[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.145975] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 23.837603] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 24.188771] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 25.186618] random: sshd: uninitialized urandom read (32 bytes read, 120 bits of entropy available) [ 25.361195] random: sshd: uninitialized urandom read (32 bytes read, 124 bits of entropy available) Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. [ 30.886036] random: sshd: uninitialized urandom read (32 bytes read, 128 bits of entropy available) 2018/04/13 02:42:40 parsed 1 programs 2018/04/13 02:42:40 executed programs: 0 [ 31.311776] IPVS: Creating netns size=2552 id=1 [ 31.446932] [ 31.448585] ====================================================== [ 31.454873] [ INFO: possible circular locking dependency detected ] [ 31.461292] 4.4.125-g38f41ec #21 Not tainted [ 31.465669] ------------------------------------------------------- [ 31.472045] syz-executor0/3775 is trying to acquire lock: [ 31.477553] (&bdev->bd_mutex){+.+.+.}, at: [] blkdev_reread_part+0x1e/0x40 [ 31.486663] [ 31.486663] but task is already holding lock: [ 31.492620] (&lo->lo_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x109/0x140 [ 31.502116] [ 31.502116] which lock already depends on the new lock. [ 31.502116] [ 31.510403] [ 31.510403] the existing dependency chain (in reverse order) is: [ 31.517997] -> #2 (&lo->lo_ctl_mutex#2){+.+.+.}: [ 31.523520] [] lock_acquire+0x15e/0x460 [ 31.529753] [] mutex_lock_nested+0xbb/0x850 [ 31.536353] [] lo_release+0x85/0x160 [ 31.542384] [] __blkdev_put+0x5f7/0x7e0 [ 31.548652] [] blkdev_put+0x85/0x550 [ 31.554651] [] blkdev_close+0x8b/0xb0 [ 31.560718] [] __fput+0x233/0x6d0 [ 31.566444] [] ____fput+0x15/0x20 [ 31.572154] [] task_work_run+0x104/0x180 [ 31.578493] [] exit_to_usermode_loop+0x13d/0x160 [ 31.585523] [] syscall_return_slowpath+0x1b5/0x1f0 [ 31.592733] [] int_ret_from_sys_call+0x25/0xa3 [ 31.599589] -> #1 (loop_index_mutex){+.+.+.}: [ 31.604740] [] lock_acquire+0x15e/0x460 [ 31.610985] [] mutex_lock_nested+0xbb/0x850 [ 31.617608] [] lo_open+0x1b/0xa0 [ 31.623251] [] __blkdev_get+0x2ac/0xdf0 [ 31.629489] [] blkdev_get+0x33d/0x940 [ 31.635550] [] blkdev_open+0x1a5/0x250 [ 31.641718] [] do_dentry_open+0x59b/0xba0 [ 31.648130] [] vfs_open+0x110/0x210 [ 31.654033] [] path_openat+0x923/0x3940 [ 31.660270] [] do_filp_open+0x197/0x290 [ 31.666519] [] do_sys_open+0x369/0x660 [ 31.672668] [] SyS_open+0x2d/0x40 [ 31.678391] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 31.685702] -> #0 (&bdev->bd_mutex){+.+.+.}: [ 31.690784] [] __lock_acquire+0x371f/0x4b50 [ 31.697384] [] lock_acquire+0x15e/0x460 [ 31.703631] [] mutex_lock_nested+0xbb/0x850 [ 31.710320] [] blkdev_reread_part+0x1e/0x40 [ 31.716923] [] loop_reread_partitions+0x78/0xe0 [ 31.723859] [] loop_set_status+0x995/0xfc0 [ 31.730360] [] loop_set_status_compat+0x9a/0x100 [ 31.737390] [] lo_compat_ioctl+0x114/0x140 [ 31.743882] [] compat_blkdev_ioctl+0x3d4/0x3b10 [ 31.750812] [] compat_SyS_ioctl+0x28a/0x2540 [ 31.757481] [] do_fast_syscall_32+0x321/0x8a0 [ 