INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts. syzkaller login: [ 31.171996] [ 31.173646] ====================================================== [ 31.179937] WARNING: possible circular locking dependency detected [ 31.186228] 4.16.0+ #11 Not tainted [ 31.189830] ------------------------------------------------------ [ 31.196124] syzkaller765302/4494 is trying to acquire lock: [ 31.201809] 00000000d4ffb26d (sk_lock-AF_INET){+.+.}, at: tcp_mmap+0x1c7/0x14f0 [ 31.209255] [ 31.209255] but task is already holding lock: [ 31.215205] 00000000b8e4afb2 (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 31.222816] [ 31.222816] which lock already depends on the new lock. [ 31.222816] [ 31.231109] [ 31.231109] the existing dependency chain (in reverse order) is: [ 31.238717] [ 31.238717] -> #1 (&mm->mmap_sem){++++}: [ 31.244247] __might_fault+0x155/0x1e0 [ 31.248634] _copy_from_iter_full+0x2fd/0xd10 [ 31.253629] tcp_sendmsg_locked+0x2f98/0x3e10 [ 31.258621] tcp_sendmsg+0x2f/0x50 [ 31.262660] inet_sendmsg+0x19f/0x690 [ 31.266959] sock_sendmsg+0xd5/0x120 [ 31.271172] sock_write_iter+0x35a/0x5a0 [ 31.275734] __vfs_write+0x64d/0x960 [ 31.279945] vfs_write+0x1f8/0x560 [ 31.283989] ksys_write+0xf9/0x250 [ 31.288024] SyS_write+0x24/0x30 [ 31.291889] do_syscall_64+0x29e/0x9d0 [ 31.296277] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 31.301960] [ 31.301960] -> #0 (sk_lock-AF_INET){+.+.}: [ 31.307655] lock_acquire+0x1dc/0x520 [ 31.311952] lock_sock_nested+0xd0/0x120 [ 31.316509] tcp_mmap+0x1c7/0x14f0 [ 31.320546] sock_mmap+0x8e/0xc0 [ 31.324412] mmap_region+0xd13/0x1820 [ 31.328709] do_mmap+0xc79/0x11d0 [ 31.332660] vm_mmap_pgoff+0x1fb/0x2a0 [ 31.337045] ksys_mmap_pgoff+0x4c9/0x640 [ 31.341603] SyS_mmap+0x16/0x20 [ 31.345379] do_syscall_64+0x29e/0x9d0 [ 31.349767] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 31.355448] [ 31.355448] other info that might help us debug this: [ 31.355448] [ 31.363568] Possible unsafe locking scenario: [ 31.363568] [ 31.369610] CPU0 CPU1 [ 31.374251] ---- ---- [ 31.378897] lock(&mm->mmap_sem); [ 31.382411] lock(sk_lock-AF_INET); [ 31.388615] lock(&mm->mmap_sem); [ 31.394659] lock(sk_lock-AF_INET); [ 31.398346] [ 31.398346] *** DEADLOCK *** [ 31.398346] [ 31.404383] 1 lock held by syzkaller765302/4494: [ 31.409109] #0: 00000000b8e4afb2 (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x1a1/0x2a0 [ 31.417167] [ 31.417167] stack backtrace: [ 31.422338] CPU: 0 PID: 4494 Comm: syzkaller765302 Not tainted 4.16.0+ #11 [ 31.429324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.438650] Call Trace: [ 31.441220] dump_stack+0x1b9/0x294 [ 31.444826] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.449992] ? print_lock+0xd1/0xd6 [ 31.453599] ? vprintk_func+0x81/0xe7 [ 31.457379] print_circular_bug.isra.36.cold.54+0x1bd/0x27d [ 31.463064] ? save_trace+0xe0/0x290 [ 31.466763] __lock_acquire+0x343e/0x5140 [ 31.470892] ? debug_check_no_locks_freed+0x310/0x310 [ 31.476057] ? find_held_lock+0x36/0x1c0 [ 31.480096] ? kasan_check_read+0x11/0x20 [ 31.484220] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 31.489388] ? graph_lock+0x170/0x170 [ 31.493163] ? kernel_text_address+0x79/0xf0 [ 31.497550] ? __unwind_start+0x166/0x330 [ 31.501679] ? __save_stack_trace+0x7e/0xd0 [ 31.505982] lock_acquire+0x1dc/0x520 [ 31.509759] ? tcp_mmap+0x1c7/0x14f0 [ 31.513445] ? lock_release+0xa10/0xa10 [ 31.517393] ? kasan_check_read+0x11/0x20 [ 31.521516] ? do_raw_spin_unlock+0x9e/0x2e0 [ 31.525900] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 31.530457] ? kasan_check_write+0x14/0x20 [ 31.534665] ? do_raw_spin_lock+0xc1/0x200 [ 31.538884] lock_sock_nested+0xd0/0x120 [ 31.542919] ? tcp_mmap+0x1c7/0x14f0 [ 31.546620] tcp_mmap+0x1c7/0x14f0 [ 31.550136] ? __lock_is_held+0xb5/0x140 [ 31.554181] ? tcp_splice_read+0xfc0/0xfc0 [ 31.558392] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.563382] ? kmem_cache_alloc+0x5fa/0x760 [ 31.567701] sock_mmap+0x8e/0xc0 [ 31.571047] mmap_region+0xd13/0x1820 [ 31.574826] ? SyS_brk+0x750/0x750 [ 31.578343] ? arch_get_unmapped_area+0x750/0x750 [ 31.583160] ? lock_acquire+0x1dc/0x520 [ 31.587120] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 31.591164] ? cap_mmap_addr+0x52/0x130 [ 31.595116] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.600629] ? security_mmap_addr+0x80/0xa0 [ 31.604941] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 31.610462] ? get_unmapped_area+0x292/0x3b0 [ 31.614854] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 31.620368] do_mmap+0xc79/0x11d0 [ 31.623802] ? mmap_region+0x1820/0x1820 [ 31.627843] ? vm_mmap_pgoff+0x1a1/0x2a0 [ 31.631885] ? down_read_killable+0x1f0/0x1f0 [ 31.636358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.641885] ? security_mmap_file+0x166/0x1b0 [ 31.646365] vm_mmap_pgoff+0x1fb/0x2a0 [ 31.650229] ? vma_is_stack_for_current+0xd0/0xd0 [ 31.655050] ? get_unused_fd_flags+0x121/0x190 [ 31.659611] ksys_mmap_pgoff+0x4c9/0x640 [ 31.663650] ? find_mergeable_anon_vma+0xd0/0xd0 [ 31.668385] ? do_syscall_64+0xb7/0x9d0 [ 31.672346] ? align_vdso_addr+0x60/0x60 [ 31.676384] SyS_mmap+0x16/0x20 [ 31.679643] do_syscall_64+0x29e/0x9d0 [ 31.683516] ? vmalloc_sync_all+0x30/0x30 [ 31.687649] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.692388] ? syscall_return_slowpath+0x5c0/0x5c0 [ 31.697310] ? syscall_return_slowpath+0x30f/0x5c0 [ 31.702220] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 31.707562] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.712382] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 31.717549] RIP: 0033:0x43fc99 [ 31.720713] RSP: 002b:00007ffe5d3b3db8