INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts. syzkaller login: [ 29.112750] [ 29.114422] ====================================================== [ 29.120712] WARNING: possible circular locking dependency detected [ 29.127006] 4.16.0+ #11 Not tainted [ 29.130628] ------------------------------------------------------ [ 29.136919] syzkaller336064/4489 is trying to acquire lock: [ 29.142602] 000000005f8bfa0f (&mm->mmap_sem){++++}, at: __might_fault+0xfb/0x1e0 [ 29.150130] [ 29.150130] but task is already holding lock: [ 29.156076] 0000000098e7a1e2 (sk_lock-AF_INET6){+.+.}, at: do_ipv6_setsockopt.isra.9+0x5ba/0x4660 [ 29.165073] [ 29.165073] which lock already depends on the new lock. [ 29.165073] [ 29.173367] [ 29.173367] the existing dependency chain (in reverse order) is: [ 29.180975] [ 29.180975] -> #1 (sk_lock-AF_INET6){+.+.}: [ 29.186767] lock_sock_nested+0xd0/0x120 [ 29.191329] tcp_mmap+0x1c7/0x14f0 [ 29.195366] sock_mmap+0x8e/0xc0 [ 29.199233] mmap_region+0xd13/0x1820 [ 29.203532] do_mmap+0xc79/0x11d0 [ 29.207485] vm_mmap_pgoff+0x1fb/0x2a0 [ 29.211871] ksys_mmap_pgoff+0x4c9/0x640 [ 29.216432] SyS_mmap+0x16/0x20 [ 29.220213] do_syscall_64+0x29e/0x9d0 [ 29.224601] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.230293] [ 29.230293] -> #0 (&mm->mmap_sem){++++}: [ 29.235819] lock_acquire+0x1dc/0x520 [ 29.240118] __might_fault+0x155/0x1e0 [ 29.244504] _copy_from_user+0x30/0x150 [ 29.248986] do_ipv6_setsockopt.isra.9+0x2a78/0x4660 [ 29.254586] ipv6_setsockopt+0xbd/0x170 [ 29.259075] sctp_setsockopt+0x2da/0x7000 [ 29.263727] sock_common_setsockopt+0x9a/0xe0 [ 29.268730] __sys_setsockopt+0x1bd/0x390 [ 29.273376] SyS_setsockopt+0x34/0x50 [ 29.277676] do_syscall_64+0x29e/0x9d0 [ 29.282065] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.287749] [ 29.287749] other info that might help us debug this: [ 29.287749] [ 29.295868] Possible unsafe locking scenario: [ 29.295868] [ 29.301910] CPU0 CPU1 [ 29.306550] ---- ---- [ 29.311276] lock(sk_lock-AF_INET6); [ 29.315053] lock(&mm->mmap_sem); [ 29.321085] lock(sk_lock-AF_INET6); [ 29.327378] lock(&mm->mmap_sem); [ 29.330891] [ 29.330891] *** DEADLOCK *** [ 29.330891] [ 29.336927] 1 lock held by syzkaller336064/4489: [ 29.341665] #0: 0000000098e7a1e2 (sk_lock-AF_INET6){+.+.}, at: do_ipv6_setsockopt.isra.9+0x5ba/0x4660 [ 29.351106] [ 29.351106] stack backtrace: [ 29.355582] CPU: 0 PID: 4489 Comm: syzkaller336064 Not tainted 4.16.0+ #11 [ 29.362571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.371902] Call Trace: [ 29.374475] dump_stack+0x1b9/0x294 [ 29.378083] ? dump_stack_print_info.cold.2+0x52/0x52 [ 29.383255] ? print_lock+0xd1/0xd6 [ 29.386860] ? vprintk_func+0x81/0xe7 [ 29.390649] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 29.396337] ? save_trace+0xe0/0x290 [ 29.400037] __lock_acquire+0x343e/0x5140 [ 29.404175] ? debug_check_no_locks_freed+0x310/0x310 [ 29.409348] ? debug_check_no_locks_freed+0x310/0x310 [ 29.414520] ? debug_check_no_locks_freed+0x310/0x310 [ 29.419696] ? __isolate_free_page+0x7c0/0x7c0 [ 29.424259] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 29.428819] ? print_usage_bug+0xc0/0xc0 [ 29.432859] ? __lock_acquire+0x7f5/0x5140 [ 29.437083] ? get_page_from_freelist+0x4ac8/0x4f00 [ 29.442079] ? graph_lock+0x170/0x170 [ 29.445856] ? graph_lock+0x170/0x170 [ 29.449640] ? graph_lock+0x170/0x170 [ 29.453419] lock_acquire+0x1dc/0x520 [ 29.457200] ? __might_fault+0xfb/0x1e0 [ 29.461152] ? lock_acquire+0x1dc/0x520 [ 29.465103] ? lock_release+0xa10/0xa10 [ 29.469060] ? check_same_owner+0x320/0x320 [ 29.473359] ? mark_held_locks+0xc9/0x160 [ 29.477486] ? __might_sleep+0x95/0x190 [ 29.481439] __might_fault+0x155/0x1e0 [ 29.485303] ? __might_fault+0xfb/0x1e0 [ 29.489268] _copy_from_user+0x30/0x150 [ 29.493223] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 29.498407] do_ipv6_setsockopt.isra.9+0x2a78/0x4660 [ 29.503487] ? ipv6_update_options+0x390/0x390 [ 29.508053] ? __lock_acquire+0x7f5/0x5140 [ 29.512264] ? print_usage_bug+0xc0/0xc0 [ 29.516305] ? __lock_acquire+0x7f5/0x5140 [ 29.520518] ? check_usage+0x19f/0x770 [ 29.524385] ? modules_open+0xa0/0xa0 [ 29.528167] ? debug_check_no_locks_freed+0x310/0x310 [ 29.533334] ? print_usage_bug+0xc0/0xc0 [ 29.537372] ? check_noncircular+0x20/0x20 [ 29.541587] ? print_usage_bug+0xc0/0xc0 [ 29.545628] ? check_noncircular+0x20/0x20 [ 29.549841] ? __lock_acquire+0x7f5/0x5140 [ 29.554057] ? debug_check_no_locks_freed+0x310/0x310 [ 29.559224] ? debug_check_no_locks_freed+0x310/0x310 [ 29.564403] ? __lock_acquire+0x7f5/0x5140 [ 29.568620] ? lock_downgrade+0x8e0/0x8e0 [ 29.572747] ? print_usage_bug+0xc0/0xc0 [ 29.576788] ? debug_check_no_locks_freed+0x310/0x310 [ 29.581958] ipv6_setsockopt+0xbd/0x170 [ 29.585911] ? ipv6_setsockopt+0xbd/0x170 [ 29.590042] sctp_setsockopt+0x2da/0x7000 [ 29.594169] ? __lock_acquire+0x7f5/0x5140 [ 29.598383] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 29.604072] ? graph_lock+0x170/0x170 [ 29.607853] ? debug_check_no_locks_freed+0x310/0x310 [ 29.613030] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.618552] ? __lru_cache_add+0x31c/0x440 [ 29.622769] ? __pagevec_lru_add+0x30/0x30 [ 29.626983] ? kasan_check_read+0x11/0x20 [ 29.631109] ? rcu_is_watching+0x85/0x140 [ 29.635235] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 29.640414] ? print_usage_bug+0xc0/0xc0 [ 29.644456] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 29.649976] ? lru_cache_add+0x22c/0x450 [ 29.654019] ? graph_lock+0x170/0x170 [ 29.657804] ? __mem_cgroup_threshold+0x720/0x720 [ 29.662623] ? mark_held_locks+0xc9/0x160 [ 29.666752] ? page_add_new_anon_rmap+0x3ff/0x850 [ 29.671603] ? find_held_lock+0x36/0x1c0 [ 29.675644] ? lock_downgrade+0x8e0/0x8e0 [ 29.679770] ? kasan_check_read+0x11/0x20 [ 29.683896] ? do_raw_spin_unlock+0x9e/0x2e0 [ 29.688285] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 29.692843] ? pte_val+0xf0/0xf0 [ 29.696188] ? kasan_check_write+0x14/0x20 [ 29.700399] ? do_raw_spin_lock+0xc1/0x200 [ 29.704614] ? _raw_spin_unlock+0x22/0x30 [ 29.708744] ? __handle_mm_fault+0x93a/0x43c0 [ 29.713251] ? vm_insert_mixed_mkwrite+0x40/0x40 [ 29.717983] ? graph_lock+0x170/0x170 [ 29.721761] ? graph_lock+0x170/0x170 [ 29.725539] ? find_held_lock+0x36/0x1c0 [ 29.729589] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.735108] ? __fget_light+0x2ef/0x430 [ 29.739066] ? fget_raw+0x20/0x20 [ 29.742497] ? lock_downgrade+0x8e0/0x8e0 [ 29.746623] ? handle_mm_fault+0x8c0/0xc70 [ 29.750837] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 29.756351] ? handle_mm_fault+0x55a/0xc70 [ 29.760569] sock_common_setsockopt+0x9a/0xe0 [ 29.765050] __sys_setsockopt+0x1bd/0x390 [ 29.769176] ? kernel_accept+0x310/0x310 [ 29.773226] ? mm_fault_error+0x380/0x380 [ 29.777351] SyS_setsockopt+0x34/0x50 [ 29.781129] ? SyS_recv+0x40/0x40 [ 29.784566] do_syscall_64+0x29e/0x9d0 [ 29.788431] ? vmalloc_sync_all+0x30/0x30 [ 29.792557] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 29.797382] ? syscall_return_slowpath+0x5c0/0x5c0 [ 29.802292] ? syscall_return_slowpath+0x30f/0x5c0 [ 29.807211] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.812729] ? retint_user+0x18/0x18 [ 29.816421] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.821242] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.826408] RIP: 0033:0x43fe59 [ 29.829573] RSP: 002b:00007fff7135f748 EFLAGS: 00000217 ORIG_RAX: 0000000000000036 [ 29.837258] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe59 [ 29.844530] RDX: 0000000000000032 RSI: 0000000000000029 RDI: 0000000000000004 [ 29.851788] RBP: 00000000006ca018 R08: 0000000000000108 R09: 00000000004002c8 [ 29.859039] R10: 0000000020000140 R11: 0000000000000217 R12: 0000000000401780