[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.495359] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.129827] random: sshd: uninitialized urandom read (32 bytes read) [ 22.476979] random: sshd: uninitialized urandom read (32 bytes read) [ 23.208491] random: sshd: uninitialized urandom read (32 bytes read) [ 23.357953] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts. [ 28.747171] random: sshd: uninitialized urandom read (32 bytes read) 2018/04/27 05:32:28 parsed 1 programs 2018/04/27 05:32:28 executed programs: 0 [ 29.197475] IPVS: ftp: loaded support on port[0] = 21 [ 29.251599] [ 29.253255] ====================================================== [ 29.259544] WARNING: possible circular locking dependency detected [ 29.265832] 4.17.0-rc2+ #44 Not tainted [ 29.269776] ------------------------------------------------------ [ 29.276063] syz-executor0/4545 is trying to acquire lock: [ 29.281573] (ptrval) (&bdev->bd_mutex){+.+.}, at: blkdev_reread_part+0x1e/0x40 [ 29.289616] [ 29.289616] but task is already holding lock: [ 29.295557] (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170 [ 29.303854] [ 29.303854] which lock already depends on the new lock. [ 29.303854] [ 29.312145] [ 29.312145] the existing dependency chain (in reverse order) is: [ 29.319735] [ 29.319735] -> #2 (&lo->lo_ctl_mutex#2){+.+.}: [ 29.325780] __mutex_lock+0x16d/0x17f0 [ 29.330165] mutex_lock_nested+0x16/0x20 [ 29.334719] lo_release+0xa3/0x1f0 [ 29.338769] __blkdev_put+0x4f6/0x830 [ 29.343063] blkdev_put+0x98/0x540 [ 29.347103] blkdev_close+0x8b/0xb0 [ 29.351224] __fput+0x34d/0x890 [ 29.354998] ____fput+0x15/0x20 [ 29.358772] task_work_run+0x1e4/0x290 [ 29.363156] exit_to_usermode_loop+0x2bd/0x310 [ 29.368236] do_syscall_64+0x6ac/0x800 [ 29.372619] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.378301] [ 29.378301] -> #1 (loop_index_mutex){+.+.}: [ 29.384099] __mutex_lock+0x16d/0x17f0 [ 29.388482] mutex_lock_nested+0x16/0x20 [ 29.393039] lo_open+0x1b/0xb0 [ 29.396729] __blkdev_get+0x358/0x13a0 [ 29.401115] blkdev_get+0xb9/0xb30 [ 29.405151] blkdev_open+0x1fb/0x280 [ 29.409365] do_dentry_open+0x7ef/0xf10 [ 29.413834] vfs_open+0x139/0x230 [ 29.417782] path_openat+0x1676/0x4e20 [ 29.422163] do_filp_open+0x249/0x350 [ 29.426458] do_sys_open+0x56f/0x740 [ 29.430666] __x64_sys_open+0x7e/0xc0 [ 29.434964] do_syscall_64+0x1b1/0x800 [ 29.439346] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.445025] [ 29.445025] -> #0 (&bdev->bd_mutex){+.+.}: [ 29.450724] lock_acquire+0x1dc/0x520 [ 29.455018] __mutex_lock+0x16d/0x17f0 [ 29.459398] mutex_lock_nested+0x16/0x20 [ 29.463957] blkdev_reread_part+0x1e/0x40 [ 29.468598] loop_reread_partitions+0x159/0x180 [ 29.473759] loop_set_status+0xb95/0x1010 [ 29.478407] loop_set_status_compat+0xa4/0xf0 [ 29.483395] lo_compat_ioctl+0x14b/0x170 [ 29.487957] compat_blkdev_ioctl+0x3c2/0x1b20 [ 29.492946] __ia32_compat_sys_ioctl+0x221/0x640 [ 29.498196] do_fast_syscall_32+0x345/0xf9b [ 29.503011] entry_SYSENTER_compat+0x70/0x7f [ 29.507912] [ 29.507912] other info that might help us debug this: [ 29.507912] [ 29.516032] Chain exists of: [ 29.516032] &bdev->bd_mutex --> loop_index_mutex --> &lo->lo_ctl_mutex#2 [ 29.516032] [ 29.527373] Possible unsafe locking scenario: [ 29.527373] [ 29.533400] CPU0 CPU1 [ 29.538036] ---- ---- [ 29.542673] lock(&lo->lo_ctl_mutex#2); [ 29.546707] lock(loop_index_mutex); [ 29.552995] lock(&lo->lo_ctl_mutex#2); [ 29.559545] lock(&bdev->bd_mutex); [ 29.563232] [ 29.563232] *** DEADLOCK *** [ 29.563232] [ 29.569280] 1 lock held by syz-executor0/4545: [ 29.573830] #0: (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170 [ 29.582567] [ 29.582567] stack backtrace: [ 29.587038] CPU: 1 PID: 4545 Comm: syz-executor0 Not tainted 4.17.0-rc2+ #44 [ 