[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.127' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 56.713568][ T8440] [ 56.716142][ T8440] ====================================================== [ 56.723472][ T8440] WARNING: possible circular locking dependency detected [ 56.730462][ T8440] 5.14.0-rc7-syzkaller #0 Not tainted [ 56.735807][ T8440] ------------------------------------------------------ [ 56.742799][ T8440] syz-executor200/8440 is trying to acquire lock: [ 56.749497][ T8440] ffff88801e410518 (&disk->open_mutex){+.+.}-{3:3}, at: del_gendisk+0x8b/0x770 [ 56.758466][ T8440] [ 56.758466][ T8440] but task is already holding lock: [ 56.765891][ T8440] ffffffff8c489aa8 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 56.776124][ T8440] [ 56.776124][ T8440] which lock already depends on the new lock. [ 56.776124][ T8440] [ 56.787155][ T8440] [ 56.787155][ T8440] the existing dependency chain (in reverse order) is: [ 56.796405][ T8440] [ 56.796405][ T8440] -> #1 (nbd_index_mutex){+.+.}-{3:3}: [ 56.804028][ T8440] __mutex_lock+0x12a/0x10a0 [ 56.809311][ T8440] nbd_open+0x7d/0x8a0 [ 56.813887][ T8440] blkdev_get_whole+0xa1/0x420 [ 56.819241][ T8440] blkdev_get_by_dev.part.0+0x30c/0xdd0 [ 56.825290][ T8440] blkdev_open+0x295/0x300 [ 56.830294][ T8440] do_dentry_open+0x4c8/0x11d0 [ 56.835738][ T8440] path_openat+0x1c23/0x27f0 [ 56.840857][ T8440] do_filp_open+0x1aa/0x400 [ 56.845971][ T8440] do_sys_openat2+0x16d/0x420 [ 56.851181][ T8440] __x64_sys_open+0x119/0x1c0 [ 56.856368][ T8440] do_syscall_64+0x35/0xb0 [ 56.861492][ T8440] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.867888][ T8440] [ 56.867888][ T8440] -> #0 (&disk->open_mutex){+.+.}-{3:3}: [ 56.875683][ T8440] __lock_acquire+0x2a07/0x54a0 [ 56.881300][ T8440] lock_acquire+0x1ab/0x510 [ 56.886304][ T8440] __mutex_lock+0x12a/0x10a0 [ 56.891398][ T8440] del_gendisk+0x8b/0x770 [ 56.896409][ T8440] nbd_put.part.0+0x82/0x160 [ 56.901523][ T8440] nbd_genl_connect+0x1383/0x1820 [ 56.907141][ T8440] genl_family_rcv_msg_doit+0x228/0x320 [ 56.913294][ T8440] genl_rcv_msg+0x328/0x580 [ 56.918326][ T8440] netlink_rcv_skb+0x153/0x420 [ 56.923692][ T8440] genl_rcv+0x24/0x40 [ 56.928182][ T8440] netlink_unicast+0x533/0x7d0 [ 56.933448][ T8440] netlink_sendmsg+0x86d/0xdb0 [ 56.938716][ T8440] sock_sendmsg+0xcf/0x120 [ 56.943726][ T8440] ____sys_sendmsg+0x6e8/0x810 [ 56.948995][ T8440] ___sys_sendmsg+0xf3/0x170 [ 56.954089][ T8440] __sys_sendmsg+0xe5/0x1b0 [ 56.959098][ T8440] do_syscall_64+0x35/0xb0 [ 56.964025][ T8440] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.970422][ T8440] [ 56.970422][ T8440] other info that might help us debug this: [ 56.970422][ T8440] [ 56.980636][ T8440] Possible unsafe locking scenario: [ 56.980636][ T8440] [ 56.988068][ T8440] CPU0 CPU1 [ 56.993523][ T8440] ---- ---- [ 56.998865][ T8440] lock(nbd_index_mutex); [ 57.003262][ T8440] lock(&disk->open_mutex); [ 57.010437][ T8440] lock(nbd_index_mutex); [ 57.017352][ T8440] lock(&disk->open_mutex); [ 57.022006][ T8440] [ 57.022006][ T8440] *** DEADLOCK *** [ 57.022006][ T8440] [ 57.030126][ T8440] 3 locks held by syz-executor200/8440: [ 57.035738][ T8440] #0: ffffffff8d1601d0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 57.043907][ T8440] #1: ffffffff8d160288 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 [ 57.052937][ T8440] #2: ffffffff8c489aa8 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 57.063618][ T8440] [ 57.063618][ T8440] stack backtrace: [ 57.069480][ T8440] CPU: 0 PID: 8440 Comm: syz-executor200 Not tainted 5.14.0-rc7-syzkaller #0 [ 57.078307][ T8440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.088341][ T8440] Call Trace: [ 57.091603][ T8440] dump_stack_lvl+0xcd/0x134 [ 57.096376][ T8440] check_noncircular+0x25f/0x2e0 [ 57.101298][ T8440] ? print_circular_bug+0x1e0/0x1e0 [ 57.106478][ T8440] ? kmem_cache_free+0x8a/0x5b0 [ 57.111317][ T8440] ? lockdep_lock+0xc6/0x200 [ 57.115894][ T8440] ? call_rcu_zapped+0xb0/0xb0 [ 57.120731][ T8440] ? __kobject_del+0xea/0x200 [ 57.125394][ T8440] __lock_acquire+0x2a07/0x54a0 [ 57.130234][ T8440] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 57.136447][ T8440] lock_acquire+0x1ab/0x510 [ 57.140934][ T8440] ? del_gendisk+0x8b/0x770 [ 57.145422][ T8440] ? lock_release+0x720/0x720 [ 57.150080][ T8440] ? lockdep_hardirqs_on+0x79/0x100 [ 57.155355][ T8440] __mutex_lock+0x12a/0x10a0 [ 57.159932][ T8440] ? del_gendisk+0x8b/0x770 [ 57.164423][ T8440] ? lock_downgrade+0x6e0/0x6e0 [ 57.169280][ T8440] ? del_gendisk+0x8b/0x770 [ 57.173795][ T8440] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 57.180044][ T8440] ? mutex_lock_io_nested+0xf00/0xf00 [ 57.185512][ T8440] ? kobj_kset_leave+0x12/0x200 [ 57.190370][ T8440] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 57.196596][ T8440] ? kobject_put+0xb9/0x540 [ 57.201084][ T8440] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 57.206895][ T8440] ? kfree_const+0x35/0x60 [ 57.211559][ T8440] del_gendisk+0x8b/0x770 [ 57.215875][ T8440] ? nbd_config_put+0x61b/0xa00 [ 57.220716][ T8440] nbd_put.part.0+0x82/0x160 [ 57.225290][ T8440] nbd_genl_connect+0x1383/0x1820 [ 57.230301][ T8440] ? nbd_start_device+0xd50/0xd50 [ 57.235314][ T8440] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 57.241538][ T8440] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 57.248896][ T8440] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 57.256168][ T8440] genl_family_rcv_msg_doit+0x228/0x320 [ 57.261876][ T8440] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 57.269237][ T8440] ? genl_op_from_small+0x23/0x3c0 [ 57.274337][ T8440] ? genl_get_cmd+0x3cf/0x480 [ 57.279091][ T8440] genl_rcv_msg+0x328/0x580 [ 57.283670][ T8440] ? genl_get_cmd+0x480/0x480 [ 57.288332][ T8440] ? nbd_start_device+0xd50/0xd50 [ 57.293340][ T8440] ? lock_release+0x720/0x720 [ 57.298089][ T8440] netlink_rcv_skb+0x153/0x420 [ 57.302840][ T8440] ? genl_get_cmd+0x480/0x480 [ 57.307505][ T8440] ? netlink_ack+0xa60/0xa60 [ 57.312169][ T8440] ? _copy_from_iter+0x12b/0x1320 [ 57.317267][ T8440] genl_rcv+0x24/0x40 [ 57.321240][ T8440] netlink_unicast+0x533/0x7d0 [ 57.326284][ T8440] ? netlink_attachskb+0x890/0x890 [ 57.331487][ T8440] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 57.337711][ T8440] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 57.344109][ T8440] ? __phys_addr_symbol+0x2c/0x70 [ 57.349118][ T8440] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 57.354822][ T8440] ? __check_object_size+0x16e/0x3f0 [ 57.360091][ T8440] netlink_sendmsg+0x86d/0xdb0 [ 57.364839][ T8440] ? netlink_unicast+0x7d0/0x7d0 [ 57.369764][ T8440] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 57.375988][ T8440] ? netlink_unicast+0x7d0/0x7d0 [ 57.380997][ T8440] sock_sendmsg+0xcf/0x120 [ 57.385398][ T8440] ____sys_sendmsg+0x6e8/0x810 [ 57.390145][ T8440] ? kernel_sendmsg+0x50/0x50 [ 57.394982][ T8440] ? do_recvmmsg+0x6d0/0x6d0 [ 57.399559][ T8440] ? lock_chain_count+0x20/0x20 [ 57.404393][ T8440] ? netlink_recvmsg+0x826/0xea0 [ 57.409321][ T8440] ___sys_sendmsg+0xf3/0x170 [ 57.413897][ T8440] ? sendmsg_copy_msghdr+0x160/0x160 [ 57.419600][ T8440] ? __lock_acquire+0x162f/0x54a0 [ 57.424637][ T8440] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 57.430690][ T8440] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 57.436678][ T8440] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 57.442906][ T8440] ? __fget_light+0x215/0x280 [ 57.447570][ T8440] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 57.453794][ T8440] __sys_sendmsg+0xe5/0x1b0 [ 57.458299][ T8440] ? __sys_sendmsg_sock+0x30/0x30 [ 57.463311][ T8440] ? syscall_enter_from_user_mode+0x21/0x70 [ 57.469198][ T8440] do_syscall_64+0x35/0xb0 [ 57.473603][ T8440] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.479481][ T8440] RIP: 0033:0x43fa59 [ 57.483357][ T8440] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.502947][ T8440] RSP: 002b:00007ffdc77b96d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 57.511341][ T8440] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fa59 [ 57.519295][ T8440] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 57.527248][ T8440] RBP: 00000000004034c0 R08: 0000000000000004 R09: 00000000004004a0 [ 57.535199][ T8440] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000403550 [ 57.543156][ T8440] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0