[ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.099153] [ 27.100785] ====================================================== [ 27.107069] WARNING: possible circular locking dependency detected [ 27.113357] 4.14.302-syzkaller #0 Not tainted [ 27.117817] ------------------------------------------------------ [ 27.124101] syz-executor397/7973 is trying to acquire lock: [ 27.129777] (&bdev->bd_mutex){+.+.}, at: [] blkdev_reread_part+0x1b/0x40 [ 27.138248] [ 27.138248] but task is already holding lock: [ 27.144184] (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x11f/0xad0 [ 27.152214] [ 27.152214] which lock already depends on the new lock. [ 27.152214] [ 27.160498] [ 27.160498] the existing dependency chain (in reverse order) is: [ 27.168084] [ 27.168084] -> #2 (&nbd->config_lock){+.+.}: [ 27.173958] __mutex_lock+0xc4/0x1310 [ 27.178252] nbd_open+0x1ac/0x370 [ 27.182209] __blkdev_get+0x306/0x1090 [ 27.186592] blkdev_get+0x88/0x890 [ 27.190647] blkdev_open+0x1cc/0x250 [ 27.194859] do_dentry_open+0x44b/0xec0 [ 27.199328] vfs_open+0x105/0x220 [ 27.203278] path_openat+0x628/0x2970 [ 27.207572] do_filp_open+0x179/0x3c0 [ 27.211864] do_sys_open+0x296/0x410 [ 27.216067] do_syscall_64+0x1d5/0x640 [ 27.220447] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.226129] [ 27.226129] -> #1 (nbd_index_mutex){+.+.}: [ 27.231825] __mutex_lock+0xc4/0x1310 [ 27.236221] nbd_open+0x1e/0x370 [ 27.240082] __blkdev_get+0x306/0x1090 [ 27.244458] blkdev_get+0x88/0x890 [ 27.248488] blkdev_open+0x1cc/0x250 [ 27.252692] do_dentry_open+0x44b/0xec0 [ 27.257156] vfs_open+0x105/0x220 [ 27.261104] path_openat+0x628/0x2970 [ 27.265395] do_filp_open+0x179/0x3c0 [ 27.269687] do_sys_open+0x296/0x410 [ 27.273891] do_syscall_64+0x1d5/0x640 [ 27.278268] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.283944] [ 27.283944] -> #0 (&bdev->bd_mutex){+.+.}: [ 27.289637] lock_acquire+0x170/0x3f0 [ 27.293929] __mutex_lock+0xc4/0x1310 [ 27.298222] blkdev_reread_part+0x1b/0x40 [ 27.302860] nbd_ioctl+0x802/0xad0 [ 27.306889] blkdev_ioctl+0x540/0x1830 [ 27.311267] block_ioctl+0xd9/0x120 [ 27.315383] do_vfs_ioctl+0x75a/0xff0 [ 27.319674] SyS_ioctl+0x7f/0xb0 [ 27.323531] do_syscall_64+0x1d5/0x640 [ 27.327907] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.333585] [ 27.333585] other info that might help us debug this: [ 27.333585] [ 27.341692] Chain exists of: [ 27.341692] &bdev->bd_mutex --> nbd_index_mutex --> &nbd->config_lock [ 27.341692] [ 27.352758] Possible unsafe locking scenario: [ 27.352758] [ 27.358783] CPU0 CPU1 [ 27.363415] ---- ---- [ 27.368049] lock(&nbd->config_lock); [ 27.371905] lock(nbd_index_mutex); [ 27.378102] lock(&nbd->config_lock); [ 27.384473] lock(&bdev->bd_mutex); [ 27.388153] [ 27.388153] *** DEADLOCK *** [ 27.388153] [ 27.394178] 1 lock held by syz-executor397/7973: [ 27.398898] #0: (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x11f/0xad0 [ 27.407360] [ 27.407360] stack backtrace: [ 27.411824] CPU: 1 PID: 7973 Comm: syz-executor397 Not tainted 4.14.302-syzkaller #0 [ 27.419671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.429001] Call Trace: [ 27.431573] dump_stack+0x1b2/0x281 [ 27.435184] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 27.440960] __lock_acquire+0x2e0e/0x3f20 [ 27.445087] ? trace_hardirqs_on+0x10/0x10 [ 27.449294] ? add_lock_to_list.constprop.0+0x17d/0x330 [ 27.454627] ? save_trace+0xd6/0x290 [ 27.458317] lock_acquire+0x170/0x3f0 [ 27.462094] ? blkdev_reread_part+0x1b/0x40 [ 27.466393] ? blkdev_reread_part+0x1b/0x40 [ 27.470684] __mutex_lock+0xc4/0x1310 [ 27.474467] ? blkdev_reread_part+0x1b/0x40 [ 27.478764] ? __get_super.part.0+0xbb/0x390 [ 27.483153] ? blkdev_reread_part+0x1b/0x40 [ 27.487462] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 27.492907] ? lock_downgrade+0x740/0x740 [ 27.497037] ? nbd_ioctl+0x7e7/0xad0 [ 27.500727] ? lock_downgrade+0x740/0x740 [ 27.504858] blkdev_reread_part+0x1b/0x40 [ 27.508979] nbd_ioctl+0x802/0xad0 [ 27.512491] ? __lock_acquire+0x5fc/0x3f20 [ 27.516703] ? nbd_disconnect_and_put+0x140/0x140 [ 27.521522] ? __lock_acquire+0x5fc/0x3f20 [ 27.525731] ? nbd_disconnect_and_put+0x140/0x140 [ 27.530547] blkdev_ioctl+0x540/0x1830 [ 27.534420] ? blkpg_ioctl+0x8d0/0x8d0 [ 27.538300] ? trace_hardirqs_on+0x10/0x10 [ 27.542624] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 27.548048] ? dentry_free+0xc6/0x120 [ 27.551822] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 27.556810] ? kmem_cache_free+0x23a/0x2b0 [ 27.561015] block_ioctl+0xd9/0x120 [ 27.564615] ? blkdev_fallocate+0x3a0/0x3a0 [ 27.568907] do_vfs_ioctl+0x75a/0xff0 [ 27.572680] ? ioctl_preallocate+0x1a0/0x1a0 [ 27.577059] ? lock_downgrade+0x740/0x740 [ 27.581182] ? _raw_spin_unlock_irq+0x24/0x80 [ 27.585648] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 27.590637] ? _raw_spin_unlock_irq+0x5a/0x80 [ 27.595102] ? task_work_run+0xfd/0x190 [ 27.599045] ? security