INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.62' (ECDSA) to the list of known hosts.
syzkaller login: [   29.445885] 
[   29.447541] ======================================================
[   29.453832] WARNING: possible circular locking dependency detected
[   29.460127] 4.16.0+ #11 Not tainted
[   29.463725] ------------------------------------------------------
[   29.470029] syzkaller999353/4498 is trying to acquire lock:
[   29.475719] 00000000c2a5970c (&mm->mmap_sem){++++}, at: __might_fault+0xfb/0x1e0
[   29.483249] 
[   29.483249] but task is already holding lock:
[   29.489195] 000000006682e11a (sk_lock-AF_INET6){+.+.}, at: do_ipv6_setsockopt.isra.9+0x576/0x4660
[   29.498191] 
[   29.498191] which lock already depends on the new lock.
[   29.498191] 
[   29.506495] 
[   29.506495] the existing dependency chain (in reverse order) is:
[   29.514101] 
[   29.514101] -> #1 (sk_lock-AF_INET6){+.+.}:
[   29.519889]        lock_sock_nested+0xd0/0x120
[   29.524452]        tcp_mmap+0x1c7/0x14f0
[   29.528489]        sock_mmap+0x8e/0xc0
[   29.532353]        mmap_region+0xd13/0x1820
[   29.536651]        do_mmap+0xc79/0x11d0
[   29.540602]        vm_mmap_pgoff+0x1fb/0x2a0
[   29.544985]        ksys_mmap_pgoff+0x4c9/0x640
[   29.549545]        SyS_mmap+0x16/0x20
[   29.553321]        do_syscall_64+0x29e/0x9d0
[   29.557706]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.563400] 
[   29.563400] -> #0 (&mm->mmap_sem){++++}:
[   29.568928]        lock_acquire+0x1dc/0x520
[   29.573229]        __might_fault+0x155/0x1e0
[   29.577614]        _copy_from_user+0x30/0x150
[   29.582088]        do_ipv6_setsockopt.isra.9+0x29a4/0x4660
[   29.587687]        ipv6_setsockopt+0xbd/0x170
[   29.592168]        udpv6_setsockopt+0x62/0xa0
[   29.596640]        sock_common_setsockopt+0x9a/0xe0
[   29.601632]        __sys_setsockopt+0x1bd/0x390
[   29.606276]        SyS_setsockopt+0x34/0x50
[   29.610573]        do_syscall_64+0x29e/0x9d0
[   29.614959]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.620640] 
[   29.620640] other info that might help us debug this:
[   29.620640] 
[   29.628757]  Possible unsafe locking scenario:
[   29.628757] 
[   29.634786]        CPU0                    CPU1
[   29.639425]        ----                    ----
[   29.644072]   lock(sk_lock-AF_INET6);
[   29.647849]                                lock(&mm->mmap_sem);
[   29.653883]                                lock(sk_lock-AF_INET6);
[   29.660177]   lock(&mm->mmap_sem);
[   29.663690] 
[   29.663690]  *** DEADLOCK ***
[   29.663690] 
[   29.669728] 2 locks held by syzkaller999353/4498:
[   29.674544]  #0: 00000000d55c90da (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20
[   29.681828]  #1: 000000006682e11a (sk_lock-AF_INET6){+.+.}, at: do_ipv6_setsockopt.isra.9+0x576/0x4660
[   29.691259] 
[   29.691259] stack backtrace:
[   29.696060] CPU: 0 PID: 4498 Comm: syzkaller999353 Not tainted 4.16.0+ #11
[   29.703053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.712383] Call Trace:
[   29.714953]  dump_stack+0x1b9/0x294
[   29.718561]  ? dump_stack_print_info.cold.2+0x52/0x52
[   29.723733]  ? print_lock+0xd1/0xd6
[   29.727338]  ? vprintk_func+0x81/0xe7
[   29.731116]  print_circular_bug.isra.36.cold.54+0x1bd/0x27d
[   29.736803]  ? save_trace+0xe0/0x290
[   29.740493]  __lock_acquire+0x343e/0x5140
