[ 97.047636][ T27] audit: type=1400 audit(1584029291.658:38): avc: denied { watch } for pid=10157 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 97.418015][ T27] audit: type=1800 audit(1584029292.058:39): pid=10068 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 97.456935][ T27] audit: type=1800 audit(1584029292.068:40): pid=10068 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [ 97.977289][ T27] audit: type=1400 audit(1584029292.618:41): avc: denied { map } for pid=10246 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.60' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 104.830813][ T27] audit: type=1400 audit(1584029299.468:42): avc: denied { map } for pid=10258 comm="syz-executor010" path="/root/syz-executor010654410" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 104.840163][T10258] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 104.859675][ T27] audit: type=1400 audit(1584029299.468:43): avc: denied { create } for pid=10258 comm="syz-executor010" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1 [ 104.875390][T10258] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 104.891557][ T27] audit: type=1400 audit(1584029299.468:44): avc: denied { write } for pid=10258 comm="syz-executor010" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1 [ 104.918238][T10258] netlink: 'syz-executor010': attribute type 1 has an invalid length. [ 104.987655][T10258] bond1: (slave gretap1): making interface the new active one [ 105.021290][T10258] [ 105.023803][T10258] ====================================================== [ 105.031099][T10258] WARNING: possible circular locking dependency detected [ 105.038401][T10258] 5.6.0-rc5-syzkaller #0 Not tainted [ 105.043820][T10258] ------------------------------------------------------ [ 105.051383][T10258] syz-executor010/10258 is trying to acquire lock: [ 105.057887][T10258] ffffffff8a1d3b00 (lock#3){+.+.}, at: cma_netdev_callback+0xc5/0x380 [ 105.066665][T10258] [ 105.066665][T10258] but task is already holding lock: [ 105.074480][T10258] ffffffff8a34eb80 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3f9/0xad0 [ 105.083248][T10258] [ 105.083248][T10258] which lock already depends on the new lock. [ 105.083248][T10258] [ 105.093748][T10258] [ 105.093748][T10258] the existing dependency chain (in reverse order) is: [ 105.103122][T10258] [ 105.103122][T10258] -> #1 (rtnl_mutex){+.+.}: [ 105.109840][T10258] __mutex_lock+0x156/0x13c0 [ 105.114978][T10258] siw_create_listen+0x329/0xed0 [ 105.120805][T10258] iw_cm_listen+0x166/0x1e0 [ 105.125850][T10258] rdma_listen+0x5e2/0x910 [ 105.130808][T10258] cma_listen_on_dev+0x512/0x650 [ 105.136276][T10258] cma_add_one+0x6aa/0xb60 [ 105.141411][T10258] add_client_context+0x3b4/0x520 [ 105.147176][T10258] enable_device_and_get+0x1cd/0x3b0 [ 105.153000][T10258] ib_register_device+0xa12/0xda0 [ 105.158566][T10258] siw_newlink+0xdef/0x1310 [ 105.163723][T10258] nldev_newlink+0x27f/0x400 [ 105.168855][T10258] rdma_nl_rcv+0x586/0x900 [ 105.174947][T10258] netlink_unicast+0x537/0x740 [ 105.180613][T10258] netlink_sendmsg+0x882/0xe10 [ 105.185911][T10258] sock_sendmsg+0xcf/0x120 [ 105.191260][T10258] ____sys_sendmsg+0x6b9/0x7d0 [ 105.196893][T10258] ___sys_sendmsg+0x100/0x170 [ 105.202545][T10258] __sys_sendmsg+0xec/0x1b0 [ 105.207624][T10258] do_syscall_64+0xf6/0x7d0 [ 105.212663][T10258] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.219411][T10258] [ 105.219411][T10258] -> #0 (lock#3){+.+.