[ 84.473401][ T27] audit: type=1800 audit(1582639563.202:26): pid=9536 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 85.316670][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 85.316682][ T27] audit: type=1800 audit(1582639564.062:29): pid=9536 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 85.343130][ T27] audit: type=1800 audit(1582639564.062:30): pid=9536 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 94.853507][ T9689] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 94.863966][ T9689] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 94.876818][ T9689] netlink: 'syz-executor639': attribute type 1 has an invalid length. [ 94.909673][ T9689] 8021q: adding VLAN 0 to HW filter on device bond1 [ 94.951783][ T9689] bond1: (slave gretap1): making interface the new active one [ 94.965842][ T9689] [ 94.968206][ T9689] ====================================================== [ 94.975223][ T9689] WARNING: possible circular locking dependency detected [ 94.982243][ T9689] 5.6.0-rc2-syzkaller #0 Not tainted [ 94.987526][ T9689] ------------------------------------------------------ [ 94.994539][ T9689] syz-executor639/9689 is trying to acquire lock: [ 95.000940][ T9689] ffffffff8a5d2a60 (lock#3){+.+.}, at: cma_netdev_callback+0xc6/0x380 [ 95.009109][ T9689] [ 95.009109][ T9689] but task is already holding lock: [ 95.016472][ T9689] ffffffff8a74da00 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0 [ 95.024903][ T9689] [ 95.024903][ T9689] which lock already depends on the new lock. [ 95.024903][ T9689] [ 95.035308][ T9689] [ 95.035308][ T9689] the existing dependency chain (in reverse order) is: [ 95.044335][ T9689] [ 95.044335][ T9689] -> #1 (rtnl_mutex){+.+.}: [ 95.051029][ T9689] __mutex_lock+0x156/0x13c0 [ 95.056148][ T9689] mutex_lock_nested+0x16/0x20 [ 95.061446][ T9689] rtnl_lock+0x17/0x20 [ 95.066038][ T9689] siw_create_listen+0x329/0xed0 [ 95.071503][ T9689] iw_cm_listen+0x16e/0x1f0 [ 95.076535][ T9689] rdma_listen+0x613/0x970 [ 95.081473][ T9689] cma_listen_on_dev+0x530/0x6a0 [ 95.086936][ T9689] cma_add_one+0x6fe/0xbf0 [ 95.091876][ T9689] add_client_context+0x3dd/0x550 [ 95.097426][ T9689] enable_device_and_get+0x1df/0x3c0 [ 95.103250][ T9689] ib_register_device+0xa89/0xe40 [ 95.108793][ T9689] siw_newlink+0xdef/0x1310 [ 95.113817][ T9689] nldev_newlink+0x28a/0x430 [ 95.118933][ T9689] rdma_nl_rcv+0x5d9/0x980 [ 95.123869][ T9689] netlink_unicast+0x59e/0x7e0 [ 95.129155][ T9689] netlink_sendmsg+0x91c/0xea0 [ 95.134435][ T9689] sock_sendmsg+0xd7/0x130 [ 95.139388][ T9689] ____sys_sendmsg+0x753/0x880 [ 95.144674][ T9689] ___sys_sendmsg+0x100/0x170 [ 95.149868][ T9689] __sys_sendmsg+0x105/0x1d0 [ 95.154977][ T9689] __x64_sys_sendmsg+0x78/0xb0 [ 95.160263][ T9689] do_syscall_64+0xfa/0x790 [ 95.165288][ T9689] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.171690][ T9689] [ 95.171690][ T9689] -> #0 (lock#3){+.+.