[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.134' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 30.688585]
[ 30.690223] =====================================================
[ 30.696423] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[ 30.703161] 4.14.210-syzkaller #0 Not tainted
[ 30.707641] -----------------------------------------------------
[ 30.713844] syz-executor083/7987 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire:
[ 30.721172] (hugetlb_lock){+.+.}, at: [<ffffffff817df76b>] free_huge_page+0x5ab/0x7f0
[ 30.729243]
[ 30.729243] and this task is already holding:
[ 30.735184] (slock-AF_INET){+.-.}, at: [<ffffffff862cd690>] tcp_close+0x540/0xed0
[ 30.742869] which would create a new lock dependency:
[ 30.748058] (slock-AF_INET){+.-.} -> (hugetlb_lock){+.+.}
[ 30.753919]
[ 30.753919] but this new dependency connects a SOFTIRQ-irq-safe lock:
[ 30.761942] (slock-AF_INET){+.-.}
[ 30.761947]
[ 30.761947] ... which became SOFTIRQ-irq-safe at:
[ 30.771766] lock_acquire+0x170/0x3f0
[ 30.775642] _raw_spin_lock+0x2a/0x40
[ 30.779514] sk_clone_lock+0x3cf/0x11e0
[ 30.783574] inet_csk_clone_lock+0x1e/0x3f0
[ 30.787957] tcp_create_openreq_child+0x2c/0x1880
[ 30.792881] tcp_v4_syn_recv_sock+0xa8/0xf80
[ 30.797358] tcp_check_req+0x4c1/0x1460
[ 30.801392] tcp_v4_rcv+0x1c36/0x3560
[ 30.805262] ip_local_deliver_finish+0x3f2/0xab0
[ 30.810098] ip_local_deliver+0x167/0x460
[ 30.814314] ip_rcv_finish+0x6e3/0x19f0
[ 30.818345] ip_rcv+0x8a7/0xf01
[ 30.821684] __netif_receive_skb_core+0x15ee/0x2a30
[ 30.826759] __netif_receive_skb+0x27/0x1a0
[ 30.831145] netif_receive_skb_internal+0xd7/0x580
[ 30.836143] napi_gro_receive+0x2e2/0x400
[ 30.840360] receive_buf+0x5ef/0x4810
[ 30.844230] virtnet_poll+0x4b7/0x960
[ 30.848104] net_rx_action+0x466/0xfd0
[ 30.852062] __do_softirq+0x254/0xa1d
[ 30.855941] irq_exit+0x193/0x240
[ 30.859475] do_IRQ+0x112/0x1d0
[ 30.862814] ret_from_intr+0x0/0x1e
[ 30.866500] lock_is_held_type+0x30/0x210
[ 30.870708] ___might_sleep+0x1ea/0x2b0
[ 30.874737] gc_worker+0x625/0xb50
[ 30.878335] process_one_work+0x793/0x14a0
[ 30.882627] worker_thread+0x5cc/0xff0
[ 30.886571] kthread+0x30d/0x420
[ 30.889998] ret_from_fork+0x24/0x30
[ 30.893765]
[ 30.893765] to a SOFTIRQ-irq-unsafe lock:
[ 30.899368] (hugetlb_lock){+.+.}
[ 30.899373]
[ 30.899373] ... which became SOFTIRQ-irq-unsafe at:
[ 30.909255] ...
[ 30.909263] lock_acquire+0x170/0x3f0
[ 30.914978] _raw_spin_lock+0x2a/0x40
[ 30.918836] hugetlb_overcommit_handler+0x283/0x400
[ 30.923922] proc_sys_call_handler.isra.0+0x1ba/0x340
[ 30.929182] __vfs_write+0xe4/0x630
[ 30.932870] vfs_write+0x17f/0x4d0
[ 30.936469] SyS_write+0xf2/0x210
[ 30.939979] do_syscall_64+0x1d5/0x640
[ 30.943931] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 30.949175]
[ 30.949175] other info that might help us debug this:
[ 30.949175]
[ 30.957289] Possible interrupt unsafe locking scenario:
[ 30.957289]
[ 30.964183] CPU0 CPU1
[ 30.968822] ---- ----
[ 30.973472] lock(hugetlb_lock);
[ 30.976899] local_irq_disable();
[ 30.982925] lock(slock-AF_INET);
[ 30.988968] lock(hugetlb_lock);
[ 30.994908] <Interrupt>
[ 30.997647] lock(slock-AF_INET);
[ 31.001331]
[ 31.001331] *** DEADLOCK ***
[ 31.001331]
[ 31.007374] 3 locks held by syz-executor083/7987:
[ 31.012184] #0: (&sb->s_type->i_mutex_key#13){+.+.}, at: [<ffffffff85d712c6>] __sock_release+0x86/0x2b0
[ 31.021873] #1: (sk_lock-AF_INET){+.+.}, at: [<ffffffff862cd175>] tcp_close+0x25/0xed0
[ 31.030080] #2: (slock-AF_INET){+.-.}, at: [<ffffffff862cd690>] tcp_close+0x540/0xed0
[ 31.038198]
[ 31.038198] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[ 31.047195] -> (slock-AF_INET){+.-.} ops: 7490 {
[ 31.051925] HARDIRQ-ON-W at:
[ 31.055177] lock_acquire+0x170/0x3f0
[ 31.060602] _raw_spin_lock_bh+0x2f/0x40
[ 31.066289] lock_sock_nested+0x39/0x100
[ 31.071970] inet_autobind+0x1a/0x180
[ 31.077390] inet_dgram_connect+0x134/0x1f0
[ 31.083335] SyS_connect+0x1f4/0x240
[ 31.088686] do_syscall_64+0x1d5/0x640
[ 31.094201] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 31.101022] IN-SOFTIRQ-W at:
[ 31.104313] lock_acquire+0x170/0x3f0
[ 31.109733] _raw_spin_lock+0x2a/0x40
[ 31.115156] sk_clone_lock+0x3cf/0x11e0
[ 31.120770] inet_csk_clone_lock+0x1e/0x3f0
[ 31.126715] tcp_create_openreq_child+0x2c/0x1880
[ 31.133193] tcp_v4_syn_recv_sock+0xa8/0xf80
[ 31.139220] tcp_check_req+0x4c1/0x1460
[ 31.144814] tcp_v4_rcv+0x1c36/0x3560
[ 31.150247] ip_local_deliver_finish+0x3f2/0xab0
[ 31.156623] ip_local_deliver+0x167/0x460
[ 31.162389] ip_rcv_finish+0x6e3/0x19f0
[ 31.167984] ip_rcv+0x8a7/0xf01
[ 31.172886] __netif_receive_skb_core+0x15ee/0x2a30
[ 31.179525] __netif_receive_skb+0x27/0x1a0
[ 31.185468] netif_receive_skb_internal+0xd7/0x580
[ 31.192018] napi_gro_receive+0x2e2/0x400
[ 31.197823] receive_buf+0x5ef/0x4810
[ 31.203257] virtnet_poll+0x4b7/0x960
[ 31.208683] net_rx_action+0x466/0xfd0
[ 31.214189] __do_softirq+0x254/0xa1d
[ 31.219615] irq_exit+0x193/0x240
[ 31.224689] do_IRQ+0x112/0x1d0
[ 31.229604] ret_from_intr+0x0/0x1e
[ 31.234863] lock_is_held_type+0x30/0x210
[ 31.240634] ___might_sleep+0x1ea/0x2b0
[ 31.246227] gc_worker+0x625/0xb50
[ 31.251387] process_one_work+0x793/0x14a0
[ 31.257242] worker_thread+0x5cc/0xff0
[ 31.262760] kthread+0x30d/0x420
[ 31.267754] ret_from_fork+0x24/0x30
[ 31.273087] INITIAL USE at:
[ 31.276263] lock_acquire+0x170/0x3f0
[ 31.281627] _raw_spin_lock_bh+0x2f/0x40
[ 31.287221] lock_sock_nested+0x39/0x100
[ 31.292831] inet_autobind+0x1a/0x180
[ 31.298174] inet_dgram_connect+0x134/0x1f0
[ 31.304031] SyS_connect+0x1f4/0x240
[ 31.309287] do_syscall_64+0x1d5/0x640
[ 31.314725] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 31.321457] }
[ 31.323249] ... key at: [<ffffffff8c981a70>] af_family_slock_keys+0x10/0x180
[ 31.330958] ... acquired at:
[ 31.334171] lock_acquire+0x170/0x3f0
[ 31.338118] _raw_spin_lock+0x2a/0x40
[ 31.342097] free_huge_page+0x5ab/0x7f0
[ 31.346224] __put_page+0xb9/0x2f0
[ 31.349910] skb_release_data+0x25a/0x820
[ 31.354301] __kfree_skb+0x46/0x60
[ 31.358001] tcp_v4_destroy_sock+0x223/0x920
[ 31.362569] inet_csk_destroy_sock+0x169/0x400
[ 31.367294] tcp_close+0x85e/0xed0
[ 31.370978] inet_release+0xdf/0x1b0
[ 31.374836] __sock_release+0xcd/0x2b0
[ 31.378902] sock_close+0x15/0x20
[ 31.382500] __fput+0x25f/0x7a0
[ 31.385939] task_work_run+0x11f/0x190
[ 31.389971] do_exit+0xa44/0x2850
[ 31.393570] do_group_exit+0x100/0x2e0
[ 31.397618] get_signal+0x38d/0x1ca0
[ 31.401488] do_signal+0x7c/0x1550
[ 31.405185] exit_to_usermode_loop+0x160/0x200
[ 31.409912] do_syscall_64+0x4a3/0x640
[ 31.413947] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 31.419282]
[ 31.420878]
[ 31.420878] the dependencies between the lock to be acquired
[ 31.420881] and SOFTIRQ-irq-unsafe lock:
[ 31.432253] -> (hugetlb_lock){+.+.} ops: 26 {
[ 31.436727] HARDIRQ-ON-W at:
[ 31.440011] lock_acquire+0x170/0x3f0
[ 31.445472] _raw_spin_lock+0x2a/0x40
[ 31.451074] hugetlb_overcommit_handler+0x283/0x400
[ 31.457729] proc_sys_call_handler.isra.0+0x1ba/0x340
[ 31.464541] __vfs_write+0xe4/0x630
[ 31.469798] vfs_write+0x17f/0x4d0
[ 31.474957] SyS_write+0xf2/0x210
[ 31.480028] do_syscall_64+0x1d5/0x640
[ 31.485543] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 31.492383] SOFTIRQ-ON-W at:
[ 31.495637] lock_acquire+0x170/0x3f0
[ 31.501057] _raw_spin_lock+0x2a/0x40
[ 31.506475] hugetlb_overcommit_handler+0x283/0x400
[ 31.513130] proc_sys_call_handler.isra.0+0x1ba/0x340
[ 31.520117] __vfs_write+0xe4/0x630
[ 31.525369] vfs_write+0x17f/0x4d0
[ 31.530537] SyS_write+0xf2/0x210
[ 31.535621] do_syscall_64+0x1d5/0x640
[ 31.541144] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 31.547951] INITIAL USE at:
[ 31.551122] lock_acquire+0x170/0x3f0
[ 31.556469] _raw_spin_lock+0x2a/0x40
[ 31.561817] hugetlb_overcommit_handler+0x283/0x400
[ 31.568384] proc_sys_call_handler.isra.0+0x1ba/0x340
[ 31.575124] __vfs_write+0xe4/0x630
[ 31.580282] vfs_write+0x17f/0x4d0
[ 31.585359] SyS_write+0xf2/0x210
[ 31.590372] do_syscall_64+0x1d5/0x640
[ 31.595809] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 31.602527] }
[ 31.604301] ... key at: [<ffffffff89000698>] hugetlb_lock+0x18/0x15e0
[ 31.611382] ... acquired at:
[ 31.614458] lock_acquire+0x170/0x3f0
[ 31.618405] _raw_spin_lock+0x2a/0x40
[ 31.622398] free_huge_page+0x5ab/0x7f0
[ 31.626524] __put_page+0xb9/0x2f0
[ 31.630210] skb_release_data+0x25a/0x820
[ 31.634501] __kfree_skb+0x46/0x60
[ 31.638186] tcp_v4_destroy_sock+0x223/0x920
[ 31.642739] inet_csk_destroy_sock+0x169/0x400
[ 31.647467] tcp_close+0x85e/0xed0
[ 31.651153] inet_release+0xdf/0x1b0
[ 31.655011] __sock_release+0xcd/0x2b0
[ 31.659156] sock_close+0x15/0x20
[ 31.662785] __fput+0x25f/0x7a0
[ 31.666213] task_work_run+0x11f/0x190
[ 31.670251] do_exit+0xa44/0x2850
[ 31.673988] do_group_exit+0x100/0x2e0
