[ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.65' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.342068][ T8446] netlink: 4 bytes leftover after parsing attributes in process `syz-executor282'. [ 69.355752][ T8446] [ 69.358097][ T8446] ====================================================== [ 69.365206][ T8446] WARNING: possible circular locking dependency detected [ 69.372204][ T8446] 5.14.0-rc6-syzkaller #0 Not tainted [ 69.377832][ T8446] ------------------------------------------------------ [ 69.385010][ T8446] syz-executor282/8446 is trying to acquire lock: [ 69.391589][ T8446] ffff88801e94c518 (&disk->open_mutex){+.+.}-{3:3}, at: del_gendisk+0x8b/0x770 [ 69.400544][ T8446] [ 69.400544][ T8446] but task is already holding lock: [ 69.408172][ T8446] ffffffff8c487fa8 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 69.418427][ T8446] [ 69.418427][ T8446] which lock already depends on the new lock. [ 69.418427][ T8446] [ 69.428805][ T8446] [ 69.428805][ T8446] the existing dependency chain (in reverse order) is: [ 69.437795][ T8446] [ 69.437795][ T8446] -> #1 (nbd_index_mutex){+.+.}-{3:3}: [ 69.445441][ T8446] __mutex_lock+0x12a/0x10a0 [ 69.450615][ T8446] nbd_open+0x7d/0x8a0 [ 69.455231][ T8446] blkdev_get_whole+0xa1/0x420 [ 69.460530][ T8446] blkdev_get_by_dev.part.0+0x30c/0xdd0 [ 69.466579][ T8446] blkdev_open+0x295/0x300 [ 69.471499][ T8446] do_dentry_open+0x4c8/0x11d0 [ 69.476773][ T8446] path_openat+0x1c23/0x27f0 [ 69.481866][ T8446] do_filp_open+0x1aa/0x400 [ 69.486872][ T8446] do_sys_openat2+0x16d/0x420 [ 69.492055][ T8446] __x64_sys_open+0x119/0x1c0 [ 69.497237][ T8446] do_syscall_64+0x35/0xb0 [ 69.502520][ T8446] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 69.509018][ T8446] [ 69.509018][ T8446] -> #0 (&disk->open_mutex){+.+.}-{3:3}: [ 69.516812][ T8446] __lock_acquire+0x2a07/0x54a0 [ 69.522284][ T8446] lock_acquire+0x1ab/0x510 [ 69.527296][ T8446] __mutex_lock+0x12a/0x10a0 [ 69.532388][ T8446] del_gendisk+0x8b/0x770 [ 69.537334][ T8446] nbd_put.part.0+0x82/0x160 [ 69.542430][ T8446] nbd_genl_connect+0x1383/0x1820 [ 69.547962][ T8446] genl_family_rcv_msg_doit+0x228/0x320 [ 69.554065][ T8446] genl_rcv_msg+0x328/0x580 [ 69.559098][ T8446] netlink_rcv_skb+0x153/0x420 [ 69.564379][ T8446] genl_rcv+0x24/0x40 [ 69.568868][ T8446] netlink_unicast+0x533/0x7d0 [ 69.574153][ T8446] netlink_sendmsg+0x86d/0xdb0 [ 69.579419][ T8446] sock_sendmsg+0xcf/0x120 [ 69.584351][ T8446] ____sys_sendmsg+0x6e8/0x810 [ 69.589632][ T8446] ___sys_sendmsg+0xf3/0x170 [ 69.594819][ T8446] __sys_sendmsg+0xe5/0x1b0 [ 69.599843][ T8446] do_syscall_64+0x35/0xb0 [ 69.604766][ T8446] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 69.611179][ T8446] [ 69.611179][ T8446] other info that might help us debug this: [ 69.611179][ T8446] [ 69.621387][ T8446] Possible unsafe locking scenario: [ 69.621387][ T8446] [ 69.628824][ T8446] CPU0 CPU1 [ 69.634167][ T8446] ---- ---- [ 69.639509][ T8446] lock(nbd_index_mutex); [ 69.643902][ T8446] lock(&disk->open_mutex); [ 69.650985][ T8446] lock(nbd_index_mutex); [ 69.657989][ T8446] lock(&disk->open_mutex); [ 69.663003][ T8446] [ 69.663003][ T8446] *** DEADLOCK *** [ 69.663003][ T8446] [ 69.671839][ T8446] 3 locks held by syz-executor282/8446: [ 69.677372][ T8446] #0: ffffffff8d15f470 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 69.685551][ T8446] #1: ffffffff8d15f528 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 [ 69.694513][ T8446] #2: ffffffff8c487fa8 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 69.705112][ T8446] [ 69.705112][ T8446] stack backtrace: [ 69.710980][ T8446] CPU: 1 PID: 8446 Comm: syz-executor282 Not tainted 5.14.0-rc6-syzkaller #0 [ 69.719994][ T8446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.730125][ T8446] Call Trace: [ 69.733408][ T8446] dump_stack_lvl+0xcd/0x134 [ 69.737991][ T8446] check_noncircular+0x25f/0x2e0 [ 69.742928][ T8446] ? print_circular_bug+0x1e0/0x1e0 [ 69.748128][ T8446] ? kmem_cache_free+0x8a/0x5b0 [ 69.752975][ T8446] ? lockdep_lock+0xc6/0x200 [ 69.757557][ T8446] ? call_rcu_zapped+0xb0/0xb0 [ 69.762316][ T8446] ? __kobject_del+0xea/0x200 [ 69.767004][ T8446] __lock_acquire+0x2a07/0x54a0 [ 69.771865][ T8446] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 69.777857][ T8446] lock_acquire+0x1ab/0x510 [ 69.782371][ T8446] ? del_gendisk+0x8b/0x770 [ 69.786984][ T8446] ? lock_release+0x720/0x720 [ 69.791676][ T8446] ? lockdep_hardirqs_on+0x79/0x100 [ 69.796895][ T8446] __mutex_lock+0x12a/0x10a0 [ 69.801506][ T8446] ? del_gendisk+0x8b/0x770 [ 69.806034][ T8446] ? lock_downgrade+0x6e0/0x6e0 [ 69.810892][ T8446] ? del_gendisk+0x8b/0x770 [ 69.815517][ T8446] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 69.821774][ T8446] ? mutex_lock_io_nested+0xf00/0xf00 [ 69.827177][ T8446] ? kobj_kset_leave+0x12/0x200 [ 69.832190][ T8446] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 69.838428][ T8446] ? kobject_put+0xb9/0x540 [ 69.842936][ T8446] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 69.848821][ T8446] ? kfree_const+0x35/0x60 [ 69.853275][ T8446] del_gendisk+0x8b/0x770 [ 69.857614][ T8446] ? nbd_config_put+0x61b/0xa00 [ 69.862478][ T8446] nbd_put.part.0+0x82/0x160 [ 69.867259][ T8446] nbd_genl_connect+0x1383/0x1820 [ 69.872295][ T8446] ? nbd_start_device+0xd50/0xd50 [ 69.877451][ T8446] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 69.883691][ T8446] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 69.891218][ T8446] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 69.898504][ T8446] genl_family_rcv_msg_doit+0x228/0x320 [ 69.904038][ T8446] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 69.911399][ T8446] ? genl_op_from_small+0x23/0x3c0 [ 69.916512][ T8446] ? genl_get_cmd+0x3cf/0x480 [ 69.921432][ T8446] genl_rcv_msg+0x328/0x580 [ 69.926005][ T8446] ? genl_get_cmd+0x480/0x480 [ 69.930662][ T8446] ? nbd_start_device+0xd50/0xd50 [ 69.935670][ T8446] ? lock_release+0x720/0x720 [ 69.940416][ T8446] netlink_rcv_skb+0x153/0x420 [ 69.945256][ T8446] ? genl_get_cmd+0x480/0x480 [ 69.949915][ T8446] ? netlink_ack+0xa60/0xa60 [ 69.954504][ T8446] ? netlink_deliver_tap+0x1b1/0xc30 [ 69.959772][ T8446] ? _copy_from_iter+0x12b/0x1320 [ 69.964780][ T8446] genl_rcv+0x24/0x40 [ 69.968847][ T8446] netlink_unicast+0x533/0x7d0 [ 69.973594][ T8446] ? netlink_attachskb+0x890/0x890 [ 69.978708][ T8446] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 69.984939][ T8446] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 69.991176][ T8446] ? __phys_addr_symbol+0x2c/0x70 [ 69.996254][ T8446] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 70.001974][ T8446] ? __check_object_size+0x16e/0x3f0 [ 70.008170][ T8446] netlink_sendmsg+0x86d/0xdb0 [ 70.013030][ T8446] ? netlink_unicast+0x7d0/0x7d0 [ 70.017965][ T8446] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 70.024558][ T8446] ? netlink_unicast+0x7d0/0x7d0 [ 70.029493][ T8446] sock_sendmsg+0xcf/0x120 [ 70.034086][ T8446] ____sys_sendmsg+0x6e8/0x810 [ 70.038835][ T8446] ? kernel_sendmsg+0x50/0x50 [ 70.043500][ T8446] ? do_recvmmsg+0x6d0/0x6d0 [ 70.048077][ T8446] ? lock_chain_count+0x20/0x20 [ 70.052907][ T8446] ? netlink_recvmsg+0x826/0xea0 [ 70.057830][ T8446] ___sys_sendmsg+0xf3/0x170 [ 70.062406][ T8446] ? sendmsg_copy_msghdr+0x160/0x160 [ 70.067691][ T8446] ? __lock_acquire+0x162f/0x54a0 [ 70.072707][ T8446] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 70.078840][ T8446] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 70.085084][ T8446] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 70.091316][ T8446] ? __fget_light+0x215/0x280 [ 70.095992][ T8446] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 70.102286][ T8446] __sys_sendmsg+0xe5/0x1b0 [ 70.107050][ T8446] ? __sys_sendmsg_sock+0x30/0x30 [ 70.112087][ T8446] ? syscall_enter_from_user_mode+0x21/0x70 [ 70.117979][ T8446] do_syscall_64+0x35/0xb0 [ 70.122385][ T8446] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.128268][ T8446] RIP: 0033:0x43fa59 [ 70.132163][ T8446] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 70.151761][ T8446] RSP: 002b:00007ffc13fedf98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 70.160165][ T8446] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fa59 [ 70.168121][ T8446] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 70.176089][ T8446] RBP: 00000000004034c0 R08: 000000000000000c R09: 00000000004004a0 [ 70.184042][ T8446] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000403550 [ 70.192007][ T8446] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0