[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 68.716544][ T26] audit: type=1800 audit(1584893915.842:25): pid=9306 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 68.750595][ T26] audit: type=1800 audit(1584893915.852:26): pid=9306 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 68.785044][ T26] audit: type=1800 audit(1584893915.852:27): pid=9306 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.185' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 78.398779][ T9460] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 78.410243][ T9460] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 78.424526][ T9460] netlink: 'syz-executor725': attribute type 1 has an invalid length. [ 78.468235][ T9460] bond1: (slave gretap1): making interface the new active one [ 78.485418][ T9460] [ 78.487779][ T9460] ====================================================== [ 78.494787][ T9460] WARNING: possible circular locking dependency detected [ 78.501795][ T9460] 5.6.0-rc3-next-20200228-syzkaller #0 Not tainted [ 78.508282][ T9460] ------------------------------------------------------ [ 78.515292][ T9460] syz-executor725/9460 is trying to acquire lock: [ 78.521692][ T9460] ffffffff8a3d5260 (lock#3){+.+.}, at: cma_netdev_callback+0xc5/0x390 [ 78.530285][ T9460] [ 78.530285][ T9460] but task is already holding lock: [ 78.537648][ T9460] ffffffff8a551680 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3f9/0xad0 [ 78.546072][ T9460] [ 78.546072][ T9460] which lock already depends on the new lock. [ 78.546072][ T9460] [ 78.556472][ T9460] [ 78.556472][ T9460] the existing dependency chain (in reverse order) is: [ 78.565741][ T9460] [ 78.565741][ T9460] -> #1 (rtnl_mutex){+.+.}: [ 78.572427][ T9460] __mutex_lock+0x156/0x13c0 [ 78.577540][ T9460] siw_create_listen+0x329/0xed0 [ 78.582997][ T9460] iw_cm_listen+0x166/0x1e0 [ 78.588024][ T9460] rdma_listen+0x5e2/0x910 [ 78.592960][ T9460] cma_listen_on_dev+0x56b/0x6d0 [ 78.598418][ T9460] cma_add_one+0x6aa/0xb60 [ 78.603382][ T9460] add_client_context+0x400/0x560 [ 78.608944][ T9460] enable_device_and_get+0x1cd/0x3b0 [ 78.614747][ T9460] ib_register_device+0xa12/0xda0 [ 78.620288][ T9460] siw_newlink+0xdef/0x1310 [ 78.625309][ T9460] nldev_newlink+0x27f/0x400 [ 78.630415][ T9460] rdma_nl_rcv+0x586/0x900 [ 78.635353][ T9460] netlink_unicast+0x537/0x740 [ 78.640635][ T9460] netlink_sendmsg+0x882/0xe10 [ 78.645920][ T9460] sock_sendmsg+0xcf/0x120 [ 78.650848][ T9460] ____sys_sendmsg+0x6b9/0x7d0 [ 78.656127][ T9460] ___sys_sendmsg+0x100/0x170 [ 78.661315][ T9460] __sys_sendmsg+0xec/0x1b0 [ 78.666334][ T9460] do_syscall_64+0xf6/0x790 [ 78.671351][ T9460] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 78.677750][ T9460] [ 78.677750][ T9460] -> #0 (lock#3){+.+.}: [ 78.684082][ T9460] __lock_acquire+0x24b3/0x5270 [ 78.689446][ T9460] lock_acquire+0x197/0x420 [ 78.694461][ T9460] __mutex_lock+0x156/0x13c0 [ 78.699569][ T9460] cma_netdev_callback+0xc5/0x390 [ 78.705110][ T9460] notifier_call_chain+0xc0/0x230 [ 78.710852][ T9460] call_netdevice_notifiers_info+0xb5/0x130 [ 78.717262][ T9460] call_netdevice_notifiers+0x79/0xa0 [ 78.723158][ T9460] bond_change_active_slave+0x80e/0x1d90 [ 78.729307][ T9460] bond_select_active_slave+0x250/0xa60 [ 78.735367][ T9460] bond_enslave+0x4281/0x4800 [ 78.740561][ T9460] do_set_master+0x1d7/0x230 [ 78.745673][ T9460] __rtnl_newlink+0x11d4/0x1590 [ 78.751038][ T9460] rtnl_newlink+0x64/0xa0 [ 78.755889][ T9460] rtnetlink_rcv_msg+0x44e/0xad0 [ 78.761339][ T9460] netlink_rcv_skb+0x15a/0x410 [ 78.766618][ T9460] netlink_unicast+0x537/0x740 [ 78.771899][ T9460] netlink_sendmsg+0x882/0xe10 [ 78.777177][ T9460] sock_sendmsg+0xcf/0x120 [ 