[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.247863] audit: type=1400 audit(1596594431.243:8): avc: denied { execmem } for pid=6347 comm="syz-executor271" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 33.249298] [ 33.269553] ====================================================== [ 33.275844] WARNING: possible circular locking dependency detected [ 33.282269] 4.14.191-syzkaller #0 Not tainted [ 33.287272] ------------------------------------------------------ [ 33.293559] syz-executor271/6347 is trying to acquire lock: [ 33.299244] (&bdev->bd_mutex){+.+.}, at: [] blkdev_reread_part+0x1b/0x40 [ 33.307711] [ 33.307711] but task is already holding lock: [ 33.313828] (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x11f/0xa80 [ 33.321862] [ 33.321862] which lock already depends on the new lock. [ 33.321862] [ 33.330177] [ 33.330177] the existing dependency chain (in reverse order) is: [ 33.337794] [ 33.337794] -> #2 (&nbd->config_lock){+.+.}: [ 33.343661] __mutex_lock+0xc4/0x1310 [ 33.347956] nbd_open+0x1b4/0x380 [ 33.351901] __blkdev_get+0x306/0x1090 [ 33.356278] blkdev_get+0x88/0x890 [ 33.360310] blkdev_open+0x1cc/0x250 [ 33.364519] do_dentry_open+0x44b/0xec0 [ 33.368990] vfs_open+0x105/0x220 [ 33.372935] path_openat+0x628/0x2970 [ 33.377225] do_filp_open+0x179/0x3c0 [ 33.381517] do_sys_open+0x296/0x410 [ 33.385724] do_syscall_64+0x1d5/0x640 [ 33.390115] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.395798] [ 33.395798] -> #1 (nbd_index_mutex){+.+.}: [ 33.401510] __mutex_lock+0xc4/0x1310 [ 33.405823] nbd_open+0x22/0x380 [ 33.409685] __blkdev_get+0x306/0x1090 [ 33.414071] blkdev_get+0x88/0x890 [ 33.418104] blkdev_open+0x1cc/0x250 [ 33.422335] do_dentry_open+0x44b/0xec0 [ 33.426805] vfs_open+0x105/0x220 [ 33.430750] path_openat+0x628/0x2970 [ 33.435042] do_filp_open+0x179/0x3c0 [ 33.439335] do_sys_open+0x296/0x410 [ 33.443540] do_syscall_64+0x1d5/0x640 [ 33.447922] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.453599] [ 33.453599] -> #0 (&bdev->bd_mutex){+.+.}: [ 33.459286] lock_acquire+0x170/0x3f0 [ 33.463581] __mutex_lock+0xc4/0x1310 [ 33.467874] blkdev_reread_part+0x1b/0x40 [ 33.472511] nbd_ioctl+0x7c9/0xa80 [ 33.476556] blkdev_ioctl+0x540/0x1830 [ 33.481022] block_ioctl+0xd9/0x120 [ 33.485145] do_vfs_ioctl+0x75a/0xff0 [ 33.489435] SyS_ioctl+0x7f/0xb0 [ 33.493296] do_syscall_64+0x1d5/0x640 [ 33.497679] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.503367] [ 33.503367] other info that might help us debug this: [ 33.503367] [ 33.511478] Chain exists of: [ 33.511478] &bdev->bd_mutex --> nbd_index_mutex --> &nbd->config_lock [ 33.511478] [ 33.522548] Possible unsafe locking scenario: [ 33.522548] [ 33.528662] CPU0 CPU1 [ 33.533303] ---- ---- [ 33.537938] lock(&nbd->config_lock); [ 33.541795] lock(nbd_index_mutex); [ 33.547999] lock(&nbd->config_lock); [ 33.554397] lock(&bdev->bd_mutex); [ 33.558098] [ 33.558098] *** DEADLOCK *** [ 33.558098] [ 33.564138] 1 lock held by syz-executor271/6347: [ 33.568862] #0: (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x11f/0xa80 [ 33.577330] [ 33.577330] stack backtrace: [ 33.581804] CPU: 1 PID: 6347 Comm: syz-executor271 Not tainted 4.14.191-syzkaller #0 [ 33.589740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.599064] Call Trace: [ 33.601625] dump_stack+0x1b2/0x283 [ 33.605227] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 33.610996] __lock_acquire+0x2e0e/0x3f20 [ 33.615118] ? trace_hardirqs_on+0x10/0x10 [ 33.619326] ? add_lock_to_list.constprop.0+0x17d/0x330 [ 33.624658] ? save_trace+0xd6/0x290 [ 33.628529] lock_acquire+0x170/0x3f0 [ 33.632307] ? blkdev_reread_part+0x1b/0x40 [ 33.636600] ? blkdev_reread_part+0x1b/0x40 [ 33.640892] __mutex_lock+0xc4/0x1310 [ 33.644664] ? blkdev_reread_part+0x1b/0x40 [ 33.648974] ? __mutex_lock+0x360/0x1310 [ 33.653009] ? __get_super.part.0+0xbb/0x390 [ 33.657387] ? blkdev_reread_part+0x1b/0x40 [ 33.661696] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 33.667118] ? lock_downgrade+0x740/0x740 [ 33.671259] ? nbd_ioctl+0x7ae/0xa80 [ 33.674943] ? lock_downgrade+0x740/0x740 [ 33.679060] blkdev_reread_part+0x1b/0x40 [ 33.683183] nbd_ioctl+0x7c9/0xa80 [ 33.686709] ? kasan_slab_free+0xc3/0x1a0 [ 33.690827] ? nbd_disconnect_and_put+0x140/0x140 [ 33.695640] ? do_syscall_64+0x1d5/0x640 [ 33.699672] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.705010] ? path_lookupat+0x780/0x780 [ 33.709044] ? debug_check_no_obj_freed+0x2c0/0x674 [ 33.714032] ? nbd_disconnect_and_put+0x140/0x140 [ 33.718844] blkdev_ioctl+0x540/0x1830 [ 33.722702] ? blkpg_ioctl+0x8d0/0x8d0 [ 33.726570] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 33.731644] block_ioctl+0xd9/0x120 [ 33.735243] ? blkdev_fallocate+0x3a0/0x3a0 [ 33.739536] do_vfs_ioctl+0x75a/0xff0 [ 33.743306] ? selinux_inode_setxattr+0x730/0x730 [ 33.748120] ? ioctl_preallocate+0x1a0/0x1a0 [ 33.752500] ? kmem_cache_free+0x23a/0x2b0 [ 33.756717] ? putname+0xcd/0x110 [ 33.760153] ? do_sys_open+0x208/0x410 [ 33.764026] ? security_file_ioctl+0x83/0xb0 [ 33.768403] SyS_ioctl+0x7f/0xb0 [ 33.771758] ? do_vfs_ioctl+0xff0/0xff0 [ 33.775704] do_syscall_64+0x1d5/0x640 [ 33.779569] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.784728] RIP: 0033:0x443ec9 [ 33.787908] RSP: 002b:00007ffd8db68398 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 33.795585] RAX: ffffffffffffffda RBX: 000000000040