[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 65.020690][ T27] audit: type=1800 audit(1584026039.266:25): pid=9484 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 65.055543][ T27] audit: type=1800 audit(1584026039.266:26): pid=9484 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 65.094777][ T27] audit: type=1800 audit(1584026039.266:27): pid=9484 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.251' (ECDSA) to the list of known hosts. syzkaller login: [ 74.998462][ T9641] IPVS: ftp: loaded support on port[0] = 21 [ 75.052101][ T9641] chnl_net:caif_netlink_parms(): no params data found [ 75.093535][ T9641] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.101374][ T9641] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.109641][ T9641] device bridge_slave_0 entered promiscuous mode [ 75.118813][ T9641] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.126376][ T9641] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.134409][ T9641] device bridge_slave_1 entered promiscuous mode [ 75.152897][ T9641] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.164290][ T9641] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.185140][ T9641] team0: Port device team_slave_0 added [ 75.192711][ T9641] team0: Port device team_slave_1 added [ 75.208460][ T9641] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.215588][ T9641] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.241768][ T9641] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.254206][ T9641] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.261447][ T9641] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.287601][ T9641] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.349028][ T9641] device hsr_slave_0 entered promiscuous mode [ 75.416632][ T9641] device hsr_slave_1 entered promiscuous mode [ 75.554068][ T9641] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.599837][ T9641] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.659081][ T9641] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.699303][ T9641] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.772769][ T9641] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.780055][ T9641] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.787962][ T9641] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.795035][ T9641] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.840905][ T9641] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.855441][ T2710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.865840][ T2710] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.875361][ T2710] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.884075][ T2710] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 75.897094][ T9641] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.909186][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.918356][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.925531][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.947173][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.955899][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.963013][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.972168][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.981653][ T2799] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.991754][ T2710] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.006782][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.020176][ T2799] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.032601][ T9641] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.053624][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.061850][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.074022][ T9641] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.093821][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 