[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[  OK  ] Started Load/Save RF Kill Switch Status.
[   53.657261][ T6755] sshd (6755) used greatest stack depth: 23440 bytes left
[  OK  ] Started Update UTMP about System Runlevel Changes.


Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   61.704116][ T6863] IPVS: ftp: loaded support on port[0] = 21
[   61.760901][ T6886] IPVS: ftp: loaded support on port[0] = 21
[   61.803868][  T260] tipc: TX() has been purged, node left!
[   61.861568][ T6863] 
[   61.863918][ T6863] ======================================================
[   61.870961][ T6863] WARNING: possible circular locking dependency detected
[   61.878215][ T6863] 5.9.0-rc2-next-20200828-syzkaller #0 Not tainted
[   61.884799][ T6863] ------------------------------------------------------
[   61.891816][ T6863] syz-executor809/6863 is trying to acquire lock:
[   61.898204][ T6863] ffffffff8a879430 (pernet_ops_rwsem){++++}-{3:3}, at: unregister_netdevice_notifier+0x1e/0x170
[   61.908635][ T6863] 
[   61.908635][ T6863] but task is already holding lock:
[   61.915977][ T6863] ffff88809b37d750 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[   61.926043][ T6863] 
[   61.926043][ T6863] which lock already depends on the new lock.
[   61.926043][ T6863] 
[   61.936421][ T6863] 
[   61.936421][ T6863] the existing dependency chain (in reverse order) is:
[   61.945585][ T6863] 
[   61.945585][ T6863] -> #3 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}:
[   61.954252][ T6863]        down_write+0x8d/0x150
[   61.959013][ T6863]        __sock_release+0x86/0x280
[   61.964105][ T6863]        sock_close+0x18/0x20
[   61.970587][ T6863]        __fput+0x285/0x920
[   61.975107][ T6863]        delayed_fput+0x56/0x70
[   61.979948][ T6863]        process_one_work+0x94c/0x1670
[   61.985396][ T6863]        worker_thread+0x64c/0x1120
[   61.990749][ T6863]        kthread+0x3b5/0x4a0
[   61.995324][ T6863]        ret_from_fork+0x1f/0x30
[   62.000343][ T6863] 
[   62.000343][ T6863] -> #2 ((delayed_fput_work).work){+.+.}-{0:0}:
[   62.008809][ T6863]        process_one_work+0x8bb/0x1670
[   62.014249][ T6863]        worker_thread+0x64c/0x1120
[   62.019427][ T6863]        kthread+0x3b5/0x4a0
[   62.024002][ T6863]        ret_from_fork+0x1f/0x30
[   62.028926][ T6863] 
[   62.028926][ T6863] -> #1 ((wq_completion)events){+.+.}-{0:0}:
[   62.037069][ T6863]        flush_workqueue+0x110/0x13e0
[   62.042414][ T6863]        tipc_exit_net+0x47/0x2a0
[   62.047427][ T6863]        ops_exit_list+0xb0/0x160
[   62.052424][ T6863]        cleanup_net+0x4ea/0xb10
[   62.057349][ T6863]        process_one_work+0x94c/0x1670
[   62.062781][ T6863]        worker_thread+0x64c/0x1120
[   62.067955][ T6863]        kthread+0x3b5/0x4a0
[   62.072519][ T6863]        ret_from_fork+0x1f/0x30
[   62.077612][ T6863] 
[   62.077612][ T6863] -> #0 (pernet_ops_rwsem){++++}-{3:3}:
[   62.085329][ T6863]        __lock_acquire+0x2a6b/0x5640
[   62.090675][ T6863]        lock_acquire+0x1f1/0xad0
[   62.095672][ T6863]        down_write+0x8d/0x150
[   62.100427][ T6863]        unregister_netdevice_notifier+0x1e/0x170
[   62.106829][ T6863]        raw_release+0x58/0x890
[   62.111658][ T6863]        __sock_release+0xcd/0x280
[   62.116758][ T6863]        sock_close+0x18/0x20
[   62.121407][ T6863]        __fput+0x285/0x920
[   62.125895][ T6863]        task_work_run+0xdd/0x190
[   62.130904][ T6863]        do_exit+0xb7d/0x29f0
[   62.135554][ T6863]        do_group_exit+0x125/0x310
[   62.140648][ T6863]        __x64_sys_exit_group+0x3a/0x50
[   62.146166][ T6863]        do_syscall_64+0x2d/0x70
[   62.151089][ T6863]        entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.157470][ T6863] 
[   62.157470][ T6863] other info that might help us debug this:
[   62.157470][ T6863] 
[   62.167682][ T6863] Chain exists of:
[   62.167682][ T6863]   pernet_ops_rwsem --> (delayed_fput_work).work --> &sb->s_type->i_mutex_key#13
[   62.167682][ T6863] 
[   62.182599][ T6863]  Possible unsafe locking scenario:
[   62.182599][ T6863] 
[   62.190047][ T6863]        CPU0                    CPU1
[   62.195473][ T6863]        ----                    ----
[   62.200899][ T6863]   lock(&sb->s_type->i_mutex_key#13);
[   62.206333][ T6863]                                lock((delayed_fput_work).work);
[   62.214110][ T6863]                                lock(&sb->s_type->i_mutex_key#13);
[   62.222067][ T6863]   lock(pernet_ops_rwsem);
[   62.226547][ T6863] 
[   62.226547][ T6863]  *** DEADLOCK ***
[   62.226547][ T6863] 
[   62.234670][ T6863] 1 lock held by syz-executor809/6863:
[   62.240104][ T6863]  #0: ffff88809b37d750 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[   62.250597][ T6863] 
[   62.250597][ T6863] stack backtrace:
[   62.256465][ T6863] CPU: 0 PID: 6863 Comm: syz-executor809 Not tainted 5.9.0-rc2-next-20200828-syzkaller #0
[   62.266340][ T6863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   62.276458][ T6863] Call Trace:
[   62.279734][ T6863]  dump_stack+0x18f/0x20d
[   62.284041][ T6863]  check_noncircular+0x324/0x3e0
[   62.288953][ T6863]  ? print_circular_bug+0x3a0/0x3a0
[   62.294140][ T6863]  ? find_held_lock+0x2d/0x110
[   62.299701][ T6863]  ? is_bpf_text_address+0xa9/0x160
[   62.305012][ T6863]  ? lock_repin_lock+0x460/0x460
[   62.309983][ T6863]  ? mark_lock+0xbc/0x1710
[   62.314386][ T6863]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.320429][ T6863]  __lock_acquire+0x2a6b/0x5640
[   62.325258][ T6863]  ? lockdep_hardirqs_on_prepare+0x530/0x530
[   62.331226][ T6863]  lock_acquire+0x1f1/0xad0
[   62.335716][ T6863]  ? unregister_netdevice_notifier+0x1e/0x170
[   62.341774][ T6863]  ? lock_release+0x8e0/0x8e0
[   62.346426][ T6863]  ? lock_is_held_type+0xbb/0xf0
[   62.351339][ T6863]  ? __sock_release+0x86/0x280
[   62.356079][ T6863]  down_write+0x8d/0x150
[   62.360298][ T6863]  ? unregister_netdevice_notifier+0x1e/0x170
[   62.366336][ T6863]  ? down_write_killable+0x170/0x170
[   62.371597][ T6863]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   62.377395][ T6863]  ? lock_is_held_type+0xbb/0xf0
[   62.382326][ T6863]  unregister_netdevice_notifier+0x1e/0x170
[   62.388210][ T6863]  raw_release+0x58/0x890
[   62.392519][ T6863]  ? fcntl_setlk+0xf60/0xf60
[   62.397088][ T6863]  __sock_release+0xcd/0x280
[   62.401655][ T6863]  sock_close+0x18/0x20
[   62.405800][ T6863]  __fput+0x285/0x920
[   62.409846][ T6863]  ? __sock_release+0x280/0x280
[   62.414689][ T6863]  task_work_run+0xdd/0x190
[   62.419181][ T6863]  do_exit+0xb7d/0x29f0
[   62.423335][ T6863]  ? try_to_wake_up+0xd6/0x12b0
[   62.428160][ T6863]  ? do_group_exit+0x29a/0x310
[   62.432919][ T6863]  ? mm_update_next_owner+0x7a0/0x7a0
[   62.438281][ T6863]  ? lock_downgrade+0x830/0x830
[   62.443109][ T6863]  ? _raw_spin_unlock_irq+0x1f/0x80
[   62.448283][ T6863]  ? lockdep_hardirqs_on_prepare+0x354/0x530
[   62.454235][ T6863]  ? trace_hardirqs_on+0x5f/0x220
[   62.459247][ T6863]  do_group_exit+0x125/0x310
[   62.463899][ T6863]  __x64_sys_exit_group+0x3a/0x50
[   62.468899][ T6863]  do_syscall_64+0x2d/0x70
[   62.473302][ T6863]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.479202][ T6863] RIP: 0033:0x445658
[   62.483162][ T6863] Code: Bad RIP value.
[   62.487656][ T6863] RSP: 002b:00007ffc499cd878 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   62.496053][ T6863] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000445658
[   62.504023][ T6863] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[   62.511990][ T6863] RBP: 00000000004cd850 R08: 00000000000000e7 R09: ffffffffffffffd0
[   62.519938][ T6863] R10: 00007ffc499cd8e0 R11: 0000000000000246 R12: 0000000000000001
[   62.528335][ T6863] R13: 00000000006e1780 R14: 000000000000002d R15: 0000000000000064