Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.989635][ T8447] [ 69.991996][ T8447] ====================================================== [ 69.999044][ T8447] WARNING: possible circular locking dependency detected [ 70.006287][ T8447] 5.13.0-rc2-next-20210518-syzkaller #0 Not tainted [ 70.012862][ T8447] ------------------------------------------------------ [ 70.020206][ T8447] syz-executor143/8447 is trying to acquire lock: [ 70.026594][ T8447] ffff88801aab2320 (&bdev->bd_mutex){+.+.}-{3:3}, at: del_gendisk+0x250/0x9e0 [ 70.035471][ T8447] [ 70.035471][ T8447] but task is already holding lock: [ 70.042811][ T8447] ffffffff8c9e4c70 (bdev_lookup_sem){++++}-{3:3}, at: del_gendisk+0x222/0x9e0 [ 70.051663][ T8447] [ 70.051663][ T8447] which lock already depends on the new lock. [ 70.051663][ T8447] [ 70.062052][ T8447] [ 70.062052][ T8447] the existing dependency chain (in reverse order) is: [ 70.071042][ T8447] [ 70.071042][ T8447] -> #2 (bdev_lookup_sem){++++}-{3:3}: [ 70.078679][ T8447] down_write+0x92/0x150 [ 70.083463][ T8447] del_gendisk+0x222/0x9e0 [ 70.088479][ T8447] loop_control_ioctl+0x40d/0x4f0 [ 70.094026][ T8447] __x64_sys_ioctl+0x193/0x200 [ 70.099310][ T8447] do_syscall_64+0x31/0xb0 [ 70.104246][ T8447] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.110642][ T8447] [ 70.110642][ T8447] -> #1 (loop_ctl_mutex){+.+.}-{3:3}: [ 70.118275][ T8447] __mutex_lock+0x139/0x1120 [ 70.123387][ T8447] lo_open+0x1a/0x130 [ 70.127870][ T8447] __blkdev_get+0x135/0xa30 [ 70.132876][ T8447] blkdev_get_by_dev+0x200/0x660 [ 70.138317][ T8447] blkdev_open+0x154/0x2b0 [ 70.143231][ T8447] do_dentry_open+0x4b9/0x11c0 [ 70.148506][ T8447] path_openat+0x1c09/0x27d0 [ 70.153597][ T8447] do_filp_open+0x190/0x3d0 [ 70.158597][ T8447] do_sys_openat2+0x16d/0x420 [ 70.163775][ T8447] __x64_sys_open+0x119/0x1c0 [ 70.168952][ T8447] do_syscall_64+0x31/0xb0 [ 70.173868][ T8447] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.180264][ T8447] [ 70.180264][ T8447] -> #0 (&bdev->bd_mutex){+.+.}-{3:3}: [ 70.187890][ T8447] __lock_acquire+0x2a17/0x5230 [ 70.193237][ T8447] lock_acquire+0x1ab/0x740 [ 70.198243][ T8447] __mutex_lock+0x139/0x1120 [ 70.203360][ T8447] del_gendisk+0x250/0x9e0 [ 70.208313][ T8447] loop_control_ioctl+0x40d/0x4f0 [ 70.213869][ T8447] __x64_sys_ioctl+0x193/0x200 [ 70.219163][ T8447] do_syscall_64+0x31/0xb0 [ 70.224104][ T8447] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.230533][ T8447] [ 70.230533][ T8447] other info that might help us debug this: [ 70.230533][ T8447] [ 70.240756][ T8447] Chain exists of: [ 70.240756][ T8447] &bdev->bd_mutex --> loop_ctl_mutex --> bdev_lookup_sem [ 70.240756][ T8447] [ 70.253705][ T8447] Possible unsafe locking scenario: [ 70.253705][ T8447] [ 70.261158][ T8447] CPU0 CPU1 [ 70.266518][ T8447] ---- ---- [ 70.271861][ T8447] lock(bdev_lookup_sem); [ 70.276280][ T8447] lock(loop_ctl_mutex); [ 70.283103][ T8447] lock(bdev_lookup_sem); [ 70.290012][ T8447] lock(&bdev->bd_mutex); [ 70.294400][ T8447] [ 70.294400][ T8447] *** DEADLOCK *** [ 70.294400][ T8447] [ 70.302531][ T8447] 2 locks held by syz-executor143/8447: [ 70.308050][ T8447] #0: ffffffff8cc73448 (loop_ctl_mutex){+.+.}-{3:3}, at: loop_control_ioctl+0x7b/0x4f0 [ 70.317773][ T8447] #1: ffffffff8c9e4c70 (bdev_lookup_sem){++++}-{3:3}, at: del_gendisk+0x222/0x9e0 [ 70.327058][ T8447] [ 70.327058][ T8447] stack backtrace: [ 70.332921][ T8447] CPU: 1 PID: 8447 Comm: syz-executor143 Not tainted 5.13.0-rc2-next-20210518-syzkaller #0 [ 70.342870][ T8447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.352997][ T8447] Call Trace: [ 70.356272][ T8447] dump_stack_lvl+0x13e/0x1d6 [ 70.360935][ T8447] check_noncircular+0x25f/0x2e0 [ 70.365866][ T8447] ? kernel_text_address+0xbd/0xf0 [ 70.370958][ T8447] ? print_circular_bug+0x1e0/0x1e0 [ 70.376149][ T8447] ? create_prof_cpu_mask+0x20/0x20 [ 70.381345][ T8447] ? arch_stack_walk+0x93/0xe0 [ 70.386107][ T8447] ? lockdep_lock+0xc6/0x200 [ 70.390707][ T8447] ? call_rcu_zapped+0xb0/0xb0 [ 70.395463][ T8447] __lock_acquire+0x2a17/0x5230 [ 70.400360][ T8447] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 70.406531][ T8447] lock_acquire+0x1ab/0x740 [ 70.411125][ T8447] ? del_gendisk+0x250/0x9e0 [ 70.415917][ T8447] ? lock_release+0x720/0x720 [ 70.420594][ T8447] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 70.426568][ T8447] __mutex_lock+0x139/0x1120 [ 70.431147][ T8447] ? del_gendisk+0x250/0x9e0 [ 70.435725][ T8447] ? del_gendisk+0x250/0x9e0 [ 70.440412][ T8447] ? mutex_lock_io_nested+0xf70/0xf70 [ 70.445768][ T8447] ? down_write+0xe0/0x150 [ 70.450178][ T8447] ? down_write_killable+0x170/0x170 [ 70.455455][ T8447] ? sysfs_remove_files+0x87/0xf0 [ 70.460490][ T8447] del_gendisk+0x250/0x9e0 [ 70.464897][ T8447] loop_control_ioctl+0x40d/0x4f0 [ 70.469914][ T8447] ? loop_lookup+0x1d0/0x1d0 [ 70.474491][ T8447] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 70.480718][ T8447] ? loop_lookup+0x1d0/0x1d0 [ 70.485300][ T8447] __x64_sys_ioctl+0x193/0x200 [ 70.490153][ T8447] do_syscall_64+0x31/0xb0 [ 70.494561][ T8447] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.500447][ T8447] RIP: 0033:0x43ee49 [ 70.504322][ T8447] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 70.523992][ T8447] RSP: 002b:00007fff317cf6d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.532386][ T8447] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043ee49 [ 70.540338][ T844