[ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.0' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.403075] [ 29.404918] ====================================================== [ 29.411374] WARNING: possible circular locking dependency detected [ 29.417904] 4.14.230-syzkaller #0 Not tainted [ 29.422465] ------------------------------------------------------ [ 29.428814] syz-executor814/7984 is trying to acquire lock: [ 29.434679] (&bdev->bd_mutex){+.+.}, at: [] blkdev_reread_part+0x1b/0x40 [ 29.443168] [ 29.443168] but task is already holding lock: [ 29.449166] (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x11f/0xa80 [ 29.457270] [ 29.457270] which lock already depends on the new lock. [ 29.457270] [ 29.465622] [ 29.465622] the existing dependency chain (in reverse order) is: [ 29.473404] [ 29.473404] -> #2 (&nbd->config_lock){+.+.}: [ 29.479287] __mutex_lock+0xc4/0x1310 [ 29.483861] nbd_open+0x1b4/0x380 [ 29.487936] __blkdev_get+0x306/0x1090 [ 29.492856] blkdev_get+0x88/0x890 [ 29.497249] blkdev_open+0x1cc/0x250 [ 29.501660] do_dentry_open+0x44b/0xec0 [ 29.506333] vfs_open+0x105/0x220 [ 29.510316] path_openat+0x628/0x2970 [ 29.515183] do_filp_open+0x179/0x3c0 [ 29.519496] do_sys_open+0x296/0x410 [ 29.524125] do_syscall_64+0x1d5/0x640 [ 29.528661] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.534359] [ 29.534359] -> #1 (nbd_index_mutex){+.+.}: [ 29.540124] __mutex_lock+0xc4/0x1310 [ 29.544669] nbd_open+0x22/0x380 [ 29.548550] __blkdev_get+0x306/0x1090 [ 29.553415] blkdev_get+0x88/0x890 [ 29.557818] blkdev_open+0x1cc/0x250 [ 29.562046] do_dentry_open+0x44b/0xec0 [ 29.566947] vfs_open+0x105/0x220 [ 29.571100] path_openat+0x628/0x2970 [ 29.575606] do_filp_open+0x179/0x3c0 [ 29.580050] do_sys_open+0x296/0x410 [ 29.584280] do_syscall_64+0x1d5/0x640 [ 29.588804] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.594593] [ 29.594593] -> #0 (&bdev->bd_mutex){+.+.}: [ 29.600518] lock_acquire+0x170/0x3f0 [ 29.605009] __mutex_lock+0xc4/0x1310 [ 29.609589] blkdev_reread_part+0x1b/0x40 [ 29.614315] nbd_ioctl+0x7cb/0xa80 [ 29.618524] blkdev_ioctl+0x540/0x1830 [ 29.623667] block_ioctl+0xd9/0x120 [ 29.628248] do_vfs_ioctl+0x75a/0xff0 [ 29.633346] SyS_ioctl+0x7f/0xb0 [ 29.638060] do_syscall_64+0x1d5/0x640 [ 29.643859] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.650459] [ 29.650459] other info that might help us debug this: [ 29.650459] [ 29.659550] Chain exists of: [ 29.659550] &bdev->bd_mutex --> nbd_index_mutex --> &nbd->config_lock [ 29.659550] [ 29.670806] Possible unsafe locking scenario: [ 29.670806] [ 29.676994] CPU0 CPU1 [ 29.681652] ---- ---- [ 29.686555] lock(&nbd->config_lock); [ 29.690563] lock(nbd_index_mutex); [ 29.697273] lock(&nbd->config_lock); [ 29.703668] lock(&bdev->bd_mutex); [ 29.707740] [ 29.707740] *** DEADLOCK *** [ 29.707740] [ 29.713927] 1 lock held by syz-executor814/7984: [ 29.718791] #0: (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x11f/0xa80 [ 29.727547] [ 29.727547] stack backtrace: [ 29.732039] CPU: 1 PID: 7984 Comm: syz-executor814 Not tainted 4.14.230-syzkaller #0 [ 29.740134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.749703] Call Trace: [ 29.752356] dump_stack+0x1b2/0x281 [ 29.755979] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.762134] __lock_acquire+0x2e0e/0x3f20 [ 29.766449] ? trace_hardirqs_on+0x10/0x10 [ 29.770679] ? add_lock_to_list.constprop.0+0x17d/0x330 [ 29.776038] ? save_trace+0xd6/0x290 [ 29.779754] lock_acquire+0x170/0x3f0 [ 29.783765] ? blkdev_reread_part+0x1b/0x40 [ 29.788936] ? blkdev_reread_part+0x1b/0x40 [ 29.793696] __mutex_lock+0xc4/0x1310 [ 29.798076] ? blkdev_reread_part+0x1b/0x40 [ 29.802543] ? __mutex_lock+0x360/0x1310 [ 29.806597] ? __get_super.part.0+0xbb/0x390 [ 29.811465] ? blkdev_reread_part+0x1b/0x40 [ 29.816293] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 29.822121] ? lock_downgrade+0x740/0x740 [ 29.826354] ? nbd_ioctl+0x7b0/0xa80 [ 29.830068] ? lock_downgrade+0x740/0x740 [ 29.834405] blkdev_reread_part+0x1b/0x40 [ 29.838722] nbd_ioctl+0x7cb/0xa80 [ 29.842678] ? kasan_slab_free+0xc3/0x1a0 [ 29.846948] ? nbd_disconnect_and_put+0x140/0x140 [ 29.852142] ? do_syscall_64+0x1d5/0x640 [ 29.856199] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.861687] ? path_lookupat+0x780/0x780 [ 29.866478] ? debug_check_no_obj_freed+0x2c0/0x680 [ 29.872406] ? nbd_disconnect_and_put+0x140/0x140 [ 29.877570] blkdev_ioctl+0x540/0x1830 [ 29.881581] ? blkpg_ioctl+0x8d0/0x8d0 [ 29.885464] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 29.890907] ? debug_check_no_obj_freed+0x2c0/0x680 [ 29.895920] block_ioctl+0xd9/0x120 [ 29.899542] ? blkdev_fallocate+0x3a0/0x3a0 [ 29.903854] do_vfs_ioctl+0x75a/0xff0 [ 29.907648] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 29.913090] ? ioctl_preallocate+0x1a0/0x1a0 [ 29.917723] ? kmem_cache_free+0x23a/0x2b0 [ 29.922219] ? putname+0xcd/0x110 [ 29.925822] ? do_sys_open+0x208/0x410 [ 29.929699] ? filp_open+0x60/0x60 [ 29.933335] ? security_file_ioctl+0x83/0xb0 [ 29.937825] SyS_ioctl+0x7f/0xb0 [ 29.941250] ? do_vfs_ioctl+0xff0/0xff0 [ 29.945220] do_syscall_64+0x1d5/0x640 [ 29.949191] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.954374] RIP: 0