[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.15' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.487182][ T8426] netlink: 4 bytes leftover after parsing attributes in process `syz-executor191'. [ 55.497806][ T8426] netlink: 4 bytes leftover after parsing attributes in process `syz-executor191'. [ 55.508331][ T8426] netlink: 4 bytes leftover after parsing attributes in process `syz-executor191'. [ 55.518023][ T8426] netlink: 4 bytes leftover after parsing attributes in process `syz-executor191'. [ 55.527920][ T8426] netlink: 4 bytes leftover after parsing attributes in process `syz-executor191'. [ 55.537570][ T8426] netlink: 4 bytes leftover after parsing attributes in process `syz-executor191'. [ 55.565434][ T8426] [ 55.567853][ T8426] ====================================================== [ 55.574846][ T8426] WARNING: possible circular locking dependency detected [ 55.581843][ T8426] 5.14.0-rc7-syzkaller #0 Not tainted [ 55.587190][ T8426] ------------------------------------------------------ [ 55.594180][ T8426] syz-executor191/8426 is trying to acquire lock: [ 55.600565][ T8426] ffff88801e634518 (&disk->open_mutex){+.+.}-{3:3}, at: del_gendisk+0x8b/0x770 [ 55.609526][ T8426] [ 55.609526][ T8426] but task is already holding lock: [ 55.616950][ T8426] ffffffff8c4899c8 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 55.627106][ T8426] [ 55.627106][ T8426] which lock already depends on the new lock. [ 55.627106][ T8426] [ 55.637480][ T8426] [ 55.637480][ T8426] the existing dependency chain (in reverse order) is: [ 55.647079][ T8426] [ 55.647079][ T8426] -> #1 (nbd_index_mutex){+.+.}-{3:3}: [ 55.654785][ T8426] __mutex_lock+0x12a/0x10a0 [ 55.660063][ T8426] nbd_open+0x7d/0x8a0 [ 55.664636][ T8426] blkdev_get_whole+0xa1/0x420 [ 55.669905][ T8426] blkdev_get_by_dev.part.0+0x30c/0xdd0 [ 55.675951][ T8426] blkdev_open+0x295/0x300 [ 55.681038][ T8426] do_dentry_open+0x4c8/0x11d0 [ 55.686304][ T8426] path_openat+0x1c23/0x27f0 [ 55.691392][ T8426] do_filp_open+0x1aa/0x400 [ 55.696395][ T8426] do_sys_openat2+0x16d/0x420 [ 55.701572][ T8426] __x64_sys_open+0x119/0x1c0 [ 55.706749][ T8426] do_syscall_64+0x35/0xb0 [ 55.711842][ T8426] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 55.718237][ T8426] [ 55.718237][ T8426] -> #0 (&disk->open_mutex){+.+.}-{3:3}: [ 55.726116][ T8426] __lock_acquire+0x2a07/0x54a0 [ 55.731554][ T8426] lock_acquire+0x1ab/0x510 [ 55.736557][ T8426] __mutex_lock+0x12a/0x10a0 [ 55.741648][ T8426] del_gendisk+0x8b/0x770 [ 55.746480][ T8426] nbd_put.part.0+0x82/0x160 [ 55.751574][ T8426] nbd_genl_connect+0x1383/0x1820 [ 55.757533][ T8426] genl_family_rcv_msg_doit+0x228/0x320 [ 55.763844][ T8426] genl_rcv_msg+0x328/0x580 [ 55.768851][ T8426] netlink_rcv_skb+0x153/0x420 [ 55.774117][ T8426] genl_rcv+0x24/0x40 [ 55.778599][ T8426] netlink_unicast+0x533/0x7d0 [ 55.783898][ T8426] netlink_sendmsg+0x86d/0xdb0 [ 55.789162][ T8426] sock_sendmsg+0xcf/0x120 [ 55.794078][ T8426] ____sys_sendmsg+0x6e8/0x810 [ 55.799343][ T8426] ___sys_sendmsg+0xf3/0x170 [ 55.804480][ T8426] __sys_sendmsg+0xe5/0x1b0 [ 55.809661][ T8426] do_syscall_64+0x35/0xb0 [ 55.814580][ T8426] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 55.820976][ T8426] [ 55.820976][ T8426] other info that might help us debug this: [ 55.820976][ T8426] [ 55.831438][ T8426] Possible unsafe locking scenario: [ 55.831438][ T8426] [ 55.839381][ T8426] CPU0 CPU1 [ 55.844722][ T8426] ---- ---- [ 55.850061][ T8426] lock(nbd_index_mutex); [ 55.854454][ T8426] lock(&disk->open_mutex); [ 55.861543][ T8426] lock(nbd_index_mutex); [ 55.868626][ T8426] lock(&disk->open_mutex); [ 55.873193][ T8426] [ 55.873193][ T8426] *** DEADLOCK *** [ 55.873193][ T8426] [ 55.882180][ T8426] 3 locks held by syz-executor191/8426: [ 55.887876][ T8426] #0: ffffffff8d160150 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 55.896039][ T8426] #1: ffffffff8d160208 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 [ 55.904983][ T8426] #2: ffffffff8c4899c8 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 55.915590][ T8426] [ 55.915590][ T8426] stack backtrace: [ 55.921471][ T8426] CPU: 1 PID: 8426 Comm: syz-executor191 Not tainted 5.14.0-rc7-syzkaller #0 [ 55.930210][ T8426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.940243][ T8426] Call Trace: [ 55.943850][ T8426] dump_stack_lvl+0xcd/0x134 [ 55.948433][ T8426] check_noncircular+0x25f/0x2e0 [ 55.953362][ T8426] ? print_circular_bug+0x1e0/0x1e0 [ 55.958541][ T8426] ? kmem_cache_free+0x8a/0x5b0 [ 55.963374][ T8426] ? lockdep_lock+0xc6/0x200 [ 55.967951][ T8426] ? call_rcu_zapped+0xb0/0xb0 [ 55.972702][ T8426] ? __kobject_del+0xea/0x200 [ 55.977369][ T8426] __lock_acquire+0x2a07/0x54a0 [ 55.982204][ T8426] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 55.988172][ T8426] lock_acquire+0x1ab/0x510 [ 55.992658][ T8426] ? del_gendisk+0x8b/0x770 [ 55.997145][ T8426] ? lock_release+0x720/0x720 [ 56.001805][ T8426] ? lockdep_hardirqs_on+0x79/0x100 [ 56.006992][ T8426] __mutex_lock+0x12a/0x10a0 [ 56.011656][ T8426] ? del_gendisk+0x8b/0x770 [ 56.016142][ T8426] ? lock_downgrade+0x6e0/0x6e0 [ 56.020979][ T8426] ? del_gendisk+0x8b/0x770 [ 56.025479][ T8426] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 56.031703][ T8426] ? mutex_lock_io_nested+0xf00/0xf00 [ 56.037059][ T8426] ? kobj_kset_leave+0x12/0x200 [ 56.041892][ T8426] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 56.048117][ T8426] ? kobject_put+0xb9/0x540 [ 56.052600][ T8426] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 56.058301][ T8426] ? kfree_const+0x35/0x60 [ 56.062700][ T8426] del_gendisk+0x8b/0x770 [ 56.067017][ T8426] ? nbd_config_put+0x61b/0xa00 [ 56.071853][ T8426] nbd_put.part.0+0x82/0x160 [ 56.076427][ T8426] nbd_genl_connect+0x1383/0x1820 [ 56.081434][ T8426] ? nbd_start_device+0xd50/0xd50 [ 56.086444][ T8426] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 56.092666][ T8426] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 56.100026][ T8426] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 56.107298][ T8426] genl_family_rcv_msg_doit+0x228/0x320 [ 56.112829][ T8426] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 56.120185][ T8426] ? genl_op_from_small+0x23/0x3c0 [ 56.125279][ T8426] ? genl_get_cmd+0x3cf/0x480 [ 56.129941][ T8426] genl_rcv_msg+0x328/0x580 [ 56.134437][ T8426] ? genl_get_cmd+0x480/0x480 [ 56.139445][ T8426] ? nbd_start_device+0xd50/0xd50 [ 56.144714][ T8426] ? lock_release+0x720/0x720 [ 56.149377][ T8426] netlink_rcv_skb+0x153/0x420 [ 56.154124][ T8426] ? genl_get_cmd+0x480/0x480 [ 56.158785][ T8426] ? netlink_ack+0xa60/0xa60 [ 56.163793][ T8426] ? _copy_from_iter+0x12b/0x1320 [ 56.168805][ T8426] genl_rcv+0x24/0x40 [ 56.172773][ T8426] netlink_unicast+0x533/0x7d0 [ 56.177520][ T8426] ? netlink_attachskb+0x890/0x890 [ 56.182615][ T8426] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 56.188839][ T8426] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 56.195235][ T8426] ? __phys_addr_symbol+0x2c/0x70 [ 56.200242][ T8426] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 56.205944][ T8426] ? __check_object_size+0x16e/0x3f0 [ 56.211216][ T8426] netlink_sendmsg+0x86d/0xdb0 [ 56.215964][ T8426] ? netlink_unicast+0x7d0/0x7d0 [ 56.221415][ T8426] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 56.228653][ T8426] ? netlink_unicast+0x7d0/0x7d0 [ 56.233746][ T8426] sock_sendmsg+0xcf/0x120 [ 56.238623][ T8426] ____sys_sendmsg+0x6e8/0x810 [ 56.243550][ T8426] ? kernel_sendmsg+0x50/0x50 [ 56.248213][ T8426] ? do_recvmmsg+0x6d0/0x6d0 [ 56.252874][ T8426] ? lock_chain_count+0x20/0x20 [ 56.257704][ T8426] ? netlink_recvmsg+0x826/0xea0 [ 56.262627][ T8426] ___sys_sendmsg+0xf3/0x170 [ 56.267200][ T8426] ? sendmsg_copy_msghdr+0x160/0x160 [ 56.272466][ T8426] ? __lock_acquire+0x162f/0x54a0 [ 56.277476][ T8426] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 56.283436][ T8426] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 56.289398][ T8426] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 56.295622][ T8426] ? __fget_light+0x215/0x280 [ 56.300283][ T8426] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 56.306508][ T8426] __sys_sendmsg+0xe5/0x1b0 [ 56.310994][ T8426] ? __sys_sendmsg_sock+0x30/0x30 [ 56.316004][ T8426] ? syscall_enter_from_user_mode+0x21/0x70 [ 56.321885][ T8426] do_syscall_64+0x35/0xb0 [ 56.326283][ T8426] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.332158][ T8426] RIP: 0033:0x440019 [ 56.336032][ T8426] Code: 35 01 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 56.355620][ T8426] RSP: 002b:00007ffe55976f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.364015][ T8426] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000440019 [ 56.372052][ T8426] RDX: 0000000002000800 RSI: 0000000020002580 RDI: 0000000000000003 [ 56.380002][ T8426] RBP: 0000000000000008 R08: 0000000000000002 R09: 00007ffe55976f30 [ 56.387953][ T8426] R10: 000000000000000c R11: 0000000000000246 R12: 0000000000000001 [ 56.395909][ T8426] R13: 0000000000000008 R14: 0000000000000001 R15: 0000000000000008