[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 17.940951] audit: type=1400 audit(1518164054.287:6): avc: denied { map } for pid=4152 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.214' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 24.252416] audit: type=1400 audit(1518164060.599:7): avc: denied { map } for pid=4166 comm="syzkaller401458" path="/root/syzkaller401458789" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 24.284734] [ 24.286380] ====================================================== [ 24.292672] WARNING: possible circular locking dependency detected [ 24.298958] 4.15.0+ #214 Not tainted [ 24.302638] ------------------------------------------------------ [ 24.308927] syzkaller401458/4166 is trying to acquire lock: [ 24.314605] (&bdev->bd_mutex){+.+.}, at: [<00000000fcbbcb5e>] blkdev_reread_part+0x1e/0x40 [ 24.323080] [ 24.323080] but task is already holding lock: [ 24.329022] (&lo->lo_ctl_mutex#2){+.+.}, at: [<000000007b4c83ae>] lo_compat_ioctl+0x109/0x140 [ 24.337751] [ 24.337751] which lock already depends on the new lock. [ 24.337751] [ 24.346036] [ 24.346036] the existing dependency chain (in reverse order) is: [ 24.353626] [ 24.353626] -> #2 (&lo->lo_ctl_mutex#2){+.+.}: [ 24.359664] __mutex_lock+0x16f/0x1a80 [ 24.364043] mutex_lock_nested+0x16/0x20 [ 24.368596] lo_release+0x85/0x190 [ 24.372629] __blkdev_put+0x62d/0x7f0 [ 24.376922] blkdev_put+0x85/0x4f0 [ 24.380953] blkdev_close+0x8b/0xb0 [ 24.385072] __fput+0x327/0x7e0 [ 24.388842] ____fput+0x15/0x20 [ 24.392613] task_work_run+0x199/0x270 [ 24.396995] exit_to_usermode_loop+0x275/0x2f0 [ 24.402069] do_syscall_64+0x6ed/0x940 [ 24.406448] entry_SYSCALL_64_after_hwframe+0x26/0x9b [ 24.412124] [ 24.412124] -> #1 (loop_index_mutex){+.+.}: [ 24.417901] __mutex_lock+0x16f/0x1a80 [ 24.422282] mutex_lock_nested+0x16/0x20 [ 24.426835] lo_open+0x1b/0xa0 [ 24.430520] __blkdev_get+0x2f9/0x10e0 [ 24.434900] blkdev_get+0x3a1/0xad0 [ 24.439019] blkdev_open+0x1c9/0x250 [ 24.443227] do_dentry_open+0x667/0xd40 [ 24.447693] vfs_open+0x107/0x220 [ 24.451636] path_openat+0x1151/0x3530 [ 24.456015] do_filp_open+0x25b/0x3b0 [ 24.460308] do_sys_open+0x502/0x6d0 [ 24.464515] SyS_open+0x2d/0x40 [ 24.468290] do_syscall_64+0x282/0x940 [ 24.472668] entry_SYSCALL_64_after_hwframe+0x26/0x9b [ 24.478345] [ 24.478345] -> #0 (&bdev->bd_mutex){+.+.}: [ 24.484038] lock_acquire+0x1d5/0x580 [ 24.488328] __mutex_lock+0x16f/0x1a80 [ 24.492707] mutex_lock_nested+0x16/0x20 [ 24.497262] blkdev_reread_part+0x1e/0x40 [ 24.501902] loop_reread_partitions+0x12f/0x1a0 [ 24.507064] loop_set_status+0x9ba/0xf60 [ 24.511615] loop_set_status_compat+0x9a/0x100 [ 24.516688] lo_compat_ioctl+0x114/0x140 [ 24.521242] compat_blkdev_ioctl+0x3ae/0x1840 [ 24.526227] compat_SyS_ioctl+0x151/0x2a30 [ 24.530957] do_fast_syscall_32+0x3ee/0xfa1 [ 24.535770] entry_SYSENTER_compat+0x54/0x63 [ 24.540667] [ 24.540667] other info that might help us debug this: [ 24.540667] [ 24.548776] Chain exists of: [ 24.548776] &bdev->bd_mutex --> loop_index_mutex --> &lo->lo_ctl_mutex#2 [ 24.548776] [ 24.560109] Possible unsafe locking scenario: [ 24.560109] [ 24.566133] CPU0 CPU1 [ 24.570769] ---- ---- [ 24.575408] lock(&lo->lo_ctl_mutex#2); [ 24.579438] lock(loop_index_mutex); [ 24.585726] lock(&lo->lo_ctl_mutex#2); [ 24.592275] lock(&bdev->bd_mutex); [ 24.595959] [ 24.595959] *** DEADLOCK *** [ 24.595959] [ 24.601988] 1 lock held by syzkaller401458/4166: [ 24.606711] #0: (&lo->lo_ctl_mutex#2){+.+.