[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   77.175843][   T27] kauditd_printk_skb: 4 callbacks suppressed
[   77.175854][   T27] audit: type=1800 audit(1582636673.041:29): pid=9967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   77.203103][   T27] audit: type=1800 audit(1582636673.041:30): pid=9967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   87.112060][T10119] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   87.122423][T10119] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   87.135860][T10119] netlink: 'syz-executor597': attribute type 1 has an invalid length.
[   87.188228][T10119] 8021q: adding VLAN 0 to HW filter on device bond1
[   87.253032][T10119] bond1: (slave gretap1): making interface the new active one
[   87.290296][T10119] 
[   87.292681][T10119] ======================================================
[   87.299720][T10119] WARNING: possible circular locking dependency detected
[   87.306770][T10119] 5.6.0-rc2-syzkaller #0 Not tainted
[   87.312052][T10119] ------------------------------------------------------
[   87.319076][T10119] syz-executor597/10119 is trying to acquire lock:
[   87.325763][T10119] ffffffff8a5d2ae0 (lock#3){+.+.}, at: cma_netdev_callback+0xc6/0x380
[   87.333943][T10119] 
[   87.333943][T10119] but task is already holding lock:
[   87.341321][T10119] ffffffff8a74da80 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0
[   87.349757][T10119] 
[   87.349757][T10119] which lock already depends on the new lock.
[   87.349757][T10119] 
[   87.360178][T10119] 
[   87.360178][T10119] the existing dependency chain (in reverse order) is:
[   87.369243][T10119] 
[   87.369243][T10119] -> #1 (rtnl_mutex){+.+.}:
[   87.375945][T10119]        __mutex_lock+0x156/0x13c0
[   87.381084][T10119]        mutex_lock_nested+0x16/0x20
[   87.386566][T10119]        rtnl_lock+0x17/0x20
[   87.391168][T10119]        siw_create_listen+0x329/0xed0
[   87.396641][T10119]        iw_cm_listen+0x16e/0x1f0
[   87.401674][T10119]        rdma_listen+0x613/0x970
[   87.406625][T10119]        cma_listen_on_dev+0x530/0x6a0
[   87.412092][T10119]        cma_add_one+0x6fe/0xbf0
[   87.417060][T10119]        add_client_context+0x3dd/0x550
[   87.422616][T10119]        enable_device_and_get+0x1df/0x3c0
[   87.428436][T10119]        ib_register_device+0xa89/0xe40
[   87.434007][T10119]        siw_newlink+0xdef/0x1310
[   87.439049][T10119]        nldev_newlink+0x28a/0x430
[   87.444275][T10119]        rdma_nl_rcv+0x5d9/0x980
[   87.449222][T10119]        netlink_unicast+0x59e/0x7e0
[   87.454524][T10119]        netlink_sendmsg+0x91c/0xea0
[   87.459816][T10119]        sock_sendmsg+0xd7/0x130
[   87.464757][T10119]        ____sys_sendmsg+0x753/0x880
[   87.470056][T10119]        ___sys_sendmsg+0x100/0x170
[   87.475265][T10119]        __sys_sendmsg+0x105/0x1d0
[   87.480385][T10119]        __x64_sys_sendmsg+0x78/0xb0
[   87.485709][T10119]        do_syscall_64+0xfa/0x790
[   87.490747][T10119]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.497246][T10119] 
[   87.497246][T10119] -> #0 (lock#3){+.+.}:
[   87.503599][T10119]        __lock_acquire+0x2596/0x4a00
[   87.508981][T10119]        lock_acquire+0x190/0x410
[   87.514103][T10119]        __mutex_lock+0x156/0x13c0
[   87.519244][T10119]        mutex_lock_nested+0x16/0x20
