INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. syzkaller login: [ 29.475640] [ 29.477343] ====================================================== [ 29.483649] WARNING: possible circular locking dependency detected [ 29.489966] 4.16.0+ #10 Not tainted [ 29.493573] ------------------------------------------------------ [ 29.499868] syzkaller125644/4535 is trying to acquire lock: [ 29.505552] 000000000de0eba8 (&mm->mmap_sem){++++}, at: __might_fault+0xfb/0x1e0 [ 29.513078] [ 29.513078] but task is already holding lock: [ 29.519041] 00000000e543c5ca (sk_lock-AF_INET6){+.+.}, at: do_tcp_setsockopt.isra.40+0x18e/0x2590 [ 29.528042] [ 29.528042] which lock already depends on the new lock. [ 29.528042] [ 29.537205] [ 29.537205] the existing dependency chain (in reverse order) is: [ 29.544800] [ 29.544800] -> #1 (sk_lock-AF_INET6){+.+.}: [ 29.550604] lock_sock_nested+0xd0/0x120 [ 29.555175] tcp_mmap+0x1c7/0x14f0 [ 29.559218] sock_mmap+0x8e/0xc0 [ 29.563094] mmap_region+0xd13/0x1820 [ 29.567395] do_mmap+0xc79/0x11d0 [ 29.571351] vm_mmap_pgoff+0x1fb/0x2a0 [ 29.575741] ksys_mmap_pgoff+0x4c9/0x640 [ 29.580301] SyS_mmap+0x16/0x20 [ 29.584084] do_syscall_64+0x29e/0x9d0 [ 29.588472] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.594159] [ 29.594159] -> #0 (&mm->mmap_sem){++++}: [ 29.599709] lock_acquire+0x1dc/0x520 [ 29.604012] __might_fault+0x155/0x1e0 [ 29.608416] _copy_from_user+0x30/0x150 [ 29.612887] tcp_v6_parse_md5_keys+0xbd/0x5b0 [ 29.617894] do_tcp_setsockopt.isra.40+0xfbc/0x2590 [ 29.623407] tcp_setsockopt+0xc1/0xe0 [ 29.627712] sock_common_setsockopt+0x9a/0xe0 [ 29.632723] __sys_setsockopt+0x1bd/0x390 [ 29.637373] SyS_setsockopt+0x34/0x50 [ 29.641760] do_syscall_64+0x29e/0x9d0 [ 29.646151] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.651846] [ 29.651846] other info that might help us debug this: [ 29.651846] [ 29.660055] Possible unsafe locking scenario: [ 29.660055] [ 29.666097] CPU0 CPU1 [ 29.670737] ---- ---- [ 29.675380] lock(sk_lock-AF_INET6); [ 29.679179] lock(&mm->mmap_sem); [ 29.685213] lock(sk_lock-AF_INET6); [ 29.691507] lock(&mm->mmap_sem); [ 29.695026] [ 29.695026] *** DEADLOCK *** [ 29.695026] [ 29.701075] 1 lock held by syzkaller125644/4535: [ 29.705802] #0: 00000000e543c5ca (sk_lock-AF_INET6){+.+.}, at: do_tcp_setsockopt.isra.40+0x18e/0x2590 [ 29.715258] [ 29.715258] stack backtrace: [ 29.719738] CPU: 1 PID: 4535 Comm: syzkaller125644 Not tainted 4.16.0+ #10 [ 29.726728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.736064] Call Trace: [ 29.738641] dump_stack+0x1b9/0x294 [ 29.742267] ? dump_stack_print_info.cold.2+0x52/0x52 [ 29.747440] ? print_lock+0xd1/0xd6 [ 29.751052] ? vprintk_func+0x81/0xe7 [ 29.754847] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 29.760539] ? save_trace+0xe0/0x290 [ 29.764234] __lock_acquire+0x343e/0x5140 [ 29.768374] ? print_usage_bug+0xc0/0xc0 [ 29.772419] ? debug_check_no_locks_freed+0x310/0x310 [ 29.777584] ? graph_lock+0x170/0x170 [ 29.781370] ? __mem_cgroup_threshold+0x720/0x720 [ 29.786192] ? mark_held_locks+0xc9/0x160 [ 29.790317] ? page_add_new_anon_rmap+0x3ff/0x850 [ 29.795155] ? __lock_acquire+0x7f5/0x5140 [ 29.799383] ? __lock_acquire+0x7f5/0x5140 [ 29.803613] ? debug_check_no_locks_freed+0x310/0x310 [ 29.808785] ? kasan_check_read+0x11/0x20 [ 29.812914] ? do_raw_spin_unlock+0x9e/0x2e0 [ 29.817302] ? graph_lock+0x170/0x170 [ 29.821504] ? kasan_check_write+0x14/0x20 [ 29.825727] ? _raw_spin_unlock+0x22/0x30 [ 29.829944] lock_acquire+0x1dc/0x520 [ 29.833725] ? __might_fault+0xfb/0x1e0 [ 29.837682] ? lock_release+0xa10/0xa10 [ 29.841646] ? check_same_owner+0x320/0x320 [ 29.845947] ? graph_lock+0x170/0x170 [ 29.849729] ? __might_sleep+0x95/0x190 [ 29.853685] __might_fault+0x155/0x1e0 [ 29.857551] ? __might_fault+0xfb/0x1e0 [ 29.861507] _copy_from_user+0x30/0x150 [ 29.865462] tcp_v6_parse_md5_keys+0xbd/0x5b0 [ 29.869935] ? tcp_v6_init_sock+0x80/0x80 [ 29.874069] ? mark_held_locks+0xc9/0x160 [ 29.878202] ? __local_bh_enable_ip+0x161/0x230 [ 29.882859] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.887858] ? lock_sock_nested+0x9f/0x120 [ 29.892083] ? trace_hardirqs_on+0xd/0x10 [ 29.896214] ? __local_bh_enable_ip+0x161/0x230 [ 29.900863] do_tcp_setsockopt.isra.40+0xfbc/0x2590 [ 29.905859] ? tcp_peek_len+0x2c0/0x2c0 [ 29.909849] ? find_held_lock+0x36/0x1c0 [ 29.913895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.919415] ? __fget_light+0x2ef/0x430 [ 29.923367] ? fget_raw+0x20/0x20 [ 29.926800] ? lock_downgrade+0x8e0/0x8e0 [ 29.930928] ? handle_mm_fault+0x8c0/0xc70 [ 29.935144] tcp_setsockopt+0xc1/0xe0 [ 29.938926] sock_common_setsockopt+0x9a/0xe0 [ 29.943402] __sys_setsockopt+0x1bd/0x390 [ 29.947529] ? kernel_accept+0x310/0x310 [ 29.951575] ? mm_fault_error+0x380/0x380 [ 29.955713] SyS_setsockopt+0x34/0x50 [ 29.959491] ? SyS_recv+0x40/0x40 [ 29.962935] do_syscall_64+0x29e/0x9d0 [ 29.966814] ? vmalloc_sync_all+0x30/0x30 [ 29.970960] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.975799] ? syscall_return_slowpath+0x5c0/0x5c0 [ 29.980726] ? syscall_return_slowpath+0x30f/0x5c0 [ 29.985642] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.991168] ? retint_user+0x18/0x18 [ 29.994875] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.999710] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 30.004882] RIP: 0033:0x43fe09 [ 30.008064] RSP: 002b:00007ffcc7fb4bf8 EFLAGS: 00000217 ORIG_RAX: 0000000000000036 [ 30.015760] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe09 [ 30.023015] RDX: 000000000000000e RSI: 0000000000000006