}, at: [<000000007b4c83ae>] lo_compat_ioctl+0x109/0x140 [ 24.615876] [ 24.615876] stack backtrace: [ 24.620343] CPU: 1 PID: 4166 Comm: syzkaller401458 Not tainted 4.15.0+ #214 [ 24.627419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.636741] Call Trace: [ 24.639305] dump_stack+0x194/0x257 [ 24.642906] ? arch_local_irq_restore+0x53/0x53 [ 24.647553] print_circular_bug.isra.38+0x2cd/0x2dc [ 24.652538] ? save_trace+0xe0/0x2b0 [ 24.656225] __lock_acquire+0x30a8/0x3e00 [ 24.660349] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.665510] ? __lock_acquire+0x664/0x3e00 [ 24.669714] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.674876] ? check_noncircular+0x20/0x20 [ 24.679086] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.684245] ? __lock_acquire+0x664/0x3e00 [ 24.688450] ? check_noncircular+0x20/0x20 [ 24.692654] ? check_noncircular+0x20/0x20 [ 24.696864] ? print_irqtrace_events+0x270/0x270 [ 24.701592] ? print_irqtrace_events+0x270/0x270 [ 24.706318] ? find_held_lock+0x35/0x1d0 [ 24.710352] ? __is_insn_slot_addr+0x1fc/0x330 [ 24.714910] lock_acquire+0x1d5/0x580 [ 24.718682] ? lock_acquire+0x1d5/0x580 [ 24.722630] ? blkdev_reread_part+0x1e/0x40 [ 24.726924] ? lock_release+0xa40/0xa40 [ 24.730872] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 24.736726] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.741891] ? rcu_note_context_switch+0x710/0x710 [ 24.746795] ? __might_sleep+0x95/0x190 [ 24.751414] ? blkdev_reread_part+0x1e/0x40 [ 24.755709] __mutex_lock+0x16f/0x1a80 [ 24.759569] ? blkdev_reread_part+0x1e/0x40 [ 24.763863] ? lock_release+0xa40/0xa40 [ 24.767811] ? is_bpf_text_address+0xa4/0x120 [ 24.772279] ? blkdev_reread_part+0x1e/0x40 [ 24.776571] ? do_raw_spin_trylock+0x190/0x190 [ 24.781126] ? mutex_lock_io_nested+0x1900/0x1900 [ 24.785941] ? trace_hardirqs_off+0xd/0x10 [ 24.790148] ? check_noncircular+0x20/0x20 [ 24.794359] ? depot_save_stack+0x2ca/0x460 [ 24.798656] ? check_noncircular+0x20/0x20 [ 24.802864] ? check_noncircular+0x20/0x20 [ 24.807070] ? save_stack+0x43/0xd0 [ 24.810667] ? __kasan_slab_free+0x11a/0x170 [ 24.815045] ? kasan_slab_free+0xe/0x10 [ 24.819010] ? __lock_is_held+0xb6/0x140 [ 24.823041] ? compat_blkdev_ioctl+0x3ae/0x1840 [ 24.827681] ? print_irqtrace_events+0x270/0x270 [ 24.832410] ? __wake_up_common_lock+0x1c2/0x310 [ 24.837140] ? lock_downgrade+0x980/0x980 [ 24.841261] ? mark_held_locks+0xaf/0x100 [ 24.845388] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 24.850463] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.855452] ? trace_hardirqs_on+0xd/0x10 [ 24.859572] ? __wake_up_common_lock+0x1c2/0x310 [ 24.864303] mutex_lock_nested+0x16/0x20 [ 24.868333] ? mutex_lock_nested+0x16/0x20 [ 24.872538] blkdev_reread_part+0x1e/0x40 [ 24.876657] loop_reread_partitions+0x12f/0x1a0 [ 24.881298] ? __loop_update_dio+0x640/0x640 [ 24.885681] loop_set_status+0x9ba/0xf60 [ 24.889717] loop_set_status_compat+0x9a/0x100 [ 24.894267] ? loop_set_status+0xf60/0xf60 [ 24.898478] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 24.904339] lo_compat_ioctl+0x114/0x140 [ 24.908370] ? lo_ioctl+0x1b70/0x1b70 [ 24.912144] compat_blkdev_ioctl+0x3ae/0x1840 [ 24.916614] ? bfq_create_group_hierarchy+0x110/0x110 [ 24.921778] ? security_file_ioctl+0x7d/0xb0 [ 24.926155] ? security_file_ioctl+0x89/0xb0 [ 24.930535] compat_SyS_ioctl+0x151/0x2a30 [ 24.934741] ? do_fast_syscall_32+0x156/0xfa1 [ 24.939209] ? bfq_create_group_hierarchy+0x110/0x110 [ 24.944372] ? do_ioctl+0x60/0x60 [ 24.947795] do_fast_syscall_32+0x3ee/0xfa1 [ 24.952093] ? do_int80_syscall_32+0x9d0/0x9d0 [ 24.956646] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.961373] ? syscall_return_slowpath+0x550/0x550 [ 24.966275] ? syscall_return_slowpath+0x2ac/0x550 [ 24.971178] ? prepare_exit_to_usermode+0x350/0x350 [ 24.976167] ? retint_user+0x18/0x18 [ 24.979854] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.984670] entry_SYSENTER_compat+0x54/0x63 [ 24.989051] RIP: 0023:0xf7fc4c79 [ 24.992386] RSP: 002b:00000000ffbcde5c EFLAGS: 00000282 ORIG_RAX: 0000000000000036 [ 25.000068] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0