INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts. syzkaller login: [ 26.027875] [ 26.029659] ====================================================== [ 26.035968] WARNING: possible circular locking dependency detected [ 26.042269] 4.16.0+ #8 Not tainted [ 26.045786] ------------------------------------------------------ [ 26.052088] syzkaller192450/4488 is trying to acquire lock: [ 26.057784] 00000000f3bb5708 (sk_lock-AF_INET){+.+.}, at: tcp_mmap+0x1c7/0x14f0 [ 26.065240] [ 26.065240] but task is already holding lock: [ 26.071216] 00000000ee851b87 (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 26.078835] [ 26.078835] which lock already depends on the new lock. [ 26.078835] [ 26.087141] [ 26.087141] the existing dependency chain (in reverse order) is: [ 26.094758] [ 26.094758] -> #1 (&mm->mmap_sem){++++}: [ 26.100293] __might_fault+0x155/0x1e0 [ 26.104693] _copy_from_iter_full+0x2fd/0xd10 [ 26.109693] tcp_sendmsg_locked+0x2f98/0x3e10 [ 26.114686] tcp_sendmsg+0x2f/0x50 [ 26.118728] inet_sendmsg+0x19f/0x690 [ 26.123040] sock_sendmsg+0xd5/0x120 [ 26.127269] sock_write_iter+0x35a/0x5a0 [ 26.131833] __vfs_write+0x64d/0x960 [ 26.136051] vfs_write+0x1f8/0x560 [ 26.140113] ksys_write+0xf9/0x250 [ 26.144158] SyS_write+0x24/0x30 [ 26.148032] do_syscall_64+0x29e/0x9d0 [ 26.152428] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 26.158116] [ 26.158116] -> #0 (sk_lock-AF_INET){+.+.}: [ 26.163831] lock_acquire+0x1dc/0x520 [ 26.168149] lock_sock_nested+0xd0/0x120 [ 26.172712] tcp_mmap+0x1c7/0x14f0 [ 26.176780] sock_mmap+0x8e/0xc0 [ 26.180666] mmap_region+0xd13/0x1820 [ 26.184997] do_mmap+0xc79/0x11d0 [ 26.188973] vm_mmap_pgoff+0x1fb/0x2a0 [ 26.193367] ksys_mmap_pgoff+0x4c9/0x640 [ 26.197930] SyS_mmap+0x16/0x20 [ 26.201712] do_syscall_64+0x29e/0x9d0 [ 26.206121] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 26.211804] [ 26.211804] other info that might help us debug this: [ 26.211804] [ 26.219926] Possible unsafe locking scenario: [ 26.219926] [ 26.225962] CPU0 CPU1 [ 26.230604] ---- ---- [ 26.235247] lock(&mm->mmap_sem); [ 26.238767] lock(sk_lock-AF_INET); [ 26.244979] lock(&mm->mmap_sem); [ 26.251025] lock(sk_lock-AF_INET); [ 26.254730] [ 26.254730] *** DEADLOCK *** [ 26.254730] [ 26.260770] 1 lock held by syzkaller192450/4488: [ 26.265498] #0: 00000000ee851b87 (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 26.273544] [ 26.273544] stack backtrace: [ 26.278029] CPU: 1 PID: 4488 Comm: syzkaller192450 Not tainted 4.16.0+ #8 [ 26.284930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.294269] Call Trace: [ 26.296844] dump_stack+0x1b9/0x294 [ 26.300451] ? dump_stack_print_info.cold.2+0x52/0x52 [ 26.305629] ? print_lock+0xd1/0xd6 [ 26.309235] ? vprintk_func+0x81/0xe7 [ 26.313024] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 26.318717] ? save_trace+0xe0/0x290 [ 26.322408] __lock_acquire+0x343e/0x5140 [ 26.326538] ? debug_check_no_locks_freed+0x310/0x310 [ 26.331706] ? find_held_lock+0x36/0x1c0 [ 26.335752] ? kasan_check_read+0x11/0x20 [ 26.339883] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 26.345055] ? graph_lock+0x170/0x170 [ 26.348838] ? kernel_text_address+0x79/0xf0 [ 26.353233] ? __unwind_start+0x166/0x330 [ 26.357364] ? __save_stack_trace+0x7e/0xd0 [ 26.361667] lock_acquire+0x1dc/0x520 [ 26.365446] ? tcp_mmap+0x1c7/0x14f0 [ 26.369139] ? lock_release+0xa10/0xa10 [ 26.373265] ? kasan_check_read+0x11/0x20 [ 26.377391] ? do_raw_spin_unlock+0x9e/0x2e0 [ 26.381782] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 26.386350] ? kasan_check_write+0x14/0x20 [ 26.390568] ? do_raw_spin_lock+0xc1/0x200 [ 26.394783] lock_sock_nested+0xd0/0x120 [ 26.398854] ? tcp_mmap+0x1c7/0x14f0 [ 26.402674] tcp_mmap+0x1c7/0x14f0 [ 26.406201] ? __lock_is_held+0xb5/0x140 [ 26.410244] ? tcp_splice_read+0xfc0/0xfc0 [ 26.414470] ? rcu_read_lock_sched_held+0x108/0x120 [ 26.419466] ? kmem_cache_alloc+0x5fa/0x760 [ 26.423776] sock_mmap+0x8e/0xc0 [ 26.427135] mmap_region+0xd13/0x1820 [ 26.430916] ? SyS_brk+0x750/0x750 [ 26.434438] ? arch_get_unmapped_area+0x750/0x750 [ 26.439279] ? lock_acquire+0x1dc/0x520 [ 26.443233] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 26.447273] ? cap_mmap_addr+0x52/0x130 [ 26.451227] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 26.456741] ? security_mmap_addr+0x80/0xa0 [ 26.461044] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 26.466559] ? get_unmapped_area+0x292/0x3b0 [ 26.470951] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 26.476466] do_mmap+0xc79/0x11d0 [ 26.479907] ? mmap_region+0x1820/0x1820 [ 26.483947] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 26.487994] ? down_read_killable+0x1f0/0x1f0 [ 26.492472] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 26.497988] ? security_mmap_file+0x166/0x1b0 [ 26.502465] vm_mmap_pgoff+0x1fb/0x2a0 [ 26.506332] ? vma_is_stack_for_current+0xd0/0xd0 [ 26.511153] ? get_unused_fd_flags+0x121/0x190 [ 26.515716] ksys_mmap_pgoff+0x4c9/0x640 [ 26.519762] ? find_mergeable_anon_vma+0xd0/0xd0 [ 26.524505] ? do_syscall_64+0xb7/0x9d0 [ 26.528459] ? align_vdso_addr+0x60/0x60 [ 26.532508] SyS_mmap+0x16/0x20 [ 26.535770] do_syscall_64+0x29e/0x9d0 [ 26.539636] ? vmalloc_sync_all+0x30/0x30 [ 26.543761] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.548497] ? syscall_return_slowpath+0x5c0/0x5c0 [ 26.553405] ? syscall_return_slowpath+0x30f/0x5c0 [ 26.558322] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 26.563672] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.568505] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 26.573679] RIP: 0033:0x43fc99 [ 26.576851] RSP: 002b:00007fffe98f2dc8