[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 74.729433][ T27] audit: type=1800 audit(1583708979.577:25): pid=9473 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 74.763676][ T27] audit: type=1800 audit(1583708979.577:26): pid=9473 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 74.804699][ T27] audit: type=1800 audit(1583708979.577:27): pid=9473 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts. syzkaller login: [ 83.040681][ T9626] IPVS: ftp: loaded support on port[0] = 21 [ 83.093640][ T9626] chnl_net:caif_netlink_parms(): no params data found [ 83.134282][ T9626] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.141863][ T9626] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.149858][ T9626] device bridge_slave_0 entered promiscuous mode [ 83.158815][ T9626] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.166116][ T9626] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.174688][ T9626] device bridge_slave_1 entered promiscuous mode [ 83.192394][ T9626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.203701][ T9626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.222954][ T9626] team0: Port device team_slave_0 added [ 83.230327][ T9626] team0: Port device team_slave_1 added [ 83.245547][ T9626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.252668][ T9626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.278725][ T9626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.291600][ T9626] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.298705][ T9626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.326754][ T9626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.395805][ T9626] device hsr_slave_0 entered promiscuous mode [ 83.433933][ T9626] device hsr_slave_1 entered promiscuous mode [ 83.580221][ T9626] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.617024][ T9626] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.686549][ T9626] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.726011][ T9626] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.789536][ T9626] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.796714][ T9626] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.804597][ T9626] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.811707][ T9626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.858039][ T9626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.870845][ T3122] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 83.880993][ T3122] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.888908][ T3122] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.897212][ T3122] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 83.910899][ T9626] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.922456][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.931169][ T2882] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.938240][ T2882] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.950278][ T3122] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.960132][ T3122] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.967243][ T3122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.995768][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 84.004805][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 84.013282][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.022234][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.034001][ T3121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.045782][ T9626] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 84.066388][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 84.074490][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 84.087665][ T9626] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.107869][ T2842] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 84.117691][ T2842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 84.137819][ T3121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 84.147049][ T3121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 84.156318][ T3121] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 84.164828][ T3121] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 84.175363][ T9626] device veth0_vlan entered promiscuous mode [ 84.188053][ T9626] device veth1_vlan entered promiscuous mode [ 84.209616][ T3121] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 84.219330][ T3121] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 84.227537][ T3121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 84.236268][ T3121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 84.247800][ T9626] device veth0_macvtap entered promiscuous mode [ 84.257283][ T9626] device veth1_macvtap entered promiscuous mode [ 84.273617][ T9626] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.281268][ T2842] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 84.289970][ T2842] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 84.298134][ T2842] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 84.307080][ T2842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 84.320836][ T9626] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.329258][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 84.337957][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 84.509920][ T9626] netlink: 'syz-executor343': attribute type 1 has an invalid length. [ 84.531632][ T9626] bond1: (slave gretap1): making interface the new active one [ 84.539654][ T9626] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 84.552700][ T9626] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 84.560581][ T9626] [ 84.562897][ T9626] ====================================================== [ 84.569890][ T9626] WARNING: possible circular locking dependency detected [ 84.576885][ T9626] 5.6.0-rc3-syzkaller #0 Not tainted [ 84.582140][ T9626] ------------------------------------------------------ [ 84.589131][ T9626] syz-executor343/9626 is trying to acquire lock: [ 84.595515][ T9626] ffffffff8a34eb80 (rtnl_mutex){+.+.}, at: siw_create_listen+0x329/0xed0 [ 84.603913][ T9626] [ 84.603913][ T9626] but task is already holding lock: [ 84.611254][ T9626] ffffffff8a1d3ba0 (lock#3){+.+.}, at: cma_add_one+0x5dc/0xb60 [ 84.618783][ T9626] [ 84.618783][ T9626] which lock already depends on the new lock. [ 84.618783][ T9626] [ 84.629164][ T9626] [ 84.629164][ T9626] the existing dependency chain (in reverse order) is: [ 84.638158][ T9626] [ 84.638158][ T9626] -> #1 (lock#3){+.+.}: [ 84.644476][ T9626] __mutex_lock+0x156/0x13c0 [ 84.649562][ T9626] cma_netdev_callback+0xc5/0x380 [ 84.655083][ T9626] notifier_call_chain+0xc0/0x230 [ 84.660622][ T9626] call_netdevice_notifiers_info+0xb5/0x130 [ 84.667017][ T9626] call_netdevice_notifiers+0x79/0xa0 [ 84.672895][ T9626] bond_change_active_slave+0x80e/0x1d90 [ 84.679032][ T9626] bond_select_active_slave+0x250/0xa60 [ 84.685076][ T9626] bond_enslave+0x4281/0x4800 [ 84.690249][ T9626] do_set_master+0x1d7/0x230 [ 84.695338][ T9626] __rtnl_newlink+0x11d4/0x1590 [ 84.700684][ T9626] rtnl_newlink+0x64/0xa0 [ 84.705511][ T9626] rtnetlink_rcv_msg+0x44e/0xad0 [ 84.710944][ T9626] netlink_rcv_skb+0x15a/0x410 [ 84.716213][ T9626] netlink_unicast+0x537/0x740 [ 84.721484][ T9626] netlink_sendmsg+0x882/0xe10 [ 84.726786][ T9626] sock_sendmsg+0xcf/0x120 [ 84.731700][ T9626] ____sys_sendmsg+0x6b9/0x7d0 [ 84.736961][ T9626] ___sys_sendmsg+0x100/0x170 [ 84.742164][ T9626] __sys_sendmsg+0xec/0x1b0 [ 84.747217][ T9626] do_syscall_64+0xf6/0x790 [ 84.752251][ T9626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 84.758638][ T9626] [ 84.758638][ T9626] -> #0 (rtnl_mutex){+.+.}: [ 84.765297][ T9626] __lock_acquire+0x201b/0x3ca0 [ 84.770654][ T9626] lock_acquire+0x197/0x420 [ 84.775659][ T9626] __mutex_lock+0x156/0x13c0 [ 84.780751][ T9626] siw_create_listen+0x329/0xed0 [ 84.786190][ T9626] iw_cm_listen+0x166/0x1e0 [ 84.791194][ T9626] rdma_listen+0x5e2/0x910 [ 84.796106][ T9626] cma_listen_on_dev+0x512/0x650 [ 84.801535][ T9626] cma_add_one+0x6aa/0xb60 [ 84.806464][ T9626] add_client_context+0x3b4/0x520 [ 84.812000][ T9626] enable_device_and_get+0x1cd/0x3b0 [ 84.817801][ T9626] ib_register_device+0xa12/0xda0 [ 84.823361][ T9626] siw_newlink+0xdef/0x1310 [ 84.828368][ T9626] nldev_newlink+0x27f/0x400 [ 84.833461][ T9626] rdma_nl_rcv+0x586/0x900 [ 84.838379][ T9626] netlink_unicast+0x537/0x740 [ 84.843640][ T9626] netlink_sendmsg+0x882/0xe10 [ 84.848901][ T9626] sock_sendmsg+0xcf/0x120 [ 84.853825][ T9626] ____sys_sendmsg+0x6b9/0x7d0 [ 84.859101][ T9626] ___sys_sendmsg+0x100/0x170 [ 84.864279][ T9626] __sys_sendmsg+0xec/0x1b0 [ 84.869285][ T9626] do_syscall_64+0xf6/0x790 [ 84.874295][ T9626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 84.880698][ T9626] [ 84.880698][ T9626] other info that might help us debug this: [ 84.880698][ T9626] [ 84.890917][ T9626] Possible unsafe locking scenario: [ 84.890917][ T9626] [ 84.898352][ T9626] CPU0 CPU1 [ 84.903701][ T9626] ---- ---- [ 84.909048][ T9626] lock(lock#3); [ 84.912658][ T9626] lock(rtnl_mutex); [ 84.919147][ T9626] lock(lock#3); [ 84.925278][ T9626] lock(rtnl_mutex); [ 84.929236][ T9626] [ 84.929236][ T9626] *** DEADLOCK *** [ 84.929236][ T9626] [ 84.937365][ T9626] 6 locks held by syz-executor343/9626: [ 84.942880][ T9626] #0: ffffffff8cf2f700 (&rdma_nl_types[idx].sem){.+.+}, at: rdma_nl_rcv+0x3ba/0x900 [ 84.952339][ T9626] #1: ffffffff8a1c9568 (link_ops_rwsem){++++}, at: nldev_newlink+0x23b/0x400 [ 84.961169][ T9626] #2: ffffffff8a1bd088 (devices_rwsem){++++}, at: enable_device_and_get+0xfc/0x3b0 [ 84.970527][ T9626] #3: ffffffff8a1bcf48 (clients_rwsem){++++}, at: enable_device_and_get+0x15b/0x3b0 [ 84.979974][ T9626] #4: ffff88808f288538 (&device->client_data_rwsem){++++}, at: add_client_context+0x382/0x520 [ 84.990303][ T9626] #5: ffffffff8a1d3ba0 (lock#3){+.+.}, at: cma_add_one+0x5dc/0xb60 [ 84.998270][ T9626] [ 84.998270][ T9626] stack backtrace: [ 85.004145][ T9626] CPU: 0 PID: 9626 Comm: syz-executor343 Not tainted 5.6.0-rc3-syzkaller #0 [ 85.012786][ T9626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.022822][ T9626] Call Trace: [ 85.026100][ T9626] dump_stack+0x188/0x20d [ 85.030410][ T9626] check_noncircular+0x32e/0x3e0 [ 85.035327][ T9626] ? print_circular_bug.isra.0+0x220/0x220 [ 85.041112][ T9626] ? mark_lock+0xbc/0x1220 [ 85.045507][ T9626] ? alloc_list_entry+0xb0/0xb0 [ 85.050355][ T9626] ? mark_lock+0xbc/0x1220 [ 85.054758][ T9626] ? find_first_zero_bit+0x94/0xb0 [ 85.059854][ T9626] __lock_acquire+0x201b/0x3ca0 [ 85.064694][ T9626] ? mark_held_locks+0xe0/0xe0 [ 85.069456][ T9626] ? iw_cm_map+0x49e/0xfb0 [ 85.073862][ T9626] lock_acquire+0x197/0x420 [ 85.078354][ T9626] ? siw_create_listen+0x329/0xed0 [ 85.083447][ T9626] __mutex_lock+0x156/0x13c0 [ 85.088026][ T9626] ? siw_create_listen+0x329/0xed0 [ 85.093157][ T9626] ? siw_create_listen+0x329/0xed0 [ 85.098280][ T9626] ? mutex_trylock+0x2c0/0x2c0 [ 85.103030][ T9626] ? find_held_lock+0x2d/0x110 [ 85.107788][ T9626] ? siw_create_listen+0x26b/0xed0 [ 85.112899][ T9626] ? lock_downgrade+0x7f0/0x7f0 [ 85.117750][ T9626] ? rcu_read_lock_held_common+0x130/0x130 [ 85.123555][ T9626] ? siw_create_listen+0x329/0xed0 [ 85.128661][ T9626] ? rtnl_lock+0x5/0x20 [ 85.132802][ T9626] siw_create_listen+0x329/0xed0 [ 85.137729][ T9626] ? find_held_lock+0x2d/0x110 [ 85.142478][ T9626] ? siw_reject+0x280/0x280 [ 85.146964][ T9626] ? mark_held_locks+0x9f/0xe0 [ 85.151727][ T9626] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 85.157516][ T9626] ? iw_cm_listen+0x166/0x1e0 [ 85.162171][ T9626] iw_cm_listen+0x166/0x1e0 [ 85.166662][ T9626] rdma_listen+0x5e2/0x910 [ 85.171059][ T9626] cma_listen_on_dev+0x512/0x650 [ 85.175981][ T9626] cma_add_one+0x6aa/0xb60 [ 85.180383][ T9626] ? cma_listen_on_dev+0x650/0x650 [ 85.185492][ T9626] ? do_raw_spin_unlock+0x171/0x260 [ 85.190671][ T9626] ? cma_listen_on_dev+0x650/0x650 [ 85.195760][ T9626] add_client_context+0x3b4/0x520 [ 85.200775][ T9626] ? ib_device_get_by_netdev+0x4f0/0x4f0 [ 85.206394][ T9626] enable_device_and_get+0x1cd/0x3b0 [ 85.211658][ T9626] ? add_one_compat_dev+0x7e0/0x7e0 [ 85.216835][ T9626] ? rdma_counter_init+0x200/0x400 [ 85.221925][ T9626] ib_register_device+0xa12/0xda0 [ 85.226933][ T9626] ? enable_device_and_get+0x3b0/0x3b0 [ 85.232974][ T9626] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 85.238771][ T9626] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 85.244570][ T9626] ? lockdep_init_map+0x1b0/0x6c0 [ 85.249572][ T9626] siw_newlink+0xdef/0x1310 [ 85.254068][ T9626] ? siw_get_base_qp+0x470/0x470 [ 85.258981][ T9626] nldev_newlink+0x27f/0x400 [ 85.263554][ T9626] ? nldev_set_doit+0x3e0/0x3e0 [ 85.268391][ T9626] ? profile_setup.cold+0xc1/0xc1 [ 85.273391][ T9626] ? arch_stack_walk+0x84/0xd0 [ 85.278145][ T9626] ? __lock_acquire+0x80b/0x3ca0 [ 85.283077][ T9626] ? apparmor_capable+0x454/0x8a0 [ 85.288090][ T9626] ? apparmor_capable+0x454/0x8a0 [ 85.293120][ T9626] ? apparmor_cred_prepare+0x750/0x750 [ 85.298559][ T9626] ? apparmor_cred_prepare+0x750/0x750 [ 85.303997][ T9626] ? cap_capable+0x1eb/0x250 [ 85.308569][ T9626] ? ns_capable_common+0xe2/0x100 [ 85.313580][ T9626] ? nldev_set_doit+0x3e0/0x3e0 [ 85.318427][ T9626] rdma_nl_rcv+0x586/0x900 [ 85.322826][ T9626] ? rdma_nl_multicast+0x310/0x310 [ 85.327917][ T9626] ? netlink_deliver_tap+0x227/0xb50 [ 85.333205][ T9626] netlink_unicast+0x537/0x740 [ 85.337950][ T9626] ? netlink_attachskb+0x810/0x810 [ 85.343041][ T9626] ? _copy_from_iter_full+0x25c/0x870 [ 85.348412][ T9626] ? __phys_addr_symbol+0x2c/0x70 [ 85.353413][ T9626] ? __check_object_size+0x171/0x437 [ 85.358689][ T9626] netlink_sendmsg+0x882/0xe10 [ 85.363440][ T9626] ? aa_af_perm+0x260/0x260 [ 85.367922][ T9626] ? netlink_unicast+0x740/0x740 [ 85.372837][ T9626] ? netlink_unicast+0x740/0x740 [ 85.377765][ T9626] sock_sendmsg+0xcf/0x120 [ 85.382179][ T9626] ____sys_sendmsg+0x6b9/0x7d0 [ 85.386925][ T9626] ? kernel_sendmsg+0x50/0x50 [ 85.391580][ T9626] ? lockdep_init_map+0x1b0/0x6c0 [ 85.396584][ T9626] ___sys_sendmsg+0x100/0x170 [ 85.401250][ T9626] ? sendmsg_copy_msghdr+0x70/0x70 [ 85.406342][ T9626] ? __lock_acquire+0x80b/0x3ca0 [ 85.411361][ T9626] ? find_held_lock+0x2d/0x110 [ 85.416218][ T9626] ? __fd_install+0x1b4/0x600 [ 85.420885][ T9626] ? lock_downgrade+0x7f0/0x7f0 [ 85.425742][ T9626] ? __fget_light+0x1a5/0x270 [ 85.430497][ T9626] __sys_sendmsg+0xec/0x1b0 [ 85.434992][ T9626] ? __sys_sendmsg_sock+0xb0/0xb0 [ 85.440003][ T9626] ? trace_hardirqs_off_caller+0x55/0x230 [ 85.445706][ T9626] ? do_syscall_64+0x21/0x790 [ 85.450392][ T9626] do_syscall_64+0xf6/0x790 [ 85.454877][ T9626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.460747][ T9626] RIP: 0033:0x443679 [ 85.464620][ T9626] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 85.484206][ T9626] RSP: 002b:00007ffc6eef77d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.492602][ T9626] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443679 [ 85.500563][ T9626] RDX: 0000000000000000 RSI: 00000000200031c0 RDI: 0000000000000005 [ 85.508525][ T9626] RBP: 00007ffc6eef77f0 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 85.516485][ T9626] R10: 0000000001bbbbbb R11: 0000000000000246 R12: 0000000000000000 [ 85.524444][ T9626] R13: 0000000000404c10 R14: 0000000000000000 R15: 0000000000000000 [ 85.558232][ T9626] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98