[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.053633] random: sshd: uninitialized urandom read (32 bytes read, 30 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.473638] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available) [ 20.654794] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available) [ 21.604054] random: sshd: uninitialized urandom read (32 bytes read, 111 bits of entropy available) [ 21.751786] random: sshd: uninitialized urandom read (32 bytes read, 114 bits of entropy available) Warning: Permanently added '10.128.0.52' (ECDSA) to the list of known hosts. [ 27.247263] random: sshd: uninitialized urandom read (32 bytes read, 119 bits of entropy available) 2018/04/14 17:39:16 parsed 1 programs 2018/04/14 17:39:16 executed programs: 0 [ 27.654018] IPVS: Creating netns size=2552 id=1 [ 27.791966] [ 27.793601] ====================================================== [ 27.799889] [ INFO: possible circular locking dependency detected ] [ 27.806261] 4.4.125-g38f41ec #21 Not tainted [ 27.810634] ------------------------------------------------------- [ 27.817005] syz-executor0/3759 is trying to acquire lock: [ 27.822515] (&bdev->bd_mutex){+.+.+.}, at: [] blkdev_reread_part+0x1e/0x40 [ 27.831620] [ 27.831620] but task is already holding lock: [ 27.837559] (&lo->lo_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x109/0x140 [ 27.847048] [ 27.847048] which lock already depends on the new lock. [ 27.847048] [ 27.855331] [ 27.855331] the existing dependency chain (in reverse order) is: [ 27.862917] -> #2 (&lo->lo_ctl_mutex#2){+.+.+.}: [ 27.868421] [] lock_acquire+0x15e/0x460 [ 27.874657] [] mutex_lock_nested+0xbb/0x850 [ 27.881247] [] lo_release+0x85/0x160 [ 27.887224] [] __blkdev_put+0x5f7/0x7e0 [ 27.893455] [] blkdev_put+0x85/0x550 [ 27.899433] [] blkdev_close+0x8b/0xb0 [ 27.905506] [] __fput+0x233/0x6d0 [ 27.911221] [] ____fput+0x15/0x20 [ 27.916930] [] task_work_run+0x104/0x180 [ 27.923260] [] exit_to_usermode_loop+0x13d/0x160 [ 27.930271] [] syscall_return_slowpath+0x1b5/0x1f0 [ 27.937464] [] int_ret_from_sys_call+0x25/0xa3 [ 27.944303] -> #1 (loop_index_mutex){+.+.+.}: [ 27.949421] [] lock_acquire+0x15e/0x460 [ 27.955675] [] mutex_lock_nested+0xbb/0x850 [ 27.962252] [] lo_open+0x1b/0xa0 [ 27.967884] [] __blkdev_get+0x2ac/0xdf0 [ 27.974114] [] blkdev_get+0x33d/0x940 [ 27.980172] [] blkdev_open+0x1a5/0x250 [ 27.986319] [] do_dentry_open+0x59b/0xba0 [ 27.992724] [] vfs_open+0x110/0x210 [ 27.998610] [] path_openat+0x923/0x3940 [ 28.004837] [] do_filp_open+0x197/0x290 [ 28.011065] [] do_sys_open+0x369/0x660 [ 28.017232] [] SyS_open+0x2d/0x40 [ 28.022944] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 28.030129] -> #0 (&bdev->bd_mutex){+.+.+.}: [ 28.035149] [] __lock_acquire+0x371f/0x4b50 [ 28.041728] [] lock_acquire+0x15e/0x460 [ 28.047956] [] mutex_lock_nested+0xbb/0x850 [ 28.054532] [] blkdev_reread_part+0x1e/0x40 [ 28.061112] [] loop_reread_partitions+0x78/0xe0 [ 28.068299] [] loop_set_status+0x995/0xfc0 [ 28.074791] [] loop_set_status_compat+0x9a/0x100 [ 28.081806] [] lo_compat_ioctl+0x114/0x140 [ 28.088299] [] compat_blkdev_ioctl+0x3d4/0x3b10 [ 28.095225] [] compat_SyS_ioctl+0x28a/0x2540 [ 28.101898] [] do_fast_syscall_32+0x321/0x8a0 [ 28.108659] [] sysenter_flags_fixed+0xd/0x17 [ 28.115328] [ 28.115328] other info that might help us debug this: [ 28.115328] [ 28.123436] Chain exists of: &bdev->bd_mutex --> loop_index_mutex --> &lo->lo_ctl_mutex#2 [ 28.132991] Possible unsafe locking scenario: [ 28.132991] [ 28.139013] CPU0 CPU1 [ 28.143650] ---- ---- [ 28.148283] lock(&lo->lo_ctl_mutex#2); [ 28.152659] lock(loop_index_mutex); [ 28.159186] lock(&lo->lo_ctl_mutex#2); [ 28.166085] lock(&bdev->bd_mutex); [ 28.169994] [ 28.169994] *** DEADLOCK *** [ 28.169994] [ 28.176022] 1 lock held by syz-executor0/3759: [ 28.180570] #0: (&lo->lo_ctl_mutex#2){+.+.+.}, at: [] lo_compat_ioctl+0x109/0x140 [ 28.190600] [ 28.190600] stack backtrace: [ 28.195066] CPU: 0 PID: 3759 Comm: syz-executor0 Not tainted 4.4.125-g38f41ec #21 [ 28.202654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.211978] 0000000000000000 6474f5eef863f67b ffff8801c7cf75e8 ffffffff81d067bd [ 28.219948] ffffffff85188b10 ffffffff851880f0 ffffffff851b14c0 ffff8800acc72108 [ 28.227916] ffff8800acc71800 ffff8801c7cf7630 ffffffff81234081 ffff8800acc72108 [ 28.236297] Call Trace: [ 28.238854] [] dump_stack+0xc1/0x124 [ 28.244188] [] print_circular_bug+0x271/0x310 [ 28.250301] [] __lock_acquire+0x371f/0x4b50 [ 28.256242] [] ? save_stack_trace+0x26/0x50 [ 28.262182] [] ? save_stack+0x43/0xd0 [ 28.267601] [] ? kasan_slab_free+0x72/0xc0 [ 28.273451] [] ? kfree+0xfc/0x300 [ 28.278523] [] ? kobject_uevent_env+0x24f/0xb40 [ 28.284812] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.291793] [] ? __lock_acquire+0xb5f/0x4b50 [ 28.297830] [] ? __lock_is_held+0xa1/0xf0 [ 28.303623] [] lock_acquire+0x15e/0x460 [ 28.303630] [] ? blkdev_reread_part+0x1e/0x40 [ 28.303639] [] ? blkdev_reread_part+0x1e/0x40 [ 28.303646] [] mutex_lock_nested+0xbb/0x850 [ 28.303651] [] ? blkdev_reread_part+0x1e/0x40 [ 28.30