[....] Starting OpenBSD Secure Shell server: sshd[ 18.558301] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c[ 18.652780] random: sshd: uninitialized urandom read (32 bytes read) . [ 18.861276] random: sshd: uninitialized urandom read (32 bytes read) [ 19.586921] random: sshd: uninitialized urandom read (32 bytes read) [ 19.734558] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. syzkaller login: [ 25.254452] random: sshd: uninitialized urandom read (32 bytes read) 2018/04/25 22:33:00 parsed 1 programs 2018/04/25 22:33:00 executed programs: 0 [ 25.698145] IPVS: ftp: loaded support on port[0] = 21 [ 25.750601] [ 25.752246] ====================================================== [ 25.758535] WARNING: possible circular locking dependency detected [ 25.764829] 4.17.0-rc2+ #41 Not tainted [ 25.768775] ------------------------------------------------------ [ 25.775073] syz-executor0/4462 is trying to acquire lock: [ 25.780594] (ptrval) (&bdev->bd_mutex){+.+.}, at: blkdev_reread_part+0x1e/0x40 [ 25.788652] [ 25.788652] but task is already holding lock: [ 25.794599] (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170 [ 25.802903] [ 25.802903] which lock already depends on the new lock. [ 25.802903] [ 25.811196] [ 25.811196] the existing dependency chain (in reverse order) is: [ 25.818789] [ 25.818789] -> #2 (&lo->lo_ctl_mutex#2){+.+.}: [ 25.824840] __mutex_lock+0x16d/0x17f0 [ 25.829234] mutex_lock_nested+0x16/0x20 [ 25.833792] lo_release+0xa3/0x1f0 [ 25.837829] __blkdev_put+0x4f6/0x830 [ 25.842133] blkdev_put+0x98/0x540 [ 25.846170] blkdev_close+0x8b/0xb0 [ 25.850292] __fput+0x34d/0x890 [ 25.854069] ____fput+0x15/0x20 [ 25.857851] task_work_run+0x1e4/0x290 [ 25.862240] exit_to_usermode_loop+0x2bd/0x310 [ 25.867318] do_syscall_64+0x6ac/0x800 [ 25.871703] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 25.877391] [ 25.877391] -> #1 (loop_index_mutex){+.+.}: [ 25.883175] __mutex_lock+0x16d/0x17f0 [ 25.887561] mutex_lock_nested+0x16/0x20 [ 25.892119] lo_open+0x1b/0xb0 [ 25.895807] __blkdev_get+0x358/0x13a0 [ 25.900190] blkdev_get+0xb9/0xb30 [ 25.904225] blkdev_open+0x1fb/0x280 [ 25.908436] do_dentry_open+0x7ef/0xf10 [ 25.912909] vfs_open+0x139/0x230 [ 25.916861] path_openat+0x1676/0x4e20 [ 25.921252] do_filp_open+0x249/0x350 [ 25.925552] do_sys_open+0x56f/0x740 [ 25.929763] __x64_sys_open+0x7e/0xc0 [ 25.934062] do_syscall_64+0x1b1/0x800 [ 25.938452] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 25.944135] [ 25.944135] -> #0 (&bdev->bd_mutex){+.+.}: [ 25.949838] lock_acquire+0x1dc/0x520 [ 25.954140] __mutex_lock+0x16d/0x17f0 [ 25.958525] mutex_lock_nested+0x16/0x20 [ 25.963087] blkdev_reread_part+0x1e/0x40 [ 25.967730] loop_reread_partitions+0x159/0x180 [ 25.972895] loop_set_status+0xb95/0x1010 [ 25.977540] loop_set_status_compat+0xa4/0xf0 [ 25.982533] lo_compat_ioctl+0x14b/0x170 [ 25.987091] compat_blkdev_ioctl+0x3c2/0x1b20 [ 25.992085] __ia32_compat_sys_ioctl+0x221/0x640 [ 25.997340] do_fast_syscall_32+0x345/0xf9b [ 26.002171] entry_SYSENTER_compat+0x70/0x7f [ 26.007072] [ 26.007072] other info that might help us debug this: [ 26.007072] [ 26.015189] Chain exists of: [ 26.015189] &bdev->bd_mutex --> loop_index_mutex --> &lo->lo_ctl_mutex#2 [ 26.015189] [ 26.026532] Possible unsafe locking scenario: [ 26.026532] [ 26.032563] CPU0 CPU1 [ 26.037214] ---- ---- [ 26.041853] lock(&lo->lo_ctl_mutex#2); [ 26.045891] lock(loop_index_mutex); [ 26.052182] lock(&lo->lo_ctl_mutex#2); [ 26.058738] lock(&bdev->bd_mutex); [ 26.062439] [ 26.062439] *** DEADLOCK *** [ 26.062439] [ 26.068492] 1 lock held by syz-executor0/4462: [ 26.073061] #0: (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170 [ 26.081820] [ 26.081820] stack backtrace: [ 26.086304] CPU: 1 PID: 4462 Comm: syz-executor0 Not tainted 4.17.0-rc2+ #41 [ 26.093471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.102796] Call Trace: [ 26.105367] dump_stack+0x1b9/0x294 [ 26.108984] ? dump_stack_print_info.cold.2+0x52/0x52 [ 26.114159] ? print_lock+0xd1/0xd6 [ 26.117768] ? vprintk_func+0x81/0xe7 [ 26.121556] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 26.127245] ? save_trace+0xe0/0x290 [ 26.130935] __lock_acquire+0x343e/0x5140 [ 26.135064] ? debug_check_no_locks_freed+0x310/0x310 [ 26.140229] ? __lock_acquire+0x7f5/0x5140 [ 26.144442] ? debug_check_no_locks_freed+0x310/0x310 [ 26.149608] ? noop_count+0x40/0x40 [ 26.153218] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 26.158732] ? bpf_prog_kallsyms_find+0xd6/0x4a0 [ 26.163465] ? __bpf_trace_bpf_map_next_key+0x40/0x40 [ 26.168630] ? is_bpf_text_address+0xae/0x170 [ 26.173107] ? lock_downgrade+0x8e0/0x8e0 [ 26.177234] ? print_usage_bug+0xc0/0xc0 [ 26.181270] ? print_usage_bug+0xc0/0xc0 [ 26.185307] ? kasan_check_read+0x11/0x20 [ 26.189433] ? graph_lock+0x170/0x170 [ 26.193228] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 26.198397] lock_acquire+0x1dc/0x520 [ 26.202180] ? blkdev_reread_part+0x1e/0x40 [ 26.206485] ? lock_release+0xa10/0xa10 [ 26.210435] ? check_same_owner+0x320/0x320 [ 26.214735] ? debug_check_no_locks_freed+0x310/0x310 [ 26.219903] ? rcu_note_context_switch+0x710/0x710 [ 26.224810] ? __might_sleep+0x95/0x190 [ 26.228762] ? blkdev_reread_part+0x1e/0x40 [ 26.233064] __mutex_lock+0x16d/0x17f0 [ 26.236929] ? blkdev_reread_part+0x1e/0x40 [ 26.241230] ? blkdev_reread_part+0x1e/0x40 [ 26.245540] ? debug_check_no_locks_freed+0x310/0x310 [ 26.250713] ? mutex_trylock+0x2a0/0x2a0 [ 26.254751] ? kasan_check_write+0x14/0x20 [ 26.258961] ? do_raw_spin_lock+0xc1/0x200 [ 26.263171] ? graph_lock+0x170/0x170 [ 26.266948] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 26.272030] ? graph_lock+0x170/0x170 [ 26.275811] ? graph_lock+0x170/0x170 [ 26.279588] ? save_stack+0xa9/0xd0 [ 26.283189] ? save_stack+0x43/0xd0 [ 26.286792] ? __lock_is_held+0xb5/0x140 [ 26.290828] ? print_usage_bug+0xc0/0xc0 [ 26.294866] ? lock_downgrade+0x8e0/0x8e0 [ 26.298990] ? mark_held_locks+0xc9/0x160 [ 26.303115] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 26.307681] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 26.312761] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.317755] ? trace_hardirqs_on+0xd/0x10 [ 26.321880] ? __wake_up_common_lock+0x1c2/0x300 [ 26.326615] mutex_lock_nested+0x16/0x20 [ 26.330662] ? mutex_lock_nested+0x16/0x20 [ 26.334880] blkdev_reread_part+0x1e/0x40 [ 26.339007] loop_reread_partitions+0x159/0x180 [ 26.343660] ? __loop_update_dio+0x6a0/0x6a0 [ 26.348049] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 26.353563] loop_set_status+0xb95/0x1010 [ 26.357690] loop_set_status_compat+0xa4/0xf0 [ 26.362162] ? loop_set_status+0x1010/0x1010 [ 26.366552] lo_compat_ioctl+0x14b/0x170 [ 26.370586] ? lo_ioctl+0x2130/0x2130 [ 26.374362] compat_blkdev_ioctl+0x3c2/0x1b20 [ 26.378836] ? bfq_create_group_hierarchy+0x120/0x120 [ 26.384003] ? __x32_compat_sys_get_robust_list+0x430/0x430 [ 26.389704] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 26.394872] ? bfq_create_group_hierarchy+0x120/0x120 [ 26.400046] __ia32_compat_sys_ioctl+0x221/0x640 [ 26.404782] do_fast_syscall_32+0x345/0xf9b [ 26.409081] ? do_int80_syscall_32+0x880/0x880 [ 26.413649] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.418390] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 26.423906] ? syscall_return_slowpath+0x30f/0x5c0 [ 26.428812] ? sysret32_from_system_call+0x5/0x46 [ 26.433641] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.438463] entry_SYSENTER_compat+0x70/0x7f [ 26.442846] RIP: 0023:0xf7f00cb9 [ 26.446184] RSP: 002b:00000000ff867b5c EFLAGS: 00000286 ORIG_RAX: 0000000000000036