78.782110][ T9460] ____sys_sendmsg+0x6b9/0x7d0 [ 78.787407][ T9460] ___sys_sendmsg+0x100/0x170 [ 78.792612][ T9460] __sys_sendmsg+0xec/0x1b0 [ 78.797631][ T9460] do_syscall_64+0xf6/0x790 [ 78.802651][ T9460] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 78.809052][ T9460] [ 78.809052][ T9460] other info that might help us debug this: [ 78.809052][ T9460] [ 78.819284][ T9460] Possible unsafe locking scenario: [ 78.819284][ T9460] [ 78.826729][ T9460] CPU0 CPU1 [ 78.832098][ T9460] ---- ---- [ 78.837453][ T9460] lock(rtnl_mutex); [ 78.841430][ T9460] lock(lock#3); [ 78.847575][ T9460] lock(rtnl_mutex); [ 78.854066][ T9460] lock(lock#3); [ 78.857692][ T9460] [ 78.857692][ T9460] *** DEADLOCK *** [ 78.857692][ T9460] [ 78.865832][ T9460] 1 lock held by syz-executor725/9460: [ 78.871279][ T9460] #0: ffffffff8a551680 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3f9/0xad0 [ 78.880142][ T9460] [ 78.880142][ T9460] stack backtrace: [ 78.886029][ T9460] CPU: 1 PID: 9460 Comm: syz-executor725 Not tainted 5.6.0-rc3-next-20200228-syzkaller #0 [ 78.895902][ T9460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.905948][ T9460] Call Trace: [ 78.909249][ T9460] dump_stack+0x188/0x20d [ 78.913584][ T9460] check_noncircular+0x32e/0x3e0 [ 78.918641][ T9460] ? print_circular_bug.isra.0+0x220/0x220 [ 78.924446][ T9460] ? graph_lock+0x7e/0x210 [ 78.928857][ T9460] ? alloc_list_entry+0xb0/0xb0 [ 78.933723][ T9460] ? mark_lock+0xbc/0x1220 [ 78.938139][ T9460] __lock_acquire+0x24b3/0x5270 [ 78.942989][ T9460] ? __queue_work+0x566/0x1280 [ 78.947747][ T9460] ? mark_held_locks+0xe0/0xe0 [ 78.952504][ T9460] ? find_held_lock+0x2d/0x110 [ 78.957297][ T9460] ? __queue_work+0x566/0x1280 [ 78.962059][ T9460] lock_acquire+0x197/0x420 [ 78.966558][ T9460] ? cma_netdev_callback+0xc5/0x390 [ 78.971751][ T9460] __mutex_lock+0x156/0x13c0 [ 78.976333][ T9460] ? cma_netdev_callback+0xc5/0x390 [ 78.981662][ T9460] ? mark_lock+0xbc/0x1220 [ 78.986078][ T9460] ? cfg80211_netdev_notifier_call+0x172/0x170e [ 78.992321][ T9460] ? cma_netdev_callback+0xc5/0x390 [ 78.997518][ T9460] ? cfg80211_init_wdev+0x4c0/0x4c0 [ 79.002799][ T9460] ? mark_held_locks+0x9f/0xe0 [ 79.007575][ T9460] ? mutex_trylock+0x2c0/0x2c0 [ 79.012345][ T9460] ? queue_work_on+0x127/0x200 [ 79.017109][ T9460] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 79.023003][ T9460] ? inetdev_event+0x1a5/0x15b0 [ 79.027860][ T9460] ? update_gid_event_work_handler+0xb0/0xb0 [ 79.033838][ T9460] ? tun_device_event+0x71/0x10d0 [ 79.038858][ T9460] ? add_netdev_upper_ips+0x30/0x30 [ 79.044057][ T9460] ? cma_netdev_callback+0xc5/0x390 [ 79.049250][ T9460] cma_netdev_callback+0xc5/0x390 [ 79.054274][ T9460] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 79.060166][ T9460] notifier_call_chain+0xc0/0x230 [ 79.065276][ T9460] call_netdevice_notifiers_info+0xb5/0x130 [ 79.071163][ T9460] call_netdevice_notifiers+0x79/0xa0 [ 79.076528][ T9460] ? call_netdevice_notifiers_info+0x130/0x130 [ 79.082686][ T9460] ? queue_delayed_work_on+0x12f/0x210 [ 79.088143][ T9460] bond_change_active_slave+0x80e/0x1d90 [ 79.093770][ T9460] ? queue_delayed_work_on+0x12f/0x210 [ 79.099225][ T9460] ? bond_slave_link_status+0x70/0x70 [ 79.104596][ T9460] bond_select_active_slave+0x250/0xa60 [ 79.110141][ T9460] ? bond_set_carrier+0x20e/0x3f0 [ 79.115157][ T9460] ? bond_change_active_slave+0x1d90/0x1d90 [ 79.121043][ T9460] bond_enslave+0x4281/0x4800 [ 79.125721][ T9460] ? bond_update_slave_arr+0x820/0x820 [ 79.131171][ T9460] ? rtmsg_ifinfo_event.part.0+0xb6/0xe0 [ 79.136797][ T9460] ? rtmsg_ifinfo+0x7f/0xa0 [ 79.141298][ T9460] ? __dev_notify_flags+0x183/0x2c0 [ 79.146491][ T9460] ? ipgre_changelink+0x330/0x330 [ 79.151514][ T9460] ? dev_change_name+0x930/0x930 [ 79.156444][ T9460] ? xdp_rxq_info_reg+0x111/0x1b0 [ 79.161468][ T9460] ? bond_update_slave_arr+0x820/0x820 [ 79.166929][ T9460] do_set_master+0x1d7/0x230 [ 79.171514][ T9460] __rtnl_newlink+0x11d4/0x1590 [ 79.176368][ T9460] ? rtnl_link_unregister+0x240/0x240 [ 79.181746][ T9460] ? kernel_text_address+0xe2/0x100 [ 79.186936][ T9460] ? __kernel_text_address+0x9/0x30 [ 79.192128][ T9460] ? unwind_get_return_address+0x5a/0xa0 [ 79.197752][ T9460] ? profile_setup.cold+0xc1/0xc1 [ 79.202780][ T9460] ? arch_stack_walk+0x84/0xd0 [ 79.207559][ T9460] ? stack_trace_save+0x8c/0xc0 [ 79.212407][ T9460] ? stack_trace_consume_entry+0x160/0x160 [ 79.218231][ T9460] ? rtnl_newlink+0x46/0xa0 [ 79.222728][ T9460] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 79.228271][ T9460] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 79.234248][ T9460] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 79.240054][ T9460] ? rtnetlink_rcv_msg+0x1d6/0xad0 [ 79.245163][ T9460] rtnl_newlink+0x64/0xa0 [ 79.249489][ T9460] ? __rtnl_newlink+0x1590/0x1590 [ 79.254554][ T9460] rtnetlink_rcv_msg+0x44e/0xad0 [ 79.259489][ T9460] ? rtnl_bridge_getlink+0x880/0x880 [ 79.264858][ T9460] ? mark_held_locks+0xe0/0xe0 [ 79.269614][ T9460] ? netlink_deliver_tap+0x146/0xb50 [ 79.274896][ T9460] netlink_rcv_skb+0x15a/0x410 [ 79.279660][ T9460] ? rtnl_bridge_getlink+0x880/0x880 [ 79.284941][ T9460] ? netlink_ack+0xa80/0xa80 [ 79.289532][ T9460] netlink_unicast+0x537/0x740 [ 79.294295][ T9460] ? netlink_attachskb+0x810/0x810 [ 79.299401][ T9460] ? _copy_from_iter_full+0x25c/0x870 [ 79.304899][ T9460] ? __phys_addr_symbol+0x2c/0x70 [ 79.310033][ T9460] ? __check_object_size+0x171/0x437 [ 79.315320][ T9460] netlink_sendmsg+0x882/0xe10 [ 79.320083][ T9460] ? aa_af_perm+0x260/0x260 [ 79.324580][ T9460] ? netlink_unicast+0x740/0x740 [ 79.329515][ T9460] ? netlink_unicast+0x740/0x740 [ 79.334456][ T9460] sock_sendmsg+0xcf/0x120 [ 79.338872][ T9460] ____sys_sendmsg+0x6b9/0x7d0 [ 79.343631][ T9460] ? kernel_sendmsg+0x50/0x50 [ 79.348346][ T9460] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 79.353885][ T9460] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 79.359861][ T9460] ? lockdep_init_map+0x1b0/0x6c0 [ 79.364910][ T9460] ___sys_sendmsg+0x100/0x170 [ 79.369583][ T9460] ? mark_lock+0xbc/0x1220 [ 79.374086][ T9460] ? sendmsg_copy_msghdr+0x70/0x70 [ 79.379190][ T9460] ? __lock_acquire+0x827/0x5270 [ 79.384125][ T9460] ? find_held_lock+0x2d/0x110 [ 79.388880][ T9460] ? __fd_install+0x1b4/0x600 [ 79.394073][ T9460] ? lock_downgrade+0x7f0/0x7f0 [ 79.398916][ T9460] ? __fget_light+0x1a5/0x270 [ 79.403592][ T9460] __sys_sendmsg+0xec/0x1b0 [ 79.408089][ T9460] ? __sys_sendmsg_sock+0xb0/0xb0 [ 79.413111][ T9460] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 79.419091][ T9460] ? trace_hardirqs_off_caller+0x55/0x230 [ 79.425035][ T9460] ? do_syscall_64+0x21/0x790 [ 79.429709][ T9460] do_syscall_64+0xf6/0x790 [ 79.434211][ T9460] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.440104][ T9460] RIP: 0033:0x440529 [ 79.443994][ T9460] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 79.463586][ T9460] RSP: 002b:00007ffdb731edf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 79.471988][ T9460] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 79.479952][ T9460] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 79.487916][ T9460] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 79.495883][ T9460] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401db0 [ 79.503847][ T9460] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 79.517526][ T9460] bond1: (slave gretap1): Enslaving as an a