29.594202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.603527] Call Trace: [ 29.606092] dump_stack+0x1b9/0x294 [ 29.609696] ? dump_stack_print_info.cold.2+0x52/0x52 [ 29.614863] ? print_lock+0xd1/0xd6 [ 29.618465] ? vprintk_func+0x81/0xe7 [ 29.622243] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 29.627933] ? save_trace+0xe0/0x290 [ 29.631620] __lock_acquire+0x343e/0x5140 [ 29.635747] ? debug_check_no_locks_freed+0x310/0x310 [ 29.640917] ? __lock_acquire+0x7f5/0x5140 [ 29.645127] ? debug_check_no_locks_freed+0x310/0x310 [ 29.650290] ? noop_count+0x40/0x40 [ 29.653893] ? bpf_prog_kallsyms_find+0xd6/0x4a0 [ 29.658624] ? __bpf_trace_bpf_map_next_key+0x40/0x40 [ 29.663787] ? lock_downgrade+0x8e0/0x8e0 [ 29.667913] ? print_usage_bug+0xc0/0xc0 [ 29.671946] ? print_usage_bug+0xc0/0xc0 [ 29.675981] ? kasan_check_read+0x11/0x20 [ 29.680104] ? graph_lock+0x170/0x170 [ 29.683878] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 29.689043] lock_acquire+0x1dc/0x520 [ 29.692819] ? blkdev_reread_part+0x1e/0x40 [ 29.697118] ? lock_release+0xa10/0xa10 [ 29.701068] ? check_same_owner+0x320/0x320 [ 29.705364] ? debug_check_no_locks_freed+0x310/0x310 [ 29.710528] ? rcu_note_context_switch+0x710/0x710 [ 29.715436] ? __might_sleep+0x95/0x190 [ 29.719387] ? blkdev_reread_part+0x1e/0x40 [ 29.723684] __mutex_lock+0x16d/0x17f0 [ 29.727549] ? blkdev_reread_part+0x1e/0x40 [ 29.731847] ? blkdev_reread_part+0x1e/0x40 [ 29.736144] ? debug_check_no_locks_freed+0x310/0x310 [ 29.741315] ? mutex_trylock+0x2a0/0x2a0 [ 29.745352] ? kasan_check_write+0x14/0x20 [ 29.749565] ? do_raw_spin_lock+0xc1/0x200 [ 29.753780] ? graph_lock+0x170/0x170 [ 29.757555] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 29.762632] ? graph_lock+0x170/0x170 [ 29.766411] ? graph_lock+0x170/0x170 [ 29.770188] ? save_stack+0xa9/0xd0 [ 29.773788] ? save_stack+0x43/0xd0 [ 29.777389] ? __lock_is_held+0xb5/0x140 [ 29.781425] ? print_usage_bug+0xc0/0xc0 [ 29.785460] ? lock_downgrade+0x8e0/0x8e0 [ 29.789582] ? mark_held_locks+0xc9/0x160 [ 29.793706] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 29.798270] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 29.803346] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.808341] ? trace_hardirqs_on+0xd/0x10 [ 29.812466] ? __wake_up_common_lock+0x1c2/0x300 [ 29.817197] mutex_lock_nested+0x16/0x20 [ 29.821237] ? mutex_lock_nested+0x16/0x20 [ 29.825458] blkdev_reread_part+0x1e/0x40 [ 29.829581] loop_reread_partitions+0x159/0x180 [ 29.834225] ? __loop_update_dio+0x6a0/0x6a0 [ 29.838610] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 29.844122] loop_set_status+0xb95/0x1010 [ 29.848258] loop_set_status_compat+0xa4/0xf0 [ 29.852724] ? loop_set_status+0x1010/0x1010 [ 29.857107] lo_compat_ioctl+0x14b/0x170 [ 29.861140] ? lo_ioctl+0x2130/0x2130 [ 29.864917] compat_blkdev_ioctl+0x3c2/0x1b20 [ 29.869388] ? bfq_create_group_hierarchy+0x120/0x120 [ 29.874555] ? __x32_compat_sys_get_robust_list+0x430/0x430 [ 29.880245] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.885757] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 29.890919] ? bfq_create_group_hierarchy+0x120/0x120 [ 29.896091] __ia32_compat_sys_ioctl+0x221/0x640 [ 29.900825] do_fast_syscall_32+0x345/0xf9b [ 29.905130] ? do_int80_syscall_32+0x880/0x880 [ 29.909685] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.914417] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.919944] ? syscall_return_slowpath+0x30f/0x5c0 [ 29.924848] ? sysret32_from_system_call+0x5/0x46 [ 29.929665] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.934486] entry_SYSENTER_compat+0x70/0x7f [ 29.938866] RIP: 0023:0xf7fd0cb9 [ 29.942206] RSP: 002b:00000000ffec169c EFLAGS: 00000286 ORIG_RAX: 0000000000000036 [ 29.949889] RAX: ffffffffffffffda RBX: 00000000000000