[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 78.456386][ T8486] netlink: 4 bytes leftover after parsing attributes in process `syz-executor246'. [ 78.467368][ T8486] netlink: 4 bytes leftover after parsing attributes in process `syz-executor246'. [ 78.478582][ T8486] nbd: socks must be embedded in a SOCK_ITEM attr [ 78.487138][ T8486] [ 78.489784][ T8486] ====================================================== [ 78.496892][ T8486] WARNING: possible circular locking dependency detected [ 78.503899][ T8486] 5.13.0-syzkaller #0 Not tainted [ 78.509014][ T8486] ------------------------------------------------------ [ 78.516143][ T8486] syz-executor246/8486 is trying to acquire lock: [ 78.522655][ T8486] ffff88801edfed18 (&disk->open_mutex){+.+.}-{3:3}, at: del_gendisk+0x8b/0x770 [ 78.532222][ T8486] [ 78.532222][ T8486] but task is already holding lock: [ 78.540041][ T8486] ffffffff8cc7cb68 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 78.550622][ T8486] [ 78.550622][ T8486] which lock already depends on the new lock. [ 78.550622][ T8486] [ 78.561292][ T8486] [ 78.561292][ T8486] the existing dependency chain (in reverse order) is: [ 78.570600][ T8486] [ 78.570600][ T8486] -> #1 (nbd_index_mutex){+.+.}-{3:3}: [ 78.578944][ T8486] __mutex_lock+0x12a/0x10a0 [ 78.584425][ T8486] nbd_open+0x7d/0x8a0 [ 78.589442][ T8486] blkdev_get_whole+0xa1/0x420 [ 78.595706][ T8486] blkdev_get_by_dev.part.0+0x30c/0xdd0 [ 78.601784][ T8486] blkdev_open+0x295/0x300 [ 78.606926][ T8486] do_dentry_open+0x4c8/0x11c0 [ 78.612300][ T8486] path_openat+0x1c0e/0x27e0 [ 78.617485][ T8486] do_filp_open+0x190/0x3d0 [ 78.622757][ T8486] do_sys_openat2+0x16d/0x420 [ 78.628028][ T8486] __x64_sys_open+0x119/0x1c0 [ 78.633299][ T8486] do_syscall_64+0x35/0xb0 [ 78.638217][ T8486] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 78.644709][ T8486] [ 78.644709][ T8486] -> #0 (&disk->open_mutex){+.+.}-{3:3}: [ 78.652999][ T8486] __lock_acquire+0x2a07/0x54a0 [ 78.658688][ T8486] lock_acquire+0x1ab/0x510 [ 78.663930][ T8486] __mutex_lock+0x12a/0x10a0 [ 78.669039][ T8486] del_gendisk+0x8b/0x770 [ 78.673922][ T8486] nbd_put.part.0+0x82/0x160 [ 78.679074][ T8486] nbd_genl_connect+0x1214/0x1660 [ 78.684739][ T8486] genl_family_rcv_msg_doit+0x228/0x320 [ 78.690969][ T8486] genl_rcv_msg+0x328/0x580 [ 78.695979][ T8486] netlink_rcv_skb+0x153/0x420 [ 78.701249][ T8486] genl_rcv+0x24/0x40 [ 78.705776][ T8486] netlink_unicast+0x533/0x7d0 [ 78.711557][ T8486] netlink_sendmsg+0x85b/0xda0 [ 78.717379][ T8486] sock_sendmsg+0xcf/0x120 [ 78.722422][ T8486] ____sys_sendmsg+0x6e8/0x810 [ 78.727712][ T8486] ___sys_sendmsg+0xf3/0x170 [ 78.732972][ T8486] __sys_sendmsg+0xe5/0x1b0 [ 78.738014][ T8486] do_syscall_64+0x35/0xb0 [ 78.743035][ T8486] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 78.749542][ T8486] [ 78.749542][ T8486] other info that might help us debug this: [ 78.749542][ T8486] [ 78.760094][ T8486] Possible unsafe locking scenario: [ 78.760094][ T8486] [ 78.767540][ T8486] CPU0 CPU1 [ 78.773083][ T8486] ---- ---- [ 78.778607][ T8486] lock(nbd_index_mutex); [ 78.783108][ T8486] lock(&disk->open_mutex); [ 78.790282][ T8486] lock(nbd_index_mutex); [ 78.797642][ T8486] lock(&disk->open_mutex); [ 78.802474][ T8486] [ 78.802474][ T8486] *** DEADLOCK *** [ 78.802474][ T8486] [ 78.810680][ T8486] 3 locks held by syz-executor246/8486: [ 78.816582][ T8486] #0: ffffffff8d94a490 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 78.825232][ T8486] #1: ffffffff8d94a548 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 [ 78.834680][ T8486] #2: ffffffff8cc7cb68 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 78.845704][ T8486] [ 78.845704][ T8486] stack backtrace: [ 78.852069][ T8486] CPU: 0 PID: 8486 Comm: syz-executor246 Not tainted 5.13.0-syzkaller #0 [ 78.860708][ T8486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.871075][ T8486] Call Trace: [ 78.874375][ T8486] dump_stack_lvl+0xcd/0x134 [ 78.878979][ T8486] check_noncircular+0x25f/0x2e0 [ 78.883951][ T8486] ? print_circular_bug+0x1e0/0x1e0 [ 78.890953][ T8486] ? kmem_cache_free+0x8e/0x5a0 [ 78.896282][ T8486] ? lockdep_lock+0xc6/0x200 [ 78.900985][ T8486] ? call_rcu_zapped+0xb0/0xb0 [ 78.905944][ T8486] __lock_acquire+0x2a07/0x54a0 [ 78.910916][ T8486] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 78.919273][ T8486] ? mark_held_locks+0x9f/0xe0 [ 78.924047][ T8486] lock_acquire+0x1ab/0x510 [ 78.928551][ T8486] ? del_gendisk+0x8b/0x770 [ 78.933056][ T8486] ? lock_release+0x720/0x720 [ 78.937719][ T8486] ? lockdep_hardirqs_on+0x79/0x100 [ 78.942909][ T8486] __mutex_lock+0x12a/0x10a0 [ 78.947485][ T8486] ? del_gendisk+0x8b/0x770 [ 78.951973][ T8486] ? lock_downgrade+0x6e0/0x6e0 [ 78.956805][ T8486] ? del_gendisk+0x8b/0x770 [ 78.961920][ T8486] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 78.968280][ T8486] ? mutex_lock_io_nested+0xf00/0xf00 [ 78.973830][ T8486] ? kobj_kset_leave+0x12/0x200 [ 78.978761][ T8486] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 78.985091][ T8486] ? kobject_put+0xb9/0x540 [ 78.989709][ T8486] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 78.995650][ T8486] ? kfree_const+0x35/0x60 [ 79.000180][ T8486] del_gendisk+0x8b/0x770 [ 79.005423][ T8486] ? nbd_config_put+0x5e8/0x8e0 [ 79.010461][ T8486] nbd_put.part.0+0x82/0x160 [ 79.015063][ T8486] nbd_genl_connect+0x1214/0x1660 [ 79.020522][ T8486] ? nbd_start_device+0xd50/0xd50 [ 79.025547][ T8486] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 79.032214][ T8486] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 79.039945][ T8486] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 79.047863][ T8486] genl_family_rcv_msg_doit+0x228/0x320 [ 79.054133][ T8486] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 79.061998][ T8486] ? genl_op_from_small+0x23/0x3c0 [ 79.067111][ T8486] ? genl_get_cmd+0x3cf/0x480 [ 79.071869][ T8486] genl_rcv_msg+0x328/0x580 [ 79.076539][ T8486] ? genl_get_cmd+0x480/0x480 [ 79.081306][ T8486] ? nbd_start_device+0xd50/0xd50 [ 79.086578][ T8486] ? lock_release+0x720/0x720 [ 79.091731][ T8486] netlink_rcv_skb+0x153/0x420 [ 79.096675][ T8486] ? genl_get_cmd+0x480/0x480 [ 79.101375][ T8486] ? netlink_ack+0xa60/0xa60 [ 79.106713][ T8486] genl_rcv+0x24/0x40 [ 79.110817][ T8486] netlink_unicast+0x533/0x7d0 [ 79.115687][ T8486] ? netlink_attachskb+0x890/0x890 [ 79.120904][ T8486] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 79.127380][ T8486] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 79.133843][ T8486] ? __phys_addr_symbol+0x2c/0x70 [ 79.138966][ T8486] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 79.145021][ T8486] ? __check_object_size+0x16e/0x3f0 [ 79.150595][ T8486] netlink_sendmsg+0x85b/0xda0 [ 79.155462][ T8486] ? netlink_unicast+0x7d0/0x7d0 [ 79.160556][ T8486] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 79.167289][ T8486] ? netlink_unicast+0x7d0/0x7d0 [ 79.172877][ T8486] sock_sendmsg+0xcf/0x120 [ 79.177310][ T8486] ____sys_sendmsg+0x6e8/0x810 [ 79.182125][ T8486] ? kernel_sendmsg+0x50/0x50 [ 79.187283][ T8486] ? do_recvmmsg+0x6d0/0x6d0 [ 79.192165][ T8486] ? lock_chain_count+0x20/0x20 [ 79.197194][ T8486] ? netlink_recvmsg+0x826/0xeb0 [ 79.202667][ T8486] ___sys_sendmsg+0xf3/0x170 [ 79.207258][ T8486] ? sendmsg_copy_msghdr+0x160/0x160 [ 79.212812][ T8486] ? __lock_acquire+0x162f/0x54a0 [ 79.218002][ T8486] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 79.224203][ T8486] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 79.230195][ T8486] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 79.236502][ T8486] ? __fget_light+0x215/0x280 [ 79.241340][ T8486] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 79.247905][ T8486] __sys_sendmsg+0xe5/0x1b0 [ 79.252736][ T8486] ? __sys_sendmsg_sock+0x30/0x30 [ 79.257945][ T8486] ? syscall_enter_from_user_mode+0x21/0x70 [ 79.264645][ T8486] do_syscall_64+0x35/0xb0 [ 79.269277][ T8486] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 79.275895][ T8486] RIP: 0033:0x43fa29 [ 79.280002][ T8486] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 79.299736][ T8486] RSP: 002b:00007ffec50338c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 79.308310][ T8486] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fa29 [ 79.316387][ T8486] RDX: 0000000000000000 RSI: 0000000020000b40 RDI: 0000000000000003 [ 79.324361][ T8486] RBP: 0000000000403490 R08: 0000000000000000 R09: 00000000004004a0 [ 79.332317][ T8486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403520 [ 79.340274][ T8486] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 79.364384][ T8486] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 79.376148][ T8486] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 79.385092][ T8486] CPU: 1 PID: 8486 Comm: syz-executor246 Not tainted 5.13.0-syzkaller #0 [ 79.393633][ T8486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.403960][ T8486] RIP: 0010:blk_mq_run_hw_queues+0x32b/0x4a0 [ 79.409962][ T8486] Code: ea 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 8b 45 00 89 db 48 8d 1c 98 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed [ 79.430277][ T8486] RSP: 0018:ffffc90003b073b0 EFLAGS: 00010247 [ 79.437144][ T8486] RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 79.445664][ T8486] RDX: 0000000000000000 RSI: ffffffff83be8009 RDI: ffff888146046e00 [ 79.454016][ T8486] RBP: ffff88801f280000 R08: 0000000000000000 R09: ffff888146046d77 [ 79.462551][ T8486] R10: ffffffff83be7e41 R11: 0000000000000000 R12: ffff888146046430 [ 79.470805][ T8486] R13: ffff88801f0fa640 R14: ffff888018c9cc08 R15: 0000000000000001 [ 79.478883][ T8486] FS: 0000000000d2a300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 79.488315][ T8486] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.495367][ T8486] CR2: 00007f0078bf5000 CR3: 000000002a607000 CR4: 00000000001506e0 [ 79.503348][ T8486] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.511592][ T8486] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.519729][ T8486] Call Trace: [ 79.523002][ T8486] blk_freeze_queue_start+0xc4/0xe0 [ 79.528285][ T8486] blk_set_queue_dying+0x24/0x80 [ 79.533325][ T8486] blk_cleanup_queue+0x7b/0x1e0 [ 79.538175][ T8486] blk_cleanup_disk+0x33/0x80 [ 79.542870][ T8486] nbd_put.part.0+0x92/0x160 [ 79.547485][ T8486] nbd_genl_connect+0x1214/0x1660 [ 79.552528][ T8486] ? nbd_start_device+0xd50/0xd50 [ 79.557546][ T8486] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 79.564146][ T8486] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 79.571513][ T8486] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 79.578826][ T8486] genl_family_rcv_msg_doit+0x228/0x320 [ 79.584365][ T8486] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 79.591733][ T8486] ? genl_op_from_small+0x23/0x3c0 [ 79.596922][ T8486] ? genl_get_cmd+0x3cf/0x480 [ 79.601868][ T8486] genl_rcv_msg+0x328/0x580 [ 79.606382][ T8486] ? genl_get_cmd+0x480/0x480 [ 79.611049][ T8486] ? nbd_start_device+0xd50/0xd50 [ 79.616211][ T8486] ? lock_release+0x720/0x720 [ 79.621085][ T8486] netlink_rcv_skb+0x153/0x420 [ 79.625841][ T8486] ? genl_get_cmd+0x480/0x480 [ 79.630516][ T8486] ? netlink_ack+0xa60/0xa60 [ 79.635098][ T8486] genl_rcv+0x24/0x40 [ 79.639244][ T8486] netlink_unicast+0x533/0x7d0 [ 79.644260][ T8486] ? netlink_attachskb+0x890/0x890 [ 79.649732][ T8486] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 79.656139][ T8486] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 79.662470][ T8486] ? __phys_addr_symbol+0x2c/0x70 [ 79.667487][ T8486] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 79.673367][ T8486] ? __check_object_size+0x16e/0x3f0 [ 79.678747][ T8486] netlink_sendmsg+0x85b/0xda0 [ 79.683612][ T8486] ? netlink_unicast+0x7d0/0x7d0 [ 79.688631][ T8486] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 79.694865][ T8486] ? netlink_unicast+0x7d0/0x7d0 [ 79.700171][ T8486] sock_sendmsg+0xcf/0x120 [ 79.704843][ T8486] ____sys_sendmsg+0x6e8/0x810 [ 79.709600][ T8486] ? kernel_sendmsg+0x50/0x50 [ 79.714284][ T8486] ? do_recvmmsg+0x6d0/0x6d0 [ 79.718999][ T8486] ? lock_chain_count+0x20/0x20 [ 79.723855][ T8486] ? netlink_recvmsg+0x826/0xeb0 [ 79.728790][ T8486] ___sys_sendmsg+0xf3/0x170 [ 79.733370][ T8486] ? sendmsg_copy_msghdr+0x160/0x160 [ 79.738768][ T8486] ? __lock_acquire+0x162f/0x54a0 [ 79.743872][ T8486] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 79.749945][ T8486] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 79.756211][ T8486] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 79.762442][ T8486] ? __fget_light+0x215/0x280 [ 79.767107][ T8486] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 79.773601][ T8486] __sys_sendmsg+0xe5/0x1b0 [ 79.778194][ T8486] ? __sys_sendmsg_sock+0x30/0x30 [ 79.783682][ T8486] ? syscall_enter_from_user_mode+0x21/0x70 [ 79.789668][ T8486] do_syscall_64+0x35/0xb0 [ 79.794599][ T8486] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 79.800602][ T8486] RIP: 0033:0x43fa29 [ 79.804835][ T8486] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 79.825511][ T8486] RSP: 002b:00007ffec50338c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 79.833915][ T8486] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fa29 [ 79.842147][ T8486] RDX: 0000000000000000 RSI: 0000000020000b40 RDI: 0000000000000003 [ 79.850103][ T8486] RBP: 0000000000403490 R08: 0000000000000000 R09: 00000000004004a0 [ 79.858342][ T8486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403520 [ 79.867353][ T8486] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 79.875345][ T8486] Modules linked in: [ 79.882393][ T8486] ---[ end trace 8be05dc327ff2215 ]--- [ 79.888540][ T8486] RIP: 0010:blk_mq_run_hw_queues+0x32b/0x4a0 [ 79.894989][ T8486] Code: ea 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 8b 45 00 89 db 48 8d 1c 98 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed [ 79.895015][ T8486] RSP: 0018:ffffc90003b073b0 EFLAGS: 00010247 [ 79.895033][ T8486] RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 79.895049][ T8486] RDX: 0000000000000000 RSI: ffffffff83be8009 RDI: ffff888146046e00 [ 79.895063][ T8486] RBP: ffff88801f280000 R08: 0000000000000000 R09: ffff888146046d77 [ 79.895078][ T8486] R10: ffffffff83be7e41 R11: 0000000000000000 R12: ffff888146046430 [ 79.895093][ T8486] R13: ffff88801f0fa640 R14: ffff888018c9cc08 R15: 0000000000000001 [ 79.895109][ T8486] FS: 0000000000d2a300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 79.895132][ T8486] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.978927][ T8486] CR2: 00007f011403e0a8 CR3: 000000002a607000 CR4: 00000000001506e0 [ 79.988603][ T8486] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.997713][ T8486] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.006045][ T8486] Kernel panic - not syncing: Fatal exception [ 80.013936][ T8486] Kernel Offset: disabled [ 80.018268][ T8486] Rebooting in 86400 seconds..