[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.245585] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.326202] random: sshd: uninitialized urandom read (32 bytes read) [ 24.774473] random: sshd: uninitialized urandom read (32 bytes read) [ 25.466165] random: sshd: uninitialized urandom read (32 bytes read) [ 25.616405] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts. [ 31.003848] random: sshd: uninitialized urandom read (32 bytes read) 2018/04/26 21:58:45 parsed 1 programs 2018/04/26 21:58:45 executed programs: 0 [ 31.461293] IPVS: ftp: loaded support on port[0] = 21 [ 31.514744] [ 31.516406] ====================================================== [ 31.522701] WARNING: possible circular locking dependency detected [ 31.529001] 4.17.0-rc2+ #43 Not tainted [ 31.532957] ------------------------------------------------------ [ 31.539282] syz-executor0/4506 is trying to acquire lock: [ 31.544806] (ptrval) (&bdev->bd_mutex){+.+.}, at: blkdev_reread_part+0x1e/0x40 [ 31.552860] [ 31.552860] but task is already holding lock: [ 31.558819] (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170 [ 31.567221] [ 31.567221] which lock already depends on the new lock. [ 31.567221] [ 31.575523] [ 31.575523] the existing dependency chain (in reverse order) is: [ 31.583128] [ 31.583128] -> #2 (&lo->lo_ctl_mutex#2){+.+.}: [ 31.589189] __mutex_lock+0x16d/0x17f0 [ 31.593582] mutex_lock_nested+0x16/0x20 [ 31.598143] lo_release+0xa3/0x1f0 [ 31.602188] __blkdev_put+0x4f6/0x830 [ 31.606496] blkdev_put+0x98/0x540 [ 31.611389] blkdev_close+0x8b/0xb0 [ 31.615517] __fput+0x34d/0x890 [ 31.619319] ____fput+0x15/0x20 [ 31.623103] task_work_run+0x1e4/0x290 [ 31.627504] exit_to_usermode_loop+0x2bd/0x310 [ 31.632616] do_syscall_64+0x6ac/0x800 [ 31.637012] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.642704] [ 31.642704] -> #1 (loop_index_mutex){+.+.}: [ 31.648508] __mutex_lock+0x16d/0x17f0 [ 31.652910] mutex_lock_nested+0x16/0x20 [ 31.657474] lo_open+0x1b/0xb0 [ 31.661181] __blkdev_get+0x358/0x13a0 [ 31.665571] blkdev_get+0xb9/0xb30 [ 31.669623] blkdev_open+0x1fb/0x280 [ 31.673852] do_dentry_open+0x7ef/0xf10 [ 31.678770] vfs_open+0x139/0x230 [ 31.682735] path_openat+0x1676/0x4e20 [ 31.687136] do_filp_open+0x249/0x350 [ 31.691444] do_sys_open+0x56f/0x740 [ 31.695665] __x64_sys_open+0x7e/0xc0 [ 31.700065] do_syscall_64+0x1b1/0x800 [ 31.704455] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.710138] [ 31.710138] -> #0 (&bdev->bd_mutex){+.+.}: [ 31.715847] lock_acquire+0x1dc/0x520 [ 31.720167] __mutex_lock+0x16d/0x17f0 [ 31.724674] mutex_lock_nested+0x16/0x20 [ 31.729256] blkdev_reread_part+0x1e/0x40 [ 31.733913] loop_reread_partitions+0x159/0x180 [ 31.739094] loop_set_status+0xb95/0x1010 [ 31.743755] loop_set_status_compat+0xa4/0xf0 [ 31.748756] lo_compat_ioctl+0x14b/0x170 [ 31.753321] compat_blkdev_ioctl+0x3c2/0x1b20 [ 31.758318] __ia32_compat_sys_ioctl+0x221/0x640 [ 31.763677] do_fast_syscall_32+0x345/0xf9b [ 31.768507] entry_SYSENTER_compat+0x70/0x7f [ 31.773414] [ 31.773414] other info that might help us debug this: [ 31.773414] [ 31.781537] Chain exists of: [ 31.781537] &bdev->bd_mutex --> loop_index_mutex --> &lo->lo_ctl_mutex#2 [ 31.781537] [ 31.792890] Possible unsafe locking scenario: [ 31.792890] [ 31.798933] CPU0 CPU1 [ 31.803578] ---- ---- [ 31.808220] lock(&lo->lo_ctl_mutex#2); [ 31.812264] lock(loop_index_mutex); [ 31.818563] lock(&lo->lo_ctl_mutex#2); [ 31.825129] lock(&bdev->bd_mutex); [ 31.828824] [ 31.828824] *** DEADLOCK *** [ 31.828824] [ 31.834870] 1 lock held by syz-executor0/4506: [ 31.839437] #0: (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170 [ 31.848221] [ 31.848221] stack backtrace: [ 31.852729] CPU: 1 PID: 4506 Comm: syz-executor0 Not tainted 