Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. [ 44.755393] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 44.873829] audit: type=1400 audit(1563686382.866:36): avc: denied { map } for pid=7122 comm="syz-executor556" path="/root/syz-executor556500589" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 44.876774] [ 44.901705] ====================================================== [ 44.907994] WARNING: possible circular locking dependency detected [ 44.914291] 4.14.133 #28 Not tainted [ 44.917982] ------------------------------------------------------ [ 44.924273] syz-executor556/7122 is trying to acquire lock: [ 44.929955] (&bdev->bd_mutex){+.+.}, at: [] blkdev_reread_part+0x1f/0x40 [ 44.938549] [ 44.938549] but task is already holding lock: [ 44.944524] (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x134/0xae0 [ 44.952587] [ 44.952587] which lock already depends on the new lock. [ 44.952587] [ 44.960887] [ 44.960887] the existing dependency chain (in reverse order) is: [ 44.968480] [ 44.968480] -> #2 (&nbd->config_lock){+.+.}: [ 44.974365] lock_acquire+0x16f/0x430 [ 44.978663] __mutex_lock+0xe8/0x1470 [ 44.982957] mutex_lock_nested+0x16/0x20 [ 44.987513] nbd_open+0xf2/0x1f0 [ 44.991374] __blkdev_get+0x2c7/0x1120 [ 44.995763] blkdev_get+0xa8/0x8e0 [ 44.999792] blkdev_open+0x1d1/0x260 [ 45.004002] do_dentry_open+0x73b/0xeb0 [ 45.008471] vfs_open+0x105/0x220 [ 45.012435] path_openat+0x8bd/0x3f70 [ 45.016729] do_filp_open+0x18e/0x250 [ 45.021050] do_sys_open+0x2c5/0x430 [ 45.025279] SyS_open+0x2d/0x40 [ 45.029061] do_syscall_64+0x1e8/0x640 [ 45.033450] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.039218] [ 45.039218] -> #1 (nbd_index_mutex){+.+.}: [ 45.044909] lock_acquire+0x16f/0x430 [ 45.049209] __mutex_lock+0xe8/0x1470 [ 45.053520] mutex_lock_nested+0x16/0x20 [ 45.058086] nbd_open+0x27/0x1f0 [ 45.061963] __blkdev_get+0x2c7/0x1120 [ 45.066344] blkdev_get+0xa8/0x8e0 [ 45.070379] blkdev_open+0x1d1/0x260 [ 45.074588] do_dentry_open+0x73b/0xeb0 [ 45.079056] vfs_open+0x105/0x220 [ 45.083005] path_openat+0x8bd/0x3f70 [ 45.087300] do_filp_open+0x18e/0x250 [ 45.091608] do_sys_open+0x2c5/0x430 [ 45.095817] SyS_open+0x2d/0x40 [ 45.099593] do_syscall_64+0x1e8/0x640 [ 45.103977] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.109660] [ 45.109660] -> #0 (&bdev->bd_mutex){+.+.}: [ 45.115353] __lock_acquire+0x2c89/0x45e0 [ 45.119996] lock_acquire+0x16f/0x430 [ 45.124300] __mutex_lock+0xe8/0x1470 [ 45.128609] mutex_lock_nested+0x16/0x20 [ 45.133163] blkdev_reread_part+0x1f/0x40 [ 45.137834] nbd_ioctl+0x801/0xae0 [ 45.141870] blkdev_ioctl+0x96b/0x1860 [ 45.146254] block_ioctl+0xde/0x120 [ 45.150377] do_vfs_ioctl+0x7ae/0x1060 [ 45.154755] SyS_ioctl+0x8f/0xc0 [ 45.158613] do_syscall_64+0x1e8/0x640 [ 45.162993] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.168673] [ 45.168673] other info that might help us debug this: [ 45.168673] [ 45.176845] Chain exists of: [ 45.176845] &bdev->bd_mutex --> nbd_index_mutex --> &nbd->config_lock [ 45.176845] [ 45.187920] Possible unsafe locking scenario: [ 45.187920] [ 45.193965] CPU0 CPU1 [ 45.198614] ---- ---- [ 45.203252] lock(&nbd->config_lock); [ 45.207126] lock(nbd_index_mutex); [ 45.213332] lock(&nbd->config_lock); [ 45.219709] lock(&bdev->bd_mutex); [ 45.223423] [ 45.223423] *** DEADLOCK *** [ 45.223423] [ 45.229456] 1 lock held by syz-executor556/7122: [ 45.234181] #0: (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x134/0xae0 [ 45.242655] [ 45.242655] stack backtrace: [ 45.247126] CPU: 0 PID: 7122 Comm: syz-executor556 Not tainted 4.14.133 #28 [ 45.254226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.263555] Call Trace: [ 45.266150] dump_stack+0x138/0x19c [ 45.269773] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 45.275118] __lock_acquire+0x2c89/0x45e0 [ 45.279245] ? is_bpf_text_address+0xa6/0x120 [ 45.283721] ? kernel_text_address+0x73/0xf0 [ 45.288121] ? trace_hardirqs_on+0x10/0x10 [ 45.292335] lock_acquire+0x16f/0x430 [ 45.296132] ? blkdev_reread_part+0x1f/0x40 [ 45.300432] ? blkdev_reread_part+0x1f/0x40 [ 45.304734] __mutex_lock+0xe8/0x1470 [ 45.308509] ? blkdev_reread_part+0x1f/0x40 [ 45.312806] ? save_trace+0x290/0x290 [ 45.316580] ? blkdev_reread_part+0x1f/0x40 [ 45.320877] ? mutex_trylock+0x1c0/0x1c0 [ 45.324910] ? bd_set_size+0x89/0xb0 [ 45.328599] ? lock_downgrade+0x6e0/0x6e0 [ 45.332723] mutex_lock_nested+0x16/0x20 [ 45.336757] ? mutex_lock_nested+0x16/0x20 [ 45.340966] blkdev_reread_part+0x1f/0x40 [ 45.345088] nbd_ioctl+0x801/0xae0 [ 45.348602] ? kasan_slab_free+0x75/0xc0 [ 45.352639] ? nbd_add_socket+0x5e0/0x5e0 [ 45.356765] ? debug_check_no_obj_freed+0x2aa/0x7b7 [ 45.361759] ? nbd_add_socket+0x5e0/0x5e0 [ 45.365879] blkdev_ioctl+0x96b/0x1860 [ 45.369755] ? blkpg_ioctl+0x980/0x980 [ 45.373622] ? __might_sleep+0x93/0xb0 [ 45.377500] block_ioctl+0xde/0x120 [ 45.381104] ? blkdev_fallocate+0x3b0/0x3b0 [ 45.385417] do_vfs_ioctl+0x7ae/0x1060 [ 45.389292] ? selinux_file_mprotect+0x5d0/0x5d0 [ 45.394025] ? ioctl_preallocate+0x1c0/0x1c0 [ 45.398408] ? putname+0xe0/0x120 [ 45.401837] ? do_sys_open+0x221/0x430 [ 45.405699] ? security_file_ioctl+0x7d/0xb0 [ 45.410089] ? security_file_ioctl+0x89/0xb0 [ 45.414471] SyS_ioctl+0x8f/0xc0 [ 45.417829] ? do_vfs_ioctl+0x1060/0x1060 [ 45.421957] do_syscall_64+0x1e8/0x640 [ 45.425818] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.430637] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.435802] RIP: 0033:0x443df9 [ 45.438981] RSP: 002b:00007ffcbd60bcd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 45.446680] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443df9 [ 45.453927] RDX: 0000000000000000 RSI: 000000000000ab04 RDI: 0000000000000003 [ 45.461189] RBP: 00000000006ce018 R08: 0000000000000000 R09: 00000000004002e0 [ 45.468450] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000401b00 [ 45.47569