INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.20' (ECDSA) to the list of known hosts.
syzkaller login: [   29.276614] 
[   29.278270] ======================================================
[   29.284571] WARNING: possible circular locking dependency detected
[   29.290867] 4.16.0+ #7 Not tainted
[   29.294380] ------------------------------------------------------
[   29.300673] syzkaller388124/4491 is trying to acquire lock:
[   29.306357] 0000000087a3dd9b (&mm->mmap_sem){++++}, at: __might_fault+0xfb/0x1e0
[   29.313879] 
[   29.313879] but task is already holding lock:
[   29.319828] 000000007ea37952 (sk_lock-AF_INET6){+.+.}, at: sctp_setsockopt+0x33e/0x7000
[   29.327958] 
[   29.327958] which lock already depends on the new lock.
[   29.327958] 
[   29.336247] 
[   29.336247] the existing dependency chain (in reverse order) is:
[   29.343843] 
[   29.343843] -> #1 (sk_lock-AF_INET6){+.+.}:
[   29.349636]        lock_sock_nested+0xd0/0x120
[   29.354195]        tcp_mmap+0x1c7/0x14f0
[   29.358234]        sock_mmap+0x8e/0xc0
[   29.362101]        mmap_region+0xd13/0x1820
[   29.366397]        do_mmap+0xc79/0x11d0
[   29.370348]        vm_mmap_pgoff+0x1fb/0x2a0
[   29.374731]        ksys_mmap_pgoff+0x4c9/0x640
[   29.379296]        SyS_mmap+0x16/0x20
[   29.383074]        do_syscall_64+0x29e/0x9d0
[   29.387459]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.393149] 
[   29.393149] -> #0 (&mm->mmap_sem){++++}:
[   29.398673]        lock_acquire+0x1dc/0x520
[   29.402971]        __might_fault+0x155/0x1e0
[   29.407357]        _copy_from_user+0x30/0x150
[   29.411834]        sctp_setsockopt+0x3911/0x7000
[   29.416567]        sock_common_setsockopt+0x9a/0xe0
[   29.421558]        __sys_setsockopt+0x1bd/0x390
[   29.426206]        SyS_setsockopt+0x34/0x50
[   29.430509]        do_syscall_64+0x29e/0x9d0
[   29.434900]        entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.440581] 
[   29.440581] other info that might help us debug this:
[   29.440581] 
[   29.448707]  Possible unsafe locking scenario:
[   29.448707] 
[   29.454747]        CPU0                    CPU1
[   29.459387]        ----                    ----
[   29.464026]   lock(sk_lock-AF_INET6);
[   29.467802]                                lock(&mm->mmap_sem);
[   29.473855]                                lock(sk_lock-AF_INET6);
[   29.480150]   lock(&mm->mmap_sem);
[   29.483663] 
[   29.483663]  *** DEADLOCK ***
[   29.483663] 
[   29.489704] 1 lock held by syzkaller388124/4491:
[   29.494430]  #0: 000000007ea37952 (sk_lock-AF_INET6){+.+.}, at: sctp_setsockopt+0x33e/0x7000
[   29.502997] 
[   29.502997] stack backtrace:
[   29.507482] CPU: 1 PID: 4491 Comm: syzkaller388124 Not tainted 4.16.0+ #7
[   29.514391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.523721] Call Trace:
[   29.526290]  dump_stack+0x1b9/0x294
[   29.529895]  ? dump_stack_print_info.cold.2+0x52/0x52
[   29.535068]  ? print_lock+0xd1/0xd6
[   29.538675]  ? vprintk_func+0x81/0xe7
[   29.542463]  print_circular_bug.isra.36.cold.54+0x1bd/0x27d
[   29.548148]  ? save_trace+0xe0/0x290
[   29.551856]  __lock_acquire+0x343e/0x5140
[   29.555986]  ? debug_check_no_locks_freed+0x310/0x310
[   29.561154]  ? debug_check_no_locks_freed+0x310/0x310
[   29.566319]  ? print_usage_bug+0xc0/0xc0
[   29.570358]  ? mark_held_locks+0xc9/0x160
[   29.574483]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   29.579048]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[   29.584126]  ? graph_lock+0x170/0x170
[   29.587902]  ? graph_lock+0x170/0x170
[   29.591684]  ? get_kernel_page+0x110/0x110
[   29.595893]  lock_acquire+0x1dc/0x520
[   29.599681]  ? __might_fault+0xfb/0x1e0
[   29.603632]  ? lock_acquire+0x1dc/0x520
[   29.607581]  ? lock_release+0xa10/0xa10
[   29.611532]  ? check_same_owner+0x320/0x320
[   29.615829]  ? mark_held_locks+0xc9/0x160
[   29.619953]  ? __might_sleep+0x95/0x190
[   29.623903]  __might_fault+0x155/0x1e0
[   29.627767]  ? __might_fault+0xfb/0x1e0
[   29.631722]  _copy_from_user+0x30/0x150
[   29.635684]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   29.640860]  sctp_setsockopt+0x3911/0x7000
[   29.645075]  ? sctp_setsockopt_paddr_thresholds+0x560/0x560
[   29.650761]  ? lock_downgrade+0x8e0/0x8e0
[   29.654887]  ? pudp_huge_clear_flush+0x230/0x230
[   29.659622]  ? kasan_check_read+0x11/0x20
[   29.663751]  ? do_raw_spin_unlock+0x9e/0x2e0
[   29.668136]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   29.672694]  ? kasan_check_write+0x14/0x20
[   29.676905]  ? do_raw_spin_lock+0xc1/0x200
[   29.681118]  ? _raw_spin_unlock+0x22/0x30
[   29.685243]  ? do_huge_pmd_anonymous_page+0x4a8/0x1e30
[   29.690495]  ? __thp_get_unmapped_area+0x180/0x180
[   29.695400]  ? __lock_acquire+0x7f5/0x5140
[   29.699612]  ? debug_check_no_locks_freed+0x310/0x310
[   29.704780]  ? do_syscall_64+0x29e/0x9d0
[   29.708822]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.714162]  ? find_held_lock+0x36/0x1c0
[   29.718200]  ? debug_mutex_init+0x1c/0x60
[   29.722324]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   29.727314]  ? graph_lock+0x170/0x170
[   29.731093]  ? lockdep_init_map+0x9/0x10
[   29.735132]  ? pud_val+0x80/0xf0
[   29.738473]  ? pmd_val+0xf0/0xf0
[   29.741818]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   29.747331]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   29.752843]  ? __handle_mm_fault+0x88c/0x4150
[   29.757318]  ? vm_insert_mixed_mkwrite+0x40/0x40
[   29.762051]  ? graph_lock+0x170/0x170
[   29.765831]  ? graph_lock+0x170/0x170
[   29.769607]  ? find_held_lock+0x36/0x1c0
[   29.773649]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   29.779164]  ? __fget_light+0x2ef/0x430
[   29.783114]  ? fget_raw+0x20/0x20
[   29.786545]  ? lock_downgrade+0x8e0/0x8e0
[   29.790667]  ? handle_mm_fault+0x8c0/0xc70
[   29.794880]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   29.800392]  ? handle_mm_fault+0x55a/0xc70
[   29.804606]  sock_common_setsockopt+0x9a/0xe0
[   29.809082]  __sys_setsockopt+0x1bd/0x390
[   29.813205]  ? kernel_accept+0x310/0x310
[   29.817243]  ? mm_fault_error+0x380/0x380
[   29.821371]  SyS_setsockopt+0x34/0x50
[   29.825148]  ? SyS_recv+0x40/0x40
[   29.828582]  do_syscall_64+0x29e/0x9d0
[   29.832444]  ? vmalloc_sync_all+0x30/0x30
[   29.836570]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   29.841304]  ? syscall_return_slowpath+0x5c0/0x5c0
[   29.846210]  ? syscall_return_slowpath+0x30f/0x5c0
[   29.851117]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   29.856632]  ? retint_user+0x18/0x18
[   29.860325]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.865146]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.870311] RIP: 0033:0x43fd09
[   29.873478] RSP: 002b:00007ffd0c734e48 EFLAGS: 00000217 ORIG_RAX