[ 66.936395][ T27] audit: type=1800 audit(1585714822.475:25): pid=9716 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 66.968312][ T27] audit: type=1800 audit(1585714822.485:26): pid=9716 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 67.008418][ T27] audit: type=1800 audit(1585714822.485:27): pid=9716 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 67.550959][ T9782] sshd (9782) used greatest stack depth: 23216 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts. syzkaller login: [ 75.657974][ T9870] IPVS: ftp: loaded support on port[0] = 21 [ 75.713482][ T9870] chnl_net:caif_netlink_parms(): no params data found [ 75.755753][ T9870] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.765615][ T9870] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.774881][ T9870] device bridge_slave_0 entered promiscuous mode [ 75.783413][ T9870] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.790646][ T9870] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.799293][ T9870] device bridge_slave_1 entered promiscuous mode [ 75.819073][ T9870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.830130][ T9870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.850604][ T9870] team0: Port device team_slave_0 added [ 75.857983][ T9870] team0: Port device team_slave_1 added [ 75.874221][ T9870] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.881271][ T9870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.907502][ T9870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.920315][ T9870] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.927277][ T9870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.954158][ T9870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.030439][ T9870] device hsr_slave_0 entered promiscuous mode [ 76.069071][ T9870] device hsr_slave_1 entered promiscuous mode [ 76.201754][ T9870] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.261443][ T9870] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.321359][ T9870] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.381126][ T9870] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.434688][ T9870] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.441897][ T9870] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.449845][ T9870] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.458403][ T9870] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.505118][ T9870] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.520352][ T3534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.530919][ T3534] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.539579][ T3534] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.547507][ T3534] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 76.560799][ T9870] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.572235][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.581086][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.588147][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.600847][ T3534] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.609780][ T3534] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.616841][ T3534] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.640432][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.649912][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.659198][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.671789][ T3534] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.684863][ T9870] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 76.697762][ T9870] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.706371][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.729048][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.736566][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.747941][ T9870] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.767672][ T3534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 76.778777][ T3534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.799786][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 76.809406][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.820672][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.829648][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.837528][ T9870] device veth0_vlan entered promiscuous mode [ 76.850703][ T9870] device veth1_vlan entered promiscuous mode [ 76.873230][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 76.881960][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 76.890312][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.899005][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.909920][ T9870] device veth0_macvtap entered promiscuous mode [ 76.921505][ T9870] device veth1_macvtap entered promiscuous mode [ 76.939691][ T9870] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.947117][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.956702][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.965808][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.974830][ T3528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.986336][ T9870] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.995109][ T3534] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.004319][ T3534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 77.175267][ T9870] netlink: 'syz-executor620': attribute type 1 has an invalid length. [ 77.209842][ T9870] bond1: (slave gretap1): making interface the new active one [ 77.217686][ T9870] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 77.231084][ T9870] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 77.238336][ T9870] [ 77.240650][ T9870] ====================================================== [ 77.247639][ T9870] WARNING: possible circular locking dependency detected [ 77.254687][ T9870] 5.6.0-rc3-next-20200228-syzkaller #0 Not tainted [ 77.261160][ T9870] ------------------------------------------------------ [ 77.268150][ T9870] syz-executor620/9870 is trying to acquire lock: [ 77.274594][ T9870] ffffffff8a551680 (rtnl_mutex){+.+.}, at: siw_create_listen+0x329/0xed0 [ 77.282992][ T9870] [ 77.282992][ T9870] but task is already holding lock: [ 77.290373][ T9870] ffffffff8a3d5260 (lock#3){+.+.}, at: cma_add_one+0x5dc/0xb60 [ 77.299674][ T9870] [ 77.299674][ T9870] which lock already depends on the new lock. [ 77.299674][ T9870] [ 77.310081][ T9870] [ 77.310081][ T9870] the existing dependency chain (in reverse order) is: [ 77.319072][ T9870] [ 77.319072][ T9870] -> #1 (lock#3){+.+.}: [ 77.325395][ T9870] __mutex_lock+0x156/0x13c0 [ 77.330538][ T9870] cma_netdev_callback+0xc5/0x390 [ 77.336082][ T9870] notifier_call_chain+0xc0/0x230 [ 77.341617][ T9870] call_netdevice_notifiers_info+0xb5/0x130 [ 77.349182][ T9870] call_netdevice_notifiers+0x79/0xa0 [ 77.355085][ T9870] bond_change_active_slave+0x80e/0x1d90 [ 77.361225][ T9870] bond_select_active_slave+0x250/0xa60 [ 77.367346][ T9870] bond_enslave+0x4281/0x4800 [ 77.372604][ T9870] do_set_master+0x1d7/0x230 [ 77.377701][ T9870] __rtnl_newlink+0x11d4/0x1590 [ 77.383058][ T9870] rtnl_newlink+0x64/0xa0 [ 77.387903][ T9870] rtnetlink_rcv_msg+0x44e/0xad0 [ 77.393338][ T9870] netlink_rcv_skb+0x15a/0x410 [ 77.398600][ T9870] netlink_unicast+0x537/0x740 [ 77.403910][ T9870] netlink_sendmsg+0x882/0xe10 [ 77.409173][ T9870] sock_sendmsg+0xcf/0x120 [ 77.414085][ T9870] ____sys_sendmsg+0x6b9/0x7d0 [ 77.419345][ T9870] ___sys_sendmsg+0x100/0x170 [ 77.424561][ T9870] __sys_sendmsg+0xec/0x1b0 [ 77.429568][ T9870] do_syscall_64+0xf6/0x790 [ 77.434582][ T9870] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.440977][ T9870] [ 77.440977][ T9870] -> #0 (rtnl_mutex){+.+.}: [ 77.447636][ T9870] __lock_acquire+0x24b3/0x5270 [ 77.452985][ T9870] lock_acquire+0x197/0x420 [ 77.457984][ T9870] __mutex_lock+0x156/0x13c0 [ 77.463072][ T9870] siw_create_listen+0x329/0xed0 [ 77.468519][ T9870] iw_cm_listen+0x166/0x1e0 [ 77.473526][ T9870] rdma_listen+0x5e2/0x910 [ 77.478479][ T9870] cma_listen_on_dev+0x56b/0x6d0 [ 77.483926][ T9870] cma_add_one+0x6aa/0xb60 [ 77.488857][ T9870] add_client_context+0x400/0x560 [ 77.494407][ T9870] enable_device_and_get+0x1cd/0x3b0 [ 77.500195][ T9870] ib_register_device+0xa12/0xda0 [ 77.505720][ T9870] siw_newlink+0xdef/0x1310 [ 77.510728][ T9870] nldev_newlink+0x27f/0x400 [ 77.515951][ T9870] rdma_nl_rcv+0x586/0x900 [ 77.520879][ T9870] netlink_unicast+0x537/0x740 [ 77.526140][ T9870] netlink_sendmsg+0x882/0xe10 [ 77.531446][ T9870] sock_sendmsg+0xcf/0x120 [ 77.536372][ T9870] ____sys_sendmsg+0x6b9/0x7d0 [ 77.541662][ T9870] ___sys_sendmsg+0x100/0x170 [ 77.546889][ T9870] __sys_sendmsg+0xec/0x1b0 [ 77.551890][ T9870] do_syscall_64+0xf6/0x790 [ 77.556905][ T9870] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.563331][ T9870] [ 77.563331][ T9870] other info that might help us debug this: [ 77.563331][ T9870] [ 77.573579][ T9870] Possible unsafe locking scenario: [ 77.573579][ T9870] [ 77.581012][ T9870] CPU0 CPU1 [ 77.586355][ T9870] ---- ---- [ 77.591695][ T9870] lock(lock#3); [ 77.595302][ T9870] lock(rtnl_mutex); [ 77.602043][ T9870] lock(lock#3); [ 77.609348][ T9870] lock(rtnl_mutex); [ 77.614265][ T9870] [ 77.614265][ T9870] *** DEADLOCK *** [ 77.614265][ T9870] [ 77.622395][ T9870] 6 locks held by syz-executor620/9870: [ 77.627908][ T9870] #0: ffffffff8d14d060 (&rdma_nl_types[idx].sem){.+.+}, at: rdma_nl_rcv+0x3ba/0x900 [ 77.637346][ T9870] #1: ffffffff8a3cabe8 (link_ops_rwsem){++++}, at: nldev_newlink+0x23b/0x400 [ 77.646175][ T9870] #2: ffffffff8a3be708 (devices_rwsem){++++}, at: enable_device_and_get+0xfc/0x3b0 [ 77.655613][ T9870] #3: ffffffff8a3be5c8 (clients_rwsem){++++}, at: enable_device_and_get+0x15b/0x3b0 [ 77.665137][ T9870] #4: ffff88809bdb4538 (&device->client_data_rwsem){++++}, at: add_client_context+0x3cb/0x560 [ 77.675443][ T9870] #5: ffffffff8a3d5260 (lock#3){+.+.}, at: cma_add_one+0x5dc/0xb60 [ 77.683410][ T9870] [ 77.683410][ T9870] stack backtrace: [ 77.689324][ T9870] CPU: 1 PID: 9870 Comm: syz-executor620 Not tainted 5.6.0-rc3-next-20200228-syzkaller #0 [ 77.699192][ T9870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.709227][ T9870] Call Trace: [ 77.712513][ T9870] dump_stack+0x188/0x20d [ 77.716818][ T9870] check_noncircular+0x32e/0x3e0 [ 77.721741][ T9870] ? print_circular_bug.isra.0+0x220/0x220 [ 77.727531][ T9870] ? trace_hardirqs_off+0x50/0x220 [ 77.732631][ T9870] ? graph_lock+0x7e/0x210 [ 77.737020][ T9870] ? alloc_list_entry+0xb0/0xb0 [ 77.741854][ T9870] ? mark_lock+0xbc/0x1220 [ 77.746245][ T9870] ? kfree+0x1eb/0x2b0 [ 77.750289][ T9870] __lock_acquire+0x24b3/0x5270 [ 77.755117][ T9870] ? mark_held_locks+0xe0/0xe0 [ 77.759872][ T9870] ? iw_cm_map+0x49e/0xfb0 [ 77.764282][ T9870] lock_acquire+0x197/0x420 [ 77.768766][ T9870] ? siw_create_listen+0x329/0xed0 [ 77.773855][ T9870] __mutex_lock+0x156/0x13c0 [ 77.778524][ T9870] ? siw_create_listen+0x329/0xed0 [ 77.783658][ T9870] ? siw_create_listen+0x329/0xed0 [ 77.788757][ T9870] ? mutex_trylock+0x2c0/0x2c0 [ 77.793503][ T9870] ? find_held_lock+0x2d/0x110 [ 77.798271][ T9870] ? siw_create_listen+0x26b/0xed0 [ 77.803373][ T9870] ? lock_downgrade+0x7f0/0x7f0 [ 77.808215][ T9870] ? rcu_read_lock_held_common+0x130/0x130 [ 77.814081][ T9870] ? siw_create_listen+0x329/0xed0 [ 77.819168][ T9870] ? rtnl_lock+0x5/0x20 [ 77.823303][ T9870] siw_create_listen+0x329/0xed0 [ 77.828234][ T9870] ? find_held_lock+0x2d/0x110 [ 77.832973][ T9870] ? siw_reject+0x280/0x280 [ 77.837488][ T9870] ? mark_held_locks+0x9f/0xe0 [ 77.842248][ T9870] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 77.848168][ T9870] ? iw_cm_listen+0x166/0x1e0 [ 77.852881][ T9870] iw_cm_listen+0x166/0x1e0 [ 77.857406][ T9870] rdma_listen+0x5e2/0x910 [ 77.861804][ T9870] cma_listen_on_dev+0x56b/0x6d0 [ 77.866782][ T9870] cma_add_one+0x6aa/0xb60 [ 77.871419][ T9870] ? cma_listen_on_dev+0x6d0/0x6d0 [ 77.876514][ T9870] ? do_raw_spin_unlock+0x171/0x260 [ 77.881749][ T9870] ? cma_listen_on_dev+0x6d0/0x6d0 [ 77.886879][ T9870] add_client_context+0x400/0x560 [ 77.891888][ T9870] ? ib_device_get_by_netdev+0x510/0x510 [ 77.897509][ T9870] enable_device_and_get+0x1cd/0x3b0 [ 77.902774][ T9870] ? add_one_compat_dev+0x7e0/0x7e0 [ 77.907948][ T9870] ? rdma_counter_init+0x200/0x400 [ 77.913038][ T9870] ib_register_device+0xa12/0xda0 [ 77.918039][ T9870] ? enable_device_and_get+0x3b0/0x3b0 [ 77.923484][ T9870] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 77.929375][ T9870] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 77.935198][ T9870] ? lockdep_init_map+0x1b0/0x6c0 [ 77.940295][ T9870] siw_newlink+0xdef/0x1310 [ 77.944774][ T9870] ? siw_get_base_qp+0x490/0x490 [ 77.949722][ T9870] nldev_newlink+0x27f/0x400 [ 77.954400][ T9870] ? nldev_set_doit+0x3e0/0x3e0 [ 77.959253][ T9870] ? apparmor_capable+0x49c/0x8a0 [ 77.964250][ T9870] ? apparmor_capable+0x49c/0x8a0 [ 77.969253][ T9870] ? apparmor_cred_prepare+0x760/0x760 [ 77.974683][ T9870] ? apparmor_cred_prepare+0x760/0x760 [ 77.980128][ T9870] ? cap_capable+0x1eb/0x250 [ 77.984709][ T9870] ? ns_capable_common+0xe2/0x100 [ 77.989708][ T9870] ? nldev_set_doit+0x3e0/0x3e0 [ 77.994543][ T9870] rdma_nl_rcv+0x586/0x900 [ 77.999063][ T9870] ? rdma_nl_multicast+0x310/0x310 [ 78.004170][ T9870] ? netlink_deliver_tap+0x227/0xb50 [ 78.009440][ T9870] netlink_unicast+0x537/0x740 [ 78.014178][ T9870] ? netlink_attachskb+0x810/0x810 [ 78.019262][ T9870] ? _copy_from_iter_full+0x25c/0x870 [ 78.024606][ T9870] ? __phys_addr_symbol+0x2c/0x70 [ 78.029606][ T9870] ? __check_object_size+0x171/0x437 [ 78.034863][ T9870] netlink_sendmsg+0x882/0xe10 [ 78.039606][ T9870] ? aa_af_perm+0x260/0x260 [ 78.044094][ T9870] ? netlink_unicast+0x740/0x740 [ 78.049021][ T9870] ? netlink_unicast+0x740/0x740 [ 78.053934][ T9870] sock_sendmsg+0xcf/0x120 [ 78.058332][ T9870] ____sys_sendmsg+0x6b9/0x7d0 [ 78.063088][ T9870] ? kernel_sendmsg+0x50/0x50 [ 78.067852][ T9870] ? lockdep_init_map+0x1b0/0x6c0 [ 78.072870][ T9870] ___sys_sendmsg+0x100/0x170 [ 78.077595][ T9870] ? mark_lock+0xbc/0x1220 [ 78.082011][ T9870] ? sendmsg_copy_msghdr+0x70/0x70 [ 78.087120][ T9870] ? __lock_acquire+0x827/0x5270 [ 78.092075][ T9870] ? find_held_lock+0x2d/0x110 [ 78.096833][ T9870] ? __fd_install+0x1b4/0x600 [ 78.101497][ T9870] ? lock_downgrade+0x7f0/0x7f0 [ 78.106329][ T9870] ? __fget_light+0x1a5/0x270 [ 78.111037][ T9870] __sys_sendmsg+0xec/0x1b0 [ 78.115521][ T9870] ? __sys_sendmsg_sock+0xb0/0xb0 [ 78.120641][ T9870] ? trace_hardirqs_off_caller+0x55/0x230 [ 78.128270][ T9870] ? do_syscall_64+0x21/0x790 [ 78.132934][ T9870] do_syscall_64+0xf6/0x790 [ 78.137442][ T9870] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 78.143352][ T9870] RIP: 0033:0x4435f9 [ 78.147237][ T9870] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 78.166827][ T9870] RSP: 002b:00007ffd60e01358 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 78.175219][ T9870] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004435f9 [ 78.183168][ T9870] RDX: 0000000000000000 RSI: 00000000200031c0 RDI: 0000000000000005 [ 78.191116][ T9870] RBP: 00007ffd60e01360 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 78.199065][ T9870] R10: 0000000001bbbbbb R11: 0000000000000246 R12: 00007ffd60e01370 [ 78.207010][ T9870] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 78.225424][ T9870] infiniband syz2: RDMA CMA: c