31.764241] [] sysenter_flags_fixed+0xd/0x17 [ 31.770925] [ 31.770925] other info that might help us debug this: [ 31.770925] [ 31.779052] Chain exists of: &bdev->bd_mutex --> loop_index_mutex --> &lo->lo_ctl_mutex#2 [ 31.788610] Possible unsafe locking scenario: [ 31.788610] [ 31.794644] CPU0 CPU1 [ 31.799291] ---- ---- [ 31.803934] lock(&lo->lo_ctl_mutex#2); [ 31.808334] lock(loop_index_mutex); [ 31.814859] lock(&lo->lo_ctl_mutex#2); [ 31.821758] lock(&bdev->bd_mutex); [ 31.825674] [ 31.825674] *** DEADLOCK *** [ 31.825674] [ 31.831798] 1 lock held by syz-executor0/3775: [ 31.836350] #0: (&lo->lo_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x109/0x140 [ 31.846435] [ 31.846435] stack backtrace: [ 31.850907] CPU: 1 PID: 3775 Comm: syz-executor0 Not tainted 4.4.125-g38f41ec #21 [ 31.858499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.867833] 0000000000000000 eefa9c86626cb46f ffff8800b76ef5e8 ffffffff81d067bd [ 31.875813] ffffffff85188b10 ffffffff851880f0 ffffffff851b0fb0 ffff8801c8a0a108 [ 31.883821] ffff8801c8a09800 ffff8800b76ef630 ffffffff81234081 ffff8801c8a0a108 [ 31.891822] Call Trace: [ 31.894544] [] dump_stack+0xc1/0x124 [ 31.899889] [] print_circular_bug+0x271/0x310 [ 31.906012] [] __lock_acquire+0x371f/0x4b50 [ 31.911957] [] ? save_stack_trace+0x26/0x50 [ 31.917901] [] ? save_stack+0x43/0xd0 [ 31.923323] [] ? kasan_slab_free+0x72/0xc0 [ 31.929453] [] ? kfree+0xfc/0x300 [ 31.934530] [] ? kobject_uevent_env+0x24f/0xb40 [ 31.940825] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 31.947820] [] ? __lock_acquire+0xb5f/0x4b50 [ 31.953859] [] ? __lock_is_held+0xa1/0xf0 [ 31.959634] [] lock_acquire+0x15e/0x460 [ 31.965228] [] ? blkdev_reread_part+0x1e/0x40 [ 31.971341] [] ? blkdev_reread_part+0x1e/0x40 [ 31.977457] [] mutex_lock_nested+0xbb/0x850 [ 31.983417] [] ? blkdev_reread_part+0x1e/0x40 [ 31.989553] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 31.995778] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 32.002678] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 32.009506] [] blkdev_reread_part+0x1e/0x40 [ 32.015465] [] loop_reread_partitions+0x78/0xe0 [ 32.021757] [] loop_set_status+0x995/0xfc0 [ 32.027621] [] loop_set_status_compat+0x9a/0x100 [ 32.033998] [] ? loop_set_status+0xfc0/0xfc0 [ 32.040028] [] lo_compat_ioctl+0x114/0x140 [ 32.045890] [] ? lo_ioctl+0x19c0/0x19c0 [ 32.051494] [] compat_blkdev_ioctl+0x3d4/0x3b10 [ 32.057791] [] ? cfq_dispatch_requests+0x2fa0/0x2fa0 [ 32.064516] [] ? exit_robust_list+0x240/0x240 [ 32.070634] [] ? SyS_memfd_create+0x258/0x2e0 [ 32.076751] [] ? sysenter_flags_fixed+0xd/0x17 [ 32.082953] [] ? security_file_ioctl+0x89/0xb0 [ 32.089158] [] compat_SyS_ioctl+0x28a/0x2540 [ 32.095187] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 32.102092] [] ? cfq_dispatch_requests+0x2fa0/0x2fa0 [ 32.108822] [] ? compat_SyS_ppoll+0x420/0x420 [ 32.114946] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 32.121855] [] ? debug_check_no_obj_freed+0x2d2/0x9b0 [ 32.128680] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 32.134817] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 32.141820] [] ? SyS_memfd_create+0x258/0x2e0 [ 32.147945] [