[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 74.575841][ T27] audit: type=1800 audit(1584856307.071:25): pid=9304 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 74.607537][ T27] audit: type=1800 audit(1584856307.071:26): pid=9304 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 74.650147][ T27] audit: type=1800 audit(1584856307.071:27): pid=9304 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.192' (ECDSA) to the list of known hosts. syzkaller login: [ 84.645648][ T9456] IPVS: ftp: loaded support on port[0] = 21 [ 84.701725][ T9456] chnl_net:caif_netlink_parms(): no params data found [ 84.752215][ T9456] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.759918][ T9456] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.768341][ T9456] device bridge_slave_0 entered promiscuous mode [ 84.776684][ T9456] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.783881][ T9456] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.791664][ T9456] device bridge_slave_1 entered promiscuous mode [ 84.810011][ T9456] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.820956][ T9456] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.841575][ T9456] team0: Port device team_slave_0 added [ 84.849056][ T9456] team0: Port device team_slave_1 added [ 84.865039][ T9456] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.872047][ T9456] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.898054][ T9456] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.910338][ T9456] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.917356][ T9456] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.943289][ T9456] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.000197][ T9456] device hsr_slave_0 entered promiscuous mode [ 85.037772][ T9456] device hsr_slave_1 entered promiscuous mode [ 85.176942][ T9456] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 85.210503][ T9456] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 85.270724][ T9456] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.319756][ T9456] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 85.373484][ T9456] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.380669][ T9456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.388730][ T9456] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.395889][ T9456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.441089][ T9456] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.454438][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 85.464449][ T3033] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.473173][ T3033] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.481539][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 85.495856][ T9456] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.507554][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 85.516230][ T3183] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.523384][ T3183] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.547901][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 85.556620][ T3033] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.563918][ T3033] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.572059][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 85.580833][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 85.590284][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 85.602206][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 85.616460][ T9456] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 85.630463][ T9456] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 85.638975][ T3184] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 85.658065][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 