[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.566266] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 19.314267] random: sshd: uninitialized urandom read (32 bytes read) [ 19.533899] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.275359] random: sshd: uninitialized urandom read (32 bytes read) [ 20.426769] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts. [ 25.831360] random: sshd: uninitialized urandom read (32 bytes read) 2018/04/27 09:35:37 parsed 1 programs 2018/04/27 09:35:37 executed programs: 0 [ 26.310983] IPVS: ftp: loaded support on port[0] = 21 [ 26.364692] [ 26.366342] ====================================================== [ 26.372633] WARNING: possible circular locking dependency detected [ 26.378967] 4.17.0-rc2+ #44 Not tainted [ 26.382914] ------------------------------------------------------ [ 26.389212] syz-executor0/4465 is trying to acquire lock: [ 26.394722] (ptrval) (&bdev->bd_mutex){+.+.}, at: blkdev_reread_part+0x1e/0x40 [ 26.402772] [ 26.402772] but task is already holding lock: [ 26.408720] (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170 [ 26.417031] [ 26.417031] which lock already depends on the new lock. [ 26.417031] [ 26.425335] [ 26.425335] the existing dependency chain (in reverse order) is: [ 26.432942] [ 26.432942] -> #2 (&lo->lo_ctl_mutex#2){+.+.}: [ 26.438998] __mutex_lock+0x16d/0x17f0 [ 26.443392] mutex_lock_nested+0x16/0x20 [ 26.447952] lo_release+0xa3/0x1f0 [ 26.451994] __blkdev_put+0x4f6/0x830 [ 26.456305] blkdev_put+0x98/0x540 [ 26.460343] blkdev_close+0x8b/0xb0 [ 26.464478] __fput+0x34d/0x890 [ 26.468264] ____fput+0x15/0x20 [ 26.472051] task_work_run+0x1e4/0x290 [ 26.476451] exit_to_usermode_loop+0x2bd/0x310 [ 26.481544] do_syscall_64+0x6ac/0x800 [ 26.485932] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 26.491616] [ 26.491616] -> #1 (loop_index_mutex){+.+.}: [ 26.497406] __mutex_lock+0x16d/0x17f0 [ 26.501792] mutex_lock_nested+0x16/0x20 [ 26.506360] lo_open+0x1b/0xb0 [ 26.510059] __blkdev_get+0x358/0x13a0 [ 26.514457] blkdev_get+0xb9/0xb30 [ 26.518505] blkdev_open+0x1fb/0x280 [ 26.522724] do_dentry_open+0x7ef/0xf10 [ 26.527206] vfs_open+0x139/0x230 [ 26.531164] path_openat+0x1676/0x4e20 [ 26.535561] do_filp_open+0x249/0x350 [ 26.539862] do_sys_open+0x56f/0x740 [ 26.544074] __x64_sys_open+0x7e/0xc0 [ 26.548374] do_syscall_64+0x1b1/0x800 [ 26.552761] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 26.558445] [ 26.558445] -> #0 (&bdev->bd_mutex){+.+.}: [ 26.564144] lock_acquire+0x1dc/0x520 [ 26.568444] __mutex_lock+0x16d/0x17f0 [ 26.572842] mutex_lock_nested+0x16/0x20 [ 26.577509] blkdev_reread_part+0x1e/0x40 [ 26.582162] loop_reread_partitions+0x159/0x180 [ 26.587338] loop_set_status+0xb95/0x1010 [ 26.591988] loop_set_status_compat+0xa4/0xf0 [ 26.596986] lo_compat_ioctl+0x14b/0x170 [ 26.601551] compat_blkdev_ioctl+0x3c2/0x1b20 [ 26.606547] __ia32_compat_sys_ioctl+0x221/0x640 [ 26.611803] do_fast_syscall_32+0x345/0xf9b [ 26.616634] entry_SYSENTER_compat+0x70/0x7f [ 26.621537] [ 26.621537] other info that might help us debug this: [ 26.621537] [ 26.629665] Chain exists of: [ 26.629665] &bdev->bd_mutex --> loop_index_mutex --> &lo->lo_ctl_mutex#2 [ 26.629665] [ 26.641013] Possible unsafe locking scenario: [ 26.641013] [ 26.647056] CPU0 CPU1 [ 26.651700] ---- ---- [ 26.656363] lock(&lo->lo_ctl_mutex#2); [ 26.660410] lock(loop_index_mutex); [ 26.666704] lock(&lo->lo_ctl_mutex#2); [ 26.673260] lock(&bdev->bd_mutex); [ 26.676973] [ 26.676973] *** DEADLOCK *** [ 26.676973] [ 26.683026] 1 lock held by syz-executor0/4465: [ 26.687585] #0: (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170 [ 26.696335] [ 26.696335] stack backtrace: [ 26.700812] CPU: 1 PID: 4465 Comm: syz-executor0 Not tainted 4.17.0-rc2+ #44 [ 