[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 77.175843][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 77.175854][ T27] audit: type=1800 audit(1582636673.041:29): pid=9967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 77.203103][ T27] audit: type=1800 audit(1582636673.041:30): pid=9967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 87.112060][T10119] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 87.122423][T10119] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 87.135860][T10119] netlink: 'syz-executor597': attribute type 1 has an invalid length. [ 87.188228][T10119] 8021q: adding VLAN 0 to HW filter on device bond1 [ 87.253032][T10119] bond1: (slave gretap1): making interface the new active one [ 87.290296][T10119] [ 87.292681][T10119] ====================================================== [ 87.299720][T10119] WARNING: possible circular locking dependency detected [ 87.306770][T10119] 5.6.0-rc2-syzkaller #0 Not tainted [ 87.312052][T10119] ------------------------------------------------------ [ 87.319076][T10119] syz-executor597/10119 is trying to acquire lock: [ 87.325763][T10119] ffffffff8a5d2ae0 (lock#3){+.+.}, at: cma_netdev_callback+0xc6/0x380 [ 87.333943][T10119] [ 87.333943][T10119] but task is already holding lock: [ 87.341321][T10119] ffffffff8a74da80 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0 [ 87.349757][T10119] [ 87.349757][T10119] which lock already depends on the new lock. [ 87.349757][T10119] [ 87.360178][T10119] [ 87.360178][T10119] the existing dependency chain (in reverse order) is: [ 87.369243][T10119] [ 87.369243][T10119] -> #1 (rtnl_mutex){+.+.}: [ 87.375945][T10119] __mutex_lock+0x156/0x13c0 [ 87.381084][T10119] mutex_lock_nested+0x16/0x20 [ 87.386566][T10119] rtnl_lock+0x17/0x20 [ 87.391168][T10119] siw_create_listen+0x329/0xed0 [ 87.396641][T10119] iw_cm_listen+0x16e/0x1f0 [ 87.401674][T10119] rdma_listen+0x613/0x970 [ 87.406625][T10119] cma_listen_on_dev+0x530/0x6a0 [ 87.412092][T10119] cma_add_one+0x6fe/0xbf0 [ 87.417060][T10119] add_client_context+0x3dd/0x550 [ 87.422616][T10119] enable_device_and_get+0x1df/0x3c0 [ 87.428436][T10119] ib_register_device+0xa89/0xe40 [ 87.434007][T10119] siw_newlink+0xdef/0x1310 [ 87.439049][T10119] nldev_newlink+0x28a/0x430 [ 87.444275][T10119] rdma_nl_rcv+0x5d9/0x980 [ 87.449222][T10119] netlink_unicast+0x59e/0x7e0 [ 87.454524][T10119] netlink_sendmsg+0x91c/0xea0 [ 87.459816][T10119] sock_sendmsg+0xd7/0x130 [ 87.464757][T10119] ____sys_sendmsg+0x753/0x880 [ 87.470056][T10119] ___sys_sendmsg+0x100/0x170 [ 87.475265][T10119] __sys_sendmsg+0x105/0x1d0 [ 87.480385][T10119] __x64_sys_sendmsg+0x78/0xb0 [ 87.485709][T10119] do_syscall_64+0xfa/0x790 [ 87.490747][T10119] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.497246][T10119] [ 87.497246][T10119] -> #0 (lock#3){+.+.}: [ 87.503599][T10119] __lock_acquire+0x2596/0x4a00 [ 87.508981][T10119] lock_acquire+0x190/0x410 [ 87.514103][T10119] __mutex_lock+0x156/0x13c0 [ 87.519244][T10119] mutex_lock_nested+0x16/0x20 [ 87.524539][T10119] cma_netdev_callback+0xc6/0x380 [ 87.530113][T10119] notifier_call_chain+0xc2/0x230 [ 87.535668][T10119] raw_notifier_call_chain+0x2e/0x40 [ 87.541540][T10119] call_netdevice_notifiers_info+0xba/0x130 [ 87.547997][T10119] call_netdevice_notifiers+0x79/0xa0 [ 87.553904][T10119] bond_change_active_slave+0x185b/0x2050 [ 87.560158][T10119] bond_select_active_slave+0x276/0xae0 [ 87.566236][T10119] bond_enslave+0x44ef/0x4af0 [ 87.571445][T10119] do_set_master+0x1dd/0x240 [ 87.576583][T10119] __rtnl_newlink+0x13a3/0x1790 [ 87.581964][T10119] rtnl_newlink+0x69/0xa0 [ 87.586846][T10119] rtnetlink_rcv_msg+0x45e/0xaf0 [ 87.592313][T10119] netlink_rcv_skb+0x177/0x450 [ 87.597606][T10119] rtnetlink_rcv+0x1d/0x30 [ 87.602558][T10119] netlink_unicast+0x59e/0x7e0 [ 87.607853][T10119] netlink_sendmsg+0x91c/0xea0 [ 87.613864][T10119] sock_sendmsg+0xd7/0x130 [ 87.618827][T10119] ____sys_sendmsg+0x753/0x880 [ 87.624124][T10119] ___sys_sendmsg+0x100/0x170 [ 87.629334][T10119] __sys_sendmsg+0x105/0x1d0 [ 87.634464][T10119] __x64_sys_sendmsg+0x78/0xb0 [ 87.639770][T10119] do_syscall_64+0xfa/0x790 [ 87.644826][T10119] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.651240][T10119] [ 87.651240][T10119] other info that might help us debug this: [ 87.651240][T10119] [ 87.661625][T10119] Possible unsafe locking scenario: [ 87.661625][T10119] [ 87.669169][T10119] CPU0 CPU1 [ 87.674547][T10119] ---- ---- [ 87.679911][T10119] lock(rtnl_mutex); [ 87.683898][T10119] lock(lock#3); [ 87.690173][T10119] lock(rtnl_mutex); [ 87.696676][T10119] lock(lock#3); [ 87.700333][T10119] [ 87.700333][T10119] *** DEADLOCK *** [ 87.700333][T10119] [ 87.708493][T10119] 1 lock held by syz-executor597/10119: [ 87.714076][T10119] #0: ffffffff8a74da80 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0 [ 87.724075][T10119] [ 87.724075][T10119] stack backtrace: [ 87.730002][T10119] CPU: 1 PID: 10119 Comm: syz-executor597 Not tainted 5.6.0-rc2-syzkaller #0 [ 87.738761][T10119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 87.748856][T10119] Call Trace: [ 87.752159][T10119] dump_stack+0x197/0x210 [ 87.756627][T10119] print_circular_bug.isra.0.cold+0x163/0x172 [ 87.762727][T10119] check_noncircular+0x32e/0x3e0 [ 87.767687][T10119] ? print_circular_bug.isra.0+0x230/0x230 [ 87.773527][T10119] ? alloc_list_entry+0xc0/0xc0 [ 87.778389][T10119] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 87.784648][T10119] ? find_first_zero_bit+0x9a/0xc0 [ 87.789780][T10119] __lock_acquire+0x2596/0x4a00 [ 87.794655][T10119] ? mark_held_locks+0xf0/0xf0 [ 87.799445][T10119] lock_acquire+0x190/0x410 [ 87.804058][T10119] ? cma_netdev_callback+0xc6/0x380 [ 87.809291][T10119] __mutex_lock+0x156/0x13c0 [ 87.813918][T10119] ? cma_netdev_callback+0xc6/0x380 [ 87.819161][T10119] ? cfg80211_netdev_notifier_call+0x186/0x17bb [ 87.825429][T10119] ? queue_work_on+0xef/0x210 [ 87.830137][T10119] ? cma_netdev_callback+0xc6/0x380 [ 87.835351][T10119] ? cfg80211_init_wdev+0x500/0x500 [ 87.840581][T10119] ? mutex_trylock+0x2d0/0x2d0 [ 87.845389][T10119] ? __kasan_check_read+0x11/0x20 [ 87.850428][T10119] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 87.856337][T10119] ? tun_device_event+0x76/0x10e0 [ 87.861381][T10119] mutex_lock_nested+0x16/0x20 [ 87.866160][T10119] ? mutex_lock_nested+0x16/0x20 [ 87.871123][T10119] cma_netdev_callback+0xc6/0x380 [ 87.876169][T10119] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 87.882107][T10119] notifier_call_chain+0xc2/0x230 [ 87.887156][T10119] raw_notifier_call_chain+0x2e/0x40 [ 87.892457][T10119] call_netdevice_notifiers_info+0xba/0x130 [ 87.898488][T10119] call_netdevice_notifiers+0x79/0xa0 [ 87.904039][T10119] ? call_netdevice_notifiers_info+0x130/0x130 [ 87.910211][T10119] ? __kasan_check_read+0x11/0x20 [ 87.915252][T10119] ? bond_should_notify_peers+0x1f0/0x400 [ 87.921017][T10119] bond_change_active_slave+0x185b/0x2050 [ 87.926759][T10119] ? lockdep_hardirqs_on+0x421/0x5e0 [ 87.932066][T10119] ? bond_slave_link_status+0x70/0x70 [ 87.937462][T10119] bond_select_active_slave+0x276/0xae0 [ 87.943037][T10119] ? bond_change_active_slave+0x2050/0x2050 [ 87.948981][T10119] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.955265][T10119] bond_enslave+0x44ef/0x4af0 [ 87.959966][T10119] ? bond_update_slave_arr+0x880/0x880 [ 87.965451][T10119] ? rtmsg_ifinfo+0x61/0xa0 [ 87.975537][T10119] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.981800][T10119] ? __dev_notify_flags+0x183/0x2c0 [ 87.987125][T10119] ? dev_change_name+0x930/0x930 [ 87.992090][T10119] ? alloc_netdev_mqs+0xa78/0xe40 [ 87.997130][T10119] ? __kasan_check_read+0x11/0x20 [ 88.002190][T10119] ? mutex_is_locked+0x12/0x50 [ 88.006972][T10119] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 88.012707][T10119] ? bond_update_slave_arr+0x880/0x880 [ 88.018178][T10119] do_set_master+0x1dd/0x240 [ 88.022804][T10119] __rtnl_newlink+0x13a3/0x1790 [ 88.027663][T10119] ? lock_downgrade+0x920/0x920 [ 88.032533][T10119] ? rtnl_link_unregister+0x250/0x250 [ 88.037922][T10119] ? is_bpf_image_address+0x1da/0x290 [ 88.043317][T10119] ? __kernel_text_address+0xd/0x40 [ 88.048534][T10119] ? unwind_get_return_address+0x61/0xa0 [ 88.054200][T10119] ? profile_setup.cold+0xbb/0xbb [ 88.059235][T10119] ? arch_stack_walk+0x97/0xf0 [ 88.064019][T10119] ? stack_trace_save+0x8f/0xc0 [ 88.068885][T10119] ? stack_trace_consume_entry+0x170/0x170 [ 88.074709][T10119] ? is_bpf_image_address+0x1b8/0x290 [ 88.080109][T10119] ? save_stack+0x5c/0x90 [ 88.084475][T10119] ? save_stack+0x23/0x90 [ 88.088840][T10119] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 88.094686][T10119] ? rtnl_newlink+0x4b/0xa0 [ 88.099208][T10119] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 88.104772][T10119] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 88.110776][T10119] rtnl_newlink+0x69/0xa0 [ 88.115132][T10119] ? __rtnl_newlink+0x1790/0x1790 [ 88.120173][T10119] rtnetlink_rcv_msg+0x45e/0xaf0 [ 88.125128][T10119] ? rtnl_bridge_getlink+0x910/0x910 [ 88.130599][T10119] ? lock_downgrade+0x920/0x920 [ 88.135468][T10119] ? netlink_deliver_tap+0x226/0xbf0 [ 88.140768][T10119] ? find_held_lock+0x35/0x130 [ 88.145554][T10119] netlink_rcv_skb+0x177/0x450 [ 88.150335][T10119] ? rtnl_bridge_getlink+0x910/0x910 [ 88.155918][T10119] ? netlink_ack+0xb50/0xb50 [ 88.160647][T10119] ? __kasan_check_read+0x11/0x20 [ 88.165697][T10119] ? netlink_deliver_tap+0x248/0xbf0 [ 88.171000][T10119] rtnetlink_rcv+0x1d/0x30 [ 88.175447][T10119] netlink_unicast+0x59e/0x7e0 [ 88.180317][T10119] ? netlink_attachskb+0x870/0x870 [ 88.185474][T10119] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 88.191207][T10119] ? __check_object_size+0x3d/0x437 [ 88.196422][T10119] netlink_sendmsg+0x91c/0xea0 [ 88.201209][T10119] ? netlink_unicast+0x7e0/0x7e0 [ 88.206165][T10119] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 88.211734][T10119] ? apparmor_socket_sendmsg+0x2a/0x30 [ 88.217213][T10119] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 88.225478][T10119] ? security_socket_sendmsg+0x8d/0xc0 [ 88.230955][T10119] ? netlink_unicast+0x7e0/0x7e0 [ 88.236020][T10119] sock_sendmsg+0xd7/0x130 [ 88.240459][T10119] ____sys_sendmsg+0x753/0x880 [ 88.245255][T10119] ? kernel_sendmsg+0x50/0x50 [ 88.249952][T10119] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 88.255514][T10119] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 88.261527][T10119] ___sys_sendmsg+0x100/0x170 [ 88.266225][T10119] ? sendmsg_copy_msghdr+0x70/0x70 [ 88.271358][T10119] ? __kasan_check_read+0x11/0x20 [ 88.276400][T10119] ? __lock_acquire+0x8a0/0x4a00 [ 88.281360][T10119] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 88.287795][T10119] ? __this_cpu_preempt_check+0x35/0x190 [ 88.293451][T10119] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 88.299711][T10119] ? percpu_counter_add_batch+0x13c/0x190 [ 88.305449][T10119] ? __fd_install+0x1bc/0x640 [ 88.310144][T10119] ? find_held_lock+0x35/0x130 [ 88.314925][T10119] ? __fd_install+0x1bc/0x640 [ 88.319629][T10119] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 88.325892][T10119] ? __fget_light+0x1ad/0x270 [ 88.330588][T10119] ? __fdget+0x1b/0x20 [ 88.334680][T10119] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 88.340944][T10119] __sys_sendmsg+0x105/0x1d0 [ 88.345556][T10119] ? __sys_sendmsg_sock+0xc0/0xc0 [ 88.350600][T10119] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 88.356654][T10119] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 88.362136][T10119] ? do_syscall_64+0x26/0x790 [ 88.366835][T10119] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.372922][T10119] ? do_syscall_64+0x26/0x790 [ 88.377617][T10119] __x64_sys_sendmsg+0x78/0xb0 [ 88.382412][T10119] do_syscall_64+0xfa/0x790 [ 88.386949][T10119] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.392854][T10119] RIP: 0033:0x440509 [ 88.396764][T10119] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 88.416382][T10119] RSP: 002b:00007ffeff29e0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 88.424805][T10119] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440509 [ 88.432928][T10119] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 88.440928][T10119] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 88.448914][T10119] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d90 [ 88.456901][T10119] R13: 0000000000401e20 R14: 0000000000000000 R15: 0000000000000000