[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.575746] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.819465] random: sshd: uninitialized urandom read (32 bytes read) [ 22.244740] random: sshd: uninitialized urandom read (32 bytes read) [ 22.956625] random: sshd: uninitialized urandom read (32 bytes read) [ 29.097908] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts. [ 34.465040] random: sshd: uninitialized urandom read (32 bytes read) 2018/04/26 12:07:13 parsed 1 programs 2018/04/26 12:07:13 executed programs: 0 [ 34.889832] IPVS: ftp: loaded support on port[0] = 21 [ 38.996781] [ 38.998440] ====================================================== [ 39.004732] WARNING: possible circular locking dependency detected [ 39.011029] 4.17.0-rc2+ #42 Not tainted [ 39.014977] ------------------------------------------------------ [ 39.021269] syz-executor0/5567 is trying to acquire lock: [ 39.026779] (ptrval) (&bdev->bd_mutex){+.+.}, at: blkdev_reread_part+0x1e/0x40 [ 39.034823] [ 39.034823] but task is already holding lock: [ 39.040770] (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170 [ 39.049076] [ 39.049076] which lock already depends on the new lock. [ 39.049076] [ 39.057366] [ 39.057366] the existing dependency chain (in reverse order) is: [ 39.064961] [ 39.064961] -> #2 (&lo->lo_ctl_mutex#2){+.+.}: [ 39.071018] __mutex_lock+0x16d/0x17f0 [ 39.075426] mutex_lock_nested+0x16/0x20 [ 39.079986] lo_release+0xa3/0x1f0 [ 39.084046] __blkdev_put+0x4f6/0x830 [ 39.088350] blkdev_put+0x98/0x540 [ 39.092388] blkdev_close+0x8b/0xb0 [ 39.096525] __fput+0x34d/0x890 [ 39.100307] ____fput+0x15/0x20 [ 39.104086] task_work_run+0x1e4/0x290 [ 39.108498] exit_to_usermode_loop+0x2bd/0x310 [ 39.113580] do_syscall_64+0x6ac/0x800 [ 39.117973] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.123658] [ 39.123658] -> #1 (loop_index_mutex){+.+.}: [ 39.129449] __mutex_lock+0x16d/0x17f0 [ 39.133833] mutex_lock_nested+0x16/0x20 [ 39.138393] lo_open+0x1b/0xb0 [ 39.142089] __blkdev_get+0x358/0x13a0 [ 39.146474] blkdev_get+0xb9/0xb30 [ 39.150511] blkdev_open+0x1fb/0x280 [ 39.154723] do_dentry_open+0x7ef/0xf10 [ 39.159193] vfs_open+0x139/0x230 [ 39.163146] path_openat+0x1676/0x4e20 [ 39.167530] do_filp_open+0x249/0x350 [ 39.171827] do_sys_open+0x56f/0x740 [ 39.176062] __x64_sys_open+0x7e/0xc0 [ 39.180370] do_syscall_64+0x1b1/0x800 [ 39.184769] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.190451] [ 39.190451] -> #0 (&bdev->bd_mutex){+.+.}: [ 39.196149] lock_acquire+0x1dc/0x520 [ 39.200447] __mutex_lock+0x16d/0x17f0 [ 39.204830] mutex_lock_nested+0x16/0x20 [ 39.209399] blkdev_reread_part+0x1e/0x40 [ 39.214060] loop_reread_partitions+0x159/0x180 [ 39.219225] loop_set_status+0xb95/0x1010 [ 39.223882] loop_set_status_compat+0xa4/0xf0 [ 39.228872] lo_compat_ioctl+0x14b/0x170 [ 39.233430] compat_blkdev_ioctl+0x3c2/0x1b20 [ 39.238424] __ia32_compat_sys_ioctl+0x221/0x640 [ 39.243677] do_fast_syscall_32+0x345/0xf9b [ 39.248495] entry_SYSENTER_compat+0x70/0x7f [ 39.253395] [ 39.253395] other info that might help us debug this: [ 39.253395] [ 39.261512] Chain exists of: [ 39.261512] &bdev->bd_mutex --> loop_index_mutex --> &lo->lo_ctl_mutex#2 [ 39.261512] [ 39.272856] Possible unsafe locking scenario: [ 39.272856] [ 39.278889] CPU0 CPU1 [ 39.283528] ---- ---- [ 39.288164] lock(&lo->lo_ctl_mutex#2); [ 39.292201] lock(loop_index_mutex); [ 39.298492] lock(&lo->lo_ctl_mutex#2); [ 39.305046] lock(&bdev->bd_mutex); [ 39.308737] [ 39.308737] *** DEADLOCK *** [ 39.308737] [ 39.314775] 1 lock held by syz-executor0/5567: [ 39.319327] #0: (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170 [ 39.328067] [ 39.328067] stack backtrace: [ 39.332548] CPU: 0 PID: 5567 Comm: syz-executor0 Not tainted 4.17.0-rc2+ #42 [ 39.339710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.349042] Call Trace: [ 39.351610] dump_stack+0x1b9/0x294 [ 39.355222] ? dump_stack_print_info.cold.2+0x52/0x52 [ 39.360391] ? print_lock+0xd1/0xd6 [ 39.364008] ? vprintk_func+0x81/0xe7 [ 39.367795] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 39.373481] ? save_trace+0xe0/0x290 [ 39.377180] __lock_acquire+0x343e/0x5140 [ 39.381308] ? debug_check_no_locks_freed+0x310/0x310 [ 39.386474] ? __lock_acquire+0x7f5/0x5140 [ 39.390685] ? debug_check_no_locks_freed+0x310/0x310 [ 39.395864] ? noop_count+0x40/0x40 [ 39.399471] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.404985] ? bpf_prog_kallsyms_find+0xd6/0x4a0 [ 39.409729] ? __bpf_trace_bpf_map_next_key+0x40/0x40 [ 39.414896] ? is_bpf_text_address+0xae/0x170 [ 39.419372] ? lock_downgrade+0x8e0/0x8e0 [ 39.423500] ? print_usage_bug+0xc0/0xc0 [ 39.427535] ? print_usage_bug+0xc0/0xc0 [ 39.431574] ? kasan_check_read+0x11/0x20 [ 39.435697] ? graph_lock+0x170/0x170 [ 39.439475] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 39.444644] lock_acquire+0x1dc/0x520 [ 39.448422] ? blkdev_reread_part+0x1e/0x40 [ 39.452721] ? lock_release+0xa10/0xa10 [ 39.456674] ? check_same_owner+0x320/0x320 [ 39.460972] ? debug_check_no_locks_freed+0x310/0x310 [ 39.466164] ? rcu_note_context_switch+0x710/0x710 [ 39.471160] ? __might_sleep+0x95/0x190 [ 39.475114] ? blkdev_reread_part+0x1e/0x40 [ 39.479413] __mutex_lock+0x16d/0x17f0 [ 39.483277] ? blkdev_reread_part+0x1e/0x40 [ 39.487575] ? blkdev_reread_part+0x1e/0x40 [ 39.491883] ? debug_check_no_locks_freed+0x310/0x310 [ 39.497051] ? mutex_trylock+0x2a0/0x2a0 [ 39.501089] ? kasan_check_write+0x14/0x20 [ 39.505298] ? do_raw_spin_lock+0xc1/0x200 [ 39.509508] ? graph_lock+0x170/0x170 [ 39.513286] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 39.518365] ? graph_lock+0x170/0x170 [ 39.522144] ? graph_lock+0x170/0x170 [ 39.525924] ? save_stack+0xa9/0xd0 [ 39.529535] ? save_stack+0x43/0xd0 [ 39.533138] ? __lock_is_held+0xb5/0x140 [ 39.537178] ? print_usage_bug+0xc0/0xc0 [ 39.541225] ? lock_downgrade+0x8e0/0x8e0 [ 39.545351] ? mark_held_locks+0xc9/0x160 [ 39.549475] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 39.554041] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 39.559125] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 39.564119] ? trace_hardirqs_on+0xd/0x10 [ 39.568252] ? __wake_up_common_lock+0x1c2/0x300 [ 39.572995] mutex_lock_nested+0x16/0x20 [ 39.577039] ? mutex_lock_nested+0x16/0x20 [ 39.581703] blkdev_reread_part+0x1e/0x40 [ 39.585831] loop_reread_partitions+0x159/0x180 [ 39.590474] ? __loop_update_dio+0x6a0/0x6a0 [ 39.594862] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 39.600374] loop_set_status+0xb95/0x1010 [ 39.604507] loop_set_status_compat+0xa4/0xf0 [ 39.608979] ? loop_set_status+0x1010/0x1010 [ 39.613366] lo_compat_ioctl+0x14b/0x170 [ 39.617402] ? lo_ioctl+0x2130/0x2130 [ 39.621181] compat_blkdev_ioctl+0x3c2/0x1b20 [ 39.625653] ? bfq_create_group_hierarchy+0x120/0x120 [ 39.630824] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.636337] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 39.641501] ? bfq_create_group_hierarchy+0x120/0x120 [ 39.646670] __ia32_compat_sys_ioctl+0x221/0x640 [ 39.651403] do_fast_syscall_32+0x345/0xf9b [ 39.655702] ? do_int80_syscall_32+0x880/0x880 [ 39.660261] ? _raw_spin_unlock_irq+0x27/0x70 [ 39.664732] ? finish_task_switch+0x1ca/0x810 [ 39.669206] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.674721] ? syscall_return_slowpath+0x30f/0x5c0 [ 39.679626] ? sysret32_from_system_call+0x5/0x46 [ 39.684456] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.689274] entry_SYSENTER_compat+0x70/0x7f [ 39.693656] RIP: 0023:0xf7fa7cb9 [ 39.696996] RSP: 002b:00000000f7fa30ac EFLAGS: 00000282 ORIG_RAX: 0000000000000036 [ 39.704694] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000004c02 [ 39.711940] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 39.719186] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 39.726439] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 39.733687] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2018/04/26 12:07:18 executed programs: 127 2018/04/26 12:07:23 executed programs: 305