[ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 49.183795][ T8428] md: md1 stopped. [ 49.303400][ T4860] [ 49.305745][ T4860] ====================================================== [ 49.312831][ T4860] WARNING: possible circular locking dependency detected [ 49.319835][ T4860] 5.14.0-rc5-syzkaller #0 Not tainted [ 49.325210][ T4860] ------------------------------------------------------ [ 49.332221][ T4860] kworker/0:3/4860 is trying to acquire lock: [ 49.338269][ T4860] ffff88801edd9518 (&disk->open_mutex){+.+.}-{3:3}, at: del_gendisk+0x86/0x610 [ 49.347233][ T4860] [ 49.347233][ T4860] but task is already holding lock: [ 49.354576][ T4860] ffffc9000162fd20 ((work_completion)(&mddev->del_work)){+.+.}-{0:0}, at: process_one_work+0x7e8/0x10c0 [ 49.365698][ T4860] [ 49.365698][ T4860] which lock already depends on the new lock. [ 49.365698][ T4860] [ 49.376076][ T4860] [ 49.376076][ T4860] the existing dependency chain (in reverse order) is: [ 49.385068][ T4860] [ 49.385068][ T4860] -> #4 ((work_completion)(&mddev->del_work)){+.+.}-{0:0}: [ 49.394433][ T4860] lock_acquire+0x182/0x4a0 [ 49.399443][ T4860] process_one_work+0x807/0x10c0 [ 49.404886][ T4860] worker_thread+0xac1/0x1320 [ 49.410062][ T4860] kthread+0x453/0x480 [ 49.414633][ T4860] ret_from_fork+0x1f/0x30 [ 49.419548][ T4860] [ 49.419548][ T4860] -> #3 ((wq_completion)md_misc){+.+.}-{0:0}: [ 49.427865][ T4860] lock_acquire+0x182/0x4a0 [ 49.432868][ T4860] flush_workqueue+0x178/0x1750 [ 49.438225][ T4860] md_alloc+0x24/0xc90 [ 49.442798][ T4860] blk_request_module+0x19d/0x1c0 [ 49.448333][ T4860] blkdev_get_no_open+0x44/0x1f0 [ 49.453779][ T4860] blkdev_get_by_dev+0x89/0xdc0 [ 49.459148][ T4860] blkdev_open+0x132/0x2c0 [ 49.464076][ T4860] do_dentry_open+0x7cb/0x1020 [ 49.469351][ T4860] path_openat+0x27e7/0x36b0 [ 49.474447][ T4860] do_filp_open+0x253/0x4d0 [ 49.479453][ T4860] do_sys_openat2+0x124/0x460 [ 49.484629][ T4860] __x64_sys_openat+0x243/0x290 [ 49.489982][ T4860] do_syscall_64+0x3d/0xb0 [ 49.494912][ T4860] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 49.501324][ T4860] [ 49.501324][ T4860] -> #2 (major_names_lock){+.+.}-{3:3}: [ 49.509031][ T4860] lock_acquire+0x182/0x4a0 [ 49.514036][ T4860] __mutex_lock_common+0x1ad/0x3770 [ 49.519738][ T4860] mutex_lock_nested+0x1a/0x20 [ 49.525042][ T4860] __register_blkdev+0x2c/0x360 [ 49.530394][ T4860] register_mtd_blktrans+0x94/0x3d0 [ 49.536101][ T4860] do_one_initcall+0x197/0x3f0 [ 49.541364][ T4860] do_initcall_level+0x14a/0x1f5 [ 49.546800][ T4860] do_initcalls+0x4b/0x8c [ 49.551719][ T4860] kernel_init_freeable+0x3f1/0x57e [ 49.557413][ T4860] kernel_init+0x19/0x2a0 [ 49.562239][ T4860] ret_from_fork+0x1f/0x30 [ 49.567165][ T4860] [ 49.567165][ T4860] -> #1 (mtd_table_mutex){+.+.