[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.104' (ECDSA) to the list of known hosts. 2020/11/23 10:22:53 parsed 1 programs 2020/11/23 10:22:54 executed programs: 0 syzkaller login: [ 157.064523] IPVS: ftp: loaded support on port[0] = 21 [ 157.138474] chnl_net:caif_netlink_parms(): no params data found [ 157.238557] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.245499] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.252445] device bridge_slave_0 entered promiscuous mode [ 157.260267] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.267132] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.273949] device bridge_slave_1 entered promiscuous mode [ 157.290220] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 157.298807] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 157.316852] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 157.323960] team0: Port device team_slave_0 added [ 157.329811] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 157.337621] team0: Port device team_slave_1 added [ 157.351858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 157.358116] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.383887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 157.396684] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 157.402905] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.428666] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 157.439414] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 157.447024] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 157.465255] device hsr_slave_0 entered promiscuous mode [ 157.470821] device hsr_slave_1 entered promiscuous mode [ 157.477226] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 157.484204] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 157.542874] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.549437] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.556304] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.562732] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.589483] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 157.596165] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.603580] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 157.612498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.621090] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.638482] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.648101] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 157.654186] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.662400] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.670643] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.677027] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.695460] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.702992] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.710426] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.719035] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.726791] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.734338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.743436] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 157.750502] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.759802] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 157.766003] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 157.777894] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 157.785209] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 157.791896] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 157.801647] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.849829] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 157.859561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 157.888595] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 157.895988] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 157.902360] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 157.911474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 157.919497] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 157.926482] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 157.935375] device veth0_vlan entered promiscuous mode [ 157.944389] device veth1_vlan entered promiscuous mode [ 157.950762] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 157.959184] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 157.970027] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 157.978835] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 157.986373] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 157.993423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 158.002778] device veth0_macvtap entered promiscuous mode [ 158.008883] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 158.017232] device veth1_macvtap entered promiscuous mode [ 158.025348] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 158.034815] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 158.044057] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 158.052054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 158.060560] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 158.069937] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 158.077199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 158.134869] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 158.175259] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 158.184744] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.195597] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.203168] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 158.226676] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 158.233394] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.241945] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.249113] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 158.287366] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1844 [ 158.297185] in_atomic(): 0, irqs_disabled(): 0, pid: 5, name: kworker/u4:0 [ 158.304210] 4 locks held by kworker/u4:0/5: [ 158.309440] #0: ("%s"wiphy_name(local->hw.wiphy)){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 158.320344] #1: ((&sdata->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 158.330005] #2: (&wdev->mtx){+.+.}, at: [] ieee80211_ibss_work+0x72/0xc90 [ 158.338764] #3: (rcu_read_lock){....}, at: [] sta_info_insert_rcu+0x48d/0x1f40 [ 158.348061] Preemption disabled at: [ 158.348079] [] rcu_lockdep_current_cpu_online+0x30/0x140 [ 158.359039] CPU: 0 PID: 5 Comm: kworker/u4:0 Not tainted 4.14.208-syzkaller #0 [ 158.366397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 158.375748] Workqueue: phy2 ieee80211_iface_work [ 158.380484] Call Trace: [ 158.383050] dump_stack+0x1b2/0x283 [ 158.386657] ? rcu_lockdep_current_cpu_online+0x30/0x140 [ 158.392089] ___might_sleep.cold+0x235/0x250 [ 158.396489] sta_info_move_state+0x32/0x930 [ 158.400800] sta_info_free+0x50/0x330 [ 158.404585] sta_info_insert_rcu+0x23c/0x1f40 [ 158.409065] ? __local_bh_enable_ip+0xc1/0x170 [ 158.413624] ? minstrel_ht_rate_update+0x40/0x40 [ 158.418352] ? rate_control_rate_init+0x2cb/0x4f0 [ 158.423183] ieee80211_ibss_finish_sta+0x1db/0x2b0 [ 158.428088] ? ieee80211_sta_join_ibss+0xd50/0xd50 [ 158.432994] ? __local_bh_enable_ip+0xc1/0x170 [ 158.437564] ieee80211_ibss_work+0x260/0xc90 [ 158.441950] ? ieee80211_ibss_rx_queued_mgmt+0x1680/0x1680 [ 158.447557] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 158.452635] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 158.457639] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 158.463072] ieee80211_iface_work+0x690/0x770 [ 158.468104] process_one_work+0x793/0x14a0 [ 158.472318] ? work_busy+0x320/0x320 [ 158.476007] ? worker_thread+0x158/0xff0 [ 158.480044] ? _raw_spin_unlock_irq+0x24/0x80 [ 158.484518] worker_thread+0x5cc/0xff0 [ 158.488406] ? rescuer_thread+0xc80/0xc80 [ 158.492684] kthread+0x30d/0x420 [ 158.496067] ? kthread_create_on_node+0xd0/0xd0 [ 158.500726] ret_from_fork+0x24/0x30 [ 159.086092] Bluetooth: hci0 command 0x0409 tx timeout 2020/11/23 10:22:59 executed programs: 173 [ 161.164780] Bluetooth: hci0 command 0x041b tx timeout [ 163.254677] Bluetooth: hci0 command 0x040f tx timeout [ 165.324421] Bluetooth: hci0 command 0x0419 tx timeout 2020/11/23 10:23:04 executed programs: 540