[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.166' (ECDSA) to the list of known hosts.
syzkaller login: [   61.485505][ T6853] IPVS: ftp: loaded support on port[0] = 21
executing program
[   61.565665][ T6853] IPVS: ftp: loaded support on port[0] = 21
[   61.621648][  T267] tipc: TX() has been purged, node left!
[   61.648629][ T6853] 
[   61.651006][ T6853] ======================================================
[   61.658005][ T6853] WARNING: possible circular locking dependency detected
[   61.665008][ T6853] 5.9.0-rc2-next-20200828-syzkaller #0 Not tainted
[   61.671491][ T6853] ------------------------------------------------------
[   61.678495][ T6853] syz-executor910/6853 is trying to acquire lock:
[   61.684889][ T6853] ffffffff8a879430 (pernet_ops_rwsem){++++}-{3:3}, at: unregister_netdevice_notifier+0x1e/0x170
[   61.695386][ T6853] 
[   61.695386][ T6853] but task is already holding lock:
[   61.703341][ T6853] ffff888091691210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[   61.713406][ T6853] 
[   61.713406][ T6853] which lock already depends on the new lock.
[   61.713406][ T6853] 
[   61.723795][ T6853] 
[   61.723795][ T6853] the existing dependency chain (in reverse order) is:
[   61.732790][ T6853] 
[   61.732790][ T6853] -> #3 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}:
[   61.741489][ T6853]        down_write+0x8d/0x150
[   61.746774][ T6853]        __sock_release+0x86/0x280
[   61.751913][ T6853]        sock_close+0x18/0x20
[   61.756579][ T6853]        __fput+0x285/0x920
[   61.761068][ T6853]        delayed_fput+0x56/0x70
[   61.765904][ T6853]        process_one_work+0x94c/0x1670
[   61.771347][ T6853]        worker_thread+0x64c/0x1120
[   61.776527][ T6853]        kthread+0x3b5/0x4a0
[   61.781102][ T6853]        ret_from_fork+0x1f/0x30
[   61.786017][ T6853] 
[   61.786017][ T6853] -> #2 ((delayed_fput_work).work){+.+.}-{0:0}:
[   61.794427][ T6853]        process_one_work+0x8bb/0x1670
[   61.799871][ T6853]        worker_thread+0x64c/0x1120
[   61.805137][ T6853]        kthread+0x3b5/0x4a0
[   61.809714][ T6853]        ret_from_fork+0x1f/0x30
[   61.814629][ T6853] 
[   61.814629][ T6853] -> #1 ((wq_completion)events){+.+.}-{0:0}:
[   61.822779][ T6853]        flush_workqueue+0x110/0x13e0
[   61.828136][ T6853]        tipc_exit_net+0x47/0x2a0
[   61.833154][ T6853]        ops_exit_list+0xb0/0x160
[   61.838210][ T6853]        cleanup_net+0x4ea/0xb10
[   61.843162][ T6853]        process_one_work+0x94c/0x1670
[   61.848610][ T6853]        worker_thread+0x64c/0x1120
[   61.853813][ T6853]        kthread+0x3b5/0x4a0
[   61.858388][ T6853]        ret_from_fork+0x1f/0x30
[   61.863301][ T6853] 
[   61.863301][ T6853] -> #0 (pernet_ops_rwsem){++++}-{3:3}:
[   61.871019][ T6853]        __lock_acquire+0x2a6b/0x5640
[   61.876377][ T6853]        lock_acquire+0x1f1/0xad0
[   61.881386][ T6853]        down_write+0x8d/0x150
[   61.886135][ T6853]        unregister_netdevice_notifier+0x1e/0x170
[   61.892709][ T6853]        raw_release+0x58/0x890
[   61.897546][ T6853]        __sock_release+0xcd/0x280
[   61.902642][ T6853]        sock_close+0x18/0x20
[   61.907336][ T6853]        __fput+0x285/0x920
[   61.911822][ T6853]        task_work_run+0xdd/0x190
[   61.916838][ T6853]        do_exit+0xb7d/0x29f0
[   61.921499][ T6853]        do_group_exit+0x125/0x310
[   61.926593][ T6853]        __x64_sys_exit_group+0x3a/0x50
[   61.932123][ T6853]        do_syscall_64+0x2d/0x70
[   61.937045][ T6853]        entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   61.943441][ T6853] 
[   61.943441][ T6853] other info that might help us debug this:
[   61.943441][ T6853] 
