Warning: Permanently added '10.128.0.216' (ECDSA) to the list of known hosts. [ 43.704981] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 43.825482] audit: type=1400 audit(1565598402.274:36): avc: denied { map } for pid=7159 comm="syz-executor818" path="/root/syz-executor818211555" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 43.828365] [ 43.853451] ====================================================== [ 43.859747] WARNING: possible circular locking dependency detected [ 43.866050] 4.14.138 #34 Not tainted [ 43.869763] ------------------------------------------------------ [ 43.876060] syz-executor818/7159 is trying to acquire lock: [ 43.881831] (&bdev->bd_mutex){+.+.}, at: [] blkdev_reread_part+0x1f/0x40 [ 43.890306] [ 43.890306] but task is already holding lock: [ 43.896253] (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x134/0xae0 [ 43.904294] [ 43.904294] which lock already depends on the new lock. [ 43.904294] [ 43.912584] [ 43.912584] the existing dependency chain (in reverse order) is: [ 43.920178] [ 43.920178] -> #2 (&nbd->config_lock){+.+.}: [ 43.926099] lock_acquire+0x16f/0x430 [ 43.930448] __mutex_lock+0xe8/0x1470 [ 43.934754] mutex_lock_nested+0x16/0x20 [ 43.939310] nbd_open+0xf2/0x1f0 [ 43.943184] __blkdev_get+0x2c7/0x1120 [ 43.947663] blkdev_get+0xa8/0x8e0 [ 43.951700] blkdev_open+0x1d1/0x260 [ 43.955932] do_dentry_open+0x73b/0xeb0 [ 43.960403] vfs_open+0x105/0x220 [ 43.964352] path_openat+0x8bd/0x3f70 [ 43.968645] do_filp_open+0x18e/0x250 [ 43.972958] do_sys_open+0x2c5/0x430 [ 43.977171] SyS_open+0x2d/0x40 [ 43.980948] do_syscall_64+0x1e8/0x640 [ 43.985345] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 43.991030] [ 43.991030] -> #1 (nbd_index_mutex){+.+.}: [ 43.996734] lock_acquire+0x16f/0x430 [ 44.001033] __mutex_lock+0xe8/0x1470 [ 44.005331] mutex_lock_nested+0x16/0x20 [ 44.009908] nbd_open+0x27/0x1f0 [ 44.013781] __blkdev_get+0x2c7/0x1120 [ 44.018165] blkdev_get+0xa8/0x8e0 [ 44.022204] blkdev_open+0x1d1/0x260 [ 44.026416] do_dentry_open+0x73b/0xeb0 [ 44.030892] vfs_open+0x105/0x220 [ 44.034844] path_openat+0x8bd/0x3f70 [ 44.039140] do_filp_open+0x18e/0x250 [ 44.043442] do_sys_open+0x2c5/0x430 [ 44.047651] SyS_open+0x2d/0x40 [ 44.051429] do_syscall_64+0x1e8/0x640 [ 44.055842] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.061544] [ 44.061544] -> #0 (&bdev->bd_mutex){+.+.}: [ 44.067242] __lock_acquire+0x2cb3/0x4620 [ 44.071887] lock_acquire+0x16f/0x430 [ 44.076186] __mutex_lock+0xe8/0x1470 [ 44.080508] mutex_lock_nested+0x16/0x20 [ 44.085082] blkdev_reread_part+0x1f/0x40 [ 44.089942] nbd_ioctl+0x806/0xae0 [ 44.094124] blkdev_ioctl+0x96b/0x1860 [ 44.098720] block_ioctl+0xde/0x120 [ 44.102861] do_vfs_ioctl+0x7ae/0x1060 [ 44.107262] SyS_ioctl+0x8f/0xc0 [ 44.111136] do_syscall_64+0x1e8/0x640 [ 44.115528] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.121444] [ 44.121444] other info that might