}-{3:3}: [ 49.574794][ T4860] lock_acquire+0x182/0x4a0 [ 49.579802][ T4860] __mutex_lock_common+0x1ad/0x3770 [ 49.585589][ T4860] mutex_lock_nested+0x1a/0x20 [ 49.590861][ T4860] blktrans_open+0x61/0x430 [ 49.595868][ T4860] blkdev_get_whole+0x94/0x500 [ 49.601137][ T4860] blkdev_get_by_dev+0x339/0xdc0 [ 49.606587][ T4860] blkdev_open+0x132/0x2c0 [ 49.611502][ T4860] do_dentry_open+0x7cb/0x1020 [ 49.616766][ T4860] path_openat+0x27e7/0x36b0 [ 49.621869][ T4860] do_filp_open+0x253/0x4d0 [ 49.626869][ T4860] do_sys_openat2+0x124/0x460 [ 49.632046][ T4860] __x64_sys_open+0x221/0x270 [ 49.637218][ T4860] do_syscall_64+0x3d/0xb0 [ 49.642146][ T4860] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 49.648553][ T4860] [ 49.648553][ T4860] -> #0 (&disk->open_mutex){+.+.}-{3:3}: [ 49.656345][ T4860] check_prevs_add+0x4f9/0x5b30 [ 49.661709][ T4860] __lock_acquire+0x4476/0x6100 [ 49.667066][ T4860] lock_acquire+0x182/0x4a0 [ 49.672088][ T4860] __mutex_lock_common+0x1ad/0x3770 [ 49.677787][ T4860] mutex_lock_nested+0x1a/0x20 [ 49.683409][ T4860] del_gendisk+0x86/0x610 [ 49.688239][ T4860] md_free+0xc1/0x180 [ 49.692737][ T4860] kobject_cleanup+0x1c0/0x280 [ 49.698027][ T4860] process_one_work+0x833/0x10c0 [ 49.703473][ T4860] worker_thread+0xac1/0x1320 [ 49.708647][ T4860] kthread+0x453/0x480 [ 49.713221][ T4860] ret_from_fork+0x1f/0x30 [ 49.718137][ T4860] [ 49.718137][ T4860] other info that might help us debug this: [ 49.718137][ T4860] [ 49.728342][ T4860] Chain exists of: [ 49.728342][ T4860] &disk->open_mutex --> (wq_completion)md_misc --> (work_completion)(&mddev->del_work) [ 49.728342][ T4860] [ 49.743873][ T4860] Possible unsafe locking scenario: [ 49.743873][ T4860] [ 49.751302][ T4860] CPU0 CPU1 [ 49.756646][ T4860] ---- ---- [ 49.761987][ T4860] lock((work_completion)(&mddev->del_work)); [ 49.768120][ T4860] lock((wq_completion)md_misc); [ 49.775640][ T4860] lock((work_completion)(&mddev->del_work)); [ 49.784289][ T4860] lock(&disk->open_mutex); [ 49.788857][ T4860] [ 49.788857][ T4860] *** DEADLOCK *** [ 49.788857][ T4860] [ 49.796977][ T4860] 2 locks held by kworker/0:3/4860: [ 49.802151][ T4860] #0: ffff888142bf0938 ((wq_completion)md_misc){+.+.}-{0:0}, at: process_one_work+0x7aa/0x10c0 [ 49.812566][ T4860] #1: ffffc9000162fd20 ((work_completion)(&mddev->del_work)){+.+.}-{0:0}, at: process_one_work+0x7e8/0x10c0 [ 49.824101][ T4860] [ 49.824101][ T4860] stack backtrace: [ 49.830049][ T4860] CPU: 0 PID: 4860 Comm: kworker/0:3 Not tainted 5.14.0-rc5-syzkaller #0 [ 49.838441][ T4860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.848484][ T4860] Workqueue: md_misc mddev_delayed_delete [ 49.854193][ T4860] Call Trace: [ 49.857457][ T4860] dump_stack_lvl+0x1ae/0x29f [ 49.862115][ T4860] ? show_regs_print_info+0x12/0x12 [ 49.867290][ T4860] ? log_buf_vmcoreinfo_setup+0x498/0x498 [ 49.872991][ T4860] ? save_trace+0x5a/0x9f0 [ 49.877386][ T4860] print_circular_bug+0xb17/0xdc0 [ 49.882737][ T4860] ? hlock_conflict+0x1f0/0x1f0 [ 49.887563][ T4860] ? __bfs+0x369/0x700 [ 49.891611][ T4860] ? check_path+0x40/0x40 [ 49.895964][ T4860] ? noop_count+0x30/0x30 [ 49.900273][ T4860] ? save_trace+0x5a/0x9f0 [ 49.904669][ T4860] check_noncircular+0x2cc/0x390 [ 49.909597][ T4860] ? add_chain_block+0x850/0x850 [ 49.914511][ T4860] ? _find_first_zero_bit+0xe1/0x100 [ 49.919789][ T4860] ? _find_first_zero_bit+0xe1/0x100 [ 49.925059][ T4860] ? check_prevs_add+0x1f57/0x5b30 [ 49.930151][ T4860] check_prevs_add+0x4f9/0x5b30 [ 49.934989][ T4860] ? mark_lock+0x199/0x1eb0 [ 49.939469][ T4860] ? reacquire_held_locks+0x5f0/0x5f0 [ 49.944821][ T4860] ? __bfs+0x700/0x700 [ 49.948880][ T4860] ? reacquire_held_locks+0x5f0/0x5f0 [ 49.954232][ T4860] ? __bfs+0x700/0x700 [ 49.958282][ T4860] ? mark_lock+0x199/0x1eb0 [ 49.962768][ T4860] ? lockdep_lock+0x102/0x2c0 [ 49.967428][ T4860] ? mark_lock+0x199/0x1eb0 [ 49.972000][ T4860] ? __lock_acquire+0x44fa/0x6100 [ 49.977005][ T4860] ? __bfs+0x700/0x700 [ 49.981051][ T4860] ? __lock_acquire+0x145b/0x6100 [ 49.986057][ T4860] ? mark_lock+0x199/0x1eb0 [ 49.990538][ T4860] ? mark_lock+0x199/0x1eb0 [ 49.995020][ T4860] ? trace_lock_acquire+0x190/0x190 [ 50.000198][ T4860] ? __bfs+0x700/0x700 [ 50.004329][ T4860] ? lockdep_unlock+0x145/0x2e0 [ 50.009166][ T4860] ? mark_lock+0x199/0x1eb0 [ 50.013658][ T4860] ? mark_lock+0x199/0x1eb0 [ 50.018141][ T4860] ? lockdep_lock+0x102/0x2c0 [ 50.022798][ T4860] ? lockdep_lock+0x102/0x2c0 [ 50.027453][ T4860] ? lockdep_count_forward_deps+0x240/0x240 [ 50.033418][ T4860] ? __lock_acquire+0x44fa/0x6100 [ 50.038429][ T4860] __lock_acquire+0x4476/0x6100 [ 50.043267][ T4860] ? trace_lock_acquire+0x190/0x190 [ 50.048449][ T4860] ? rcu_lock_release+0x5/0x20 [ 50.053197][ T4860] ? rcu_read_lock_sched_held+0x87/0x110 [ 50.058819][ T4860] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 50.064795][ T4860] lock_acquire+0x182/0x4a0 [ 50.069282][ T4860] ? del_gendisk+0x86/0x610 [ 50.073768][ T4860] ? read_lock_is_recursive+0x10/0x10 [ 50.079120][ T4860] ? rcu_read_lock_sched_held+0x87/0x110 [ 50.084751][ T4860] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 50.090714][ T4860] ? __cancel_work_timer+0x419/0x690 [ 50.095977][ T4860] ? __might_sleep+0x100/0x100 [ 50.100736][ T4860] __mutex_lock_common+0x1ad/0x3770 [ 50.105925][ T4860] ? del_gendisk+0x86/0x610 [ 50.110414][ T4860] ? __lock_acquire+0x6100/0x6100 [ 50.115421][ T4860] ? disk_del_events+0xff/0x200 [ 50.120263][ T4860] ? mutex_lock_io_nested+0x60/0x60 [ 50.125448][ T4860] ? del_gendisk+0x86/0x610 [ 50.129937][ T4860] ? __mutex_unlock_slowpath+0x17b/0x5a0 [ 50.135554][ T4860] ? mutex_lock_io_nested+0x60/0x60 [ 50.140918][ T4860] ? __mutex_unlock_slowpath+0x17b/0x5a0 [ 50.146537][ T4860] ? mutex_unlock+0x10/0x10 [ 50.151036][ T4860] mutex_lock_nested+0x1a/0x20 [ 50.155786][ T4860] del_gendisk+0x86/0x610 [ 50.160099][ T4860] md_free+0xc1/0x180 [ 50.164066][ T4860] kobject_cleanup+0x1c0/0x280 [ 50.168815][ T4860] process_one_work+0x833/0x10c0 [ 50.173740][ T4860] ? worker_detach_from_pool+0x260/0x260 [ 50.179352][ T4860] ? _raw_spin_lock_irqsave+0x100/0x100 [ 50.185308][ T4860] ? kthread_data+0x4d/0xc0 [ 50.189810][ T4860] ? wq_worker_running+0x8b/0x140 [ 50.194817][ T4860] worker_thread+0xac1/0x1320 [ 50.199492][ T4860] ? __kthread_parkme+0x166/0x1c0 [ 50.204500][ T4860] kthread+0x453/0x480 [ 50.208637][ T4860] ? rcu_lock_release+0x20/0x20 [ 50.213464][ T4860] ? kthread_blkcg+0xd0/0xd0 [ 50.218033][ T4860] ret_from_fork+0x1f/0x30