[   61.953681][ T6853] Chain exists of:
[   61.953681][ T6853]   pernet_ops_rwsem --> (delayed_fput_work).work --> &sb->s_type->i_mutex_key#13
[   61.953681][ T6853] 
[   61.968868][ T6853]  Possible unsafe locking scenario:
[   61.968868][ T6853] 
[   61.976299][ T6853]        CPU0                    CPU1
[   61.981736][ T6853]        ----                    ----
[   61.987081][ T6853]   lock(&sb->s_type->i_mutex_key#13);
[   61.992527][ T6853]                                lock((delayed_fput_work).work);
[   62.000247][ T6853]                                lock(&sb->s_type->i_mutex_key#13);
[   62.008209][ T6853]   lock(pernet_ops_rwsem);
[   62.012726][ T6853] 
[   62.012726][ T6853]  *** DEADLOCK ***
[   62.012726][ T6853] 
[   62.021116][ T6853] 1 lock held by syz-executor910/6853:
[   62.026554][ T6853]  #0: ffff888091691210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[   62.037059][ T6853] 
[   62.037059][ T6853] stack backtrace:
[   62.042939][ T6853] CPU: 1 PID: 6853 Comm: syz-executor910 Not tainted 5.9.0-rc2-next-20200828-syzkaller #0
[   62.052837][ T6853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   62.062873][ T6853] Call Trace:
[   62.066157][ T6853]  dump_stack+0x18f/0x20d
[   62.070475][ T6853]  check_noncircular+0x324/0x3e0
[   62.075433][ T6853]  ? print_circular_bug+0x3a0/0x3a0
[   62.080618][ T6853]  ? find_held_lock+0x2d/0x110
[   62.085372][ T6853]  ? is_bpf_text_address+0xa9/0x160
[   62.090558][ T6853]  ? lock_repin_lock+0x460/0x460
[   62.095481][ T6853]  ? mark_lock+0xbc/0x1710
[   62.099882][ T6853]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.105933][ T6853]  __lock_acquire+0x2a6b/0x5640
[   62.110776][ T6853]  ? lockdep_hardirqs_on_prepare+0x530/0x530
[   62.116743][ T6853]  lock_acquire+0x1f1/0xad0
[   62.121238][ T6853]  ? unregister_netdevice_notifier+0x1e/0x170
[   62.127295][ T6853]  ? lock_release+0x8e0/0x8e0
[   62.131962][ T6853]  ? lock_is_held_type+0xbb/0xf0
[   62.136889][ T6853]  ? __sock_release+0x86/0x280
[   62.141642][ T6853]  down_write+0x8d/0x150
[   62.145872][ T6853]  ? unregister_netdevice_notifier+0x1e/0x170
[   62.152128][ T6853]  ? down_write_killable+0x170/0x170
[   62.157397][ T6853]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   62.163186][ T6853]  ? lock_is_held_type+0xbb/0xf0
[   62.168108][ T6853]  unregister_netdevice_notifier+0x1e/0x170
[   62.173989][ T6853]  raw_release+0x58/0x890
[   62.178310][ T6853]  ? fcntl_setlk+0xf60/0xf60
[   62.182885][ T6853]  __sock_release+0xcd/0x280
[   62.187458][ T6853]  sock_close+0x18/0x20
[   62.191600][ T6853]  __fput+0x285/0x920
[   62.195570][ T6853]  ? __sock_release+0x280/0x280
[   62.200405][ T6853]  task_work_run+0xdd/0x190
[   62.204893][ T6853]  do_exit+0xb7d/0x29f0
[   62.209036][ T6853]  ? mm_update_next_owner+0x7a0/0x7a0
[   62.214732][ T6853]  ? lock_is_held_type+0xbb/0xf0
[   62.219678][ T6853]  do_group_exit+0x125/0x310
[   62.224262][ T6853]  __x64_sys_exit_group+0x3a/0x50
[   62.229375][ T6853]  do_syscall_64+0x2d/0x70
[   62.233791][ T6853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.239727][ T6853] RIP: 0033:0x4400d8
[   62.243604][ T6853] Code: Bad RIP value.
[   62.247659][ T6853] RSP: 002b:00007ffdc66306f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   62.256055][ T6853] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004400d8
[   62.264012][ T6853] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[   62.271968][ T6853] RBP: 00000000004c63d0 R08: 00000000000000e7 R09: ffffffffffffffd0
[   62.279926][ T6853] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000001
[   62.287881][ T6853] R13: 00000000006d85e0 R14: 0000000000000000 R15: 0000000000000000