INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. syzkaller login: [ 29.155050] device lo entered promiscuous mode [ 29.161561] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 29.176292] [ 29.177915] ====================================================== [ 29.184203] WARNING: possible circular locking dependency detected [ 29.190494] 4.17.0-rc1+ #13 Not tainted [ 29.194439] ------------------------------------------------------ [ 29.200739] syzkaller848376/4484 is trying to acquire lock: [ 29.206419] 00000000eb09d70b (sk_lock-AF_INET6){+.+.}, at: tcp_mmap+0x1c7/0x14f0 [ 29.213944] [ 29.213944] but task is already holding lock: [ 29.219892] 000000006af736a5 (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 29.227497] [ 29.227497] which lock already depends on the new lock. [ 29.227497] [ 29.235788] [ 29.235788] the existing dependency chain (in reverse order) is: [ 29.243381] [ 29.243381] -> #1 (&mm->mmap_sem){++++}: [ 29.248915] __might_fault+0x155/0x1e0 [ 29.253301] _copy_from_iter_full+0x2fd/0xd10 [ 29.258293] tcp_sendmsg_locked+0x2f98/0x3e10 [ 29.263283] tcp_sendmsg+0x2f/0x50 [ 29.267318] inet_sendmsg+0x19f/0x690 [ 29.271617] sock_sendmsg+0xd5/0x120 [ 29.275825] __sys_sendto+0x3d7/0x670 [ 29.280128] __x64_sys_sendto+0xe1/0x1a0 [ 29.284687] do_syscall_64+0x1b1/0x800 [ 29.289072] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.294752] [ 29.294752] -> #0 (sk_lock-AF_INET6){+.+.}: [ 29.300554] lock_acquire+0x1dc/0x520 [ 29.304859] lock_sock_nested+0xd0/0x120 [ 29.309423] tcp_mmap+0x1c7/0x14f0 [ 29.313460] sock_mmap+0x8e/0xc0 [ 29.317322] mmap_region+0xd13/0x1820 [ 29.321617] do_mmap+0xc79/0x11d0 [ 29.325564] vm_mmap_pgoff+0x1fb/0x2a0 [ 29.329947] ksys_mmap_pgoff+0x4c9/0x640 [ 29.334508] __x64_sys_mmap+0xe9/0x1b0 [ 29.338892] do_syscall_64+0x1b1/0x800 [ 29.343276] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.348962] [ 29.348962] other info that might help us debug this: [ 29.348962] [ 29.357078] Possible unsafe locking scenario: [ 29.357078] [ 29.363110] CPU0 CPU1 [ 29.367751] ---- ---- [ 29.372387] lock(&mm->mmap_sem); [ 29.375908] lock(sk_lock-AF_INET6); [ 29.382547] lock(&mm->mmap_sem); [ 29.388577] lock(sk_lock-AF_INET6); [ 29.392349] [ 29.392349] *** DEADLOCK *** [ 29.392349] [ 29.398391] 1 lock held by syzkaller848376/4484: [ 29.403116] #0: 000000006af736a5 (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 29.411156] [ 29.411156] stack backtrace: [ 29.415633] CPU: 0 PID: 4484 Comm: syzkaller848376 Not tainted 4.17.0-rc1+ #13 [ 29.422963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.432296] Call Trace: [ 29.434862] dump_stack+0x1b9/0x294 [ 29.438472] ? dump_stack_print_info.cold.2+0x52/0x52 [ 29.443640] ? print_lock+0xd1/0xd6 [ 29.447244] ? vprintk_func+0x81/0xe7 [ 29.451028] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 29.456718] ? save_trace+0xe0/0x290 [ 29.460407] __lock_acquire+0x343e/0x5140 [ 29.464535] ? debug_check_no_locks_freed+0x310/0x310 [ 29.469699] ? find_held_lock+0x36/0x1c0 [ 29.473738] ? kasan_check_read+0x11/0x20 [ 29.477864] ? graph_lock+0x170/0x170 [ 29.481639] ? kernel_text_address+0x79/0xf0 [ 29.486031] ? __unwind_start+0x166/0x330 [ 29.490167] ? __save_stack_trace+0x7e/0xd0 [ 29.494466] lock_acquire+0x1dc/0x520 [ 29.498244] ? tcp_mmap+0x1c7/0x14f0 [ 29.501931] ? lock_release+0xa10/0xa10 [ 29.505900] ? kasan_check_read+0x11/0x20 [ 29.510032] ? do_raw_spin_unlock+0x9e/0x2e0 [ 29.514427] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 29.518987] ? kasan_check_write+0x14/0x20 [ 29.523205] ? do_raw_spin_lock+0xc1/0x200 [ 29.527416] lock_sock_nested+0xd0/0x120 [ 29.531453] ? tcp_mmap+0x1c7/0x14f0 [ 29.535142] tcp_mmap+0x1c7/0x14f0 [ 29.538659] ? __lock_is_held+0xb5/0x140 [ 29.542693] ? tcp_splice_read+0xfc0/0xfc0 [ 29.546904] ? rcu_read_lock_sched_held+0x108/0x120 [ 29.551893] ? kmem_cache_alloc+0x5fa/0x760 [ 29.556190] sock_mmap+0x8e/0xc0 [ 29.559536] mmap_region+0xd13/0x1820 [ 29.563315] ? __x64_sys_brk+0x790/0x790 [ 29.567354] ? arch_get_unmapped_area+0x750/0x750 [ 29.572173] ? lock_acquire+0x1dc/0x520 [ 29.576124] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 29.580168] ? cap_mmap_addr+0x52/0x130 [ 29.584119] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.589632] ? security_mmap_addr+0x80/0xa0 [ 29.593932] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 29.599442] ? get_unmapped_area+0x292/0x3b0 [ 29.603830] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 29.609343] do_mmap+0xc79/0x11d0 [ 29.612770] ? mmap_region+0x1820/0x1820 [ 29.616812] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 29.620858] ? down_read_killable+0x1f0/0x1f0 [ 29.625328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.630840] ? security_mmap_file+0x166/0x1b0 [ 29.635317] vm_mmap_pgoff+0x1fb/0x2a0 [ 29.639187] ? vma_is_stack_for_current+0xd0/0xd0 [ 29.644018] ksys_mmap_pgoff+0x4c9/0x640 [ 29.648060] ? find_mergeable_anon_vma+0xd0/0xd0 [ 29.652790] ? move_addr_to_kernel+0x70/0x70 [ 29.657175] __x64_sys_mmap+0xe9/0x1b0 [ 29.661040] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.666033] do_syscall_64+0x1b1/0x800 [ 29.669899] ? syscall_return_slowpath+0x5c0/0x5c0 [ 29.674804] ? syscall_return_slowpath+0x30f/0x5c0 [ 29.679716] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 29.685065] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.689887] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.695052] RIP: 0033:0x43fef9 [ 29.698232] RSP: 002b:00007ffe6e12e8c8 EFLAGS: 00000203 ORIG_RAX: 0000000000000009 [ 29.705917] RAX