[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 63.646223][ T27] audit: type=1800 audit(1583775980.268:25): pid=9400 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 63.667228][ T27] audit: type=1800 audit(1583775980.268:26): pid=9400 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 63.734944][ T27] audit: type=1800 audit(1583775980.268:27): pid=9400 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.211' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 75.169473][ T9552] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 75.180459][ T9552] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 75.194361][ T9552] netlink: 'syz-executor910': attribute type 1 has an invalid length. [ 75.256788][ T9552] bond1: (slave gretap1): making interface the new active one [ 75.264729][ T9552] [ 75.267061][ T9552] ====================================================== [ 75.274097][ T9552] WARNING: possible circular locking dependency detected [ 75.281108][ T9552] 5.6.0-rc5-syzkaller #0 Not tainted [ 75.286388][ T9552] ------------------------------------------------------ [ 75.293401][ T9552] syz-executor910/9552 is trying to acquire lock: [ 75.299807][ T9552] ffffffff8a1d3aa0 (lock#3){+.+.}, at: cma_netdev_callback+0xc5/0x380 [ 75.307974][ T9552] [ 75.307974][ T9552] but task is already holding lock: [ 75.315335][ T9552] ffffffff8a34eb00 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3f9/0xad0 [ 75.323756][ T9552] [ 75.323756][ T9552] which lock already depends on the new lock. [ 75.323756][ T9552] [ 75.334277][ T9552] [ 75.334277][ T9552] the existing dependency chain (in reverse order) is: [ 75.343287][ T9552] [ 75.343287][ T9552] -> #1 (rtnl_mutex){+.+.}: [ 75.349981][ T9552] __mutex_lock+0x156/0x13c0 [ 75.355095][ T9552] siw_create_listen+0x329/0xed0 [ 75.360548][ T9552] iw_cm_listen+0x166/0x1e0 [ 75.365570][ T9552] rdma_listen+0x5e2/0x910 [ 75.370521][ T9552] cma_listen_on_dev+0x512/0x650 [ 75.375979][ T9552] cma_add_one+0x6aa/0xb60 [ 75.380920][ T9552] add_client_context+0x3b4/0x520 [ 75.386465][ T9552] enable_device_and_get+0x1cd/0x3b0 [ 75.392274][ T9552] ib_register_device+0xa12/0xda0 [ 75.397819][ T9552] siw_newlink+0xdef/0x1310 [ 75.402844][ T9552] nldev_newlink+0x27f/0x400 [ 75.407953][ T9552] rdma_nl_rcv+0x586/0x900 [ 75.412888][ T9552] netlink_unicast+0x537/0x740 [ 75.418172][ T9552] netlink_sendmsg+0x882/0xe10 [ 75.423450][ T9552] sock_sendmsg+0xcf/0x120 [ 75.428388][ T9552] ____sys_sendmsg+0x6b9/0x7d0 [ 75.433666][ T9552] ___sys_sendmsg+0x100/0x170 [ 75.438861][ T9552] __sys_sendmsg+0xec/0x1b0 [ 75.443881][ T9552] do_syscall_64+0xf6/0x7d0 [ 75.448913][ T9552] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.455314][ T9552] [ 75.455314][ T9552] -> #0 (lock#3){+.+.}: [ 75.461663][ T9552] __lock_acquire+0x201b/0x3ca0 [ 75.467035][ T9552] lock_acquire+0x197/0x420 [ 75.472057][ T9552] __mutex_lock+0x156/0x13c0 [ 75.477520][ T9552] cma_netdev_callback+0xc5/0x380 [ 75.483065][ T9552] notifier_call_chain+0xc0/0x230 [ 75.488612][ T9552] call_netdevice_notifiers_info+0xb5/0x130 [ 75.495029][ T9552] call_netdevice_notifiers+0x79/0xa0 [ 75.501015][ T9552] bond_change_active_slave+0x80e/0x1d90 [ 75.507169][ T9552] bond_select_active_slave+0x250/0xa60 [ 75.513231][ T9552] bond_enslave+0x4281/0x4800 [ 75.518426][ T9552] do_set_master+0x1d7/0x230 [ 75.523534][ T9552] __rtnl_newlink+0x11d4/0x1590 [ 75.529859][ T9552] rtnl_newlink+0x64/0xa0 [ 75.534704][ T9552] rtnetlink_rcv_msg+0x44e/0xad0 [ 75.540159][ T9552] netlink_rcv_skb+0x15a/0x410 [ 75.545439][ T9552] netlink_unicast+0x537/0x740 [ 75.550716][ T9552] netlink_sendmsg+0x882/0xe10 [ 75.556001][ T9552] sock_sendmsg+0xcf/0x120 [ 75.560933][ T9552] ____sys_sendmsg+0x6b9/0x7d0 [ 75.566211][ T9552] ___sys_sendmsg+0x100/0x170 [ 75.571404][ T9552] __sys_sendmsg+0xec/0x1b0 [ 75.576424][ T9552] do_syscall_64+0xf6/0x7d0 [ 75.581448][ T9552] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.591581][ T9552] [ 75.591581][ T9552] other info that might help us debug this: [ 75.591581][ T9552] [ 75.601889][ T9552] Possible unsafe locking scenario: [ 75.601889][ T9552] [ 75.609425][ T9552] CPU0 CPU1 [ 75.614785][ T9552] ---- ---- [ 75.620145][ T9552] lock(rtnl_mutex); [ 75.624114][ T9552] lock(lock#3); [ 75.630259][ T9552] lock(rtnl_mutex); [ 75.636748][ T9552] lock(lock#3); [ 75.640371][ T9552] [ 75.640371][ T9552] *** DEADLOCK *** [ 75.640371][ T9552] [ 75.648512][ T9552] 1 lock held by syz-executor910/9552: [ 75.653957][ T9552] #0: ffffffff8a34eb00 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3f9/0xad0 [ 75.662821][ T9552] [ 75.662821][ T9552] stack backtrace: [ 75.668708][ T9552] CPU: 1 PID: 9552 Comm: syz-executor910 Not tainted 5.6.0-rc5-syzkaller #0 [ 75.677371][ T9552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.687422][ T9552] Call Trace: [ 75.690714][ T9552] dump_stack+0x188/0x20d [ 75.695302][ T9552] check_noncircular+0x32e/0x3e0 [ 75.700263][ T9552] ? print_circular_bug.isra.0+0x220/0x220 [ 75.706083][ T9552] ? alloc_list_entry+0xb0/0xb0 [ 75.711039][ T9552] ? mark_lock+0xbc/0x1220 [ 75.715463][ T9552] ? find_first_zero_bit+0x94/0xb0 [ 75.720578][ T9552] __lock_acquire+0x201b/0x3ca0 [ 75.725437][ T9552] ? __queue_work+0x58a/0x1240 [ 75.730199][ T9552] ? mark_held_locks+0xe0/0xe0 [ 75.734962][ T9552] ? find_held_lock+0x2d/0x110 [ 75.739743][ T9552] ? __queue_work+0x58a/0x1240 [ 75.744510][ T9552] lock_acquire+0x197/0x420 [ 75.749018][ T9552] ? cma_netdev_callback+0xc5/0x380 [ 75.754229][ T9552] __mutex_lock+0x156/0x13c0 [ 75.759026][ T9552] ? cma_netdev_callback+0xc5/0x380 [ 75.764227][ T9552] ? cma_netdev_callback+0xc5/0x380 [ 75.769428][ T9552] ? cfg80211_init_wdev+0x4c0/0x4c0 [ 75.774710][ T9552] ? mark_held_locks+0x9f/0xe0 [ 75.779473][ T9552] ? kmem_cache_alloc_trace+0x390/0x7d0 [ 75.785028][ T9552] ? mutex_trylock+0x2c0/0x2c0 [ 75.789791][ T9552] ? queue_work_on+0x127/0x200 [ 75.794576][ T9552] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 75.800466][ T9552] ? inetdev_event+0x1a5/0x15b0 [ 75.805322][ T9552] ? update_gid_event_work_handler+0xb0/0xb0 [ 75.811297][ T9552] ? tun_device_event+0x71/0x10d0 [ 75.816320][ T9552] ? add_netdev_upper_ips+0x30/0x30 [ 75.821519][ T9552] ? cma_netdev_callback+0xc5/0x380 [ 75.826718][ T9552] cma_netdev_callback+0xc5/0x380 [ 75.831744][ T9552] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 75.837648][ T9552] notifier_call_chain+0xc0/0x230 [ 75.842678][ T9552] call_netdevice_notifiers_info+0xb5/0x130 [ 75.848573][ T9552] call_netdevice_notifiers+0x79/0xa0 [ 75.853946][ T9552] ? call_netdevice_notifiers_info+0x130/0x130 [ 75.860100][ T9552] ? queue_delayed_work_on+0x12f/0x210 [ 75.865560][ T9552] bond_change_active_slave+0x80e/0x1d90 [ 75.871195][ T9552] ? queue_delayed_work_on+0x12f/0x210 [ 75.876655][ T9552] ? bond_slave_link_status+0x70/0x70 [ 75.882038][ T9552] bond_select_active_slave+0x250/0xa60 [ 75.887745][ T9552] ? bond_set_carrier+0x20e/0x3f0 [ 75.892891][ T9552] ? bond_change_active_slave+0x1d90/0x1d90 [ 75.898797][ T9552] bond_enslave+0x4281/0x4800 [ 75.903503][ T9552] ? bond_update_slave_arr+0x820/0x820 [ 75.908963][ T9552] ? rtmsg_ifinfo_event.part.0+0xb6/0xe0 [ 75.914614][ T9552] ? rtmsg_ifinfo+0x7f/0xa0 [ 75.919158][ T9552] ? __dev_notify_flags+0x183/0x2c0 [ 75.924369][ T9552] ? ipgre_changelink+0x330/0x330 [ 75.932348][ T9552] ? dev_change_name+0x930/0x930 [ 75.937287][ T9552] ? xdp_rxq_info_reg+0x111/0x1b0 [ 75.942323][ T9552] ? bond_update_slave_arr+0x820/0x820 [ 75.947784][ T9552] do_set_master+0x1d7/0x230 [ 75.952379][ T9552] __rtnl_newlink+0x11d4/0x1590 [ 75.957243][ T9552] ? rtnl_link_unregister+0x240/0x240 [ 75.962632][ T9552] ? kernel_text_address+0xe2/0x100 [ 75.967830][ T9552] ? __kernel_text_address+0x9/0x30 [ 75.973733][ T9552] ? unwind_get_return_address+0x5a/0xa0 [ 75.980427][ T9552] ? profile_setup.cold+0xc1/0xc1 [ 75.985449][ T9552] ? arch_stack_walk+0x84/0xd0 [ 75.990225][ T9552] ? stack_trace_save+0x8c/0xc0 [ 75.995077][ T9552] ? stack_trace_consume_entry+0x160/0x160 [ 76.000906][ T9552] ? rtnl_newlink+0x46/0xa0 [ 76.005509][ T9552] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 76.011060][ T9552] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 76.017046][ T9552] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 76.022859][ T9552] ? rtnetlink_rcv_msg+0x1d6/0xad0 [ 76.027973][ T9552] rtnl_newlink+0x64/0xa0 [ 76.032312][ T9552] ? __rtnl_newlink+0x1590/0x1590 [ 76.037506][ T9552] rtnetlink_rcv_msg+0x44e/0xad0 [ 76.042447][ T9552] ? rtnl_bridge_getlink+0x880/0x880 [ 76.047734][ T9552] ? mark_held_locks+0xe0/0xe0 [ 76.052592][ T9552] ? netlink_deliver_tap+0x146/0xb50 [ 76.057995][ T9552] netlink_rcv_skb+0x15a/0x410 [ 76.062763][ T9552] ? rtnl_bridge_getlink+0x880/0x880 [ 76.068050][ T9552] ? netlink_ack+0xa80/0xa80 [ 76.072643][ T9552] netlink_unicast+0x537/0x740 [ 76.077576][ T9552] ? netlink_attachskb+0x810/0x810 [ 76.082694][ T9552] ? _copy_from_iter_full+0x25c/0x870 [ 76.088067][ T9552] ? __phys_addr_symbol+0x2c/0x70 [ 76.093085][ T9552] ? __check_object_size+0x171/0x437 [ 76.098368][ T9552] netlink_sendmsg+0x882/0xe10 [ 76.103131][ T9552] ? aa_af_perm+0x260/0x260 [ 76.107748][ T9552] ? netlink_unicast+0x740/0x740 [ 76.112716][ T9552] ? netlink_unicast+0x740/0x740 [ 76.117664][ T9552] sock_sendmsg+0xcf/0x120 [ 76.122081][ T9552] ____sys_sendmsg+0x6b9/0x7d0 [ 76.126853][ T9552] ? kernel_sendmsg+0x50/0x50 [ 76.131534][ T9552] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 76.137081][ T9552] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 76.143176][ T9552] ? lockdep_init_map+0x1b0/0x6c0 [ 76.148207][ T9552] ___sys_sendmsg+0x100/0x170 [ 76.152886][ T9552] ? sendmsg_copy_msghdr+0x70/0x70 [ 76.157998][ T9552] ? __lock_acquire+0x80b/0x3ca0 [ 76.162940][ T9552] ? find_held_lock+0x2d/0x110 [ 76.167703][ T9552] ? __fd_install+0x1b4/0x600 [ 76.172497][ T9552] ? lock_downgrade+0x7f0/0x7f0 [ 76.177360][ T9552] ? __fget_light+0x1a5/0x270 [ 76.182041][ T9552] __sys_sendmsg+0xec/0x1b0 [ 76.186544][ T9552] ? __sys_sendmsg_sock+0xb0/0xb0 [ 76.191576][ T9552] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 76.197562][ T9552] ? trace_hardirqs_off_caller+0x55/0x230 [ 76.203286][ T9552] ? do_syscall_64+0x21/0x7d0 [ 76.207978][ T9552] do_syscall_64+0xf6/0x7d0 [ 76.212488][ T9552] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.218372][ T9552] RIP: 0033:0x440529 [ 76.222259][ T9552] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 76.241860][ T9552] RSP: 002b:00007ffebd571958 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.250278][ T9552] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 76.258255][ T9552] RDX: 00000