[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts. 2020/11/13 22:50:18 parsed 1 programs 2020/11/13 22:50:19 executed programs: 0 syzkaller login: [ 58.117015][ T8476] IPVS: ftp: loaded support on port[0] = 21 [ 58.281433][ T8476] chnl_net:caif_netlink_parms(): no params data found [ 58.339839][ T8476] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.348577][ T8476] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.357909][ T8476] device bridge_slave_0 entered promiscuous mode [ 58.367785][ T8476] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.376824][ T8476] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.385326][ T8476] device bridge_slave_1 entered promiscuous mode [ 58.407352][ T8476] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.418351][ T8476] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.442489][ T8476] team0: Port device team_slave_0 added [ 58.451296][ T8476] team0: Port device team_slave_1 added [ 58.469885][ T8476] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.476957][ T8476] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.504354][ T8476] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.518164][ T8476] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.525371][ T8476] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.551703][ T8476] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.579769][ T8476] device hsr_slave_0 entered promiscuous mode [ 58.587007][ T8476] device hsr_slave_1 entered promiscuous mode [ 58.687339][ T8476] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 58.698450][ T8476] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 58.708500][ T8476] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 58.718966][ T8476] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 58.743708][ T8476] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.750979][ T8476] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.759189][ T8476] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.766395][ T8476] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.814730][ T8476] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.828953][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.841442][ T2987] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.851381][ T2987] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.859995][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 58.876352][ T8476] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.888631][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.899303][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.906503][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.923293][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.931746][ T2987] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.939050][ T2987] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.962070][ T8476] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 58.972618][ T8476] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 58.990343][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.999401][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.009106][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.019509][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.029236][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.037331][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.059831][ T8476] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.068864][ T3744] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 59.078477][ T3744] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 59.104631][ T3744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.118861][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.129846][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.138301][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.150585][ T8476] device veth0_vlan entered promiscuous mode [ 59.162566][ T8476] device veth1_vlan entered promiscuous mode [ 59.184835][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 59.194712][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 59.203292][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.214542][ T8476] device veth0_macvtap entered promiscuous mode [ 59.225590][ T8476] device veth1_macvtap entered promiscuous mode [ 59.245431][ T8476] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.253963][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 59.264090][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 59.276402][ T8476] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.284418][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 59.294557][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 59.305670][ T8476] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.315376][ T8476] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.326517][ T8476] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.337568][ T8476] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.422228][ T21] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.455105][ T21] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.464168][ T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.477710][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 59.491065][ T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.506559][ T2987] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 59.526604][ T204] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 [ 59.546658][ T81] [ 59.549044][ T81] ============================= [ 59.553897][ T81] [ BUG: Invalid wait context ] [ 59.558741][ T81] 5.10.0-rc3-syzkaller #0 Not tainted [ 59.564102][ T81] ----------------------------- [ 59.568972][ T81] kworker/u4:3/81 is trying to lock: [ 59.574251][ T81] ffff8880219fa9d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x4d/0x120 [ 59.584879][ T81] other info that might help us debug this: [ 59.590790][ T81] context-{4:4} [ 59.594258][ T81] 4 locks held by kworker/u4:3/81: [ 59.599361][ T81] #0: ffff888029472938 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x6f4/0xfc0 [ 59.609449][ T81] #1: ffffc9000108fd80 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x733/0xfc0 [ 59.620665][ T81] #2: ffff88802c89cd00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x4e/0x1450 [ 59.630231][ T81] #3: ffffffff8bae6840 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 59.639530][ T81] stack backtrace: [ 59.643249][ T81] CPU: 0 PID: 81 Comm: kworker/u4:3 Not tainted 5.10.0-rc3-syzkaller #0 [ 59.651664][ T81] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.661728][ T81] Workqueue: phy3 ieee80211_iface_work [ 59.667181][ T81] Call Trace: [ 59.670481][ T81] dump_stack+0x137/0x1be [ 59.674823][ T81] ? wake_up_klogd+0xb2/0xf0 [ 59.679408][ T81] __lock_acquire+0x25be/0x6250 [ 59.684285][ T81] ? rcu_read_lock_sched_held+0x41/0xb0 [ 59.689930][ T81] lock_acquire+0x114/0x5e0 [ 59.694459][ T81] ? ieee80211_recalc_min_chandef+0x4d/0x120 [ 59.700442][ T81] __mutex_lock_common+0x189/0x2f20 [ 59.705654][ T81] ? ieee80211_recalc_min_chandef+0x4d/0x120 [ 59.711649][ T81] ? ieee80211_clear_fast_rx+0x6f/0xb0 [ 59.717128][ T81] ? ieee80211_clear_fast_rx+0x6f/0xb0 [ 59.722594][ T81] ? rcu_read_lock_sched_held+0x41/0xb0 [ 59.728142][ T81] ? ieee80211_recalc_min_chandef+0x4d/0x120 [ 59.734150][ T81] mutex_lock_nested+0x1a/0x20 [ 59.738917][ T81] ieee80211_recalc_min_chandef+0x4d/0x120 [ 59.744743][ T81] sta_info_move_state+0x38a/0x830 [ 59.749897][ T81] sta_info_free+0xcb/0x330 [ 59.754402][ T81] sta_info_insert_rcu+0x1462/0x1fb0 [ 59.759704][ T81] ? rcu_lock_release+0x5/0x20 [ 59.764477][ T81] ? minstrel_ht_alloc_sta+0x3b0/0x3b0 [ 59.769934][ T81] ? rate_control_rate_init+0x4c6/0x560 [ 59.775490][ T81] ieee80211_ibss_finish_sta+0x21c/0x2e0 [ 59.781127][ T81] ieee80211_ibss_work+0x218/0x1450 [ 59.786328][ T81] ? ieee80211_iface_work+0x949/0xa80 [ 59.791725][ T81] process_one_work+0x789/0xfc0 [ 59.796584][ T81] worker_thread+0xaa4/0x1460 [ 59.801268][ T81] kthread+0x36b/0x390 [ 59.805335][ T81] ? rcu_lock_release+0x20/0x20 [ 59.810203][ T81] ? kthread_blkcg+0xd0/0xd0 [ 59.814811][ T81] ret_from_fork+0x1f/0x30 [