INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.7' (ECDSA) to the list of known hosts. syzkaller login: [ 32.121403] [ 32.123064] ====================================================== [ 32.129364] WARNING: possible circular locking dependency detected [ 32.135667] 4.17.0-rc1+ #17 Not tainted [ 32.139618] ------------------------------------------------------ [ 32.145919] syzkaller626546/4526 is trying to acquire lock: [ 32.151608] 000000007758624d (sk_lock-AF_INET){+.+.}, at: tcp_mmap+0x1c7/0x14f0 [ 32.159055] [ 32.159055] but task is already holding lock: [ 32.165007] 0000000070fb6fe4 (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 32.172629] [ 32.172629] which lock already depends on the new lock. [ 32.172629] [ 32.180925] [ 32.180925] the existing dependency chain (in reverse order) is: [ 32.188523] [ 32.188523] -> #1 (&mm->mmap_sem){++++}: [ 32.194056] __might_fault+0x155/0x1e0 [ 32.198455] _copy_from_iter_full+0x2fd/0xd10 [ 32.203466] tcp_sendmsg_locked+0x2f98/0x3e10 [ 32.208462] tcp_sendmsg+0x2f/0x50 [ 32.212501] inet_sendmsg+0x19f/0x690 [ 32.216804] sock_sendmsg+0xd5/0x120 [ 32.221024] sock_write_iter+0x35a/0x5a0 [ 32.225597] __vfs_write+0x64d/0x960 [ 32.229812] vfs_write+0x1f8/0x560 [ 32.233851] ksys_write+0xf9/0x250 [ 32.237890] __x64_sys_write+0x73/0xb0 [ 32.242276] do_syscall_64+0x1b1/0x800 [ 32.246663] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.252348] [ 32.252348] -> #0 (sk_lock-AF_INET){+.+.}: [ 32.258052] lock_acquire+0x1dc/0x520 [ 32.262355] lock_sock_nested+0xd0/0x120 [ 32.266915] tcp_mmap+0x1c7/0x14f0 [ 32.270958] sock_mmap+0x8e/0xc0 [ 32.274826] mmap_region+0xd13/0x1820 [ 32.279125] do_mmap+0xc79/0x11d0 [ 32.283084] vm_mmap_pgoff+0x1fb/0x2a0 [ 32.287474] ksys_mmap_pgoff+0x4c9/0x640 [ 32.292044] __x64_sys_mmap+0xe9/0x1b0 [ 32.296434] do_syscall_64+0x1b1/0x800 [ 32.300819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.306501] [ 32.306501] other info that might help us debug this: [ 32.306501] [ 32.314619] Possible unsafe locking scenario: [ 32.314619] [ 32.320652] CPU0 CPU1 [ 32.325295] ---- ---- [ 32.329936] lock(&mm->mmap_sem); [ 32.333455] lock(sk_lock-AF_INET); [ 32.339663] lock(&mm->mmap_sem); [ 32.345695] lock(sk_lock-AF_INET); [ 32.349385] [ 32.349385] *** DEADLOCK *** [ 32.349385] [ 32.355424] 1 lock held by syzkaller626546/4526: [ 32.360154] #0: 0000000070fb6fe4 (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 32.368203] [ 32.368203] stack backtrace: [ 32.372683] CPU: 1 PID: 4526 Comm: syzkaller626546 Not tainted 4.17.0-rc1+ #17 [ 32.380023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.389364] Call Trace: [ 32.391939] dump_stack+0x1b9/0x294 [ 32.395548] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.400720] ? print_lock+0xd1/0xd6 [ 32.404327] ? vprintk_func+0x81/0xe7 [ 32.408111] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 32.413800] ? save_trace+0xe0/0x290 [ 32.417496] __lock_acquire+0x343e/0x5140 [ 32.421627] ? debug_check_no_locks_freed+0x310/0x310 [ 32.426798] ? find_held_lock+0x36/0x1c0 [ 32.430843] ? kasan_check_read+0x11/0x20 [ 32.434986] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 32.440155] ? graph_lock+0x170/0x170 [ 32.443935] ? kernel_text_address+0x79/0xf0 [ 32.448329] ? __unwind_start+0x166/0x330 [ 32.452456] ? __save_stack_trace+0x7e/0xd0 [ 32.456759] lock_acquire+0x1dc/0x520 [ 32.460541] ? tcp_mmap+0x1c7/0x14f0 [ 32.464232] ? lock_release+0xa10/0xa10 [ 32.468186] ? kasan_check_read+0x11/0x20 [ 32.472331] ? do_raw_spin_unlock+0x9e/0x2e0 [ 32.476718] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 32.481282] ? kasan_check_write+0x14/0x20 [ 32.485494] ? do_raw_spin_lock+0xc1/0x200 [ 32.489710] lock_sock_nested+0xd0/0x120 [ 32.493750] ? tcp_mmap+0x1c7/0x14f0 [ 32.497453] tcp_mmap+0x1c7/0x14f0 [ 32.500972] ? __lock_is_held+0xb5/0x140 [ 32.505018] ? tcp_splice_read+0xfc0/0xfc0 [ 32.509239] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.514235] ? kmem_cache_alloc+0x5fa/0x760 [ 32.518538] sock_mmap+0x8e/0xc0 [ 32.521882] mmap_region+0xd13/0x1820 [ 32.525664] ? __x64_sys_brk+0x790/0x790 [ 32.529705] ? arch_get_unmapped_area+0x750/0x750 [ 32.534527] ? lock_acquire+0x1dc/0x520 [ 32.538482] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 32.542524] ? cap_mmap_addr+0x52/0x130 [ 32.546480] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.551999] ? security_mmap_addr+0x80/0xa0 [ 32.556306] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 32.561823] ? get_unmapped_area+0x292/0x3b0 [ 32.566210] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 32.571725] do_mmap+0xc79/0x11d0 [ 32.575158] ? mmap_region+0x1820/0x1820 [ 32.579195] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 32.583236] ? down_read_killable+0x1f0/0x1f0 [ 32.587709] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.593226] ? security_mmap_file+0x166/0x1b0 [ 32.597701] vm_mmap_pgoff+0x1fb/0x2a0 [ 32.601571] ? vma_is_stack_for_current+0xd0/0xd0 [ 32.606395] ? sock_release+0x1b0/0x1b0 [ 32.610349] ? get_unused_fd_flags+0x121/0x190 [ 32.614930] ? __alloc_fd+0x700/0x700 [ 32.618711] ksys_mmap_pgoff+0x4c9/0x640 [ 32.622753] ? find_mergeable_anon_vma+0xd0/0xd0 [ 32.627491] ? move_addr_to_kernel+0x70/0x70 [ 32.631878] ? __ia32_sys_fallocate+0xf0/0xf0 [ 32.636354] __x64_sys_mmap+0xe9/0x1b0 [ 32.640221] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 32.645216] do_syscall_64+0x1b1/0x800 [ 32.649081] ? syscall_return_slowpath+0x5c0/0x5c0 [ 32.653991] ? syscall_return_slowpath+0x30f/0x5c0 [ 32.658905] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 32.664249] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.669076] entry_SYSCALL_64_after_hwframe+0x49/0xbe