Warning: Permanently added '[localhost]:35903' (ECDSA) to the list of known hosts. 2020/11/20 08:03:33 fuzzer started 2020/11/20 08:03:34 dialing manager at 10.0.2.10:46317 2020/11/20 08:03:34 syscalls: 3439 2020/11/20 08:03:34 code coverage: enabled 2020/11/20 08:03:34 comparison tracing: enabled 2020/11/20 08:03:34 extra coverage: enabled 2020/11/20 08:03:34 setuid sandbox: enabled 2020/11/20 08:03:34 namespace sandbox: enabled 2020/11/20 08:03:34 Android sandbox: /sys/fs/selinux/policy does not exist 2020/11/20 08:03:34 fault injection: enabled 2020/11/20 08:03:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/11/20 08:03:34 net packet injection: enabled 2020/11/20 08:03:34 net device setup: enabled 2020/11/20 08:03:34 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/11/20 08:03:34 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/11/20 08:03:34 USB emulation: enabled 2020/11/20 08:03:34 hci packet injection: enabled 2020/11/20 08:03:34 wifi device emulation: enabled 08:05:02 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r0, 0x107, 0x12, 0x0, &(0x7f00000000c0)) 08:05:03 executing program 1: remap_file_pages(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0) mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) 08:05:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) write$binfmt_elf64(r0, 0x0, 0x0) 08:05:04 executing program 3: r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000740)='/dev/ocfs2_control\x00', 0x0, 0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) syzkaller login: [ 204.703350][ T9004] IPVS: ftp: loaded support on port[0] = 21 [ 204.887193][ T9004] chnl_net:caif_netlink_parms(): no params data found [ 204.965307][ T9004] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.981419][ T9004] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.996668][ T9004] device bridge_slave_0 entered promiscuous mode [ 205.010771][ T9004] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.024998][ T9004] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.041991][ T9004] device bridge_slave_1 entered promiscuous mode [ 205.072374][ T9004] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 205.122420][ T9004] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 205.128323][ T9006] IPVS: ftp: loaded support on port[0] = 21 [ 205.168305][ T9004] team0: Port device team_slave_0 added [ 205.186559][ T9004] team0: Port device team_slave_1 added [ 205.230160][ T9004] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 205.241797][ T9004] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.284882][ T9004] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 205.322012][ T9004] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 205.401014][ T9004] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.464771][ T9004] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 205.527090][ T9008] IPVS: ftp: loaded support on port[0] = 21 [ 205.550773][ T9004] device hsr_slave_0 entered promiscuous mode [ 205.568624][ T9004] device hsr_slave_1 entered promiscuous mode [ 205.683043][ T9006] chnl_net:caif_netlink_parms(): no params data found [ 205.716102][ T9009] IPVS: ftp: loaded support on port[0] = 21 [ 205.790926][ T9006] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.802453][ T9006] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.813166][ T9006] device bridge_slave_0 entered promiscuous mode [ 205.826773][ T9006] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.839005][ T9006] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.852373][ T9006] device bridge_slave_1 entered promiscuous mode [ 205.901944][ T9006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 205.938901][ T9006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 205.975429][ T9006] team0: Port device team_slave_0 added [ 206.092031][ T9008] chnl_net:caif_netlink_parms(): no params data found [ 206.130494][ T9006] team0: Port device team_slave_1 added [ 206.257069][ T9004] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 206.276019][ T9006] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 206.302269][ T9006] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.349915][ T9006] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 206.397667][ T9008] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.414736][ T9008] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.438457][ T9008] device bridge_slave_0 entered promiscuous mode [ 206.454622][ T9008] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.468271][ T9008] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.483992][ T9008] device bridge_slave_1 entered promiscuous mode [ 206.501663][ T9004] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 206.530590][ T9006] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 206.548908][ T9006] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.632194][ T9006] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 206.712445][ T9004] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 206.730182][ T28] Bluetooth: hci0: command 0x0409 tx timeout [ 206.734249][ T9004] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 206.841764][ T9006] device hsr_slave_0 entered promiscuous mode [ 206.859038][ T9006] device hsr_slave_1 entered promiscuous mode [ 206.896005][ T9006] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 206.907832][ T9006] Cannot create hsr debugfs directory [ 206.945012][ T9008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.984363][ T9009] chnl_net:caif_netlink_parms(): no params data found [ 207.010273][ T9008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.041306][ T37] Bluetooth: hci1: command 0x0409 tx timeout [ 207.075042][ T9008] team0: Port device team_slave_0 added [ 207.092798][ T9008] team0: Port device team_slave_1 added [ 207.124831][ T9008] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 207.157581][ T9008] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.264875][ T9008] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 207.308408][ T9008] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 207.325564][ T9008] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.359460][ T37] Bluetooth: hci2: command 0x0409 tx