[[0;32m  OK  [0m] Started Getty on tty6.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.126' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   57.681588][ T8437] md: md1 stopped.
[   57.709076][   T27] 
[   57.711446][   T27] ======================================================
[   57.718707][   T27] WARNING: possible circular locking dependency detected
[   57.726479][   T27] 5.13.0-rc6-syzkaller #0 Not tainted
[   57.732599][   T27] ------------------------------------------------------
[   57.739858][   T27] kworker/1:1/27 is trying to acquire lock:
[   57.745727][   T27] ffff88801e8717a0 (&bdev->bd_mutex){+.+.}-{3:3}, at: del_gendisk+0x24b/0xa00
[   57.754613][   T27] 
[   57.754613][   T27] but task is already holding lock:
[   57.761954][   T27] ffffc90000e1fda8 ((work_completion)(&mddev->del_work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600
[   57.773087][   T27] 
[   57.773087][   T27] which lock already depends on the new lock.
[   57.773087][   T27] 
[   57.783563][   T27] 
[   57.783563][   T27] the existing dependency chain (in reverse order) is:
[   57.792569][   T27] 
[   57.792569][   T27] -> #4 ((work_completion)(&mddev->del_work)){+.+.}-{0:0}:
[   57.801937][   T27]        process_one_work+0x8fc/0x1600
[   57.807644][   T27]        worker_thread+0x64c/0x1120
[   57.813015][   T27]        kthread+0x3b1/0x4a0
[   57.817588][   T27]        ret_from_fork+0x1f/0x30
[   57.822508][   T27] 
[   57.822508][   T27] -> #3 ((wq_completion)md_misc){+.+.}-{0:0}:
[   57.830735][   T27]        flush_workqueue+0x110/0x13e0
[   57.836439][   T27]        md_alloc+0x29/0x1170
[   57.841102][   T27]        md_probe+0x69/0x70
[   57.845597][   T27]        blk_request_module+0x111/0x1d0
[   57.851152][   T27]        blkdev_get_no_open+0x1d8/0x250
[   57.856765][   T27]        blkdev_get_by_dev+0x76/0x660
[   57.862115][   T27]        blkdev_open+0x154/0x2b0
[   57.867117][   T27]        do_dentry_open+0x4b9/0x11b0
[   57.872385][   T27]        path_openat+0x1c0e/0x27e0
[   57.877477][   T27]        do_filp_open+0x190/0x3d0
[   57.882480][   T27]        do_sys_openat2+0x16d/0x420
[   57.887651][   T27]        __x64_sys_openat+0x13f/0x1f0
[   57.893108][   T27]        do_syscall_64+0x3a/0xb0
[   57.898480][   T27]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[   57.904984][   T27] 
[   57.904984][   T27] -> #2 (major_names_lock){+.+.}-{3:3}:
[   57.912689][   T27]        __mutex_lock+0x139/0x10c0
[   57.917782][   T27]        __register_blkdev+0x2b/0x3e0
[   57.923134][   T27]        register_mtd_blktrans+0x85/0x3c0
[   57.928921][   T27]        do_one_initcall+0x103/0x650
[   57.934189][   T27]        kernel_init_freeable+0x6c4/0x74d
[   57.939977][   T27]        kernel_init+0xd/0x1b8
[   57.944735][   T27]        ret_from_fork+0x1f/0x30
[   57.949653][   T27] 
[   57.949653][   T27] -> #1 (mtd_table_mutex){+.+.}-{3:3}:
[   57.957288][   T27]        __mutex_lock+0x139/0x10c0
[   57.962382][   T27]        blktrans_open+0x69/0x600
[   57.967386][   T27]        __blkdev_get+0x182/0xa30
[   57.972397][   T27]        blkdev_get_by_dev+0x200/0x660
[   57.977834][   T27]        blkdev_open+0x154/0x2b0
[   57.982750][   T27]        do_dentry_open+0x4b9/0x11b0
[   57.988015][   T27]        path_openat+0x1c0e/0x27e0
[   57.993105][   T27]        do_filp_open+0x190/0x3d0
[   57.998111][   T27]        do_sys_openat2+0x16d/0x420
[   58.003285][   T27]        __x64_sys_open+0x119/0x1c0
[   58.008460][   T27]        do_syscall_64+0x3a/0xb0
[   58.013379][   T27]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[   58.019774][   T27] 
[   58.019774][   T27] -> #0 (&bdev->bd_mutex){+.+.}-{3:3}:
[   58.027394][   T27]        __lock_acquire+0x2a17/0x5230
[   58.033011][   T27]        lock_acquire+0x1ab/0x740
[   58.038015][   T27]        __mutex_lock+0x139/0x10c0
[   58.043107][   T27]        del_gendisk+0x24b/0xa00
[   58.048128][   T27]        md_free+0xcb/0x200
[   58.052610][   T27]        kobject_put+0x1c8/0x540
[   58.057524][   T27]        process_one_work+0x98d/0x1600
[   58.062962][   T27]        worker_thread+0x64c/0x1120
[   58.068138][   T27]        kthread+0x3b1/0x4a0
[   58.072702][   T27]        ret_from_fork+0x1f/0x30
[   58.077615][   T27] 
[   58.077615][   T27] other info that might help us debug this:
[   58.077615][   T27] 
[   58.087900][   T27] Chain exists of:
[   58.087900][   T27]   &bdev->bd_mutex --> (wq_completion)md_misc --> (work_completion)(&mddev->del_work)
[   58.087900][   T27] 
[   58.103250][   T27]  Possible unsafe locking scenario:
[   58.103250][   T27] 
[   58.110935][   T27]        CPU0                    CPU1
[   58.116275][   T27]        ----                    ----
[   58.121614][   T27]   lock((work_completion)(&mddev->del_work));
[   58.127916][   T27]                                lock((wq_completion)md_misc);
[   58.135523][   T27]                                lock((work_completion)(&mddev->del_work));
[   58.144170][   T27]   lock(&bdev->bd_mutex);
[   58.148561][   T27] 
[   58.148561][   T27]  *** DEADLOCK ***
[   58.148561][   T27] 
[   58.156850][   T27] 2 locks held by kworker/1:1/27:
[   58.161843][   T27]  #0: ffff88801961d138 ((wq_completion)md_misc){+.+.}-{0:0}, at: process_one_work+0x871/0x1600
[   58.172280][   T27]  #1: ffffc90000e1fda8 ((work_completion)(&mddev->del_work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600
[   58.183824][   T27] 
[   58.183824][   T27] stack backtrace:
[   58.189699][   T27] CPU: 1 PID: 27 Comm: kworker/1:1 Not tainted 5.13.0-rc6-syzkaller #0
[   58.197915][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.207951][   T27] Workqueue: md_misc mddev_delayed_delete
[   58.213657][   T27] Call Trace:
[   58.216915][   T27]  dump_stack+0x141/0x1d7
[   58.221226][   T27]  check_noncircular+0x25f/0x2e0
[   58.226149][   T27]  ? print_circular_bug+0x1e0/0x1e0
[   58.231329][   T27]  ? lockdep_lock+0xc6/0x200
[   58.235899][   T27]  ? call_rcu_zapped+0xb0/0xb0
[   58.240660][   T27]  ? mark_held_locks+0x9f/0xe0
[   58.245460][   T27]  __lock_acquire+0x2a17/0x5230
[   58.250298][   T27]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   58.256278][   T27]  lock_acquire+0x1ab/0x740
[   58.260764][   T27]  ? del_gendisk+0x24b/0xa00
[   58.265336][   T27]  ? lock_release+0x720/0x720
[   58.270185][   T27]  ? find_held_lock+0x2d/0x110
[   58.275195][   T27]  __mutex_lock+0x139/0x10c0
[   58.279783][   T27]  ? del_gendisk+0x24b/0xa00
[   58.284356][   T27]  ? mutex_lock_io_nested+0xf20/0xf20
[   58.289712][   T27]  ? del_gendisk+0x24b/0xa00
[   58.294282][   T27]  ? __mutex_unlock_slowpath+0xe2/0x610
[   58.299809][   T27]  ? mutex_lock_io_nested+0xf20/0xf20
[   58.305166][   T27]  ? wait_for_completion_io+0x270/0x270
[   58.310695][   T27]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   58.316922][   T27]  ? kernfs_remove_by_name_ns+0x62/0xb0
[   58.322643][   T27]  ? sysfs_remove_files+0x87/0xf0
[   58.327649][   T27]  del_gendisk+0x24b/0xa00
[   58.332053][   T27]  md_free+0xcb/0x200
[   58.336017][   T27]  kobject_put+0x1c8/0x540
[   58.340413][   T27]  process_one_work+0x98d/0x1600
[   58.345335][   T27]  ? pwq_dec_nr_in_flight+0x320/0x320
[   58.350690][   T27]  ? rwlock_bug.part.0+0x90/0x90
[   58.355708][   T27]  ? _raw_spin_lock_irq+0x41/0x50
[   58.360716][