[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.951568] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.975677] random: sshd: uninitialized urandom read (32 bytes read) [ 23.317742] random: sshd: uninitialized urandom read (32 bytes read) [ 24.038203] random: sshd: uninitialized urandom read (32 bytes read) [ 24.190240] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts. [ 29.608591] random: sshd: uninitialized urandom read (32 bytes read) 2018/04/27 10:04:54 parsed 1 programs 2018/04/27 10:04:54 executed programs: 0 [ 30.048642] IPVS: ftp: loaded support on port[0] = 21 [ 30.098643] [ 30.100290] ====================================================== [ 30.106581] WARNING: possible circular locking dependency detected [ 30.112872] 4.17.0-rc2+ #44 Not tainted [ 30.116836] ------------------------------------------------------ [ 30.123128] syz-executor0/4460 is trying to acquire lock: [ 30.128635] (ptrval) (&bdev->bd_mutex){+.+.}, at: blkdev_reread_part+0x1e/0x40 [ 30.136683] [ 30.136683] but task is already holding lock: [ 30.142630] (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170 [ 30.150937] [ 30.150937] which lock already depends on the new lock. [ 30.150937] [ 30.159239] [ 30.159239] the existing dependency chain (in reverse order) is: [ 30.166841] [ 30.166841] -> #2 (&lo->lo_ctl_mutex#2){+.+.}: [ 30.172896] __mutex_lock+0x16d/0x17f0 [ 30.177282] mutex_lock_nested+0x16/0x20 [ 30.181843] lo_release+0xa3/0x1f0 [ 30.185892] __blkdev_put+0x4f6/0x830 [ 30.190206] blkdev_put+0x98/0x540 [ 30.194252] blkdev_close+0x8b/0xb0 [ 30.198376] __fput+0x34d/0x890 [ 30.202151] ____fput+0x15/0x20 [ 30.205929] task_work_run+0x1e4/0x290 [ 30.210317] exit_to_usermode_loop+0x2bd/0x310 [ 30.215396] do_syscall_64+0x6ac/0x800 [ 30.219876] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.225557] [ 30.225557] -> #1 (loop_index_mutex){+.+.}: [ 30.231342] __mutex_lock+0x16d/0x17f0 [ 30.235738] mutex_lock_nested+0x16/0x20 [ 30.240295] lo_open+0x1b/0xb0 [ 30.243984] __blkdev_get+0x358/0x13a0 [ 30.248375] blkdev_get+0xb9/0xb30 [ 30.252409] blkdev_open+0x1fb/0x280 [ 30.256632] do_dentry_open+0x7ef/0xf10 [ 30.261104] vfs_open+0x139/0x230 [ 30.265158] path_openat+0x1676/0x4e20 [ 30.269543] do_filp_open+0x249/0x350 [ 30.273841] do_sys_open+0x56f/0x740 [ 30.278057] __x64_sys_open+0x7e/0xc0 [ 30.282353] do_syscall_64+0x1b1/0x800 [ 30.286734] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.292421] [ 30.292421] -> #0 (&bdev->bd_mutex){+.+.}: [ 30.298120] lock_acquire+0x1dc/0x520 [ 30.302415] __mutex_lock+0x16d/0x17f0 [ 30.306799] mutex_lock_nested+0x16/0x20 [ 30.311360] blkdev_reread_part+0x1e/0x40 [ 30.316005] loop_reread_partitions+0x159/0x180 [ 30.321172] loop_set_status+0xb95/0x1010 [ 30.325831] loop_set_status_compat+0xa4/0xf0 [ 30.330833] lo_compat_ioctl+0x14b/0x170 [ 30.335397] compat_blkdev_ioctl+0x3c2/0x1b20 [ 30.342061] __ia32_compat_sys_ioctl+0x221/0x640 [ 30.347317] do_fast_syscall_32+0x345/0xf9b [ 30.352137] entry_SYSENTER_compat+0x70/0x7f [ 30.357052] [ 30.357052] other info that might help us debug this: [ 30.357052] [ 30.365170] Chain exists of: [ 30.365170] &bdev->bd_mutex --> loop_index_mutex --> &lo->lo_ctl_mutex#2 [ 30.365170] [ 30.376514] Possible unsafe locking scenario: [ 30.376514] [ 30.382547] CPU0 CPU1 [ 30.387187] ---- ---- [ 30.391831] lock(&lo->lo_ctl_mutex#2); [ 30.395879] lock(loop_index_mutex); [ 30.402188] lock(&lo->lo_ctl_mutex#2); [ 30.408742] lock(&bdev->bd_mutex); [ 30.412429] [ 30.412429] *** DEADLOCK *** [ 30.412429] [ 30.418465] 1 lock held by syz-executor0/4460: [ 30.423015] #0: (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170 [ 30.431756] [ 30.431756] stack backtrace: [ 30.436236] CPU: 0 PID: 4460 Comm: syz-executor0 Not tainted 4.17.0-rc2+ #44 [ 30.443395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.452723] Call Trace: [ 30.455295] dump_stack+0x1b9/0x294 [ 30.458901] ? dump_stack_print_info.cold.2+0x52/0x52 [ 30.464069] ? print_lock+0xd1/0xd6 [ 30.467676] ? vprintk_func+0x81/0xe7 [ 30.471464] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 30.477154] ? save_trace+0xe0/0x290 [ 30.480847] __lock_acquire+0x343e/0x5140 [ 30.484973] ? debug_check_no_locks_freed+0x310/0x310 [ 30.490140] ? __lock_acquire+0x7f5/0x5140 [ 30.494350] ? debug_check_no_locks_freed+0x310/0x310 [ 30.499523] ? noop_count+0x40/0x40 [ 30.503128] ? bpf_prog_kallsyms_find+0xd6/0x4a0 [ 30.507861] ? __bpf_trace_bpf_map_next_key+0x40/0x40 [ 30.513032] ? lock_downgrade+0x8e0/0x8e0 [ 30.517159] ? print_usage_bug+0xc0/0xc0 [ 30.521198] ? print_usage_bug+0xc0/0xc0 [ 30.525237] ? kasan_check_read+0x11/0x20 [ 30.529361] ? graph_lock+0x170/0x170 [ 30.533140] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 30.538309] lock_acquire+0x1dc/0x520 [ 30.542092] ? blkdev_reread_part+0x1e/0x40 [ 30.546402] ? lock_release+0xa10/0xa10 [ 30.550353] ? check_same_owner+0x320/0x320 [ 30.554653] ? debug_check_no_locks_freed+0x310/0x310 [ 30.559829] ? rcu_note_context_switch+0x710/0x710 [ 30.564737] ? __might_sleep+0x95/0x190 [ 30.568690] ? blkdev_reread_part+0x1e/0x40 [ 30.573004] __mutex_lock+0x16d/0x17f0 [ 30.576885] ? blkdev_reread_part+0x1e/0x40 [ 30.581184] ? blkdev_reread_part+0x1e/0x40 [ 30.585484] ? debug_check_no_locks_freed+0x310/0x310 [ 30.590655] ? mutex_trylock+0x2a0/0x2a0 [ 30.594694] ? kasan_check_write+0x14/0x20 [ 30.598903] ? do_raw_spin_lock+0xc1/0x200 [ 30.603115] ? graph_lock+0x170/0x170 [ 30.606891] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 30.611971] ? graph_lock+0x170/0x170 [ 30.615746] ? graph_lock+0x170/0x170 [ 30.619527] ? save_stack+0xa9/0xd0 [ 30.623129] ? save_stack+0x43/0xd0 [ 30.626730] ? __lock_is_held+0xb5/0x140 [ 30.630769] ? print_usage_bug+0xc0/0xc0 [ 30.634810] ? lock_downgrade+0x8e0/0x8e0 [ 30.638934] ? mark_held_locks+0xc9/0x160 [ 30.643075] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 30.647634] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 30.652714] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.657705] ? trace_hardirqs_on+0xd/0x10 [ 30.661833] ? __wake_up_common_lock+0x1c2/0x300 [ 30.666568] mutex_lock_nested+0x16/0x20 [ 30.670608] ? mutex_lock_nested+0x16/0x20 [ 30.674821] blkdev_reread_part+0x1e/0x40 [ 30.678944] loop_reread_partitions+0x159/0x180 [ 30.683592] ? __loop_update_dio+0x6a0/0x6a0 [ 30.687982] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 30.693495] loop_set_status+0xb95/0x1010 [ 30.697622] loop_set_status_compat+0xa4/0xf0 [ 30.702095] ? loop_set_status+0x1010/0x1010 [ 30.706482] lo_compat_ioctl+0x14b/0x170 [ 30.710520] ? lo_ioctl+0x2130/0x2130 [ 30.714297] compat_blkdev_ioctl+0x3c2/0x1b20 [ 30.718768] ? bfq_create_group_hierarchy+0x120/0x120 [ 30.723938] ? __x32_compat_sys_get_robust_list+0x430/0x430 [ 30.729628] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 30.734889] ? bfq_create_group_hierarchy+0x120/0x120 [ 30.740083] __ia32_compat_sys_ioctl+0x221/0x640 [ 30.744816] do_fast_syscall_32+0x345/0xf9b [ 30.749114] ? do_int80_syscall_32+0x880/0x880 [ 30.753670] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 30.758402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.763912] ? syscall_return_slowpath+0x30f/0x5c0 [ 30.768821] ? sysret32_from_system_call+0x5/0x46 [ 30.773640] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.778458] entry_SYSENTER_compat+0x70/0x7f [ 30.782850] RIP: 0023:0xf7fa5cb9 [ 30.786188] RSP: 002b:00000000ffc7c23c EFLAGS: 00000282 ORIG_RAX: 0000000000000036 [ 30.793873] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c02 [ 30.