[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.575746] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.819465] random: sshd: uninitialized urandom read (32 bytes read)
[   22.244740] random: sshd: uninitialized urandom read (32 bytes read)
[   22.956625] random: sshd: uninitialized urandom read (32 bytes read)
[   29.097908] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts.
[   34.465040] random: sshd: uninitialized urandom read (32 bytes read)
2018/04/26 12:07:13 parsed 1 programs
2018/04/26 12:07:13 executed programs: 0
[   34.889832] IPVS: ftp: loaded support on port[0] = 21
[   38.996781] 
[   38.998440] ======================================================
[   39.004732] WARNING: possible circular locking dependency detected
[   39.011029] 4.17.0-rc2+ #42 Not tainted
[   39.014977] ------------------------------------------------------
[   39.021269] syz-executor0/5567 is trying to acquire lock:
[   39.026779]         (ptrval) (&bdev->bd_mutex){+.+.}, at: blkdev_reread_part+0x1e/0x40
[   39.034823] 
[   39.034823] but task is already holding lock:
[   39.040770]         (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170
[   39.049076] 
[   39.049076] which lock already depends on the new lock.
[   39.049076] 
[   39.057366] 
[   39.057366] the existing dependency chain (in reverse order) is:
[   39.064961] 
[   39.064961] -> #2 (&lo->lo_ctl_mutex#2){+.+.}:
[   39.071018]        __mutex_lock+0x16d/0x17f0
[   39.075426]        mutex_lock_nested+0x16/0x20
[   39.079986]        lo_release+0xa3/0x1f0
[   39.084046]        __blkdev_put+0x4f6/0x830
[   39.088350]        blkdev_put+0x98/0x540
[   39.092388]        blkdev_close+0x8b/0xb0
[   39.096525]        __fput+0x34d/0x890
[   39.100307]        ____fput+0x15/0x20
[   39.104086]        task_work_run+0x1e4/0x290
[   39.108498]        exit_to_usermode_loop+0x2bd/0x310
[   39.113580]        do_syscall_64+0x6ac/0x800
[   39.117973]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.123658] 
[   39.123658] -> #1 (loop_index_mutex){+.+.}:
[   39.129449]        __mutex_lock+0x16d/0x17f0
[   39.133833]        mutex_lock_nested+0x16/0x20
[   39.138393]        lo_open+0x1b/0xb0
[   39.142089]        __blkdev_get+0x358/0x13a0
[   39.146474]        blkdev_get+0xb9/0xb30
[   39.150511]        blkdev_open+0x1fb/0x280
[   39.154723]        do_dentry_open+0x7ef/0xf10
[   39.159193]        vfs_open+0x139/0x230
[   39.163146]        path_openat+0x1676/0x4e20
[   39.167530]        do_filp_open+0x249/0x350
[   39.171827]        do_sys_open+0x56f/0x740
[   39.176062]        __x64_sys_open+0x7e/0xc0
[   39.180370]        do_syscall_64+0x1b1/0x800
[   39.184769]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.190451] 
[   39.190451] -> #0 (&bdev->bd_mutex){+.+.}:
[   39.196149]        lock_acquire+0x1dc/0x520
[   39.200447]        __mutex_lock+0x16d/0x17f0
[   39.204830]        mutex_lock_nested+0x16/0x20
[   39.209399]        blkdev_reread_part+0x1e/0x40
[   39.214060]        loop_reread_partitions+0x159/0x180
[   39.219225]        loop_set_status+0xb95/0x1010
[   39.223882]        loop_set_status_compat+0xa4/0xf0
[   39.228872]        lo_compat_ioctl+0x14b/0x170
[   39.233430]        compat_blkdev_ioctl+0x3c2/0x1b20
[   39.238424]        __ia32_compat_sys_ioctl+0x221/0x640
[   39.243677]        do_fast_syscall_32+0x345/0xf9b
[   39.248495]        entry_SYSENTER_compat+0x70/0x7f
[   39.253395] 
[   39.253395] other info that might help us debug this:
[   39.253395] 
[   39.261512] Chain exists of:
[   39.261512]   &bdev->bd_mutex --> loop_index_mutex --> &lo->lo_ctl_mutex#2
[   39.261512] 
[   39.272856]  Possible unsafe locking scenario:
[   39.272856] 
[   39.278889]        CPU0                    CPU1
[   39.283528]        ----                    ----
[   39.288164]   lock(&lo->lo_ctl_mutex#2);
[   39.292201]                                lock(loop_index_mutex);
[   39.298492]                                lock(&lo->lo_ctl_mutex#2);
[   39.305046]   lock(&bdev->bd_mutex);
[   39.308737] 
[   39.308737]  *** DEADLOCK ***
[   39.308737] 
[   39.314775] 1 lock held by syz-executor0/5567:
[   39.319327]  #0:         (ptrval) (&lo->lo_ctl_mutex#2){+.+.}, at: lo_compat_ioctl+0x12a/0x170
[   39.328067] 
[   39.328067] stack backtrace:
[   39.332548] CPU: 0 PID: 5567 Comm: syz-executor0 Not tainted 4.17.0-rc2+ #42
[   39.339710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.349042] Call Trace:
[   39.351610]  dump_stack+0x1b9/0x294
[   39.355222]  ? dump_stack_print_info.cold.2+0x52/0x52
[   39.360391]  ? print_lock+0xd1/0xd6
[   39.364008]  ? vprintk_func+0x81/0xe7
[   39.367795]  print_circular_bug.isra.36.cold.54+0x1bd/0x27d
[   39.373481]  ? save_trace+0xe0/0x290
[   39.377180]  __lock_acquire+0x343e/0x5140
[   39.381308]  ? debug_check_no_locks_freed+0x310/0x310
[   39.386474]  ? __lock_acquire+0x7f5/0x5140
[   39.390685]  ? debug_check_no_locks_freed+0x310/0x310
[   39.395864]  ? noop_count+0x40/0x40
[   39.399471]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.404985]  ? bpf_prog_kallsyms_find+0xd6/0x4a0
[   39.409729]  ? __bpf_trace_bpf_map_next_key+0x40/0x40
[   39.414896]  ? is_bpf_text_address+0xae/0x170
[   39.419372]  ? lock_downgrade+0x8e0/0x8e0
[   39.423500]  ? print_usage_bug+0xc0/0xc0
[   39.427535]  ? print_usage_bug+0xc0/0xc0
[   39.431574]  ? kasan_check_read+0x11/0x20
[   39.435697]  ? graph_lock+0x170/0x170
[   39.439475]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   39.444644]  lock_acquire+0x1dc/0x520
[   39.448422]  ? blkdev_reread_part+0x1e/0x40
[   39.452721]  ? lock_release+0xa10/0xa10
[   39.456674]  ? check_same_owner+0x320/0x320
[   39.460972]  ? debug_check_no_locks_freed+0x310/0x310
[   39.466164]  ? rcu_note_context_switch+0x710/0x710
[   39.471160]  ? __might_sleep+0x95/0x190
[   39.475114]  ? blkdev_reread_part+0x1e/0x40
[   39.479413]  __mutex_lock+0x16d/0x17f0
[   39.483277]  ? blkdev_reread_part+0x1e/0x40
[   39.487575]  ? blkdev_reread_part+0x1e/0x40
[   39.491883]  ? debug_check_no_locks_freed+0x310/0x310
[   39.497051]  ? mutex_trylock+0x2a0/0x2a0
[   39.501089]  ? kasan_check_write+0x14/0x20
[   39.505298]  ? do_raw_spin_lock+0xc1/0x200
[   39.509508]  ? graph_lock+0x170/0x170
[   39.513286]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   39.518365]  ? graph_lock+0x170/0x170
[   39.522144]  ? graph_lock+0x170/0x170
[   39.525924]  ? save_stack+0xa9/0xd0
[   39.529535]  ? save_stack+0x43/0xd0
[   39.533138]  ? __lock_is_held+0xb5/0x140
[   39.537178]  ? print_usage_bug+0xc0/0xc0
[   39.541225]  ? lock_downgrade+0x8e0/0x8e0
[   39.545351]  ? mark_held_locks+0xc9/0x160
[   39.549475]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   39.554041]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[   39.559125]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   39.564119]  ? trace_hardirqs_on+0xd/0x10
[   39.568252]  ? __wake_up_common_lock+0x1c2/0x300
[   39.572995]  mutex_lock_nested+0x16/0x20
[   39.577039]  ? mutex_lock_nested+0x16/0x20
[   39.581703]  blkdev_reread_part+0x1e/0x40
[   39.585831]  loop_reread_partitions+0x159/0x180
[   39.590474]  ? __loop_update_dio+0x6a0/0x6a0
[   39.594862]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   39.600374]  loop_set_status+0xb95/0x1010
[   39.604507]  loop_set_status_compat+0xa4/0xf0
[   39.608979]  ? loop_set_status+0x1010/0x1010
[   39.613366]  lo_compat_ioctl+0x14b/0x170
[   39.617402]  ? lo_ioctl+0x2130/0x2130
[   39.621181]  compat_blkdev_ioctl+0x3c2/0x1b20
[   39.625653]  ? bfq_create_group_hierarchy+0x120/0x120
[   39.630824]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.636337]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   39.641501]  ? bfq_create_group_hierarchy+0x120/0x120
[   39.646670]  __ia32_compat_sys_ioctl+0x221/0x640
[   39.651403]  do_fast_syscall_32+0x345/0xf9b
[   39.655702]  ? do_int80_syscall_32+0x880/0x880
[   39.660261]  ? _raw_spin_unlock_irq+0x27/0x70
[   39.664732]  ? finish_task_switch+0x1ca/0x810
[   39.669206]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.674721]  ? syscall_return_slowpath+0x30f/0x5c0
[   39.679626]  ? sysret32_from_system_call+0x5/0x46
[   39.684456]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.689274]  entry_SYSENTER_compat+0x70/0x7f
[   39.693656] RIP: 0023:0xf7fa7cb9
[   39.696996] RSP: 002b:00000000f7fa30ac EFLAGS: 00000282 ORIG_RAX: 0000000000000036
[   39.704694] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000004c02
[   39.711940] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 0000000000000000
[   39.719186] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   39.726439] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   39.733687] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
2018/04/26 12:07:18 executed programs: 127
2018/04/26 12:07:23 executed programs: 305