[ OK ] Started Getty on tty2. Starting Load/Save RF Kill Switch Status... [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.59' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.996067][ T8453] [ 71.998492][ T8453] ====================================================== [ 72.005487][ T8453] WARNING: possible circular locking dependency detected [ 72.012495][ T8453] 5.13.0-syzkaller #0 Not tainted [ 72.017497][ T8453] ------------------------------------------------------ [ 72.024521][ T8453] syz-executor385/8453 is trying to acquire lock: [ 72.030936][ T8453] ffff88801f052d18 (&disk->open_mutex){+.+.}-{3:3}, at: del_gendisk+0x8b/0x770 [ 72.039916][ T8453] [ 72.039916][ T8453] but task is already holding lock: [ 72.047264][ T8453] ffffffff8cc7cb68 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 72.057445][ T8453] [ 72.057445][ T8453] which lock already depends on the new lock. [ 72.057445][ T8453] [ 72.067842][ T8453] [ 72.067842][ T8453] the existing dependency chain (in reverse order) is: [ 72.076836][ T8453] [ 72.076836][ T8453] -> #1 (nbd_index_mutex){+.+.}-{3:3}: [ 72.084486][ T8453] __mutex_lock+0x12a/0x10a0 [ 72.089626][ T8453] nbd_open+0x7d/0x8a0 [ 72.094195][ T8453] blkdev_get_whole+0xa1/0x420 [ 72.099465][ T8453] blkdev_get_by_dev.part.0+0x30c/0xdd0 [ 72.105531][ T8453] blkdev_open+0x295/0x300 [ 72.110461][ T8453] do_dentry_open+0x4c8/0x11c0 [ 72.115726][ T8453] path_openat+0x1c0e/0x27e0 [ 72.120837][ T8453] do_filp_open+0x190/0x3d0 [ 72.125845][ T8453] do_sys_openat2+0x16d/0x420 [ 72.131033][ T8453] __x64_sys_open+0x119/0x1c0 [ 72.136239][ T8453] do_syscall_64+0x35/0xb0 [ 72.141168][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.147590][ T8453] [ 72.147590][ T8453] -> #0 (&disk->open_mutex){+.+.}-{3:3}: [ 72.155438][ T8453] __lock_acquire+0x2a07/0x54a0 [ 72.160803][ T8453] lock_acquire+0x1ab/0x510 [ 72.165818][ T8453] __mutex_lock+0x12a/0x10a0 [ 72.170917][ T8453] del_gendisk+0x8b/0x770 [ 72.175755][ T8453] nbd_put.part.0+0x82/0x160 [ 72.180872][ T8453] nbd_genl_connect+0x1214/0x1660 [ 72.186415][ T8453] genl_family_rcv_msg_doit+0x228/0x320 [ 72.192485][ T8453] genl_rcv_msg+0x328/0x580 [ 72.197498][ T8453] netlink_rcv_skb+0x153/0x420 [ 72.202778][ T8453] genl_rcv+0x24/0x40 [ 72.207263][ T8453] netlink_unicast+0x533/0x7d0 [ 72.212541][ T8453] netlink_sendmsg+0x85b/0xda0 [ 72.217809][ T8453] sock_sendmsg+0xcf/0x120 [ 72.222744][ T8453] ____sys_sendmsg+0x6e8/0x810 [ 72.228013][ T8453] ___sys_sendmsg+0xf3/0x170 [ 72.233126][ T8453] __sys_sendmsg+0xe5/0x1b0 [ 72.238148][ T8453] do_syscall_64+0x35/0xb0 [ 72.243090][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.249516][ T8453] [ 72.249516][ T8453] other info that might help us debug this: [ 72.249516][ T8453] [ 72.259728][ T8453] Possible unsafe locking scenario: [ 72.259728][ T8453] [ 72.267160][ T8453] CPU0 CPU1 [ 72.272511][ T8453] ---- ---- [ 72.277855][ T8453] lock(nbd_index_mutex); [ 72.282272][ T8453] lock(&disk->open_mutex); [ 72.289371][ T8453] lock(nbd_index_mutex); [ 72.296287][ T8453] lock(&disk->open_mutex); [ 72.300868][ T8453] [ 72.300868][ T8453] *** DEADLOCK *** [ 72.300868][ T8453] [ 72.309005][ T8453] 3 locks held by syz-executor385/8453: [ 72.314531][ T8453] #0: ffffffff8d94a490 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 72.322708][ T8453] #1: ffffffff8d94a548 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 [ 72.331668][ T8453] #2: ffffffff8cc7cb68 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 72.342288][ T8453] [ 72.342288][ T8453] stack backtrace: [ 72.348170][ T8453] CPU: 0 PID: 8453 Comm: syz-executor385 Not tainted 5.13.0-syzkaller #0 [ 72.356576][ T8453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.366714][ T8453] Call Trace: [ 72.369978][ T8453] dump_stack_lvl+0xcd/0x134 [ 72.374569][ T8453] check_noncircular+0x25f/0x2e0 [ 72.379495][ T8453] ? print_circular_bug+0x1e0/0x1e0 [ 72.384677][ T8453] ? kmem_cache_free+0x8e/0x5a0 [ 72.389512][ T8453] ? lockdep_lock+0xc6/0x200 [ 72.394086][ T8453] ? call_rcu_zapped+0xb0/0xb0 [ 72.398835][ T8453] __lock_acquire+0x2a07/0x54a0 [ 72.403674][ T8453] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.409657][ T8453] ? mark_held_locks+0x9f/0xe0 [ 72.414412][ T8453] lock_acquire+0x1ab/0x510 [ 72.418896][ T8453] ? del_gendisk+0x8b/0x770 [ 72.423381][ T8453] ? lock_release+0x720/0x720 [ 72.428141][ T8453] ? lockdep_hardirqs_on+0x79/0x100 [ 72.433334][ T8453] __mutex_lock+0x12a/0x10a0 [ 72.437907][ T8453] ? del_gendisk+0x8b/0x770 [ 72.442394][ T8453] ? lock_downgrade+0x6e0/0x6e0 [ 72.447236][ T8453] ? del_gendisk+0x8b/0x770 [ 72.451724][ T8453] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.457965][ T8453] ? mutex_lock_io_nested+0xf00/0xf00 [ 72.463333][ T8453] ? kobj_kset_leave+0x12/0x200 [ 72.468168][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.474406][ T8453] ? kobject_put+0xb9/0x540 [ 72.478905][ T8453] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 72.484622][ T8453] ? kfree_const+0x35/0x60 [ 72.489035][ T8453] del_gendisk+0x8b/0x770 [ 72.493360][ T8453] ? nbd_config_put+0x5e8/0x8e0 [ 72.498191][ T8453] nbd_put.part.0+0x82/0x160 [ 72.502866][ T8453] nbd_genl_connect+0x1214/0x1660 [ 72.507873][ T8453] ? nbd_start_device+0xd50/0xd50 [ 72.512891][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.519125][ T8453] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 72.526481][ T8453] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 72.533753][ T8453] genl_family_rcv_msg_doit+0x228/0x320 [ 72.539298][ T8453] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 72.546660][ T8453] ? genl_op_from_small+0x23/0x3c0 [ 72.551765][ T8453] ? genl_get_cmd+0x3cf/0x480 [ 72.556429][ T8453] genl_rcv_msg+0x328/0x580 [ 72.560915][ T8453] ? genl_get_cmd+0x480/0x480 [ 72.565594][ T8453] ? nbd_start_device+0xd50/0xd50 [ 72.570603][ T8453] ? lock_release+0x720/0x720 [ 72.575264][ T8453] netlink_rcv_skb+0x153/0x420 [ 72.580103][ T8453] ? genl_get_cmd+0x480/0x480 [ 72.584780][ T8453] ? netlink_ack+0xa60/0xa60 [ 72.589365][ T8453] genl_rcv+0x24/0x40 [ 72.593329][ T8453] netlink_unicast+0x533/0x7d0 [ 72.598077][ T8453] ? netlink_attachskb+0x890/0x890 [ 72.603169][ T8453] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.609407][ T8453] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.615630][ T8453] ? __phys_addr_symbol+0x2c/0x70 [ 72.620641][ T8453] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 72.626345][ T8453] ? __check_object_size+0x16e/0x3f0 [ 72.631612][ T8453] netlink_sendmsg+0x85b/0xda0 [ 72.636369][ T8453] ? netlink_unicast+0x7d0/0x7d0 [ 72.641289][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.647511][ T8453] ? netlink_unicast+0x7d0/0x7d0 [ 72.652440][ T8453] sock_sendmsg+0xcf/0x120 [ 72.656839][ T8453] ____sys_sendmsg+0x6e8/0x810 [ 72.661587][ T8453] ? kernel_sendmsg+0x50/0x50 [ 72.666246][ T8453] ? do_recvmmsg+0x6d0/0x6d0 [ 72.670815][ T8453] ? lock_chain_count+0x20/0x20 [ 72.675656][ T8453] ? netlink_recvmsg+0x826/0xeb0 [ 72.680581][ T8453] ___sys_sendmsg+0xf3/0x170 [ 72.685153][ T8453] ? sendmsg_copy_msghdr+0x160/0x160 [ 72.690421][ T8453] ? __lock_acquire+0x162f/0x54a0 [ 72.695436][ T8453] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.701407][ T8453] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.707373][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.713604][ T8453] ? __fget_light+0x215/0x280 [ 72.718263][ T8453] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.724490][ T8453] __sys_sendmsg+0xe5/0x1b0 [ 72.728992][ T8453] ? __sys_sendmsg_sock+0x30/0x30 [ 72.734000][ T8453] ? syscall_enter_from_user_mode+0x21/0x70 [ 72.739884][ T8453] do_syscall_64+0x35/0xb0 [ 72.744418][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.750334][ T8453] RIP: 0033:0x43fa89 [ 72.754209][ T8453] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.773794][ T8453] RSP: 002b:00007fffa3b11d18 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 72.782187][ T8453] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fa89 [ 72.790141][ T8453] RDX: 0000000000000000 RSI: 0000000020001880 RDI: 0000000000000004 [ 72.798115][ T8453] RBP: 00000000004034f0 R08: 0000000000000004 R09: 00000000004004a0 [ 72.806086][ T8453] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000403580 [ 72.814046][ T8453] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 72.835281][ T8453] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 72.847101][ T8453] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 72.855697][ T8453] CPU: 1 PID: 8453 Comm: syz-executor385 Not tainted 5.13.0-syzkaller #0 [ 72.864115][ T8453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.874171][ T8453] RIP: 0010:blk_mq_run_hw_queues+0x32b/0x4a0 [ 72.880171][ T8453] Code: ea 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 8b 45 00 89 db 48 8d 1c 98 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed [ 72.899794][ T8453] RSP: 0018:ffffc9000169f3b0 EFLAGS: 00010247 [ 72.905844][ T8453] RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 72.913808][ T8453] RDX: 0000000000000000 RSI: ffffffff83be8009 RDI: ffff8881460cb4c0 [ 72.921773][ T8453] RBP: ffff88801f426000 R08: 0000000000000000 R09: ffff8881460cb437 [ 72.929741][ T8453] R10: ffffffff83be7e41 R11: 0000000000000000 R12: ffff8881460caaf0 [ 72.937692][ T8453] R13: ffff8881460d5f00 R14: ffff8880168c3808 R15: 0000000000000001 [ 72.945646][ T8453] FS: 00000000008a3300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 72.954558][ T8453] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.961123][ T8453] CR2: 00005564442c0928 CR3: 0000000036ecc000 CR4: 00000000001506e0 [ 72.969076][ T8453] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.977027][ T8453] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.985068][ T8453] Call Trace: [ 72.988343][ T8453] blk_freeze_queue_start+0xc4/0xe0 [ 72.993527][ T8453] blk_set_queue_dying+0x24/0x80 [ 72.998447][ T8453] blk_cleanup_queue+0x7b/0x1e0 [ 73.003277][ T8453] blk_cleanup_disk+0x33/0x80 [ 73.007935][ T8453] nbd_put.part.0+0x92/0x160 [ 73.012526][ T8453] nbd_genl_connect+0x1214/0x1660 [ 73.017530][ T8453] ? nbd_start_device+0xd50/0xd50 [ 73.022548][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.028771][ T8453] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 73.036126][ T8453] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 73.043408][ T8453] genl_family_rcv_msg_doit+0x228/0x320 [ 73.048935][ T8453] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 73.056302][ T8453] ? genl_op_from_small+0x23/0x3c0 [ 73.061393][ T8453] ? genl_get_cmd+0x3cf/0x480 [ 73.066069][ T8453] genl_rcv_msg+0x328/0x580 [ 73.070557][ T8453] ? genl_get_cmd+0x480/0x480 [ 73.075220][ T8453] ? nbd_start_device+0xd50/0xd50 [ 73.080246][ T8453] ? lock_release+0x720/0x720 [ 73.084909][ T8453] netlink_rcv_skb+0x153/0x420 [ 73.089679][ T8453] ? genl_get_cmd+0x480/0x480 [ 73.094361][ T8453] ? netlink_ack+0xa60/0xa60 [ 73.098934][ T8453] genl_rcv+0x24/0x40 [ 73.102899][ T8453] netlink_unicast+0x533/0x7d0 [ 73.107658][ T8453] ? netlink_attachskb+0x890/0x890 [ 73.112763][ T8453] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 73.118983][ T8453] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 73.125203][ T8453] ? __phys_addr_symbol+0x2c/0x70 [ 73.130208][ T8453] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 73.135908][ T8453] ? __check_object_size+0x16e/0x3f0 [ 73.141174][ T8453] netlink_sendmsg+0x85b/0xda0 [ 73.145919][ T8453] ? netlink_unicast+0x7d0/0x7d0 [ 73.150866][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.157087][ T8453] ? netlink_unicast+0x7d0/0x7d0 [ 73.162006][ T8453] sock_sendmsg+0xcf/0x120 [ 73.166406][ T8453] ____sys_sendmsg+0x6e8/0x810 [ 73.171171][ T8453] ? kernel_sendmsg+0x50/0x50 [ 73.175829][ T8453] ? do_recvmmsg+0x6d0/0x6d0 [ 73.180402][ T8453] ? lock_chain_count+0x20/0x20 [ 73.185231][ T8453] ? netlink_recvmsg+0x826/0xeb0 [ 73.190165][ T8453] ___sys_sendmsg+0xf3/0x170 [ 73.194749][ T8453] ? sendmsg_copy_msghdr+0x160/0x160 [ 73.200013][ T8453] ? __lock_acquire+0x162f/0x54a0 [ 73.205027][ T8453] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 73.210988][ T8453] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 73.216949][ T8453] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.223169][ T8453] ? __fget_light+0x215/0x280 [ 73.227915][ T8453] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 73.234134][ T8453] __sys_sendmsg+0xe5/0x1b0 [ 73.238618][ T8453] ? __sys_sendmsg_sock+0x30/0x30 [ 73.243625][ T8453] ? syscall_enter_from_user_mode+0x21/0x70 [ 73.249505][ T8453] do_syscall_64+0x35/0xb0 [ 73.253902][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.259794][ T8453] RIP: 0033:0x43fa89 [ 73.263682][ T8453] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 73.283282][ T8453] RSP: 002b:00007fffa3b11d18 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 73.291773][ T8453] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fa89 [ 73.299739][ T8453] RDX: 0000000000000000 RSI: 0000000020001880 RDI: 0000000000000004 [ 73.307691][ T8453] RBP: 00000000004034f0 R08: 0000000000000004 R09: 00000000004004a0 [ 73.315649][ T8453] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000403580 [ 73.323606][ T8453] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 73.331579][ T8453] Modules linked in: [ 73.336499][ T8453] ---[ end trace 5901d46f06584e8e ]--- [ 73.342795][ T8453] RIP: 0010:blk_mq_run_hw_queues+0x32b/0x4a0 [ 73.348965][ T8453] Code: ea 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 8b 45 00 89 db 48 8d 1c 98 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed [ 73.369249][ T8453] RSP: 0018:ffffc9000169f3b0 EFLAGS: 00010247 [ 73.375379][ T8453] RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 73.383616][ T8453] RDX: 0000000000000000 RSI: ffffffff83be8009 RDI: ffff8881460cb4c0 [ 73.391700][ T8453] RBP: ffff88801f426000 R08: 0000000000000000 R09: ffff8881460cb437 [ 73.400006][ T8453] R10: ffffffff83be7e41 R11: 0000000000000000 R12: ffff8881460caaf0 [ 73.408020][ T8453] R13: ffff8881460d5f00 R14: ffff8880168c3808 R15: 0000000000000001 [ 73.416044][ T8453] FS: 00000000008a3300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 73.425048][ T8453] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.431633][ T8453] CR2: 00007ff95803e0a8 CR3: 0000000036ecc000 CR4: 00000000001506e0 [ 73.439633][ T8453] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.447690][ T8453] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.455721][ T8453] Kernel panic - not syncing: Fatal exception [ 73.462669][ T8453] Kernel Offset: disabled [ 73.466985][ T8453] Rebooting in 86400 seconds..