[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.741923] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.955495] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [ 21.177790] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 22.104963] random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available) [ 53.292453] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts. 2018/04/14 16:32:25 parsed 1 programs 2018/04/14 16:32:25 executed programs: 0 [ 108.697456] IPVS: Creating netns size=2552 id=1 [ 108.734496] IPVS: Creating netns size=2552 id=2 [ 108.768896] IPVS: Creating netns size=2552 id=3 [ 108.800743] IPVS: Creating netns size=2552 id=4 [ 108.845175] IPVS: Creating netns size=2552 id=5 [ 108.884450] IPVS: Creating netns size=2552 id=6 [ 108.923628] IPVS: Creating netns size=2552 id=7 [ 108.965247] IPVS: Creating netns size=2552 id=8 [ 109.530394] [ 109.532026] ====================================================== [ 109.538312] [ INFO: possible circular locking dependency detected ] [ 109.544687] 4.4.125-g38f41ec #21 Not tainted [ 109.549063] ------------------------------------------------------- [ 109.555439] syz-executor2/3883 is trying to acquire lock: [ 109.560940] (&bdev->bd_mutex){+.+.+.}, at: [] blkdev_reread_part+0x1e/0x40 [ 109.570046] [ 109.570046] but task is already holding lock: [ 109.575985] (&lo->lo_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x109/0x140 [ 109.585481] [ 109.585481] which lock already depends on the new lock. [ 109.585481] [ 109.593763] [ 109.593763] the existing dependency chain (in reverse order) is: [ 109.601347] -> #2 (&lo->lo_ctl_mutex#2){+.+.+.}: [ 109.606829] [] lock_acquire+0x15e/0x460 [ 109.613061] [] mutex_lock_nested+0xbb/0x850 [ 109.619637] [] lo_release+0x85/0x160 [ 109.625602] [] __blkdev_put+0x5f7/0x7e0 [ 109.631831] [] blkdev_put+0x85/0x550 [ 109.637801] [] blkdev_close+0x8b/0xb0 [ 109.643857] [] __fput+0x233/0x6d0 [ 109.649562] [] ____fput+0x15/0x20 [ 109.655268] [] task_work_run+0x104/0x180 [ 109.661583] [] exit_to_usermode_loop+0x13d/0x160 [ 109.668605] [] syscall_return_slowpath+0x1b5/0x1f0 [ 109.675788] [] int_ret_from_sys_call+0x25/0xa3 [ 109.682628] -> #1 (loop_index_mutex){+.+.+.}: [ 109.687733] [] lock_acquire+0x15e/0x460 [ 109.693961] [] mutex_lock_nested+0xbb/0x850 [ 109.700534] [] lo_open+0x1b/0xa0 [ 109.706157] [] __blkdev_get+0x2ac/0xdf0 [ 109.712389] [] blkdev_get+0x33d/0x940 [ 109.718449] [] blkdev_open+0x1a5/0x250 [ 109.724589] [] do_dentry_open+0x59b/0xba0 [ 109.730990] [] vfs_open+0x110/0x210 [ 109.736873] [] path_openat+0x923/0x3940 [ 109.743104] [] do_filp_open+0x197/0x290 [ 109.749334] [] do_sys_open+0x369/0x660 [ 109.755483] [] SyS_open+0x2d/0x40 [ 109.761189] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 109.768385] -> #0 (&bdev->bd_mutex){+.+.+.}: [ 109.773402] [] __lock_acquire+0x371f/0x4b50 [ 109.779979] [] lock_acquire+0x15e/0x460 [ 109.786209] [] mutex_lock_nested+0xbb/0x850 [ 109.792781] [] blkdev_reread_part+0x1e/0x40 [ 109.799355] [] loop_reread_partitions+0x78/0xe0 [ 109.806276] [] loop_set_status+0x995/0xfc0 [ 109.812786] [] loop_set_status_compat+0x9a/0x100 [ 109.819797] [] lo_compat_ioctl+0x114/0x140 [ 109.826290] [] compat_blkdev_ioctl+0x3d4/0x3b10 [ 109.833215] [] compat_SyS_ioctl+0x28a/0x2540 [ 109.839878] [] do_fast_syscall_32+0x321/0x8a0 [ 109.846636] [] sysenter_flags_fixed+0xd/0x17 [ 109.853309] [ 109.853309] other info that might help us debug this: [ 109.853309] [ 