4.17.0-rc2+ #43 [ 31.859911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.869245] Call Trace: [ 31.871820] dump_stack+0x1b9/0x294 [ 31.875430] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.880614] ? print_lock+0xd1/0xd6 [ 31.884224] ? vprintk_func+0x81/0xe7 [ 31.888007] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 31.893698] ? save_trace+0xe0/0x290 [ 31.897400] __lock_acquire+0x343e/0x5140 [ 31.901541] ? debug_check_no_locks_freed+0x310/0x310 [ 31.906721] ? __lock_acquire+0x7f5/0x5140 [ 31.911130] ? debug_check_no_locks_freed+0x310/0x310 [ 31.916303] ? noop_count+0x40/0x40 [ 31.919911] ? bpf_prog_kallsyms_find+0xd6/0x4a0 [ 31.924655] ? __bpf_trace_bpf_map_next_key+0x40/0x40 [ 31.929845] ? lock_downgrade+0x8e0/0x8e0 [ 31.933973] ? print_usage_bug+0xc0/0xc0 [ 31.938027] ? print_usage_bug+0xc0/0xc0 [ 31.942078] ? kasan_check_read+0x11/0x20 [ 31.946211] ? graph_lock+0x170/0x170 [ 31.950000] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 31.955180] lock_acquire+0x1dc/0x520 [ 31.958962] ? blkdev_reread_part+0x1e/0x40 [ 31.963280] ? lock_release+0xa10/0xa10 [ 31.967248] ? check_same_owner+0x320/0x320 [ 31.971731] ? debug_check_no_locks_freed+0x310/0x310 [ 31.976902] ? rcu_note_context_switch+0x710/0x710 [ 31.981815] ? __might_sleep+0x95/0x190 [ 31.985779] ? blkdev_reread_part+0x1e/0x40 [ 31.990097] __mutex_lock+0x16d/0x17f0 [ 31.993977] ? blkdev_reread_part+0x1e/0x40 [ 31.998311] ? blkdev_reread_part+0x1e/0x40 [ 32.002627] ? debug_check_no_locks_freed+0x310/0x310 [ 32.007804] ? mutex_trylock+0x2a0/0x2a0 [ 32.011851] ? kasan_check_write+0x14/0x20 [ 32.016070] ? do_raw_spin_lock+0xc1/0x200 [ 32.020293] ? graph_lock+0x170/0x170 [ 32.024085] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.029172] ? graph_lock+0x170/0x170 [ 32.032954] ? graph_lock+0x170/0x170 [ 32.036741] ? save_stack+0xa9/0xd0 [ 32.040352] ? save_stack+0x43/0xd0 [ 32.043970] ? __lock_is_held+0xb5/0x140 [ 32.048026] ? print_usage_bug+0xc0/0xc0 [ 32.052076] ? lock_downgrade+0x8e0/0x8e0 [ 32.056206] ? mark_held_locks+0xc9/0x160 [ 32.060333] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 32.064898] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 32.069984] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 32.074990] ? trace_hardirqs_on+0xd/0x10 [ 32.079143] ? __wake_up_common_lock+0x1c2/0x300 [ 32.083884] mutex_lock_nested+0x16/0x20 [ 32.087926] ? mutex_lock_nested+0x16/0x20 [ 32.092145] blkdev_reread_part+0x1e/0x40 [ 32.096296] loop_reread_partitions+0x159/0x180 [ 32.100959] ? __loop_update_dio+0x6a0/0x6a0 [ 32.105366] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.110897] loop_set_status+0xb95/0x1010 [ 32.115040] loop_set_status_compat+0xa4/0xf0 [ 32.119528] ? loop_set_status+0x1010/0x1010 [ 32.123920] lo_compat_ioctl+0x14b/0x170 [ 32.127972] ? lo_ioctl+0x2130/0x2130 [ 32.131766] compat_blkdev_ioctl+0x3c2/0x1b20 [ 32.136255] ? bfq_create_group_hierarchy+0x120/0x120 [ 32.141444] ? __x32_compat_sys_get_robust_list+0x430/0x430 [ 32.147151] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 32.152331] ? bfq_create_group_hierarchy+0x120/0x120 [ 32.157514] __ia32_compat_sys_ioctl+0x221/0x640 [ 32.162265] do_fast_syscall_32+0x345/0xf9b [ 32.166580] ? do_int80_syscall_32+0x880/0x880 [ 32.171149] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 32.175889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.181415] ? syscall_return_slowpath+0x30f/0x5c0 [ 32.186326] ? sysret32_from_system_call+0x5/0x46 [ 32.191154] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.195981] entry_SYSENTER_compat+0x70/0x7f [ 32.201843] RIP: 0023:0xf7f26cb9 [ 32.205200] RSP: 002b:00000000ff88d52c EFLAGS: 00000286 ORIG_RAX: 0000000000000036 [ 32.212890] RAX: ffffffffffffffda RBX: 0000000000000003 R