help us debug this: [ 44.121444] [ 44.129690] Chain exists of: [ 44.129690] &bdev->bd_mutex --> nbd_index_mutex --> &nbd->config_lock [ 44.129690] [ 44.140896] Possible unsafe locking scenario: [ 44.140896] [ 44.147108] CPU0 CPU1 [ 44.151878] ---- ---- [ 44.156531] lock(&nbd->config_lock); [ 44.160456] lock(nbd_index_mutex); [ 44.166718] lock(&nbd->config_lock); [ 44.173123] lock(&bdev->bd_mutex); [ 44.176830] [ 44.176830] *** DEADLOCK *** [ 44.176830] [ 44.182893] 1 lock held by syz-executor818/7159: [ 44.187684] #0: (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x134/0xae0 [ 44.199211] [ 44.199211] stack backtrace: [ 44.203884] CPU: 1 PID: 7159 Comm: syz-executor818 Not tainted 4.14.138 #34 [ 44.210965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.220312] Call Trace: [ 44.222939] dump_stack+0x138/0x19c [ 44.226608] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 44.231965] __lock_acquire+0x2cb3/0x4620 [ 44.236315] ? is_bpf_text_address+0xa6/0x120 [ 44.240845] ? kernel_text_address+0x73/0xf0 [ 44.245265] ? trace_hardirqs_on+0x10/0x10 [ 44.249490] lock_acquire+0x16f/0x430 [ 44.253274] ? blkdev_reread_part+0x1f/0x40 [ 44.257582] ? blkdev_reread_part+0x1f/0x40 [ 44.261889] __mutex_lock+0xe8/0x1470 [ 44.265722] ? blkdev_reread_part+0x1f/0x40 [ 44.270237] ? save_trace+0x290/0x290 [ 44.274291] ? blkdev_reread_part+0x1f/0x40 [ 44.278606] ? mutex_trylock+0x1c0/0x1c0 [ 44.282653] ? bd_set_size+0x89/0xb0 [ 44.286361] ? lock_downgrade+0x6e0/0x6e0 [ 44.290499] mutex_lock_nested+0x16/0x20 [ 44.294559] ? mutex_lock_nested+0x16/0x20 [ 44.298881] blkdev_reread_part+0x1f/0x40 [ 44.303085] nbd_ioctl+0x806/0xae0 [ 44.306655] ? kasan_slab_free+0x75/0xc0 [ 44.310706] ? nbd_add_socket+0x5e0/0x5e0 [ 44.314964] ? debug_check_no_obj_freed+0x2aa/0x7b7 [ 44.320145] ? nbd_add_socket+0x5e0/0x5e0 [ 44.324549] blkdev_ioctl+0x96b/0x1860 [ 44.328427] ? blkpg_ioctl+0x980/0x980 [ 44.332451] ? __might_sleep+0x93/0xb0 [ 44.336416] block_ioctl+0xde/0x120 [ 44.340046] ? blkdev_fallocate+0x3b0/0x3b0 [ 44.344457] do_vfs_ioctl+0x7ae/0x1060 [ 44.348347] ? selinux_file_mprotect+0x5d0/0x5d0 [ 44.353098] ? ioctl_preallocate+0x1c0/0x1c0 [ 44.357637] ? putname+0xe0/0x120 [ 44.361078] ? do_sys_open+0x221/0x430 [ 44.365053] ? security_file_ioctl+0x7d/0xb0 [ 44.369447] ? security_file_ioctl+0x89/0xb0 [ 44.373889] SyS_ioctl+0x8f/0xc0 [ 44.377247] ? do_vfs_ioctl+0x1060/0x1060 [ 44.381384] do_syscall_64+0x1e8/0x640 [ 44.385449] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.390381] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.395622] RIP: 0033:0x443df9 [ 44.398806] RSP: 002b:00007fff5e7027b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 44.406692] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443df9 [ 44.414023] RDX: 0000000000000000 RSI: 000000000000ab04 RDI: 0000000000000003 [ 44.421286] RBP: 00000000006ce018 R08: 0000000000000000 R09: 00000000004002e0