[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.166' (ECDSA) to the list of known hosts.
syzkaller login: [   67.212089][ T8458] IPVS: ftp: loaded support on port[0] = 21
[   67.309931][ T8458] chnl_net:caif_netlink_parms(): no params data found
[   67.365077][ T8458] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.372720][ T8458] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.382514][ T8458] device bridge_slave_0 entered promiscuous mode
[   67.392537][ T8458] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.399970][ T8458] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.407845][ T8458] device bridge_slave_1 entered promiscuous mode
[   67.428658][ T8458] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.440501][ T8458] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.465620][ T8458] team0: Port device team_slave_0 added
[   67.472986][ T8458] team0: Port device team_slave_1 added
[   67.491228][ T8458] batman_adv: batadv0: Adding interface: batadv_slave_0
[   67.498453][ T8458] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.526284][ T8458] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   67.538899][ T8458] batman_adv: batadv0: Adding interface: batadv_slave_1
[   67.545953][ T8458] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.571977][ T8458] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   67.600125][ T8458] device hsr_slave_0 entered promiscuous mode
[   67.606949][ T8458] device hsr_slave_1 entered promiscuous mode
[   67.712886][ T8458] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   67.724019][ T8458] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   67.735404][ T8458] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   67.745860][ T8458] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   67.771298][ T8458] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.778541][ T8458] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.786699][ T8458] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.793871][ T8458] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.842896][ T8458] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.858941][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   67.869806][   T17] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.879166][   T17] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.888098][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   67.902120][ T8458] 8021q: adding VLAN 0 to HW filter on device team0
[   67.916028][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   67.924955][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.932068][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.945171][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   67.954304][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.961355][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.986864][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   67.997143][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   68.006192][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   68.023537][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   68.034272][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   68.047008][ T8458] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   68.065969][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   68.074740][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   68.088329][ T8458] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.108687][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   68.131794][ T8458] device veth0_vlan entered promiscuous mode
[   68.139379][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   68.148678][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   68.156915][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   68.171256][ T8458] device veth1_vlan entered promiscuous mode
