[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.358974] random: sshd: uninitialized urandom read (32 bytes read, 30 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.042781] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [ 20.279833] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [ 21.286791] random: sshd: uninitialized urandom read (32 bytes read, 119 bits of entropy available) [ 23.778823] random: sshd: uninitialized urandom read (32 bytes read, 125 bits of entropy available) Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts. [ 29.263590] random: sshd: uninitialized urandom read (32 bytes read, 127 bits of entropy available) 2018/04/14 06:12:39 parsed 1 programs 2018/04/14 06:12:39 executed programs: 0 [ 29.661755] IPVS: Creating netns size=2552 id=1 [ 29.781805] [ 29.783443] ====================================================== [ 29.789735] [ INFO: possible circular locking dependency detected ] [ 29.796110] 4.4.125-g38f41ec #21 Not tainted [ 29.800484] ------------------------------------------------------- [ 29.806863] syz-executor0/3639 is trying to acquire lock: [ 29.812366] (&bdev->bd_mutex){+.+.+.}, at: [] blkdev_reread_part+0x1e/0x40 [ 29.821478] [ 29.821478] but task is already holding lock: [ 29.827413] (&lo->lo_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x109/0x140 [ 29.836971] [ 29.836971] which lock already depends on the new lock. [ 29.836971] [ 29.845251] [ 29.845251] the existing dependency chain (in reverse order) is: [ 29.852837] -> #2 (&lo->lo_ctl_mutex#2){+.+.+.}: [ 29.858325] [] lock_acquire+0x15e/0x460 [ 29.864561] [] mutex_lock_nested+0xbb/0x850 [ 29.871139] [] lo_release+0x85/0x160 [ 29.877104] [] __blkdev_put+0x5f7/0x7e0 [ 29.883335] [] blkdev_put+0x85/0x550 [ 29.889305] [] blkdev_close+0x8b/0xb0 [ 29.895360] [] __fput+0x233/0x6d0 [ 29.901065] [] ____fput+0x15/0x20 [ 29.906770] [] task_work_run+0x104/0x180 [ 29.913086] [] exit_to_usermode_loop+0x13d/0x160 [ 29.920095] [] syscall_return_slowpath+0x1b5/0x1f0 [ 29.927278] [] int_ret_from_sys_call+0x25/0xa3 [ 29.934137] -> #1 (loop_index_mutex){+.+.+.}: [ 29.939592] [] lock_acquire+0x15e/0x460 [ 29.945819] [] mutex_lock_nested+0xbb/0x850 [ 29.952397] [] lo_open+0x1b/0xa0 [ 29.958018] [] __blkdev_get+0x2ac/0xdf0 [ 29.964285] [] blkdev_get+0x33d/0x940 [ 29.970341] [] blkdev_open+0x1a5/0x250 [ 29.976482] [] do_dentry_open+0x59b/0xba0 [ 29.982888] [] vfs_open+0x110/0x210 [ 29.988773] [] path_openat+0x923/0x3940 [ 29.995001] [] do_filp_open+0x197/0x290 [ 30.001235] [] do_sys_open+0x369/0x660 [ 30.007383] [] SyS_open+0x2d/0x40 [ 30.013096] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 30.020289] -> #0 (&bdev->bd_mutex){+.+.+.}: [ 30.025303] [] __lock_acquire+0x371f/0x4b50 [ 30.031878] [] lock_acquire+0x15e/0x460 [ 30.038115] [] mutex_lock_nested+0xbb/0x850 [ 30.044691] [] blkdev_reread_part+0x1e/0x40 [ 30.051268] [] loop_reread_partitions+0x78/0xe0 [ 30.058195] [] loop_set_status+0x995/0xfc0 [ 30.064685] [] loop_set_status_compat+0x9a/0x100 [ 30.071699] [] lo_compat_ioctl+0x114/0x140 [ 30.078191] [] compat_blkdev_ioctl+0x3d4/0x3b10 [ 30.085116] [] compat_SyS_ioctl+0x28a/0x2540 [ 