[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.62' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.974897][ T8424] [ 55.977322][ T8424] ====================================================== [ 55.984646][ T8424] WARNING: possible circular locking dependency detected [ 55.991832][ T8424] 5.14.0-rc7-syzkaller #0 Not tainted [ 55.997176][ T8424] ------------------------------------------------------ [ 56.004165][ T8424] syz-executor058/8424 is trying to acquire lock: [ 56.010549][ T8424] ffff88801e3a8518 (&disk->open_mutex){+.+.}-{3:3}, at: del_gendisk+0x8b/0x770 [ 56.019493][ T8424] [ 56.019493][ T8424] but task is already holding lock: [ 56.026833][ T8424] ffffffff8c489aa8 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 56.036980][ T8424] [ 56.036980][ T8424] which lock already depends on the new lock. [ 56.036980][ T8424] [ 56.047356][ T8424] [ 56.047356][ T8424] the existing dependency chain (in reverse order) is: [ 56.056516][ T8424] [ 56.056516][ T8424] -> #1 (nbd_index_mutex){+.+.}-{3:3}: [ 56.064129][ T8424] __mutex_lock+0x12a/0x10a0 [ 56.069231][ T8424] nbd_open+0x7d/0x8a0 [ 56.073799][ T8424] blkdev_get_whole+0xa1/0x420 [ 56.079234][ T8424] blkdev_get_by_dev.part.0+0x30c/0xdd0 [ 56.085279][ T8424] blkdev_open+0x295/0x300 [ 56.090196][ T8424] do_dentry_open+0x4c8/0x11d0 [ 56.095458][ T8424] path_openat+0x1c23/0x27f0 [ 56.100551][ T8424] do_filp_open+0x1aa/0x400 [ 56.105555][ T8424] do_sys_openat2+0x16d/0x420 [ 56.110736][ T8424] __x64_sys_open+0x119/0x1c0 [ 56.115914][ T8424] do_syscall_64+0x35/0xb0 [ 56.120831][ T8424] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.127222][ T8424] [ 56.127222][ T8424] -> #0 (&disk->open_mutex){+.+.}-{3:3}: [ 56.135013][ T8424] __lock_acquire+0x2a07/0x54a0 [ 56.140388][ T8424] lock_acquire+0x1ab/0x510 [ 56.145391][ T8424] __mutex_lock+0x12a/0x10a0 [ 56.150484][ T8424] del_gendisk+0x8b/0x770 [ 56.155319][ T8424] nbd_put.part.0+0x82/0x160 [ 56.160414][ T8424] nbd_genl_connect+0x1383/0x1820 [ 56.166123][ T8424] genl_family_rcv_msg_doit+0x228/0x320 [ 56.172195][ T8424] genl_rcv_msg+0x328/0x580 [ 56.177196][ T8424] netlink_rcv_skb+0x153/0x420 [ 56.182462][ T8424] genl_rcv+0x24/0x40 [ 56.186943][ T8424] netlink_unicast+0x533/0x7d0 [ 56.192207][ T8424] netlink_sendmsg+0x86d/0xdb0 [ 56.197470][ T8424] sock_sendmsg+0xcf/0x120 [ 56.202384][ T8424] ____sys_sendmsg+0x6e8/0x810 [ 56.207644][ T8424] ___sys_sendmsg+0xf3/0x170 [ 56.212738][ T8424] __sys_sendmsg+0xe5/0x1b0 [ 56.217737][ T8424] do_syscall_64+0x35/0xb0 [ 56.222655][ T8424] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.229136][ T8424] [ 56.229136][ T8424] other info that might help us debug this: [ 56.229136][ T8424] [ 56.239337][ T8424] Possible unsafe locking scenario: [ 56.239337][ T8424] [ 56.246757][ T8424] CPU0 CPU1 [ 56.252099][ T8424] ---- ---- [ 56.257436][ T8424] lock(nbd_index_mutex); [ 56.261828][ T8424] lock(&disk->open_mutex); [ 56.268912][ T8424] lock(nbd_index_mutex); [ 56.275825][ T8424] lock(&disk->open_mutex); [ 56.280388][ T8424] [ 56.280388][ T8424] *** DEADLOCK *** [ 56.280388][ T8424] [ 56.288502][ T8424] 3 locks held by syz-executor058/8424: [ 56.294403][ T8424] #0: ffffffff8d15ffd0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 56.302925][ T8424] #1: ffffffff8d160088 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 [ 56.312043][ T8424] #2: ffffffff8c489aa8 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 56.322642][ T8424] [ 56.322642][ T8424] stack backtrace: [ 56.328512][ T8424] CPU: 1 PID: 8424 Comm: syz-executor058 Not tainted 5.14.0-rc7-syzkaller #0 [ 56.337354][ T8424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.347393][ T8424] Call Trace: [ 56.350659][ T8424] dump_stack_lvl+0xcd/0x134 [ 56.355241][ T8424] check_noncircular+0x25f/0x2e0 [ 56.360248][ T8424] ? print_circular_bug+0x1e0/0x1e0 [ 56.365423][ T8424] ? kmem_cache_free+0x8a/0x5b0 [ 56.370252][ T8424] ? lockdep_lock+0xc6/0x200 [ 56.374824][ T8424] ? call_rcu_zapped+0xb0/0xb0 [ 56.379578][ T8424] ? __kobject_del+0xea/0x200 [ 