[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. 2020/11/12 20:08:22 fuzzer started 2020/11/12 20:08:22 connecting to host at 10.128.0.26:43561 2020/11/12 20:08:22 checking machine... 2020/11/12 20:08:22 checking revisions... 2020/11/12 20:08:22 testing simple program... syzkaller login: [ 54.802976][ T8479] IPVS: ftp: loaded support on port[0] = 21 [ 54.956757][ T8479] chnl_net:caif_netlink_parms(): no params data found [ 55.008648][ T8479] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.017156][ T8479] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.026008][ T8479] device bridge_slave_0 entered promiscuous mode [ 55.035526][ T8479] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.043753][ T8479] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.053625][ T8479] device bridge_slave_1 entered promiscuous mode [ 55.074242][ T8479] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.085772][ T8479] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.107995][ T8479] team0: Port device team_slave_0 added [ 55.115494][ T8479] team0: Port device team_slave_1 added [ 55.132571][ T8479] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.142222][ T8479] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.168495][ T8479] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.181478][ T8479] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.188624][ T8479] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.215894][ T8479] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.242152][ T8479] device hsr_slave_0 entered promiscuous mode [ 55.248994][ T8479] device hsr_slave_1 entered promiscuous mode [ 55.342986][ T8479] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.354191][ T8479] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.364954][ T8479] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.375358][ T8479] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.399019][ T8479] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.406881][ T8479] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.415447][ T8479] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.422617][ T8479] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.468179][ T8479] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.483180][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.494309][ T2992] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.503163][ T2992] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.513682][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 55.526331][ T8479] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.537579][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.546838][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.553994][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.572279][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.581570][ T2992] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.589223][ T2992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.610821][ T8479] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.622385][ T8479] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.636185][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.645598][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.655036][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.665709][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.674075][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.682038][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.700012][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 55.708151][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 55.720878][ T8479] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.739108][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.758647][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.768261][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.777491][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.788332][ T8479] device veth0_vlan entered promiscuous mode [ 55.803724][ T8479] device veth1_vlan entered promiscuous mode [ 55.824340][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 55.834151][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 55.842953][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.854412][ T8479] device veth0_macvtap entered promiscuous mode [ 55.865787][ T8479] device veth1_macvtap entered promiscuous mode [ 55.882381][ T8479] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.889938][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.903709][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 55.915321][ T8479] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.923980][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.935918][ T8479] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.945199][ T8479] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.955379][ T8479] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.964976][ T8479] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.033554][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.059582][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.085900][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 56.096690][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.106220][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.115248][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 56.128281][ T28] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 [ 56.140954][ T28] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 28, name: kworker/u4:2 [ 56.150271][ T28] 4 locks held by kworker/u4:2/28: [ 56.157789][ T28] #0: ffff888021c0a138 ((wq_completion)phy4){+.+.}-{0:0}, at: process_one_work+0x6f4/0xfc0 [ 56.168603][ T28] #1: ffffc90000e2fd80 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x733/0xfc0 [ 56.180247][ T28] #2: ffff88802eb40d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x4e/0x1450 [ 56.194769][ T28] #3: ffffffff8bae6840 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 56.207399][ T28] Preemption disabled at: [ 56.207425][ T28] [] __mutex_lock_common+0x15c/0x2f20 [ 56.230452][ T28] CPU: 1 PID: 28 Comm: kworker/u4:2 Not tainted 5.10.0-rc3-syzkaller #0 [ 56.239171][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.249246][ T28] Workqueue: phy4 ieee80211_iface_work [ 56.254727][ T28] Call Trace: [ 56.258739][ T28] dump_stack+0x137/0x1be [ 56.263085][ T28] ? wake_up_klogd+0xb2/0xf0 [ 56.267731][ T28] ___might_sleep+0x3ef/0x530 [ 56.272422][ T28] ? __mutex_lock_common+0x15c/0x2f20 [ 56.277901][ T28] sta_info_move_state+0x35/0x830 [ 56.282947][ T28] sta_info_free+0xcb/0x330 [ 56.287472][ T28] sta_info_insert_rcu+0x1462/0x1fb0 [ 56.292901][ T28] ? rcu_lock_release+0x5/0x20 [ 56.297656][ T28] ? minstrel_ht_alloc_sta+0x3b0/0x3b0 [ 56.303374][ T28] ? rate_control_rate_init+0x4c6/0x560 [ 56.308921][ T28] ieee80211_ibss_finish_sta+0x21c/0x2e0 [ 56.314548][ T28] ieee80211_ibss_work+0x218/0x1450 [ 56.319759][ T28] ? ieee80211_iface_work+0x949/0xa80 [ 56.325144][ T28] process_one_work+0x789/0xfc0 [ 56.329998][ T28] worker_thread+0xaa4/0x1460 [ 56.334680][ T28] kthread+0x36b/0x390 [ 56.338882][ T28] ? rcu_lock_release+0x20/0x20 [ 56.343724][ T28] ? kthread_blkcg+0xd0/0xd0 [ 56.348316][ T28] ret_from_fork+0x1f/0x30 [ 56.359308][ T28] [ 56.361697][ T28] ============================= [ 56.366532][ T28] [ BUG: Invalid wait context ] [ 56.371565][ T28] 5.10.0-rc3-syzkaller #0 Tainted: G W [ 56.378540][ T28] ----------------------------- [ 56.383384][ T28] kworker/u4:2/28 is trying to lock: [ 56.389013][ T28] ffff888014da29d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x4d/0x120 [ 56.399625][ T28] other info that might help us debug this: [ 56.405500][ T28] context-{4:4} [ 56.409108][ T28] 4 locks held by kworker/u4:2/28: [ 56.414190][ T28] #0: ffff888021c0a138 ((wq_completion)phy4){+.+.}-{0:0}, at: process_one_work+0x6f4/0xfc0 [ 56.424284][ T28] #1: ffffc90000e2fd80 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x733/0xfc0 [ 56.435374][ T28] #2: ffff88802eb40d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x4e/0x1450 [ 56.445007][ T28] #3: ffffffff8bae6840 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 56.454298][ T28] stack backtrace: [ 56.458011][ T28] CPU: 1 PID: 28 Comm: kworker/u4:2 Tainted: G W 5.10.0-rc3-syzkaller #0 [ 56.467798][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.477835][ T28] Workqueue: phy4 ieee80211_iface_work [ 56.483272][ T28] Call Trace: [ 56.486560][ T28] dump_stack+0x137/0x1be [ 56.490869][ T28] ? wake_up_klogd+0xb2/0xf0 [ 56.495432][ T28] __lock_acquire+0x25be/0x6250 [ 56.500277][ T28] ? rcu_read_lock_sched_held+0x41/0xb0 [ 56.505849][ T28] ? rcu_read_lock_sched_held+0x41/0xb0 [ 56.511395][ T28] lock_acquire+0x114/0x5e0 [ 56.515878][ T28] ? ieee80211_recalc_min_chandef+0x4d/0x120 [ 56.521851][ T28] __mutex_lock_common+0x189/0x2f20 [ 56.527054][ T28] ? ieee80211_recalc_min_chandef+0x4d/0x120 [ 56.533119][ T28] ? ieee80211_clear_fast_rx+0x6f/0xb0 [ 56.538554][ T28] ? ieee80211_clear_fast_rx+0x6f/0xb0 [ 56.544007][ T28] ? rcu_read_lock_sched_held+0x41/0xb0 [ 56.549546][ T28] ? ieee80211_recalc_min_chandef+0x4d/0x120 [ 56.555541][ T28] mutex_lock_nested+0x1a/0x20 [ 56.560325][ T28] ieee80211_recalc_min_chandef+0x4d/0x120 [ 56.566115][ T28] sta_info_move_state+0x38a/0x830 [ 56.571205][ T28] sta_info_free+0xcb/0x330 [ 56.575684][ T28] sta_info_insert_rcu+0x1462/0x1fb0 [ 56.580960][ T28] ? rcu_lock_release+0x5/0x20 [ 56.585714][ T28] ? minstrel_ht_alloc_sta+0x3b0/0x3b0 [ 56.591327][ T28] ? rate_control_rate_init+0x4c6/0x560 [ 56.596865][ T28] ieee80211_ibss_finish_sta+0x21c/0x2e0 [ 56.602475][ T28] ieee80211_ibss_work+0x218/0x1450 [ 56.607647][ T28] ? ieee80211_iface_work+0x949/0xa80 [ 56.613008][ T28] process_one_work+0x789/0xfc0 [ 56.617852][ T28] worker_thread+0xaa4/0x1460 [ 56.622506][ T28] kthread+0x36b/0x390 [ 56.626561][ T28] ? rcu_lock_release+0x20/0x20 [ 56.631385][ T28] ? kthread_blkcg+0xd0/0xd0 executing program 2020/11/12 20:08:25 building call list... [ 56.635951][ T28] ret_from_fork+0x1f/0x30 [ 56.814672][ T8] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.903796][ T8] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.989473][ T8] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.078723][ T8] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.251172][ T8] device hsr_slave_0 left promiscuous mode [ 58.257596][ T8] device hsr_slave_1 left promiscuous mode [ 58.269606][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 58.278433][ T8] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 58.287517][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 58.296192][ T8] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 58.305837][ T8] device bridge_slave_1 left promiscuous mode [ 58.312491][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.321571][ T8] device bridge_slave_0 left promiscuous mode [ 58.327752][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.338333][ T8] device veth1_macvtap left promiscuous mode [ 58.345171][ T8] device veth0_macvtap left promiscuous mode [ 58.351749][ T8] device veth1_vlan left promiscuous mode [ 58.364362][ T8] device veth0_vlan left promiscuous mode [ 59.359538][ T8] team0 (unregistering): Port device team_slave_1 removed [ 59.369245][ T8] team0 (unregistering): Port device team_slave_0 removed [ 59.378929][ T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 59.392659][ T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface executing program [ 59.417960][ T8] bond0 (unregistering): Released all slaves [ 59.475019][ T8732] can: request_module (can-proto-0) failed. [ 59.870149][ T8732] can: request_module (can-proto-0) failed. [ 59.880746][ T8732] can: request_module (can-proto-0) failed. [ 60.018066][ T8732] base_sock_release(0000000053a25ed8) sk=00000000c0278bac