timeout [ 207.385439][ T9008] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 207.471536][ T9008] device hsr_slave_0 entered promiscuous mode [ 207.483613][ T9008] device hsr_slave_1 entered promiscuous mode [ 207.494838][ T9008] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 207.517273][ T9008] Cannot create hsr debugfs directory [ 207.545104][ T9009] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.554664][ T9009] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.572190][ T9009] device bridge_slave_0 entered promiscuous mode [ 207.593309][ T9009] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.607009][ T9009] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.622535][ T9009] device bridge_slave_1 entered promiscuous mode [ 207.679632][ T3494] Bluetooth: hci3: command 0x0409 tx timeout [ 207.713047][ T9009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.737403][ T9009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.795894][ T9009] team0: Port device team_slave_0 added [ 207.818535][ T9006] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 207.844876][ T9006] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 207.877409][ T9006] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 207.997648][ T9006] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 208.027355][ T9009] team0: Port device team_slave_1 added [ 208.086660][ T9009] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.107837][ T9009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.179130][ T9009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.236229][ T9009] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.245825][ T9009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.292052][ T9009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.340925][ T9009] device hsr_slave_0 entered promiscuous mode [ 208.350327][ T9009] device hsr_slave_1 entered promiscuous mode [ 208.364709][ T9009] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 208.375310][ T9009] Cannot create hsr debugfs directory [ 208.385859][ T9004] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.434988][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 208.445917][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 208.473874][ T9008] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 208.486965][ T9004] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.504084][ T9008] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 208.514446][ T9008] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 208.528548][ T9008] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 208.570274][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.602849][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.620032][ T3494] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.629317][ T3494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.654828][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 208.664767][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 208.676501][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.693882][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.702933][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.732791][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 208.751855][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 208.784110][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.802165][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.818533][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.837422][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.855551][ T28] Bluetooth: hci0: command 0x041b tx timeout [ 208.874195][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 208.890740][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 208.905644][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 208.927088][ T9004] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 208.952918][ T9004] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 208.976669][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 208.989754][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 209.010129][ T9009] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 209.027814][ T9006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.040635][ T9009] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 209.063468][ T9009] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 209.088789][ T9009] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 209.118548][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.134690][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.151458][ T3494] Bluetooth: hci1: command 0x041b tx timeout [ 209.154949][ T9006] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.193828][ T9037] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 209.209567][ T9037] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 209.219072][ T9037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.237203][ T9037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.252220][ T9037] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.271420][ T9037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.291096][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.304304][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.316412][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.328883][ T1722] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.339545][ T1722] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.363031][ T9008] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.377298][ T9004] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.401632][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.440639][ T37] Bluetooth: hci2: command 0x041b tx timeout [ 209.441594][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.465342][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.478332][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.489701][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 209.506528][ T3081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.520178][ T3081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.544590][ T3081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.559071][ T3081] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.588582][ T9008] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.613800][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 209.625208][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 209.646605][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 209.668916][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 209.702487][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.715393][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.735083][ T3494] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.752626][ T3494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.775996][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.798454][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.812874][ T3494] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.827301][ T3494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.840034][ T9036] Bluetooth: hci3: command 0x041b tx timeout [ 209.856312][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.867528][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 209.883928][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 209.900011][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 209.921929][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 209.948551][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 209.964028][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 209.987438][ T9004] device veth0_vlan entered promiscuous mode [ 210.001916][ T9006] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.021777][ T9035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.044510][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.058945][ T9004] device veth1_vlan entered promiscuous mode [ 210.075390][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 210.087526][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.098472][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.113890][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.145879][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 210.161434][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.174699][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.186829][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 210.199827][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 210.212062][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.222999][ T3476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.237342][ T9009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.253204][ T9008] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 210.270011][ T9008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.282471][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.304992][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.342615][ T9006] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.370094][ T9035] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.388144][ T9035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.408594][ T9004] device veth0_macvtap entered promiscuous mode [ 210.421815][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 210.433381][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 210.446208][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 210.462373][ T9009] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.472430][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 210.483322][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 210.498738][ T9004] device veth1_macvtap entered promiscuous mode [ 210.520085][ T9008] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.545294][ T9004] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 210.558476][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 210.570863][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.583592][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.596954][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.606677][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.617268][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 210.628193][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 210.644975][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.668255][ T9004] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 210.678202][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 210.689979][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 210.706369][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.721126][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.733423][ T1722] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.745651][ T1722] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.758189][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 210.769662][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 210.792560][ T9036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.846275][ T9004] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.894185][ T9004] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.900578][ T3476] Bluetooth: hci0: command 0x040f tx timeout [ 210.919056][ T9004] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.945858][ T9004] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.964418][ T9037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 210.978682][ T9037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 210.991127][ T9037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.002522][ T9037] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 211.018174][ T9037] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 211.033803][ T9006] device veth0_vlan entered promiscuous mode [ 211.058318][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.080379][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.095558][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 211.111074][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 211.124061][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.177153][ T9006] device veth1_vlan entered promiscuous mode [ 211.186719][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 211.201119][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.209394][ T3476] Bluetooth: hci1: command 0x040f tx timeout [ 