26.707972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.717302] Call Trace: [ 26.719878] dump_stack+0x1b9/0x294 [ 26.723493] ? dump_stack_print_info.cold.2+0x52/0x52 [ 26.728665] ? print_lock+0xd1/0xd6 [ 26.732272] ? vprintk_func+0x81/0xe7 [ 26.736062] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 26.741750] ? save_trace+0xe0/0x290 [ 26.745443] __lock_acquire+0x343e/0x5140 [ 26.749571] ? debug_check_no_locks_freed+0x310/0x310 [ 26.754737] ? __lock_acquire+0x7f5/0x5140 [ 26.758949] ? debug_check_no_locks_freed+0x310/0x310 [ 26.764127] ? noop_count+0x40/0x40 [ 26.767741] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 26.773255] ? bpf_prog_kallsyms_find+0xd6/0x4a0 [ 26.777990] ? __bpf_trace_bpf_map_next_key+0x40/0x40 [ 26.783172] ? is_bpf_text_address+0xae/0x170 [ 26.787647] ? lock_downgrade+0x8e0/0x8e0 [ 26.791783] ? print_usage_bug+0xc0/0xc0 [ 26.795823] ? print_usage_bug+0xc0/0xc0 [ 26.799869] ? kasan_check_read+0x11/0x20 [ 26.804004] ? graph_lock+0x170/0x170 [ 26.807796] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 26.812972] lock_acquire+0x1dc/0x520 [ 26.816754] ? blkdev_reread_part+0x1e/0x40 [ 26.821056] ? lock_release+0xa10/0xa10 [ 26.825026] ? check_same_owner+0x320/0x320 [ 26.829327] ? debug_check_no_locks_freed+0x310/0x310 [ 26.834500] ? rcu_note_context_switch+0x710/0x710 [ 26.839433] ? __might_sleep+0x95/0x190 [ 26.843390] ? blkdev_reread_part+0x1e/0x40 [ 26.847696] __mutex_lock+0x16d/0x17f0 [ 26.851565] ? blkdev_reread_part+0x1e/0x40 [ 26.855875] ? blkdev_reread_part+0x1e/0x40 [ 26.860187] ? debug_check_no_locks_freed+0x310/0x310 [ 26.865366] ? mutex_trylock+0x2a0/0x2a0 [ 26.869406] ? kasan_check_write+0x14/0x20 [ 26.873618] ? do_raw_spin_lock+0xc1/0x200 [ 26.877828] ? graph_lock+0x170/0x170 [ 26.881607] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 26.886689] ? graph_lock+0x170/0x170 [ 26.890467] ? graph_lock+0x170/0x170 [ 26.894245] ? save_stack+0xa9/0xd0 [ 26.897853] ? save_stack+0x43/0xd0 [ 26.901457] ? __lock_is_held+0xb5/0x140 [ 26.905495] ? print_usage_bug+0xc0/0xc0 [ 26.909543] ? lock_downgrade+0x8e0/0x8e0 [ 26.913681] ? mark_held_locks+0xc9/0x160 [ 26.917810] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 26.922372] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 26.927453] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.932448] ? trace_hardirqs_on+0xd/0x10 [ 26.936583] ? __wake_up_common_lock+0x1c2/0x300 [ 26.941324] mutex_lock_nested+0x16/0x20 [ 26.945362] ? mutex_lock_nested+0x16/0x20 [ 26.949576] blkdev_reread_part+0x1e/0x40 [ 26.953710] loop_reread_partitions+0x159/0x180 [ 26.958360] ? __loop_update_dio+0x6a0/0x6a0 [ 26.962751] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 26.968270] loop_set_status+0xb95/0x1010 [ 26.972397] loop_set_status_compat+0xa4/0xf0 [ 26.976873] ? loop_set_status+0x1010/0x1010 [ 26.981268] lo_compat_ioctl+0x14b/0x170 [ 26.985308] ? lo_ioctl+0x2130/0x2130 [ 26.989102] compat_blkdev_ioctl+0x3c2/0x1b20 [ 26.993578] ? bfq_create_group_hierarchy+0x120/0x120 [ 26.998762] ? __x32_compat_sys_get_robust_list+0x430/0x430 [ 27.004452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.010579] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 27.015750] ? bfq_create_group_hierarchy+0x120/0x120 [ 27.020921] __ia32_compat_sys_ioctl+0x221/0x640 [ 27.025660] do_fast_syscall_32+0x345/0xf9b [ 27.029963] ? do_int80_syscall_32+0x880/0x880 [ 27.034528] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.039277] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.044815] ? syscall_return_slowpath+0x30f/0x5c0 [ 27.049726] ? sysret32_from_system_call+0x5/0x46 [ 27.054549] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.059370] entry_SYSENTER_compat+0x70/0x7f [ 27.063757] RIP: 0023:0xf7ff1cb9 [ 27.067