[   68.193192][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   68.201794][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   68.211840][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   68.223409][ T8458] device veth0_macvtap entered promiscuous mode
[   68.234999][ T8458] device veth1_macvtap entered promiscuous mode
[   68.255895][ T8458] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.263489][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   68.275142][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   68.288143][ T8458] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.295539][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   68.304888][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   68.317984][ T8458] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.328246][ T8458] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.337077][ T8458] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.347396][ T8458] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   68.398962][ T8458] virt_wifi0 speed is unknown, defaulting to 1000
[   68.406757][ T8458] virt_wifi0 speed is unknown, defaulting to 1000
[   68.415208][ T8458] virt_wifi0 speed is unknown, defaulting to 1000
[   68.426119][ T8458] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   68.437017][ T8458] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   68.445537][ T8458] 
[   68.447873][ T8458] ============================================
[   68.454008][ T8458] WARNING: possible recursive locking detected
[   68.460148][ T8458] 5.10.0-rc4-next-20201118-syzkaller #0 Not tainted
[   68.466715][ T8458] --------------------------------------------
[   68.472944][ T8458] syz-executor563/8458 is trying to acquire lock:
[   68.479350][ T8458] ffffffff8c684748 (lock#6){+.+.}-{3:3}, at: _destroy_id+0x299/0xa00
[   68.487416][ T8458] 
[   68.487416][ T8458] but task is already holding lock:
[   68.494778][ T8458] ffffffff8c684748 (lock#6){+.+.}-{3:3}, at: cma_add_one+0x55c/0xce0
[   68.503021][ T8458] 
[   68.503021][ T8458] other info that might help us debug this:
[   68.511072][ T8458]  Possible unsafe locking scenario:
[   68.511072][ T8458] 
[   68.518514][ T8458]        CPU0
[   68.521775][ T8458]        ----
[   68.525032][ T8458]   lock(lock#6);
[   68.528656][ T8458]   lock(lock#6);
[   68.532278][ T8458] 
[   68.532278][ T8458]  *** DEADLOCK ***
[   68.532278][ T8458] 
[   68.540411][ T8458]  May be due to missing lock nesting notation
[   68.540411][ T8458] 
[   68.548716][ T8458] 6 locks held by syz-executor563/8458:
[   68.554236][ T8458]  #0: ffffffff8fa76958 (&rdma_nl_types[idx].sem){.+.+}-{3:3}, at: rdma_nl_rcv_msg+0x15b/0x690
[   68.564584][ T8458]  #1: ffffffff8c66c490 (link_ops_rwsem){++++}-{3:3}, at: nldev_newlink+0x261/0x540
[   68.573952][ T8458]  #2: ffffffff8c65bd90 (devices_rwsem){++++}-{3:3}, at: enable_device_and_get+0xfc/0x3c0
[   68.583840][ T8458]  #3: ffffffff8c65bc50 (clients_rwsem){++++}-{3:3}, at: enable_device_and_get+0x163/0x3c0
[   68.593828][ T8458]  #4: ffff888023cbc598 (&device->client_data_rwsem){++++}-{3:3}, at: add_client_context+0x3d0/0x5e0
[   68.604673][ T8458]  #5: ffffffff8c684748 (lock#6){+.+.}-{3:3}, at: cma_add_one+0x55c/0xce0
[   68.613204][ T8458] 
[   68.613204][ T8458] stack backtrace:
[   68.619099][ T8458] CPU: 0 PID: 8458 Comm: syz-executor563 Not tainted 5.10.0-rc4-next-20201118-syzkaller #0
[   68.629234][ T8458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.639281][ T8458] Call Trace:
[   68.642561][ T8458]  dump_stack+0x107/0x163
[   68.646914][ T8458]  __lock_acquire.cold+0x115/0x39f
[   68.652010][ T8458]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   68.657972][ T8458]  lock_acquire+0x2a3/0x8c0
[   68.662550][ T8458]  ? _destroy_id+0x299/0xa00
[   68.667127][ T8458]  ? lock_release+0x710/0x710
[   68.671798][ T8458]  ? __lock_acquire+0x26cb/0x5c00
[   68.676818][ T8458]  __mutex_lock+0x134/0x1110
[   68.681399][ T8458]  ? _destroy_id+0x299/0xa00
[   68.685993][ T8458]  ? _destroy_id+0x299/0xa00