76.103059][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.123205][ T2799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 76.133294][ T2799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.143950][ T9641] device veth0_vlan entered promiscuous mode [ 76.151434][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.159503][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.172483][ T9641] device veth1_vlan entered promiscuous mode [ 76.192792][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 76.201578][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 76.210043][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.219058][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.230113][ T9641] device veth0_macvtap entered promiscuous mode [ 76.241534][ T9641] device veth1_macvtap entered promiscuous mode [ 76.259418][ T9641] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.268441][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.277915][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.285783][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.294706][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.306220][ T9641] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.314688][ T2710] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.323581][ T2710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 76.463619][ T9641] netlink: 'syz-executor218': attribute type 1 has an invalid length. [ 76.484914][ T9641] bond1: (slave gretap1): making interface the new active one [ 76.492983][ T9641] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 76.506081][ T9641] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 76.513646][ T9641] [ 76.515989][ T9641] ====================================================== [ 76.522982][ T9641] WARNING: possible circular locking dependency detected [ 76.529988][ T9641] 5.6.0-rc3-syzkaller #0 Not tainted [ 76.535241][ T9641] ------------------------------------------------------ [ 76.542231][ T9641] syz-executor218/9641 is trying to acquire lock: [ 76.548615][ T9641] ffffffff8a34e300 (rtnl_mutex){+.+.}, at: siw_create_listen+0x329/0xed0 [ 76.557034][ T9641] [ 76.557034][ T9641] but task is already holding lock: [ 76.564379][ T9641] ffffffff8a1d3380 (lock#3){+.+.}, at: cma_add_one+0x5dc/0xb60 [ 76.571920][ T9641] [ 76.571920][ T9641] which lock already depends on the new lock. [ 76.571920][ T9641] [ 76.582306][ T9641] [ 76.582306][ T9641] the existing dependency chain (in reverse order) is: [ 76.591348][ T9641] [ 76.591348][ T9641] -> #1 (lock#3){+.+.}: [ 76.597663][ T9641] __mutex_lock+0x156/0x13c0 [ 76.602900][ T9641] cma_netdev_callback+0xc5/0x380 [ 76.608424][ T9641] notifier_call_chain+0xc0/0x230 [ 76.613958][ T9641] call_netdevice_notifiers_info+0xb5/0x130 [ 76.620350][ T9641] call_netdevice_notifiers+0x79/0xa0 [ 76.626325][ T9641] bond_change_active_slave+0x80e/0x1d90 [ 76.632476][ T9641] bond_select_active_slave+0x250/0xa60 [ 76.638527][ T9641] bond_enslave+0x4281/0x4800 [ 76.643720][ T9641] do_set_master+0x1d7/0x230 [ 76.648807][ T9641] __rtnl_newlink+0x11d4/0x1590 [ 76.654170][ T9641] rtnl_newlink+0x64/0xa0 [ 76.659012][ T9641] rtnetlink_rcv_msg+0x44e/0xad0 [ 76.664451][ T9641] netlink_rcv_skb+0x15a/0x410 [ 76.669718][ T9641] netlink_unicast+0x537/0x740 [ 76.674987][ T9641] netlink_sendmsg+0x882/0xe10 [ 76.680330][ T9641] sock_sendmsg+0xcf/0x120 [ 76.685241][ T9641] ____sys_sendmsg+0x6b9/0x7d0 [ 76.690499][ T9641] ___sys_sendmsg+0x100/0x170 [ 76.695667][ T9641] __sys_sendmsg+0xec/0x1b0 [ 76.700665][ T9641] do_syscall_64+0xf6/0x790 [ 76.705670][ T9641] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.712061][ T9641] [ 76.712061][ T9641] -> #0 (rtnl_mutex){+.+.