[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 56.527122][ T27] audit: type=1800 audit(1580527823.849:25): pid=8701 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 56.546619][ T27] audit: type=1800 audit(1580527823.849:26): pid=8701 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 56.573860][ T27] audit: type=1800 audit(1580527823.849:27): pid=8701 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.36' (ECDSA) to the list of known hosts. syzkaller login: [ 72.194478][ T8853] IPVS: ftp: loaded support on port[0] = 21 [ 72.237452][ T8853] chnl_net:caif_netlink_parms(): no params data found [ 72.269787][ T8853] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.277587][ T8853] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.285915][ T8853] device bridge_slave_0 entered promiscuous mode [ 72.295259][ T8853] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.302761][ T8853] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.310780][ T8853] device bridge_slave_1 entered promiscuous mode [ 72.326665][ T8853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.337394][ T8853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.355584][ T8853] team0: Port device team_slave_0 added [ 72.363466][ T8853] team0: Port device team_slave_1 added [ 72.377877][ T8853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.385406][ T8853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.412252][ T8853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.425743][ T8853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.432701][ T8853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.459421][ T8853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.536405][ T8853] device hsr_slave_0 entered promiscuous mode [ 72.574207][ T8853] device hsr_slave_1 entered promiscuous mode [ 72.699397][ T8853] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 72.746513][ T8853] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 72.796393][ T8853] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 72.866114][ T8853] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 72.945909][ T8853] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.953232][ T8853] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.961289][ T8853] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.968398][ T8853] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.007951][ T8853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.020428][ T3122] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.032892][ T3122] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.042190][ T3122] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.050289][ T3122] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 73.063327][ T8853] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.075839][ T2836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.085725][ T2836] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.092796][ T2836] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.114426][ T3122] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.122760][ T3122] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.129852][ T3122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.138856][ T3122] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.147945][ T3122] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.158327][ T3098] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.166372][ T3098] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.178913][ T2836] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.190338][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.209770][ T3098] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.218275][ T3098] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 73.230317][ T8853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.248443][ T2836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 73.258964][ T2836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.278355][ T8853] device veth0_vlan entered promiscuous mode [ 73.285221][ T2836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 73.294544][ T2836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.304987][ T2836] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.312784][ T2836] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.324931][ T8853] device veth1_vlan entered promiscuous mode [ 73.344435][ T3098] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 73.355073][ T3098] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 73.365647][ T3098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.375188][ T3098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.387141][ T8853] device veth0_macvtap entered promiscuous mode [ 73.398804][ T8853] device veth1_macvtap entered promiscuous mode [ 73.414810][ T8853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.422787][ T2836] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.432539][ T2836] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 73.441309][ T2836] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.450063][ T2836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.461807][ T8853] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.471327][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 73.483139][ T3069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 73.655128][ T8853] [ 73.657598][ T8853] ====================================================== [ 73.664852][ T8853] WARNING: possible circular locking dependency detected [ 73.672491][ T8853] 5.5.0-syzkaller #0 Not tainted [ 73.677771][ T8853] ------------------------------------------------------ [ 73.685327][ T8853] syz-executor338/8853 is trying to acquire lock: [ 73.691851][ T8853] ffff88809fdd2528 ((wq_completion)wg-kex-wireguard0){+.+.}, at: flush_workqueue+0xee/0x1820 [ 73.702975][ T8853] [ 73.702975][ T8853] but task is already holding lock: [ 73.711208][ T8853] ffff8880a868ce80 (&wg->static_identity.lock){++++}, at: wg_set_device+0xad0/0x2010 [ 73.722482][ T8853] [ 73.722482][ T8853] which lock already depends on the new lock. [ 73.722482][ T8853] [ 73.733595][ T8853] [ 73.733595][ T8853] the existing dependency chain (in reverse order) is: [ 73.742965][ T8853] [ 73.742965][ T8853] -> #2 (&wg->static_identity.lock){++++}: [ 73.750957][ T8853] lock_acquire+0x154/0x250 [ 73.755977][ T8853] down_read+0x39/0x50 [ 73.760673][ T8853] wg_noise_handshake_create_initiation+0x6a/0x15c0 [ 73.767778][ T8853] wg_packet_handshake_send_worker+0xe5/0x1a0 [ 73.774806][ T8853] process_one_work+0x7f5/0x10f0 [ 73.781452][ T8853] worker_thread+0xbbc/0x1630 [ 73.788429][ T8853] kthread+0x332/0x350 [ 73.793369][ T8853] ret_from_fork+0x24/0x30 [ 73.798646][ T8853] [ 73.798646][ T8853] -> #1 ((work_completion)(&peer->transmit_handshake_work)){+.+.}: [ 73.808949][ T8853] lock_acquire+0x154/0x250 [ 73.814002][ T8853] process_one_work+0x7c8/0x10f0 [ 73.819464][ T8853] worker_thread+0xbbc/0x1630 [ 73.824640][ T8853] kthread+0x332/0x350 [ 73.829404][ T8853] ret_from_fork+0x24/0x30 [ 73.834550][ T8853] [ 73.834550][ T8853] -> #0 ((wq_completion)wg-kex-wireguard0){+.+.}: [ 73.843385][ T8853] validate_chain+0x1507/0x7be0 [ 73.849211][ T8853] __lock_acquire+0xc5a/0x1bc0 [ 73.854575][ T8853] lock_acquire+0x154/0x250 [ 73.860562][ T8853] flush_workqueue+0x10a/0x1820 [ 73.866047][ T8853] peer_remove_after_dead+0x125/0x280 [ 73.872336][ T8853] wg_peer_remove+0x211/0x270 [ 73.878793][ T8853] wg_set_device+0xb6a/0x2010 [ 73.884075][ T8853] genl_rcv_msg+0xf15/0x13e0 [ 73.889311][ T8853] netlink_rcv_skb+0x19e/0x3e0 [ 73.895307][ T8853] genl_rcv+0x28/0x40 [ 73.900272][ T8853] netlink_unicast+0x766/0x920 [ 73.905548][ T8853] netlink_sendmsg+0xa2b/0xd40 [ 73.910912][ T8853] ____sys_sendmsg+0x4f7/0x7f0 [ 73.916196][ T8853] __sys_sendmsg+0x1ed/0x290 [ 73.921322][ T8853] __x64_sys_sendmsg+0x7f/0x90 [ 73.926654][ T8853] do_syscall_64+0xf7/0x1c0 [ 73.931829][ T8853] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 73.938230][ T8853] [ 73.938230][ T8853] other info that might help us debug this: [ 73.938230][ T8853] [ 73.948451][ T8853] Chain exists of: [ 73.948451][ T8853] (wq_completion)wg-kex-wireguard0 --> (work_completion)(&peer->transmit_handshake_work) --> &wg->static_identity.lock [ 73.948451][ T8853] [ 73.966980][ T8853] Possible unsafe locking scenario: [ 73.966980][ T8853] [ 73.975048][ T8853] CPU0 CPU1 [ 73.981286][ T8853] ---- ---- [ 73.987467][ T8853] lock(&wg->static_identity.lock); [ 73.992786][ T8853] lock((work_completion)(&peer->transmit_handshake_work)); [ 74.003272][ T8853] lock(&wg->static_identity.lock); [ 74.011568][ T8853] lock((wq_completion)wg-kex-wireguard0); [ 74.017688][ T8853] [ 74.017688][ T8853] *** DEADLOCK *** [ 74.017688][ T8853] [ 74.026374][ T8853] 5 locks held by syz-executor338/8853: [ 74.032037][ T8853] #0: ffffffff8959b040 (cb_lock){++++}, at: genl_rcv+0x19/0x40 [ 74.040053][ T8853] #1: ffffffff8959af68 (genl_mutex){+.+.}, at: genl_rcv_msg+0xca/0x13e0 [ 74.048900][ T8853] #2: ffffffff89586c60 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 74.057520][ T8853] #3: ffff8880a868d0a0 (&wg->device_update_lock){+.+.}, at: wg_set_device+0x3dd/0x2010 [ 74.068188][ T8853] #4: ffff8880a868ce80 (&wg->static_identity.lock){++++}, at: wg_set_device+0xad0/0x2010 [ 74.078347][ T8853] [ 74.078347][ T8853] stack backtrace: [ 74.084360][ T8853] CPU: 0 PID: 8853 Comm: syz-executor338 Not tainted 5.5.0-syzkaller #0 [ 74.093632][ T8853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.104609][ T8853] Call Trace: [ 74.107900][ T8853] dump_stack+0x1fb/0x318 [ 74.112485][ T8853] print_circular_bug+0xc3f/0xe70 [ 74.118027][ T8853] ? stack_trace_save+0xb6/0x150 [ 74.123162][ T8853] ? save_trace+0x4b/0x9f0 [ 74.127595][ T8853] check_noncircular+0x206/0x3a0 [ 74.132557][ T8853] validate_chain+0x1507/0x7be0 [ 74.137409][ T8853] ? __kasan_check_read+0x11/0x20 [ 74.142454][ T8853] ? mark_lock+0x107/0x1650 [ 74.147161][ T8853] __lock_acquire+0xc5a/0x1bc0 [ 74.152065][ T8853] ? __lock_acquire+0xc5a/0x1bc0 [ 74.157086][ T8853] ? trace_lock_acquire+0x15b/0x1d0 [ 74.162294][ T8853] lock_acquire+0x154/0x250 [ 74.166808][ T8853] ? flush_workqueue+0xee/0x1820 [ 74.171884][ T8853] flush_workqueue+0x10a/0x1820 [ 74.176737][ T8853] ? flush_workqueue+0xee/0x1820 [ 74.181827][ T8853] ? do_raw_spin_unlock+0x142/0x950 [ 74.187262][ T8853] peer_remove_after_dead+0x125/0x280 [ 74.192645][ T8853] wg_peer_remove+0x211/0x270 [ 74.198357][ T8853] wg_set_device+0xb6a/0x2010 [ 74.203215][ T8853] ? __nla_validate_parse+0x17c5/0x1ed0 [ 74.208772][ T8853] genl_rcv_msg+0xf15/0x13e0 [ 74.213436][ T8853] netlink_rcv_skb+0x19e/0x3e0 [ 74.218196][ T8853] ? genl_unbind+0x250/0x250 [ 74.222770][ T8853] genl_rcv+0x28/0x40 [ 74.226744][ T8853] netlink_unicast+0x766/0x920 [ 74.231619][ T8853] netlink_sendmsg+0xa2b/0xd40 [ 74.236526][ T8853] ? netlink_getsockopt+0x9f0/0x9f0 [ 74.241736][ T8853] ____sys_sendmsg+0x4f7/0x7f0 [ 74.246604][ T8853] __sys_sendmsg+0x1ed/0x290 [ 74.251218][ T8853] ? check_preemption_disabled+0xb4/0x260 [ 74.256931][ T8853] ? debug_smp_processor_id+0x9/0x20 [ 74.262243][ T8853] ? __kasan_check_write+0x14/0x20 [ 74.267353][ T8853] ? __fpregs_load_activate+0x194/0x220 [ 74.272904][ T8853] ? switch_fpu_return+0xe/0x10 [ 74.277741][ T8853] ? prepare_exit_to_usermode+0x221/0x5b0 [ 74.283709][ T8853] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 74.289421][ T8853] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 74.295441][ T8853] ? do_syscall_64+0x1d/0x1c0 [ 74.300378][ T8853] __x64_sys_sendmsg+0x7f/0x90 [ 74.305291][ T8853] do_syscall_64+0xf7/0x1c0 [ 74.309865][ T8853] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 74.315918][ T8853] RIP: 0033:0x4491c9 [ 74.319955][ T8853] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b d4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 74.340221][ T8853] RSP: 002b:00007fffdccd47a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.348628][ T8853] RAX: ffffffffffffffda RBX: 0000000000003064 RCX: 00000000004491c9 [ 74.356826][ T8853] RDX: 0000000000000000 RSI: 0000000020001340 RDI: 0000000000000004 [ 74.364875][ T8853] RBP: 7261756765726977 R08: 0000000000000000 R09: 0000000001bbbbbb [ 74.373497][ T8853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.382119][ T8853] R13: 0000000000406b80 R14: 0000000000000000 R15: 0000000000000000