[   68.690579][ T8458]  ? lock_downgrade+0x6d0/0x6d0
[   68.695424][ T8458]  ? mutex_lock_io_nested+0xf60/0xf60
[   68.700781][ T8458]  ? find_held_lock+0x2d/0x110
[   68.705530][ T8458]  ? __mutex_unlock_slowpath+0xe2/0x610
[   68.711082][ T8458]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   68.717785][ T8458]  ? cma_cancel_operation+0x26/0xa60
[   68.723076][ T8458]  ? wait_for_completion_io+0x260/0x260
[   68.728698][ T8458]  _destroy_id+0x299/0xa00
[   68.733135][ T8458]  cma_listen_on_dev.cold+0x168/0x16d
[   68.738521][ T8458]  cma_add_one+0x667/0xce0
[   68.742940][ T8458]  ? cma_remove_one+0x470/0x470
[   68.747791][ T8458]  ? do_raw_spin_unlock+0x171/0x230
[   68.753269][ T8458]  ? cma_remove_one+0x470/0x470
[   68.758143][ T8458]  add_client_context+0x405/0x5e0
[   68.763152][ T8458]  ? remove_client_context+0x110/0x110
[   68.768592][ T8458]  ? __raw_spin_lock_init+0x34/0x100
[   68.773862][ T8458]  enable_device_and_get+0x1d5/0x3c0
[   68.779128][ T8458]  ? add_one_compat_dev+0x800/0x800
[   68.784312][ T8458]  ? rdma_counter_init+0x205/0x400
[   68.789416][ T8458]  ib_register_device+0x7a0/0xa30
[   68.794537][ T8458]  ? enable_device_and_get+0x3c0/0x3c0
[   68.799984][ T8458]  ? _raw_spin_unlock_irqrestore+0x42/0x50
[   68.805778][ T8458]  ? lockdep_init_map_waits+0x26a/0x720
[   68.811300][ T8458]  siw_newlink+0xddb/0x1340
[   68.815785][ T8458]  ? siw_get_base_qp+0x490/0x490
[   68.820716][ T8458]  nldev_newlink+0x30e/0x540
[   68.825574][ T8458]  ? nldev_set_doit+0x430/0x430
[   68.830403][ T8458]  ? mark_lock+0xafe/0x24c0
[   68.834895][ T8458]  ? lock_release+0x710/0x710
[   68.839642][ T8458]  ? mark_lock+0xf7/0x24c0
[   68.844060][ T8458]  ? apparmor_capable+0x1d8/0x460
[   68.849067][ T8458]  ? ns_capable+0xde/0x100
[   68.853478][ T8458]  ? nldev_set_doit+0x430/0x430
[   68.858337][ T8458]  rdma_nl_rcv_msg+0x367/0x690
[   68.863195][ T8458]  ? rdma_nl_multicast+0x310/0x310
[   68.868299][ T8458]  rdma_nl_rcv+0x2f2/0x440
[   68.872698][ T8458]  ? rdma_nl_rcv_msg+0x690/0x690
[   68.877625][ T8458]  ? netlink_deliver_tap+0x227/0xb70
[   68.882910][ T8458]  netlink_unicast+0x533/0x7d0
[   68.887668][ T8458]  ? netlink_attachskb+0x870/0x870
[   68.892777][ T8458]  ? __phys_addr_symbol+0x2c/0x70
[   68.897786][ T8458]  ? __check_object_size+0x171/0x3f0
[   68.903073][ T8458]  netlink_sendmsg+0x856/0xd90
[   68.907883][ T8458]  ? netlink_unicast+0x7d0/0x7d0
[   68.912800][ T8458]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[   68.918080][ T8458]  ? netlink_unicast+0x7d0/0x7d0
[   68.923006][ T8458]  sock_sendmsg+0xcf/0x120
[   68.927422][ T8458]  ____sys_sendmsg+0x6e8/0x810
[   68.932180][ T8458]  ? kernel_sendmsg+0x50/0x50
[   68.936858][ T8458]  ? do_recvmmsg+0x6c0/0x6c0
[   68.941435][ T8458]  ? find_held_lock+0x2d/0x110
[   68.946195][ T8458]  ___sys_sendmsg+0xf3/0x170
[   68.950775][ T8458]  ? sendmsg_copy_msghdr+0x160/0x160
[   68.956046][ T8458]  ? do_huge_pmd_anonymous_page+0x8bd/0x2000
[   68.962023][ T8458]  ? find_held_lock+0x2d/0x110
[   68.966773][ T8458]  ? __fget_light+0x215/0x280
[   68.971441][ T8458]  __sys_sendmsg+0xe5/0x1b0
[   68.975942][ T8458]  ? __sys_sendmsg_sock+0xb0/0xb0
[   68.980947][ T8458]  ? syscall_enter_from_user_mode+0x1d/0x50
[   68.986821][ T8458]  do_syscall_64+0x2d/0x70
[   68.991231][ T8458]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   68.997107][ T8458] RIP: 0033:0x443689
[   69.000984][ T8458] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   69.020679][ T8458] RSP: 002b:00007ffe37189dd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   69.029092][ T8458] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443689
[   69.037047][ T8458] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
[   69.045003][ T8458] RBP: 00007ffe37189de0 R08: 0000000001bbbbbb R09: 0000000001bbbbbb
[   69.052967][ T8458] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe37189df0
[   69.060964][ T8458] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000