[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.015539] [ 35.017232] ====================================================== [ 35.023528] WARNING: possible circular locking dependency detected [ 35.029840] 4.14.176-syzkaller #0 Not tainted [ 35.034324] ------------------------------------------------------ [ 35.040684] syz-executor670/6330 is trying to acquire lock: [ 35.046373] (&bdev->bd_mutex){+.+.}, at: [] blkdev_reread_part+0x1b/0x40 [ 35.055055] [ 35.055055] but task is already holding lock: [ 35.061017] (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x11f/0xa30 [ 35.069193] [ 35.069193] which lock already depends on the new lock. [ 35.069193] [ 35.077499] [ 35.077499] the existing dependency chain (in reverse order) is: [ 35.085162] [ 35.085162] -> #2 (&nbd->config_lock){+.+.}: [ 35.091058] __mutex_lock+0xe8/0x1470 [ 35.095416] nbd_open+0x1bf/0x380 [ 35.099382] __blkdev_get+0x2a6/0x10d0 [ 35.103780] blkdev_get+0x84/0x8a0 [ 35.107841] blkdev_open+0x1cc/0x250 [ 35.112192] do_dentry_open+0x732/0xe90 [ 35.116668] vfs_open+0x105/0x220 [ 35.120694] path_openat+0x8ca/0x3c50 [ 35.125004] do_filp_open+0x18e/0x250 [ 35.129324] do_sys_open+0x29d/0x3f0 [ 35.133542] do_syscall_64+0x1d5/0x640 [ 35.137948] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.143642] [ 35.143642] -> #1 (nbd_index_mutex){+.+.}: [ 35.149416] __mutex_lock+0xe8/0x1470 [ 35.153730] nbd_open+0x24/0x380 [ 35.157633] __blkdev_get+0x2a6/0x10d0 [ 35.162033] blkdev_get+0x84/0x8a0 [ 35.166078] blkdev_open+0x1cc/0x250 [ 35.170304] do_dentry_open+0x732/0xe90 [ 35.174789] vfs_open+0x105/0x220 [ 35.178861] path_openat+0x8ca/0x3c50 [ 35.183166] do_filp_open+0x18e/0x250 [ 35.187470] do_sys_open+0x29d/0x3f0 [ 35.191686] do_syscall_64+0x1d5/0x640 [ 35.196199] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.201907] [ 35.201907] -> #0 (&bdev->bd_mutex){+.+.}: [ 35.207622] lock_acquire+0x170/0x3f0 [ 35.211927] __mutex_lock+0xe8/0x1470 [ 35.216355] blkdev_reread_part+0x1b/0x40 [ 35.221029] nbd_ioctl+0x79d/0xa30 [ 35.225082] blkdev_ioctl+0x91d/0x17d0 [ 35.229487] block_ioctl+0xd9/0x120 [ 35.233712] do_vfs_ioctl+0x75a/0xfe0 [ 35.238096] SyS_ioctl+0x7f/0xb0 [ 35.241975] do_syscall_64+0x1d5/0x640 [ 35.246411] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.252097] [ 35.252097] other info that might help us debug this: [ 35.252097] [ 35.260212] Chain exists of: [ 35.260212] &bdev->bd_mutex --> nbd_index_mutex --> &nbd->config_lock [ 35.260212] [ 35.271298] Possible unsafe locking scenario: [ 35.271298] [ 35.277334] CPU0 CPU1 [ 35.282038] ---- ---- [ 35.286819] lock(&nbd->config_lock); [ 35.290705] lock(nbd_index_mutex); [ 35.296925] lock(&nbd->config_lock); [ 35.303319] lock(&bdev->bd_mutex); [ 35.307126] [ 35.307126] *** DEADLOCK *** [ 35.307126] [ 35.313175] 1 lock held by syz-executor670/6330: [ 35.317942] #0: (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x11f/0xa30 [ 35.326440] [ 35.326440] stack backtrace: [ 35.330929] CPU: 1 PID: 6330 Comm: syz-executor670 Not tainted 4.14.176-syzkaller #0 [ 35.338795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.348137] Call Trace: [ 35.350714] dump_stack+0x13e/0x194 [ 35.354340] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 35.359683] __lock_acquire+0x2cb3/0x4620 [ 35.363813] ? trace_hardirqs_on+0x10/0x10 [ 35.368029] ? save_trace+0x290/0x290 [ 35.371810] lock_acquire+0x170/0x3f0 [ 35.375592] ? blkdev_reread_part+0x1b/0x40 [ 35.379888] ? blkdev_reread_part+0x1b/0x40 [ 35.384272] __mutex_lock+0xe8/0x1470 [ 35.388055] ? blkdev_reread_part+0x1b/0x40 [ 35.392357] ? blkdev_reread_part+0x1b/0x40 [ 35.396681] ? save_trace+0x290/0x290 [ 35.400470] ? mutex_trylock+0x1a0/0x1a0 [ 35.404510] ? find_held_lock+0x2d/0x110 [ 35.408548] ? nbd_ioctl+0x782/0xa30 [ 35.412261] ? lock_downgrade+0x6e0/0x6e0 [ 35.416452] ? blkdev_reread_part+0x1b/0x40 [ 35.420772] blkdev_reread_part+0x1b/0x40 [ 35.424967] nbd_ioctl+0x79d/0xa30 [ 35.428518] ? save_stack+0x32/0xa0 [ 35.432144] ? kasan_slab_free+0x75/0xc0 [ 35.436209] ? kmem_cache_free+0x7c/0x2b0 [ 35.440349] ? putname+0xcd/0x110 [ 35.443794] ? nbd_add_socket+0x5c0/0x5c0 [ 35.447942] ? find_held_lock+0x2d/0x110 [ 35.452005] ? debug_check_no_obj_freed+0x28e/0x6e4 [ 35.457020] ? nbd_add_socket+0x5c0/0x5c0 [ 35.461158] blkdev_ioctl+0x91d/0x17d0 [ 35.465102] ? blkpg_ioctl+0x8e0/0x8e0 [ 35.468970] block_ioctl+0xd9/0x120 [ 35.472622] ? blkdev_fallocate+0x3a0/0x3a0 [ 35.476972] do_vfs_ioctl+0x75a/0xfe0 [ 35.480772] ? selinux_file_mprotect+0x5c0/0x5c0 [ 35.485526] ? ioctl_preallocate+0x1a0/0x1a0 [ 35.490044] ? rcu_read_lock_sched_held+0x10a/0x130 [ 35.495317] ? kmem_cache_free+0x23a/0x2b0 [ 35.499666] ? putname+0xcd/0x110 [ 35.503122] ? security_file_ioctl+0x76/0xb0 [ 35.507654] ? security_file_ioctl+0x83/0xb0 [ 35.512073] SyS_ioctl+0x7f/0xb0 [ 35.515581] ? do_vfs_ioctl+0xfe0/0xfe0 [ 35.519542] do_syscall_64+0x1d5/0x640 [ 35.523461] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.528706] RIP: 0033:0x443df9 [ 35.532073] RSP: 002b:00007fff57875238 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 35.539870] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443df9 [ 35.547292] RDX: 0000000000000000 RSI: 000000000000ab04 RDI: 0000000000000003 [ 35.554556] RBP: 00000000006ce018 R08: 0000000000000000 R09: 00000000004002e0 [ 35.561821] R10: 000000000000000f R11: 0000000000000246 R12: 0000000