validate_nla: 62 callbacks suppressed netlink: 'syz-executor.5': attribute type 10 has an invalid length. 8021q: adding VLAN 0 to HW filter on device team0 ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.5/16628 is trying to acquire lock: 0000000088d9eb96 (&macvlan_netdev_addr_lock_key#2/2){+...}, at: netif_addr_lock_nested include/linux/netdevice.h:4007 [inline] 0000000088d9eb96 (&macvlan_netdev_addr_lock_key#2/2){+...}, at: dev_uc_sync_multiple+0x11a/0x1e0 net/core/dev_addr_lists.c:574 but task is already holding lock: 00000000353a2f0c (&dev_addr_list_lock_key#2/1){+...}, at: netif_addr_lock_nested include/linux/netdevice.h:4007 [inline] 00000000353a2f0c (&dev_addr_list_lock_key#2/1){+...}, at: dev_mc_sync_multiple+0x11a/0x1e0 net/core/dev_addr_lists.c:795 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&dev_addr_list_lock_key#2/1){+...}: netif_addr_lock_nested include/linux/netdevice.h:4007 [inline] dev_uc_sync+0x11a/0x1e0 net/core/dev_addr_lists.c:544 macvlan_set_mac_lists+0x55/0x110 drivers/net/macvlan.c:806 __dev_set_rx_mode+0x1d9/0x2f0 net/core/dev.c:7601 dev_set_rx_mode net/core/dev.c:7607 [inline] __dev_open+0x26c/0x3a0 net/core/dev.c:1410 __dev_change_flags+0x501/0x660 net/core/dev.c:7679 rtnl_configure_link+0xec/0x230 net/core/rtnetlink.c:2830 rtnl_newlink+0x1057/0x15c0 net/core/rtnetlink.c:3161 rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227 __sys_sendmsg net/socket.c:2265 [inline] __do_sys_sendmsg net/socket.c:2274 [inline] __se_sys_sendmsg net/socket.c:2272 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&macvlan_netdev_addr_lock_key#2/2){+...}: _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354 netif_addr_lock_nested include/linux/netdevice.h:4007 [inline] dev_uc_sync_multiple+0x11a/0x1e0 net/core/dev_addr_lists.c:574 team_set_rx_mode+0xce/0x230 drivers/net/team/team.c:1788 __dev_set_rx_mode+0x1d9/0x2f0 net/core/dev.c:7601 dev_mc_sync_multiple+0x193/0x1e0 net/core/dev_addr_lists.c:798 bond_enslave+0x3d38/0x5250 drivers/net/bonding/bond_main.c:1767 do_set_master+0x1c8/0x220 net/core/rtnetlink.c:2321 do_setlink+0x7ec/0x3540 net/core/rtnetlink.c:2455 rtnl_newlink+0xda9/0x15c0 net/core/rtnetlink.c:3077 rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227 __sys_sendmsg net/socket.c:2265 [inline] __do_sys_sendmsg net/socket.c:2274 [inline] __se_sys_sendmsg net/socket.c:2272 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&dev_addr_list_lock_key#2/1); lock(&macvlan_netdev_addr_lock_key#2/2); lock(&dev_addr_list_lock_key#2/1); lock(&macvlan_netdev_addr_lock_key#2/2); *** DEADLOCK *** 4 locks held by syz-executor.5/16628: #0: 00000000f1b8da6d (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] #0: 00000000f1b8da6d (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779 #1: 00000000e62b5f92 (&dev_addr_list_lock_key){+...}, at: spin_lock_bh include/linux/spinlock.h:334 [inline] #1: 00000000e62b5f92 (&dev_addr_list_lock_key){+...}, at: netif_addr_lock_bh include/linux/netdevice.h:4012 [inline] #1: 00000000e62b5f92 (&dev_addr_list_lock_key){+...}, at: bond_enslave+0x3d2d/0x5250 drivers/net/bonding/bond_main.c:1766 #2: 00000000353a2f0c (&dev_addr_list_lock_key#2/1){+...}, at: netif_addr_lock_nested include/linux/netdevice.h:4007 [inline] #2: 00000000353a2f0c (&dev_addr_list_lock_key#2/1){+...}, at: dev_mc_sync_multiple+0x11a/0x1e0 net/core/dev_addr_lists.c:795 #3: 00000000009ee8e2 (rcu_read_lock){....}, at: team_set_rx_mode+0x0/0x230 drivers/net/team/team.c:509 stack backtrace: CPU: 1 PID: 16628 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354 netif_addr_lock_nested include/linux/netdevice.h:4007 [inline] dev_uc_sync_multiple+0x11a/0x1e0 net/core/dev_addr_lists.c:574 team_set_rx_mode+0xce/0x230 drivers/net/team/team.c:1788 __dev_set_rx_mode+0x1d9/0x2f0 net/core/dev.c:7601 dev_mc_sync_multiple+0x193/0x1e0 net/core/dev_addr_lists.c:798 bond_enslave+0x3d38/0x5250 drivers/net/bonding/bond_main.c:1767 do_set_master+0x1c8/0x220 net/core/rtnetlink.c:2321 do_setlink+0x7ec/0x3540 net/core/rtnetlink.c:2455 rtnl_newlink+0xda9/0x15c0 net/core/rtnetlink.c:3077 rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227 __sys_sendmsg net/socket.c:2265 [inline] __do_sys_sendmsg net/socket.c:2274 [inline] __se_sys_sendmsg net/socket.c:2272 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7eff90499059 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007eff8ee0e168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007eff905abf60 RCX: 00007eff90499059 RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000003 RBP: 00007eff904f308d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe107232bf R14: 00007eff8ee0e300 R15: 0000000000022000 bond0: Enslaving team0 as an active interface with an up link netlink: 'syz-executor.5': attribute type 10 has an invalid length. bond0: Releasing backup interface team0 audit: type=1804 audit(1645236782.017:1064): pid=16708 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir111025791/syzkaller.xAT9si/872/bus" dev="sda1" ino=14728 res=1 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode device macvlan5 entered promiscuous mode device batadv0 entered promiscuous mode device macvlan6 entered promiscuous mode device bridge1 entered promiscuous mode device bridge2 entered promiscuous mode device bridge3 entered promiscuous mode audit: type=1804 audit(1645236782.237:1065): pid=16724 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir059590392/syzkaller.yqtPGM/1830/bus" dev="sda1" ino=14679 res=1 netlink: 'syz-executor.5': attribute type 10 has an invalid length. device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode device macvlan5 left promiscuous mode device macvlan6 left promiscuous mode IPVS: ftp: loaded support on port[0] = 21 device batadv0 left promiscuous mode device bridge1 left promiscuous mode device bridge2 left promiscuous mode device bridge3 left promiscuous mode bridge0: port 3(team0) entered disabled state 8021q: adding VLAN 0 to HW filter on device team0 bond0: Enslaving team0 as an active interface with an up link netlink: 'syz-executor.5': attribute type 10 has an invalid length. bond0: Releasing backup interface team0 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode device macvlan5 entered promiscuous mode device batadv0 entered promiscuous mode device macvlan6 entered promiscuous mode device bridge1 entered promiscuous mode device bridge2 entered promiscuous mode device bridge3 entered promiscuous mode netlink: 'syz-executor.5': attribute type 10 has an invalid length. device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode device macvlan5 left promiscuous mode device macvlan6 left promiscuous mode device batadv0 left promiscuous mode device bridge1 left promiscuous mode device bridge2 left promiscuous mode device bridge3 left promiscuous mode bridge0: port 3(team0) entered disabled state 8021q: adding VLAN 0 to HW filter on device team0 bond0: Enslaving team0 as an active interface with an up link audit: type=1804 audit(1645236783.327:1066): pid=16859 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir059590392/syzkaller.yqtPGM/1831/bus" dev="sda1" ino=14657 res=1 netlink: 'syz-executor.5': attribute type 10 has an invalid length. bond0: Releasing backup interface team0 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode device macvlan5 entered promiscuous mode device batadv0 entered promiscuous mode device macvlan6 entered promiscuous mode device bridge1 entered promiscuous mode device bridge2 entered promiscuous mode device bridge3 entered promiscuous mode audit: type=1800 audit(1645236785.878:1067): pid=17117 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="bus" dev="sda1" ino=14712 res=0 audit: type=1800 audit(1645236786.278:1068): pid=17166 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14780 res=0 audit: type=1800 audit(1645236786.278:1069): pid=17166 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14780 res=0 IPVS: ftp: loaded support on port[0] = 21 ceph: No mds server is up or the cluster is laggy IPVS: ftp: loaded support on port[0] = 21 audit: type=1800 audit(1645236787.268:1070): pid=17245 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14780 res=0 audit: type=1800 audit(1645236787.298:1071): pid=17243 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14780 res=0 ceph: No mds server is up or the cluster is laggy audit: type=1800 audit(1645236788.318:1072): pid=17326 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15748 res=0 IPVS: ftp: loaded support on port[0] = 21 audit: type=1800 audit(1645236788.348:1073): pid=17326 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15748 res=0 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21