Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.45' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 70.853090][ T8451] [ 70.855427][ T8451] ====================================================== [ 70.862421][ T8451] WARNING: possible circular locking dependency detected [ 70.869532][ T8451] 5.13.0-syzkaller #0 Not tainted [ 70.874558][ T8451] ------------------------------------------------------ [ 70.881595][ T8451] syz-executor359/8451 is trying to acquire lock: [ 70.888070][ T8451] ffff88801e5ced18 (&disk->open_mutex){+.+.}-{3:3}, at: del_gendisk+0x8b/0x770 [ 70.897018][ T8451] [ 70.897018][ T8451] but task is already holding lock: [ 70.904371][ T8451] ffffffff8cc7cb68 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 70.914833][ T8451] [ 70.914833][ T8451] which lock already depends on the new lock. [ 70.914833][ T8451] [ 70.925214][ T8451] [ 70.925214][ T8451] the existing dependency chain (in reverse order) is: [ 70.934250][ T8451] [ 70.934250][ T8451] -> #1 (nbd_index_mutex){+.+.}-{3:3}: [ 70.942115][ T8451] __mutex_lock+0x12a/0x10a0 [ 70.947241][ T8451] nbd_open+0x7d/0x8a0 [ 70.951836][ T8451] blkdev_get_whole+0xa1/0x420 [ 70.957127][ T8451] blkdev_get_by_dev.part.0+0x30c/0xdd0 [ 70.963198][ T8451] blkdev_open+0x295/0x300 [ 70.968228][ T8451] do_dentry_open+0x4c8/0x11c0 [ 70.973513][ T8451] path_openat+0x1c0e/0x27e0 [ 70.978622][ T8451] do_filp_open+0x190/0x3d0 [ 70.983645][ T8451] do_sys_openat2+0x16d/0x420 [ 70.988856][ T8451] __x64_sys_open+0x119/0x1c0 [ 70.994056][ T8451] do_syscall_64+0x35/0xb0 [ 70.999076][ T8451] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.005493][ T8451] [ 71.005493][ T8451] -> #0 (&disk->open_mutex){+.+.}-{3:3}: [ 71.013316][ T8451] __lock_acquire+0x2a07/0x54a0 [ 71.018709][ T8451] lock_acquire+0x1ab/0x510 [ 71.023730][ T8451] __mutex_lock+0x12a/0x10a0 [ 71.028839][ T8451] del_gendisk+0x8b/0x770 [ 71.033691][ T8451] nbd_put.part.0+0x82/0x160 [ 71.038818][ T8451] nbd_genl_connect+0x1214/0x1660 [ 71.044360][ T8451] genl_family_rcv_msg_doit+0x228/0x320 [ 71.050431][ T8451] genl_rcv_msg+0x328/0x580 [ 71.056000][ T8451] netlink_rcv_skb+0x153/0x420 [ 71.061286][ T8451] genl_rcv+0x24/0x40 [ 71.065787][ T8451] netlink_unicast+0x533/0x7d0 [ 71.071076][ T8451] netlink_sendmsg+0x85b/0xda0 [ 71.076360][ T8451] sock_sendmsg+0xcf/0x120 [ 71.081394][ T8451] ____sys_sendmsg+0x6e8/0x810 [ 71.086679][ T8451] ___sys_sendmsg+0xf3/0x170 [ 71.091800][ T8451] __sys_sendmsg+0xe5/0x1b0 [ 71.096834][ T8451] do_syscall_64+0x35/0xb0 [ 71.101767][ T8451] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.108183][ T8451] [ 71.108183][ T8451] other info that might help us debug this: [ 71.108183][ T8451] [ 71.118416][ T8451] Possible unsafe locking scenario: [ 71.118416][ T8451] [ 71.125941][ T8451] CPU0 CPU1 [ 71.131304][ T8451] ---- ---- [ 71.136662][ T8451] lock(nbd_index_mutex); [ 71.141074][ T8451] lock(&disk->open_mutex); [ 71.148183][ T8451] lock(nbd_index_mutex); [ 71.155111][ T8451] lock(&disk->open_mutex); [ 71.159693][ T8451] [ 71.159693][ T8451] *** DEADLOCK *** [ 71.159693][ T8451] [ 71.167822][ T8451] 3 locks held by syz-executor359/8451: [ 71.173359][ T8451] #0: ffffffff8d94a490 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 71.181568][ T8451] #1: ffffffff8d94a548 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 [ 71.190541][ T8451] #2: ffffffff8cc7cb68 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 71.201166][ T8451] [ 71.201166][ T8451] stack backtrace: [ 71.207040][ T8451] CPU: 1 PID: 8451 Comm: syz-executor359 Not tainted 5.13.0-syzkaller #0 [ 71.215447][ T8451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.225498][ T8451] Call Trace: [ 71.228773][ T8451] dump_stack_lvl+0xcd/0x134 [ 71.233368][ T8451] check_noncircular+0x25f/0x2e0 [ 71.238306][ T8451] ? print_circular_bug+0x1e0/0x1e0 [ 71.243529][ T8451] ? kmem_cache_free+0x8e/0x5a0 [ 71.248392][ T8451] ? lockdep_lock+0xc6/0x200 [ 71.252992][ T8451] ? call_rcu_zapped+0xb0/0xb0 [ 71.257761][ T8451] __lock_acquire+0x2a07/0x54a0 [ 71.262614][ T8451] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.268595][ T8451] ? mark_held_locks+0x9f/0xe0 [ 71.273362][ T8451] lock_acquire+0x1ab/0x510 [ 71.277874][ T8451] ? del_gendisk+0x8b/0x770 [ 71.282378][ T8451] ? lock_release+0x720/0x720 [ 71.287051][ T8451] ? lockdep_hardirqs_on+0x79/0x100 [ 71.292255][ T8451] __mutex_lock+0x12a/0x10a0 [ 71.296863][ T8451] ? del_gendisk+0x8b/0x770 [ 71.301384][ T8451] ? lock_downgrade+0x6e0/0x6e0 [ 71.306519][ T8451] ? del_gendisk+0x8b/0x770 [ 71.311025][ T8451] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 71.317269][ T8451] ? mutex_lock_io_nested+0xf00/0xf00 [ 71.322664][ T8451] ? kobj_kset_leave+0x12/0x200 [ 71.327519][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.333757][ T8451] ? kobject_put+0xb9/0x540 [ 71.338267][ T8451] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 71.343991][ T8451] ? kfree_const+0x35/0x60 [ 71.348411][ T8451] del_gendisk+0x8b/0x770 [ 71.352758][ T8451] ? nbd_config_put+0x5e8/0x8e0 [ 71.357644][ T8451] nbd_put.part.0+0x82/0x160 [ 71.362239][ T8451] nbd_genl_connect+0x1214/0x1660 [ 71.367265][ T8451] ? nbd_start_device+0xd50/0xd50 [ 71.372295][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.378546][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 71.385920][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 71.393211][ T8451] genl_family_rcv_msg_doit+0x228/0x320 [ 71.398762][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 71.406156][ T8451] ? genl_op_from_small+0x23/0x3c0 [ 71.411270][ T8451] ? genl_get_cmd+0x3cf/0x480 [ 71.415961][ T8451] genl_rcv_msg+0x328/0x580 [ 71.420470][ T8451] ? genl_get_cmd+0x480/0x480 [ 71.425147][ T8451] ? nbd_start_device+0xd50/0xd50 [ 71.430189][ T8451] ? lock_release+0x720/0x720 [ 71.434877][ T8451] netlink_rcv_skb+0x153/0x420 [ 71.439651][ T8451] ? genl_get_cmd+0x480/0x480 [ 71.444331][ T8451] ? netlink_ack+0xa60/0xa60 [ 71.448926][ T8451] genl_rcv+0x24/0x40 [ 71.452907][ T8451] netlink_unicast+0x533/0x7d0 [ 71.457762][ T8451] ? netlink_attachskb+0x890/0x890 [ 71.462878][ T8451] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 71.469206][ T8451] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 71.475451][ T8451] ? __phys_addr_symbol+0x2c/0x70 [ 71.480479][ T8451] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 71.486198][ T8451] ? __check_object_size+0x16e/0x3f0 [ 71.491488][ T8451] netlink_sendmsg+0x85b/0xda0 [ 71.496279][ T8451] ? netlink_unicast+0x7d0/0x7d0 [ 71.501228][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.507478][ T8451] ? netlink_unicast+0x7d0/0x7d0 [ 71.512419][ T8451] sock_sendmsg+0xcf/0x120 [ 71.516849][ T8451] ____sys_sendmsg+0x6e8/0x810 [ 71.521616][ T8451] ? kernel_sendmsg+0x50/0x50 [ 71.526293][ T8451] ? do_recvmmsg+0x6d0/0x6d0 [ 71.530882][ T8451] ? lock_chain_count+0x20/0x20 [ 71.535737][ T8451] ? netlink_recvmsg+0x826/0xeb0 [ 71.540765][ T8451] ___sys_sendmsg+0xf3/0x170 [ 71.545389][ T8451] ? sendmsg_copy_msghdr+0x160/0x160 [ 71.550677][ T8451] ? __lock_acquire+0x162f/0x54a0 [ 71.555707][ T8451] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.561686][ T8451] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.567757][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.574000][ T8451] ? __fget_light+0x215/0x280 [ 71.578680][ T8451] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 71.584923][ T8451] __sys_sendmsg+0xe5/0x1b0 [ 71.589451][ T8451] ? __sys_sendmsg_sock+0x30/0x30 [ 71.594488][ T8451] ? syscall_enter_from_user_mode+0x21/0x70 [ 71.600387][ T8451] do_syscall_64+0x35/0xb0 [ 71.604806][ T8451] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.610704][ T8451] RIP: 0033:0x43fa89 [ 71.614597][ T8451] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 71.634204][ T8451] RSP: 002b:00007ffed7f30168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 71.642616][ T8451] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fa89 [ 71.650691][ T8451] RDX: 0000000000000000 RSI: 0000000020001880 RDI: 0000000000000004 [ 71.658658][ T8451] RBP: 00000000004034f0 R08: 0000000000000004 R09: 00000000004004a0 [ 71.666625][ T8451] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000403580 [ 71.674599][ T8451] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 71.707082][ T8451] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 71.718816][ T8451] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 71.727252][ T8451] CPU: 1 PID: 8451 Comm: syz-executor359 Not tainted 5.13.0-syzkaller #0 [ 71.735684][ T8451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.745739][ T8451] RIP: 0010:blk_mq_run_hw_queues+0x32b/0x4a0 [ 71.751753][ T8451] Code: ea 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 8b 45 00 89 db 48 8d 1c 98 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed [ 71.771366][ T8451] RSP: 0018:ffffc9000183f3b0 EFLAGS: 00010247 [ 71.777521][ T8451] RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 71.785491][ T8451] RDX: 0000000000000000 RSI: ffffffff83be8009 RDI: ffff88801f2109d0 [ 71.793459][ T8451] RBP: ffff88801f128000 R08: 0000000000000000 R09: ffff88801f210947 [ 71.801440][ T8451] R10: ffffffff83be7e41 R11: 0000000000000000 R12: ffff88801f210000 [ 71.809410][ T8451] R13: ffff88801de65c80 R14: ffff8880205f8c08 R15: 0000000000000001 [ 71.817379][ T8451] FS: 000000000181b300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 71.826308][ T8451] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.832976][ T8451] CR2: 000055b8e2b33928 CR3: 0000000018abc000 CR4: 00000000001506e0 [ 71.840947][ T8451] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.848913][ T8451] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.856882][ T8451] Call Trace: [ 71.860165][ T8451] blk_freeze_queue_start+0xc4/0xe0 [ 71.865373][ T8451] blk_set_queue_dying+0x24/0x80 [ 71.870314][ T8451] blk_cleanup_queue+0x7b/0x1e0 [ 71.875167][ T8451] blk_cleanup_disk+0x33/0x80 [ 71.879840][ T8451] nbd_put.part.0+0x92/0x160 [ 71.884441][ T8451] nbd_genl_connect+0x1214/0x1660 [ 71.889468][ T8451] ? nbd_start_device+0xd50/0xd50 [ 71.894502][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.900832][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 71.908205][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 71.915495][ T8451] genl_family_rcv_msg_doit+0x228/0x320 [ 71.921045][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 71.928425][ T8451] ? genl_op_from_small+0x23/0x3c0 [ 71.933544][ T8451] ? genl_get_cmd+0x3cf/0x480 [ 71.938224][ T8451] genl_rcv_msg+0x328/0x580 [ 71.942731][ T8451] ? genl_get_cmd+0x480/0x480 [ 71.947428][ T8451] ? nbd_start_device+0xd50/0xd50 [ 71.952454][ T8451] ? lock_release+0x720/0x720 [ 71.957745][ T8451] netlink_rcv_skb+0x153/0x420 [ 71.962510][ T8451] ? genl_get_cmd+0x480/0x480 [ 71.967189][ T8451] ? netlink_ack+0xa60/0xa60 [ 71.971782][ T8451] genl_rcv+0x24/0x40 [ 71.975789][ T8451] netlink_unicast+0x533/0x7d0 [ 71.980565][ T8451] ? netlink_attachskb+0x890/0x890 [ 71.985770][ T8451] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 71.992029][ T8451] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 71.998284][ T8451] ? __phys_addr_symbol+0x2c/0x70 [ 72.003308][ T8451] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 72.009028][ T8451] ? __check_object_size+0x16e/0x3f0 [ 72.014311][ T8451] netlink_sendmsg+0x85b/0xda0 [ 72.019078][ T8451] ? netlink_unicast+0x7d0/0x7d0 [ 72.024016][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.030272][ T8451] ? netlink_unicast+0x7d0/0x7d0 [ 72.035209][ T8451] sock_sendmsg+0xcf/0x120 [ 72.039718][ T8451] ____sys_sendmsg+0x6e8/0x810 [ 72.044492][ T8451] ? kernel_sendmsg+0x50/0x50 [ 72.049171][ T8451] ? do_recvmmsg+0x6d0/0x6d0 [ 72.053761][ T8451] ? lock_chain_count+0x20/0x20 [ 72.058609][ T8451] ? netlink_recvmsg+0x826/0xeb0 [ 72.063550][ T8451] ___sys_sendmsg+0xf3/0x170 [ 72.068225][ T8451] ? sendmsg_copy_msghdr+0x160/0x160 [ 72.073509][ T8451] ? __lock_acquire+0x162f/0x54a0 [ 72.078543][ T8451] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.084525][ T8451] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.090508][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.096747][ T8451] ? __fget_light+0x215/0x280 [ 72.101425][ T8451] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.107668][ T8451] __sys_sendmsg+0xe5/0x1b0 [ 72.112179][ T8451] ? __sys_sendmsg_sock+0x30/0x30 [ 72.117231][ T8451] ? syscall_enter_from_user_mode+0x21/0x70 [ 72.123127][ T8451] do_syscall_64+0x35/0xb0 [ 72.127540][ T8451] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.133440][ T8451] RIP: 0033:0x43fa89 [ 72.137333][ T8451] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.157109][ T8451] RSP: 002b:00007ffed7f30168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 72.165524][ T8451] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fa89 [ 72.173493][ T8451] RDX: 0000000000000000 RSI: 0000000020001880 RDI: 0000000000000004 [ 72.181460][ T8451] RBP: 00000000004034f0 R08: 0000000000000004 R09: 00000000004004a0 [ 72.189451][ T8451] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000403580 [ 72.197421][ T8451] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 72.205398][ T8451] Modules linked in: [ 72.220546][ T8451] ---[ end trace 16974cde06353fd4 ]--- [ 72.226067][ T8451] RIP: 0010:blk_mq_run_hw_queues+0x32b/0x4a0 [ 72.232810][ T8451] Code: ea 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 8b 45 00 89 db 48 8d 1c 98 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed [ 72.261116][ T8451] RSP: 0018:ffffc9000183f3b0 EFLAGS: 00010247 [ 72.271319][ T8451] RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 72.279938][ T8451] RDX: 0000000000000000 RSI: ffffffff83be8009 RDI: ffff88801f2109d0 [ 72.288587][ T8451] RBP: ffff88801f128000 R08: 0000000000000000 R09: ffff88801f210947 [ 72.297034][ T8451] R10: ffffffff83be7e41 R11: 0000000000000000 R12: ffff88801f210000 [ 72.305228][ T8451] R13: ffff88801de65c80 R14: ffff8880205f8c08 R15: 0000000000000001 [ 72.313390][ T8451] FS: 000000000181b300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 72.322390][ T8451] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.328981][ T8451] CR2: 00007f2a93914000 CR3: 0000000018abc000 CR4: 00000000001506f0 [ 72.337034][ T8451] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.345092][ T8451] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.353303][ T8451] Kernel panic - not syncing: Fatal exception [ 72.360438][ T8451] Kernel Offset: disabled [ 72.364752][ T8451] Rebooting in 86400 seconds..