Warning: Permanently added '10.128.1.42' (ECDSA) to the list of known hosts. [ 46.956039] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 47.087807] audit: type=1400 audit(1561986255.874:36): avc: denied { map } for pid=7184 comm="syz-executor873" path="/root/syz-executor873248452" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.091402] [ 47.115871] ====================================================== [ 47.122188] WARNING: possible circular locking dependency detected [ 47.128490] 4.14.131 #25 Not tainted [ 47.132200] ------------------------------------------------------ [ 47.138503] syz-executor873/7184 is trying to acquire lock: [ 47.144215] (&bdev->bd_mutex){+.+.}, at: [] blkdev_reread_part+0x1f/0x40 [ 47.153192] [ 47.153192] but task is already holding lock: [ 47.159137] (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x134/0xae0 [ 47.167182] [ 47.167182] which lock already depends on the new lock. [ 47.167182] [ 47.175483] [ 47.175483] the existing dependency chain (in reverse order) is: [ 47.183084] [ 47.183084] -> #2 (&nbd->config_lock){+.+.}: [ 47.188967] lock_acquire+0x16f/0x430 [ 47.193287] __mutex_lock+0xe8/0x1470 [ 47.203354] mutex_lock_nested+0x16/0x20 [ 47.207913] nbd_open+0xf2/0x1f0 [ 47.211779] __blkdev_get+0x2c7/0x1120 [ 47.216178] blkdev_get+0xa8/0x8e0 [ 47.220236] blkdev_open+0x1d1/0x260 [ 47.224448] do_dentry_open+0x73b/0xeb0 [ 47.228922] vfs_open+0x105/0x220 [ 47.232874] path_openat+0x8bd/0x3f70 [ 47.237174] do_filp_open+0x18e/0x250 [ 47.241479] do_sys_open+0x2c5/0x430 [ 47.245690] SyS_open+0x2d/0x40 [ 47.249471] do_syscall_64+0x1e8/0x640 [ 47.253863] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 47.259571] [ 47.259571] -> #1 (nbd_index_mutex){+.+.}: [ 47.265274] lock_acquire+0x16f/0x430 [ 47.269573] __mutex_lock+0xe8/0x1470 [ 47.273872] mutex_lock_nested+0x16/0x20 [ 47.278433] nbd_open+0x27/0x1f0 [ 47.282340] __blkdev_get+0x2c7/0x1120 [ 47.286745] blkdev_get+0xa8/0x8e0 [ 47.290785] blkdev_open+0x1d1/0x260 [ 47.294998] do_dentry_open+0x73b/0xeb0 [ 47.307037] vfs_open+0x105/0x220 [ 47.310994] path_openat+0x8bd/0x3f70 [ 47.315291] do_filp_open+0x18e/0x250 [ 47.319589] do_sys_open+0x2c5/0x430 [ 47.323799] SyS_open+0x2d/0x40 [ 47.327594] do_syscall_64+0x1e8/0x640 [ 47.331981] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 47.337662] [ 47.337662] -> #0 (&bdev->bd_mutex){+.+.}: [ 47.343360] __lock_acquire+0x2c89/0x45e0 [ 47.348019] lock_acquire+0x16f/0x430 [ 47.352320] __mutex_lock+0xe8/0x1470 [ 47.356620] mutex_lock_nested+0x16/0x20 [ 47.361185] blkdev_reread_part+0x1f/0x40 [ 47.365835] nbd_ioctl+0x801/0xae0 [ 47.369884] blkdev_ioctl+0x96b/0x1860 [ 47.374281] block_ioctl+0xde/0x120 [ 47.378408] do_vfs_ioctl+0x7ae/0x1060 [ 47.382797] SyS_ioctl+0x8f/0xc0 [ 47.386661] do_syscall_64+0x1e8/0x640 [ 47.391047] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 47.396730] [ 