}: [ 95.178030][ T9689] __lock_acquire+0x2596/0x4a00 [ 95.183511][ T9689] lock_acquire+0x190/0x410 [ 95.188534][ T9689] __mutex_lock+0x156/0x13c0 [ 95.193659][ T9689] mutex_lock_nested+0x16/0x20 [ 95.198949][ T9689] cma_netdev_callback+0xc6/0x380 [ 95.204496][ T9689] notifier_call_chain+0xc2/0x230 [ 95.210047][ T9689] raw_notifier_call_chain+0x2e/0x40 [ 95.215863][ T9689] call_netdevice_notifiers_info+0xba/0x130 [ 95.222389][ T9689] call_netdevice_notifiers+0x79/0xa0 [ 95.228290][ T9689] bond_change_active_slave+0x185b/0x2050 [ 95.234543][ T9689] bond_select_active_slave+0x276/0xae0 [ 95.240617][ T9689] bond_enslave+0x44ef/0x4af0 [ 95.245837][ T9689] do_set_master+0x1dd/0x240 [ 95.250947][ T9689] __rtnl_newlink+0x13a3/0x1790 [ 95.256321][ T9689] rtnl_newlink+0x69/0xa0 [ 95.261169][ T9689] rtnetlink_rcv_msg+0x45e/0xaf0 [ 95.266629][ T9689] netlink_rcv_skb+0x177/0x450 [ 95.271926][ T9689] rtnetlink_rcv+0x1d/0x30 [ 95.276866][ T9689] netlink_unicast+0x59e/0x7e0 [ 95.282151][ T9689] netlink_sendmsg+0x91c/0xea0 [ 95.287430][ T9689] sock_sendmsg+0xd7/0x130 [ 95.292362][ T9689] ____sys_sendmsg+0x753/0x880 [ 95.297644][ T9689] ___sys_sendmsg+0x100/0x170 [ 95.302838][ T9689] __sys_sendmsg+0x105/0x1d0 [ 95.307948][ T9689] __x64_sys_sendmsg+0x78/0xb0 [ 95.313230][ T9689] do_syscall_64+0xfa/0x790 [ 95.318256][ T9689] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.324658][ T9689] [ 95.324658][ T9689] other info that might help us debug this: [ 95.324658][ T9689] [ 95.334877][ T9689] Possible unsafe locking scenario: [ 95.334877][ T9689] [ 95.342326][ T9689] CPU0 CPU1 [ 95.347687][ T9689] ---- ---- [ 95.353045][ T9689] lock(rtnl_mutex); [ 95.357016][ T9689] lock(lock#3); [ 95.363161][ T9689] lock(rtnl_mutex); [ 95.369649][ T9689] lock(lock#3); [ 95.373281][ T9689] [ 95.373281][ T9689] *** DEADLOCK *** [ 95.373281][ T9689] [ 95.381440][ T9689] 1 lock held by syz-executor639/9689: [ 95.386895][ T9689] #0: ffffffff8a74da00 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0 [ 95.395753][ T9689] [ 95.395753][ T9689] stack backtrace: [ 95.401646][ T9689] CPU: 0 PID: 9689 Comm: syz-executor639 Not tainted 5.6.0-rc2-syzkaller #0 [ 95.410314][ T9689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 95.420482][ T9689] Call Trace: [ 95.423778][ T9689] dump_stack+0x197/0x210 [ 95.428113][ T9689] print_circular_bug.isra.0.cold+0x163/0x172 [ 95.434188][ T9689] check_noncircular+0x32e/0x3e0 [ 95.439130][ T9689] ? print_circular_bug.isra.0+0x230/0x230 [ 95.444940][ T9689] ? alloc_list_entry+0xc0/0xc0 [ 95.449791][ T9689] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 95.456037][ T9689] ? find_first_zero_bit+0x9a/0xc0 [ 95.461236][ T9689] __lock_acquire+0x2596/0x4a00 [ 95.466092][ T9689] ? mark_held_locks+0xf0/0xf0 [ 95.470861][ T9689] lock_acquire+0x190/0x410 [ 95.475407][ T9689] ? cma_netdev_callback+0xc6/0x380 [ 95.480610][ T9689] __mutex_lock+0x156/0x13c0 [ 95.485199][ T9689] ? cma_netdev_callback+0xc6/0x380 [ 95.490401][ T9689] ? cfg80211_netdev_notifier_call+0x186/0x17bb [ 95.496646][ T9689] ? queue_work_on+0xef/0x210 [ 95.501319][ T9689] ? cma_netdev_callback+0xc6/0x380 [ 95.508522][ T9689] ? cfg80211_init_wdev+0x500/0x500 [ 95.513727][ T9689] ? mutex_trylock+0x2d0/0x2d0 [ 95.518502][ T9689] ? __kasan_check_read+0x11/0x20 [ 95.523528][ T9689] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 