Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.215' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.936151] [ 27.938037] ====================================================== [ 27.944335] WARNING: possible circular locking dependency detected [ 27.950873] 4.14.234-syzkaller #0 Not tainted [ 27.955489] ------------------------------------------------------ [ 27.961799] syz-executor087/7991 is trying to acquire lock: [ 27.967483] (&bdev->bd_mutex){+.+.}, at: [] blkdev_reread_part+0x1b/0x40 [ 27.976074] [ 27.976074] but task is already holding lock: [ 27.982210] (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x11f/0xa80 [ 27.990250] [ 27.990250] which lock already depends on the new lock. [ 27.990250] [ 27.998543] [ 27.998543] the existing dependency chain (in reverse order) is: [ 28.006413] [ 28.006413] -> #2 (&nbd->config_lock){+.+.}: [ 28.012586] __mutex_lock+0xc4/0x1310 [ 28.017156] nbd_open+0x1b4/0x380 [ 28.021111] __blkdev_get+0x306/0x1090 [ 28.025499] blkdev_get+0x88/0x890 [ 28.029626] blkdev_open+0x1cc/0x250 [ 28.033842] do_dentry_open+0x44b/0xec0 [ 28.038315] vfs_open+0x105/0x220 [ 28.042283] path_openat+0x628/0x2970 [ 28.046687] do_filp_open+0x179/0x3c0 [ 28.051177] do_sys_open+0x296/0x410 [ 28.055918] do_syscall_64+0x1d5/0x640 [ 28.060301] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.066073] [ 28.066073] -> #1 (nbd_index_mutex){+.+.}: [ 28.071915] __mutex_lock+0xc4/0x1310 [ 28.076216] nbd_open+0x22/0x380 [ 28.080290] __blkdev_get+0x306/0x1090 [ 28.084792] blkdev_get+0x88/0x890 [ 28.088925] blkdev_open+0x1cc/0x250 [ 28.093327] do_dentry_open+0x44b/0xec0 [ 28.097800] vfs_open+0x105/0x220 [ 28.101755] path_openat+0x628/0x2970 [ 28.106238] do_filp_open+0x179/0x3c0 [ 28.110643] do_sys_open+0x296/0x410 [ 28.115321] do_syscall_64+0x1d5/0x640 [ 28.119871] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.125756] [ 28.125756] -> #0 (&bdev->bd_mutex){+.+.}: [ 28.131650] lock_acquire+0x170/0x3f0 [ 28.136015] __mutex_lock+0xc4/0x1310 [ 28.140456] blkdev_reread_part+0x1b/0x40 [ 28.145129] nbd_ioctl+0x7cb/0xa80 [ 28.149178] blkdev_ioctl+0x540/0x1830 [ 28.153600] block_ioctl+0xd9/0x120 [ 28.157950] do_vfs_ioctl+0x75a/0xff0 [ 28.162249] SyS_ioctl+0x7f/0xb0 [ 28.166151] do_syscall_64+0x1d5/0x640 [ 28.170729] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.176782] [ 28.176782] other info that might help us debug this: [ 28.176782] [ 28.184924] Chain exists of: [ 28.184924] &bdev->bd_mutex --> nbd_index_mutex --> &nbd->config_lock [ 28.184924] [ 28.196095] Possible unsafe locking scenario: [ 28.196095] [ 28.202143] CPU0 CPU1 [ 28.206789] ---- ---- [ 28.211518] lock(&nbd->config_lock); [ 28.215384] lock(nbd_index_mutex); [ 28.221592] lock(&nbd->config_lock); [ 28.227999] lock(&bdev->bd_mutex); [ 28.231688] [ 28.231688] *** DEADLOCK *** [ 28.231688] [ 28.237722] 1 lock held by syz-executor087/7991: [ 28.242448] #0: (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x11f/0xa80 [ 28.251026] [ 28.251026] stack backtrace: [ 28.255501] CPU: 0 PID: 7991 Comm: syz-executor087 Not tainted 4.14.234-syzkaller #0 [ 28.263356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.272859] Call Trace: [ 28.275440] dump_stack+0x1b2/0x281 [ 28.279047] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.284936] __lock_acquire+0x2e0e/0x3f20 [ 28.289182] ? trace_hardirqs_on+0x10/0x10 [ 28.293516] ? add_lock_to_list.constprop.0+0x17d/0x330 [ 28.299214] ? save_trace+0xd6/0x290 [ 28.303175] lock_acquire+0x170/0x3f0 [ 28.307059] ? blkdev_reread_part+0x1b/0x40 [ 28.311485] ? blkdev_reread_part+0x1b/0x40 [ 28.315794] __mutex_lock+0xc4/0x1310 [ 28.319662] ? blkdev_reread_part+0x1b/0x40 [ 28.323964] ? __mutex_lock+0x360/0x1310 [ 28.328119] ? __get_super.part.0+0xbb/0x390 [ 28.332772] ? blkdev_reread_part+0x1b/0x40 [ 28.337469] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 28.343105] ? lock_downgrade+0x740/0x740 [ 28.347328] ? nbd_ioctl+0x7b0/0xa80 [ 28.351250] ? lock_downgrade+0x740/0x740 [ 28.355389] blkdev_reread_part+0x1b/0x40 [ 28.359779] nbd_ioctl+0x7cb/0xa80 [ 28.363403] ? kasan_slab_free+0xc3/0x1a0 [ 28.367540] ? nbd_disconnect_and_put+0x140/0x140 [ 28.372763] ? do_syscall_64+0x1d5/0x640 [ 28.376801] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.382163] ? path_lookupat+0x780/0x780 [ 28.386291] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.391376] ? nbd_disconnect_and_put+0x140/0x140 [ 28.396567] blkdev_ioctl+0x540/0x1830 [ 28.400553] ? blkpg_ioctl+0x8d0/0x8d0 [ 28.404862] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 28.410574] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.415871] block_ioctl+0xd9/0x120 [ 28.419476] ? blkdev_fallocate+0x3a0/0x3a0 [ 28.423868] do_vfs_ioctl+0x75a/0xff0 [ 28.428166] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.433682] ? ioctl_preallocate+0x1a0/0x1a0 [ 28.438125] ? kmem_cache_free+0x23a/0x2b0 [ 28.442359] ? putname+0xcd/0x110 [ 28.445793] ? do_sys_open+0x208/0x410 [ 28.450272] ? filp_open+0x60/0x60 [ 28.453906] ? security_file_ioctl+0x83/0xb0 [ 28.458380] SyS_ioctl+0x7f/0xb0 [ 28.461740] ? do_vfs_ioctl+0xff0/0xff0 [ 28.466237] do_syscall_64+0x1d5/0x640 [ 28.470115] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.475282] RIP: 0033:0x443439 [ 28.478534] RSP: 002b:00007ffdd07483c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 28.486306] RAX: ffff