[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.15.203' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   65.596407][ T6831] IPVS: ftp: loaded support on port[0] = 21
[   65.651980][ T6831] IPVS: ftp: loaded support on port[0] = 21
[   65.710235][   T21] tipc: TX() has been purged, node left!
[   65.749346][ T6831] 
[   65.751696][ T6831] ======================================================
[   65.758699][ T6831] WARNING: possible circular locking dependency detected
[   65.765702][ T6831] 5.9.0-rc2-next-20200828-syzkaller #0 Not tainted
[   65.772181][ T6831] ------------------------------------------------------
[   65.779187][ T6831] syz-executor597/6831 is trying to acquire lock:
[   65.785579][ T6831] ffffffff8a879430 (pernet_ops_rwsem){++++}-{3:3}, at: unregister_netdevice_notifier+0x1e/0x170
[   65.796001][ T6831] 
[   65.796001][ T6831] but task is already holding lock:
[   65.803349][ T6831] ffff888085c9ac90 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[   65.813426][ T6831] 
[   65.813426][ T6831] which lock already depends on the new lock.
[   65.813426][ T6831] 
[   65.823810][ T6831] 
[   65.823810][ T6831] the existing dependency chain (in reverse order) is:
[   65.832809][ T6831] 
[   65.832809][ T6831] -> #3 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}:
[   65.841499][ T6831]        down_write+0x8d/0x150
[   65.846250][ T6831]        __sock_release+0x86/0x280
[   65.851361][ T6831]        sock_close+0x18/0x20
[   65.856023][ T6831]        __fput+0x285/0x920
[   65.860513][ T6831]        delayed_fput+0x56/0x70
[   65.865351][ T6831]        process_one_work+0x94c/0x1670
[   65.870796][ T6831]        worker_thread+0x64c/0x1120
[   65.875980][ T6831]        kthread+0x3b5/0x4a0
[   65.880561][ T6831]        ret_from_fork+0x1f/0x30
[   65.885474][ T6831] 
[   65.885474][ T6831] -> #2 ((delayed_fput_work).work){+.+.}-{0:0}:
[   65.893895][ T6831]        process_one_work+0x8bb/0x1670
[   65.899343][ T6831]        worker_thread+0x64c/0x1120
[   65.904526][ T6831]        kthread+0x3b5/0x4a0
[   65.909122][ T6831]        ret_from_fork+0x1f/0x30
[   65.914134][ T6831] 
[   65.914134][ T6831] -> #1 ((wq_completion)events){+.+.}-{0:0}:
[   65.922298][ T6831]        flush_workqueue+0x110/0x13e0
[   65.927658][ T6831]        tipc_exit_net+0x47/0x2a0
[   65.932686][ T6831]        ops_exit_list+0xb0/0x160
[   65.937697][ T6831]        cleanup_net+0x4ea/0xb10
[   65.942625][ T6831]        process_one_work+0x94c/0x1670
[   65.948070][ T6831]        worker_thread+0x64c/0x1120
[   65.953262][ T6831]        kthread+0x3b5/0x4a0
[   65.957842][ T6831]        ret_from_fork+0x1f/0x30
[   65.962757][ T6831] 
[   65.962757][ T6831] -> #0 (pernet_ops_rwsem){++++}-{3:3}:
[   65.970572][ T6831]        __lock_acquire+0x2a6b/0x5640
[   65.975932][ T6831]        lock_acquire+0x1f1/0xad0
[   65.980962][ T6831]        down_write+0x8d/0x150
[   65.985713][ T6831]        unregister_netdevice_notifier+0x1e/0x170
[   65.992116][ T6831]        raw_release+0x58/0x890
[   65.996959][ T6831]        __sock_release+0xcd/0x280
[   66.002058][ T6831]        sock_close+0x18/0x20
[   66.006723][ T6831]        __fput+0x285/0x920
[   66.011228][ T6831]        task_work_run+0xdd/0x190
[   66.016238][ T6831]        do_exit+0xb7d/0x29f0
[   66.020920][ T6831]        do_group_exit+0x125/0x310
[   66.026020][ T6831]        __x64_sys_exit_group+0x3a/0x50
[   66.031554][ T6831]        do_syscall_64+0x2d/0x70
[   66.036479][ T6831]        entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   66.042872][ T6831] 
[   66.042872][ T6831] other info that might help us debug this:
[   66.042872][ T6831] 
