[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.134' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   30.688585] 
[   30.690223] =====================================================
[   30.696423] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[   30.703161] 4.14.210-syzkaller #0 Not tainted
[   30.707641] -----------------------------------------------------
[   30.713844] syz-executor083/7987 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire:
[   30.721172]  (hugetlb_lock){+.+.}, at: [<ffffffff817df76b>] free_huge_page+0x5ab/0x7f0
[   30.729243] 
[   30.729243] and this task is already holding:
[   30.735184]  (slock-AF_INET){+.-.}, at: [<ffffffff862cd690>] tcp_close+0x540/0xed0
[   30.742869] which would create a new lock dependency:
[   30.748058]  (slock-AF_INET){+.-.} -> (hugetlb_lock){+.+.}
[   30.753919] 
[   30.753919] but this new dependency connects a SOFTIRQ-irq-safe lock:
[   30.761942]  (slock-AF_INET){+.-.}
[   30.761947] 
[   30.761947] ... which became SOFTIRQ-irq-safe at:
[   30.771766]   lock_acquire+0x170/0x3f0
[   30.775642]   _raw_spin_lock+0x2a/0x40
[   30.779514]   sk_clone_lock+0x3cf/0x11e0
[   30.783574]   inet_csk_clone_lock+0x1e/0x3f0
[   30.787957]   tcp_create_openreq_child+0x2c/0x1880
[   30.792881]   tcp_v4_syn_recv_sock+0xa8/0xf80
[   30.797358]   tcp_check_req+0x4c1/0x1460
[   30.801392]   tcp_v4_rcv+0x1c36/0x3560
[   30.805262]   ip_local_deliver_finish+0x3f2/0xab0
[   30.810098]   ip_local_deliver+0x167/0x460
[   30.814314]   ip_rcv_finish+0x6e3/0x19f0
[   30.818345]   ip_rcv+0x8a7/0xf01
[   30.821684]   __netif_receive_skb_core+0x15ee/0x2a30
[   30.826759]   __netif_receive_skb+0x27/0x1a0
[   30.831145]   netif_receive_skb_internal+0xd7/0x580
[   30.836143]   napi_gro_receive+0x2e2/0x400
[   30.840360]   receive_buf+0x5ef/0x4810
[   30.844230]   virtnet_poll+0x4b7/0x960
[   30.848104]   net_rx_action+0x466/0xfd0
[   30.852062]   __do_softirq+0x254/0xa1d
[   30.855941]   irq_exit+0x193/0x240
[   30.859475]   do_IRQ+0x112/0x1d0
[   30.862814]   ret_from_intr+0x0/0x1e
[   30.866500]   lock_is_held_type+0x30/0x210
[   30.870708]   ___might_sleep+0x1ea/0x2b0
[   30.874737]   gc_worker+0x625/0xb50
[   30.878335]   process_one_work+0x793/0x14a0
[   30.882627]   worker_thread+0x5cc/0xff0
[   30.886571]   kthread+0x30d/0x420
[   30.889998]   ret_from_fork+0x24/0x30
[   30.893765] 
[   30.893765] to a SOFTIRQ-irq-unsafe lock:
[   30.899368]  (hugetlb_lock){+.+.}
[   30.899373] 
[   30.899373] ... which became SOFTIRQ-irq-unsafe at:
[   30.909255] ...
