[ 15.525162] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.472717] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 19.780099] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 20.561547] random: sshd: uninitialized urandom read (32 bytes read, 95 bits of entropy available) [ 20.728934] random: sshd: uninitialized urandom read (32 bytes read, 100 bits of entropy available) Warning: Permanently added 'ci-android-44-kasan-gce-386-4,10.128.0.34' (ECDSA) to the list of known hosts. [ 26.102490] random: sshd: uninitialized urandom read (32 bytes read, 107 bits of entropy available) executing program [ 26.225281] [ 26.226927] ====================================================== [ 26.233209] [ INFO: possible circular locking dependency detected ] [ 26.239578] 4.4.107-g610c835 #4 Not tainted [ 26.243860] ------------------------------------------------------- [ 26.250227] syzkaller157105/3311 is trying to acquire lock: [ 26.255905] (&bdev->bd_mutex){+.+.+.}, at: [] blkdev_reread_part+0x1e/0x40 [ 26.264990] [ 26.264990] but task is already holding lock: [ 26.270928] (&lo->lo_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x109/0x140 [ 26.280381] [ 26.280381] which lock already depends on the new lock. [ 26.280381] [ 26.288659] [ 26.288659] the existing dependency chain (in reverse order) is: [ 26.296249] -> #1 (&lo->lo_ctl_mutex#2){+.+.+.}: [ 26.301702] [] lock_acquire+0x15e/0x460 [ 26.307922] [] mutex_lock_nested+0xbb/0x850 [ 26.314493] [] lo_release+0x6b/0x140 [ 26.320453] [] __blkdev_put+0x5f7/0x7e0 [ 26.326674] [] blkdev_put+0x85/0x550 [ 26.332633] [] blkdev_close+0x8b/0xb0 [ 26.338682] [] __fput+0x233/0x6d0 [ 26.344381] [] ____fput+0x15/0x20 [ 26.350081] [] task_work_run+0x104/0x180 [ 26.356394] [] exit_to_usermode_loop+0x145/0x170 [ 26.363395] [] syscall_return_slowpath+0x1b5/0x1f0 [ 26.370572] [] int_ret_from_sys_call+0x25/0x9f [ 26.377399] -> #0 (&bdev->bd_mutex){+.+.+.}: [ 26.382397] [] __lock_acquire+0x371f/0x4b50 [ 26.388964] [] lock_acquire+0x15e/0x460 [ 26.395186] [] mutex_lock_nested+0xbb/0x850 [ 26.401754] [] blkdev_reread_part+0x1e/0x40 [ 26.408320] [] loop_reread_partitions+0x78/0xe0 [ 26.415234] [] loop_set_status+0x995/0xfc0 [ 26.421713] [] loop_set_status_compat+0x9a/0x100 [ 26.428713] [] lo_compat_ioctl+0x114/0x140 [ 26.435198] [] compat_blkdev_ioctl+0x3d4/0x3b10 [ 26.442117] [] compat_SyS_ioctl+0x28a/0x2540 [ 26.448776] [] do_fast_syscall_32+0x314/0x890 [ 26.455517] [] sysenter_flags_fixed+0xd/0x17 [ 26.462180] [ 26.462180] other info that might help us debug this: [ 26.462180] [ 26.470285] Possible unsafe locking scenario: [ 26.470285] [ 26.476305] CPU0 CPU1 [ 26.480933] ---- ---- [ 26.485563] lock(&lo->lo_ctl_mutex#2); [ 26.489922] lock(&bdev->bd_mutex); [ 26.496349] lock(&lo->lo_ctl_mutex#2); [ 26.503223] lock(&bdev->bd_mutex); [ 26.507124] [ 26.507124] *** DEADLOCK *** [ 26.507124] [ 26.513145] 1 lock held by syzkaller157105/3311: [ 26.517863] #0: (&lo->lo_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x109/0x140 [ 26.527866] [ 26.527866] stack backtrace: [ 26.532325] CPU: 0 PID: 3311 Comm: syzkaller157105 Not tainted 4.4.107-g610c835 #4 [ 26.539994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.549310] 0000000000000000 74bece559afc3ae2 ffff8800b53cf5e8 ffffffff81d0457d [ 26.557271] ffffffff85178be0 ffffffff85178be0 ffffffff851a3e10 ffff8800b50ab818 [ 26.565216] ffff8800b50aaf80 ffff8800b53cf630 ffffffff812309f1 ffff8800b50ab818 [ 26.573161] Call Trace: [ 26.575715] [] dump_stack+0xc1/0x124 [ 26.581043] [] print_circular_bug+0x271/0x310 [ 26.587157] [] __lock_acquire+0x371f/0x4b50 [ 26.593094] [] ? save_stack_trace+0x26/0x50 [ 26.599030] [] ? save_stack+0x43/0xd0 [ 26.604445] [] ? kasan_slab_free+0x72/0xc0 [ 26.610294] [] ? kfree+0xfc/0x300 [ 26.615365] [] ? kobject_uevent_env+0x24f/0xb40 [ 26.621651] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 26.628629] [] ? __lock_acquire+0xb5f/0x4b50 [ 26.634662] [] ? __lock_is_held+0xa1/0xf0 [ 26.640426] [] lock_acquire+0x15e/0x460 [ 26.646014] [] ? blkdev_reread_part+0x1e/0x40 [ 26.652121] [] ? blkdev_reread_part+0x1e/0x40 [ 26.658229] [] mutex_lock_nested+0xbb/0x850 [ 26.664161] [] ? blkdev_reread_part+0x1e/0x40 [ 26.670270] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 26.676466] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 26.683355] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.690157] [] blkdev_reread_part+0x1e/0x40 [ 26.696094] [] loop_reread_partitions+0x78/0xe0 [ 26.702376] [] loop_set_status+0x995/0xfc0 [ 26.708223] [] loop_set_status_compat+0x9a/0x100 [ 26.714589] [] ? loop_set_status+0xfc0/0xfc0 [ 26.720621] [] lo_compat_ioctl+0x114/0x140 [ 26.726475] [] ? lo_ioctl+0x19c0/0x19c0 [ 26.732072] [] compat_blkdev_ioctl+0x3d4/0x3b10 [ 26.738354] [] ? cfq_dispatch_requests+0x2fa0/0x2fa0 [ 26.745073] [] ? save_stack_trace+0x26/0x50 [ 26.751010] [] ? save_stack+0x43/0xd0 [ 26.756424] [] ? kasan_slab_free+0x72/0xc0 [ 26.762272] [] ? kfree+0xfc/0x300 [ 26.767344] [] ? SyS_memfd_create+0x258/0x2e0 [ 26.773457] [] ? sysenter_flags_fixed+0xd/0x17 [ 26.779655] [] ? security_file_ioctl+0x89/0xb0 [ 26.785852] [] compat_SyS_ioctl+0x28a/0x2540 [ 26.791875] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 26.798770] [] ? cfq_dispatch_requests+0x2fa0/0x2fa0 [ 26.805491] [] ? compat_SyS_ppoll+0x420/0x420 [ 26.811602] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 26.818491] [] ? debug_check_no_obj_freed+0x2d2/0x9b0 [ 26.825296] [] ? quarantine_put+0xab/0x180 [ 26.831142] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.837945] [] ? trace_hardirqs_on+0xd/0x10 [ 26.843881] [] ? SyS_memfd_create+0x258/0x2e0 [ 26.849992] [] ? kasan_slab_free+0x88/0xc0 [ 26.855840] [] ? kfree+0xfc/0x300 [ 26.860912] [] ? do_fast_syscall_32+0xd7/0x890 [ 26.867113] [] ? compat_SyS_ppoll+0x420/0x420 [ 26.873220] [] do_fast_syscall_32