56.384235][ T8424] __lock_acquire+0x2a07/0x54a0 [ 56.389068][ T8424] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 56.395028][ T8424] lock_acquire+0x1ab/0x510 [ 56.399512][ T8424] ? del_gendisk+0x8b/0x770 [ 56.403997][ T8424] ? lock_release+0x720/0x720 [ 56.408651][ T8424] ? lockdep_hardirqs_on+0x79/0x100 [ 56.413834][ T8424] __mutex_lock+0x12a/0x10a0 [ 56.418412][ T8424] ? del_gendisk+0x8b/0x770 [ 56.422896][ T8424] ? lock_downgrade+0x6e0/0x6e0 [ 56.427724][ T8424] ? del_gendisk+0x8b/0x770 [ 56.432207][ T8424] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 56.438430][ T8424] ? mutex_lock_io_nested+0xf00/0xf00 [ 56.443794][ T8424] ? kobj_kset_leave+0x12/0x200 [ 56.448632][ T8424] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 56.455059][ T8424] ? kobject_put+0xb9/0x540 [ 56.459941][ T8424] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 56.465643][ T8424] ? kfree_const+0x35/0x60 [ 56.470043][ T8424] del_gendisk+0x8b/0x770 [ 56.474618][ T8424] ? nbd_config_put+0x61b/0xa00 [ 56.479885][ T8424] nbd_put.part.0+0x82/0x160 [ 56.484456][ T8424] nbd_genl_connect+0x1383/0x1820 [ 56.489459][ T8424] ? nbd_start_device+0xd50/0xd50 [ 56.494465][ T8424] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 56.500686][ T8424] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 56.508303][ T8424] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 56.515579][ T8424] genl_family_rcv_msg_doit+0x228/0x320 [ 56.521107][ T8424] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 56.528460][ T8424] ? genl_op_from_small+0x23/0x3c0 [ 56.533555][ T8424] ? genl_get_cmd+0x3cf/0x480 [ 56.538214][ T8424] genl_rcv_msg+0x328/0x580 [ 56.542875][ T8424] ? genl_get_cmd+0x480/0x480 [ 56.547532][ T8424] ? nbd_start_device+0xd50/0xd50 [ 56.553276][ T8424] ? lock_release+0x720/0x720 [ 56.558550][ T8424] netlink_rcv_skb+0x153/0x420 [ 56.563325][ T8424] ? genl_get_cmd+0x480/0x480 [ 56.567984][ T8424] ? netlink_ack+0xa60/0xa60 [ 56.572553][ T8424] ? _copy_from_iter+0x12b/0x1320 [ 56.577558][ T8424] genl_rcv+0x24/0x40 [ 56.581611][ T8424] netlink_unicast+0x533/0x7d0 [ 56.586354][ T8424] ? netlink_attachskb+0x890/0x890 [ 56.591445][ T8424] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 56.597666][ T8424] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 56.603889][ T8424] ? __phys_addr_symbol+0x2c/0x70 [ 56.608894][ T8424] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 56.614589][ T8424] ? __check_object_size+0x16e/0x3f0 [ 56.619852][ T8424] netlink_sendmsg+0x86d/0xdb0 [ 56.624593][ T8424] ? netlink_unicast+0x7d0/0x7d0 [ 56.629510][ T8424] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 56.635725][ T8424] ? netlink_unicast+0x7d0/0x7d0 [ 56.641022][ T8424] sock_sendmsg+0xcf/0x120 [ 56.645792][ T8424] ____sys_sendmsg+0x6e8/0x810 [ 56.650539][ T8424] ? kernel_sendmsg+0x50/0x50 [ 56.655195][ T8424] ? do_recvmmsg+0x6d0/0x6d0 [ 56.659766][ T8424] ? lock_chain_count+0x20/0x20 [ 56.664595][ T8424] ? netlink_recvmsg+0x826/0xea0 [ 56.669516][ T8424] ___sys_sendmsg+0xf3/0x170 [ 56.674087][ T8424] ? sendmsg_copy_msghdr+0x160/0x160 [ 56.679353][ T8424] ? __lock_acquire+0x162f/0x54a0 [ 56.684380][ T8424] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 56.690342][ T8424] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 56.696325][ T8424] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 56.702571][ T8424] ? __fget_light+0x215/0x280 [ 56.707231][ T8424] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 56.713832][ T8424] __sys_sendmsg+0xe5/0x1b0 [ 56.718348][ T8424] ? __sys_sendmsg_sock+0x30/0x30 [ 56.723357][ T8424] ? syscall_enter_from_user_mode+0x21/0x70 [ 56.729268][ T8424] do_syscall_64+0x35/0xb0 [ 56.733668][ T8424] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.739543][ T8424] RIP: 0033:0x43fa89 [ 56.743448][ T8424] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 56.763064][ T8424] RSP: 002b:00007ffdecb79538 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.771565][ T8424] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 00000000