[ 23.923386] audit: type=1800 audit(1538469105.246:21): pid=5182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [ 23.952531] audit: type=1800 audit(1538469105.266:22): pid=5182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 25.043775] sshd (5248) used greatest stack depth: 15496 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts. 2018/10/02 08:31:58 parsed 1 programs 2018/10/02 08:32:00 executed programs: 0 syzkaller login: [ 38.740256] IPVS: ftp: loaded support on port[0] = 21 [ 38.982277] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.989016] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.996029] device bridge_slave_0 entered promiscuous mode [ 39.014680] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.021258] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.028553] device bridge_slave_1 entered promiscuous mode [ 39.045530] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 39.062980] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 39.111897] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 39.131991] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 39.205129] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 39.212716] team0: Port device team_slave_0 added [ 39.228865] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 39.235935] team0: Port device team_slave_1 added [ 39.253682] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.273106] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.292131] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.312106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.452270] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.458749] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.465490] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.471898] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.983684] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.034158] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 40.084606] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 40.090873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.098015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.148002] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.472236] [ 40.473974] ====================================================== [ 40.480273] WARNING: possible circular locking dependency detected [ 40.486568] 4.19.0-rc6+ #263 Not tainted [ 40.490640] ------------------------------------------------------ [ 40.496942] syz-executor0/5608 is trying to acquire lock: [ 40.502491] 000000002402cd10 ((wq_completion)bond_dev->name){+.+.}, at: flush_workqueue+0x2db/0x1e10 [ 40.511764] [ 40.511764] but task is already holding lock: [ 40.517715] 000000006560b16e (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40e/0xc20 [ 40.525421] [ 40.525421] which lock already depends on the new lock. [ 40.525421] [ 40.533719] [ 40.533719] the existing dependency chain (in reverse order) is: [ 40.541316] [ 40.541316] -> #2 (rtnl_mutex){+.+.}: [ 40.546605] __mutex_lock+0x166/0x1700 [ 40.550997] mutex_lock_nested+0x16/0x20 [ 40.555562] rtnl_lock+0x17/0x20 [ 40.559434] bond_netdev_notify_work+0x44/0xd0 [ 40.564520] process_one_work+0xc90/0x1b90 [ 40.569255] worker_thread+0x17f/0x1390 [ 40.573729] kthread+0x35a/0x420 [ 40.577598] ret_from_fork+0x3a/0x50 [ 40.581808] [ 40.581808] -> #1 ((work_completion)(&(&nnw->work)->work)){+.+.}: [ 40.589506] process_one_work+0xc0a/0x1b90 [ 40.594239] worker_thread+0x17f/0x1390 [ 40.598712] kthread+0x35a/0x420 [ 40.602579] ret_from_fork+0x3a/0x50 [ 40.606785] [ 40.606785] -> #0 ((wq_completion)bond_dev->name){+.+.}: [ 40.613703] lock_acquire+0x1ed/0x520 [ 40.618010] flush_workqueue+0x30a/0x1e10 [ 40.622657] drain_workqueue+0x2a9/0x640 [ 40.627226] destroy_workqueue+0xc6/0x9c0 [ 40.631874] __alloc_workqueue_key+0xed8/0x1170 [ 40.637148] bond_init+0x265/0x940 [ 40.641195] register_netdevice+0x332/0x10f0 [ 40.646110] bond_newlink+0x49/0xa0 [ 40.650282] rtnl_newlink+0xec6/0x1d40 [ 40.654678] rtnetlink_rcv_msg+0x46a/0xc20 [ 40.659417] netlink_rcv_skb+0x172/0x440 [ 40.663976] rtnetlink_rcv+0x1c/0x20 [ 40.668191] netlink_unicast+0x5a5/0x760 [ 40.672751] netlink_sendmsg+0xa18/0xfc0 [ 40.677311] sock_sendmsg+0xd5/0x120 [ 40.681549] ___sys_sendmsg+0x7fd/0x930 [ 40.686028] __sys_sendmsg+0x11d/0x280 [ 40.690433] __x64_sys_sendmsg+0x78/0xb0 [ 40.695061] do_syscall_64+0x1b9/0x820 [ 40.699464] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.705151] [ 40.705151] other info that might help us debug this: [ 40.705151] [ 40.713278] Chain exists of: [ 40.713278] (wq_completion)bond_dev->name --> (work_completion)(&(&nnw->work)->work) --> rtnl_mutex [ 40.713278] [ 40.726973] Possible unsafe locking scenario: [ 40.726973] [ 40.733051] CPU0 CPU1 [ 40.737699] ---- ---- [ 40.742346] lock(rtnl_mutex); [ 40.745608] lock((work_completion)(&(&nnw->work)->work)); [ 40.753818] lock(rtnl_mutex); [ 40.759636] lock((wq_completion)bond_dev->name); [ 40.764552] [ 40.764552] *** DEADLOCK *** [ 40.764552] [ 40.770593] 1 lock held by syz-executor0/5608: [ 40.775151] #0: 000000006560b16e (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40e/0xc20 [ 40.783290] [ 40.783290] stack backtrace: [ 40.787771] CPU: 0 PID: 5608 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #263 [ 40.795019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.804354] Call Trace: [ 40.807048] dump_stack+0x1c4/0x2b4 [ 40.810662] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.815837] ? vprintk_func+0x85/0x181 [ 40.819712] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 40.825408] ? save_trace+0xe0/0x290 [ 40.829105] __lock_acquire+0x33e4/0x4ec0 [ 40.833242] ? mark_held_locks+0x130/0x130 [ 40.837477] ? print_usage_bug+0xc0/0xc0 [ 40.841533] ? select_idle_sibling+0xbb6/0xe80 [ 40.846096] ? __lock_is_held+0xb5/0x140 [ 40.850144] ? mark_held_locks+0x130/0x130 [ 40.854361] lock_acquire+0x1ed/0x520 [ 40.858151] ? flush_workqueue+0x2db/0x1e10 [ 40.862456] ? lock_release+0x970/0x970 [ 40.866409] ? lockdep_init_map+0x9/0x10 [ 40.870463] ? __init_waitqueue_head+0x9e/0x150 [ 40.875134] ? init_wait_entry+0x1c0/0x1c0 [ 40.879370] flush_workqueue+0x30a/0x1e10 [ 40.883503] ? flush_workqueue+0x2db/0x1e10 [ 40.887813] ? lock_acquire+0x1ed/0x520 [ 40.891777] ? drain_workqueue+0xa9/0x640 [ 40.895916] ? lock_release+0x970/0x970 [ 40.899877] ? task_change_group_fair+0xa30/0xa30 [ 40.904703] ? flush_rcu_work+0x90/0x90 [ 40.908666] ? graph_lock+0x170/0x170 [ 40.912450] ? __mutex_lock+0x85e/0x1700 [ 40.916507] ? drain_workqueue+0xa9/0x640 [ 40.920707] ? graph_lock+0x170/0x170 [ 40.924499] ? find_held_lock+0x36/0x1c0 [ 40.928552] ? drain_workqueue+0x13f/0x640 [ 40.932769] ? lock_downgrade+0x900/0x900 [ 40.936901] ? graph_lock+0x170/0x170 [ 40.940696] ? find_held_lock+0x36/0x1c0 [ 40.944781] ? kasan_check_write+0x14/0x20 [ 40.949005] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 40.953918] ? wait_for_completion+0x8a0/0x8a0 [ 40.958488] ? do_raw_spin_unlock+0xa7/0x2f0 [ 40.962923] drain_workqueue+0x2a9/0x640 [ 40.966970] ? drain_workqueue+0x2a9/0x640 [ 40.971195] ? flush_workqueue+0x1e10/0x1e10 [ 40.975594] ? save_stack+0xa9/0xd0 [ 40.979205] ? save_stack+0x43/0xd0 [ 40.982813] ? __kasan_slab_free+0x102/0x150 [ 40.987201] ? kasan_slab_free+0xe/0x10 [ 40.991158] ? kfree+0xcf/0x230 [ 40.994424] ? print_usage_bug+0xc0/0xc0 [ 40.998583] ? register_netdevice+0x332/0x10f0 [ 41.003157] ? bond_newlink+0x49/0xa0 [ 41.006939] ? rtnl_newlink+0xec6/0x1d40 [ 41.010979] ? rtnetlink_rcv_msg+0x46a/0xc20 [ 41.015375] ? netlink_rcv_skb+0x172/0x440 [ 41.019595] ? rtnetlink_rcv+0x1c/0x20 [ 41.023472] ? netlink_unicast+0x5a5/0x760 [ 41.027699] ? netlink_sendmsg+0xa18/0xfc0 [ 41.031913] ? sock_sendmsg+0xd5/0x120 [ 41.035785] destroy_workqueue+0xc6/0x9c0 [ 41.039921] ? kasan_check_write+0x14/0x20 [ 41.044137] ? wq_watchdog_timer_fn+0x810/0x810 [ 41.048791] ? mark_held_locks+0xc7/0x130 [ 41.052922] ? kfree+0x107/0x230 [ 41.056269] ? kfree+0x107/0x230 [ 41.059617] ? lockdep_hardirqs_on+0x421/0x5c0 [ 41.064184] ? trace_hardirqs_on+0xbd/0x310 [ 41.068502] ? init_rescuer.part.25+0x155/0x190 [ 41.073154] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.078585] ? __kasan_slab_free+0x119/0x150 [ 41.082976] ? init_rescuer.part.25+0x155/0x190 [ 41.087627] __alloc_workqueue_key+0xed8/0x1170 [ 41.092281] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 41.097281] ? put_dec+0xf0/0xf0 [ 41.100626] ? format_decode+0x1b2/0xaf0 [ 41.104667] ? set_precision+0xe0/0xe0 [ 41.108533] ? simple_strtoll+0xa0/0xa0 [ 41.112491] ? graph_lock+0x170/0x170 [ 41.116285] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.121819] ? find_held_lock+0x36/0x1c0 [ 41.125871] ? lock_downgrade+0x900/0x900 [ 41.130003] ? check_preemption_disabled+0x48/0x200 [ 41.135014] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 