mon: restorecond[?25l[?1c7[1[ 33.151032] audit: type=1800 audit(1556220455.370:34): pid=6808 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 G[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.643356] random: sshd: uninitialized urandom read (32 bytes read) [ 38.004087] audit: type=1400 audit(1556220460.250:35): avc: denied { map } for pid=6982 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.054577] random: sshd: uninitialized urandom read (32 bytes read) [ 38.607241] random: sshd: uninitialized urandom read (32 bytes read) [ 38.784331] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.25' (ECDSA) to the list of known hosts. [ 44.430530] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 44.559813] audit: type=1400 audit(1556220466.800:36): avc: denied { map } for pid=6994 comm="syz-executor997" path="/root/syz-executor997264451" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 44.562629] [ 44.587687] ====================================================== [ 44.593983] WARNING: possible circular locking dependency detected [ 44.600468] 4.14.113 #3 Not tainted [ 44.604104] ------------------------------------------------------ [ 44.610392] syz-executor997/6994 is trying to acquire lock: [ 44.616077] (&bdev->bd_mutex){+.+.}, at: [] blkdev_reread_part+0x1f/0x40 [ 44.624567] [ 44.624567] but task is already holding lock: [ 44.630511] (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x134/0xae0 [ 44.638571] [ 44.638571] which lock already depends on the new lock. [ 44.638571] [ 44.646875] [ 44.646875] the existing dependency chain (in reverse order) is: [ 44.654470] [ 44.654470] -> #2 (&nbd->config_lock){+.+.}: [ 44.660349] lock_acquire+0x16f/0x430 [ 44.664648] __mutex_lock+0xe8/0x1470 [ 44.668970] mutex_lock_nested+0x16/0x20 [ 44.673538] nbd_open+0xf2/0x1f0 [ 44.677401] __blkdev_get+0x2c9/0x1120 [ 44.681790] blkdev_get+0xa8/0x8e0 [ 44.685830] blkdev_open+0x1d1/0x260 [ 44.690046] do_dentry_open+0x73e/0xeb0 [ 44.694516] vfs_open+0x105/0x230 [ 44.698465] path_openat+0x8bd/0x3f70 [ 44.702777] do_filp_open+0x18e/0x250 [ 44.707079] do_sys_open+0x2c5/0x430 [ 44.711288] SyS_open+0x2d/0x40 [ 44.715080] do_syscall_64+0x1eb/0x630 [ 44.719465] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.725148] [ 44.725148] -> #1 (nbd_index_mutex){+.+.}: [ 44.730847] lock_acquire+0x16f/0x430 [ 44.735147] __mutex_lock+0xe8/0x1470 [ 44.739441] mutex_lock_nested+0x16/0x20 [ 44.744015] nbd_open+0x27/0x1f0 [ 44.747878] __blkdev_get+0x2c9/0x1120 [ 44.752275] blkdev_get+0xa8/0x8e0 [ 44.756324] blkdev_open+0x1d1/0x260 [ 44.760536] do_dentry_open+0x73e/0xeb0 [ 44.765006] vfs_open+0x105/0x230 [ 44.768962] path_openat+0x8bd/0x3f70 [ 44.773259] do_filp_open+0x18e/0x250 [ 44.777555] do_sys_open+0x2c5/0x430 [ 44.781766] SyS_open+0x2d/0x40 [ 44.785541] do_syscall_64+0x1eb/0x630 [ 44.789961] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.795650] [ 44.795650] -> #0 (&bdev->bd_mutex){+.+.}: [ 44.801353] __lock_acquire+0x2c89/0x45e0 [ 44.806002] lock_acquire+0x16f/0x430 [ 44.810312] __mutex_lock+0xe8/0x1470 [ 44.814625] mutex_lock_nested+0x16/0x20 [ 44.819194] blkdev_reread_part+0x1f/0x40 [ 44.823854] nbd_ioctl+0x807/0xae0 [ 44.827903] blkdev_ioctl+0x983/0x1880 [ 44.832308] block_ioctl+0xde/0x120 [ 44.836432] do_vfs_ioctl+0x7b9/0x1070 [ 44.840819] SyS_ioctl+0x8f/0xc0 [ 44.844685] do_syscall_64+0x1eb/0x630 [ 44.849082] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.854949] [ 44.854949] other info that might help us debug this: [ 44.854949] [ 44.863083] Chain exists of: [ 44.863083] &bdev->bd_mutex --> nbd_index_mutex --> &nbd->config_lock [ 44.863083] [ 44.874167] Possible unsafe locking scenario: [ 44.874167] [ 44.880200] CPU0 CPU1 [ 44.884840] ---- ---- [ 44.889480] lock(&nbd->config_lock); [ 44.893341] lock(nbd_index_mutex); [ 44.899554] lock(&nbd->config_lock); [ 44.905945] lock(&bdev->bd_mutex); [ 44.909637] [ 44.909637] *** DEADLOCK *** [ 44.909637] [ 44.915875] 1 lock held by syz-executor997/6994: [ 44.920621] #0: (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x134/0xae0 [ 44.929269] [ 44.929269] stack backtrace: [ 44.933745] CPU: 0 PID: 6994 Comm: syz-executor997 Not tainted 4.14.113 #3 [ 44.940732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.950075] Call Trace: [ 44.952737] dump_stack+0x138/0x19c [ 44.956359] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 44.961707] __lock_acquire+0x2c89/0x45e0 [ 44.965834] ? is_bpf_text_address+0xa6/0x120 [ 44.970309] ? kernel_text_address+0x73/0xf0 [ 44.974708] ? trace_hardirqs_on+0x10/0x10 [ 44.978930] lock_acquire+0x16f/0x430 [ 44.982712] ? blkdev_reread_part+0x1f/0x40 [ 44.987010] ? blkdev_reread_part+0x1f/0x40 [ 44.991320] __mutex_lock+0xe8/0x1470 [ 44.995099] ? blkdev_reread_part+0x1f/0x40 [ 44.999397] ? save_trace+0x290/0x290 [ 45.003179] ? blkdev_reread_part+0x1f/0x40 [ 45.007482] ? mutex_trylock+0x1c0/0x1c0 [ 45.011518] ? bd_set_size+0x89/0xb0 [ 45.015208] ? lock_downgrade+0x6e0/0x6e0 [ 45.019350] mutex_lock_nested+0x16/0x20 [ 45.023420] ? mutex_lock_nested+0x16/0x20 [ 45.027643] blkdev_reread_part+0x1f/0x40 [ 45.031773] nbd_ioctl+0x807/0xae0 [ 45.035317] ? kasan_slab_free+0x75/0xc0 [ 45.039359] ? nbd_add_socket+0x5e0/0x5e0 [ 45.043502] ? debug_check_no_obj_freed+0x2aa/0x7b7 [ 45.048499] ? nbd_add_socket+0x5e0/0x5e0 [ 45.052631] blkdev_ioctl+0x983/0x1880 [ 45.056496] ? blkpg_ioctl+0x980/0x980 [ 45.060458] ? __might_sleep+0x93/0xb0 [ 45.064339] block_ioctl+0xde/0x120 [ 45.067951] ? blkdev_fallocate+0x3b0/0x3b0 [ 45.072252] do_vfs_ioctl+0x7b9/0x1070 [ 45.076127] ? selinux_file_mprotect+0x5d0/0x5d0 [ 45.080873] ? ioctl_preallocate+0x1c0/0x1c0 [ 45.085377] ? putname+0xe0/0x120 [ 45.088806] ? do_sys_open+0x221/0x430 [ 45.092686] ? security_file_ioctl+0x83/0xc0 [ 45.097111] ? security_file_ioctl+0x8f/0xc0 [ 45.101515] SyS_ioctl+0x8f/0xc0 [ 45.104859] ? do_vfs_ioctl+0x1070/0x1070 [ 45.108992] do_syscall_64+0x1eb/0x630 [ 45.112855] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.117700] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.122880] RIP: 0033:0x443df9 [ 45.126076] RSP: 002b:00007ffcdb751828 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 45.133889] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443df9 [ 45.141152] RDX: 0000000000000000 RSI: 000000000000ab04 RDI: 0000000000000003 [ 45.148402] RBP: 00000000006ce018 R08: 0000000000000000 R09: 00000000004002e0 [ 45.155648] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000401b00