[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.26' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   63.161516][ T6852] IPVS: ftp: loaded support on port[0] = 21
[   63.216867][ T6852] IPVS: ftp: loaded support on port[0] = 21
[   63.270767][  T590] tipc: TX() has been purged, node left!
[   63.307210][ T6852] 
[   63.309551][ T6852] ======================================================
[   63.316542][ T6852] WARNING: possible circular locking dependency detected
[   63.323541][ T6852] 5.9.0-rc2-next-20200828-syzkaller #0 Not tainted
[   63.330011][ T6852] ------------------------------------------------------
[   63.337026][ T6852] syz-executor924/6852 is trying to acquire lock:
[   63.343415][ T6852] ffffffff8a879430 (pernet_ops_rwsem){++++}-{3:3}, at: unregister_netdevice_notifier+0x1e/0x170
[   63.353825][ T6852] 
[   63.353825][ T6852] but task is already holding lock:
[   63.361173][ T6852] ffff8880864fd210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[   63.371230][ T6852] 
[   63.371230][ T6852] which lock already depends on the new lock.
[   63.371230][ T6852] 
[   63.381609][ T6852] 
[   63.381609][ T6852] the existing dependency chain (in reverse order) is:
[   63.390595][ T6852] 
[   63.390595][ T6852] -> #3 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}:
[   63.399266][ T6852]        down_write+0x8d/0x150
[   63.404007][ T6852]        __sock_release+0x86/0x280
[   63.409093][ T6852]        sock_close+0x18/0x20
[   63.413745][ T6852]        __fput+0x285/0x920
[   63.418234][ T6852]        delayed_fput+0x56/0x70
[   63.423070][ T6852]        process_one_work+0x94c/0x1670
[   63.428507][ T6852]        worker_thread+0x64c/0x1120
[   63.433680][ T6852]        kthread+0x3b5/0x4a0
[   63.438246][ T6852]        ret_from_fork+0x1f/0x30
[   63.443173][ T6852] 
[   63.443173][ T6852] -> #2 ((delayed_fput_work).work){+.+.}-{0:0}:
[   63.451576][ T6852]        process_one_work+0x8bb/0x1670
[   63.457011][ T6852]        worker_thread+0x64c/0x1120
[   63.462185][ T6852]        kthread+0x3b5/0x4a0
[   63.466754][ T6852]        ret_from_fork+0x1f/0x30
[   63.471660][ T6852] 
[   63.471660][ T6852] -> #1 ((wq_completion)events){+.+.}-{0:0}:
[   63.479799][ T6852]        flush_workqueue+0x110/0x13e0
[   63.485148][ T6852]        tipc_exit_net+0x47/0x2a0
[   63.490157][ T6852]        ops_exit_list+0xb0/0x160
[   63.495158][ T6852]        cleanup_net+0x4ea/0xb10
[   63.500086][ T6852]        process_one_work+0x94c/0x1670
[   63.505522][ T6852]        worker_thread+0x64c/0x1120
[   63.510695][ T6852]        kthread+0x3b5/0x4a0
[   63.515266][ T6852]        ret_from_fork+0x1f/0x30
[   63.520170][ T6852] 
[   63.520170][ T6852] -> #0 (pernet_ops_rwsem){++++}-{3:3}:
[   63.527879][ T6852]        __lock_acquire+0x2a6b/0x5640
[   63.533226][ T6852]        lock_acquire+0x1f1/0xad0
[   63.538229][ T6852]        down_write+0x8d/0x150
[   63.542972][ T6852]        unregister_netdevice_notifier+0x1e/0x170
[   63.549376][ T6852]        raw_release+0x58/0x890
[   63.554203][ T6852]        __sock_release+0xcd/0x280
[   63.559291][ T6852]        sock_close+0x18/0x20
[   63.563944][ T6852]        __fput+0x285/0x920
[   63.568422][ T6852]        task_work_run+0xdd/0x190
[   63.573420][ T6852]        do_exit+0xb7d/0x29f0
[   63.578071][ T6852]        do_group_exit+0x125/0x310
[   63.583170][ T6852]        __x64_sys_exit_group+0x3a/0x50
[   63.588691][ T6852]        do_syscall_64+0x2d/0x70
[   63.593604][ T6852]        entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   63.599989][ T6852] 
[   63.599989][ T6852] other info that might help us debug this:
[   63.599989][ T6852] 
[   63.610192][ T6852] Chain exists of:
[   63.610192][ T6852]   pernet_ops_rwsem --> (delayed_fput_work).work --> &sb->s_type->i_mutex_key#13
[   63.610192][ T6852] 
[   63.625107][ T6852]  Possible unsafe locking scenario:
[   63.625107][ T6852] 
[   63.632532][ T6852]        CPU0                    CPU1
[   63.637871][ T6852]        ----                    ----
[   63.643239][ T6852]   lock(&sb->s_type->i_mutex_key#13);
[   63.648676][ T6852]                                lock((delayed_fput_work).work);
[   63.656367][ T6852]                                lock(&sb->s_type->i_mutex_key#13);
[   63.664323][ T6852]   lock(pernet_ops_rwsem);
[   63.668801][ T6852] 
[   63.668801][ T6852]  *** DEADLOCK ***
[   63.668801][ T6852] 
[   63.676923][ T6852] 1 lock held by syz-executor924/6852:
[   63.682350][ T6852]  #0: ffff8880864fd210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[   63.692846][ T6852] 
[   63.692846][ T6852] stack backtrace:
[   63.698718][ T6852] CPU: 1 PID: 6852 Comm: syz-executor924 Not tainted 5.9.0-rc2-next-20200828-syzkaller #0
[   63.708574][ T6852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   63.718603][ T6852] Call Trace:
[   63.721874][ T6852]  dump_stack+0x18f/0x20d
[   63.726181][ T6852]  check_noncircular+0x324/0x3e0
[   63.731097][ T6852]  ? print_circular_bug+0x3a0/0x3a0
[   63.736268][ T6852]  ? find_held_lock+0x2d/0x110
[   63.741009][ T6852]  ? is_bpf_text_address+0xa9/0x160
[   63.746185][ T6852]  ? lock_repin_lock+0x460/0x460
[   63.751098][ T6852]  ? mark_lock+0xbc/0x1710
[   63.755490][ T6852]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   63.761534][ T6852]  __lock_acquire+0x2a6b/0x5640
[   63.766378][ T6852]  ? lockdep_hardirqs_on_prepare+0x530/0x530
[   63.772337][ T6852]  lock_acquire+0x1f1/0xad0
[   63.776818][ T6852]  ? unregister_netdevice_notifier+0x1e/0x170
[   63.782863][ T6852]  ? lock_release+0x8e0/0x8e0
[   63.787519][ T6852]  ? lock_is_held_type+0xbb/0xf0
[   63.792447][ T6852]  ? __sock_release+0x86/0x280
[   63.797188][ T6852]  down_write+0x8d/0x150
[   63.801412][ T6852]  ? unregister_netdevice_notifier+0x1e/0x170
[   63.807456][ T6852]  ? down_write_killable+0x170/0x170
[   63.812720][ T6852]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   63.818502][ T6852]  ? lock_is_held_type+0xbb/0xf0
[   63.823418][ T6852]  unregister_netdevice_notifier+0x1e/0x170
[   63.829291][ T6852]  raw_release+0x58/0x890
[   63.833598][ T6852]  ? fcntl_setlk+0xf60/0xf60
[   63.838164][ T6852]  __sock_release+0xcd/0x280
[   63.842732][ T6852]  sock_close+0x18/0x20
[   63.846863][ T6852]  __fput+0x285/0x920
[   63.850821][ T6852]  ? __sock_release+0x280/0x280
[   63.855648][ T6852]  task_work_run+0xdd/0x190
[   63.860127][ T6852]  do_exit+0xb7d/0x29f0
[   63.864263][ T6852]  ? mm_update_next_owner+0x7a0/0x7a0
[   63.869613][ T6852]  ? lock_is_held_type+0xbb/0xf0
[   63.874525][ T6852]  do_group_exit+0x125/0x310
[   63.879092][ T6852]  __x64_sys_exit_group+0x3a/0x50
[   63.884091][ T6852]  do_syscall_64+0x2d/0x70
[   63.888484][ T6852]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   63.894351][ T6852] RIP: 0033:0x4400d8
[   63.898218][ T6852] Code: Bad RIP value.
[   63.902259][ T6852] RSP: 002b:00007fff46a6bb58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   63.910648][ T6852] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004400d8
[   63.918595][ T6852] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[   63.926541][ T6852] RBP: 00000000004c63d0 R08: 00000000000000e7 R09: ffffffffffffffd0
[   63.934488][ T6852] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000001
[   63.942436][ T6852] R13: 00000000006d85e0 R14: 0000000000000000 R15: 0000000000000000