109.861417] Chain exists of: &bdev->bd_mutex --> loop_index_mutex --> &lo->lo_ctl_mutex#2 [ 109.870964] Possible unsafe locking scenario: [ 109.870964] [ 109.876988] CPU0 CPU1 [ 109.881619] ---- ---- [ 109.886252] lock(&lo->lo_ctl_mutex#2); [ 109.890628] lock(loop_index_mutex); [ 109.897144] lock(&lo->lo_ctl_mutex#2); [ 109.904040] lock(&bdev->bd_mutex); [ 109.907946] [ 109.907946] *** DEADLOCK *** [ 109.907946] [ 109.913974] 1 lock held by syz-executor2/3883: [ 109.918520] #0: (&lo->lo_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x109/0x140 [ 109.928544] [ 109.928544] stack backtrace: [ 109.933006] CPU: 1 PID: 3883 Comm: syz-executor2 Not tainted 4.4.125-g38f41ec #21 [ 109.940591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 109.949909] 0000000000000000 baf479a3d3540d59 ffff8800ac9475e8 ffffffff81d067bd [ 109.957874] ffffffff85188b10 ffffffff851880f0 ffffffff851b0e00 ffff8800ac95d108 [ 109.965849] ffff8800ac95c800 ffff8800ac947630 ffffffff81234081 ffff8800ac95d108 [ 109.973810] Call Trace: [ 109.976367] [] dump_stack+0xc1/0x124 [ 109.981696] [] print_circular_bug+0x271/0x310 [ 109.987819] [] __lock_acquire+0x371f/0x4b50 [ 109.993763] [] ? save_stack_trace+0x26/0x50 [ 109.999703] [] ? save_stack+0x43/0xd0 [ 110.005119] [] ? kasan_slab_free+0x72/0xc0 [ 110.010975] [] ? kfree+0xfc/0x300 [ 110.016047] [] ? kobject_uevent_env+0x24f/0xb40 [ 110.022333] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 110.029316] [] ? __lock_acquire+0xb5f/0x4b50 [ 110.035341] [] ? __lock_is_held+0xa1/0xf0 [ 110.041109] [] lock_acquire+0x15e/0x460 [ 110.046702] [] ? blkdev_reread_part+0x1e/0x40 [ 110.052815] [] ? blkdev_reread_part+0x1e/0x40 [ 110.058926] [] mutex_lock_nested+0xbb/0x850 [ 110.064862] [] ? blkdev_reread_part+0x1e/0x40 [ 110.070983] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 110.077185] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 110.084081] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 110.090897] [] blkdev_reread_part+0x1e/0x40 [ 110.096840] [] loop_reread_partitions+0x78/0xe0 [ 110.103125] [] loop_set_status+0x995/0xfc0 [ 110.108977] [] loop_set_status_compat+0x9a/0x100 [ 110.115348] [] ? loop_set_status+0xfc0/0xfc0 [ 110.121372] [] ? kmem_cache_free+0xc7/0x320 [ 110.127311] [] ? putname+0xee/0x130 [ 110.132557] [] ? do_sys_open+0x254/0x660 [ 110.138236] [] lo_compat_ioctl+0x114/0x140 [ 110.144099] [] ? lo_ioctl+0x19c0/0x19c0 [ 110.149696] [] compat_blkdev_ioctl+0x3d4/0x3b10 [ 110.155982] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 110.162788] [] ? cfq_dispatch_requests+0x2fa0/0x2fa0 [ 110.169520] [] ? exit_robust_list+0x240/0x240 [ 110.175634] [] ? security_file_ioctl+0x89/0xb0 [ 110.181838] [] compat_SyS_ioctl+0x28a/0x2540 [ 110.187866] [] ? cfq_dispatch_requests+0x2fa0/0x2fa0 [ 110.194587] [] ? compat_SyS_ppoll+0x420/0x420 [ 110.200700] [] ? _raw_spin_unlock+0x2c/0x50 [ 110.206640] [] ? handle_mm_fault+0x3f2/0x3190 [ 110.212750] [] ? putname+0xf3/0x130 [ 110.217992] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 110.224103] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 110.231085] [] ? __do_page_fault+0x380/0xa00 [ 110.237113] [] ? do_fast_syscall_32+0xd7/0x8a0 [ 110.243313] [] ? compat_SyS_ppoll+0x420/0x420 [ 110.249424] [] do_fast_syscall_32+0x321/0x8a0 [ 110.255540] [] sysenter_flags_fixed+0xd/0x17 2018/04/14 16:32:30 executed programs: 40 2018/04/14 16:32:35 executed programs: 79 INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes