[ 85.024700][ T27] audit: type=1800 audit(1583205577.118:36): pid=11057 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[ 85.786359][ T27] audit: type=1400 audit(1583205577.968:37): avc: denied { watch } for pid=11146 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.146' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 93.648424][ T27] kauditd_printk_skb: 4 callbacks suppressed
[ 93.648440][ T27] audit: type=1400 audit(1583205585.838:42): avc: denied { map } for pid=11247 comm="syz-executor508" path="/root/syz-executor508778263" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 93.657667][T11247] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[ 93.683040][ T27] audit: type=1400 audit(1583205585.838:43): avc: denied { create } for pid=11247 comm="syz-executor508" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1
[ 93.696609][T11247] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[ 93.714414][ T27] audit: type=1400 audit(1583205585.838:44): avc: denied { write } for pid=11247 comm="syz-executor508" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1
[ 93.759408][T11247] netlink: 'syz-executor508': attribute type 1 has an invalid length.
[ 93.804731][T11247] 8021q: adding VLAN 0 to HW filter on device bond1
[ 93.843536][T11247] bond1: (slave gretap1): making interface the new active one
[ 93.858690][T11247]
[ 93.861071][T11247] ======================================================
[ 93.868233][T11247] WARNING: possible circular locking dependency detected
[ 93.875261][T11247] 5.6.0-rc3-syzkaller #0 Not tainted
[ 93.880540][T11247] ------------------------------------------------------
[ 93.887566][T11247] syz-executor508/11247 is trying to acquire lock:
[ 93.894065][T11247] ffffffff8a5d2ee0 (lock#3){+.+.}, at: cma_netdev_callback+0xc6/0x380
[ 93.902239][T11247]
[ 93.902239][T11247] but task is already holding lock:
[ 93.909609][T11247] ffffffff8a74de80 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0
[ 93.918041][T11247]
[ 93.918041][T11247] which lock already depends on the new lock.
[ 93.918041][T11247]
[ 93.928561][T11247]
[ 93.928561][T11247] the existing dependency chain (in reverse order) is:
[ 93.937579][T11247]
[ 93.937579][T11247] -> #1 (rtnl_mutex){+.+.}:
[ 93.944275][T11247] __mutex_lock+0x156/0x13c0
[ 93.949419][T11247] mutex_lock_nested+0x16/0x20
[ 93.954721][T11247] rtnl_lock+0x17/0x20
[ 93.959347][T11247] siw_create_listen+0x329/0xed0
[ 93.964824][T11247] iw_cm_listen+0x16e/0x1f0
[ 93.969857][T11247] rdma_listen+0x613/0x970
[ 93.974815][T11247] cma_listen_on_dev+0x530/0x6a0
[ 93.980286][T11247] cma_add_one+0x6fe/0xbf0
[ 93.985237][T11247] add_client_context+0x3dd/0x550
[ 93.990796][T11247] enable_device_and_get+0x1df/0x3c0
[ 93.996619][T11247] ib_register_device+0xa89/0xe40
[ 94.002174][T11247] siw_newlink+0xdef/0x1310
[ 94.007205][T11247] nldev_newlink+0x28a/0x430
[ 94.012334][T11247] rdma_nl_rcv+0x5d9/0x980
[ 94.017287][T11247] netlink_unicast+0x59e/0x7e0
[ 94.022587][T11247] netlink_sendmsg+0x91c/0xea0
[ 94.027895][T11247] sock_sendmsg+0xd7/0x130
[ 94.032844][T11247] ____sys_sendmsg+0x753/0x880
[ 94.038169][T11247] ___sys_sendmsg+0x100/0x170
[ 94.043557][T11247] __sys_sendmsg+0x105/0x1d0
[ 94.048686][T11247] __x64_sys_sendmsg+0x78/0xb0
[ 94.054019][T11247] do_syscall_64+0xfa/0x790
[ 94.059059][T11247] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 94.065469][T11247]
[ 94.065469][T11247] -> #0 (lock#3){+.+.}:
[ 94.072023][T11247] __lock_acquire+0x2596/0x4a00
[ 94.077441][T11247] lock_acquire+0x190/0x410
[ 94.082505][T11247] __mutex_lock+0x156/0x13c0
[ 94.087635][T11247] mutex_lock_nested+0x16/0x20
[ 94.092967][T11247] cma_netdev_callback+0xc6/0x380
[ 94.098529][T11247] notifier_call_chain+0xc2/0x230
[ 94.104109][T11247] raw_notifier_call_chain+0x2e/0x40
[ 94.109926][T11247] call_netdevice_notifiers_info+0xba/0x130
[ 94.116378][T11247] call_netdevice_notifiers+0x79/0xa0
[ 94.122291][T11247] bond_change_active_slave+0x185b/0x2050
[ 94.128546][T11247] bond_select_active_slave+0x276/0xae0
[ 94.134709][T11247] bond_enslave+0x44ef/0x4af0
[ 94.139912][T11247] do_set_master+0x1dd/0x240
[ 94.145029][T11247] __rtnl_newlink+0x13a3/0x1790
[ 94.150411][T11247] rtnl_newlink+0x69/0xa0
[ 94.155265][T11247] rtnetlink_rcv_msg+0x45e/0xaf0
[ 94.160732][T11247] netlink_rcv_skb+0x177/0x450
[ 94.166024][T11247] rtnetlink_rcv+0x1d/0x30
[ 94.170969][T11247] netlink_unicast+0x59e/0x7e0
[ 94.176257][T11247] netlink_sendmsg+0x91c/0xea0
[ 94.181545][T11247] sock_sendmsg+0xd7/0x130
[ 94.186517][T11247] ____sys_sendmsg+0x753/0x880
[ 94.191814][T11247] ___sys_sendmsg+0x100/0x170
[ 94.197039][T11247] __sys_sendmsg+0x105/0x1d0
[ 94.202164][T11247] __x64_sys_sendmsg+0x78/0xb0
[ 94.207489][T11247] do_syscall_64+0xfa/0x790
[ 94.212527][T11247] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 94.218940][T11247]
[ 94.218940][T11247] other info that might help us debug this:
[ 94.218940][T11247]
[ 94.229176][T11247] Possible unsafe locking scenario:
[ 94.229176][T11247]
[ 94.236742][T11247] CPU0 CPU1
[ 94.242138][T11247] ---- ----
[ 94.247505][T11247] lock(rtnl_mutex);
[ 94.251508][T11247] lock(lock#3);
[ 94.257661][T11247] lock(rtnl_mutex);
[ 94.264161][T11247] lock(lock#3);
[ 94.267804][T11247]
[ 94.267804][T11247] *** DEADLOCK ***
[ 94.267804][T11247]
[ 94.275961][T11247] 1 lock held by syz-executor508/11247:
[ 94.281503][T11247] #0: ffffffff8a74de80 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0
[ 94.290383][T11247]
[ 94.290383][T11247] stack backtrace:
[ 94.296285][T11247] CPU: 0 PID: 11247 Comm: syz-executor508 Not tainted 5.6.0-rc3-syzkaller #0
[ 94.305147][T11247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 94.315308][T11247] Call Trace:
[ 94.318605][T11247] dump_stack+0x197/0x210
[ 94.322948][T11247] print_circular_bug.isra.0.cold+0x163/0x172
[ 94.329036][T11247] check_noncircular+0x32e/0x3e0
[ 94.333980][T11247] ? print_circular_bug.isra.0+0x230/0x230
[ 94.339798][T11247] ? alloc_list_entry+0xc0/0xc0
[ 94.344660][T11247] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 94.350911][T11247] ? find_first_zero_bit+0x9a/0xc0
[ 94.356032][T11247] __lock_acquire+0x2596/0x4a00
[ 94.360904][T11247] ? mark_held_locks+0xf0/0xf0
[ 94.365678][T11247] lock_acquire+0x190/0x410
[ 94.370193][T11247] ? cma_netdev_callback+0xc6/0x380
[ 94.375411][T11247] __mutex_lock+0x156/0x13c0
[ 94.380016][T11247] ? cma_netdev_callback+0xc6/0x380
[ 94.385232][T11247] ? cfg80211_netdev_notifier_call+0x186/0x17bb
[ 94.391490][T11247] ? queue_work_on+0xef/0x210
[ 94.396180][T11247] ? cma_netdev_callback+0xc6/0x380
[ 94.401399][T11247] ? cfg80211_init_wdev+0x500/0x500
[ 94.406614][T11247] ? mutex_trylock+0x2d0/0x2d0
[ 94.411415][T11247] ? __kasan_check_read+0x11/0x20
[ 94.416465][T11247] ? __sanitizer_cov_trace_switch+0x49/0x80
[ 94.422379][T11247] ? tun_device_event+0x76/0x10e0
[ 94.427424][T11247] mutex_lock_nested+0x16/0x20
[ 94.432207][T11247] ? mutex_lock_nested+0x16/0x20
[ 94.437154][T11247] cma_netdev_callback+0xc6/0x380
[ 94.442192][T11247] ? __sanitizer_cov_trace_switch+0x49/0x80
[ 94.448105][T11247] notifier_call_chain+0xc2/0x230
[ 94.453149][T11247] raw_notifier_call_chain+0x2e/0x40
[ 94.458454][T11247] call_netdevice_notifiers_info+0xba/0x130
[ 94.464388][T11247] call_netdevice_notifiers+0x79/0xa0
[ 94.469783][T11247] ? call_netdevice_notifiers_info+0x130/0x130
[ 94.475955][T11247] ? __kasan_check_read+0x11/0x20
[ 94.481001][T11247] ? bond_should_notify_peers+0x1f0/0x400
[ 94.486740][T11247] bond_change_active_slave+0x185b/0x2050
[ 94.492479][T11247] ? lockdep_hardirqs_on+0x421/0x5e0
[ 94.497784][T11247] ? bond_slave_link_status+0x70/0x70
[ 94.503179][T11247] bond_select_active_slave+0x276/0xae0
[ 94.508774][T11247] ? bond_change_active_slave+0x2050/0x2050
[ 94.514777][T11247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 94.521045][T11247] bond_enslave+0x44ef/0x4af0
[ 94.525766][T11247] ? bond_update_slave_arr+0x880/0x880
[ 94.531373][T11247] ? rtmsg_ifinfo+0x61/0xa0
[ 94.535895][T11247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 94.542154][T11247] ? __dev_notify_flags+0x183/0x2c0
[ 94.547375][T11247] ? dev_change_name+0x930/0x930
[ 94.552356][T11247] ? alloc_netdev_mqs+0xa78/0xe40
[ 94.557427][T11247] ? __kasan_check_read+0x11/0x20
[ 94.562468][T11247] ? mutex_is_locked+0x12/0x50
[ 94.567285][T11247] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 94.573055][T11247] ? bond_update_slave_arr+0x880/0x880
[ 94.578543][T11247] do_set_master+0x1dd/0x240
[ 94.583150][T11247] __rtnl_newlink+0x13a3/0x1790
[ 94.588027][T11247] ? lock_downgrade+0x920/0x920
[ 94.592907][T11247] ? rtnl_link_unregister+0x250/0x250
[ 94.598300][T11247] ? is_bpf_image_address+0x1da/0x290
[ 94.603709][T11247] ? __kernel_text_address+0xd/0x40
[ 94.608923][T11247] ? unwind_get_return_address+0x61/0xa0
[ 94.614565][T11247] ? profile_setup.cold+0xbb/0xbb
[ 94.619605][T11247] ? arch_stack_walk+0x97/0xf0
[ 94.624394][T11247] ? stack_trace_save+0x8f/0xc0
[ 94.629285][T11247] ? stack_trace_consume_entry+0x170/0x170
[ 94.635139][T11247] ? save_stack+0x5c/0x90
[ 94.639477][T11247] ? save_stack+0x23/0x90
[ 94.643819][T11247] ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 94.649662][T11247] ? rtnl_newlink+0x4b/0xa0
[ 94.654305][T11247] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 94.659900][T11247] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 94.665931][T11247] rtnl_newlink+0x69/0xa0
[ 94.670278][T11247] ? __rtnl_newlink+0x1790/0x1790
[ 94.675318][T11247] rtnetlink_rcv_msg+0x45e/0xaf0
[ 94.680275][T11247] ? rtnl_bridge_getlink+0x910/0x910
[ 94.685595][T11247] ? lock_downgrade+0x920/0x920
[ 94.690471][T11247] ? netlink_deliver_tap+0x226/0xbf0
[ 94.695776][T11247] ? find_held_lock+0x35/0x130
[ 94.700558][T11247] netlink_rcv_skb+0x177/0x450
[ 94.705330][T11247] ? rtnl_bridge_getlink+0x910/0x910
[ 94.710655][T11247] ? netlink_ack+0xb50/0xb50
[ 94.715278][T11247] ? __kasan_check_read+0x11/0x20
[ 94.720326][T11247] ? netlink_deliver_tap+0x248/0xbf0
[ 94.725628][T11247] rtnetlink_rcv+0x1d/0x30
[ 94.730060][T11247] netlink_unicast+0x59e/0x7e0
[ 94.734862][T11247] ? netlink_attachskb+0x870/0x870
[ 94.739999][T11247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 94.746260][T11247] netlink_sendmsg+0x91c/0xea0
[ 94.751043][T11247] ? netlink_unicast+0x7e0/0x7e0
[ 94.756000][T11247] ? tomoyo_socket_sendmsg+0x26/0x30
[ 94.761308][T11247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 94.767603][T11247] ? security_socket_sendmsg+0x8d/0xc0
[ 94.773084][T11247] ? netlink_unicast+0x7e0/0x7e0
[ 94.778042][T11247] sock_sendmsg+0xd7/0x130
[ 94.782483][T11247] ____sys_sendmsg+0x753/0x880
[ 94.787294][T11247] ? kernel_sendmsg+0x50/0x50
[ 94.791997][T11247] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 94.797602][T11247] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 94.803637][T11247] ___sys_sendmsg+0x100/0x170
[ 94.808334][T11247] ? sendmsg_copy_msghdr+0x70/0x70
[ 94.813467][T11247] ? __kasan_check_read+0x11/0x20
[ 94.818511][T11247] ? __lock_acquire+0x8a0/0x4a00
[ 94.823480][T11247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 94.829876][T11247] ? __this_cpu_preempt_check+0x35/0x190
[ 94.835571][T11247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 94.841834][T11247] ? percpu_counter_add_batch+0x13c/0x190
[ 94.847577][T11247] ? __fd_install+0x1bc/0x640
[ 94.852301][T11247] ? find_held_lock+0x35/0x130
[ 94.857185][T11247] ? __fd_install+0x1bc/0x640
[ 94.861910][T11247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 94.868174][T11247] ? __fget_light+0x1ad/0x270
[ 94.872986][T11247] ? __fdget+0x1b/0x20
[ 94.877084][T11247] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 94.883409][T11247] __sys_sendmsg+0x105/0x1d0
[ 94.888055][T11247] ? __sys_sendmsg_sock+0xc0/0xc0
[ 94.893099][T11247] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 94.899101][T11247] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 94.904574][T11247] ? do_syscall_64+0x26/0x790
[ 94.909265][T11247] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 94.915347][T11247] ? do_syscall_64+0x26/0x790
[ 94.920043][T11247] __x64_sys_sendmsg+0x78/0xb0
[ 94.924839][T11247] do_syscall_64+0xfa/0x790
[ 94.929399][T11247] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 94.935302][T11247] RIP: 0033:0x440509
[ 94.939214][T11247] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 94.958824][T11247] RSP: 002b:00007ffd73fe16d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 94.967247][T11247] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440509
[ 94.975229][T11247] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004
[ 94.983217][T11247] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[ 94.991202][T11247] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d90
[ 94.999197][T11247] R13: 0000000000401e20 R14: 0000000000000000 R15: 0000000000000000