INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts. syzkaller login: [ 30.906715] [ 30.908395] ====================================================== [ 30.914704] WARNING: possible circular locking dependency detected [ 30.921020] 4.16.0+ #8 Not tainted [ 30.924558] ------------------------------------------------------ [ 30.930872] syzkaller177596/4490 is trying to acquire lock: [ 30.936597] 000000009ded834b (&mm->mmap_sem){++++}, at: __might_fault+0xfb/0x1e0 [ 30.944159] [ 30.944159] but task is already holding lock: [ 30.950205] 000000009d8914c0 (sk_lock-AF_INET6){+.+.}, at: do_ipv6_setsockopt.isra.9+0x576/0x4660 [ 30.959234] [ 30.959234] which lock already depends on the new lock. [ 30.959234] [ 30.967556] [ 30.967556] the existing dependency chain (in reverse order) is: [ 30.975179] [ 30.975179] -> #1 (sk_lock-AF_INET6){+.+.}: [ 30.981010] lock_sock_nested+0xd0/0x120 [ 30.985610] tcp_mmap+0x1c7/0x14f0 [ 30.989679] sock_mmap+0x8e/0xc0 [ 30.993576] mmap_region+0xd13/0x1820 [ 30.997905] do_mmap+0xc79/0x11d0 [ 31.001886] vm_mmap_pgoff+0x1fb/0x2a0 [ 31.006300] ksys_mmap_pgoff+0x4c9/0x640 [ 31.010885] SyS_mmap+0x16/0x20 [ 31.014854] do_syscall_64+0x29e/0x9d0 [ 31.019268] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 31.024973] [ 31.024973] -> #0 (&mm->mmap_sem){++++}: [ 31.030544] lock_acquire+0x1dc/0x520 [ 31.034864] __might_fault+0x155/0x1e0 [ 31.039251] _copy_from_user+0x30/0x150 [ 31.043742] do_ipv6_setsockopt.isra.9+0x29a4/0x4660 [ 31.049346] ipv6_setsockopt+0xbd/0x170 [ 31.053820] sctp_setsockopt+0x2da/0x7000 [ 31.058491] sock_common_setsockopt+0x9a/0xe0 [ 31.063482] __sys_setsockopt+0x1bd/0x390 [ 31.068214] SyS_setsockopt+0x34/0x50 [ 31.072516] do_syscall_64+0x29e/0x9d0 [ 31.076904] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 31.082591] [ 31.082591] other info that might help us debug this: [ 31.082591] [ 31.090711] Possible unsafe locking scenario: [ 31.090711] [ 31.096745] CPU0 CPU1 [ 31.101383] ---- ---- [ 31.106022] lock(sk_lock-AF_INET6); [ 31.109803] lock(&mm->mmap_sem); [ 31.115839] lock(sk_lock-AF_INET6); [ 31.122136] lock(&mm->mmap_sem); [ 31.125651] [ 31.125651] *** DEADLOCK *** [ 31.125651] [ 31.131691] 2 locks held by syzkaller177596/4490: [ 31.136506] #0: 000000006a72f10f (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 31.143772] #1: 000000009d8914c0 (sk_lock-AF_INET6){+.+.}, at: do_ipv6_setsockopt.isra.9+0x576/0x4660 [ 31.153211] [ 31.153211] stack backtrace: [ 31.157687] CPU: 0 PID: 4490 Comm: syzkaller177596 Not tainted 4.16.0+ #8 [ 31.164586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.173914] Call Trace: [ 31.176487] dump_stack+0x1b9/0x294 [ 31.180089] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.185260] ? print_lock+0xd1/0xd6 [ 31.188869] ? vprintk_func+0x81/0xe7 [ 31.192650] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 31.198335] ? save_trace+0xe0/0x290 [ 31.202026] __lock_acquire+0x343e/0x5140 [ 31.206154] ? kasan_check_read+0x11/0x20 [ 31.210280] ? debug_check_no_locks_freed+0x310/0x310 [ 31.215451] ? debug_check_no_locks_freed+0x310/0x310 [ 31.220619] ? kasan_check_write+0x14/0x20 [ 31.224834] ? __mutex_lock+0x7d9/0x17f0 [ 31.228877] ? kasan_check_read+0x11/0x20 [ 31.233001] ? mutex_trylock+0x2a0/0x2a0 [ 31.237044] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 31.242211] ? find_held_lock+0x36/0x1c0 [ 31.246250] ? graph_lock+0x170/0x170 [ 31.250025] ? graph_lock+0x170/0x170 [ 31.253808] ? graph_lock+0x170/0x170 [ 31.257587] lock_acquire+0x1dc/0x520 [ 31.261368] ? __might_fault+0xfb/0x1e0 [ 31.265324] ? lock_acquire+0x1dc/0x520 [ 31.269276] ? lock_release+0xa10/0xa10 [ 31.273231] ? check_same_owner+0x320/0x320 [ 31.277529] ? mark_held_locks+0xc9/0x160 [ 31.281655] ? __might_sleep+0x95/0x190 [ 31.285606] __might_fault+0x155/0x1e0 [ 31.289471] ? __might_fault+0xfb/0x1e0 [ 31.293425] _copy_from_user+0x30/0x150 [ 31.297379] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 31.302560] do_ipv6_setsockopt.isra.9+0x29a4/0x4660 [ 31.307640] ? ipv6_update_options+0x390/0x390 [ 31.312222] ? graph_lock+0x170/0x170 [ 31.316002] ? __lock_is_held+0xb5/0x140 [ 31.320039] ? print_usage_bug+0xc0/0xc0 [ 31.324075] ? lock_downgrade+0x8e0/0x8e0 [ 31.328201] ? mark_held_locks+0xc9/0x160 [ 31.332326] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 31.336885] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 31.341965] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.346963] ? pagevec_lru_move_fn+0x1e1/0x270 [ 31.351528] ? get_kernel_page+0x110/0x110 [ 31.355743] ? __lru_cache_add+0x31c/0x440 [ 31.359957] ? __pagevec_lru_add+0x30/0x30 [ 31.364169] ? mem_cgroup_usage+0x420/0x420 [ 31.368471] ? save_stack+0xa9/0xd0 [ 31.372075] ? save_stack+0x43/0xd0 [ 31.375683] ? kasan_kmalloc+0xc4/0xe0 [ 31.379549] ? kasan_slab_alloc+0x12/0x20 [ 31.383677] ? print_usage_bug+0xc0/0xc0 [ 31.387721] ? __handle_mm_fault+0x2adb/0x43c0 [ 31.392290] ? handle_mm_fault+0x53a/0xc70 [ 31.396516] ? lru_cache_add+0x22c/0x450 [ 31.400564] ? graph_lock+0x170/0x170 [ 31.404348] ipv6_setsockopt+0xbd/0x170 [ 31.408302] ? ipv6_setsockopt+0xbd/0x170 [ 31.412426] sctp_setsockopt+0x2da/0x7000 [ 31.416552] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 31.422237] ? lock_downgrade+0x8e0/0x8e0 [ 31.426372] ? pudp_huge_clear_flush+0x230/0x230 [ 31.431103] ? kasan_check_read+0x11/0x20 [ 31.435228] ? do_raw_spin_unlock+0x9e/0x2e0 [ 31.439633] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 31.444208] ? kasan_check_write+0x14/0x20 [ 31.448532] ? do_raw_spin_lock+0xc1/0x200 [ 31.452845] ? _raw_spin_unlock+0x22/0x30 [ 31.456973] ? do_huge_pmd_anonymous_page+0x4a8/0x1e30 [ 31.462231] ? __thp_get_unmapped_area+0x180/0x180 [ 31.467151] ? __lock_acquire+0x7f5/0x5140 [ 31.471375] ? debug_check_no_locks_freed+0x310/0x310 [ 31.476544] ? do_syscall_64+0x29e/0x9d0 [ 31.480585] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 31.486635] ? find_held_lock+0x36/0x1c0 [ 31.490691] ? debug_mutex_init+0x1c/0x60 [ 31.494823] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.499826] ? graph_lock+0x170/0x170 [ 31.503604] ? pud_val+0x80/0xf0 [ 31.506945] ? pmd_val+0xf0/0xf0 [ 31.510292] ? __mutex_init+0x1ef/0x280 [ 31.514253] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.519791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.525341] ? __handle_mm_fault+0x93a/0x43c0 [ 31.529819] ? vm_insert_mixed_mkwrite+0x40/0x40 [ 31.534554] ? graph_lock+0x170/0x170 [ 31.538367] ? graph_lock+0x170/0x170 [ 31.542159] ? find_held_lock+0x36/0x1c0 [ 31.546210] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.551743] ? __fget_light+0x2ef/0x430 [ 31.555709] ? fget_raw+0x20/0x20 [ 31.559158] ? lock_downgrade+0x8e0/0x8e0 [ 31.563288] ? handle_mm_fault+0x8c0/0xc70 [ 31.567505] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 31.573108] ? handle_mm_fault+0x55a/0xc70 [ 31.577323] sock_common_setsockopt+0x9a/0xe0 [ 31.581810] __sys_setsockopt+0x1bd/0x390 [ 31.585936] ? kernel_accept+0x310/0x310 [ 31.589976] ? mm_fault_error+0x380/0x380 [ 31.594102] SyS_setsockopt+0x34/0x50 [ 31.597886] ? SyS_recv+0x40/0x40 [ 31.601315] do_syscall_64+0x29e/0x9d0 [ 31.605180] ? vmalloc_sync_all+0x30/0x30 [ 31.609307] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.614039] ? syscall_return_slowpath+0x5c0/0x5c0 [ 31.618959] ? syscall_return_slowpath+0x30f/0x5c0 [ 31.623879] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.629397] ? retint_user+0x18/0x18 [ 31.633099] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.637927] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 31.643092] RIP: 0033:0x43fda9 [ 31.646258] RSP: 002b:00007ffc9523c298 EFLAGS: 00000217 ORIG_RAX: 0000000000000036 [ 31.653957] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000