[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.206' (ECDSA) to the list of known hosts. 2020/11/20 15:14:09 fuzzer started 2020/11/20 15:14:10 connecting to host at 10.128.0.26:38115 2020/11/20 15:14:10 checking machine... 2020/11/20 15:14:10 checking revisions... 2020/11/20 15:14:10 testing simple program... syzkaller login: [ 66.142596][ T8506] IPVS: ftp: loaded support on port[0] = 21 [ 66.304550][ T8506] chnl_net:caif_netlink_parms(): no params data found [ 66.360838][ T8506] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.369602][ T8506] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.378275][ T8506] device bridge_slave_0 entered promiscuous mode [ 66.387851][ T8506] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.395112][ T8506] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.402885][ T8506] device bridge_slave_1 entered promiscuous mode [ 66.424560][ T8506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.435676][ T8506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.459311][ T8506] team0: Port device team_slave_0 added [ 66.467041][ T8506] team0: Port device team_slave_1 added [ 66.486146][ T8506] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.493108][ T8506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.521632][ T8506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.534956][ T8506] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.541924][ T8506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.568184][ T8506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 66.595941][ T8506] device hsr_slave_0 entered promiscuous mode [ 66.602689][ T8506] device hsr_slave_1 entered promiscuous mode [ 66.706695][ T8506] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 66.717812][ T8506] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 66.734805][ T8506] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 66.746804][ T8506] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 66.775781][ T8506] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.783181][ T8506] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.791617][ T8506] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.798802][ T8506] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.850886][ T8506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.866830][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.878406][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.888130][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.896945][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 66.911061][ T8506] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.923631][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.933074][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.940270][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.964897][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.975260][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.983797][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.992101][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.012937][ T8506] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 67.025603][ T8506] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 67.040062][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 67.048817][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.058313][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 67.070228][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 67.081663][ T8726] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 67.099938][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 67.107509][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 67.122292][ T8506] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.144670][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 67.167992][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 67.177766][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 67.187151][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 67.199489][ T8506] device veth0_vlan entered promiscuous mode [ 67.212581][ T8506] device veth1_vlan entered promiscuous mode [ 67.237799][ T8726] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 67.246804][ T8726] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 67.255963][ T8726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 67.268768][ T8506] device veth0_macvtap entered promiscuous mode [ 67.280849][ T8506] device veth1_macvtap entered promiscuous mode [ 67.297500][ T8726] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 67.309005][ T8506] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.318055][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.328129][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.341932][ T8506] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.350711][ T3127] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.360792][ T3127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.372337][ T8506] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.385873][ T8506] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.397648][ T8506] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.406933][ T8506] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.492358][ T21] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.523099][ T21] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.538520][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.562933][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.578525][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.587778][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 67.627697][ T8] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 [ 67.654380][ T8] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 8, name: kworker/u4:0 [ 67.670511][ T8] 4 locks held by kworker/u4:0/8: 2020/11/20 15:14:13 building call list... executing program [ 67.685285][ T8] #0: ffff888018bf9938 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 67.713238][ T8] #1: ffffc90000cd7da8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 67.734576][ T8] #2: ffff88801c3f0d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x93/0xe80 [ 67.764590][ T8] #3: ffffffff8b337160 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x680/0x2ba0 [ 67.784989][ T8] Preemption disabled at: [ 67.785021][ T8] [] __mutex_lock+0x10f/0x10e0 [ 67.814117][ T8] CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.10.0-rc3-syzkaller #0 [ 67.822410][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.832611][ T8] Workqueue: phy3 ieee80211_iface_work [ 67.838251][ T8] Call Trace: [ 67.841583][ T8] dump_stack+0x107/0x163 [ 67.845945][ T8] ? __mutex_lock+0x10f/0x10e0 [ 67.850846][ T8] ___might_sleep.cold+0x1e8/0x22e [ 67.855969][ T8] sta_info_move_state+0x32/0x8d0 [ 67.861010][ T8] sta_info_free+0x65/0x3b0 [ 67.865545][ T8] sta_info_insert_rcu+0x303/0x2ba0 [ 67.870772][ T8] ? find_held_lock+0x2d/0x110 [ 67.875588][ T8] ? rate_control_rate_init+0x32c/0x6a0 [ 67.882017][ T8] ? sta_info_free+0x3b0/0x3b0 [ 67.886783][ T8] ? __local_bh_enable_ip+0x9c/0x110 [ 67.892668][ T8] ? rate_control_rate_init+0x35f/0x6a0 [ 67.898242][ T8] ieee80211_ibss_finish_sta+0x212/0x390 [ 67.903889][ T8] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 67.909968][ T8] ? __local_bh_enable_ip+0x9c/0x110 [ 67.915355][ T8] ieee80211_ibss_work+0x2c7/0xe80 [ 67.920488][ T8] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 67.926835][ T8] ? mark_held_locks+0x9f/0xe0 [ 67.931695][ T8] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 67.937504][ T8] ? lockdep_hardirqs_on+0x79/0x100 [ 67.942702][ T8] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 67.948617][ T8] ieee80211_iface_work+0x91f/0xa90 [ 67.954010][ T8] process_one_work+0x933/0x15a0 [ 67.958976][ T8] ? lock_release+0x710/0x710 [ 67.963665][ T8] ? pwq_dec_nr_in_flight+0x320/0x320 [ 67.969323][ T8] ? rwlock_bug.part.0+0x90/0x90 [ 67.974263][ T8] ? _raw_spin_lock_irq+0x41/0x50 [ 67.979563][ T8] worker_thread+0x64c/0x1120 [ 67.984264][ T8] ? process_one_work+0x15a0/0x15a0 [ 67.989467][ T8] kthread+0x3af/0x4a0 [ 67.993537][ T8] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 67.999433][ T8] ret_from_fork+0x1f/0x30 [ 68.043975][ T8] [ 68.046335][ T8] ============================= [ 68.051179][ T8] [ BUG: Invalid wait context ] [ 68.056034][ T8] 5.10.0-rc3-syzkaller #0 Tainted: G W [ 68.062783][ T8] ----------------------------- [ 68.067625][ T8] kworker/u4:0/8 is trying to lock: [ 68.072982][ T8] ffff88801c2aa9d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x49/0x140 [ 68.083757][ T8] other info that might help us debug this: [ 68.092440][ T8] context-{4:4} [ 68.095902][ T8] 4 locks held by kworker/u4:0/8: [ 68.100910][ T8] #0: ffff888018bf9938 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 68.111082][ T8] #1: ffffc90000cd7da8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 68.122386][ T8] #2: ffff88801c3f0d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x93/0xe80 [ 68.131972][ T8] #3: ffffffff8b337160 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x680/0x2ba0 [ 68.141905][ T8] stack backtrace: [ 68.145622][ T8] CPU: 0 PID: 8 Comm: kworker/u4:0 Tainted: G W 5.10.0-rc3-syzkaller #0 [ 68.155255][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.165410][ T8] Workqueue: phy3 ieee80211_iface_work [ 68.170993][ T8] Call Trace: [ 68.174312][ T8] dump_stack+0x107/0x163 [ 68.178798][ T8] __lock_acquire.cold+0x310/0x3a2 [ 68.183913][ T8] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 68.189896][ T8] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 68.195868][ T8] lock_acquire+0x2a3/0x8c0 [ 68.200366][ T8] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 68.206336][ T8] ? lock_release+0x710/0x710 [ 68.211010][ T8] __mutex_lock+0x134/0x10e0 [ 68.215616][ T8] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 68.221593][ T8] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 68.227563][ T8] ? mutex_lock_io_nested+0xf60/0xf60 [ 68.232935][ T8] ? ieee80211_clear_fast_rx+0x58/0x80 [ 68.238391][ T8] ? mark_held_locks+0x9f/0xe0 [ 68.243159][ T8] ieee80211_recalc_min_chandef+0x49/0x140 [ 68.249046][ T8] sta_info_move_state+0x3cf/0x8d0 [ 68.254159][ T8] sta_info_free+0x65/0x3b0 [ 68.258656][ T8] sta_info_insert_rcu+0x303/0x2ba0 [ 68.263866][ T8] ? find_held_lock+0x2d/0x110 [ 68.268625][ T8] ? rate_control_rate_init+0x32c/0x6a0 [ 68.275219][ T8] ? sta_info_free+0x3b0/0x3b0 [ 68.280000][ T8] ? __local_bh_enable_ip+0x9c/0x110 [ 68.285472][ T8] ? rate_control_rate_init+0x35f/0x6a0 [ 68.291025][ T8] ieee80211_ibss_finish_sta+0x212/0x390 [ 68.296659][ T8] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 68.302828][ T8] ? __local_bh_enable_ip+0x9c/0x110 [ 68.308127][ T8] ieee80211_ibss_work+0x2c7/0xe80 [ 68.313241][ T8] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 68.319579][ T8] ? mark_held_locks+0x9f/0xe0 [ 68.324340][ T8] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 68.330142][ T8] ? lockdep_hardirqs_on+0x79/0x100 [ 68.335344][ T8] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 68.341242][ T8] ieee80211_iface_work+0x91f/0xa90 [ 68.346466][ T8] process_one_work+0x933/0x15a0 [ 68.351402][ T8] ? lock_release+0x710/0x710 [ 68.356071][ T8] ? pwq_dec_nr_in_flight+0x320/0x320 [ 68.361436][ T8] ? rwlock_bug.part.0+0x90/0x90 [ 68.366368][ T8] ? _raw_spin_lock_irq+0x41/0x50 [ 68.371383][ T8] worker_thread+0x64c/0x1120 [ 68.376064][ T8] ? process_one_work+0x15a0/0x15a0 [ 68.381254][ T8] kthread+0x3af/0x4a0 [ 68.385314][ T8] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 68.391203][ T8] ret_from_fork+0x1f/0x30 [ 68.404729][ T2998] Bluetooth: hci0: command 0x0409 tx timeout [ 68.585279][ T21] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.698248][ T21] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.777424][ T21] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.858294][ T21] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.052309][ T21] device hsr_slave_0 left promiscuous mode [ 70.065755][ T21] device hsr_slave_1 left promiscuous mode [ 70.075629][ T21] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 70.084261][ T21] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 70.092189][ T21] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 70.099743][ T21] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 70.108624][ T21] device bridge_slave_1 left promiscuous mode [ 70.114881][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.123098][ T21] device bridge_slave_0 left promiscuous mode [ 70.129269][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.138503][ T21] device veth1_macvtap left promiscuous mode [ 70.144717][ T21] device veth0_macvtap left promiscuous mode [ 70.150731][ T21] device veth1_vlan left promiscuous mode [ 70.156601][ T21] device veth0_vlan left promiscuous mode executing program [ 71.044511][ T21] team0 (unregistering): Port device team_slave_1 removed [ 71.055098][ T21] team0 (unregistering): Port device team_slave_0 removed [ 71.064851][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 71.077269][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 71.105232][ T21] bond0 (unregistering): Released all slaves [ 71.254967][ T8492] can: request_module (can-proto-0) failed. [ 71.595886][ T8492] can: request_module (can-proto-0) failed. [ 71.606679][ T8492] can: request_module (can-proto-0) failed. [ 71.756818][ T8492] base_sock_release(0000000038befa42) sk=00000000ea592fbd