211.214710][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.284999][ T3081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 211.298281][ T3081] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 211.314655][ T3081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 211.325280][ T3081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 211.349768][ T3081] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 211.372072][ T3081] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 211.410866][ T9008] device veth0_vlan entered promiscuous mode [ 211.411143][ T9026] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 211.435871][ T9008] device veth1_vlan entered promiscuous mode [ 211.436808][ T9026] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 211.465149][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 211.476373][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 211.487242][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 211.513919][ T9009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 211.519911][ T3476] Bluetooth: hci2: command 0x040f tx timeout [ 211.552678][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 211.563285][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 211.577251][ T9031] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 211.585310][ T9006] device veth0_macvtap entered promiscuous mode [ 211.589723][ T9031] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 211.614659][ T9009] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.637537][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 211.648410][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 211.659030][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 211.672956][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 211.690066][ T9006] device veth1_macvtap entered promiscuous mode [ 211.713668][ T9008] device veth0_macvtap entered promiscuous mode [ 211.749790][ T3081] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 211.772997][ T3081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 211.818402][ T3081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 211.847301][ T3081] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 211.870380][ T9008] device veth1_macvtap entered promiscuous mode [ 211.888741][ T9004] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 211.895915][ T9006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 211.938766][ T3494] Bluetooth: hci3: command 0x040f tx timeout [ 211.939276][ T9006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.001338][ T9006] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.027941][ T9008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 212.047616][ T9008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 08:05:11 executing program 0: r0 = add_key$user(&(0x7f00000012c0)='user\x00', &(0x7f0000001300)={'syz', 0x2}, &(0x7f0000001340)='9', 0x1, 0xfffffffffffffffd) r1 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000380)={'syz', 0x2}, &(0x7f0000001340)='9', 0x1, 0xffffffffffffffff) r2 = add_key$user(&(0x7f0000000400)='user\x00', &(0x7f0000001300)={'syz', 0x0}, &(0x7f0000000880)="e4", 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000040)={r1, r0, r2}, 0x0, 0x0, 0x0) [ 212.078158][ T9008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 212.107257][ T9008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 08:05:12 executing program 0: bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x6, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) [ 212.125697][ T9008] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.149351][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 212.162373][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready 08:05:12 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000001b80)={0x1, &(0x7f0000001680)=[{0x5a}]}) [ 212.201619][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 212.218155][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready 08:05:12 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8903, 0x0) [ 212.232706][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 212.248212][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 212.262093][ T3494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 212.292069][ T9006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 212.341698][ T9006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.389676][ T9006] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.425888][ T9009] device veth0_vlan entered promiscuous mode [ 212.443828][ T9008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 212.476252][ T9008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.491975][ T9008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 212.504674][ T9008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.521501][ T9008] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.538444][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 212.556401][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 212.568148][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 212.578962][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 212.590389][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 212.601317][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 212.613977][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 212.624847][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 212.644569][ T9009] device veth1_vlan entered promiscuous mode [ 212.667612][ T9008] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 08:05:12 executing program 0: add_key$user(&(0x7f0000000000)='user\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) setgid(0x0) [ 212.679151][ T9008] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.692922][ T9008] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.713738][ T9008] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.731382][ T9006] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.742816][ T9006] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.754251][ T9006] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.768452][ T9006] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.831862][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 212.842486][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 212.870159][ T9009] device veth0_macvtap entered promiscuous mode [ 212.896063][ T9026] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 212.902136][ T9009] device veth1_macvtap entered promiscuous mode [ 212.924683][ T9026] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 212.959808][ T3494] Bluetooth: hci0: command 0x0419 tx timeout [ 212.961976][ T2977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 212.976182][ T9026] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 212.981642][ T9036] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 212.982196][ T9036] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 212.982543][ T9036] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 212.991232][ T9009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 212.991250][ T9009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.991260][ T9009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 212.991264][ T9009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.991270][ T9009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 212.991275][ T9009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.992408][ T9009] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.992463][ T2977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.004173][ T9026] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.193232][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 213.216393][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 213.238575][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 213.257443][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 213.280971][ T3494] Bluetooth: hci1: command 0x0419 tx timeout [ 213.281243][ T9009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 213.320281][ T9009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.337718][ T9009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 213.355133][ T9009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.381132][ T9009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 213.408359][ T9009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.431199][ T9009] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 213.453500][ T9009] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.469830][ T9009] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.482416][ T9009] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.494056][ T9009] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.537044][ T9039] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 213.572619][ T9065] mmap: syz-executor.1 (9065) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 213.572979][ T9039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 08:05:13 executing program 1: keyctl$set_reqkey_keyring(0xa, 0x0) [ 213.604524][ T3494] Bluetooth: hci2: command 0x0419 tx timeout [ 213.643803][ T9031] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.654644][ T9031] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.676194][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 213.728349][ T9031] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.748638][ T9031] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.772434][ T2977] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 [ 213.772954][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 213.774014][ T9031] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 08:05:13 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x28, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}}, 0xfffffdef}}, 0x0) [ 213.787910][ T2977] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 2977, name: kworker/u16:1 [ 213.800376][ T9031] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.830840][ T2977] 4 locks held by kworker/u16:1/2977: [ 213.834549][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 213.845633][ T2977] #0: ffff888041d89938 ((wq_completion)phy6){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 213.883047][ T2977] #1: ffffc9000ba2fda8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 213.898243][ T2977] #2: ffff8880213e0d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x93/0xe80 [ 213.914675][ T2977] #3: ffffffff8b337820 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x680/0x2ba0 08:05:13 executing program 3: r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000740)='/dev/ocfs2_control\x00', 0x327100, 0x0) recvmsg$can_j1939(r0, 0x0, 0x0) 08:05:13 executing program 0: syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f00000001c0)=@lang_id={0x4}}, {0x0, 0x0}]}) 08:05:13 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000280), 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') 08:05:13 executing program 2: r0 = syz_open_dev$binderN(&(0x7f00000001c0)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0xc, 0x0, &(0x7f0000000200)=[@free_buffer], 0x0, 0x0, 0x0}) [ 213.929528][ T2977] Preemption disabled at: [ 213.930381][ T2977] [] __mutex_lock+0x10f/0x10e0 [ 213.949716][ T2977] CPU: 1 PID: 2977 Comm: kworker/u16:1 Not tainted 5.10.0-rc4-syzkaller #0 08:05:13 executing program 2: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_ifreq(r0, 0x891f, &(0x7f0000000000)={'bond_slave_1\x00', @ifru_mtu}) [ 213.964179][ T2977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 213.970399][ T2977] Workqueue: phy6 ieee80211_iface_work [ 214.024049][ T2977] Call Trace: 08:05:13 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000340)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000a00)={0x4, 0x0, &(0x7f0000000800)=[@exit_looper], 0x0, 0x0, 0x0}) [ 214.024049][ T2977] dump_stack+0x107/0x163 [ 214.024049][ T2977] ? __mutex_lock+0x10f/0x10e0 [ 214.024049][ T2977] ___might_sleep.cold+0x1e8/0x22e [ 214.088940][ T2977] sta_info_move_state+0x32/0x8d0 [ 214.088940][ T2977] sta_info_free+0x65/0x3b0 08:05:14 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000340)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000a00)={0x4, 0x0, &(0x7f0000000800)=[@exit_looper], 0x0, 0x0, 0x0}) [ 214.088940][ T2977] sta_info_insert_rcu+0x303/0x2ba0 [ 214.088940][ T2977] ? find_held_lock+0x2d/0x110 [ 214.088940][ T2977] ? rate_control_rate_init+0x32c/0x6a0 [ 214.088940][ T2977] ? sta_info_free+0x3b0/0x3b0 [ 214.088940][ T2977] ? __local_bh_enable_ip+0x9c/0x110 [ 214.088940][ T2977] ? rate_control_rate_init+0x35f/0x6a0 [ 214.088940][ T2977] ieee80211_ibss_finish_sta+0x212/0x390 [ 214.088940][ T2977] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 214.088940][ T2977] ? __local_bh_enable_ip+0x9c/0x110 [ 214.088940][ T2977] ieee80211_ibss_work+0x2c7/0xe80 [ 214.088940][ T2977] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 214.088940][ T2977] ? mark_held_locks+0x9f/0xe0 [ 214.088940][ T2977] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 214.088940][ T2977] ? lockdep_hardirqs_on+0x79/0x100 [ 214.088940][ T2977] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 214.088940][ T2977] ieee80211_iface_work+0x82e/0x970 [ 214.088940][ T2977] process_one_work+0x933/0x15a0 [ 214.088940][ T2977] ? lock_release+0x710/0x710 [ 214.088940][ T2977] ? pwq_dec_nr_in_flight+0x320/0x320 [ 214.088940][ T2977] ? rwlock_bug.part.0+0x90/0x90 [ 214.088940][ T2977] ? _raw_spin_lock_irq+0x41/0x50 [ 214.088940][ T2977] worker_thread+0x64c/0x1120 [ 214.088940][ T2977] ? process_one_work+0x15a0/0x15a0 [ 214.088940][ T2977] kthread+0x3af/0x4a0 [ 214.088940][ T2977] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 214.088940][ T2977] ret_from_fork+0x1f/0x30 08:05:14 executing program 2: r0 = socket$vsock_stream(0x28, 0x1, 0x0) close(r0) [ 214.432474][ T3494] Bluetooth: hci3: command 0x0419 tx timeout [ 214.436229][ T2977] 08:05:14 executing program 3: pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) write$P9_RWRITE(r0, &(0x7f0000000200)={0xb}, 0xffffffa7) [ 214.447419][ T2977] ============================= [ 214.447419][ T2977] [ BUG: Invalid wait context ] [ 214.468158][ T2977] 5.10.0-rc4-syzkaller #0 Tainted: G W [ 214.482602][ T2977] ----------------------------- [ 214.490334][ T2977] kworker/u16:1/2977 is trying to lock: [ 214.498718][ T2977] ffff88806535a9d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x49/0x140 [ 214.516022][ T2977] other info that might help us debug this: [ 214.524413][ T2977] context-{4:4} [ 214.529383][ T2977] 4 locks held by kworker/u16:1/2977: [ 214.539287][ T2977] #0: ffff888041d89938 ((wq_completion)phy6){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 214.555303][ T2977] #1: ffffc9000ba2fda8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 214.572394][ T2977] #2: ffff8880213e0d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x93/0xe80 [ 214.585677][ T2977] #3: ffffffff8b337820 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x680/0x2ba0 [ 214.598406][ T2977] stack backtrace: [ 214.603086][ T2977] CPU: 0 PID: 2977 Comm: kworker/u16:1 Tainted: G W 5.10.0-rc4-syzkaller #0 [ 214.618809][ T2977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 214.640079][ T2977] Workqueue: phy6 ieee80211_iface_work [ 214.650665][ T2977] Call Trace: [ 214.656768][ T2977] dump_stack+0x107/0x163 [ 214.672908][ T2977] __lock_acquire.cold+0x1d6/0x39f [ 214.683443][ T2977] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 214.698625][ T2977] ? find_held_lock+0x2d/0x110 [ 214.709054][ T2977] lock_acquire+0x2a3/0x8c0 [ 214.716210][ T2977] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 214.726253][ T2977] ? lock_release+0x710/0x710 [ 214.734198][ T2977] __mutex_lock+0x134/0x10e0 [ 214.743529][ T2977] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 214.753840][ T2977] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 214.769365][ T2977] ? mutex_lock_io_nested+0xf60/0xf60 [ 214.784331][ T2977] ? ieee80211_clear_fast_rx+0x58/0x80 [ 214.795210][ T2977] ? mark_held_locks+0x9f/0xe0 [ 214.805160][ T2977] ieee80211_recalc_min_chandef+0x49/0x140 [ 214.814699][ T2977] sta_info_move_state+0x3cf/0x8d0 [ 214.824535][ T2977] sta_info_free+0x65/0x3b0 [ 214.833567][ T2977] sta_info_insert_rcu+0x303/0x2ba0 [ 214.841951][ T2977] ? find_held_lock+0x2d/0x110 [ 214.849252][ T2977] ? rate_control_rate_init+0x32c/0x6a0 [ 214.861042][ T2977] ? sta_info_free+0x3b0/0x3b0 [ 214.868142][ T2977] ? __local_bh_enable_ip+0x9c/0x110 [ 214.880946][ T2977] ? rate_control_rate_init+0x35f/0x6a0 [ 214.894956][ T2977] ieee80211_ibss_finish_sta+0x212/0x390 [ 214.905504][ T2977] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 214.919856][ T2977] ? __local_bh_enable_ip+0x9c/0x110 [ 214.934597][ T2977] ieee80211_ibss_work+0x2c7/0xe80 [ 214.952001][ T2977] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 214.966906][ T2977] ? mark_held_locks+0x9f/0xe0 [ 214.976752][ T2977] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 215.001274][ T2977] ? lockdep_hardirqs_on+0x79/0x100 [ 215.022333][ T2977] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 215.037501][ T2977] ieee80211_iface_work+0x82e/0x970 [ 215.046362][ T2977] process_one_work+0x933/0x15a0 [ 215.059553][ T2977] ? lock_release+0x710/0x710 [ 215.068582][ T2977] ? pwq_dec_nr_in_flight+0x320/0x320 [ 215.075825][ T2977] ? rwlock_bug.part.0+0x90/0x90 [ 215.086143][ T2977] ? _raw_spin_lock_irq+0x41/0x50 [ 215.089365][ T2977] worker_thread+0x64c/0x1120 [ 215.097158][ T2977] ? process_one_work+0x15a0/0x15a0 [ 215.100102][ T2977] kthread+0x3af/0x4a0 [ 215.109306][ T2977] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 215.115378][ T2977] ret_from_fork+0x1f/0x30 [ 215.131299][ T2977] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 [ 215.146359][ T2977] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 2977, name: kworker/u16:1 [ 215.167485][ T2977] INFO: lockdep is turned off. [ 215.179541][ T2977] Preemption disabled at: [ 215.179563][ T2977] [] preempt_schedule_thunk+0x16/0x18 [ 215.211550][ T2977] CPU: 1 PID: 2977 Comm: kworker/u16:1 Tainted: G W 5.10.0-rc4-syzkaller #0 [ 215.219943][ T5] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 215.220621][ T2977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 215.220621][ T2977] Workqueue: phy6 ieee80211_iface_work [ 215.220621][ T2977] Call Trace: [ 215.220621][ T2977] dump_stack+0x107/0x163 [ 215.220621][ T2977] ? preempt_schedule_thunk+0x16/0x18 [ 215.220621][ T2977] ___might_sleep.cold+0x1e8/0x22e [ 215.220621][ T2977] sta_info_move_state+0x32/0x8d0 [ 215.220621][ T2977] sta_info_free+0x65/0x3b0 [ 215.220621][ T2977] sta_info_insert_rcu+0x303/0x2ba0 [ 215.220621][ T2977] ? find_held_lock+0x2d/0x110 [ 215.220621][ T2977] ? rate_control_rate_init+0x32c/0x6a0 [ 215.220621][ T2977] ? sta_info_free+0x3b0/0x3b0 [ 215.220621][ T2977] ? __local_bh_enable_ip+0x9c/0x110 [ 215.220621][ T2977] ? rate_control_rate_init+0x35f/0x6a0 [ 215.220621][ T2977] ieee80211_ibss_finish_sta+0x212/0x390 [ 215.220621][ T2977] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 215.220621][ T2977] ? __local_bh_enable_ip+0x9c/0x110 [ 215.220621][ T2977] ieee80211_ibss_work+0x2c7/0xe80 [ 215.220621][ T2977] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 215.220621][ T2977] ? mark_held_locks+0x9f/0xe0 [ 215.220621][ T2977] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 215.220621][ T2977] ? lockdep_hardirqs_on+0x79/0x100 [ 215.220621][ T2977] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 215.220621][ T2977] ieee80211_iface_work+0x82e/0x970 [ 215.220621][ T2977] process_one_work+0x933/0x15a0 [ 215.220621][ T2977] ? lock_release+0x710/0x710 [ 215.220621][ T2977] ? pwq_dec_nr_in_flight+0x320/0x320 [ 215.220621][ T2977] ? rwlock_bug.part.0+0x90/0x90 [ 215.220621][ T2977] ? _raw_spin_lock_irq+0x41/0x50 [ 215.220621][ T2977] worker_thread+0x64c/0x1120 [ 215.220621][ T2977] ? process_one_work+0x15a0/0x15a0 [ 215.220621][ T2977] kthread+0x3af/0x4a0 [ 215.220621][ T2977] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 215.220621][ T2977] ret_from_fork+0x1f/0x30 [ 216.199569][ T5] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 216.237968][ T5] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 216.269100][ T5] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 216.650990][ T5] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 216.677082][ T5] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.700632][ T5] usb 5-1: Product: syz [ 216.706315][ T5] usb 5-1: SerialNumber: syz 08:05:16 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000380)={0x1, &(0x7f0000000340)=[{0x3, 0x0, 0x0, 0x7acddfa1}]}) 08:05:16 executing program 2: r0 = socket$vsock_stream(0x28, 0x1, 0x0) close(r0) 08:05:16 executing program 3: pkey_mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) msync(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) 08:05:16 executing program 1: openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/renderD128\x00', 0x26002, 0x0) 08:05:16 executing program 2: syz_io_uring_setup(0x1ba2, &(0x7f0000000080)={0x0, 0x0, 0x4}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000), &(0x7f0000000100)) 08:05:16 executing program 3: bpf$BPF_PROG_WITH_BTFID_LOAD(0xf, &(0x7f0000000300)=@bpf_lsm={0x1d, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) 08:05:16 executing program 1: openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/renderD128\x00', 0x26002, 0x0) 08:05:16 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x800, 0x0) read(r0, &(0x7f0000000080)=""/86, 0x56) [ 217.019924][ T5] usb 5-1: 0:2 : does not exist 08:05:16 executing program 2: openat$drirender128(0xffffffffffffff9c, &(0x7f0000001840)='/dev/dri/renderD128\x00', 0x0, 0x0) syz_io_uring_setup(0x2372, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x3, 0x194}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) 08:05:16 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x800, 0x0) read(r0, &(0x7f0000000080)=""/86, 0x56) 08:05:16 executing program 1: pipe2(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RWRITE(r1, &(0x7f0000000200)={0xb}, 0xffffffa7) write$P9_RWRITE(0xffffffffffffffff, &(0x7f00000007c0)={0xb}, 0xb) pipe2(&(0x7f0000000680), 0x0) read$fb(r0, &(0x7f00000000c0)=""/44, 0x2c) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x82040, 0x0) 08:05:16 executing program 3: syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f00000001c0)=@lang_id={0x4}}, {0xac, &(0x7f0000000200)=@string={0xac, 0x3, "bafa9fe301a83d68188bc6b4cba71dec7a5f63b4aba9e0ab988c0a5f7ce626f294987fc9185a0b828c3aa02df69ffaed3116c6ed83be5d6a9628b0fc624ecec01f4fa3429987d5ff43b4745f50b578a4994acc999a59e713dc8fb5ad5a40d8fc60fef5ae9aaf0e56f88675a769935588275dee9310ff9e312717445dde998eb8c1a65575140eddbee5b53a6e38693f6eb4a99dfaceac333d1d0739d94ac942a0e74d8568d3ffd2d110dc"}}]}) [ 217.062851][ T9135] ------------[ cut here ]------------ [ 217.069848][ T9135] WARNING: CPU: 3 PID: 9135 at include/linux/cpumask.h:137 try_to_wake_up+0xd5e/0x1300 [ 217.103823][ T9135] Modules linked in: [ 217.106445][ T5] usb 5-1: USB disconnect, device number 2 08:05:17 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x24, r1, 0xa01, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_IE={0xa, 0x2a, [@ext_channel_switch={0x3c, 0x4}]}]}, 0x24}}, 0x0) [ 217.112536][ T9135] CPU: 3 PID: 9135 Comm: io_wq_manager Tainted: G W 5.10.0-rc4-syzkaller #0 08:05:17 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x24, r1, 0xa01, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_IE={0xa, 0x2a, [@ext_channel_switch={0x3c, 0x4}]}]}, 0x24}}, 0x0) [ 217.112536][ T9135] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 217.112536][ T9135] RIP: 0010:try_to_wake_up+0xd5e/0x1300 08:05:17 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x24, r1, 0xa01, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_IE={0xa, 0x2a, [@ext_channel_switch={0x3c, 0x4}]}]}, 0x24}}, 0x0) 08:05:17 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x24, r1, 0xa01, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_IE={0xa, 0x2a, [@ext_channel_switch={0x3c, 0x4}]}]}, 0x24}}, 0x0) [ 217.112536][ T9135] Code: 70 02 00 00 65 ff 0d 11 77 b5 7e 4c 8d 75 40 0f 85 da f8 ff ff e8 c1 cc b3 ff e9 d0 f8 ff ff 41 bd 01 00 00 00 e9 6e f3 ff ff <0f> 0b e9 2d f6 ff ff 48 8d bd 98 01 00 00 48 b8 00 00 00 00 00 fc [ 217.112536][ T9135] RSP: 0018:ffffc90001fbfd50 EFLAGS: 00010002 [ 217.112536][ T9135] RAX: dffffc0000000000 RBX: 1ffff920003f7faf RCX: ffff88804022a4f0 [ 217.112536][ T9135] RDX: 1ffff1100804549d RSI: ffffffff83b59b6b RDI: 0000000000000006 [ 217.112536][ T9135] RBP: ffff88804022a180 R08: 0000000000000008 R09: ffffffff8cecb6cf [ 217.112536][ T9135] R10: 0000000000000040 R11: 0000000000000158 R12: 0000000000000202 [ 217.112536][ T9135] R13: ffff88804022a9b0 R14: ffff88804022a1c0 R15: ffff88804022a4e8 [ 217.112536][ T9135] FS: 0000000000000000(0000) GS:ffff88802cf00000(0000) knlGS:0000000000000000 [ 217.112536][ T9135] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 217.112536][ T9135] CR2: 0000000008188000 CR3: 000000004c2aa000 CR4: 0000000000350ee0 [ 217.112536][ T9135] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 217.112536][ T9135] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 217.112536][ T9135] Call Trace: [ 217.112536][ T9135] ? lock_downgrade+0x6d0/0x6d0 [ 217.112536][ T9135] ? migrate_swap_stop+0x9f0/0x9f0 [ 217.112536][ T9135] ? rwlock_bug.part.0+0x90/0x90 [ 217.112536][ T9135] ? trace_hardirqs_on+0x5b/0x1c0 [ 217.112536][ T9135] create_io_worker+0x590/0x8d0 [ 217.112536][ T9135] io_wq_manager+0x16b/0xb80 [ 217.112536][ T9135] ? io_wq_for_each_worker.isra.0+0x370/0x370 [ 217.112536][ T9135] ? __kthread_parkme+0x13f/0x1e0 [ 217.112536][ T9135] ? io_wq_for_each_worker.isra.0+0x370/0x370 [ 217.112536][ T9135] kthread+0x3af/0x4a0 [ 217.112536][ T9135] ? _raw_spin_unlock_irq+0x1f/0x40 [ 217.112536][ T9135] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 217.112536][ T9135] ret_from_fork+0x1f/0x30 [ 217.112536][ T9135] Kernel panic - not syncing: panic_on_warn set ... [ 217.112536][ T9135] CPU: 3 PID: 9135 Comm: io_wq_manager Tainted: G W 5.10.0-rc4-syzkaller #0 [ 217.112536][ T9135] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 217.112536][ T9135] Call Trace: [ 217.112536][ T9135] dump_stack+0x107/0x163 [ 217.112536][ T9135] panic+0x306/0x73d [ 217.112536][ T9135] ? __warn_printk+0xf3/0xf3 [ 217.112536][ T9135] ? __warn.cold+0x1a/0x44 [ 217.112536][ T9135] ? __warn+0xf1/0x210 [ 217.112536][ T9135] ? try_to_wake_up+0xd5e/0x1300 [ 217.112536][ T9135] __warn.cold+0x35/0x44 [ 217.112536][ T9135] ? try_to_wake_up+0xd5e/0x1300 [ 217.112536][ T9135] report_bug+0x1bd/0x210 [ 217.112536][ T9135] handle_bug+0x3c/0x60 [ 217.430464][ T9036] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 217.438787][ T9135] exc_invalid_op+0x14/0x40 [ 217.723474][ T9135] asm_exc_invalid_op+0x12/0x20 [ 217.736713][ T9135] RIP: 0010:try_to_wake_up+0xd5e/0x1300 [ 217.743772][ T9135] Code: 70 02 00 00 65 ff 0d 11 77 b5 7e 4c 8d 75 40 0f 85 da f8 ff ff e8 c1 cc b3 ff e9 d0 f8 ff ff 41 bd 01 00 00 00 e9 6e f3 ff ff <0f> 0b e9 2d f6 ff ff 48 8d bd 98 01 00 00 48 b8 00 00 00 00 00 fc [ 217.774739][ T9135] RSP: 0018:ffffc90001fbfd50 EFLAGS: 00010002 [ 217.783121][ T9135] RAX: dffffc0000000000 RBX: 1ffff920003f7faf RCX: ffff88804022a4f0 [ 217.795147][ T9135] RDX: 1ffff1100804549d RSI: ffffffff83b59b6b RDI: 0000000000000006 [ 217.805799][ T9135] RBP: ffff88804022a180 R08: 0000000000000008 R09: ffffffff8cecb6cf [ 217.815603][ T9135] R10: 0000000000000040 R11: 0000000000000158 R12: 0000000000000202 [ 217.826272][ T9135] R13: ffff88804022a9b0 R14: ffff88804022a1c0 R15: ffff88804022a4e8 [ 217.831300][ T9036] usb 8-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 217.844894][ T9135] ? find_first_bit+0x8b/0xb0 [ 217.844894][ T9135] ? lock_downgrade+0x6d0/0x6d0 [ 217.844894][ T9135] ? migrate_swap_stop+0x9f0/0x9f0 [ 217.844894][ T9135] ? rwlock_bug.part.0+0x90/0x90 [ 217.844894][ T9135] ? trace_hardirqs_on+0x5b/0x1c0 [ 217.844894][ T9135] create_io_worker+0x590/0x8d0 [ 217.844894][ T9135] io_wq_manager+0x16b/0xb80 [ 217.844894][ T9135] ? io_wq_for_each_worker.isra.0+0x370/0x370 [ 217.868324][ T9036] usb 8-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 217.876673][ T9135] ? __kthread_parkme+0x13f/0x1e0 [ 217.876673][ T9135] ? io_wq_for_each_worker.isra.0+0x370/0x370 [ 217.876673][ T9135] kthread+0x3af/0x4a0 [ 217.876673][ T9135] ? _raw_spin_unlock_irq+0x1f/0x40 [ 217.876673][ T9135] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 217.876673][ T9135] ret_from_fork+0x1f/0x30 [ 217.876673][ T9135] Kernel Offset: disabled [ 217.876673][ T9135] Rebooting in 86400 seconds.. VM DIAGNOSIS: 08:05:14 Registers: info registers vcpu 0 RAX=00000000000e8a53 RBX=ffffffff8b09af80 RCX=1ffffffff19d8fa1 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=fffffbfff16135f0 RSP=ffffffff8b007e40 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=ffffffff8cecb6c8 R15=0000000000000000 RIP=ffffffff88e7dc73 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cc00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000008180ab0 CR3=0000000062789000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000052 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff840e8d11 RDI=ffffffff8fad9ae0 RBP=ffffffff8fad9aa0 RSP=ffffc90001a77738 R8 =0000000000000001 R9 =0000000000000003 R10=0000000000000000 R11=0000000000000000 R12=000000000000005b R13=000000000000005b R14=ffffffff8fad9aa0 R15=dffffc0000000000 RIP=ffffffff840e8d68 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cd00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fda7fbe6000 CR3=0000000062789000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000052 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff8158d68b RDX=ffff888015262180 RSI=ffffffff8158d679 RDI=0000000000000001 RBP=0000000000000200 RSP=ffffc9000ba2f760 R8 =0000000000000001 R9 =ffffffff8ecc36cf R10=0000000000000000 R11=0000000000000000 R12=0000000000000050 R13=0000000000000293 R14=ffff88801a158000 R15=0000000000000000 RIP=ffffffff8158d67b RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802ce00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2599335330 CR3=0000000064dda000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffff0000ff0000000000000000000000 XMM02=000000000000000000000000ffffffff XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=dffffc0000000000 RBX=ffffffffffffffff RCX=ffffc900017b79e8 RDX=1ffff11002554980 RSI=0000000000000001 RDI=0000000000000000 RBP=fffff520002f6f35 RSP=ffffc900017b7998 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=0000000000000000 R13=0000000000000001 R14=ffff888012aa4c08 R15=ffff888012aa4300 RIP=ffffffff81564871 RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802cf00000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000f2f350 CR3=0000000064dda000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffff0000ff0000000000000000000000 XMM02=000000000000000000000000ffffffff XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000