[   66.053085][ T6831] Chain exists of:
[   66.053085][ T6831]   pernet_ops_rwsem --> (delayed_fput_work).work --> &sb->s_type->i_mutex_key#13
[   66.053085][ T6831] 
[   66.068019][ T6831]  Possible unsafe locking scenario:
[   66.068019][ T6831] 
[   66.075453][ T6831]        CPU0                    CPU1
[   66.080808][ T6831]        ----                    ----
[   66.086155][ T6831]   lock(&sb->s_type->i_mutex_key#13);
[   66.091604][ T6831]                                lock((delayed_fput_work).work);
[   66.099307][ T6831]                                lock(&sb->s_type->i_mutex_key#13);
[   66.107272][ T6831]   lock(pernet_ops_rwsem);
[   66.111761][ T6831] 
[   66.111761][ T6831]  *** DEADLOCK ***
[   66.111761][ T6831] 
[   66.119895][ T6831] 1 lock held by syz-executor597/6831:
[   66.125331][ T6831]  #0: ffff888085c9ac90 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[   66.135869][ T6831] 
[   66.135869][ T6831] stack backtrace:
[   66.141754][ T6831] CPU: 1 PID: 6831 Comm: syz-executor597 Not tainted 5.9.0-rc2-next-20200828-syzkaller #0
[   66.151645][ T6831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.161685][ T6831] Call Trace:
[   66.164968][ T6831]  dump_stack+0x18f/0x20d
[   66.169294][ T6831]  check_noncircular+0x324/0x3e0
[   66.174222][ T6831]  ? print_circular_bug+0x3a0/0x3a0
[   66.179408][ T6831]  ? find_held_lock+0x2d/0x110
[   66.184164][ T6831]  ? lock_repin_lock+0x460/0x460
[   66.189090][ T6831]  ? mark_lock+0xbc/0x1710
[   66.193556][ T6831]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   66.199618][ T6831]  __lock_acquire+0x2a6b/0x5640
[   66.204464][ T6831]  ? lockdep_hardirqs_on_prepare+0x530/0x530
[   66.210434][ T6831]  lock_acquire+0x1f1/0xad0
[   66.214931][ T6831]  ? unregister_netdevice_notifier+0x1e/0x170
[   66.220988][ T6831]  ? lock_release+0x8e0/0x8e0
[   66.225657][ T6831]  ? lock_is_held_type+0xbb/0xf0
[   66.230584][ T6831]  ? __sock_release+0x86/0x280
[   66.235339][ T6831]  down_write+0x8d/0x150
[   66.239573][ T6831]  ? unregister_netdevice_notifier+0x1e/0x170
[   66.245646][ T6831]  ? down_write_killable+0x170/0x170
[   66.250921][ T6831]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   66.256737][ T6831]  ? lock_is_held_type+0xbb/0xf0
[   66.261666][ T6831]  unregister_netdevice_notifier+0x1e/0x170
[   66.267553][ T6831]  raw_release+0x58/0x890
[   66.271889][ T6831]  ? fcntl_setlk+0xf60/0xf60
[   66.276489][ T6831]  __sock_release+0xcd/0x280
[   66.281086][ T6831]  sock_close+0x18/0x20
[   66.285317][ T6831]  __fput+0x285/0x920
[   66.289290][ T6831]  ? __sock_release+0x280/0x280
[   66.294149][ T6831]  task_work_run+0xdd/0x190
[   66.298641][ T6831]  do_exit+0xb7d/0x29f0
[   66.302787][ T6831]  ? mm_update_next_owner+0x7a0/0x7a0
[   66.308172][ T6831]  ? lock_is_held_type+0xbb/0xf0
[   66.313100][ T6831]  do_group_exit+0x125/0x310
[   66.317678][ T6831]  __x64_sys_exit_group+0x3a/0x50
[   66.322695][ T6831]  do_syscall_64+0x2d/0x70
[   66.327098][ T6831]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   66.333083][ T6831] RIP: 0033:0x4400d8
[   66.336959][ T6831] Code: Bad RIP value.
[   66.341009][ T6831] RSP: 002b:00007ffd9da328d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   66.349423][ T6831] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004400d8
[   66.357384][ T6831] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[   66.365344][ T6831] RBP: 00000000004c63d0 R08: 00000000000000e7 R09: ffffffffffffffd0
[   66.373305][ T6831] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000001
[   66.381265][ T6831] R13: 00000000006d85e0 R14: 0000000000000000 R15: 0000000000000000