[   30.909263]   lock_acquire+0x170/0x3f0
[   30.914978]   _raw_spin_lock+0x2a/0x40
[   30.918836]   hugetlb_overcommit_handler+0x283/0x400
[   30.923922]   proc_sys_call_handler.isra.0+0x1ba/0x340
[   30.929182]   __vfs_write+0xe4/0x630
[   30.932870]   vfs_write+0x17f/0x4d0
[   30.936469]   SyS_write+0xf2/0x210
[   30.939979]   do_syscall_64+0x1d5/0x640
[   30.943931]   entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   30.949175] 
[   30.949175] other info that might help us debug this:
[   30.949175] 
[   30.957289]  Possible interrupt unsafe locking scenario:
[   30.957289] 
[   30.964183]        CPU0                    CPU1
[   30.968822]        ----                    ----
[   30.973472]   lock(hugetlb_lock);
[   30.976899]                                local_irq_disable();
[   30.982925]                                lock(slock-AF_INET);
[   30.988968]                                lock(hugetlb_lock);
[   30.994908]   <Interrupt>
[   30.997647]     lock(slock-AF_INET);
[   31.001331] 
[   31.001331]  *** DEADLOCK ***
[   31.001331] 
[   31.007374] 3 locks held by syz-executor083/7987:
[   31.012184]  #0:  (&sb->s_type->i_mutex_key#13){+.+.}, at: [<ffffffff85d712c6>] __sock_release+0x86/0x2b0
[   31.021873]  #1:  (sk_lock-AF_INET){+.+.}, at: [<ffffffff862cd175>] tcp_close+0x25/0xed0
[   31.030080]  #2:  (slock-AF_INET){+.-.}, at: [<ffffffff862cd690>] tcp_close+0x540/0xed0
[   31.038198] 
[   31.038198] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[   31.047195] -> (slock-AF_INET){+.-.} ops: 7490 {
[   31.051925]    HARDIRQ-ON-W at:
[   31.055177]                     lock_acquire+0x170/0x3f0
[   31.060602]                     _raw_spin_lock_bh+0x2f/0x40
[   31.066289]                     lock_sock_nested+0x39/0x100
[   31.071970]                     inet_autobind+0x1a/0x180
[   31.077390]                     inet_dgram_connect+0x134/0x1f0
[   31.083335]                     SyS_connect+0x1f4/0x240
[   31.088686]                     do_syscall_64+0x1d5/0x640
[   31.094201]                     entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   31.101022]    IN-SOFTIRQ-W at:
[   31.104313]                     lock_acquire+0x170/0x3f0
[   31.109733]                     _raw_spin_lock+0x2a/0x40
[   31.115156]                     sk_clone_lock+0x3cf/0x11e0
[   31.120770]                     inet_csk_clone_lock+0x1e/0x3f0
[   31.126715]                     tcp_create_openreq_child+0x2c/0x1880
[   31.133193]                     tcp_v4_syn_recv_sock+0xa8/0xf80
[   31.139220]                     tcp_check_req+0x4c1/0x1460
[   31.144814]                     tcp_v4_rcv+0x1c36/0x3560
[   31.150247]                     ip_local_deliver_finish+0x3f2/0xab0
[   31.156623]                     ip_local_deliver+0x167/0x460
[   31.162389]                     ip_rcv_finish+0x6e3/0x19f0
[   31.167984]                     ip_rcv+0x8a7/0xf01
[   31.172886]                     __netif_receive_skb_core+0x15ee/0x2a30
[   31.179525]                     __netif_receive_skb+0x27/0x1a0
[   31.185468]                     netif_receive_skb_internal+0xd7/0x580
[   31.192018]                     napi_gro_receive+0x2e2/0x400
[   31.197823]                     receive_buf+0x5ef/0x4810
[   31.203257]                     virtnet_poll+0x4b7/0x960
[   31.208683]                     net_rx_action+0x466/0xfd0
[   31.214189]                     __do_softirq+0x254/0xa1d
[   31.219615]                     irq_exit+0x193/0x240
[   31.224689]                     do_IRQ+0x112/0x1d0
[   31.229604]                     ret_from_intr+0x0/0x1e
[   31.234863]                     lock_is_held_type+0x30/0x210
[   31.240634]                     ___might_sleep+0x1ea/0x2b0
[   31.246227]                     gc_worker+0x625/0xb50
[   31.251387]                     process_one_work+0x793/0x14a0
[   31.257242]                     worker_thread+0x5cc/0xff0
[   31.262760]                     kthread+0x30d/0x420
[   31.267754]                     ret_from_fork+0x24/0x30