30.091800] [] do_fast_syscall_32+0x321/0x8a0 [ 30.098552] [] sysenter_flags_fixed+0xd/0x17 [ 30.105216] [ 30.105216] other info that might help us debug this: [ 30.105216] [ 30.113327] Chain exists of: &bdev->bd_mutex --> loop_index_mutex --> &lo->lo_ctl_mutex#2 [ 30.122886] Possible unsafe locking scenario: [ 30.122886] [ 30.128909] CPU0 CPU1 [ 30.133544] ---- ---- [ 30.138179] lock(&lo->lo_ctl_mutex#2); [ 30.142561] lock(loop_index_mutex); [ 30.149075] lock(&lo->lo_ctl_mutex#2); [ 30.155968] lock(&bdev->bd_mutex); [ 30.159885] [ 30.159885] *** DEADLOCK *** [ 30.159885] [ 30.165917] 1 lock held by syz-executor0/3639: [ 30.170465] #0: (&lo->lo_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x109/0x140 [ 30.180498] [ 30.180498] stack backtrace: [ 30.184964] CPU: 1 PID: 3639 Comm: syz-executor0 Not tainted 4.4.125-g38f41ec #21 [ 30.192549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.201870] 0000000000000000 f62b31014b8dc8c4 ffff8801ce2c75e8 ffffffff81d067bd [ 30.209841] ffffffff85188b10 ffffffff851880f0 ffffffff851b0fb0 ffff8800b27e0908 [ 30.217810] ffff8800b27e0000 ffff8801ce2c7630 ffffffff81234081 ffff8800b27e0908 [ 30.225807] Call Trace: [ 30.228373] [] dump_stack+0xc1/0x124 [ 30.233711] [] print_circular_bug+0x271/0x310 [ 30.239830] [] __lock_acquire+0x371f/0x4b50 [ 30.245775] [] ? save_stack_trace+0x26/0x50 [ 30.251720] [] ? save_stack+0x43/0xd0 [ 30.257139] [] ? kasan_slab_free+0x72/0xc0 [ 30.263000] [] ? kfree+0xfc/0x300 [ 30.268079] [] ? kobject_uevent_env+0x24f/0xb40 [ 30.274366] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 30.281355] [] ? __lock_acquire+0xb5f/0x4b50 [ 30.287381] [] ? __lock_is_held+0xa1/0xf0 [ 30.293143] [] lock_acquire+0x15e/0x460 [ 30.298740] [] ? blkdev_reread_part+0x1e/0x40 [ 30.304849] [] ? blkdev_reread_part+0x1e/0x40 [ 30.310960] [] mutex_lock_nested+0xbb/0x850 [ 30.316900] [] ? blkdev_reread_part+0x1e/0x40 [ 30.323105] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 30.329313] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 30.336206] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 30.343013] [] blkdev_reread_part+0x1e/0x40 [ 30.348951] [] loop_reread_partitions+0x78/0xe0 [ 30.355237] [] loop_set_status+0x995/0xfc0 [ 30.361088] [] loop_set_status_compat+0x9a/0x100 [ 30.367461] [] ? loop_set_status+0xfc0/0xfc0 [ 30.373496] [] lo_compat_ioctl+0x114/0x140 [ 30.379350] [] ? lo_ioctl+0x19c0/0x19c0 [ 30.384942] [] compat_blkdev_ioctl+0x3d4/0x3b10 [ 30.391237] [] ? cfq_dispatch_requests+0x2fa0/0x2fa0 [ 30.397967] [] ? exit_robust_list+0x240/0x240 [ 30.404080] [] ? security_file_ioctl+0x89/0xb0 [ 30.410289] [] compat_SyS_ioctl+0x28a/0x2540 [ 30.416316] [] ? cfq_dispatch_requests+0x2fa0/0x2fa0 [ 30.423037] [] ? compat_SyS_ppoll+0x420/0x420 [ 30.429148] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 30.435957] [] ? _raw_spin_unlock_irq+0x38/0x50 [ 30.442247] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 30.448365] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 30.455353] [] ? do_fast_syscall_32+0xd7/0x8a0 [ 30.461577] [] ? compat_SyS_ppoll+0x420/0x420 [ 30.467783] [] do_fast_syscall_32+0x321/0x8a0 [ 30.473903] [] sysenter_flags_fixed+0xd/0x17