[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.168567] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 19.840000] random: sshd: uninitialized urandom read (32 bytes read) [ 20.163908] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.892929] random: sshd: uninitialized urandom read (32 bytes read) [ 21.045308] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts. [ 26.511271] random: sshd: uninitialized urandom read (32 bytes read) 2018/04/25 23:06:22 parsed 1 programs 2018/04/25 23:06:22 executed programs: 0 [ 26.968821] IPVS: ftp: loaded support on port[0] = 21 [ 27.028576] [ 27.030231] ====================================================== [ 27.036528] WARNING: possible circular locking dependency detected [ 27.042819] 4.17.0-rc2+ #41 Not tainted [ 27.046771] ------------------------------------------------------ [ 27.053063] syz-executor0/4474 is trying to acquire lock: [ 27.058572] (ptrval) (&bdev->bd_mutex){+.+.}, at: blkdev_reread_part+0x1e/0x40 [ 27.066618] [ 27.066618] but task is already holding lock: [ 27.072568] (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170 [ 27.080870] [ 27.080870] which lock already depends on the new lock. [ 27.080870] [ 27.089161] [ 27.089161] the existing dependency chain (in reverse order) is: [ 27.096765] [ 27.096765] -> #2 (&lo->lo_ctl_mutex#2){+.+.}: [ 27.102818] __mutex_lock+0x16d/0x17f0 [ 27.107206] mutex_lock_nested+0x16/0x20 [ 27.111762] lo_release+0xa3/0x1f0 [ 27.115818] __blkdev_put+0x4f6/0x830 [ 27.120128] blkdev_put+0x98/0x540 [ 27.124167] blkdev_close+0x8b/0xb0 [ 27.128294] __fput+0x34d/0x890 [ 27.132077] ____fput+0x15/0x20 [ 27.135859] task_work_run+0x1e4/0x290 [ 27.140245] exit_to_usermode_loop+0x2bd/0x310 [ 27.145324] do_syscall_64+0x6ac/0x800 [ 27.149708] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.155389] [ 27.155389] -> #1 (loop_index_mutex){+.+.}: [ 27.161174] __mutex_lock+0x16d/0x17f0 [ 27.165558] mutex_lock_nested+0x16/0x20 [ 27.170117] lo_open+0x1b/0xb0 [ 27.173807] __blkdev_get+0x358/0x13a0 [ 27.178200] blkdev_get+0xb9/0xb30 [ 27.182327] blkdev_open+0x1fb/0x280 [ 27.186540] do_dentry_open+0x7ef/0xf10 [ 27.191037] vfs_open+0x139/0x230 [ 27.194995] path_openat+0x1676/0x4e20 [ 27.199379] do_filp_open+0x249/0x350 [ 27.203686] do_sys_open+0x56f/0x740 [ 27.207895] __x64_sys_open+0x7e/0xc0 [ 27.212193] do_syscall_64+0x1b1/0x800 [ 27.216585] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.222267] [ 27.222267] -> #0 (&bdev->bd_mutex){+.+.}: [ 27.227967] lock_acquire+0x1dc/0x520 [ 27.232274] __mutex_lock+0x16d/0x17f0 [ 27.236666] mutex_lock_nested+0x16/0x20 [ 27.241224] blkdev_reread_part+0x1e/0x40 [ 27.245869] loop_reread_partitions+0x159/0x180 [ 27.251292] loop_set_status+0xb95/0x1010 [ 27.255934] loop_set_status_compat+0xa4/0xf0 [ 27.260926] lo_compat_ioctl+0x14b/0x170 [ 27.265486] compat_blkdev_ioctl+0x3c2/0x1b20 [ 27.270482] __ia32_compat_sys_ioctl+0x221/0x640 [ 27.275736] do_fast_syscall_32+0x345/0xf9b [ 27.280555] entry_SYSENTER_compat+0x70/0x7f [ 27.285454] [ 27.285454] other info that might help us debug this: [ 27.285454] [ 27.293571] Chain exists of: [ 27.293571] &bdev->bd_mutex --> loop_index_mutex --> &lo->lo_ctl_mutex#2 [ 27.293571] [ 27.304916] Possible unsafe locking scenario: [ 27.304916] [ 27.310946] CPU0 CPU1 [ 27.315585] ---- ---- [ 27.320223] lock(&lo->lo_ctl_mutex#2); [ 27.324261] lock(loop_index_mutex); [ 27.330552] lock(&lo->lo_ctl_mutex#2); [ 27.337104] lock(&bdev->bd_mutex); [ 27.340792] [ 27.340792] *** DEADLOCK *** [ 27.340792] [ 27.346831] 1 lock held by syz-executor0/4474: [ 27.351386] #0: (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170 [ 27.360133] [ 27.360133] stack backtrace: [ 27.364611] CPU: 1 PID: 4474 Comm: syz-executor0 Not tainted 4.17.0-rc2+ #41 [ 