85.665687][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 85.680146][ T9456] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.700100][ T3184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 85.709344][ T3184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 85.728661][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 85.737179][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 85.746011][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 85.754576][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 85.765389][ T9456] device veth0_vlan entered promiscuous mode [ 85.777182][ T9456] device veth1_vlan entered promiscuous mode [ 85.803122][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 85.811399][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 85.819665][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 85.828491][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 85.840410][ T9456] device veth0_macvtap entered promiscuous mode [ 85.850403][ T9456] device veth1_macvtap entered promiscuous mode [ 85.866866][ T9456] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.874357][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 85.882884][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 85.891015][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 85.900399][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 85.913588][ T9456] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.921106][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 85.930803][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 86.094266][ T9456] netlink: 'syz-executor716': attribute type 1 has an invalid length. [ 86.115242][ T9456] bond1: (slave gretap1): making interface the new active one [ 86.123089][ T9456] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 86.136111][ T9456] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 86.143553][ T9456] [ 86.145865][ T9456] ====================================================== [ 86.152867][ T9456] WARNING: possible circular locking dependency detected [ 86.159908][ T9456] 5.6.0-rc6-syzkaller #0 Not tainted [ 86.165177][ T9456] ------------------------------------------------------ [ 86.172171][ T9456] syz-executor716/9456 is trying to acquire lock: [ 86.178565][ T9456] ffffffff8a34ec00 (rtnl_mutex){+.+.}, at: siw_create_listen+0x329/0xed0 [ 86.186959][ T9456] [ 86.186959][ T9456] but task is already holding lock: [ 86.194317][ T9456] ffffffff8a1d3ae0 (lock#3){+.+.}, at: cma_add_one+0x5dc/0xb60 [ 86.201842][ T9456] [ 86.201842][ T9456] which lock already depends on the new lock. [ 86.201842][ T9456] [ 86.212311][ T9456] [ 86.212311][ T9456] the existing dependency chain (in reverse order) is: [ 86.221305][ T9456] [ 86.221305][ T9456] -> #1 (lock#3){+.+.}: [ 86.227631][ T9456] __mutex_lock+0x156/0x13c0 [ 86.232732][ T9456] cma_netdev_callback+0xc5/0x380 [ 86.238262][ T9456] notifier_call_chain+0xc0/0x230 [ 86.243795][ T9456] call_netdevice_notifiers_info+0xb5/0x130 [ 86.250184][ T9456] call_netdevice_notifiers+0x79/0xa0 [ 86.256056][ T9456] bond_change_active_slave+0x80e/0x1d90 [ 86.262210][ T9456] bond_select_active_slave+0x250/0xa60 [ 86.268255][ T9456] bond_enslave+0x4281/0x4800 [ 86.273431][ T9456] do_set_master+0x1d7/0x230 [ 86.278646][ T9456] __rtnl_newlink+0x11d4/0x1590 [ 86.283990][ T9456] rtnl_newlink+0x64/0xa0 [ 86.288815][ T9456] rtnetlink_rcv_msg+0x44e/0xad0 [ 86.294246][ T9456] netlink_rcv_skb+0x15a/0x410 [ 86.299504][ T9456] netlink_unicast+0x537/0x740 [ 86.304766][ T9456] netlink_sendmsg+0x882/0xe10 [ 86.310024][ T9456] sock_sendmsg+0xcf/0x120 [ 86.314937][ T9456] ____sys_sendmsg+0x6b9/0x7d0 [ 86.320222][ T9456] ___sys_sendmsg+0x100/0x170 [ 86.325403][ T9456] __sys_sendmsg+0xec/0x1b0 [ 86.330405][ T9456] do_syscall_64+0xf6/0x7d0 [ 86.335405][ T9456] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.341787][ T9456] [ 86.341787][ T9456] -> #0 (rtnl_mutex){+.