[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.77' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 73.620479][ T8451] [ 73.623118][ T8451] ====================================================== [ 73.630179][ T8451] WARNING: possible circular locking dependency detected [ 73.637425][ T8451] 5.13.0-rc3-syzkaller #0 Not tainted [ 73.642893][ T8451] ------------------------------------------------------ [ 73.649994][ T8451] syz-executor905/8451 is trying to acquire lock: [ 73.656427][ T8451] ffff88801d1a00a0 (&bdev->bd_mutex){+.+.}-{3:3}, at: del_gendisk+0x24b/0xa00 [ 73.665301][ T8451] [ 73.665301][ T8451] but task is already holding lock: [ 73.672834][ T8451] ffffffff8ca6fe88 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 73.683364][ T8451] [ 73.683364][ T8451] which lock already depends on the new lock. [ 73.683364][ T8451] [ 73.693947][ T8451] [ 73.693947][ T8451] the existing dependency chain (in reverse order) is: [ 73.703334][ T8451] [ 73.703334][ T8451] -> #1 (nbd_index_mutex){+.+.}-{3:3}: [ 73.711444][ T8451] __mutex_lock+0x139/0x10c0 [ 73.717759][ T8451] nbd_open+0x7d/0x8a0 [ 73.722987][ T8451] __blkdev_get+0x182/0xa30 [ 73.728966][ T8451] blkdev_get_by_dev+0x200/0x660 [ 73.735231][ T8451] blkdev_open+0x154/0x2b0 [ 73.741034][ T8451] do_dentry_open+0x4b9/0x11b0 [ 73.747045][ T8451] path_openat+0x1c0e/0x27e0 [ 73.752534][ T8451] do_filp_open+0x190/0x3d0 [ 73.757667][ T8451] do_sys_openat2+0x16d/0x420 [ 73.763065][ T8451] __x64_sys_open+0x119/0x1c0 [ 73.768558][ T8451] do_syscall_64+0x3a/0xb0 [ 73.773682][ T8451] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.780120][ T8451] [ 73.780120][ T8451] -> #0 (&bdev->bd_mutex){+.+.}-{3:3}: [ 73.787781][ T8451] __lock_acquire+0x2a17/0x5230 [ 73.793198][ T8451] lock_acquire+0x1ab/0x740 [ 73.798331][ T8451] __mutex_lock+0x139/0x10c0 [ 73.803538][ T8451] del_gendisk+0x24b/0xa00 [ 73.808508][ T8451] nbd_put.part.0+0xae/0x1e0 [ 73.813642][ T8451] nbd_genl_connect+0x1214/0x1650 [ 73.819416][ T8451] genl_family_rcv_msg_doit+0x228/0x320 [ 73.825580][ T8451] genl_rcv_msg+0x328/0x580 [ 73.830813][ T8451] netlink_rcv_skb+0x153/0x420 [ 73.836131][ T8451] genl_rcv+0x24/0x40 [ 73.840730][ T8451] netlink_unicast+0x533/0x7d0 [ 73.846343][ T8451] netlink_sendmsg+0x856/0xd90 [ 73.851657][ T8451] sock_sendmsg+0xcf/0x120 [ 73.856715][ T8451] ____sys_sendmsg+0x6e8/0x810 [ 73.862104][ T8451] ___sys_sendmsg+0xf3/0x170 [ 73.867750][ T8451] __sys_sendmsg+0xe5/0x1b0 [ 73.872992][ T8451] do_syscall_64+0x3a/0xb0 [ 73.877964][ T8451] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.884454][ T8451] [ 73.884454][ T8451] other info that might help us debug this: [ 73.884454][ T8451] [ 73.894772][ T8451] Possible unsafe locking scenario: [ 73.894772][ T8451] [ 73.902224][ T8451] CPU0 CPU1 [ 73.907683][ T8451] ---- ---- [ 73.913230][ T8451] lock(nbd_index_mutex); [ 73.917656][ T8451] lock(&bdev->bd_mutex); [ 73.924822][ T8451] lock(nbd_index_mutex); [ 73.931964][ T8451] lock(&bdev->bd_mutex); [ 73.936489][ T8451] [ 73.936489][ T8451] *** DEADLOCK *** [ 73.936489][ T8451] [ 73.944631][ T8451] 3 locks held by syz-executor905/8451: [ 73.950198][ T8451] #0: ffffffff8d737fd0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 73.958741][ T8451] #1: ffffffff8d738088 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 [ 73.967998][ T8451] #2: ffffffff8ca6fe88 (nbd_index_mutex){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 [ 73.978742][ T8451] [ 73.978742][ T8451] stack backtrace: [ 73.984729][ T8451] CPU: 1 PID: 8451 Comm: syz-executor905 Not tainted 5.13.0-rc3-syzkaller #0 [ 73.993846][ T8451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.003905][ T8451] Call Trace: [ 74.007191][ T8451] dump_stack+0x141/0x1d7 [ 74.011550][ T8451] check_noncircular+0x25f/0x2e0 [ 74.016512][ T8451] ? netlink_sendmsg+0x856/0xd90 [ 74.021465][ T8451] ? print_circular_bug+0x1e0/0x1e0 [ 74.026677][ T8451] ? __sys_sendmsg+0xe5/0x1b0 [ 74.031380][ T8451] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.037468][ T8451] ? lockdep_lock+0xc6/0x200 [ 74.042073][ T8451] ? call_rcu_zapped+0xb0/0xb0 [ 74.046851][ T8451] ? mark_held_locks+0x9f/0xe0 [ 74.051633][ T8451] __lock_acquire+0x2a17/0x5230 [ 74.056502][ T8451] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 74.062515][ T8451] lock_acquire+0x1ab/0x740 [ 74.067032][ T8451] ? del_gendisk+0x24b/0xa00 [ 74.071633][ T8451] ? lock_release+0x720/0x720 [ 74.076321][ T8451] ? find_held_lock+0x2d/0x110 [ 74.081101][ T8451] __mutex_lock+0x139/0x10c0 [ 74.085700][ T8451] ? del_gendisk+0x24b/0xa00 [ 74.090299][ T8451] ? mutex_lock_io_nested+0xf20/0xf20 [ 74.095712][ T8451] ? del_gendisk+0x24b/0xa00 [ 74.100321][ T8451] ? __mutex_unlock_slowpath+0xe2/0x610 [ 74.106052][ T8451] ? mutex_lock_io_nested+0xf20/0xf20 [ 74.111437][ T8451] ? wait_for_completion_io+0x270/0x270 [ 74.117031][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.123423][ T8451] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 74.129085][ T8451] ? sysfs_remove_files+0x87/0xf0 [ 74.134121][ T8451] del_gendisk+0x24b/0xa00 [ 74.138554][ T8451] nbd_put.part.0+0xae/0x1e0 [ 74.143291][ T8451] nbd_genl_connect+0x1214/0x1650 [ 74.148424][ T8451] ? nbd_start_device+0xd50/0xd50 [ 74.153564][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.160005][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 74.167391][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 74.174691][ T8451] genl_family_rcv_msg_doit+0x228/0x320 [ 74.180349][ T8451] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 74.187822][ T8451] ? genl_op_from_small+0x23/0x3c0 [ 74.192965][ T8451] ? genl_get_cmd+0x3cf/0x480 [ 74.197825][ T8451] genl_rcv_msg+0x328/0x580 [ 74.202483][ T8451] ? genl_get_cmd+0x480/0x480 [ 74.208469][ T8451] ? nbd_start_device+0xd50/0xd50 [ 74.213524][ T8451] ? lock_release+0x720/0x720 [ 74.218218][ T8451] netlink_rcv_skb+0x153/0x420 [ 74.223026][ T8451] ? genl_get_cmd+0x480/0x480 [ 74.227717][ T8451] ? netlink_ack+0xaa0/0xaa0 [ 74.232327][ T8451] genl_rcv+0x24/0x40 [ 74.236332][ T8451] netlink_unicast+0x533/0x7d0 [ 74.241216][ T8451] ? netlink_attachskb+0x870/0x870 [ 74.246523][ T8451] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 74.253247][ T8451] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 74.259770][ T8451] ? __phys_addr_symbol+0x2c/0x70 [ 74.264877][ T8451] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 74.270700][ T8451] ? __check_object_size+0x171/0x3f0 [ 74.276027][ T8451] netlink_sendmsg+0x856/0xd90 [ 74.280814][ T8451] ? netlink_unicast+0x7d0/0x7d0 [ 74.285764][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.292126][ T8451] ? netlink_unicast+0x7d0/0x7d0 [ 74.297181][ T8451] sock_sendmsg+0xcf/0x120 [ 74.301698][ T8451] ____sys_sendmsg+0x6e8/0x810 [ 74.306470][ T8451] ? kernel_sendmsg+0x50/0x50 [ 74.311272][ T8451] ? do_recvmmsg+0x6d0/0x6d0 [ 74.315961][ T8451] ? lock_chain_count+0x20/0x20 [ 74.320824][ T8451] ? netlink_recvmsg+0x826/0xee0 [ 74.325878][ T8451] ___sys_sendmsg+0xf3/0x170 [ 74.330755][ T8451] ? sendmsg_copy_msghdr+0x160/0x160 [ 74.336063][ T8451] ? __lock_acquire+0x16a7/0x5230 [ 74.341115][ T8451] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 74.347112][ T8451] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 74.353110][ T8451] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.359454][ T8451] ? __fget_light+0x215/0x280 [ 74.364228][ T8451] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 74.370488][ T8451] __sys_sendmsg+0xe5/0x1b0 [ 74.375006][ T8451] ? __sys_sendmsg_sock+0x30/0x30 [ 74.380048][ T8451] ? syscall_enter_from_user_mode+0x27/0x70 [ 74.386235][ T8451] do_syscall_64+0x3a/0xb0 [ 74.390681][ T8451] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.396691][ T8451] RIP: 0033:0x43fa59 [ 74.400867][ T8451] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 74.420763][ T8451] RSP: 002b:00007fffb0ebb1d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.429299][ T8451] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fa59 [ 74.437371][ T8451] RDX: 0000000000000000 RSI: 0000000020000d00 RDI: 0000000000000003 [ 74.445540][ T8451] RBP: 00000000004034c0 R08: 0000000000000002 R09: 00000000004004a0 [ 74.453619][ T8451] R10: 000000000000000c R11: 0000000000000246 R12: 0000000000403550 [ 74.461690][ T8451] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0