27.371776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.381102] Call Trace: [ 27.383670] dump_stack+0x1b9/0x294 [ 27.387277] ? dump_stack_print_info.cold.2+0x52/0x52 [ 27.392445] ? print_lock+0xd1/0xd6 [ 27.396056] ? vprintk_func+0x81/0xe7 [ 27.399841] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 27.405529] ? save_trace+0xe0/0x290 [ 27.409227] __lock_acquire+0x343e/0x5140 [ 27.413356] ? debug_check_no_locks_freed+0x310/0x310 [ 27.418521] ? __lock_acquire+0x7f5/0x5140 [ 27.422820] ? debug_check_no_locks_freed+0x310/0x310 [ 27.427992] ? noop_count+0x40/0x40 [ 27.431603] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.437115] ? bpf_prog_kallsyms_find+0xd6/0x4a0 [ 27.441854] ? __bpf_trace_bpf_map_next_key+0x40/0x40 [ 27.447021] ? is_bpf_text_address+0xae/0x170 [ 27.451490] ? lock_downgrade+0x8e0/0x8e0 [ 27.455615] ? print_usage_bug+0xc0/0xc0 [ 27.459653] ? print_usage_bug+0xc0/0xc0 [ 27.463691] ? kasan_check_read+0x11/0x20 [ 27.467814] ? graph_lock+0x170/0x170 [ 27.471596] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 27.476770] lock_acquire+0x1dc/0x520 [ 27.480550] ? blkdev_reread_part+0x1e/0x40 [ 27.484847] ? lock_release+0xa10/0xa10 [ 27.488798] ? check_same_owner+0x320/0x320 [ 27.493099] ? debug_check_no_locks_freed+0x310/0x310 [ 27.498269] ? rcu_note_context_switch+0x710/0x710 [ 27.503178] ? __might_sleep+0x95/0x190 [ 27.507130] ? blkdev_reread_part+0x1e/0x40 [ 27.511431] __mutex_lock+0x16d/0x17f0 [ 27.515296] ? blkdev_reread_part+0x1e/0x40 [ 27.519595] ? blkdev_reread_part+0x1e/0x40 [ 27.523893] ? debug_check_no_locks_freed+0x310/0x310 [ 27.529062] ? mutex_trylock+0x2a0/0x2a0 [ 27.533103] ? kasan_check_write+0x14/0x20 [ 27.537317] ? do_raw_spin_lock+0xc1/0x200 [ 27.541525] ? graph_lock+0x170/0x170 [ 27.545327] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 27.550404] ? graph_lock+0x170/0x170 [ 27.554182] ? graph_lock+0x170/0x170 [ 27.557964] ? save_stack+0xa9/0xd0 [ 27.561568] ? save_stack+0x43/0xd0 [ 27.565176] ? __lock_is_held+0xb5/0x140 [ 27.569211] ? print_usage_bug+0xc0/0xc0 [ 27.573250] ? lock_downgrade+0x8e0/0x8e0 [ 27.577386] ? mark_held_locks+0xc9/0x160 [ 27.581512] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 27.586071] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 27.591150] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.596143] ? trace_hardirqs_on+0xd/0x10 [ 27.600270] ? __wake_up_common_lock+0x1c2/0x300 [ 27.605005] mutex_lock_nested+0x16/0x20 [ 27.609044] ? mutex_lock_nested+0x16/0x20 [ 27.613256] blkdev_reread_part+0x1e/0x40 [ 27.617386] loop_reread_partitions+0x159/0x180 [ 27.622040] ? __loop_update_dio+0x6a0/0x6a0 [ 27.626432] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 27.631948] loop_set_status+0xb95/0x1010 [ 27.636084] loop_set_status_compat+0xa4/0xf0 [ 27.640557] ? loop_set_status+0x1010/0x1010 [ 27.644948] lo_compat_ioctl+0x14b/0x170 [ 27.648985] ? lo_ioctl+0x2130/0x2130 [ 27.652769] compat_blkdev_ioctl+0x3c2/0x1b20 [ 27.657240] ? bfq_create_group_hierarchy+0x120/0x120 [ 27.662406] ? __x32_compat_sys_get_robust_list+0x430/0x430 [ 27.668098] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 27.673268] ? bfq_create_group_hierarchy+0x120/0x120 [ 27.678436] __ia32_compat_sys_ioctl+0x221/0x640 [ 27.683169] do_fast_syscall_32+0x345/0xf9b [ 27.687468] ? do_int80_syscall_32+0x880/0x880 [ 27.692039] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.696782] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.702298] ? syscall_return_slowpath+0x30f/0x5c0 [ 27.707206] ? sysret32_from_system_call+0x5/0x46 [ 27.712038] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.716874] entry_SYSENTER_compat+0x70/0x7f [ 27.721259] RIP: 0023:0xf7f37cb9 [ 27.724600] RSP: 002b:00000000ffe8af1c EFLAGS: 00000282 ORIG_RAX: 0000000000000