[   87.524539][T10119]        cma_netdev_callback+0xc6/0x380
[   87.530113][T10119]        notifier_call_chain+0xc2/0x230
[   87.535668][T10119]        raw_notifier_call_chain+0x2e/0x40
[   87.541540][T10119]        call_netdevice_notifiers_info+0xba/0x130
[   87.547997][T10119]        call_netdevice_notifiers+0x79/0xa0
[   87.553904][T10119]        bond_change_active_slave+0x185b/0x2050
[   87.560158][T10119]        bond_select_active_slave+0x276/0xae0
[   87.566236][T10119]        bond_enslave+0x44ef/0x4af0
[   87.571445][T10119]        do_set_master+0x1dd/0x240
[   87.576583][T10119]        __rtnl_newlink+0x13a3/0x1790
[   87.581964][T10119]        rtnl_newlink+0x69/0xa0
[   87.586846][T10119]        rtnetlink_rcv_msg+0x45e/0xaf0
[   87.592313][T10119]        netlink_rcv_skb+0x177/0x450
[   87.597606][T10119]        rtnetlink_rcv+0x1d/0x30
[   87.602558][T10119]        netlink_unicast+0x59e/0x7e0
[   87.607853][T10119]        netlink_sendmsg+0x91c/0xea0
[   87.613864][T10119]        sock_sendmsg+0xd7/0x130
[   87.618827][T10119]        ____sys_sendmsg+0x753/0x880
[   87.624124][T10119]        ___sys_sendmsg+0x100/0x170
[   87.629334][T10119]        __sys_sendmsg+0x105/0x1d0
[   87.634464][T10119]        __x64_sys_sendmsg+0x78/0xb0
[   87.639770][T10119]        do_syscall_64+0xfa/0x790
[   87.644826][T10119]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.651240][T10119] 
[   87.651240][T10119] other info that might help us debug this:
[   87.651240][T10119] 
[   87.661625][T10119]  Possible unsafe locking scenario:
[   87.661625][T10119] 
[   87.669169][T10119]        CPU0                    CPU1
[   87.674547][T10119]        ----                    ----
[   87.679911][T10119]   lock(rtnl_mutex);
[   87.683898][T10119]                                lock(lock#3);
[   87.690173][T10119]                                lock(rtnl_mutex);
[   87.696676][T10119]   lock(lock#3);
[   87.700333][T10119] 
[   87.700333][T10119]  *** DEADLOCK ***
[   87.700333][T10119] 
[   87.708493][T10119] 1 lock held by syz-executor597/10119:
[   87.714076][T10119]  #0: ffffffff8a74da80 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0
[   87.724075][T10119] 
[   87.724075][T10119] stack backtrace:
[   87.730002][T10119] CPU: 1 PID: 10119 Comm: syz-executor597 Not tainted 5.6.0-rc2-syzkaller #0
[   87.738761][T10119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   87.748856][T10119] Call Trace:
[   87.752159][T10119]  dump_stack+0x197/0x210
[   87.756627][T10119]  print_circular_bug.isra.0.cold+0x163/0x172
[   87.762727][T10119]  check_noncircular+0x32e/0x3e0
[   87.767687][T10119]  ? print_circular_bug.isra.0+0x230/0x230
[   87.773527][T10119]  ? alloc_list_entry+0xc0/0xc0
[   87.778389][T10119]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   87.784648][T10119]  ? find_first_zero_bit+0x9a/0xc0
[   87.789780][T10119]  __lock_acquire+0x2596/0x4a00
[   87.794655][T10119]  ? mark_held_locks+0xf0/0xf0
[   87.799445][T10119]  lock_acquire+0x190/0x410
[   87.804058][T10119]  ? cma_netdev_callback+0xc6/0x380
[   87.809291][T10119]  __mutex_lock+0x156/0x13c0
[   87.813918][T10119]  ? cma_netdev_callback+0xc6/0x380
[   87.819161][T10119]  ? cfg80211_netdev_notifier_call+0x186/0x17bb
[   87.825429][T10119]  ? queue_work_on+0xef/0x210
[   87.830137][T10119]  ? cma_netdev_callback+0xc6/0x380
[   87.835351][T10119]  ? cfg80211_init_wdev+0x500/0x500
[   87.840581][T10119]  ? mutex_trylock+0x2d0/0x2d0
[   87.845389][T10119]  ? __kasan_check_read+0x11/0x20
[   87.850428][T10119]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   87.856337][T10119]  ? tun_device_event+0x76/0x10e0
[   87.861381][T10119]  mutex_lock_nested+0x16/0x20
[   87.866160][T10119]  ? mutex_lock_nested+0x16/0x20
[   87.871123][T10119]  cma_netdev_callback+0xc6/0x380
[   87.876169][T10119]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   87.882107][T10119]  notifier_call_chain+0xc2/0x230
[   87.887156][T10119]  raw_notifier_call_chain+0x2e/0x40
[   87.892457][T10119]  call_netdevice_notifiers_info+0xba/0x130
[   87.898488][T10119]  call_netdevice_notifiers+0x79/0xa0
[   87.904039][T10119]  ? call_netdevice_notifiers_info+0x130/0x130
[   87.910211][T10119]  ? __kasan_check_read+0x11/0x20
[   87.915252][T10119]  ? bond_should_notify_peers+0x1f0/0x400
[   87.921017][T10119]  bond_change_active_slave+0x185b/0x2050
[   87.926759][T10119]  ? lockdep_hardirqs_on+0x421/0x5e0
[   87.932066][T10119]  ? bond_slave_link_status+0x70/0x70
[   87.937462][T10119]  bond_select_active_slave+0x276/0xae0
[   87.943037][T10119]  ? bond_change_active_slave+0x2050/0x2050
[   87.948981][T10119]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.955265][T10119]  bond_enslave+0x44ef/0x4af0
[   87.959966][T10119]  ? bond_update_slave_arr+0x880/0x880
[   87.965451][T10119]  ? rtmsg_ifinfo+0x61/0xa0
[   87.975537][T10119]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.981800][T10119]  ? __dev_notify_flags+0x183/0x2c0
[   87.987125][T10119]  ? dev_change_name+0x930/0x930
[   87.992090][T10119]  ? alloc_netdev_mqs+0xa78/0xe40
[   87.997130][T10119]  ? __kasan_check_read+0x11/0x20
[   88.002190][T10119]  ? mutex_is_locked+0x12/0x50
[   88.006972][T10119]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   88.012707][T10119]  ? bond_update_slave_arr+0x880/0x880
[   88.018178][T10119]  do_set_master+0x1dd/0x240
[   88.022804][T10119]  __rtnl_newlink+0x13a3/0x1790
[   88.027663][T10119]  ? lock_downgrade+0x920/0x920
[   88.032533][T10119]  ? rtnl_link_unregister+0x250/0x250
[   88.037922][T10119]  ? is_bpf_image_address+0x1da/0x290
[   88.043317][T10119]  ? __kernel_text_address+0xd/0x40
[   88.048534][T10119]  ? unwind_get_return_address+0x61/0xa0
[   88.054200][T10119]  ? profile_setup.cold+0xbb/0xbb
[   88.059235][T10119]  ? arch_stack_walk+0x97/0xf0
[   88.064019][T10119]  ? stack_trace_save+0x8f/0xc0
[   88.068885][T10119]  ? stack_trace_consume_entry+0x170/0x170
[   88.074709][T10119]  ? is_bpf_image_address+0x1b8/0x290
[   88.080109][T10119]  ? save_stack+0x5c/0x90
[   88.084475][T10119]  ? save_stack+0x23/0x90
[   88.088840][T10119]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   88.094686][T10119]  ? rtnl_newlink+0x4b/0xa0
[   88.099208][T10119]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   88.104772][T10119]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   88.110776][T10119]  rtnl_newlink+0x69/0xa0
[   88.115132][T10119]  ? __rtnl_newlink+0x1790/0x1790
[   88.120173][T10119]  rtnetlink_rcv_msg+0x45e/0xaf0
[   88.125128][T10119]  ? rtnl_bridge_getlink+0x910/0x910
[   88.130599][T10119]  ? lock_downgrade+0x920/0x920
[   88.135468][T10119]  ? netlink_deliver_tap+0x226/0xbf0
[   88.140768][T10119]  ? find_held_lock+0x35/0x130
[   88.145554][T10119]  netlink_rcv_skb+0x177/0x450
[   88.150335][T10119]  ? rtnl_bridge_getlink+0x910/0x910
[   88.155918][T10119]  ? netlink_ack+0xb50/0xb50
[   88.160647][T10119]  ? __kasan_check_read+0x11/0x20
[   88.165697][T10119]  ? netlink_deliver_tap+0x248/0xbf0
[   88.171000][T10119]  rtnetlink_rcv+0x1d/0x30
[   88.175447][T10119]  netlink_unicast+0x59e/0x7e0
[   88.180317][T10119]  ? netlink_attachskb+0x870/0x870
[   88.185474][T10119]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   88.191207][T10119]  ? __check_object_size+0x3d/0x437
[   88.196422][T10119]  netlink_sendmsg+0x91c/0xea0
[   88.201209][T10119]  ? netlink_unicast+0x7e0/0x7e0
[   88.206165][T10119]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   88.211734][T10119]  ? apparmor_socket_sendmsg+0x2a/0x30
[   88.217213][T10119]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.225478][T10119]  ? security_socket_sendmsg+0x8d/0xc0
[   88.230955][T10119]  ? netlink_unicast+0x7e0/0x7e0
[   88.236020][T10119]  sock_sendmsg+0xd7/0x130
[   88.240459][T10119]  ____sys_sendmsg+0x753/0x880
[   88.245255][T10119]  ? kernel_sendmsg+0x50/0x50
[   88.249952][T10119]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   88.255514][T10119]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   88.261527][T10119]  ___sys_sendmsg+0x100/0x170
[   88.266225][T10119]  ? sendmsg_copy_msghdr+0x70/0x70
[   88.271358][T10119]  ? __kasan_check_read+0x11/0x20
[   88.276400][T10119]  ? __lock_acquire+0x8a0/0x4a00
[   88.281360][T10119]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.287795][T10119]  ? __this_cpu_preempt_check+0x35/0x190
[   88.293451][T10119]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.299711][T10119]  ? percpu_counter_add_batch+0x13c/0x190
[   88.305449][T10119]  ? __fd_install+0x1bc/0x640
[   88.310144][T10119]  ? find_held_lock+0x35/0x130
[   88.314925][T10119]  ? __fd_install+0x1bc/0x640
[   88.319629][T10119]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.325892][T10119]  ? __fget_light+0x1ad/0x270
[   88.330588][T10119]  ? __fdget+0x1b/0x20
[   88.334680][T10119]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   88.340944][T10119]  __sys_sendmsg+0x105/0x1d0
[   88.345556][T10119]  ? __sys_sendmsg_sock+0xc0/0xc0
[   88.350600][T10119]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   88.356654][T10119]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   88.362136][T10119]  ? do_syscall_64+0x26/0x790
[   88.366835][T10119]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   88.372922][T10119]  ? do_syscall_64+0x26/0x790
[   88.377617][T10119]  __x64_sys_sendmsg+0x78/0xb0
[   88.382412][T10119]  do_syscall_64+0xfa/0x790
[   88.386949][T10119]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   88.392854][T10119] RIP: 0033:0x440509
[   88.396764][T10119] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   88.416382][T10119] RSP: 002b:00007ffeff29e0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   88.424805][T10119] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440509
[   88.432928][T10119] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004
[   88.440928][T10119] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   88.448914][T10119] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d90
[   88.456901][T10119] R13: 0000000000401e20 R14: 0000000000000000 R15: 0000000000000000