[   29.744619]  ? kasan_check_read+0x11/0x20
[   29.748746]  ? debug_check_no_locks_freed+0x310/0x310
[   29.753911]  ? debug_check_no_locks_freed+0x310/0x310
[   29.759079]  ? kasan_check_write+0x14/0x20
[   29.763290]  ? __mutex_lock+0x7d9/0x17f0
[   29.767327]  ? mutex_trylock+0x2a0/0x2a0
[   29.771367]  ? save_stack+0xa9/0xd0
[   29.774969]  ? save_stack+0x43/0xd0
[   29.778586]  ? kasan_slab_alloc+0x12/0x20
[   29.782710]  ? print_usage_bug+0xc0/0xc0
[   29.786748]  ? __handle_mm_fault+0x2adb/0x43c0
[   29.791306]  ? handle_mm_fault+0x53a/0xc70
[   29.795521]  ? lru_cache_add+0x22c/0x450
[   29.799568]  ? graph_lock+0x170/0x170
[   29.803354]  ? graph_lock+0x170/0x170
[   29.807128]  ? graph_lock+0x170/0x170
[   29.810907]  ? page_add_new_anon_rmap+0x3ff/0x850
[   29.815730]  lock_acquire+0x1dc/0x520
[   29.819513]  ? __might_fault+0xfb/0x1e0
[   29.823467]  ? lock_acquire+0x1dc/0x520
[   29.827422]  ? lock_release+0xa10/0xa10
[   29.831387]  ? check_same_owner+0x320/0x320
[   29.835688]  ? mark_held_locks+0xc9/0x160
[   29.839814]  ? __might_sleep+0x95/0x190
[   29.843763]  __might_fault+0x155/0x1e0
[   29.847627]  ? __might_fault+0xfb/0x1e0
[   29.851577]  _copy_from_user+0x30/0x150
[   29.855536]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   29.860704]  do_ipv6_setsockopt.isra.9+0x29a4/0x4660
[   29.865786]  ? ipv6_update_options+0x390/0x390
[   29.870344]  ? __lock_acquire+0x7f5/0x5140
[   29.874568]  ? debug_check_no_locks_freed+0x310/0x310
[   29.879737]  ? do_syscall_64+0x29e/0x9d0
[   29.883776]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.889114]  ? find_held_lock+0x36/0x1c0
[   29.893152]  ? debug_mutex_init+0x1c/0x60
[   29.897276]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   29.902282]  ? graph_lock+0x170/0x170
[   29.906058]  ? pud_val+0x80/0xf0
[   29.909401]  ? pmd_val+0xf0/0xf0
[   29.912744]  ? __mutex_init+0x1ef/0x280
[   29.916697]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   29.922212]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   29.927726]  ? __handle_mm_fault+0x93a/0x43c0
[   29.932201]  ? vm_insert_mixed_mkwrite+0x40/0x40
[   29.936930]  ? graph_lock+0x170/0x170
[   29.940715]  ? graph_lock+0x170/0x170
[   29.944499]  ? find_held_lock+0x36/0x1c0
[   29.948541]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   29.954055]  ? __fget_light+0x2ef/0x430
[   29.958007]  ? fget_raw+0x20/0x20
[   29.961448]  ipv6_setsockopt+0xbd/0x170
[   29.965398]  ? ipv6_setsockopt+0xbd/0x170
[   29.969522]  udpv6_setsockopt+0x62/0xa0
[   29.973476]  sock_common_setsockopt+0x9a/0xe0
[   29.977961]  __sys_setsockopt+0x1bd/0x390
[   29.982088]  ? kernel_accept+0x310/0x310
[   29.986128]  ? mm_fault_error+0x380/0x380
[   29.990254]  SyS_setsockopt+0x34/0x50
[   29.994035]  ? SyS_recv+0x40/0x40
[   29.997467]  do_syscall_64+0x29e/0x9d0
[   30.001332]  ? vmalloc_sync_all+0x30/0x30
[   30.005457]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.010191]  ? syscall_return_slowpath+0x5c0/0x5c0
[   30.015095]  ? syscall_return_slowpath+0x30f/0x5c0
[   30.020004]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   30.025525]  ? retint_user+0x18/0x18
[   30.029215]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.034041]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.039204] RIP: 0033:0x43fda9
[   30.042378] RSP: 002b:00007ffe25be53b8 EFLAGS: 00000217 ORIG_RAX: 000