}: [ 76.719155][ T9641] __lock_acquire+0x201b/0x3ca0 [ 76.724498][ T9641] lock_acquire+0x197/0x420 [ 76.729499][ T9641] __mutex_lock+0x156/0x13c0 [ 76.734598][ T9641] siw_create_listen+0x329/0xed0 [ 76.740126][ T9641] iw_cm_listen+0x166/0x1e0 [ 76.745120][ T9641] rdma_listen+0x5e2/0x910 [ 76.750042][ T9641] cma_listen_on_dev+0x512/0x650 [ 76.755488][ T9641] cma_add_one+0x6aa/0xb60 [ 76.760397][ T9641] add_client_context+0x3b4/0x520 [ 76.765913][ T9641] enable_device_and_get+0x1cd/0x3b0 [ 76.771705][ T9641] ib_register_device+0xa12/0xda0 [ 76.777239][ T9641] siw_newlink+0xdef/0x1310 [ 76.782248][ T9641] nldev_newlink+0x27f/0x400 [ 76.787336][ T9641] rdma_nl_rcv+0x586/0x900 [ 76.792250][ T9641] netlink_unicast+0x537/0x740 [ 76.797508][ T9641] netlink_sendmsg+0x882/0xe10 [ 76.802769][ T9641] sock_sendmsg+0xcf/0x120 [ 76.807680][ T9641] ____sys_sendmsg+0x6b9/0x7d0 [ 76.812949][ T9641] ___sys_sendmsg+0x100/0x170 [ 76.818124][ T9641] __sys_sendmsg+0xec/0x1b0 [ 76.823119][ T9641] do_syscall_64+0xf6/0x790 [ 76.828117][ T9641] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.834508][ T9641] [ 76.834508][ T9641] other info that might help us debug this: [ 76.834508][ T9641] [ 76.844720][ T9641] Possible unsafe locking scenario: [ 76.844720][ T9641] [ 76.852152][ T9641] CPU0 CPU1 [ 76.857490][ T9641] ---- ---- [ 76.862830][ T9641] lock(lock#3); [ 76.866466][ T9641] lock(rtnl_mutex); [ 76.872945][ T9641] lock(lock#3); [ 76.879131][ T9641] lock(rtnl_mutex); [ 76.883098][ T9641] [ 76.883098][ T9641] *** DEADLOCK *** [ 76.883098][ T9641] [ 76.891235][ T9641] 6 locks held by syz-executor218/9641: [ 76.896752][ T9641] #0: ffffffff8cf2a680 (&rdma_nl_types[idx].sem){.+.+}, at: rdma_nl_rcv+0x3ba/0x900 [ 76.906333][ T9641] #1: ffffffff8a1c8d48 (link_ops_rwsem){++++}, at: nldev_newlink+0x23b/0x400 [ 76.915269][ T9641] #2: ffffffff8a1bc868 (devices_rwsem){++++}, at: enable_device_and_get+0xfc/0x3b0 [ 76.924622][ T9641] #3: ffffffff8a1bc728 (clients_rwsem){++++}, at: enable_device_and_get+0x15b/0x3b0 [ 76.934059][ T9641] #4: ffff888096400538 (&device->client_data_rwsem){++++}, at: add_client_context+0x382/0x520 [ 76.944478][ T9641] #5: ffffffff8a1d3380 (lock#3){+.+.}, at: cma_add_one+0x5dc/0xb60 [ 76.952449][ T9641] [ 76.952449][ T9641] stack backtrace: [ 76.958340][ T9641] CPU: 1 PID: 9641 Comm: syz-executor218 Not tainted 5.6.0-rc3-syzkaller #0 [ 76.966982][ T9641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.977025][ T9641] Call Trace: [ 76.980301][ T9641] dump_stack+0x188/0x20d [ 76.984611][ T9641] check_noncircular+0x32e/0x3e0 [ 76.989544][ T9641] ? print_circular_bug.isra.0+0x220/0x220 [ 76.995463][ T9641] ? mark_lock+0xbc/0x1220 [ 76.999884][ T9641] ? alloc_list_entry+0xb0/0xb0 [ 77.004710][ T9641] ? mark_lock+0xbc/0x1220 [ 77.009107][ T9641] ? find_first_zero_bit+0x94/0xb0 [ 77.014210][ T9641] __lock_acquire+0x201b/0x3ca0 [ 77.019042][ T9641] ? mark_held_locks+0xe0/0xe0 [ 77.023784][ T9641] ? iw_cm_map+0x49e/0xfb0 [ 77.028188][ T9641] lock_acquire+0x197/0x420 [ 77.032678][ T9641] ? siw_create_listen+0x329/0xed0 [ 77.037768][ T9641] __mutex_lock+0x156/0x13c0 [ 77.042330][ T9641] ? siw_create_listen+0x329/0xed0 [ 77.047413][ T9641] ? siw_create_listen+0x329/0xed0 [ 77.052504][ T9641] ? mutex_trylock+0x2c0/0x2c0 [ 77.057244][ T9641] ? find_held_lock+0x2d/0x110 [ 77.061989][ T9641] ? siw_create_listen+0x26b/0xed0 [ 77.067206][ T9641] ? lock_downgrade+0x7f0/0x7f0 [ 77.072033][ T9641] ? rcu_read_lock_held_common+0x130/0x130 [ 77.078046][ T9641] ? siw_create_listen+0x329/0xed0 [ 77.083161][ T9641] ? rtnl_lock+0x5/0x20 [ 77.087319][ T9641] siw_create_listen+0x329/0xed0 [ 77.092257][ T9641] ? find_held_lock+0x2d/0x110 [ 77.097002][ T9641] ? siw_reject+0x280/0x280 [ 77.101487][ T9641] ? mark_held_locks+0x9f/0xe0 [ 77.106227][ T9641] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 