[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [ 10.032319] random: sshd: uninitialized urandom read (32 bytes read) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.381652] random: sshd: uninitialized urandom read (32 bytes read) [ 20.389907] random: crng init done Warning: Permanently added '10.128.0.114' (ECDSA) to the list of known hosts. executing program [ 30.519065] [ 30.520704] ====================================================== [ 30.527157] [ INFO: possible circular locking dependency detected ] [ 30.533542] 4.9.141+ #23 Not tainted [ 30.537231] ------------------------------------------------------- [ 30.543611] syz-executor806/2057 is trying to acquire lock: [ 30.549291] (&bdev->bd_mutex){+.+.+.}, at: [] blkdev_reread_part+0x1e/0x40 [ 30.558302] but task is already holding lock: [ 30.563040] (&lo->lo_ctl_mutex#2){+.+...}, at: [] lo_compat_ioctl+0x103/0x140 [ 30.572542] which lock already depends on the new lock. [ 30.572542] [ 30.579528] [ 30.579528] the existing dependency chain (in reverse order) is: [ 30.587123] -> #2 (&lo->lo_ctl_mutex#2){+.+...}: [ 30.592637] lock_acquire+0x130/0x3e0 [ 30.596935] mutex_lock_nested+0xc0/0x900 [ 30.601585] lo_release+0x85/0x1a0 [ 30.605622] __blkdev_put+0x636/0x840 [ 30.609919] blkdev_put+0x85/0x560 [ 30.613952] blkdev_close+0x8b/0xb0 [ 30.618075] __fput+0x263/0x700 [ 30.621847] ____fput+0x15/0x20 [ 30.625625] task_work_run+0x10c/0x180 [ 30.630020] exit_to_usermode_loop+0x129/0x150 [ 30.635095] do_syscall_64+0x3e2/0x550 [ 30.639478] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 30.645074] -> #1 (loop_index_mutex){+.+.+.}: [ 30.650208] lock_acquire+0x130/0x3e0 [ 30.654520] mutex_lock_nested+0xc0/0x900 [ 30.659174] lo_open+0x1b/0xa0 [ 30.662862] __blkdev_get+0x263/0xd60 [ 30.667157] blkdev_get+0x2da/0x920 [ 30.671278] blkdev_open+0x1a5/0x250 [ 30.675485] do_dentry_open+0x3ef/0xc90 [ 30.679954] vfs_open+0x11c/0x210 [ 30.683901] path_openat+0x542/0x2790 [ 30.688198] do_filp_open+0x197/0x270 [ 30.692501] do_sys_open+0x30d/0x5c0 [ 30.696710] SyS_open+0x2d/0x40 [ 30.700539] do_syscall_64+0x19f/0x550 [ 30.704934] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 30.711313] -> #0 (&bdev->bd_mutex){+.+.+.}: [ 30.716352] __lock_acquire+0x3189/0x4a10 [ 30.721111] lock_acquire+0x130/0x3e0 [ 30.725423] mutex_lock_nested+0xc0/0x900 [ 30.730113] blkdev_reread_part+0x1e/0x40 [ 30.734763] loop_reread_partitions+0x7c/0x90 [ 30.739754] loop_set_status+0xa7e/0xfe0 [ 30.744316] loop_set_status_compat+0x9a/0xf0 [ 30.749306] lo_compat_ioctl+0x10e/0x140 [ 30.753864] compat_blkdev_ioctl+0x3a4/0x3630 [ 30.758853] compat_SyS_ioctl+0x12d/0x1fd0 [ 30.763592] do_fast_syscall_32+0x2f1/0xa10 [ 30.768418] entry_SYSENTER_compat+0x90/0xa2 [ 30.773321] [ 30.773321] other info that might help us debug this: [ 30.773321] [ 30.781437] Chain exists of: &bdev->bd_mutex --> loop_index_mutex --> &lo->lo_ctl_mutex#2 [ 30.791012] Possible unsafe locking scenario: [ 30.791012] [ 30.797042] CPU0 CPU1 [ 30.801684] ---- ---- [ 30.806327] lock(&lo->lo_ctl_mutex#2); [ 30.810729] lock(loop_index_mutex); [ 30.817261] lock(&lo->lo_ctl_mutex#2); [ 30.824253] lock(&bdev->bd_mutex); [ 30.828175] [ 30.828175] *** DEADLOCK *** [ 30.828175] [ 30.834207] 1 lock held by syz-executor806/2057: [ 30.838944] #0: (&lo->lo_ctl_mutex#2){+.+...}, at: [] lo_compat_ioctl+0x103/0x140 [ 30.848893] [ 30.848893] stack backtrace: [ 30.853364] CPU: 1 PID: 2057 Comm: syz-executor806 Not tainted 4.9.141+ #23 [ 30.860448] ffff8801ce627788 ffffffff81b42e79 ffffffff83c8e1b0 ffffffff83cb42e0 [ 30.868432] ffffffff83c8d430 ffff8801cf403850 ffff8801cf402f80 ffff8801ce6277d0 [ 30.876425] ffffffff813fee40 0000000000000001 00000000cf403830 0000000000000001 [ 30.884413] Call Trace: [ 30.886979] [] dump_stack+0xc1/0x128 [ 30.892317] [] print_circular_bug.cold.36+0x2f7/0x432 [ 30.899134] [] __lock_acquire+0x3189/0x4a10 [ 30.905079] [] ? trace_hardirqs_on+0x10/0x10 [ 30.911117] [] ? __lock_acquire+0x654/0x4a10 [ 30.917152] [] lock_acquire+0x130/0x3e0 [ 30.922962] [] ? blkdev_reread_part+0x1e/0x40 [ 30.929088] [] ? blkdev_reread_part+0x1e/0x40 [ 30.935216] [] mutex_lock_nested+0xc0/0x900 [ 30.941187] [] ? blkdev_reread_part+0x1e/0x40 [ 30.947309] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 30.954039] [] ? mutex_trylock+0x3e0/0x3e0 [ 30.959900] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 30.966801] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 30.973625] [] blkdev_reread_part+0x1e/0x40 [ 30.979575] [] loop_reread_partitions+0x7c/0x90 [ 30.985867] [] loop_set_status+0xa7e/0xfe0 [ 30.991731] [] loop_set_status_compat+0x9a/0xf0 [ 30.998024] [] ? loop_set_status+0xfe0/0xfe0 [ 31.004059] [] lo_compat_ioctl+0x10e/0x140 [ 31.009924] [] ? lo_ioctl+0x1910/0x1910 [ 31.015525] [] compat_blkdev_ioctl+0x3a4/0x3630 [ 31.021824] [] ? debug_check_no_obj_freed+0x2ce/0x890 [ 31.028644] [] ? cfq_merged_request+0x110/0x110 [ 31.034940] [] ? SyS_memfd_create+0x269/0x2f0 [ 31.041061] [] ? security_file_ioctl+0x8f/0xc0 [ 31.047268] [] ? cfq_merged_request+0x110/0x110 [ 31.053559] [] compat_SyS_ioctl+0x12d/0x1fd0 [ 31.059752] [] ? do_ioctl+0x60/0x60 [ 31.065022] [] do_fast_syscall_32+0x2f1/0xa10 [ 31