47.396730] other info that might help us debug this: [ 47.396730] [ 47.404847] Chain exists of: [ 47.404847] &bdev->bd_mutex --> nbd_index_mutex --> &nbd->config_lock [ 47.404847] [ 47.415932] Possible unsafe locking scenario: [ 47.415932] [ 47.421967] CPU0 CPU1 [ 47.426607] ---- ---- [ 47.431262] lock(&nbd->config_lock); [ 47.435127] lock(nbd_index_mutex); [ 47.441339] lock(&nbd->config_lock); [ 47.447719] lock(&bdev->bd_mutex); [ 47.451426] [ 47.451426] *** DEADLOCK *** [ 47.451426] [ 47.457461] 1 lock held by syz-executor873/7184: [ 47.462186] #0: (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x134/0xae0 [ 47.470669] [ 47.470669] stack backtrace: [ 47.475143] CPU: 0 PID: 7184 Comm: syz-executor873 Not tainted 4.14.131 #25 [ 47.482830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.492174] Call Trace: [ 47.494749] dump_stack+0x138/0x19c [ 47.498358] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 47.503701] __lock_acquire+0x2c89/0x45e0 [ 47.507847] ? is_bpf_text_address+0xa6/0x120 [ 47.512324] ? kernel_text_address+0x73/0xf0 [ 47.516718] ? trace_hardirqs_on+0x10/0x10 [ 47.520933] lock_acquire+0x16f/0x430 [ 47.524887] ? blkdev_reread_part+0x1f/0x40 [ 47.529183] ? blkdev_reread_part+0x1f/0x40 [ 47.533487] __mutex_lock+0xe8/0x1470 [ 47.537260] ? blkdev_reread_part+0x1f/0x40 [ 47.541562] ? save_trace+0x290/0x290 [ 47.545346] ? blkdev_reread_part+0x1f/0x40 [ 47.549647] ? mutex_trylock+0x1c0/0x1c0 [ 47.553688] ? bd_set_size+0x89/0xb0 [ 47.557383] ? lock_downgrade+0x6e0/0x6e0 [ 47.561512] mutex_lock_nested+0x16/0x20 [ 47.565570] ? mutex_lock_nested+0x16/0x20 [ 47.569783] blkdev_reread_part+0x1f/0x40 [ 47.573912] nbd_ioctl+0x801/0xae0 [ 47.577429] ? kasan_slab_free+0x75/0xc0 [ 47.581470] ? nbd_add_socket+0x5e0/0x5e0 [ 47.585617] ? debug_check_no_obj_freed+0x2aa/0x7b7 [ 47.590615] ? nbd_add_socket+0x5e0/0x5e0 [ 47.594746] blkdev_ioctl+0x96b/0x1860 [ 47.598639] ? blkpg_ioctl+0x980/0x980 [ 47.602508] ? __might_sleep+0x93/0xb0 [ 47.606373] block_ioctl+0xde/0x120 [ 47.609976] ? blkdev_fallocate+0x3b0/0x3b0 [ 47.614276] do_vfs_ioctl+0x7ae/0x1060 [ 47.618142] ? selinux_file_mprotect+0x5d0/0x5d0 [ 47.622874] ? ioctl_preallocate+0x1c0/0x1c0 [ 47.627255] ? putname+0xe0/0x120 [ 47.630685] ? do_sys_open+0x221/0x430 [ 47.634568] ? security_file_ioctl+0x7d/0xb0 [ 47.638951] ? security_file_ioctl+0x89/0xb0 [ 47.643342] SyS_ioctl+0x8f/0xc0 [ 47.646684] ? do_vfs_ioctl+0x1060/0x1060 [ 47.650813] do_syscall_64+0x1e8/0x640 [ 47.654677] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.659495] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 47.664675] RIP: 0033:0x443df9 [ 47.667840] RSP: 002b:00007ffff4f7f288 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 47.675525] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443df9 [ 47.682772] RDX: 0000000000000000 RSI: 000000000000ab04 RDI: 0000000000000003 [