INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. syzkaller login: [ 28.918548] [ 28.920201] ====================================================== [ 28.926493] WARNING: possible circular locking dependency detected [ 28.932784] 4.17.0-rc1+ #15 Not tainted [ 28.936730] ------------------------------------------------------ [ 28.943027] syzkaller171061/4498 is trying to acquire lock: [ 28.948719] 00000000d572495d (&mm->mmap_sem){++++}, at: __might_fault+0xfb/0x1e0 [ 28.956243] [ 28.956243] but task is already holding lock: [ 28.962190] 00000000531f6891 (sk_lock-AF_INET6){+.+.}, at: do_ipv6_setsockopt.isra.9+0x5ba/0x4660 [ 28.971196] [ 28.971196] which lock already depends on the new lock. [ 28.971196] [ 28.979489] [ 28.979489] the existing dependency chain (in reverse order) is: [ 28.987085] [ 28.987085] -> #1 (sk_lock-AF_INET6){+.+.}: [ 28.992873] lock_sock_nested+0xd0/0x120 [ 28.997431] tcp_mmap+0x1c7/0x14f0 [ 29.001478] sock_mmap+0x8e/0xc0 [ 29.005346] mmap_region+0xd13/0x1820 [ 29.009643] do_mmap+0xc79/0x11d0 [ 29.013601] vm_mmap_pgoff+0x1fb/0x2a0 [ 29.017986] ksys_mmap_pgoff+0x4c9/0x640 [ 29.022545] __x64_sys_mmap+0xe9/0x1b0 [ 29.026932] do_syscall_64+0x1b1/0x800 [ 29.031319] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.037005] [ 29.037005] -> #0 (&mm->mmap_sem){++++}: [ 29.042544] lock_acquire+0x1dc/0x520 [ 29.046843] __might_fault+0x155/0x1e0 [ 29.051229] _copy_from_user+0x30/0x150 [ 29.055703] ipv6_renew_option+0x16e/0x2a0 [ 29.060432] ipv6_renew_options+0x917/0xc40 [ 29.065254] do_ipv6_setsockopt.isra.9+0x2c45/0x4660 [ 29.070854] ipv6_setsockopt+0xbd/0x170 [ 29.075331] udpv6_setsockopt+0x62/0xa0 [ 29.079804] sock_common_setsockopt+0x9a/0xe0 [ 29.084797] __sys_setsockopt+0x1bd/0x390 [ 29.089450] __x64_sys_setsockopt+0xbe/0x150 [ 29.094367] do_syscall_64+0x1b1/0x800 [ 29.098753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.104436] [ 29.104436] other info that might help us debug this: [ 29.104436] [ 29.112551] Possible unsafe locking scenario: [ 29.112551] [ 29.118583] CPU0 CPU1 [ 29.123222] ---- ---- [ 29.127861] lock(sk_lock-AF_INET6); [ 29.131645] lock(&mm->mmap_sem); [ 29.137676] lock(sk_lock-AF_INET6); [ 29.143966] lock(&mm->mmap_sem); [ 29.147479] [ 29.147479] *** DEADLOCK *** [ 29.147479] [ 29.153517] 1 lock held by syzkaller171061/4498: [ 29.158244] #0: 00000000531f6891 (sk_lock-AF_INET6){+.+.}, at: do_ipv6_setsockopt.isra.9+0x5ba/0x4660 [ 29.167685] [ 29.167685] stack backtrace: [ 29.172160] CPU: 0 PID: 4498 Comm: syzkaller171061 Not tainted 4.17.0-rc1+ #15 [ 29.179494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.188821] Call Trace: [ 29.191386] dump_stack+0x1b9/0x294 [ 29.194992] ? dump_stack_print_info.cold.2+0x52/0x52 [ 29.200161] ? print_lock+0xd1/0xd6 [ 29.203767] ? vprintk_func+0x81/0xe7 [ 29.207547] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 29.213234] ? save_trace+0xe0/0x290 [ 29.216925] __lock_acquire+0x343e/0x5140 [ 29.221057] ? debug_check_no_locks_freed+0x310/0x310 [ 29.226232] ? mark_held_locks+0xc9/0x160 [ 29.230356] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 29.234916] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 29.239998] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.245000] ? depot_save_stack+0x26b/0x450 [ 29.249307] ? save_stack+0xa9/0xd0 [ 29.252914] ? save_stack+0x43/0xd0 [ 29.256517] ? kasan_kmalloc+0xc4/0xe0 [ 29.260384] ? __kmalloc+0x14e/0x760 [ 29.264083] ? sock_kmalloc+0x14e/0x1d0 [ 29.268038] ? ipv6_renew_options+0x2b7/0xc40 [ 29.272513] ? do_ipv6_setsockopt.isra.9+0x2c45/0x4660 [ 29.277768] ? ipv6_setsockopt+0xbd/0x170 [ 29.281894] ? udpv6_setsockopt+0x62/0xa0 [ 29.286025] ? sock_common_setsockopt+0x9a/0xe0 [ 29.290675] ? __sys_setsockopt+0x1bd/0x390 [ 29.294972] ? __x64_sys_setsockopt+0xbe/0x150 [ 29.299539] ? do_syscall_64+0x1b1/0x800 [ 29.303576] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.308917] ? pagevec_lru_move_fn+0x1e1/0x270 [ 29.313477] ? graph_lock+0x170/0x170 [ 29.317253] ? __lru_cache_add+0x31c/0x440 [ 29.321464] ? mem_cgroup_usage+0x420/0x420 [ 29.325765] lock_acquire+0x1dc/0x520 [ 29.329542] ? __might_fault+0xfb/0x1e0 [ 29.333492] ? lock_release+0xa10/0xa10 [ 29.337442] ? check_same_owner+0x320/0x320 [ 29.341754] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 29.346747] ? __check_object_size+0x95/0x5d9 [ 29.351222] ? __might_sleep+0x95/0x190 [ 29.355174] __might_fault+0x155/0x1e0 [ 29.359041] ? __might_fault+0xfb/0x1e0 [ 29.362994] _copy_from_user+0x30/0x150 [ 29.366950] ipv6_renew_option+0x16e/0x2a0 [ 29.371160] ipv6_renew_options+0x917/0xc40 [ 29.375458] ? ipv6_push_nfrag_opts+0xb60/0xb60 [ 29.380112] ? __lock_is_held+0xb5/0x140 [ 29.384155] do_ipv6_setsockopt.isra.9+0x2c45/0x4660 [ 29.389247] ? ipv6_update_options+0x390/0x390 [ 29.393810] ? __thp_get_unmapped_area+0x180/0x180 [ 29.398717] ? debug_check_no_locks_freed+0x310/0x310 [ 29.403883] ? alloc_file+0x24/0x3e0 [ 29.407581] ? sock_alloc_file+0x1f3/0x4e0 [ 29.411792] ? __sys_socket+0x16f/0x250 [ 29.415742] ? do_syscall_64+0x1b1/0x800 [ 29.419782] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.425123] ? debug_mutex_init+0x1c/0x60 [ 29.429250] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.434251] ? graph_lock+0x170/0x170 [ 29.438036] ? pud_val+0x80/0xf0 [ 29.441379] ? pmd_val+0xf0/0xf0 [ 29.444725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.450240] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.455755] ? __handle_mm_fault+0x93a/0x4310 [ 29.460231] ? vm_insert_mixed_mkwrite+0x40/0x40 [ 29.464962] ? graph_lock+0x170/0x170 [ 29.468738] ? graph_lock+0x170/0x170 [ 29.472516] ? find_held_lock+0x36/0x1c0 [ 29.476557] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.482070] ? __fget_light+0x2ef/0x430 [ 29.486028] ? fget_raw+0x20/0x20 [ 29.489460] ? lock_downgrade+0x8e0/0x8e0 [ 29.493584] ? handle_mm_fault+0x8c0/0xc70 [ 29.497799] ipv6_setsockopt+0xbd/0x170 [ 29.501752] ? ipv6_setsockopt+0xbd/0x170 [ 29.505876] udpv6_setsockopt+0x62/0xa0 [ 29.509827] sock_common_setsockopt+0x9a/0xe0 [ 29.514303] __sys_setsockopt+0x1bd/0x390 [ 29.518427] ? kernel_accept+0x310/0x310 [ 29.522475] ? mm_fault_error+0x380/0x380 [ 29.526602] ? __ia32_sys_fallocate+0xf0/0xf0 [ 29.531075] __x64_sys_setsockopt+0xbe/0x150 [ 29.535458] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.540461] do_syscall_64+0x1b1/0x800 [ 29.544327] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 29.549145] ? syscall_return_slowpath+0x5c0/0x5c0 [ 29.554050] ? syscall_return_slowpath+0x30f/0x5c0 [ 29.558958] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.564479] ? retint_user+0x18/0x18 [ 29.568179] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.573000] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.578172] RIP: 0033:0x43fd39 [ 29.581337] RSP: 002b:00007ffea197d9e8 EFLAGS: 00000217 ORIG_RAX: 0000000000000036 [ 29.589028] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd39 [ 29.596280] RDX: 0000000000000037 RSI: 0000000000000029 RDI: 0000000000000004 [ 29.603529] RBP: 00000000006ca018 R08: 0000000000000008 R09: 00000000004002c8 [ 29.610775] R10: 0000000020100f50 R11: 0000000000000217 R12: 0000000000401660 [ 29.618029] R13: 00000000004016f0 R14: