[ 70.088142][ T27] audit: type=1800 audit(1584143652.761:26): pid=9661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 71.070388][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 71.070402][ T27] audit: type=1800 audit(1584143653.771:29): pid=9661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 71.118100][ T27] audit: type=1800 audit(1584143653.771:30): pid=9661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.178' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 81.845504][ T9814] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 81.856288][ T9814] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 81.870787][ T9814] netlink: 'syz-executor793': attribute type 1 has an invalid length. [ 81.915964][ T9814] 8021q: adding VLAN 0 to HW filter on device bond1 [ 81.969869][ T9814] bond1: (slave gretap1): making interface the new active one [ 81.977880][ T9814] [ 81.980221][ T9814] ====================================================== [ 81.987235][ T9814] WARNING: possible circular locking dependency detected [ 81.994250][ T9814] 5.6.0-rc3-next-20200228-syzkaller #0 Not tainted [ 82.000768][ T9814] ------------------------------------------------------ [ 82.007782][ T9814] syz-executor793/9814 is trying to acquire lock: [ 82.014224][ T9814] ffffffff8a3d5260 (lock#3){+.+.}, at: cma_netdev_callback+0xc5/0x390 [ 82.022391][ T9814] [ 82.022391][ T9814] but task is already holding lock: [ 82.029753][ T9814] ffffffff8a551680 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3f9/0xad0 [ 82.038199][ T9814] [ 82.038199][ T9814] which lock already depends on the new lock. [ 82.038199][ T9814] [ 82.048600][ T9814] [ 82.048600][ T9814] the existing dependency chain (in reverse order) is: [ 82.057610][ T9814] [ 82.057610][ T9814] -> #1 (rtnl_mutex){+.+.}: [ 82.064301][ T9814] __mutex_lock+0x156/0x13c0 [ 82.069442][ T9814] siw_create_listen+0x329/0xed0 [ 82.074907][ T9814] iw_cm_listen+0x166/0x1e0 [ 82.079938][ T9814] rdma_listen+0x5e2/0x910 [ 82.084888][ T9814] cma_listen_on_dev+0x56b/0x6d0 [ 82.090349][ T9814] cma_add_one+0x6aa/0xb60 [ 82.095299][ T9814] add_client_context+0x400/0x560 [ 82.100851][ T9814] enable_device_and_get+0x1cd/0x3b0 [ 82.106657][ T9814] ib_register_device+0xa12/0xda0 [ 82.112214][ T9814] siw_newlink+0xdef/0x1310 [ 82.117327][ T9814] nldev_newlink+0x27f/0x400 [ 82.122441][ T9814] rdma_nl_rcv+0x586/0x900 [ 82.127396][ T9814] netlink_unicast+0x537/0x740 [ 82.132682][ T9814] netlink_sendmsg+0x882/0xe10 [ 82.137968][ T9814] sock_sendmsg+0xcf/0x120 [ 82.142906][ T9814] ____sys_sendmsg+0x6b9/0x7d0 [ 82.148187][ T9814] ___sys_sendmsg+0x100/0x170 [ 82.153387][ T9814] __sys_sendmsg+0xec/0x1b0 [ 82.158418][ T9814] do_syscall_64+0xf6/0x790 [ 82.163533][ T9814] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.170056][ T9814] [ 82.170056][ T9814] -> #0 (lock#3){+.+.}: [ 82.176401][ T9814] __lock_acquire+0x24b3/0x5270 [ 82.181805][ T9814] lock_acquire+0x197/0x420 [ 82.186829][ T9814] __mutex_lock+0x156/0x13c0 [ 82.191962][ T9814] cma_netdev_callback+0xc5/0x390 [ 82.197528][ T9814] notifier_call_chain+0xc0/0x230 [ 82.203704][ T9814] call_netdevice_notifiers_info+0xb5/0x130 [ 82.210123][ T9814] call_netdevice_notifiers+0x79/0xa0 [ 82.216016][ T9814] bond_change_active_slave+0x1683/0x1d90 [ 82.222270][ T9814] bond_select_active_slave+0x250/0xa60 [ 82.228431][ T9814] bond_enslave+0x4281/0x4800 [ 82.233629][ T9814] do_set_master+0x1d7/0x230 [ 82.238738][ T9814] __rtnl_newlink+0x11d4/0x1590 [ 82.244112][ T9814] rtnl_newlink+0x64/0xa0 [ 82.248976][ T9814] rtnetlink_rcv_msg+0x44e/0xad0 [ 82.254434][ T9814] netlink_rcv_skb+0x15a/0x410 [ 82.259718][ T9814] netlink_unicast+0x537/0x740 [ 82.265013][ T9814] netlink_sendmsg+0x882/0xe10 [ 82.270300][ T9814] sock_sendmsg+0xcf/0x120 [ 82.275250][ T9814] ____sys_sendmsg+0x6b9/0x7d0 [ 82.280538][ T9814] ___sys_sendmsg+0x100/0x170 [ 82.285735][ T9814] __sys_sendmsg+0xec/0x1b0 [ 82.290760][ T9814] do_syscall_64+0xf6/0x790 [ 82.295788][ T9814] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.302190][ T9814] [ 82.302190][ T9814] other info that might help us debug this: [ 82.302190][ T9814] [ 82.312413][ T9814] Possible unsafe locking scenario: [ 82.312413][ T9814] [ 82.319874][ T9814] CPU0 CPU1 [ 82.325242][ T9814] ---- ---- [ 82.330598][ T9814] lock(rtnl_mutex); [ 82.334573][ T9814] lock(lock#3); [ 82.340746][ T9814] lock(rtnl_mutex); [ 82.347238][ T9814] lock(lock#3); [ 82.350888][ T9814] [ 82.350888][ T9814] *** DEADLOCK *** [ 82.350888][ T9814] [ 82.359028][ T9814] 1 lock held by syz-executor793/9814: [ 82.364475][ T9814] #0: ffffffff8a551680 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3f9/0xad0 [ 82.373335][ T9814] [ 82.373335][ T9814] stack backtrace: [ 82.379228][ T9814] CPU: 1 PID: 9814 Comm: syz-executor793 Not tainted 5.6.0-rc3-next-20200228-syzkaller #0 [ 82.389114][ T9814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.399167][ T9814] Call Trace: [ 82.402462][ T9814] dump_stack+0x188/0x20d [ 82.406793][ T9814] check_noncircular+0x32e/0x3e0 [ 82.411739][ T9814] ? print_circular_bug.isra.0+0x220/0x220 [ 82.417565][ T9814] ? graph_lock+0x7e/0x210 [ 82.421986][ T9814] ? alloc_list_entry+0xb0/0xb0 [ 82.426833][ T9814] ? mark_lock+0xbc/0x1220 [ 82.431351][ T9814] __lock_acquire+0x24b3/0x5270 [ 82.436222][ T9814] ? __queue_work+0x566/0x1280 [ 82.440990][ T9814] ? mark_held_locks+0xe0/0xe0 [ 82.445755][ T9814] ? find_held_lock+0x2d/0x110 [ 82.450518][ T9814] ? __queue_work+0x566/0x1280 [ 82.455288][ T9814] lock_acquire+0x197/0x420 [ 82.459792][ T9814] ? cma_netdev_callback+0xc5/0x390 [ 82.464997][ T9814] __mutex_lock+0x156/0x13c0 [ 82.469593][ T9814] ? cma_netdev_callback+0xc5/0x390 [ 82.474788][ T9814] ? mark_lock+0xbc/0x1220 [ 82.479208][ T9814] ? cfg80211_netdev_notifier_call+0x172/0x170e [ 82.485452][ T9814] ? cma_netdev_callback+0xc5/0x390 [ 82.490651][ T9814] ? cfg80211_init_wdev+0x4c0/0x4c0 [ 82.495853][ T9814] ? mark_held_locks+0x9f/0xe0 [ 82.500623][ T9814] ? mutex_trylock+0x2c0/0x2c0 [ 82.505479][ T9814] ? queue_work_on+0x127/0x200 [ 82.510247][ T9814] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 82.516165][ T9814] ? inetdev_event+0x1a5/0x15b0 [ 82.521110][ T9814] ? update_gid_event_work_handler+0xb0/0xb0 [ 82.527090][ T9814] ? tun_device_event+0x71/0x10d0 [ 82.532116][ T9814] ? add_netdev_upper_ips+0x30/0x30 [ 82.537329][ T9814] ? cma_netdev_callback+0xc5/0x390 [ 82.542527][ T9814] cma_netdev_callback+0xc5/0x390 [ 82.547555][ T9814] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 82.553447][ T9814] notifier_call_chain+0xc0/0x230 [ 82.558475][ T9814] call_netdevice_notifiers_info+0xb5/0x130 [ 82.564366][ T9814] call_netdevice_notifiers+0x79/0xa0 [ 82.569741][ T9814] ? call_netdevice_notifiers_info+0x130/0x130 [ 82.575900][ T9814] ? bond_should_notify_peers+0x1df/0x3f0 [ 82.581628][ T9814] bond_change_active_slave+0x1683/0x1d90 [ 82.587351][ T9814] ? mark_held_locks+0x9f/0xe0 [ 82.592121][ T9814] ? bond_slave_link_status+0x70/0x70 [ 82.597499][ T9814] bond_select_active_slave+0x250/0xa60 [ 82.603063][ T9814] ? bond_set_carrier+0x20e/0x3f0 [ 82.608119][ T9814] ? bond_change_active_slave+0x1d90/0x1d90 [ 82.614046][ T9814] bond_enslave+0x4281/0x4800 [ 82.618732][ T9814] ? bond_update_slave_arr+0x820/0x820 [ 82.624188][ T9814] ? rtmsg_ifinfo_event.part.0+0xb6/0xe0 [ 82.629828][ T9814] ? rtmsg_ifinfo+0x7f/0xa0 [ 82.634332][ T9814] ? __dev_notify_flags+0x183/0x2c0 [ 82.639528][ T9814] ? ipgre_changelink+0x330/0x330 [ 82.644566][ T9814] ? dev_change_name+0x930/0x930 [ 82.649508][ T9814] ? xdp_rxq_info_reg+0x111/0x1b0 [ 82.654544][ T9814] ? bond_update_slave_arr+0x820/0x820 [ 82.660047][ T9814] do_set_master+0x1d7/0x230 [ 82.664643][ T9814] __rtnl_newlink+0x11d4/0x1590 [ 82.669504][ T9814] ? rtnl_link_unregister+0x240/0x240 [ 82.674887][ T9814] ? kernel_text_address+0xe2/0x100 [ 82.680090][ T9814] ? __kernel_text_address+0x9/0x30 [ 82.685293][ T9814] ? unwind_get_return_address+0x5a/0xa0 [ 82.690929][ T9814] ? profile_setup.cold+0xc1/0xc1 [ 82.695975][ T9814] ? arch_stack_walk+0x84/0xd0 [ 82.700747][ T9814] ? stack_trace_save+0x8c/0xc0 [ 82.705600][ T9814] ? stack_trace_consume_entry+0x160/0x160 [ 82.711438][ T9814] ? rtnl_newlink+0x46/0xa0 [ 82.715947][ T9814] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 82.721504][ T9814] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 82.727488][ T9814] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 82.733306][ T9814] ? rtnetlink_rcv_msg+0x1d6/0xad0 [ 82.738417][ T9814] rtnl_newlink+0x64/0xa0 [ 82.742745][ T9814] ? __rtnl_newlink+0x1590/0x1590 [ 82.747769][ T9814] rtnetlink_rcv_msg+0x44e/0xad0 [ 82.752712][ T9814] ? rtnl_bridge_getlink+0x880/0x880 [ 82.758006][ T9814] ? mark_held_locks+0xe0/0xe0 [ 82.762768][ T9814] ? netlink_deliver_tap+0x146/0xb50 [ 82.768053][ T9814] netlink_rcv_skb+0x15a/0x410 [ 82.772819][ T9814] ? rtnl_bridge_getlink+0x880/0x880 [ 82.778106][ T9814] ? netlink_ack+0xa80/0xa80 [ 82.782710][ T9814] netlink_unicast+0x537/0x740 [ 82.787481][ T9814] ? netlink_attachskb+0x810/0x810 [ 82.792594][ T9814] ? _copy_from_iter_full+0x25c/0x870 [ 82.797966][ T9814] ? __phys_addr_symbol+0x2c/0x70 [ 82.802989][ T9814] ? __check_object_size+0x171/0x437 [ 82.808276][ T9814] netlink_sendmsg+0x882/0xe10 [ 82.813044][ T9814] ? aa_af_perm+0x260/0x260 [ 82.817550][ T9814] ? netlink_unicast+0x740/0x740 [ 82.822508][ T9814] ? netlink_unicast+0x740/0x740 [ 82.827458][ T9814] sock_sendmsg+0xcf/0x120 [ 82.831889][ T9814] ____sys_sendmsg+0x6b9/0x7d0 [ 82.836664][ T9814] ? kernel_sendmsg+0x50/0x50 [ 82.841345][ T9814] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 82.846891][ T9814] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 82.852867][ T9814] ? lockdep_init_map+0x1b0/0x6c0 [ 82.857902][ T9814] ___sys_sendmsg+0x100/0x170 [ 82.862610][ T9814] ? mark_lock+0xbc/0x1220 [ 82.867028][ T9814] ? sendmsg_copy_msghdr+0x70/0x70 [ 82.872136][ T9814] ? __lock_acquire+0x827/0x5270 [ 82.877090][ T9814] ? find_held_lock+0x2d/0x110 [ 82.881875][ T9814] ? __fd_install+0x1b4/0x600 [ 82.886557][ T9814] ? lock_downgrade+0x7f0/0x7f0 [ 82.891430][ T9814] ? __fget_light+0x1a5/0x270 [ 82.896106][ T9814] __sys_sendmsg+0xec/0x1b0 [ 82.900624][ T9814] ? __sys_sendmsg_sock+0xb0/0xb0 [ 82.905653][ T9814] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 82.911649][ T9814] ? trace_hardirqs_off_caller+0x55/0x230 [ 82.917402][ T9814] ? do_syscall_64+0x21/0x790 [ 82.922079][ T9814] do_syscall_64+0xf6/0x790 [ 82.926586][ T9814] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.932476][ T9814] RIP: 0033:0x440509 [ 82.936370][ T9814] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 82.955978][ T9814] RSP: 002b:00007ffdb28b1b68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 82.964390][ T9814] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440509 [ 82.972359][ T9814] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 82.980326][ T9814] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 82.988293][ T9814] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d90 [ 82.996259][ T9814] R13: 0000000000401e20 R14: 0000000000000000 R15: 0000000000000000