77.112013][ T9641] ? iw_cm_listen+0x166/0x1e0 [ 77.116666][ T9641] iw_cm_listen+0x166/0x1e0 [ 77.121141][ T9641] rdma_listen+0x5e2/0x910 [ 77.125546][ T9641] cma_listen_on_dev+0x512/0x650 [ 77.130468][ T9641] cma_add_one+0x6aa/0xb60 [ 77.134859][ T9641] ? cma_listen_on_dev+0x650/0x650 [ 77.139946][ T9641] ? do_raw_spin_unlock+0x171/0x260 [ 77.145151][ T9641] ? cma_listen_on_dev+0x650/0x650 [ 77.150259][ T9641] add_client_context+0x3b4/0x520 [ 77.155277][ T9641] ? ib_device_get_by_netdev+0x4f0/0x4f0 [ 77.160900][ T9641] enable_device_and_get+0x1cd/0x3b0 [ 77.166175][ T9641] ? add_one_compat_dev+0x7e0/0x7e0 [ 77.171389][ T9641] ? rdma_counter_init+0x200/0x400 [ 77.177433][ T9641] ib_register_device+0xa12/0xda0 [ 77.182447][ T9641] ? enable_device_and_get+0x3b0/0x3b0 [ 77.187888][ T9641] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 77.193688][ T9641] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 77.199476][ T9641] ? lockdep_init_map+0x1b0/0x6c0 [ 77.204495][ T9641] siw_newlink+0xdef/0x1310 [ 77.208991][ T9641] ? siw_get_base_qp+0x470/0x470 [ 77.213921][ T9641] nldev_newlink+0x27f/0x400 [ 77.218608][ T9641] ? nldev_set_doit+0x3e0/0x3e0 [ 77.223501][ T9641] ? profile_setup.cold+0xc1/0xc1 [ 77.228501][ T9641] ? arch_stack_walk+0x84/0xd0 [ 77.233253][ T9641] ? __lock_acquire+0x80b/0x3ca0 [ 77.238199][ T9641] ? apparmor_capable+0x454/0x8a0 [ 77.243205][ T9641] ? apparmor_capable+0x454/0x8a0 [ 77.248314][ T9641] ? apparmor_cred_prepare+0x750/0x750 [ 77.253748][ T9641] ? apparmor_cred_prepare+0x750/0x750 [ 77.259318][ T9641] ? cap_capable+0x1eb/0x250 [ 77.263975][ T9641] ? ns_capable_common+0xe2/0x100 [ 77.269013][ T9641] ? nldev_set_doit+0x3e0/0x3e0 [ 77.273995][ T9641] rdma_nl_rcv+0x586/0x900 [ 77.278400][ T9641] ? rdma_nl_multicast+0x310/0x310 [ 77.283504][ T9641] ? netlink_deliver_tap+0x227/0xb50 [ 77.288770][ T9641] netlink_unicast+0x537/0x740 [ 77.293512][ T9641] ? netlink_attachskb+0x810/0x810 [ 77.298613][ T9641] ? _copy_from_iter_full+0x25c/0x870 [ 77.303982][ T9641] ? __phys_addr_symbol+0x2c/0x70 [ 77.309007][ T9641] ? __check_object_size+0x171/0x437 [ 77.317336][ T9641] netlink_sendmsg+0x882/0xe10 [ 77.322084][ T9641] ? aa_af_perm+0x260/0x260 [ 77.326583][ T9641] ? netlink_unicast+0x740/0x740 [ 77.331677][ T9641] ? netlink_unicast+0x740/0x740 [ 77.336600][ T9641] sock_sendmsg+0xcf/0x120 [ 77.340993][ T9641] ____sys_sendmsg+0x6b9/0x7d0 [ 77.345741][ T9641] ? kernel_sendmsg+0x50/0x50 [ 77.350395][ T9641] ? lockdep_init_map+0x1b0/0x6c0 [ 77.355412][ T9641] ___sys_sendmsg+0x100/0x170 [ 77.360608][ T9641] ? sendmsg_copy_msghdr+0x70/0x70 [ 77.365693][ T9641] ? __lock_acquire+0x80b/0x3ca0 [ 77.370901][ T9641] ? find_held_lock+0x2d/0x110 [ 77.375653][ T9641] ? __fd_install+0x1b4/0x600 [ 77.380374][ T9641] ? lock_downgrade+0x7f0/0x7f0 [ 77.385396][ T9641] ? __fget_light+0x1a5/0x270 [ 77.390074][ T9641] __sys_sendmsg+0xec/0x1b0 [ 77.394563][ T9641] ? __sys_sendmsg_sock+0xb0/0xb0 [ 77.399577][ T9641] ? trace_hardirqs_off_caller+0x55/0x230 [ 77.405272][ T9641] ? do_syscall_64+0x21/0x790 [ 77.409926][ T9641] do_syscall_64+0xf6/0x790 [ 77.414404][ T9641] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.420273][ T9641] RIP: 0033:0x4435f9 [ 77.424144][ T9641] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 77.443986][ T9641] RSP: 002b:00007ffdbb8222a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 77.452487][ T9641] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004435f9 [ 77.460445][ T9641] RDX: 0000000000000000 RSI: 00000000200031c0 RDI: 0000000000000005 [ 77.468576][ T9641] RBP: 00007ffdbb8222b0 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 77.476525][ T9641] R10: 0000000001bbbbbb R11: 0000000000000246 R12: 00007ffdbb8222c0 [ 77.484654][ T9641] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [