INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. syzkaller login: [ 28.916840] [ 28.918512] ====================================================== [ 28.924815] WARNING: possible circular locking dependency detected [ 28.931114] 4.16.0+ #11 Not tainted [ 28.934725] ------------------------------------------------------ [ 28.941024] syzkaller590080/4504 is trying to acquire lock: [ 28.946726] 000000008b0b6e1d (&mm->mmap_sem){++++}, at: __might_fault+0xfb/0x1e0 [ 28.954255] [ 28.954255] but task is already holding lock: [ 28.960203] 0000000078923368 (sk_lock-AF_INET6){+.+.}, at: sctp_sendmsg+0x125e/0x1d70 [ 28.968169] [ 28.968169] which lock already depends on the new lock. [ 28.968169] [ 28.976459] [ 28.976459] the existing dependency chain (in reverse order) is: [ 28.984056] [ 28.984056] -> #1 (sk_lock-AF_INET6){+.+.}: [ 28.989853] lock_sock_nested+0xd0/0x120 [ 28.994414] tcp_mmap+0x1c7/0x14f0 [ 28.998454] sock_mmap+0x8e/0xc0 [ 29.002322] mmap_region+0xd13/0x1820 [ 29.006635] do_mmap+0xc79/0x11d0 [ 29.010591] vm_mmap_pgoff+0x1fb/0x2a0 [ 29.014981] ksys_mmap_pgoff+0x4c9/0x640 [ 29.019548] SyS_mmap+0x16/0x20 [ 29.023339] do_syscall_64+0x29e/0x9d0 [ 29.027730] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.033420] [ 29.033420] -> #0 (&mm->mmap_sem){++++}: [ 29.038956] lock_acquire+0x1dc/0x520 [ 29.043262] __might_fault+0x155/0x1e0 [ 29.047651] _copy_from_iter_full+0x2fd/0xd10 [ 29.052647] sctp_user_addto_chunk+0x70/0x1f0 [ 29.057642] sctp_datamsg_from_user+0x945/0x1540 [ 29.062897] sctp_sendmsg_to_asoc+0xd08/0x2100 [ 29.067979] sctp_sendmsg+0x13a8/0x1d70 [ 29.072455] inet_sendmsg+0x19f/0x690 [ 29.076759] sock_sendmsg+0xd5/0x120 [ 29.080974] __sys_sendto+0x3d7/0x670 [ 29.085284] SyS_sendto+0x40/0x60 [ 29.089245] do_syscall_64+0x29e/0x9d0 [ 29.093638] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.099338] [ 29.099338] other info that might help us debug this: [ 29.099338] [ 29.107470] Possible unsafe locking scenario: [ 29.107470] [ 29.113503] CPU0 CPU1 [ 29.118164] ---- ---- [ 29.122815] lock(sk_lock-AF_INET6); [ 29.126592] lock(&mm->mmap_sem); [ 29.132625] lock(sk_lock-AF_INET6); [ 29.138918] lock(&mm->mmap_sem); [ 29.142434] [ 29.142434] *** DEADLOCK *** [ 29.142434] [ 29.148473] 1 lock held by syzkaller590080/4504: [ 29.153199] #0: 0000000078923368 (sk_lock-AF_INET6){+.+.}, at: sctp_sendmsg+0x125e/0x1d70 [ 29.161600] [ 29.161600] stack backtrace: [ 29.166089] CPU: 1 PID: 4504 Comm: syzkaller590080 Not tainted 4.16.0+ #11 [ 29.173081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.182414] Call Trace: [ 29.184989] dump_stack+0x1b9/0x294 [ 29.188600] ? dump_stack_print_info.cold.2+0x52/0x52 [ 29.193773] ? print_lock+0xd1/0xd6 [ 29.197396] ? vprintk_func+0x81/0xe7 [ 29.201179] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 29.206872] ? save_trace+0xe0/0x290 [ 29.210567] __lock_acquire+0x343e/0x5140 [ 29.214695] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.219691] ? debug_check_no_locks_freed+0x310/0x310 [ 29.224872] ? save_stack+0x43/0xd0 [ 29.228502] ? kasan_kmalloc+0xc4/0xe0 [ 29.232371] ? kasan_slab_alloc+0x12/0x20 [ 29.236497] ? kmem_cache_alloc+0x12e/0x760 [ 29.240801] ? sctp_chunkify+0xce/0x400 [ 29.244755] ? _sctp_make_chunk+0x157/0x280 [ 29.249058] ? sctp_make_datafrag_empty+0x1ce/0x2d0 [ 29.254053] ? sctp_datamsg_from_user+0x922/0x1540 [ 29.258962] ? sctp_sendmsg_to_asoc+0xd08/0x2100 [ 29.263695] ? sctp_sendmsg+0x13a8/0x1d70 [ 29.267820] ? inet_sendmsg+0x19f/0x690 [ 29.271774] ? sock_sendmsg+0xd5/0x120 [ 29.275639] ? __sys_sendto+0x3d7/0x670 [ 