audit: type=1400 audit(1594378134.228:8): avc:  denied  { execmem } for  pid=6334 comm="syz-executor417" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
======================================================
WARNING: possible circular locking dependency detected
4.14.184-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor417/6334 is trying to acquire lock:
 (&bdev->bd_mutex){+.+.}, at: [<ffffffff82f040fb>] blkdev_reread_part+0x1b/0x40 block/ioctl.c:192

but task is already holding lock:
 (&nbd->config_lock){+.+.}, at: [<ffffffff839ea3ff>] nbd_ioctl+0x11f/0xa30 drivers/block/nbd.c:1353

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&nbd->config_lock){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xe8/0x1430 kernel/locking/mutex.c:893
       nbd_open+0x1bf/0x380 drivers/block/nbd.c:1401
       __blkdev_get+0x307/0x10c0 fs/block_dev.c:1472
       blkdev_get+0x84/0x8a0 fs/block_dev.c:1612
       blkdev_open+0x1cc/0x250 fs/block_dev.c:1770
       do_dentry_open+0x44b/0xec0 fs/open.c:777
       vfs_open+0x105/0x220 fs/open.c:888
       do_last fs/namei.c:3428 [inline]
       path_openat+0xb68/0x2aa0 fs/namei.c:3569
       do_filp_open+0x18e/0x250 fs/namei.c:3603
       do_sys_open+0x292/0x3e0 fs/open.c:1081
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x46/0xbb

-> #1 (nbd_index_mutex){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xe8/0x1430 kernel/locking/mutex.c:893
       nbd_open+0x24/0x380 drivers/block/nbd.c:1388
       __blkdev_get+0x307/0x10c0 fs/block_dev.c:1472
       blkdev_get+0x84/0x8a0 fs/block_dev.c:1612
       blkdev_open+0x1cc/0x250 fs/block_dev.c:1770
       do_dentry_open+0x44b/0xec0 fs/open.c:777
       vfs_open+0x105/0x220 fs/open.c:888
       do_last fs/namei.c:3428 [inline]
       path_openat+0xb68/0x2aa0 fs/namei.c:3569
       do_filp_open+0x18e/0x250 fs/namei.c:3603
       do_sys_open+0x292/0x3e0 fs/open.c:1081
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x46/0xbb

-> #0 (&bdev->bd_mutex){+.+.}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xe8/0x1430 kernel/locking/mutex.c:893
       blkdev_reread_part+0x1b/0x40 block/ioctl.c:192
       nbd_bdev_reset drivers/block/nbd.c:1062 [inline]
       nbd_clear_sock_ioctl drivers/block/nbd.c:1266 [inline]
       __nbd_ioctl drivers/block/nbd.c:1290 [inline]
       nbd_ioctl+0x79e/0xa30 drivers/block/nbd.c:1360
       __blkdev_driver_ioctl block/ioctl.c:297 [inline]
       blkdev_ioctl+0x91d/0x17c0 block/ioctl.c:594
       block_ioctl+0xd9/0x120 fs/block_dev.c:1881
       vfs_ioctl fs/ioctl.c:46 [inline]
       file_ioctl fs/ioctl.c:500 [inline]
       do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
       SYSC_ioctl fs/ioctl.c:701 [inline]
       SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x46/0xbb

other info that might help us debug this:

Chain exists of:
  &bdev->bd_mutex --> nbd_index_mutex --> &nbd->config_lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&nbd->config_lock);
                               lock(nbd_index_mutex);
                               lock(&nbd->config_lock);
  lock(&bdev->bd_mutex);

 *** DEADLOCK ***

1 lock held by syz-executor417/6334:
 #0:  (&nbd->config_lock){+.+.}, at: [<ffffffff839ea3ff>] nbd_ioctl+0x11f/0xa30 drivers/block/nbd.c:1353

stack backtrace:
CPU: 1 PID: 6334 Comm: syz-executor417 Not tainted 4.14.184-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x3057/0x42a0 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0xe8/0x1430 kernel/locking/mutex.c:893
 blkdev_reread_part+0x1b/0x40 block/ioctl.c:192
 nbd_bdev_reset drivers/block/nbd.c:1062 [inline]
 nbd_clear_sock_ioctl drivers/block/nbd.c:1266 [inline]
 __nbd_ioctl drivers/block/nbd.c:1290 [inline]
 nbd_ioctl+0x79e/0xa30 drivers/block/nbd.c:1360
 __blkdev_driver_ioctl block/ioctl.c:297 [inline]
 blkdev_ioctl+0x91d/0x17c0 block/ioctl.c:594
 block_ioctl+0xd9/0x120 fs/block_dev.c:1881
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x443ec9
RSP: 002b:00007ffc28167898 EFLAGS: 00000246 ORIG_RAX: 00000000000