Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.102' (ECDSA) to the list of known hosts. syzkaller login: [ 77.579871][ T8449] [ 77.582535][ T8449] ====================================================== [ 77.589873][ T8449] WARNING: possible circular locking dependency detected [ 77.596983][ T8449] 5.13.0-rc5-syzkaller #0 Not tainted [ 77.602632][ T8449] ------------------------------------------------------ [ 77.609799][ T8449] syz-executor369/8449 is trying to acquire lock: [ 77.616226][ T8449] ffff88801ad0a320 (&bdev->bd_mutex){+.+.}-{3:3}, at: del_gendisk+0x24b/0xa00 [ 77.625366][ T8449] [ 77.625366][ T8449] but task is already holding lock: [ 77.632827][ T8449] ffffffff8ca6dc88 (loop_ctl_mutex){+.+.}-{3:3}, at: loop_control_ioctl+0x7b/0x4f0 [ 77.642408][ T8449] [ 77.642408][ T8449] which lock already depends on the new lock. [ 77.642408][ T8449] [ 77.653654][ T8449] [ 77.653654][ T8449] the existing dependency chain (in reverse order) is: [ 77.662751][ T8449] [ 77.662751][ T8449] -> #1 (loop_ctl_mutex){+.+.}-{3:3}: [ 77.670426][ T8449] __mutex_lock+0x139/0x10c0 [ 77.675726][ T8449] lo_open+0x1a/0x130 [ 77.680422][ T8449] __blkdev_get+0x182/0xa30 [ 77.685485][ T8449] blkdev_get_by_dev+0x200/0x660 [ 77.691011][ T8449] blkdev_open+0x154/0x2b0 [ 77.695996][ T8449] do_dentry_open+0x4b9/0x11b0 [ 77.701956][ T8449] path_openat+0x1c0e/0x27e0 [ 77.707394][ T8449] do_filp_open+0x190/0x3d0 [ 77.712695][ T8449] do_sys_openat2+0x16d/0x420 [ 77.718009][ T8449] __x64_sys_open+0x119/0x1c0 [ 77.723236][ T8449] do_syscall_64+0x3a/0xb0 [ 77.728307][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.735695][ T8449] [ 77.735695][ T8449] -> #0 (&bdev->bd_mutex){+.+.}-{3:3}: [ 77.744205][ T8449] __lock_acquire+0x2a17/0x5230 [ 77.749741][ T8449] lock_acquire+0x1ab/0x740 [ 77.754818][ T8449] __mutex_lock+0x139/0x10c0 [ 77.760152][ T8449] del_gendisk+0x24b/0xa00 [ 77.766117][ T8449] loop_control_ioctl+0x40d/0x4f0 [ 77.772327][ T8449] __x64_sys_ioctl+0x193/0x200 [ 77.777734][ T8449] do_syscall_64+0x3a/0xb0 [ 77.782764][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.789667][ T8449] [ 77.789667][ T8449] other info that might help us debug this: [ 77.789667][ T8449] [ 77.800203][ T8449] Possible unsafe locking scenario: [ 77.800203][ T8449] [ 77.807648][ T8449] CPU0 CPU1 [ 77.813230][ T8449] ---- ---- [ 77.818786][ T8449] lock(loop_ctl_mutex); [ 77.823125][ T8449] lock(&bdev->bd_mutex); [ 77.830772][ T8449] lock(loop_ctl_mutex); [ 77.837875][ T8449] lock(&bdev->bd_mutex); [ 77.842596][ T8449] [ 77.842596][ T8449] *** DEADLOCK *** [ 77.842596][ T8449] [ 77.851172][ T8449] 1 lock held by syz-executor369/8449: [ 77.856823][ T8449] #0: ffffffff8ca6dc88 (loop_ctl_mutex){+.+.}-{3:3}, at: loop_control_ioctl+0x7b/0x4f0 [ 77.867132][ T8449] [ 77.867132][ T8449] stack backtrace: [ 77.873291][ T8449] CPU: 0 PID: 8449 Comm: syz-executor369 Not tainted 5.13.0-rc5-syzkaller #0 [ 77.882309][ T8449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.893109][ T8449] Call Trace: [ 77.896595][ T8449] dump_stack+0x141/0x1d7 [ 77.901136][ T8449] check_noncircular+0x25f/0x2e0 [ 77.906177][ T8449] ? print_circular_bug+0x1e0/0x1e0 [ 77.911392][ T8449] ? lockdep_lock+0xc6/0x200 [ 77.916277][ T8449] ? call_rcu_zapped+0xb0/0xb0 [ 77.921152][ T8449] ? mark_held_locks+0x9f/0xe0 [ 77.926023][ T8449] __lock_acquire+0x2a17/0x5230 [ 77.930968][ T8449] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 77.937281][ T8449] lock_acquire+0x1ab/0x740 [ 77.941913][ T8449] ? del_gendisk+0x24b/0xa00 [ 77.946730][ T8449] ? lock_release+0x720/0x720 [ 77.951862][ T8449] ? find_held_lock+0x2d/0x110 [ 77.957215][ T8449] __mutex_lock+0x139/0x10c0 [ 77.962203][ T8449] ? del_gendisk+0x24b/0xa00 [ 77.967303][ T8449] ? mutex_lock_io_nested+0xf20/0xf20 [ 77.972995][ T8449] ? del_gendisk+0x24b/0xa00 [ 77.977959][ T8449] ? __mutex_unlock_slowpath+0xe2/0x610 [ 77.984060][ T8449] ? mutex_lock_io_nested+0xf20/0xf20 [ 77.989459][ T8449] ? wait_for_completion_io+0x270/0x270 [ 77.995111][ T8449] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 78.001808][ T8449] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 78.007465][ T8449] ? sysfs_remove_files+0x87/0xf0 [ 78.013437][ T8449] del_gendisk+0x24b/0xa00 [ 78.018058][ T8449] loop_control_ioctl+0x40d/0x4f0 [ 78.023104][ T8449] ? loop_lookup+0x1d0/0x1d0 [ 78.027823][ T8449] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 78.034714][ T8449] ? loop_lookup+0x1d0/0x1d0 [ 78.039753][ T8449] __x64_sys_ioctl+0x193/0x200 [ 78.044813][ T8449] do_syscall_64+0x3a/0xb0 [ 78.049280][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 78.055416][ T8449] RIP: 0033:0x43ee49 [ 78.059612][ T8449] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 executing program [ 78.079713][ T8449] RSP: 002b:00007fff64017368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 78.088244][ T8449] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043ee49 [ 78.096352][ T8449] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000003 [ 78.104498][ T8449] RBP: 0000000000402e30 R08: 0000000000000000 R09: 0000000000400488 [ 78.113298][ T8449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402ec0 [ 78.121308][ T8449] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488