[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.177' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   62.439748][ T6856] IPVS: ftp: loaded support on port[0] = 21
[   62.497414][ T6856] IPVS: ftp: loaded support on port[0] = 21
[   62.552589][   T21] tipc: TX() has been purged, node left!
[   62.597171][ T6856] 
[   62.599524][ T6856] ======================================================
[   62.606550][ T6856] WARNING: possible circular locking dependency detected
[   62.613580][ T6856] 5.9.0-rc2-next-20200828-syzkaller #0 Not tainted
[   62.620062][ T6856] ------------------------------------------------------
[   62.627099][ T6856] syz-executor616/6856 is trying to acquire lock:
[   62.633495][ T6856] ffffffff8a879430 (pernet_ops_rwsem){++++}-{3:3}, at: unregister_netdevice_notifier+0x1e/0x170
[   62.643918][ T6856] 
[   62.643918][ T6856] but task is already holding lock:
[   62.651260][ T6856] ffff88809c6ebc90 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[   62.661428][ T6856] 
[   62.661428][ T6856] which lock already depends on the new lock.
[   62.661428][ T6856] 
[   62.671906][ T6856] 
[   62.671906][ T6856] the existing dependency chain (in reverse order) is:
[   62.680908][ T6856] 
[   62.680908][ T6856] -> #3 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}:
[   62.689582][ T6856]        down_write+0x8d/0x150
[   62.694324][ T6856]        __sock_release+0x86/0x280
[   62.699418][ T6856]        sock_close+0x18/0x20
[   62.704072][ T6856]        __fput+0x285/0x920
[   62.708569][ T6856]        delayed_fput+0x56/0x70
[   62.713420][ T6856]        process_one_work+0x94c/0x1670
[   62.718924][ T6856]        worker_thread+0x64c/0x1120
[   62.724134][ T6856]        kthread+0x3b5/0x4a0
[   62.728895][ T6856]        ret_from_fork+0x1f/0x30
[   62.733967][ T6856] 
[   62.733967][ T6856] -> #2 ((delayed_fput_work).work){+.+.}-{0:0}:
[   62.742422][ T6856]        process_one_work+0x8bb/0x1670
[   62.747877][ T6856]        worker_thread+0x64c/0x1120
[   62.753850][ T6856]        kthread+0x3b5/0x4a0
[   62.758446][ T6856]        ret_from_fork+0x1f/0x30
[   62.763372][ T6856] 
[   62.763372][ T6856] -> #1 ((wq_completion)events){+.+.}-{0:0}:
[   62.771535][ T6856]        flush_workqueue+0x110/0x13e0
[   62.777033][ T6856]        tipc_exit_net+0x47/0x2a0
[   62.782176][ T6856]        ops_exit_list+0xb0/0x160
[   62.787189][ T6856]        cleanup_net+0x4ea/0xb10
[   62.792363][ T6856]        process_one_work+0x94c/0x1670
[   62.797872][ T6856]        worker_thread+0x64c/0x1120
[   62.803325][ T6856]        kthread+0x3b5/0x4a0
[   62.807894][ T6856]        ret_from_fork+0x1f/0x30
[   62.812819][ T6856] 
[   62.812819][ T6856] -> #0 (pernet_ops_rwsem){++++}-{3:3}:
[   62.820545][ T6856]        __lock_acquire+0x2a6b/0x5640
[   62.825919][ T6856]        lock_acquire+0x1f1/0xad0
[   62.830962][ T6856]        down_write+0x8d/0x150
[   62.835727][ T6856]        unregister_netdevice_notifier+0x1e/0x170
[   62.842150][ T6856]        bcm_release+0x94/0x750
[   62.846995][ T6856]        __sock_release+0xcd/0x280
[   62.852081][ T6856]        sock_close+0x18/0x20
[   62.856773][ T6856]        __fput+0x285/0x920
[   62.861253][ T6856]        task_work_run+0xdd/0x190
[   62.866253][ T6856]        do_exit+0xb7d/0x29f0
[   62.870923][ T6856]        do_group_exit+0x125/0x310
[   62.876043][ T6856]        __x64_sys_exit_group+0x3a/0x50
[   62.881588][ T6856]        do_syscall_64+0x2d/0x70
[   62.886505][ T6856]        entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.892912][ T6856] 
[   62.892912][ T6856] other info that might help us debug this:
[   62.892912][ T6856] 
[   62.903120][ T6856] Chain exists of:
[   62.903120][ T6856]   pernet_ops_rwsem --> (delayed_fput_work).work --> &sb->s_type->i_mutex_key#13
[   62.903120][ T6856] 
[   62.918167][ T6856]  Possible unsafe locking scenario:
[   62.918167][ T6856] 
[   62.925602][ T6856]        CPU0                    CPU1
[   62.930962][ T6856]        ----                    ----
[   62.936304][ T6856]   lock(&sb->s_type->i_mutex_key#13);
[   62.941739][ T6856]                                lock((delayed_fput_work).work);
[   62.949444][ T6856]                                lock(&sb->s_type->i_mutex_key#13);
[   62.957413][ T6856]   lock(pernet_ops_rwsem);
[   62.961893][ T6856] 
[   62.961893][ T6856]  *** DEADLOCK ***
[   62.961893][ T6856] 
[   62.970018][ T6856] 1 lock held by syz-executor616/6856:
[   62.975444][ T6856]  #0: ffff88809c6ebc90 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[   62.986073][ T6856] 
[   62.986073][ T6856] stack backtrace:
[   62.991972][ T6856] CPU: 1 PID: 6856 Comm: syz-executor616 Not tainted 5.9.0-rc2-next-20200828-syzkaller #0
[   63.001834][ T6856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   63.011877][ T6856] Call Trace:
[   63.015162][ T6856]  dump_stack+0x18f/0x20d
[   63.019519][ T6856]  check_noncircular+0x324/0x3e0
[   63.024452][ T6856]  ? print_circular_bug+0x3a0/0x3a0
[   63.030009][ T6856]  ? lock_repin_lock+0x460/0x460
[   63.034937][ T6856]  ? mark_lock+0xbc/0x1710
[   63.039337][ T6856]  ? unwind_next_frame+0xe3b/0x1f90
[   63.044678][ T6856]  __lock_acquire+0x2a6b/0x5640
[   63.049520][ T6856]  ? lockdep_hardirqs_on_prepare+0x530/0x530
[   63.055674][ T6856]  ? __lock_acquire+0x16cb/0x5640
[   63.060715][ T6856]  lock_acquire+0x1f1/0xad0
[   63.065201][ T6856]  ? unregister_netdevice_notifier+0x1e/0x170
[   63.071269][ T6856]  ? lock_release+0x8e0/0x8e0
[   63.076013][ T6856]  ? lock_is_held_type+0xbb/0xf0
[   63.081046][ T6856]  down_write+0x8d/0x150
[   63.085275][ T6856]  ? unregister_netdevice_notifier+0x1e/0x170
[   63.091323][ T6856]  ? down_write_killable+0x170/0x170
[   63.096588][ T6856]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   63.102375][ T6856]  ? lock_is_held_type+0xbb/0xf0
[   63.107291][ T6856]  unregister_netdevice_notifier+0x1e/0x170
[   63.113165][ T6856]  bcm_release+0x94/0x750
[   63.117473][ T6856]  ? locks_remove_file+0x319/0x580
[   63.122563][ T6856]  ? fcntl_setlk+0xf60/0xf60
[   63.127135][ T6856]  __sock_release+0xcd/0x280
[   63.131705][ T6856]  sock_close+0x18/0x20
[   63.135844][ T6856]  __fput+0x285/0x920
[   63.139802][ T6856]  ? __sock_release+0x280/0x280
[   63.144627][ T6856]  task_work_run+0xdd/0x190
[   63.149113][ T6856]  do_exit+0xb7d/0x29f0
[   63.153246][ T6856]  ? mm_update_next_owner+0x7a0/0x7a0
[   63.158612][ T6856]  ? lock_is_held_type+0xbb/0xf0
[   63.163527][ T6856]  do_group_exit+0x125/0x310
[   63.168095][ T6856]  __x64_sys_exit_group+0x3a/0x50
[   63.173131][ T6856]  do_syscall_64+0x2d/0x70
[   63.178866][ T6856]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   63.184753][ T6856] RIP: 0033:0x4400d8
[   63.188636][ T6856] Code: Bad RIP value.
[   63.192695][ T6856] RSP: 002b:00007ffd51eb8df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   63.201099][ T6856] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004400d8
[   63.209333][ T6856] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[   63.217289][ T6856] RBP: 00000000004c63d0 R08: 00000000000000e7 R09: ffffffffffffffd0
[   63.225656][ T6856] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000001
[   63.233628][ T6856] R13: 00000000006d85e0 R14: 0000000000000000 R15: 0000000000000000