[   31.273087]    INITIAL USE at:
[   31.276263]                    lock_acquire+0x170/0x3f0
[   31.281627]                    _raw_spin_lock_bh+0x2f/0x40
[   31.287221]                    lock_sock_nested+0x39/0x100
[   31.292831]                    inet_autobind+0x1a/0x180
[   31.298174]                    inet_dgram_connect+0x134/0x1f0
[   31.304031]                    SyS_connect+0x1f4/0x240
[   31.309287]                    do_syscall_64+0x1d5/0x640
[   31.314725]                    entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   31.321457]  }
[   31.323249]  ... key      at: [<ffffffff8c981a70>] af_family_slock_keys+0x10/0x180
[   31.330958]  ... acquired at:
[   31.334171]    lock_acquire+0x170/0x3f0
[   31.338118]    _raw_spin_lock+0x2a/0x40
[   31.342097]    free_huge_page+0x5ab/0x7f0
[   31.346224]    __put_page+0xb9/0x2f0
[   31.349910]    skb_release_data+0x25a/0x820
[   31.354301]    __kfree_skb+0x46/0x60
[   31.358001]    tcp_v4_destroy_sock+0x223/0x920
[   31.362569]    inet_csk_destroy_sock+0x169/0x400
[   31.367294]    tcp_close+0x85e/0xed0
[   31.370978]    inet_release+0xdf/0x1b0
[   31.374836]    __sock_release+0xcd/0x2b0
[   31.378902]    sock_close+0x15/0x20
[   31.382500]    __fput+0x25f/0x7a0
[   31.385939]    task_work_run+0x11f/0x190
[   31.389971]    do_exit+0xa44/0x2850
[   31.393570]    do_group_exit+0x100/0x2e0
[   31.397618]    get_signal+0x38d/0x1ca0
[   31.401488]    do_signal+0x7c/0x1550
[   31.405185]    exit_to_usermode_loop+0x160/0x200
[   31.409912]    do_syscall_64+0x4a3/0x640
[   31.413947]    entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   31.419282] 
[   31.420878] 
[   31.420878] the dependencies between the lock to be acquired
[   31.420881]  and SOFTIRQ-irq-unsafe lock:
[   31.432253] -> (hugetlb_lock){+.+.} ops: 26 {
[   31.436727]    HARDIRQ-ON-W at:
[   31.440011]                     lock_acquire+0x170/0x3f0
[   31.445472]                     _raw_spin_lock+0x2a/0x40
[   31.451074]                     hugetlb_overcommit_handler+0x283/0x400
[   31.457729]                     proc_sys_call_handler.isra.0+0x1ba/0x340
[   31.464541]                     __vfs_write+0xe4/0x630
[   31.469798]                     vfs_write+0x17f/0x4d0
[   31.474957]                     SyS_write+0xf2/0x210
[   31.480028]                     do_syscall_64+0x1d5/0x640
[   31.485543]                     entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   31.492383]    SOFTIRQ-ON-W at:
[   31.495637]                     lock_acquire+0x170/0x3f0
[   31.501057]                     _raw_spin_lock+0x2a/0x40
[   31.506475]                     hugetlb_overcommit_handler+0x283/0x400
[   31.513130]                     proc_sys_call_handler.isra.0+0x1ba/0x340
[   31.520117]                     __vfs_write+0xe4/0x630
[   31.525369]                     vfs_write+0x17f/0x4d0
[   31.530537]                     SyS_write+0xf2/0x210
[   31.535621]                     do_syscall_64+0x1d5/0x640
[   31.541144]                     entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   31.547951]    INITIAL USE at:
[   31.551122]                    lock_acquire+0x170/0x3f0
[   31.556469]                    _raw_spin_lock+0x2a/0x40
[   31.561817]                    hugetlb_overcommit_handler+0x283/0x400
[   31.568384]                    proc_sys_call_handler.isra.0+0x1ba/0x340
[   31.575124]                    __vfs_write+0xe4/0x630
[   31.580282]                    vfs_write+0x17f/0x4d0
[   31.585359]                    SyS_write+0xf2/0x210
[   31.590372]                    do_syscall_64+0x1d5/0x640
[   31.595809]                    entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   31.602527]  }
[   31.604301]  ... key      at: [<ffffffff89000698>] hugetlb_lock+0x18/0x15e0
[   31.611382]  ... acquired at:
[   31.614458]    lock_acquire+0x170/0x3f0
[   31.618405]    _raw_spin_lock+0x2a/0x40
[   31.622398]    free_huge_page+0x5ab/0x7f0
[   31.626524]    __put_page+0xb9/0x2f0
[   31.630210]    skb_release_data+0x25a/0x820
[   31.634501]    __kfree_skb+0x46/0x60
[   31.638186]    tcp_v4_destroy_sock+0x223/0x920
[   31.642739]    inet_csk_destroy_sock+0x169/0x400
[   31.647467]    tcp_close+0x85e/0xed0
[   31.651153]    inet_release+0xdf/0x1b0
[   31.655011]    __sock_release+0xcd/0x2b0
[   31.659156]    sock_close+0x15/0x20
[   31.662785]    __fput+0x25f/0x7a0
[   31.666213]    task_work_run+0x11f/0x190
[   31.670251]    do_exit+0xa44/0x2850
[   31.673988]    do_group_exit+0x100/0x2e0
[   31.678083]    get_signal+0x38d/0x1ca0
[   31.681942]    do_signal+0x7c/0x1550
[   31.685628]    exit_to_usermode_loop+0x160/0x200
[   31.690352]    do_syscall_64+0x4a3/0x640
[   31.694384]    entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   31.699715] 
[   31.701314] 
[   31.701314] stack backtrace:
[   31.705791] CPU: 0 PID: 7987 Comm: syz-executor083 Not tainted 4.14.210-syzkaller #0
[   31.713664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.723003] Call Trace:
[   31.725595]  dump_stack+0x1b2/0x283
[   31.729198]  check_usage.cold+0x806/0xbe6
[   31.733316]  ? check_usage_backwards+0x2c0/0x2c0
[   31.738058]  ? __save_stack_trace+0x63/0x160
[   31.742463]  ? is_bpf_text_address+0x91/0x150
[   31.746931]  ? lock_downgrade+0x740/0x740
[   31.751049]  ? is_bpf_text_address+0xb8/0x150
[   31.755515]  __lock_acquire+0x1cfc/0x3f20
[   31.759633]  ? trace_hardirqs_on+0x10/0x10
[   31.763838]  ? kasan_slab_free+0xc3/0x1a0
[   31.767957]  ? kmem_cache_free+0x7c/0x2b0
[   31.772087]  ? kfree_skbmem+0x7e/0x100
[   31.775948]  ? tcp_v4_destroy_sock+0x223/0x920
[   31.780509]  ? __sock_release+0xcd/0x2b0
[   31.784538]  ? sock_close+0x15/0x20
[   31.788156]  ? __fput+0x25f/0x7a0
[   31.791582]  ? task_work_run+0x11f/0x190
[   31.795612]  ? do_exit+0xa44/0x2850
[   31.799208]  ? do_group_exit+0x100/0x2e0
[   31.803254]  ? get_signal+0x38d/0x1ca0
[   31.807138]  ? exit_to_usermode_loop+0x160/0x200
[   31.811868]  ? do_syscall_64+0x4a3/0x640
[   31.815919]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   31.821256]  ? lock_acquire+0x170/0x3f0
[   31.825209]  lock_acquire+0x170/0x3f0
[   31.829021]  ? free_huge_page+0x5ab/0x7f0
[   31.833148]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[   31.838229]  _raw_spin_lock+0x2a/0x40
[   31.842015]  ? free_huge_page+0x5ab/0x7f0
[   31.846154]  free_huge_page+0x5ab/0x7f0
[   31.850116]  ? PageHuge+0x93/0x110
[   31.853648]  __put_page+0xb9/0x2f0
[   31.857165]  skb_release_data+0x25a/0x820
[   31.861288]  __kfree_skb+0x46/0x60
[   31.864818]  tcp_v4_destroy_sock+0x223/0x920
[   31.869205]  inet_csk_destroy_sock+0x169/0x400
[   31.873771]  tcp_close+0x85e/0xed0
[   31.877295]  inet_release+0xdf/0x1b0
[   31.880994]  __sock_release+0xcd/0x2b0
[   31.884853]  ? __sock_release+0x2b0/0x2b0
[   31.888982]  sock_close+0x15/0x20
[   31.892415]  __fput+0x25f/0x7a0
[   31.895679]  task_work_run+0x11f/0x190
[   31.899540]  do_exit+0xa44/0x2850
[   31.902984]  ? futex_lock_pi_atomic+0x250/0x2e0
[   31.907651]  ? mm_update_next_owner+0x5b0/0x5b0
[   31.912299]  ? get_signal+0x323/0x1ca0
[   31.916160]  ? lock_downgrade+0x740/0x740
[   31.920288]  do_group_exit+0x100/0x2e0
[   31.924162]  get_signal+0x38d/0x1ca0
[   31.927892]  ? apparmor_file_alloc_security+0x129/0x800
[   31.933239]  do_signal+0x7c/0x1550
[   31.936779]  ? setup_sigcontext+0x820/0x820
[   31.941077]  ? __fd_install+0x227/0x5c0
[   31.945050]  ? get_unused_fd_flags+0xc0/0xc0
[   31.949484]  ? sock_alloc_file+0x1ae/0x2e0
[   31.953836]  ? SyS_futex+0x1da/0x290
[   31.957521]  ? SyS_futex+0x1e3/0x290
[   31.961222]  ? exit_to_usermode_loop+0x41/0x200
[   31.965877]  exit_to_usermode_loop+0x160/0x200
[   31.970442]  do_syscall_64+0x4a3/0x640
[   31.974313]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   31.979475] RIP: 0033:0x445f39
[   31.982649] RSP: 002b:00007fd2628bdd98 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   31.990327] RAX: fffffffffffffe00 RBX: 000000