95.529425][ T9689] ? tun_device_event+0x76/0x10e0 [ 95.534455][ T9689] mutex_lock_nested+0x16/0x20 [ 95.539214][ T9689] ? mutex_lock_nested+0x16/0x20 [ 95.544150][ T9689] cma_netdev_callback+0xc6/0x380 [ 95.549178][ T9689] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 95.555083][ T9689] notifier_call_chain+0xc2/0x230 [ 95.560116][ T9689] raw_notifier_call_chain+0x2e/0x40 [ 95.565421][ T9689] call_netdevice_notifiers_info+0xba/0x130 [ 95.571314][ T9689] call_netdevice_notifiers+0x79/0xa0 [ 95.576687][ T9689] ? call_netdevice_notifiers_info+0x130/0x130 [ 95.582840][ T9689] ? __kasan_check_read+0x11/0x20 [ 95.587871][ T9689] ? bond_should_notify_peers+0x1f0/0x400 [ 95.593594][ T9689] bond_change_active_slave+0x185b/0x2050 [ 95.599310][ T9689] ? lockdep_hardirqs_on+0x421/0x5e0 [ 95.604599][ T9689] ? bond_slave_link_status+0x70/0x70 [ 95.609979][ T9689] bond_select_active_slave+0x276/0xae0 [ 95.615528][ T9689] ? bond_change_active_slave+0x2050/0x2050 [ 95.621430][ T9689] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.627677][ T9689] bond_enslave+0x44ef/0x4af0 [ 95.632360][ T9689] ? bond_update_slave_arr+0x880/0x880 [ 95.637823][ T9689] ? rtmsg_ifinfo+0x61/0xa0 [ 95.642325][ T9689] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.648563][ T9689] ? __dev_notify_flags+0x183/0x2c0 [ 95.653756][ T9689] ? dev_change_name+0x930/0x930 [ 95.658699][ T9689] ? alloc_netdev_mqs+0xa78/0xe40 [ 95.663722][ T9689] ? __kasan_check_read+0x11/0x20 [ 95.668741][ T9689] ? mutex_is_locked+0x12/0x50 [ 95.673503][ T9689] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 95.679225][ T9689] ? bond_update_slave_arr+0x880/0x880 [ 95.684777][ T9689] do_set_master+0x1dd/0x240 [ 95.689370][ T9689] __rtnl_newlink+0x13a3/0x1790 [ 95.694505][ T9689] ? lock_downgrade+0x920/0x920 [ 95.699364][ T9689] ? rtnl_link_unregister+0x250/0x250 [ 95.704732][ T9689] ? is_bpf_image_address+0x1da/0x290 [ 95.710107][ T9689] ? __kernel_text_address+0xd/0x40 [ 95.715309][ T9689] ? unwind_get_return_address+0x61/0xa0 [ 95.720939][ T9689] ? profile_setup.cold+0xbb/0xbb [ 95.725963][ T9689] ? arch_stack_walk+0x97/0xf0 [ 95.730732][ T9689] ? stack_trace_save+0x8f/0xc0 [ 95.735582][ T9689] ? stack_trace_consume_entry+0x170/0x170 [ 95.741384][ T9689] ? is_bpf_image_address+0x1b8/0x290 [ 95.746760][ T9689] ? save_stack+0x5c/0x90 [ 95.751089][ T9689] ? save_stack+0x23/0x90 [ 95.755425][ T9689] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 95.761256][ T9689] ? rtnl_newlink+0x4b/0xa0 [ 95.765757][ T9689] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 95.771301][ T9689] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 95.777290][ T9689] rtnl_newlink+0x69/0xa0 [ 95.781618][ T9689] ? __rtnl_newlink+0x1790/0x1790 [ 95.786650][ T9689] rtnetlink_rcv_msg+0x45e/0xaf0 [ 95.791586][ T9689] ? rtnl_bridge_getlink+0x910/0x910 [ 95.796866][ T9689] ? lock_downgrade+0x920/0x920 [ 95.801715][ T9689] ? netlink_deliver_tap+0x226/0xbf0 [ 95.806999][ T9689] ? find_held_lock+0x35/0x130 [ 95.811765][ T9689] netlink_rcv_skb+0x177/0x450 [ 95.816528][ T9689] ? rtnl_bridge_getlink+0x910/0x910 [ 95.821811][ T9689] ? netlink_ack+0xb50/0xb50 [ 95.826402][ T9689] ? __kasan_check_read+0x11/0x20 [ 95.831431][ T9689] ? netlink_deliver_tap+0x248/0xbf0 [ 95.836713][ T9689] rtnetlink_rcv+0x1d/0x30 [ 95.841132][ T9689] netlink_unicast+0x59e/0x7e0 [ 95.845906][ T9689] ? netlink_attachskb+0x870/0x870 [ 95.854148][ T9689] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 95.859868][ T9689] ? __check_object_size+0x3d/0x437 [ 95.865067][ T9689] netlink_sendmsg+0x91c/0xea0 [ 95.869831][ T9689] ? netlink_unicast+0x7e0/0x7e0 [ 95.874799][ T9689] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 95.880350][ T9689] ? apparmor_socket_sendmsg+0x2a/0x30 [ 95.885814][ T9689] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.892173][ T9689] ? security_socket_sendmsg+0x8d/0xc0 [ 95.897639][ T9689] ? netlink_unicast+0x7e0/0x7e0 [ 95.902581][ T9689] sock_sendmsg+0xd7/0x130 [ 95.907001][ T9689] ____sys_sendmsg+0x753/0x880 [ 95.911764][ T9689] ? kernel_sendmsg+0x50/0x50 [ 95.916446][ T9689] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 95.921991][ T9689] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 95.927980][ T9689] ___sys_sendmsg+0x100/0x170 [ 95.932662][ T9689] ? sendmsg_copy_msghdr+0x70/0x70 [ 95.937774][ T9689] ? __kasan_check_read+0x11/0x20 [ 95.942798][ T9689] ? __lock_acquire+0x8a0/0x4a00 [ 95.947738][ T9689] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.953981][ T9689] ? __this_cpu_preempt_check+0x35/0x190 [ 95.959647][ T9689] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.965888][ T9689] ? percpu_counter_add_batch+0x13c/0x190 [ 95.971606][ T9689] ? __fd_install+0x1bc/0x640 [ 95.976371][ T9689] ? find_held_lock+0x35/0x130 [ 95.981133][ T9689] ? __fd_install+0x1bc/0x640 [ 95.985827][ T9689] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.992072][ T9689] ? __fget_light+0x1ad/0x270 [ 95.996748][ T9689] ? __fdget+0x1b/0x20 [ 96.000817][ T9689] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 96.007057][ T9689] __sys_sendmsg+0x105/0x1d0 [ 96.011651][ T9689] ? __sys_sendmsg_sock+0xc0/0xc0 [ 96.016679][ T9689] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 96.022663][ T9689] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 96.028119][ T9689] ? do_syscall_64+0x26/0x790 [ 96.032801][ T9689] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.038893][ T9689] ? do_syscall_64+0x26/0x790 [ 96.043570][ T9689] __x64_sys_sendmsg+0x78/0xb0 [ 96.048335][ T9689] do_syscall_64+0xfa/0x790 [ 96.052841][ T9689] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.058729][ T9689] RIP: 0033:0x440509 [ 96.062622][ T9689] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 96.082223][ T9689] RSP: 002b:00007fff80af47a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 96.090633][ T9689] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440509 [ 96.098602][ T9689] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 96.106573][ T9689] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 96.114542][ T9689] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d90 [ 96.122509][ T9689] R13: 0000000000401e20 R14: 0000000000000000 R15: 0000000000000000