mon: restorecond[?25l[?1c7[1[   33.151032] audit: type=1800 audit(1556220455.370:34): pid=6808 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0
G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   37.643356] random: sshd: uninitialized urandom read (32 bytes read)
[   38.004087] audit: type=1400 audit(1556220460.250:35): avc:  denied  { map } for  pid=6982 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   38.054577] random: sshd: uninitialized urandom read (32 bytes read)
[   38.607241] random: sshd: uninitialized urandom read (32 bytes read)
[   38.784331] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.1.25' (ECDSA) to the list of known hosts.
[   44.430530] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   44.559813] audit: type=1400 audit(1556220466.800:36): avc:  denied  { map } for  pid=6994 comm="syz-executor997" path="/root/syz-executor997264451" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   44.562629] 
[   44.587687] ======================================================
[   44.593983] WARNING: possible circular locking dependency detected
[   44.600468] 4.14.113 #3 Not tainted
[   44.604104] ------------------------------------------------------
[   44.610392] syz-executor997/6994 is trying to acquire lock:
[   44.616077]  (&bdev->bd_mutex){+.+.}, at: [<ffffffff82caa54f>] blkdev_reread_part+0x1f/0x40
[   44.624567] 
[   44.624567] but task is already holding lock:
[   44.630511]  (&nbd->config_lock){+.+.}, at: [<ffffffff837482b4>] nbd_ioctl+0x134/0xae0
[   44.638571] 
[   44.638571] which lock already depends on the new lock.
[   44.638571] 
[   44.646875] 
[   44.646875] the existing dependency chain (in reverse order) is:
[   44.654470] 
[   44.654470] -> #2 (&nbd->config_lock){+.+.}:
[   44.660349]        lock_acquire+0x16f/0x430
[   44.664648]        __mutex_lock+0xe8/0x1470
[   44.668970]        mutex_lock_nested+0x16/0x20
[   44.673538]        nbd_open+0xf2/0x1f0
[   44.677401]        __blkdev_get+0x2c9/0x1120
[   44.681790]        blkdev_get+0xa8/0x8e0
[   44.685830]        blkdev_open+0x1d1/0x260
[   44.690046]        do_dentry_open+0x73e/0xeb0
[   44.694516]        vfs_open+0x105/0x230
[   44.698465]        path_openat+0x8bd/0x3f70
[   44.702777]        do_filp_open+0x18e/0x250
[   44.707079]        do_sys_open+0x2c5/0x430
[   44.711288]        SyS_open+0x2d/0x40
[   44.715080]        do_syscall_64+0x1eb/0x630
[   44.719465]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.725148] 
[   44.725148] -> #1 (nbd_index_mutex){+.+.}:
[   44.730847]        lock_acquire+0x16f/0x430
[   44.735147]        __mutex_lock+0xe8/0x1470
[   44.739441]        mutex_lock_nested+0x16/0x20
[   44.744015]        nbd_open+0x27/0x1f0
[   44.747878]        __blkdev_get+0x2c9/0x1120
[   44.752275]        blkdev_get+0xa8/0x8e0
[   44.756324]        blkdev_open+0x1d1/0x260
[   44.760536]        do_dentry_open+0x73e/0xeb0
[   44.765006]        vfs_open+0x105/0x230
[   44.768962]        path_openat+0x8bd/0x3f70
[   44.773259]        do_filp_open+0x18e/0x250
[   44.777555]        do_sys_open+0x2c5/0x430
[   44.781766]        SyS_open+0x2d/0x40
[   44.785541]        do_syscall_64+0x1eb/0x630
[   44.789961]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.795650] 
[   44.795650] -> #0 (&bdev->bd_mutex){+.+.}:
[   44.801353]        __lock_acquire+0x2c89/0x45e0
[   44.806002]        lock_acquire+0x16f/0x430
[   44.810312]        __mutex_lock+0xe8/0x1470
[   44.814625]        mutex_lock_nested+0x16/0x20
[   44.819194]        blkdev_reread_part+0x1f/0x40
[   44.823854]        nbd_ioctl+0x807/0xae0
[   44.827903]        blkdev_ioctl+0x983/0x1880
[   44.832308]        block_ioctl+0xde/0x120
[   44.836432]        do_vfs_ioctl+0x7b9/0x1070
[   44.840819]        SyS_ioctl+0x8f/0xc0
[   44.844685]        do_syscall_64+0x1eb/0x630
[   44.849082]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.854949] 
[   44.854949] other info that might help us debug this:
[   44.854949] 
[   44.863083] Chain exists of:
[   44.863083]   &bdev->bd_mutex --> nbd_index_mutex --> &nbd->config_lock
[   44.863083] 
[   44.874167]  Possible unsafe locking scenario:
[   44.874167] 
[   44.880200]        CPU0                    CPU1
[   44.884840]        ----                    ----
[   44.889480]   lock(&nbd->config_lock);
[   44.893341]                                lock(nbd_index_mutex);
[   44.899554]                                lock(&nbd->config_lock);
[   44.905945]   lock(&bdev->bd_mutex);
[   44.909637] 
[   44.909637]  *** DEADLOCK ***
[   44.909637] 
[   44.915875] 1 lock held by syz-executor997/6994:
[   44.920621]  #0:  (&nbd->config_lock){+.+.}, at: [<ffffffff837482b4>] nbd_ioctl+0x134/0xae0
[   44.929269] 
[   44.929269] stack backtrace:
[   44.933745] CPU: 0 PID: 6994 Comm: syz-executor997 Not tainted 4.14.113 #3
[   44.940732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.950075] Call Trace:
[   44.952737]  dump_stack+0x138/0x19c
[   44.956359]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   44.961707]  __lock_acquire+0x2c89/0x45e0
[   44.965834]  ? is_bpf_text_address+0xa6/0x120
[   44.970309]  ? kernel_text_address+0x73/0xf0
[   44.974708]  ? trace_hardirqs_on+0x10/0x10
[   44.978930]  lock_acquire+0x16f/0x430
[   44.982712]  ? blkdev_reread_part+0x1f/0x40
[   44.987010]  ? blkdev_reread_part+0x1f/0x40
[   44.991320]  __mutex_lock+0xe8/0x1470
[   44.995099]  ? blkdev_reread_part+0x1f/0x40
[   44.999397]  ? save_trace+0x290/0x290
[   45.003179]  ? blkdev_reread_part+0x1f/0x40
[   45.007482]  ? mutex_trylock+0x1c0/0x1c0
[   45.011518]  ? bd_set_size+0x89/0xb0
[   45.015208]  ? lock_downgrade+0x6e0/0x6e0
[   45.019350]  mutex_lock_nested+0x16/0x20
[   45.023420]  ? mutex_lock_nested+0x16/0x20
[   45.027643]  blkdev_reread_part+0x1f/0x40
[   45.031773]  nbd_ioctl+0x807/0xae0
[   45.035317]  ? kasan_slab_free+0x75/0xc0
[   45.039359]  ? nbd_add_socket+0x5e0/0x5e0
[   45.043502]  ? debug_check_no_obj_freed+0x2aa/0x7b7
[   45.048499]  ? nbd_add_socket+0x5e0/0x5e0
[   45.052631]  blkdev_ioctl+0x983/0x1880
[   45.056496]  ? blkpg_ioctl+0x980/0x980
[   45.060458]  ? __might_sleep+0x93/0xb0
[   45.064339]  block_ioctl+0xde/0x120
[   45.067951]  ? blkdev_fallocate+0x3b0/0x3b0
[   45.072252]  do_vfs_ioctl+0x7b9/0x1070
[   45.076127]  ? selinux_file_mprotect+0x5d0/0x5d0
[   45.080873]  ? ioctl_preallocate+0x1c0/0x1c0
[   45.085377]  ? putname+0xe0/0x120
[   45.088806]  ? do_sys_open+0x221/0x430
[   45.092686]  ? security_file_ioctl+0x83/0xc0
[   45.097111]  ? security_file_ioctl+0x8f/0xc0
[   45.101515]  SyS_ioctl+0x8f/0xc0
[   45.104859]  ? do_vfs_ioctl+0x1070/0x1070
[   45.108992]  do_syscall_64+0x1eb/0x630
[   45.112855]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   45.117700]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   45.122880] RIP: 0033:0x443df9
[   45.126076] RSP: 002b:00007ffcdb751828 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   45.133889] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443df9
[   45.141152] RDX: 0000000000000000 RSI: 000000000000ab04 RDI: 0000000000000003
[   45.148402] RBP: 00000000006ce018 R08: 0000000000000000 R09: 00000000004002e0
[   45.155648] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000401b00