[ 31.678083] get_signal+0x38d/0x1ca0
[ 31.681942] do_signal+0x7c/0x1550
[ 31.685628] exit_to_usermode_loop+0x160/0x200
[ 31.690352] do_syscall_64+0x4a3/0x640
[ 31.694384] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 31.699715]
[ 31.701314]
[ 31.701314] stack backtrace:
[ 31.705791] CPU: 0 PID: 7987 Comm: syz-executor083 Not tainted 4.14.210-syzkaller #0
[ 31.713664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 31.723003] Call Trace:
[ 31.725595] dump_stack+0x1b2/0x283
[ 31.729198] check_usage.cold+0x806/0xbe6
[ 31.733316] ? check_usage_backwards+0x2c0/0x2c0
[ 31.738058] ? __save_stack_trace+0x63/0x160
[ 31.742463] ? is_bpf_text_address+0x91/0x150
[ 31.746931] ? lock_downgrade+0x740/0x740
[ 31.751049] ? is_bpf_text_address+0xb8/0x150
[ 31.755515] __lock_acquire+0x1cfc/0x3f20
[ 31.759633] ? trace_hardirqs_on+0x10/0x10
[ 31.763838] ? kasan_slab_free+0xc3/0x1a0
[ 31.767957] ? kmem_cache_free+0x7c/0x2b0
[ 31.772087] ? kfree_skbmem+0x7e/0x100
[ 31.775948] ? tcp_v4_destroy_sock+0x223/0x920
[ 31.780509] ? __sock_release+0xcd/0x2b0
[ 31.784538] ? sock_close+0x15/0x20
[ 31.788156] ? __fput+0x25f/0x7a0
[ 31.791582] ? task_work_run+0x11f/0x190
[ 31.795612] ? do_exit+0xa44/0x2850
[ 31.799208] ? do_group_exit+0x100/0x2e0
[ 31.803254] ? get_signal+0x38d/0x1ca0
[ 31.807138] ? exit_to_usermode_loop+0x160/0x200
[ 31.811868] ? do_syscall_64+0x4a3/0x640
[ 31.815919] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 31.821256] ? lock_acquire+0x170/0x3f0
[ 31.825209] lock_acquire+0x170/0x3f0
[ 31.829021] ? free_huge_page+0x5ab/0x7f0
[ 31.833148] ? _raw_spin_unlock_irqrestore+0x66/0xe0
[ 31.838229] _raw_spin_lock+0x2a/0x40
[ 31.842015] ? free_huge_page+0x5ab/0x7f0
[ 31.846154] free_huge_page+0x5ab/0x7f0
[ 31.850116] ? PageHuge+0x93/0x110
[ 31.853648] __put_page+0xb9/0x2f0
[ 31.857165] skb_release_data+0x25a/0x820
[ 31.861288] __kfree_skb+0x46/0x60
[ 31.864818] tcp_v4_destroy_sock+0x223/0x920
[ 31.869205] inet_csk_destroy_sock+0x169/0x400
[ 31.873771] tcp_close+0x85e/0xed0
[ 31.877295] inet_release+0xdf/0x1b0
[ 31.880994] __sock_release+0xcd/0x2b0
[ 31.884853] ? __sock_release+0x2b0/0x2b0
[ 31.888982] sock_close+0x15/0x20
[ 31.892415] __fput+0x25f/0x7a0
[ 31.895679] task_work_run+0x11f/0x190
[ 31.899540] do_exit+0xa44/0x2850
[ 31.902984] ? futex_lock_pi_atomic+0x250/0x2e0
[ 31.907651] ? mm_update_next_owner+0x5b0/0x5b0
[ 31.912299] ? get_signal+0x323/0x1ca0
[ 31.916160] ? lock_downgrade+0x740/0x740
[ 31.920288] do_group_exit+0x100/0x2e0
[ 31.924162] get_signal+0x38d/0x1ca0
[ 31.927892] ? apparmor_file_alloc_security+0x129/0x800
[ 31.933239] do_signal+0x7c/0x1550
[ 31.936779] ? setup_sigcontext+0x820/0x820
[ 31.941077] ? __fd_install+0x227/0x5c0
[ 31.945050] ? get_unused_fd_flags+0xc0/0xc0
[ 31.949484] ? sock_alloc_file+0x1ae/0x2e0
[ 31.953836] ? SyS_futex+0x1da/0x290
[ 31.957521] ? SyS_futex+0x1e3/0x290
[ 31.961222] ? exit_to_usermode_loop+0x41/0x200
[ 31.965877] exit_to_usermode_loop+0x160/0x200
[ 31.970442] do_syscall_64+0x4a3/0x640
[ 31.974313] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 31.979475] RIP: 0033:0x445f39
[ 31.982649] RSP: 002b:00007fd2628bdd98 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 31.990327] RAX: fffffffffffffe00 RBX: 000000