8439] do_dentry_open+0x4c8/0x11d0 [ 71.741764][ T8439] path_openat+0x1c23/0x27f0 [ 71.746852][ T8439] do_filp_open+0x1aa/0x400 [ 71.751853][ T8439] do_sys_openat2+0x16d/0x420 [ 71.757038][ T8439] __x64_sys_open+0x119/0x1c0 [ 71.762217][ T8439] do_syscall_64+0x35/0xb0 [ 71.767145][ T8439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.773538][ T8439] [ 71.773538][ T8439] -> #0 (&disk->open_mutex){+.+.}-{3:3}: [ 71.781327][ T8439] __lock_acquire+0x2a07/0x54a0 [ 71.786684][ T8439] lock_acquire+0x1ab/0x510 [ 71.791744][ T8439] __mutex_lock+0x12a/0x10a0 [ 71.796842][ T8439] del_gendisk+0x8b/0x770 [ 71.802093][ T8439] nbd_put.part.0+0x82/0x160 [ 71.807224][ T8439] nbd_genl_connect+0x1383/0x1820 [ 71.812750][ T8439] genl_family_rcv_msg_doit+0x228/0x320 [ 71.818799][ T8439] genl_rcv_msg+0x328/0x580 [ 71.823809][ T8439] netlink_rcv_skb+0x153/0x420 [ 71.829196][ T8439] genl_rcv+0x24/0x40 [ 71.833686][ T8439] netlink_unicast+0x533/0x7d0 [ 71.839040][ T8439] netlink_sendmsg+0x86d/0xdb0 [ 71.844357][ T8439] sock_sendmsg+0xcf/0x120 [ 71.849279][ T8439] ____sys_sendmsg+0x6e8/0x810 [ 71.854551][ T8439] ___sys_sendmsg+0xf3/0x170 [ 71.859670][ T8439] __sys_sendmsg+0xe5/0x1b0 [ 71.864676][ T8439] do_syscall_64+0x35/0xb0 [ 71.869613][ T8439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.876010][ T8439] [ 71.876010][ T8439] other info that might help us debug this: [ 71.876010][ T8439] [ 71.886212][ T8439] Possible unsafe locking scenario: [ 71.886212][ T8439] [ 71.893642][ T8439] CPU0 CPU1 [ 71.898982][ T8439] ---- ---- [ 71.904321][ T8439] lock(nbd_index_mutex); [ 71.908715][ T8439] lock(&disk->open_mutex); [ 71.915799][ T8439] lock(nbd_index_mutex); [ 71.922706][ T8439] lock(&disk->open_mutex); [ 71.927267][ T8439] [ 71.927267][ T8439] *** DEADLOCK *** [ 71.927267][ T8439] [ 71.935385][ T8439] 3 locks held by syz-executor974/8439: [ 71.940902][ T8439] #0: ffffffff8d15f910 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 71.949057][ T8439] #1: ffffffff8d15f9c8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 [ 71.957993][ T8439] #2: ffffffff8c4893e8 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 71.970148][ T8439] [ 71.970148][ T8439] stack backtrace: [ 71.976011][ T8439] CPU: 1 PID: 8439 Comm: syz-executor974 Not tainted 5.14.0-rc6-syzkaller #0 [ 71.984788][ T8439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.994906][ T8439] Call Trace: [ 71.998165][ T8439] dump_stack_lvl+0xcd/0x134 [ 72.002743][ T8439] check_noncircular+0x25f/0x2e0 [ 72.007660][ T8439] ? print_circular_bug+0x1e0/0x1e0 [ 72.012837][ T8439] ? kmem_cache_free+0x8a/0x5b0 [ 72.017668][ T8439] ? lockdep_lock+0xc6/0x200 [ 72.022237][ T8439] ? call_rcu_zapped+0xb0/0xb0 [ 72.026985][ T8439] ? __kobject_del+0xea/0x200 [ 72.031643][ T8439] __lock_acquire+0x2a07/0x54a0 [ 72.036487][ T8439] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.042450][ T8439] lock_acquire+0x1ab/0x510 [ 72.046932][ T8439] ? del_gendisk+0x8b/0x770 [ 72.051417][ T8439] ? lock_release+0x720/0x720 [ 72.056070][ T8439] ? lockdep_hardirqs_on+0x79/0x100 [ 72.061267][ T8439] __mutex_lock+0x12a/0x10a0 [ 72.065849][ T8439] ? del_gendisk+0x8b/0x770 [ 72.070334][ T8439] ? lock_downgrade+0x6e0/0x6e0 [ 72.075174][ T8439] ? del_gendisk+0x8b/0x770 [ 72.079668][ T8439] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.085888][ T8439] ? mutex_lock_io_nested+0xf00/0xf00 [ 72.091260][ T8439] ? kobj_kset_leave+0x12/0x200 [ 72.096092][ T8439] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.102316][ T8439] ? kobject_put+0xb9/0x540 [ 72.106800][ T8439] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 72.112507][ T8439] ? kfree_const+0x35/0x60 [ 72.116908][ T8439] del_gendisk+0x8b/0x770 [ 72.121220][ T8439] ? nbd_config_put+0x61b/0xa00 [ 72.126118][ T8439] nbd_put.part.0+0x82/0x160 [ 72.130687][ T8439] nbd_genl_connect+0x1383/0x1820 [ 72.135692][ T8439] ? nbd_start_device+0xd50/0xd50 [ 72.140713][ T8439] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.146935][ T8439] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 72.154290][ T8439] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 72.161554][ T8439] genl_family_rcv_msg_doit+0x228/0x320 [ 72.167082][ T8439] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 72.174439][ T8439] ? genl_op_from_small+0x23/0x3c0 [ 72.179528][ T8439] ? genl_get_cmd+0x3cf/0x480 [ 72.184187][ T8439] genl_rcv_msg+0x328/0x580 [ 72.188675][ T8439] ? genl_get_cmd+0x480/0x480 [ 72.193332][ T8439] ? nbd_start_device+0xd50/0xd50 [ 72.198337][ T8439] ? lock_release+0x720/0x720 [ 72.202992][ T8439] netlink_rcv_skb+0x153/0x420 [ 72.207740][ T8439] ? genl_get_cmd+0x480/0x480 [ 72.212396][ T8439] ? netlink_ack+0xa60/0xa60 [ 72.216969][ T8439] ? _copy_from_iter+0x12b/0x1320 [ 72.221980][ T8439] genl_rcv+0x24/0x40 [ 72.225944][ T8439] netlink_unicast+0x533/0x7d0 [ 72.230688][ T8439] ? netlink_attachskb+0x890/0x890 [ 72.235777][ T8439] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.241997][ T8439] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.248218][ T8439] ? __phys_addr_symbol+0x2c/0x70 [ 72.253235][ T8439] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 72.258932][ T8439] ? __check_object_size+0x16e/0x3f0 [ 72.264208][ T8439] netlink_sendmsg+0x86d/0xdb0 [ 72.268955][ T8439] ? netlink_unicast+0x7d0/0x7d0 [ 72.273872][ T8439] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.280093][ T8439] ? netlink_unicast+0x7d0/0x7d0 [ 72.285008][ T8439] sock_sendmsg+0xcf/0x120 [ 72.289406][ T8439] ____sys_sendmsg+0x6e8/0x810 [ 72.294178][ T8439] ? kernel_sendmsg+0x50/0x50 [ 72.298834][ T8439] ? do_recvmmsg+0x6d0/0x6d0 [ 72.303407][ T8439] ? lock_chain_count+0x20/0x20 [ 72.308241][ T8439] ? netlink_recvmsg+0x826/0xea0 [ 72.313171][ T8439] ___sys_sendmsg+0xf3/0x170 [ 72.317741][ T8439] ? sendmsg_copy_msghdr+0x160/0x160 [ 72.323024][ T8439] ? __lock_acquire+0x162f/0x54a0 [ 72.328029][ T8439] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.334000][ T8439] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.339973][ T8439] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.346200][ T8439] ? __fget_light+0x215/0x280 [ 72.350859][ T8439] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.357080][ T8439] __sys_sendmsg+0xe5/0x1b0 [ 72.361564][ T8439] ? __sys_sendmsg_sock+0x30/0x30 [ 72.366580][ T8439] ? syscall_enter_from_user_mode+0x21/0x70 [ 72.372558][ T8439] do_syscall_64+0x35/0xb0 [ 72.376985][ T8439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.382897][ T8439] RIP: 0033:0x43fa59 [ 72.386779][ T8439] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.406368][ T8439] RSP: 002b:00007fff4056ff08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 72.414759][ T8439] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fa59 [ 72.422712][ T8439] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 72.430668][ T8439] RBP: 00000000004034c0 R08: 000000000000000c R09: 00000000004004a0 [ 72.438616][ T8439] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000403550 [ 72.446572][ T8439] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0