Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts. [ 121.532601] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 121.653473] audit: type=1400 audit(1555004398.221:36): avc: denied { map } for pid=6930 comm="syz-executor756" path="/root/syz-executor756537227" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 121.656806] [ 121.681355] ====================================================== [ 121.687880] WARNING: possible circular locking dependency detected [ 121.694301] 4.14.111 #1 Not tainted [ 121.697903] ------------------------------------------------------ [ 121.704314] syz-executor756/6930 is trying to acquire lock: [ 121.710086] (&bdev->bd_mutex){+.+.}, at: [] blkdev_reread_part+0x1f/0x40 [ 121.718579] [ 121.718579] but task is already holding lock: [ 121.724812] (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x134/0xae0 [ 121.732970] [ 121.732970] which lock already depends on the new lock. [ 121.732970] [ 121.741274] [ 121.741274] the existing dependency chain (in reverse order) is: [ 121.748935] [ 121.748935] -> #2 (&nbd->config_lock){+.+.}: [ 121.754944] lock_acquire+0x16f/0x430 [ 121.759254] __mutex_lock+0xe8/0x1470 [ 121.763553] mutex_lock_nested+0x16/0x20 [ 121.768112] nbd_open+0xf2/0x1f0 [ 121.772011] __blkdev_get+0x2c9/0x1120 [ 121.776527] blkdev_get+0xa8/0x8e0 [ 121.780566] blkdev_open+0x1d1/0x260 [ 121.784893] do_dentry_open+0x73e/0xeb0 [ 121.789386] vfs_open+0x105/0x230 [ 121.793462] path_openat+0x8bd/0x3f70 [ 121.797864] do_filp_open+0x18e/0x250 [ 121.802182] do_sys_open+0x2c5/0x430 [ 121.806512] SyS_open+0x2d/0x40 [ 121.810302] do_syscall_64+0x1eb/0x630 [ 121.814761] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 121.820460] [ 121.820460] -> #1 (nbd_index_mutex){+.+.}: [ 121.826168] lock_acquire+0x16f/0x430 [ 121.830571] __mutex_lock+0xe8/0x1470 [ 121.834900] mutex_lock_nested+0x16/0x20 [ 121.839474] nbd_open+0x27/0x1f0 [ 121.843400] __blkdev_get+0x2c9/0x1120 [ 121.847971] blkdev_get+0xa8/0x8e0 [ 121.852101] blkdev_open+0x1d1/0x260 [ 121.856324] do_dentry_open+0x73e/0xeb0 [ 121.860918] vfs_open+0x105/0x230 [ 121.864894] path_openat+0x8bd/0x3f70 [ 121.869197] do_filp_open+0x18e/0x250 [ 121.873501] do_sys_open+0x2c5/0x430 [ 121.877711] SyS_open+0x2d/0x40 [ 121.881501] do_syscall_64+0x1eb/0x630 [ 121.885919] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 121.891800] [ 121.891800] -> #0 (&bdev->bd_mutex){+.+.}: [ 121.898244] __lock_acquire+0x2c89/0x45e0 [ 121.902893] lock_acquire+0x16f/0x430 [ 121.907207] __mutex_lock+0xe8/0x1470 [ 121.911600] mutex_lock_nested+0x16/0x20 [ 121.916277] blkdev_reread_part+0x1f/0x40 [ 121.921043] nbd_ioctl+0x807/0xae0 [ 121.925105] blkdev_ioctl+0x983/0x1880 [ 121.929499] block_ioctl+0xde/0x120 [ 121.933688] do_vfs_ioctl+0x7b9/0x1070 [ 121.938096] SyS_ioctl+0x8f/0xc0 [ 121.941967] do_syscall_64+0x1eb/0x630 [ 121.946355] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 121.952158] [ 121.952158] other info that might help us debug this: [ 121.952158] [ 121.960385] Chain exists of: [ 121.960385] &bdev->bd_mutex --> nbd_index_mutex --> &nbd->config_lock [ 121.960385] [ 121.971561] Possible unsafe locking scenario: [ 121.971561] [ 121.977614] CPU0 CPU1 [ 121.982265] ---- ---- [ 121.986912] lock(&nbd->config_lock); [ 121.990775] lock(nbd_index_mutex); [ 121.997098] lock(&nbd->config_lock); [ 122.003485] lock(&bdev->bd_mutex); [ 122.007433] [ 122.007433] *** DEADLOCK *** [ 122.007433] [ 122.013477] 1 lock held by syz-executor756/6930: [ 122.018212] #0: (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x134/0xae0 [ 122.026693] [ 122.026693] stack backtrace: [ 122.031174] CPU: 1 PID: 6930 Comm: syz-executor756 Not tainted 4.14.111 #1 [ 122.038219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 122.047674] Call Trace: [ 122.050251] dump_stack+0x138/0x19c [ 122.053871] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 122.059247] __lock_acquire+0x2c89/0x45e0 [ 122.063379] ? is_bpf_text_address+0xa6/0x120 [ 122.067867] ? kernel_text_address+0x73/0xf0 [ 122.072269] ? trace_hardirqs_on+0x10/0x10 [ 122.076545] lock_acquire+0x16f/0x430 [ 122.080339] ? blkdev_reread_part+0x1f/0x40 [ 122.084645] ? blkdev_reread_part+0x1f/0x40 [ 122.089069] __mutex_lock+0xe8/0x1470 [ 122.092944] ? blkdev_reread_part+0x1f/0x40 [ 122.097363] ? save_trace+0x290/0x290 [ 122.101210] ? blkdev_reread_part+0x1f/0x40 [ 122.105533] ? mutex_trylock+0x1c0/0x1c0 [ 122.109580] ? bd_set_size+0x89/0xb0 [ 122.113286] ? lock_downgrade+0x6e0/0x6e0 [ 122.117427] mutex_lock_nested+0x16/0x20 [ 122.121625] ? mutex_lock_nested+0x16/0x20 [ 122.126135] blkdev_reread_part+0x1f/0x40 [ 122.130269] nbd_ioctl+0x807/0xae0 [ 122.133974] ? kasan_slab_free+0x75/0xc0 [ 122.138029] ? nbd_add_socket+0x5e0/0x5e0 [ 122.142176] ? debug_check_no_obj_freed+0x2aa/0x7b7 [ 122.147185] ? nbd_add_socket+0x5e0/0x5e0 [ 122.151376] blkdev_ioctl+0x983/0x1880 [ 122.155830] ? blkpg_ioctl+0x980/0x980 [ 122.160048] ? __might_sleep+0x93/0xb0 [ 122.163956] block_ioctl+0xde/0x120 [ 122.167707] ? blkdev_fallocate+0x3b0/0x3b0 [ 122.172214] do_vfs_ioctl+0x7b9/0x1070 [ 122.176090] ? selinux_file_mprotect+0x5d0/0x5d0 [ 122.181066] ? ioctl_preallocate+0x1c0/0x1c0 [ 122.185672] ? putname+0xe0/0x120 [ 122.189119] ? do_sys_open+0x221/0x430 [ 122.193062] ? security_file_ioctl+0x83/0xc0 [ 122.198123] ? security_file_ioctl+0x8f/0xc0 [ 122.202625] SyS_ioctl+0x8f/0xc0 [ 122.205988] ? do_vfs_ioctl+0x1070/0x1070 [ 122.210228] do_syscall_64+0x1eb/0x630 [ 122.214111] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 122.219072] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 122.224575] RIP: 0033:0x443df9 [ 122.227862] RSP: 002b:00007fff73275bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 122.236527] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443df9 [ 122.243992] RDX: 0000000000000000 RSI: 000000000000ab04 RDI: 0000000000000003 [ 122.251518] RBP: 00000000006ce018 R08: 0000000000000