INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts. syzkaller login: [ 29.573864] [ 29.575531] ====================================================== [ 29.581824] WARNING: possible circular locking dependency detected [ 29.588121] 4.16.0+ #9 Not tainted [ 29.591635] ------------------------------------------------------ [ 29.598103] syzkaller115950/4566 is trying to acquire lock: [ 29.603787] 000000007a0a9a64 (sk_lock-AF_INET){+.+.}, at: tcp_mmap+0x1c7/0x14f0 [ 29.611224] [ 29.611224] but task is already holding lock: [ 29.617183] 00000000e082948b (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 29.624791] [ 29.624791] which lock already depends on the new lock. [ 29.624791] [ 29.633085] [ 29.633085] the existing dependency chain (in reverse order) is: [ 29.640685] [ 29.640685] -> #1 (&mm->mmap_sem){++++}: [ 29.646374] __might_fault+0x155/0x1e0 [ 29.650799] _copy_from_iter_full+0x2fd/0xd10 [ 29.656944] tcp_sendmsg_locked+0x2f98/0x3e10 [ 29.661976] tcp_sendmsg+0x2f/0x50 [ 29.666040] inet_sendmsg+0x19f/0x690 [ 29.670468] sock_sendmsg+0xd5/0x120 [ 29.674701] sock_write_iter+0x35a/0x5a0 [ 29.679280] __vfs_write+0x64d/0x960 [ 29.684296] vfs_write+0x1f8/0x560 [ 29.688380] ksys_write+0xf9/0x250 [ 29.692459] SyS_write+0x24/0x30 [ 29.696487] do_syscall_64+0x29e/0x9d0 [ 29.701608] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.707327] [ 29.707327] -> #0 (sk_lock-AF_INET){+.+.}: [ 29.713220] lock_acquire+0x1dc/0x520 [ 29.717645] lock_sock_nested+0xd0/0x120 [ 29.722793] tcp_mmap+0x1c7/0x14f0 [ 29.727255] sock_mmap+0x8e/0xc0 [ 29.731635] mmap_region+0xd13/0x1820 [ 29.736432] do_mmap+0xc79/0x11d0 [ 29.740962] vm_mmap_pgoff+0x1fb/0x2a0 [ 29.746075] ksys_mmap_pgoff+0x4c9/0x640 [ 29.750667] SyS_mmap+0x16/0x20 [ 29.754464] do_syscall_64+0x29e/0x9d0 [ 29.759027] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.764715] [ 29.764715] other info that might help us debug this: [ 29.764715] [ 29.772943] Possible unsafe locking scenario: [ 29.772943] [ 29.778980] CPU0 CPU1 [ 29.783623] ---- ---- [ 29.788263] lock(&mm->mmap_sem); [ 29.791783] lock(sk_lock-AF_INET); [ 29.797999] lock(&mm->mmap_sem); [ 29.804066] lock(sk_lock-AF_INET); [ 29.807765] [ 29.807765] *** DEADLOCK *** [ 29.807765] [ 29.813804] 1 lock held by syzkaller115950/4566: [ 29.818533] #0: 00000000e082948b (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 29.826587] [ 29.826587] stack backtrace: [ 29.831072] CPU: 1 PID: 4566 Comm: syzkaller115950 Not tainted 4.16.0+ #9 [ 29.837977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.847316] Call Trace: [ 29.849890] dump_stack+0x1b9/0x294 [ 29.853504] ? dump_stack_print_info.cold.2+0x52/0x52 [ 29.858675] ? print_lock+0xd1/0xd6 [ 29.862285] ? vprintk_func+0x81/0xe7 [ 29.866069] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 29.871761] ? save_trace+0xe0/0x290 [ 29.875457] __lock_acquire+0x343e/0x5140 [ 29.879587] ? debug_check_no_locks_freed+0x310/0x310 [ 29.884760] ? find_held_lock+0x36/0x1c0 [ 29.888806] ? kasan_check_read+0x11/0x20 [ 29.892939] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 29.898117] ? graph_lock+0x170/0x170 [ 29.901899] ? kernel_text_address+0x79/0xf0 [ 29.906293] ? __unwind_start+0x166/0x330 [ 29.910422] ? __save_stack_trace+0x7e/0xd0 [ 29.914728] lock_acquire+0x1dc/0x520 [ 29.918510] ? tcp_mmap+0x1c7/0x14f0 [ 29.922204] ? lock_release+0xa10/0xa10 [ 29.926160] ? kasan_check_read+0x11/0x20 [ 29.930295] ? do_raw_spin_unlock+0x9e/0x2e0 [ 29.934691] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 29.939259] ? kasan_check_write+0x14/0x20 [ 29.943484] ? do_raw_spin_lock+0xc1/0x200 [ 29.947711] lock_sock_nested+0xd0/0x120 [ 29.951769] ? tcp_mmap+0x1c7/0x14f0 [ 29.955495] tcp_mmap+0x1c7/0x14f0 [ 29.959040] ? __lock_is_held+0xb5/0x140 [ 29.963089] ? tcp_splice_read+0xfc0/0xfc0 [ 29.967321] ? rcu_read_lock_sched_held+0x108/0x120 [ 29.972320] ? kmem_cache_alloc+0x5fa/0x760 [ 29.976629] sock_mmap+0x8e/0xc0 [ 29.979984] mmap_region+0xd13/0x1820 [ 29.983768] ? SyS_brk+0x750/0x750 [ 29.987297] ? arch_get_unmapped_area+0x750/0x750 [ 29.992123] ? lock_acquire+0x1dc/0x520 [ 29.996081] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 30.000123] ? cap_mmap_addr+0x52/0x130 [ 30.004081] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.009602] ? security_mmap_addr+0x80/0xa0 [ 30.013909] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 30.019432] ? get_unmapped_area+0x292/0x3b0 [ 30.023826] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 30.029351] do_mmap+0xc79/0x11d0 [ 30.032793] ? mmap_region+0x1820/0x1820 [ 30.036837] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 30.040876] ? down_read_killable+0x1f0/0x1f0 [ 30.045355] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.050875] ? security_mmap_file+0x166/0x1b0 [ 30.055354] vm_mmap_pgoff+0x1fb/0x2a0 [ 30.059228] ? vma_is_stack_for_current+0xd0/0xd0 [ 30.064056] ? get_unused_fd_flags+0x121/0x190 [ 30.068647] ksys_mmap_pgoff+0x4c9/0x640 [ 30.072710] ? find_mergeable_anon_vma+0xd0/0xd0 [ 30.077461] ? do_syscall_64+0xb7/0x9d0 [ 30.081424] ? align_vdso_addr+0x60/0x60 [ 30.085472] SyS_mmap+0x16/0x20 [ 30.088737] do_syscall_64+0x29e/0x9d0 [ 30.092609] ? vmalloc_sync_all+0x30/0x30 [ 30.096746] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 30.101492] ? syscall_return_slowpath+0x5c0/0x5c0 [ 30.106409] ? syscall_return_slowpath+0x30f/0x5c0 [ 30.111323] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 30.116673] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.121501] entry_SYSCALL_64_after_hwframe+0x42/0xb7