29.279591] ? SyS_sendto+0x40/0x60 [ 29.283209] ? do_syscall_64+0x29e/0x9d0 [ 29.287260] ? find_held_lock+0x36/0x1c0 [ 29.291303] ? print_usage_bug+0xc0/0xc0 [ 29.295353] ? graph_lock+0x170/0x170 [ 29.299134] ? __lock_is_held+0xb5/0x140 [ 29.303177] ? graph_lock+0x170/0x170 [ 29.306960] ? kmem_cache_alloc+0x5fa/0x760 [ 29.311262] lock_acquire+0x1dc/0x520 [ 29.315047] ? __might_fault+0xfb/0x1e0 [ 29.319007] ? lock_release+0xa10/0xa10 [ 29.323778] ? check_same_owner+0x320/0x320 [ 29.328086] ? __might_sleep+0x95/0x190 [ 29.332047] __might_fault+0x155/0x1e0 [ 29.335918] ? __might_fault+0xfb/0x1e0 [ 29.339872] _copy_from_iter_full+0x2fd/0xd10 [ 29.344351] ? usercopy_warn+0x120/0x120 [ 29.348394] ? iov_iter_advance+0x14c0/0x14c0 [ 29.352870] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 29.357864] ? skb_put+0x17b/0x1e0 [ 29.361387] sctp_user_addto_chunk+0x70/0x1f0 [ 29.365865] sctp_datamsg_from_user+0x945/0x1540 [ 29.370602] ? __lock_is_held+0xb5/0x140 [ 29.374642] ? sctp_datamsg_free+0x90/0x90 [ 29.378860] ? __lock_is_held+0xb5/0x140 [ 29.382907] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 29.388091] ? sctp_primitive_ASSOCIATE+0x9d/0xd0 [ 29.392918] sctp_sendmsg_to_asoc+0xd08/0x2100 [ 29.397483] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.403004] ? sctp_assoc_set_primary+0x274/0x310 [ 29.407838] ? sctp_transport_lookup_process+0x1e0/0x1e0 [ 29.413270] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 29.418964] ? security_sctp_bind_connect+0x99/0xc0 [ 29.423967] ? sctp_sendmsg_new_asoc+0xb87/0x1120 [ 29.428792] ? sctp_autobind+0x1f0/0x1f0 [ 29.432838] ? __local_bh_enable_ip+0x161/0x230 [ 29.437487] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.442509] ? lock_sock_nested+0x9f/0x120 [ 29.446740] ? trace_hardirqs_on+0xd/0x10 [ 29.450868] ? __local_bh_enable_ip+0x161/0x230 [ 29.455518] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 29.461039] ? sctp_sendmsg_update_sinfo+0x11c/0x4b0 [ 29.466123] sctp_sendmsg+0x13a8/0x1d70 [ 29.470078] ? do_raw_spin_unlock+0x9e/0x2e0 [ 29.474467] ? sctp_id2assoc+0x3e0/0x3e0 [ 29.478516] ? _raw_spin_unlock_bh+0x30/0x40 [ 29.482910] ? __release_sock+0x3a0/0x3a0 [ 29.487046] inet_sendmsg+0x19f/0x690 [ 29.490843] ? __might_sleep+0x50/0x190 [ 29.494805] ? ipip_gro_receive+0x100/0x100 [ 29.499120] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 29.504647] ? security_socket_sendmsg+0x94/0xc0 [ 29.509386] ? ipip_gro_receive+0x100/0x100 [ 29.513692] sock_sendmsg+0xd5/0x120 [ 29.517392] __sys_sendto+0x3d7/0x670 [ 29.521191] ? SyS_getpeername+0x30/0x30 [ 29.525247] ? lock_downgrade+0x8e0/0x8e0 [ 29.529378] ? handle_mm_fault+0x8c0/0xc70 [ 29.533595] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 29.539114] ? handle_mm_fault+0x55a/0xc70 [ 29.543334] ? __do_page_fault+0x441/0xe40 [ 29.547550] ? fd_install+0x4d/0x60 [ 29.551174] ? mm_fault_error+0x380/0x380 [ 29.555304] SyS_sendto+0x40/0x60 [ 29.558738] ? __sys_sendto+0x670/0x670 [ 29.562694] do_syscall_64+0x29e/0x9d0 [ 29.566564] ? vmalloc_sync_all+0x30/0x30 [ 29.570696] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.575438] ? syscall_return_slowpath+0x5c0/0x5c0 [ 29.580355] ? syscall_return_slowpath+0x30f/0x5c0 [ 29.585282] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.590821] ? retint_user+0x18/0x18 [ 29.594519] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.599354] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.604523] RIP: 0033:0x43fd49 [ 29.607689] RSP: 002b:00007ffd6ce99328 EFLAGS: 00000212 ORIG_RAX: 000000000000002c [ 29.615377] RAX: ffffffffffffffda RBX: 00000000004002c