41.140798] ? kasan_check_read+0x11/0x20 [ 41.144929] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 41.150269] ? rcu_bh_qs+0xc0/0xc0 [ 41.153801] bond_init+0x265/0x940 [ 41.157325] ? __dev_get_by_name+0x170/0x170 [ 41.161724] ? bond_set_rx_mode+0x560/0x560 [ 41.166029] ? rtnl_is_locked+0xb5/0xf0 [ 41.169985] ? bond_set_rx_mode+0x560/0x560 [ 41.174287] register_netdevice+0x332/0x10f0 [ 41.178681] ? netdev_change_features+0x110/0x110 [ 41.183518] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.189045] ? ns_capable_common+0x13f/0x170 [ 41.193440] bond_newlink+0x49/0xa0 [ 41.197048] ? bond_changelink+0x2370/0x2370 [ 41.201438] rtnl_newlink+0xec6/0x1d40 [ 41.205309] ? rtnl_link_unregister+0x390/0x390 [ 41.209972] ? print_usage_bug+0xc0/0xc0 [ 41.214014] ? __lock_acquire+0x7ec/0x4ec0 [ 41.218234] ? print_usage_bug+0xc0/0xc0 [ 41.222294] ? print_usage_bug+0xc0/0xc0 [ 41.226341] ? mark_held_locks+0x130/0x130 [ 41.230575] ? __lock_acquire+0x7ec/0x4ec0 [ 41.234793] ? lock_acquire+0x1ed/0x520 [ 41.238747] ? rtnetlink_rcv_msg+0x40e/0xc20 [ 41.243136] ? lock_release+0x970/0x970 [ 41.247095] ? arch_local_save_flags+0x40/0x40 [ 41.251677] ? mutex_trylock+0x2b0/0x2b0 [ 41.255729] ? __lock_acquire+0x7ec/0x4ec0 [ 41.259949] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.265468] ? refcount_sub_and_test_checked+0x203/0x310 [ 41.270916] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.276438] ? rtnl_get_link+0x170/0x370 [ 41.280478] ? rtnl_dump_all+0x600/0x600 [ 41.284521] ? kasan_check_read+0x11/0x20 [ 41.288651] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 41.293908] ? ns_capable_common+0x13f/0x170 [ 41.298302] ? rtnl_link_unregister+0x390/0x390 [ 41.302951] rtnetlink_rcv_msg+0x46a/0xc20 [ 41.307168] ? rtnetlink_put_metrics+0x690/0x690 [ 41.311910] netlink_rcv_skb+0x172/0x440 [ 41.315953] ? rtnetlink_put_metrics+0x690/0x690 [ 41.320689] ? netlink_ack+0xb80/0xb80 [ 41.324561] rtnetlink_rcv+0x1c/0x20 [ 41.328270] netlink_unicast+0x5a5/0x760 [ 41.332324] ? netlink_attachskb+0x9a0/0x9a0 [ 41.336741] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.342260] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 41.347259] netlink_sendmsg+0xa18/0xfc0 [ 41.351305] ? netlink_unicast+0x760/0x760 [ 41.355529] ? aa_sock_msg_perm.isra.12+0xba/0x160 [ 41.360439] ? apparmor_socket_sendmsg+0x29/0x30 [ 41.365178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.370698] ? security_socket_sendmsg+0x94/0xc0 [ 41.375456] ? netlink_unicast+0x760/0x760 [ 41.379672] sock_sendmsg+0xd5/0x120 [ 41.383370] ___sys_sendmsg+0x7fd/0x930 [ 41.387325] ? copy_msghdr_from_user+0x580/0x580 [ 41.392079] ? __fd_install+0x2b5/0x8f0 [ 41.396037] ? __fget_light+0x2e9/0x430 [ 41.399995] ? fget_raw+0x20/0x20 [ 41.403457] ? lock_downgrade+0x900/0x900 [ 41.407609] ? lock_release+0x970/0x970 [ 41.411594] ? arch_local_save_flags+0x40/0x40 [ 41.416161] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.421599] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.427119] ? sockfd_lookup_light+0xc5/0x160 [ 41.431612] __sys_sendmsg+0x11d/0x280 [ 41.435491] ? __ia32_sys_shutdown+0x80/0x80 [ 41.439888] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.445414] ? put_timespec64+0x10f/0x1b0 [ 41.449555] ? do_syscall_64+0x9a/0x820 [ 41.453524] ? do_syscall_64+0x9a/0x820 [ 41.457483] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.462924] __x64_sys_sendmsg+0x78/0xb0 [ 41.466970] do_syscall_64+0x1b9/0x820 [ 41.470841] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.476191] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.481101] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.486099] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.491098] ? recalc_sigpending_tsk+0x180/0x180 [ 41.495836] ? kasan_check_write+0x14/0x20 [ 41.500058] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.504887] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.510073] RIP: 0033:0x457579 [ 41.513268] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 41.532173] RSP: 002b:00007efdb69c7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 41.539879] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 41.547139] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004 [ 41.554390] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 41.561642] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdb69c86d4 [ 41.568907] R13: 00000000004c38b9 R14: 00000000004d5700 R15: 00000000ffffffff