+.}: [ 86.348507][ T9456] __lock_acquire+0x201b/0x3ca0 [ 86.353912][ T9456] lock_acquire+0x197/0x420 [ 86.358949][ T9456] __mutex_lock+0x156/0x13c0 [ 86.364040][ T9456] siw_create_listen+0x329/0xed0 [ 86.369486][ T9456] iw_cm_listen+0x166/0x1e0 [ 86.374497][ T9456] rdma_listen+0x5e2/0x910 [ 86.379449][ T9456] cma_listen_on_dev+0x512/0x650 [ 86.384886][ T9456] cma_add_one+0x6aa/0xb60 [ 86.389808][ T9456] add_client_context+0x3b4/0x520 [ 86.395341][ T9456] enable_device_and_get+0x1cd/0x3b0 [ 86.401124][ T9456] ib_register_device+0xa12/0xda0 [ 86.406642][ T9456] siw_newlink+0xdef/0x1310 [ 86.411641][ T9456] nldev_newlink+0x27f/0x400 [ 86.416734][ T9456] rdma_nl_rcv+0x586/0x900 [ 86.421647][ T9456] netlink_unicast+0x537/0x740 [ 86.426905][ T9456] netlink_sendmsg+0x882/0xe10 [ 86.432179][ T9456] sock_sendmsg+0xcf/0x120 [ 86.437089][ T9456] ____sys_sendmsg+0x6b9/0x7d0 [ 86.443561][ T9456] ___sys_sendmsg+0x100/0x170 [ 86.448753][ T9456] __sys_sendmsg+0xec/0x1b0 [ 86.453753][ T9456] do_syscall_64+0xf6/0x7d0 [ 86.458754][ T9456] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.465134][ T9456] [ 86.465134][ T9456] other info that might help us debug this: [ 86.465134][ T9456] [ 86.475342][ T9456] Possible unsafe locking scenario: [ 86.475342][ T9456] [ 86.482776][ T9456] CPU0 CPU1 [ 86.488126][ T9456] ---- ---- [ 86.493463][ T9456] lock(lock#3); [ 86.497069][ T9456] lock(rtnl_mutex); [ 86.503538][ T9456] lock(lock#3); [ 86.509680][ T9456] lock(rtnl_mutex); [ 86.513633][ T9456] [ 86.513633][ T9456] *** DEADLOCK *** [ 86.513633][ T9456] [ 86.521926][ T9456] 6 locks held by syz-executor716/9456: [ 86.527445][ T9456] #0: ffffffff8cf2b700 (&rdma_nl_types[idx].sem){.+.+}, at: rdma_nl_rcv+0x3ba/0x900 [ 86.536899][ T9456] #1: ffffffff8a1c94a8 (link_ops_rwsem){++++}, at: nldev_newlink+0x23b/0x400 [ 86.545731][ T9456] #2: ffffffff8a1bcfc8 (devices_rwsem){++++}, at: enable_device_and_get+0xfc/0x3b0 [ 86.555086][ T9456] #3: ffffffff8a1bce88 (clients_rwsem){++++}, at: enable_device_and_get+0x15b/0x3b0 [ 86.564531][ T9456] #4: ffff8880a8ba8538 (&device->client_data_rwsem){++++}, at: add_client_context+0x382/0x520 [ 86.574848][ T9456] #5: ffffffff8a1d3ae0 (lock#3){+.+.}, at: cma_add_one+0x5dc/0xb60 [ 86.583324][ T9456] [ 86.583324][ T9456] stack backtrace: [ 86.589204][ T9456] CPU: 0 PID: 9456 Comm: syz-executor716 Not tainted 5.6.0-rc6-syzkaller #0 [ 86.597849][ T9456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.607892][ T9456] Call Trace: [ 86.611177][ T9456] dump_stack+0x188/0x20d [ 86.615491][ T9456] check_noncircular+0x32e/0x3e0 [ 86.620406][ T9456] ? print_circular_bug.isra.0+0x220/0x220 [ 86.626204][ T9456] ? mark_lock+0xbc/0x1220 [ 86.630625][ T9456] ? alloc_list_entry+0xb0/0xb0 [ 86.635472][ T9456] ? mark_lock+0xbc/0x1220 [ 86.639888][ T9456] ? find_first_zero_bit+0x94/0xb0 [ 86.644978][ T9456] __lock_acquire+0x201b/0x3ca0 [ 86.649835][ T9456] ? mark_held_locks+0xe0/0xe0 [ 86.654770][ T9456] ? iw_cm_map+0x49e/0xfb0 [ 86.659293][ T9456] lock_acquire+0x197/0x420 [ 86.663796][ T9456] ? siw_create_listen+0x329/0xed0 [ 86.668906][ T9456] __mutex_lock+0x156/0x13c0 [ 86.673557][ T9456] ? siw_create_listen+0x329/0xed0 [ 86.678703][ T9456] ? siw_create_listen+0x329/0xed0 [ 86.683813][ T9456] ? mutex_trylock+0x2c0/0x2c0 [ 86.688579][ T9456] ? find_held_lock+0x2d/0x110 [ 86.693591][ T9456] ? siw_create_listen+0x26b/0xed0 [ 86.698696][ T9456] ? lock_downgrade+0x7f0/0x7f0 [ 86.703523][ T9456] ? rcu_read_lock_held_common+0x130/0x130 [ 86.709307][ T9456] ? siw_create_listen+0x329/0xed0 [ 86.714404][ T9456] ? rtnl_lock+0x5/0x20 [ 86.718623][ T9456] siw_create_listen+0x329/0xed0 [ 86.723624][ T9456] ? find_held_lock+0x2d/0x110 [ 86.728377][ T9456] ? siw_reject+0x280/0x280 [ 86.732869][ T9456] ? mark_held_locks+0x9f/0xe0 [ 86.737609][ T9456] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 86.743480][ T9456] ? iw_cm_listen+0x166/0x1e0 [ 86.748133][ T9456] iw_cm_listen+0x166/0x1e0 [ 86.752623][ T9456] rdma_listen+0x5e2/0x910 [ 86.757016][ T9456] cma_listen_on_dev+0x512/0x650 [ 86.761954][ T9456] cma_add_one+0x6aa/0xb60 [ 86.766357][ T9456] ? cma_listen_on_dev+0x650/0x650 [ 86.771449][ T9456] ? do_raw_spin_unlock+0x171/0x260 [ 86.776635][ T9456] ? cma_listen_on_dev+0x650/0x650 [ 86.781738][ T9456] add_client_context+0x3b4/0x520 [ 86.786737][ T9456] ? ib_device_get_by_netdev+0x4f0/0x4f0 [ 86.792384][ T9456] enable_device_and_get+0x1cd/0x3b0 [ 86.797660][ T9456] ? add_one_compat_dev+0x7e0/0x7e0 [ 86.802845][ T9456] ? rdma_counter_init+0x200/0x400 [ 86.807950][ T9456] ib_register_device+0xa12/0xda0 [ 86.812960][ T9456] ? enable_device_and_get+0x3b0/0x3b0 [ 86.818408][ T9456] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 86.824364][ T9456] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 86.830158][ T9456] ? lockdep_init_map+0x1b0/0x6c0 [ 86.835236][ T9456] siw_newlink+0xdef/0x1310 [ 86.839840][ T9456] ? siw_get_base_qp+0x470/0x470 [ 86.844799][ T9456] nldev_newlink+0x27f/0x400 [ 86.849422][ T9456] ? nldev_set_doit+0x3e0/0x3e0 [ 86.854524][ T9456] ? profile_setup.cold+0xc1/0xc1 [ 86.859531][ T9456] ? arch_stack_walk+0x84/0xd0 [ 86.864305][ T9456] ? __lock_acquire+0x80b/0x3ca0 [ 86.869252][ T9456] ? apparmor_capable+0x454/0x8a0 [ 86.874275][ T9456] ? apparmor_capable+0x454/0x8a0 [ 86.879327][ T9456] ? apparmor_cred_prepare+0x750/0x750 [ 86.884782][ T9456] ? apparmor_cred_prepare+0x750/0x750 [ 86.890378][ T9456] ? cap_capable+0x1eb/0x250 [ 86.895061][ T9456] ? ns_capable_common+0xe2/0x100 [ 86.900132][ T9456] ? nldev_set_doit+0x3e0/0x3e0 [ 86.905011][ T9456] rdma_nl_rcv+0x586/0x900 [ 86.909415][ T9456] ? rdma_nl_multicast+0x310/0x310 [ 86.914596][ T9456] ? netlink_deliver_tap+0x227/0xb50 [ 86.919899][ T9456] netlink_unicast+0x537/0x740 [ 86.924654][ T9456] ? netlink_attachskb+0x810/0x810 [ 86.929748][ T9456] ? _copy_from_iter_full+0x25c/0x870 [ 86.935114][ T9456] ? __phys_addr_symbol+0x2c/0x70 [ 86.940197][ T9456] ? __check_object_size+0x171/0x437 [ 86.945469][ T9456] netlink_sendmsg+0x882/0xe10 [ 86.950271][ T9456] ? aa_af_perm+0x260/0x260 [ 86.954778][ T9456] ? netlink_unicast+0x740/0x740 [ 86.959976][ T9456] ? netlink_unicast+0x740/0x740 [ 86.964894][ T9456] sock_sendmsg+0xcf/0x120 [ 86.969296][ T9456] ____sys_sendmsg+0x6b9/0x7d0 [ 86.974038][ T9456] ? kernel_sendmsg+0x50/0x50 [ 86.979217][ T9456] ? lockdep_init_map+0x1b0/0x6c0 [ 86.984255][ T9456] ___sys_sendmsg+0x100/0x170 [ 86.988985][ T9456] ? sendmsg_copy_msghdr+0x70/0x70 [ 86.994907][ T9456] ? __lock_acquire+0x80b/0x3ca0 [ 86.999844][ T9456] ? find_held_lock+0x2d/0x110 [ 87.004585][ T9456] ? __fd_install+0x1b4/0x600 [ 87.009240][ T9456] ? lock_downgrade+0x7f0/0x7f0 [ 87.014151][ T9456] ? __fget_light+0x1a5/0x270 [ 87.018818][ T9456] __sys_sendmsg+0xec/0x1b0 [ 87.023536][ T9456] ? __sys_sendmsg_sock+0xb0/0xb0 [ 87.028625][ T9456] ? trace_hardirqs_off_caller+0x55/0x230 [ 87.034583][ T9456] ? do_syscall_64+0x21/0x7d0 [ 87.039609][ T9456] do_syscall_64+0xf6/0x7d0 [ 87.044185][ T9456] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.050261][ T9456] RIP: 0033:0x4435f9 [ 87.054144][ T9456] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 87.073741][ T9456] RSP: 002b:00007ffced548a78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 87.082268][ T9456] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004435f9 [ 87.090312][ T9456] RDX: 0000000000000000 RSI: 00000000200031c0 RDI: 0000000000000005 [ 8