}: [ 105.225898][T10258] __lock_acquire+0x201b/0x3ca0 [ 105.231527][T10258] lock_acquire+0x197/0x420 [ 105.236782][T10258] __mutex_lock+0x156/0x13c0 [ 105.241997][T10258] cma_netdev_callback+0xc5/0x380 [ 105.247568][T10258] notifier_call_chain+0xc0/0x230 [ 105.253274][T10258] call_netdevice_notifiers_info+0xb5/0x130 [ 105.260510][T10258] call_netdevice_notifiers+0x79/0xa0 [ 105.266422][T10258] bond_change_active_slave+0x80e/0x1d90 [ 105.272603][T10258] bond_select_active_slave+0x250/0xa60 [ 105.278995][T10258] bond_enslave+0x4281/0x4800 [ 105.284252][T10258] do_set_master+0x1d7/0x230 [ 105.289519][T10258] __rtnl_newlink+0x11d4/0x1590 [ 105.294909][T10258] rtnl_newlink+0x64/0xa0 [ 105.299772][T10258] rtnetlink_rcv_msg+0x44e/0xad0 [ 105.305253][T10258] netlink_rcv_skb+0x15a/0x410 [ 105.310564][T10258] netlink_unicast+0x537/0x740 [ 105.316015][T10258] netlink_sendmsg+0x882/0xe10 [ 105.321311][T10258] sock_sendmsg+0xcf/0x120 [ 105.326462][T10258] ____sys_sendmsg+0x6b9/0x7d0 [ 105.331757][T10258] ___sys_sendmsg+0x100/0x170 [ 105.337053][T10258] __sys_sendmsg+0xec/0x1b0 [ 105.342092][T10258] do_syscall_64+0xf6/0x7d0 [ 105.347129][T10258] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.353705][T10258] [ 105.353705][T10258] other info that might help us debug this: [ 105.353705][T10258] [ 105.364402][T10258] Possible unsafe locking scenario: [ 105.364402][T10258] [ 105.372198][T10258] CPU0 CPU1 [ 105.377618][T10258] ---- ---- [ 105.382992][T10258] lock(rtnl_mutex); [ 105.386978][T10258] lock(lock#3); [ 105.393142][T10258] lock(rtnl_mutex); [ 105.400127][T10258] lock(lock#3); [ 105.403775][T10258] [ 105.403775][T10258] *** DEADLOCK *** [ 105.403775][T10258] [ 105.411958][T10258] 1 lock held by syz-executor010/10258: [ 105.417637][T10258] #0: ffffffff8a34eb80 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3f9/0xad0 [ 105.427258][T10258] [ 105.427258][T10258] stack backtrace: [ 105.433532][T10258] CPU: 1 PID: 10258 Comm: syz-executor010 Not tainted 5.6.0-rc5-syzkaller #0 [ 105.442553][T10258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 105.453157][T10258] Call Trace: [ 105.456468][T10258] dump_stack+0x188/0x20d [ 105.460817][T10258] check_noncircular+0x32e/0x3e0 [ 105.465775][T10258] ? print_circular_bug.isra.0+0x220/0x220 [ 105.471878][T10258] ? try_to_wake_up+0x72c/0x17c0 [ 105.476989][T10258] ? alloc_list_entry+0xb0/0xb0 [ 105.481852][T10258] ? mark_lock+0xbc/0x1220 [ 105.486286][T10258] ? find_first_zero_bit+0x94/0xb0 [ 105.491593][T10258] __lock_acquire+0x201b/0x3ca0 [ 105.496690][T10258] ? __queue_work+0x566/0x1280 [ 105.501460][T10258] ? mark_held_locks+0xe0/0xe0 [ 105.506234][T10258] ? find_held_lock+0x2d/0x110 [ 105.511014][T10258] ? __queue_work+0x566/0x1280 [ 105.516830][T10258] lock_acquire+0x197/0x420 [ 105.521387][T10258] ? cma_netdev_callback+0xc5/0x380 [ 105.526604][T10258] __mutex_lock+0x156/0x13c0 [ 105.531344][T10258] ? cma_netdev_callback+0xc5/0x380 [ 105.537133][T10258] ? cma_netdev_callback+0xc5/0x380 [ 105.542460][T10258] ? cfg80211_init_wdev+0x4c0/0x4c0 [ 105.547688][T10258] ? mark_held_locks+0x9f/0xe0 [ 105.552471][T10258] ? kmem_cache_alloc_trace+0x390/0x7d0 [ 105.558048][T10258] ? mutex_trylock+0x2c0/0x2c0 [ 105.562837][T10258] ? queue_work_on+0x127/0x200 [ 105.567623][T10258] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 105.573845][T10258] ? inetdev_event+0x1a5/0x15b0 [ 105.579784][T10258] ? update_gid_event_work_handler+0xb0/0xb0 [ 105.585784][T10258] ? tun_device_event+0x71/0x10d0 [ 105.591505][T10258] ? add_netdev_upper_ips+0x30/0x30 [ 105.596733][T10258] ? cma_netdev_callback+0xc5/0x380 [ 105.602135][T10258] cma_netdev_callback+0xc5/0x380 [ 105.607315][T10258] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 105.613312][T10258] notifier_call_chain+0xc0/0x230 [ 105.618462][T10258] call_netdevice_notifiers_info+0xb5/0x130 [ 105.624378][T10258] call_netdevice_notifiers+0x79/0xa0 [ 105.629918][T10258] ? call_netdevice_notifiers_info+0x130/0x130 [ 105.636090][T10258] ? queue_delayed_work_on+0x12f/0x210 [ 105.641567][T10258] bond_change_active_slave+0x80e/0x1d90 [ 105.648100][T10258] ? queue_delayed_work_on+0x12f/0x210 [ 105.653677][T10258] ? bond_slave_link_status+0x70/0x70 [ 105.659084][T10258] bond_select_active_slave+0x250/0xa60 [ 105.664662][T10258] ? bond_set_carrier+0x20e/0x3f0 [ 105.669840][T10258] ? bond_change_active_slave+0x1d90/0x1d90 [ 105.676017][T10258] bond_enslave+0x4281/0x4800 [ 105.680895][T10258] ? bond_update_slave_arr+0x820/0x820 [ 105.686385][T10258] ? rtmsg_ifinfo_event.part.0+0xb6/0xe0 [ 105.692033][T10258] ? rtmsg_ifinfo+0x7f/0xa0 [ 105.696554][T10258] ? __dev_notify_flags+0x183/0x2c0 [ 105.701949][T10258] ? ipgre_changelink+0x330/0x330 [ 105.707006][T10258] ? dev_change_name+0x930/0x930 [ 105.712286][T10258] ? xdp_rxq_info_reg+0x111/0x1b0 [ 105.717379][T10258] ? bond_update_slave_arr+0x820/0x820 [ 105.722857][T10258] do_set_master+0x1d7/0x230 [ 105.727683][T10258] __rtnl_newlink+0x11d4/0x1590 [ 105.732854][T10258] ? rtnl_link_unregister+0x240/0x240 [ 105.738389][T10258] ? kernel_text_address+0xe2/0x100 [ 105.743604][T10258] ? __kernel_text_address+0x9/0x30 [ 105.749071][T10258] ? unwind_get_return_address+0x5a/0xa0 [ 105.754751][T10258] ? profile_setup.cold+0xc1/0xc1 [ 105.759879][T10258] ? arch_stack_walk+0x84/0xd0 [ 105.765105][T10258] ? stack_trace_save+0x8c/0xc0 [ 105.769993][T10258] ? stack_trace_consume_entry+0x160/0x160 [ 105.775838][T10258] ? rtnl_newlink+0x46/0xa0 [ 105.780479][T10258] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 105.786056][T10258] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 105.792183][T10258] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 105.798010][T10258] ? rtnetlink_rcv_msg+0x1d6/0xad0 [ 105.803327][T10258] rtnl_newlink+0x64/0xa0 [ 105.807677][T10258] ? __rtnl_newlink+0x1590/0x1590 [ 105.812718][T10258] rtnetlink_rcv_msg+0x44e/0xad0 [ 105.818002][T10258] ? rtnl_bridge_getlink+0x880/0x880 [ 105.823409][T10258] ? mark_held_locks+0xe0/0xe0 [ 105.828369][T10258] ? netlink_deliver_tap+0x146/0xb50 [ 105.834106][T10258] netlink_rcv_skb+0x15a/0x410 [ 105.838894][T10258] ? rtnl_bridge_getlink+0x880/0x880 [ 105.844477][T10258] ? netlink_ack+0xa80/0xa80 [ 105.849221][T10258] netlink_unicast+0x537/0x740 [ 105.854103][T10258] ? netlink_attachskb+0x810/0x810 [ 105.859517][T10258] ? _copy_from_iter_full+0x25c/0x870 [ 105.865113][T10258] netlink_sendmsg+0x882/0xe10 [ 105.870431][T10258] ? netlink_unicast+0x740/0x740 [ 105.875877][T10258] ? netlink_unicast+0x740/0x740 [ 105.881434][T10258] sock_sendmsg+0xcf/0x120 [ 105.885915][T10258] ____sys_sendmsg+0x6b9/0x7d0 [ 105.890876][T10258] ? kernel_sendmsg+0x50/0x50 [ 105.896359][T10258] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 105.902190][T10258] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 105.908190][T10258] ___sys_sendmsg+0x100/0x170 [ 105.912968][T10258] ? sendmsg_copy_msghdr+0x70/0x70 [ 105.918098][T10258] ? __lock_acquire+0x80b/0x3ca0 [ 105.923325][T10258] ? find_held_lock+0x2d/0x110 [ 105.928314][T10258] ? __fd_install+0x1b4/0x600 [ 105.933010][T10258] ? lock_downgrade+0x7f0/0x7f0 [ 105.937878][T10258] ? __fget_light+0x1a5/0x270 [ 105.942636][T10258] __sys_sendmsg+0xec/0x1b0 [ 105.947566][T10258] ? __sys_sendmsg_sock+0xb0/0xb0 [ 105.952831][T10258] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 105.958970][T10258] ? trace_hardirqs_off_caller+0x55/0x230 [ 105.964880][T10258] ? do_syscall_64+0x21/0x7d0 [ 105.969699][T10258] do_syscall_64+0xf6/0x7d0 [ 105.974221][T10258] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.980471][T10258] RIP: 0033:0x440529 [ 105.984379][T10258] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 106.004781][T10258] RSP: 002b:00007ffcca488538 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 106.013340][T10258] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440529 [ 106.021484][T10258] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 106.029788][T10258] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 106.037861][T10258] R10: 00000000004002c8 R11: