Warning: Permanently added '10.128.1.11' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 73.866086][ T8453] netlink: 4 bytes leftover after parsing attributes in process `syz-executor513'. [ 73.876126][ T8453] netlink: 4 bytes leftover after parsing attributes in process `syz-executor513'. [ 73.886545][ T8453] nbd: socks must be embedded in a SOCK_ITEM attr [ 73.901779][ T8453] [ 73.904248][ T8453] ====================================================== [ 73.911443][ T8453] WARNING: possible circular locking dependency detected [ 73.918435][ T8453] 5.13.0-syzkaller #0 Not tainted [ 73.923475][ T8453] ------------------------------------------------------ [ 73.930465][ T8453] syz-executor513/8453 is trying to acquire lock: [ 73.936852][ T8453] ffff88801e720d18 (&disk->open_mutex){+.+.}-{3:3}, at: del_gendisk+0x8b/0x770 [ 73.945828][ T8453] [ 73.945828][ T8453] but task is already holding lock: [ 73.953185][ T8453] ffffffff8cc7cb68 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 73.963465][ T8453] [ 73.963465][ T8453] which lock already depends on the new lock. [ 73.963465][ T8453] [ 73.973845][ T8453] [ 73.973845][ T8453] the existing dependency chain (in reverse order) is: [ 73.982835][ T8453] [ 73.982835][ T8453] -> #1 (nbd_index_mutex){+.+.}-{3:3}: [ 73.990457][ T8453] __mutex_lock+0x12a/0x10a0 [ 73.995593][ T8453] nbd_open+0x7d/0x8a0 [ 74.000164][ T8453] blkdev_get_whole+0xa1/0x420 [ 74.005428][ T8453] blkdev_get_by_dev.part.0+0x30c/0xdd0 [ 74.011564][ T8453] blkdev_open+0x295/0x300 [ 74.016480][ T8453] do_dentry_open+0x4c8/0x11c0 [ 74.021742][ T8453] path_openat+0x1c0e/0x27e0 [ 74.026934][ T8453] do_filp_open+0x190/0x3d0 [ 74.031935][ T8453] do_sys_openat2+0x16d/0x420 [ 74.037113][ T8453] __x64_sys_open+0x119/0x1c0 [ 74.042302][ T8453] do_syscall_64+0x35/0xb0 [ 74.047219][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.053614][ T8453] [ 74.053614][ T8453] -> #0 (&disk->open_mutex){+.+.}-{3:3}: [ 74.061412][ T8453] __lock_acquire+0x2a07/0x54a0 [ 74.066763][ T8453] lock_acquire+0x1ab/0x510 [ 74.071762][ T8453] __mutex_lock+0x12a/0x10a0 [ 74.076855][ T8453] del_gendisk+0x8b/0x770 [ 74.081691][ T8453] nbd_put.part.0+0x82/0x160 [ 74.086786][ T8453] nbd_genl_connect+0x1214/0x1660 [ 74.092333][ T8453] genl_family_rcv_msg_doit+0x228/0x320 [ 74.098657][ T8453] genl_rcv_msg+0x328/0x580 [ 74.103666][ T8453] netlink_rcv_skb+0x153/0x420 [ 74.108947][ T8453] genl_rcv+0x24/0x40 [ 74.113433][ T8453] netlink_unicast+0x533/0x7d0 [ 74.118697][ T8453] netlink_sendmsg+0x85b/0xda0 [ 74.123976][ T8453] sock_sendmsg+0xcf/0x120 [ 74.128902][ T8453] ____sys_sendmsg+0x6e8/0x810 [ 74.134186][ T8453] ___sys_sendmsg+0xf3/0x170 [ 74.139278][ T8453] __sys_sendmsg+0xe5/0x1b0 [ 74.144277][ T8453] do_syscall_64+0x35/0xb0 [ 74.149192][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.155602][ T8453] [ 74.155602][ T8453] other info that might help us debug this: [ 74.155602][ T8453] [ 74.165815][ T8453] Possible unsafe locking scenario: [ 74.165815][ T8453] [ 74.173239][ T8453] CPU0 CPU1 [ 74.178595][ T8453] ---- ---- [ 74.183947][ T8453] lock(nbd_index_mutex); [ 74.188345][ T8453] lock(&disk->open_mutex); [ 74.195430][ T8453] lock(nbd_index_mutex); [ 74.202345][ T8453] lock(&disk->open_mutex); [ 74.206917][ T8453] [ 74.206917][ T8453] *** DEADLOCK *** [ 74.206917][ T8453] [ 74.215045][ T8453] 3 locks held by syz-executor513/8453: [ 74.220564][ T8453] #0: ffffffff8d94a490 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 74.228727][ T8453] #1: ffffffff8d94a548 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 [ 74.237677][ T8453] #2: ffffffff8cc7cb68 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 74.248277][ T8453] [ 74.248277][ T8453] stack backtrace: [ 74.254142][ T8453] CPU: 0 PID: 8453 Comm: syz-executor513 Not tainted 5.13.0-syzkaller #0 [ 74.262533][ T8453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.272576][ T8453] Call Trace: [ 74.275846][ T8453] dump_stack_lvl+0xcd/0x134 [ 74.280469][ T8453] check_noncircular+0x25f/0x2e0 [ 74.285395][ T8453] ? print_circular_bug+0x1e0/0x1e0 [ 74.290673][ T8453] ? kmem_cache_free+0x8e/0x5a0 [ 74.295528][ T8453] ? lockdep_lock+0xc6/0x200 [ 74.300115][ T8453] ? call_rcu_zapped+0xb0/0xb0 [ 74.304870][ T8453] __lock_acquire+0x2a07/0x54a0 [ 74.309709][ T8453] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 74.315684][ T8453] ? mark_held_locks+0x9f/0xe0 [ 74.320430][ T8453] lock_acquire+0x1ab/0x510 [ 74.324912][ T8453] ? del_gendisk+0x8b/0x770 [ 74.329398][ T8453] ? lock_release+0x720/0x720 [ 74.334188][ T8453] ? lockdep_hardirqs_on+0x79/0x100 [ 74.339383][ T8453] __mutex_lock+0x12a/0x10a0 [ 74.343955][ T8453] ? del_gendisk+0x8b/0x770 [ 74.348437][ T8453] ? lock_downgrade+0x6e0/0x6e0 [ 74.353266][ T8453] ? del_gendisk+0x8b/0x770 [ 74.357762][ T8453] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 74.363985][ T8453] ? mutex_lock_io_nested+0xf00/0xf00 [ 74.369335][ T8453] ? kobj_kset_leave+0x12/0x200 [ 74.374167][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.380386][ T8453] ? kobject_put+0xb9/0x540 [ 74.384872][ T8453] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 74.390582][ T8453] ? kfree_const+0x35/0x60 [ 74.394978][ T8453] del_gendisk+0x8b/0x770 [ 74.399291][ T8453] ? nbd_config_put+0x5e8/0x8e0 [ 74.404329][ T8453] nbd_put.part.0+0x82/0x160 [ 74.408927][ T8453] nbd_genl_connect+0x1214/0x1660 [ 74.413944][ T8453] ? nbd_start_device+0xd50/0xd50 [ 74.418956][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.425290][ T8453] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 74.432662][ T8453] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 74.439955][ T8453] genl_family_rcv_msg_doit+0x228/0x320 [ 74.445490][ T8453] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 74.452863][ T8453] ? genl_op_from_small+0x23/0x3c0 [ 74.457955][ T8453] ? genl_get_cmd+0x3cf/0x480 [ 74.462614][ T8453] genl_rcv_msg+0x328/0x580 [ 74.467119][ T8453] ? genl_get_cmd+0x480/0x480 [ 74.471778][ T8453] ? nbd_start_device+0xd50/0xd50 [ 74.476870][ T8453] ? lock_release+0x720/0x720 [ 74.481525][ T8453] netlink_rcv_skb+0x153/0x420 [ 74.486361][ T8453] ? genl_get_cmd+0x480/0x480 [ 74.491035][ T8453] ? netlink_ack+0xa60/0xa60 [ 74.495610][ T8453] genl_rcv+0x24/0x40 [ 74.499604][ T8453] netlink_unicast+0x533/0x7d0 [ 74.504353][ T8453] ? netlink_attachskb+0x890/0x890 [ 74.509443][ T8453] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 74.515663][ T8453] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 74.521884][ T8453] ? __phys_addr_symbol+0x2c/0x70 [ 74.526887][ T8453] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 74.532599][ T8453] ? __check_object_size+0x16e/0x3f0 [ 74.537874][ T8453] netlink_sendmsg+0x85b/0xda0 [ 74.542618][ T8453] ? netlink_unicast+0x7d0/0x7d0 [ 74.547547][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.553775][ T8453] ? netlink_unicast+0x7d0/0x7d0 [ 74.558705][ T8453] sock_sendmsg+0xcf/0x120 [ 74.563118][ T8453] ____sys_sendmsg+0x6e8/0x810 [ 74.567952][ T8453] ? kernel_sendmsg+0x50/0x50 [ 74.572608][ T8453] ? do_recvmmsg+0x6d0/0x6d0 [ 74.577263][ T8453] ? lock_chain_count+0x20/0x20 [ 74.582092][ T8453] ? netlink_recvmsg+0x826/0xeb0 [ 74.587022][ T8453] ___sys_sendmsg+0xf3/0x170 [ 74.591592][ T8453] ? sendmsg_copy_msghdr+0x160/0x160 [ 74.596857][ T8453] ? __lock_acquire+0x162f/0x54a0 [ 74.601862][ T8453] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 74.607831][ T8453] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 74.613789][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.620028][ T8453] ? __fget_light+0x215/0x280 [ 74.624709][ T8453] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 74.630932][ T8453] __sys_sendmsg+0xe5/0x1b0 [ 74.635419][ T8453] ? __sys_sendmsg_sock+0x30/0x30 [ 74.640422][ T8453] ? syscall_enter_from_user_mode+0x21/0x70 [ 74.646298][ T8453] do_syscall_64+0x35/0xb0 [ 74.650696][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.656590][ T8453] RIP: 0033:0x43fa29 [ 74.660476][ T8453] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 74.680062][ T8453] RSP: 002b:00007ffd1188b228 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.688453][ T8453] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fa29 [ 74.696401][ T8453] RDX: 0000000000000000 RSI: 0000000020000b40 RDI: 0000000000000003 [ 74.704366][ T8453] RBP: 0000000000403490 R08: 0000000000000000 R09: 00000000004004a0 [ 74.712329][ T8453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403520 [ 74.720278][ T8453] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 74.733888][ T8453] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 74.745635][ T8453] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 74.754036][ T8453] CPU: 1 PID: 8453 Comm: syz-executor513 Not tainted 5.13.0-syzkaller #0 [ 74.762453][ T8453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.772494][ T8453] RIP: 0010:blk_mq_run_hw_queues+0x32b/0x4a0 [ 74.778563][ T8453] Code: ea 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 8b 45 00 89 db 48 8d 1c 98 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed [ 74.799397][ T8453] RSP: 0018:ffffc9000371f3b0 EFLAGS: 00010247 [ 74.805482][ T8453] RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 74.813446][ T8453] RDX: 0000000000000000 RSI: ffffffff83be8009 RDI: ffff8881462b5160 [ 74.821578][ T8453] RBP: ffff88801ec48000 R08: 0000000000000000 R09: ffff8881462b50d7 [ 74.829534][ T8453] R10: ffffffff83be7e41 R11: 0000000000000000 R12: ffff8881462b4790 [ 74.837491][ T8453] R13: ffff888018a9e5c8 R14: ffff88802ccbbe08 R15: 0000000000000001 [ 74.845464][ T8453] FS: 0000000000c13300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 74.854381][ T8453] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.860953][ T8453] CR2: 00007fa8d33a0008 CR3: 0000000035bf0000 CR4: 00000000001506e0 [ 74.868928][ T8453] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.876889][ T8453] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.884861][ T8453] Call Trace: [ 74.888132][ T8453] blk_freeze_queue_start+0xc4/0xe0 [ 74.893328][ T8453] blk_set_queue_dying+0x24/0x80 [ 74.898259][ T8453] blk_cleanup_queue+0x7b/0x1e0 [ 74.903103][ T8453] blk_cleanup_disk+0x33/0x80 [ 74.907855][ T8453] nbd_put.part.0+0x92/0x160 [ 74.912435][ T8453] nbd_genl_connect+0x1214/0x1660 [ 74.917448][ T8453] ? nbd_start_device+0xd50/0xd50 [ 74.922463][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.928704][ T8453] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 74.936154][ T8453] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 74.943437][ T8453] genl_family_rcv_msg_doit+0x228/0x320 [ 74.948975][ T8453] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 74.956444][ T8453] ? genl_op_from_small+0x23/0x3c0 [ 74.961558][ T8453] ? genl_get_cmd+0x3cf/0x480 [ 74.966225][ T8453] genl_rcv_msg+0x328/0x580 [ 74.970724][ T8453] ? genl_get_cmd+0x480/0x480 [ 74.975398][ T8453] ? nbd_start_device+0xd50/0xd50 [ 74.980412][ T8453] ? lock_release+0x720/0x720 [ 74.985169][ T8453] netlink_rcv_skb+0x153/0x420 [ 74.990012][ T8453] ? genl_get_cmd+0x480/0x480 [ 74.994684][ T8453] ? netlink_ack+0xa60/0xa60 [ 74.999279][ T8453] genl_rcv+0x24/0x40 [ 75.003266][ T8453] netlink_unicast+0x533/0x7d0 [ 75.008108][ T8453] ? netlink_attachskb+0x890/0x890 [ 75.013208][ T8453] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 75.019440][ T8453] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 75.025673][ T8453] ? __phys_addr_symbol+0x2c/0x70 [ 75.030698][ T8453] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 75.036409][ T8453] ? __check_object_size+0x16e/0x3f0 [ 75.041689][ T8453] netlink_sendmsg+0x85b/0xda0 [ 75.046449][ T8453] ? netlink_unicast+0x7d0/0x7d0 [ 75.051378][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.057613][ T8453] ? netlink_unicast+0x7d0/0x7d0 [ 75.062541][ T8453] sock_sendmsg+0xcf/0x120 [ 75.066952][ T8453] ____sys_sendmsg+0x6e8/0x810 [ 75.071708][ T8453] ? kernel_sendmsg+0x50/0x50 [ 75.076463][ T8453] ? do_recvmmsg+0x6d0/0x6d0 [ 75.081043][ T8453] ? lock_chain_count+0x20/0x20 [ 75.086147][ T8453] ? netlink_recvmsg+0x826/0xeb0 [ 75.091074][ T8453] ___sys_sendmsg+0xf3/0x170 [ 75.095654][ T8453] ? sendmsg_copy_msghdr+0x160/0x160 [ 75.100928][ T8453] ? __lock_acquire+0x162f/0x54a0 [ 75.106398][ T8453] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 75.112388][ T8453] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 75.118380][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.124615][ T8453] ? __fget_light+0x215/0x280 [ 75.129286][ T8453] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 75.135557][ T8453] __sys_sendmsg+0xe5/0x1b0 [ 75.140057][ T8453] ? __sys_sendmsg_sock+0x30/0x30 [ 75.145075][ T8453] ? syscall_enter_from_user_mode+0x21/0x70 [ 75.151079][ T8453] do_syscall_64+0x35/0xb0 [ 75.155500][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 75.161406][ T8453] RIP: 0033:0x43fa29 [ 75.165297][ T8453] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 75.184893][ T8453] RSP: 002b:00007ffd1188b228 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 75.193296][ T8453] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fa29 [ 75.201278][ T8453] RDX: 0000000000000000 RSI: 0000000020000b40 RDI: 0000000000000003 [ 75.209240][ T8453] RBP: 0000000000403490 R08: 0000000000000000 R09: 00000000004004a0 [ 75.217198][ T8453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403520 [ 75.225156][ T8453] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 75.233122][ T8453] Modules linked in: [ 75.246625][ T8453] ---[ end trace c74b370b5f606167 ]--- [ 75.252335][ T8453] RIP: 0010:blk_mq_run_hw_queues+0x32b/0x4a0 [ 75.258350][ T8453] Code: ea 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 8b 45 00 89 db 48 8d 1c 98 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed [ 75.283374][ T8453] RSP: 0018:ffffc9000371f3b0 EFLAGS: 00010247 [ 75.290113][ T8453] RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 75.298637][ T8453] RDX: 0000000000000000 RSI: ffffffff83be8009 RDI: ffff8881462b5160 [ 75.307786][ T8453] RBP: ffff88801ec48000 R08: 0000000000000000 R09: ffff8881462b50d7 [ 75.316128][ T8453] R10: ffffffff83be7e41 R11: 0000000000000000 R12: ffff8881462b4790 [ 75.324365][ T8453] R13: ffff888018a9e5c8 R14: ffff88802ccbbe08 R15: 0000000000000001 [ 75.332767][ T8453] FS: 0000000000c13300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 75.342003][ T8453] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.348595][ T8453] CR2: 00007f6a303b2740 CR3: 0000000035bf0000 CR4: 00000000001506e0 [ 75.356821][ T8453] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.364961][ T8453] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.373041][ T8453] Kernel panic - not syncing: Fatal exception [ 75.380608][ T8453] Kernel Offset: disabled [ 75.384926][ T8453] Rebooting in 86400 seconds..