[ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ 54.217299][ T8439] bash (8439) used greatest stack depth: 23224 bytes left Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.122' (ECDSA) to the list of known hosts. 2020/11/17 13:00:32 fuzzer started 2020/11/17 13:00:32 connecting to host at 10.128.0.26:43753 2020/11/17 13:00:32 checking machine... 2020/11/17 13:00:32 checking revisions... 2020/11/17 13:00:32 testing simple program... syzkaller login: [ 64.825467][ T8487] IPVS: ftp: loaded support on port[0] = 21 [ 64.997474][ T8487] chnl_net:caif_netlink_parms(): no params data found [ 65.050008][ T8487] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.058349][ T8487] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.066990][ T8487] device bridge_slave_0 entered promiscuous mode [ 65.076259][ T8487] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.083546][ T8487] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.091136][ T8487] device bridge_slave_1 entered promiscuous mode [ 65.110819][ T8487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.121615][ T8487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.144106][ T8487] team0: Port device team_slave_0 added [ 65.151317][ T8487] team0: Port device team_slave_1 added [ 65.168971][ T8487] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.175945][ T8487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.201896][ T8487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.215059][ T8487] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.221995][ T8487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.247924][ T8487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.274831][ T8487] device hsr_slave_0 entered promiscuous mode [ 65.281426][ T8487] device hsr_slave_1 entered promiscuous mode [ 65.379915][ T8487] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.390710][ T8487] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.400594][ T8487] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.410575][ T8487] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.435943][ T8487] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.443065][ T8487] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.450995][ T8487] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.458135][ T8487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.506908][ T8487] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.520276][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.530835][ T3192] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.539256][ T3192] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.547650][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 65.560526][ T8487] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.573396][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.581737][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.588862][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.603562][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.611839][ T3192] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.618944][ T3192] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.645189][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.654619][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.662899][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.671284][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.680663][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.691371][ T8487] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 65.712574][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.720089][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 65.736380][ T8487] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.756243][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.776020][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.785221][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.792964][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.804417][ T8487] device veth0_vlan entered promiscuous mode [ 65.816507][ T8487] device veth1_vlan entered promiscuous mode [ 65.838732][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 65.847472][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 65.855773][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.867136][ T8487] device veth0_macvtap entered promiscuous mode [ 65.878293][ T8487] device veth1_macvtap entered promiscuous mode [ 65.896333][ T8487] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.904497][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.914227][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.927606][ T8487] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.936220][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 65.948996][ T8487] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.959193][ T8487] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.968202][ T8487] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.976955][ T8487] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.063436][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.075951][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.102187][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.122707][ T21] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.132022][ T21] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.141094][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 66.176055][ T8] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 [ 66.193766][ T8] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 8, name: kworker/u4:0 [ 66.204352][ T8] 4 locks held by kworker/u4:0/8: [ 66.209395][ T8] #0: ffff88801c2db938 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 66.233112][ T8] #1: ffffc90000cd7da8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 66.248648][ T8] #2: ffff88802792cd00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x93/0xe80 [ 66.273056][ T8] #3: ffffffff8b337160 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x680/0x2ba0 2020/11/17 13:00:35 building call list... [ 66.293325][ T8] Preemption disabled at: [ 66.293355][ T8] [] __mutex_lock+0x10f/0x10e0 [ 66.319261][ T8] CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.10.0-rc3-syzkaller #0 [ 66.327546][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.337621][ T8] Workqueue: phy3 ieee80211_iface_work [ 66.343091][ T8] Call Trace: [ 66.346390][ T8] dump_stack+0x107/0x163 [ 66.350732][ T8] ? __mutex_lock+0x10f/0x10e0 [ 66.355505][ T8] ___might_sleep.cold+0x1e8/0x22e [ 66.360631][ T8] sta_info_move_state+0x32/0x8d0 [ 66.365670][ T8] sta_info_free+0x65/0x3b0 [ 66.370183][ T8] sta_info_insert_rcu+0x303/0x2ba0 [ 66.375391][ T8] ? find_held_lock+0x2d/0x110 [ 66.380167][ T8] ? rate_control_rate_init+0x32c/0x6a0 [ 66.385725][ T8] ? sta_info_free+0x3b0/0x3b0 [ 66.390494][ T8] ? __local_bh_enable_ip+0x9c/0x110 [ 66.395796][ T8] ? rate_control_rate_init+0x35f/0x6a0 [ 66.401352][ T8] ieee80211_ibss_finish_sta+0x212/0x390 [ 66.406990][ T8] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 66.413065][ T8] ? __local_bh_enable_ip+0x9c/0x110 [ 66.418370][ T8] ieee80211_ibss_work+0x2c7/0xe80 [ 66.423493][ T8] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 66.429835][ T8] ? mark_held_locks+0x9f/0xe0 [ 66.434613][ T8] ? _raw_spin_unlock_irqrestore+0x42/0x50 executing program [ 66.440424][ T8] ? lockdep_hardirqs_on+0x79/0x100 [ 66.445628][ T8] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 66.451445][ T8] ieee80211_iface_work+0x91f/0xa90 [ 66.456661][ T8] process_one_work+0x933/0x15a0 [ 66.461612][ T8] ? lock_release+0x710/0x710 [ 66.466291][ T8] ? pwq_dec_nr_in_flight+0x320/0x320 [ 66.471670][ T8] ? rwlock_bug.part.0+0x90/0x90 [ 66.476610][ T8] ? _raw_spin_lock_irq+0x41/0x50 [ 66.481649][ T8] worker_thread+0x64c/0x1120 [ 66.486342][ T8] ? process_one_work+0x15a0/0x15a0 [ 66.491552][ T8] kthread+0x3af/0x4a0 [ 66.495630][ T8] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 66.501534][ T8] ret_from_fork+0x1f/0x30 [ 66.544322][ T8] [ 66.546669][ T8] ============================= [ 66.551500][ T8] [ BUG: Invalid wait context ] [ 66.556540][ T8] 5.10.0-rc3-syzkaller #0 Tainted: G W [ 66.563284][ T8] ----------------------------- [ 66.568117][ T8] kworker/u4:0/8 is trying to lock: [ 66.573297][ T8] ffff88801c1ca9d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x49/0x140 [ 66.583898][ T8] other info that might help us debug this: [ 66.589775][ T8] context-{4:4} [ 66.593222][ T8] 4 locks held by kworker/u4:0/8: [ 66.598224][ T8] #0: ffff88801c2db938 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 66.608391][ T8] #1: ffffc90000cd7da8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 66.619721][ T8] #2: ffff88802792cd00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x93/0xe80 [ 66.629199][ T8] #3: ffffffff8b337160 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x680/0x2ba0 [ 66.639105][ T8] stack backtrace: [ 66.642816][ T8] CPU: 0 PID: 8 Comm: kworker/u4:0 Tainted: G W 5.10.0-rc3-syzkaller #0 [ 66.652429][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.662486][ T8] Workqueue: phy3 ieee80211_iface_work [ 66.667933][ T8] Call Trace: [ 66.671217][ T8] dump_stack+0x107/0x163 [ 66.675545][ T8] __lock_acquire.cold+0x310/0x3a2 [ 66.680658][ T8] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 66.686718][ T8] ? find_held_lock+0x2d/0x110 [ 66.691473][ T8] lock_acquire+0x2a3/0x8c0 [ 66.695981][ T8] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 66.701952][ T8] ? lock_release+0x710/0x710 [ 66.706623][ T8] __mutex_lock+0x134/0x10e0 [ 66.711203][ T8] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 66.717188][ T8] ? ieee80211_recalc_min_chandef+0x49/0x140 [ 66.723165][ T8] ? mutex_lock_io_nested+0xf60/0xf60 [ 66.728532][ T8] ? ieee80211_clear_fast_rx+0x58/0x80 [ 66.733985][ T8] ? mark_held_locks+0x9f/0xe0 [ 66.738743][ T8] ieee80211_recalc_min_chandef+0x49/0x140 [ 66.744541][ T8] sta_info_move_state+0x3cf/0x8d0 [ 66.749644][ T8] sta_info_free+0x65/0x3b0 [ 66.754138][ T8] sta_info_insert_rcu+0x303/0x2ba0 [ 66.759334][ T8] ? find_held_lock+0x2d/0x110 [ 66.764093][ T8] ? rate_control_rate_init+0x32c/0x6a0 [ 66.769643][ T8] ? sta_info_free+0x3b0/0x3b0 [ 66.774408][ T8] ? __local_bh_enable_ip+0x9c/0x110 [ 66.779699][ T8] ? rate_control_rate_init+0x35f/0x6a0 [ 66.785347][ T8] ieee80211_ibss_finish_sta+0x212/0x390 [ 66.790978][ T8] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 66.797044][ T8] ? __local_bh_enable_ip+0x9c/0x110 [ 66.802335][ T8] ieee80211_ibss_work+0x2c7/0xe80 [ 66.807565][ T8] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 66.813887][ T8] ? mark_held_locks+0x9f/0xe0 [ 66.818643][ T8] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 66.824440][ T8] ? lockdep_hardirqs_on+0x79/0x100 [ 66.829627][ T8] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 66.835427][ T8] ieee80211_iface_work+0x91f/0xa90 [ 66.840705][ T8] process_one_work+0x933/0x15a0 [ 66.843157][ T3192] Bluetooth: hci0: command 0x0409 tx timeout [ 66.845724][ T8] ? lock_release+0x710/0x710 [ 66.856335][ T8] ? pwq_dec_nr_in_flight+0x320/0x320 [ 66.861703][ T8] ? rwlock_bug.part.0+0x90/0x90 [ 66.866640][ T8] ? _raw_spin_lock_irq+0x41/0x50 [ 66.871664][ T8] worker_thread+0x64c/0x1120 [ 66.876339][ T8] ? process_one_work+0x15a0/0x15a0 [ 66.881528][ T8] kthread+0x3af/0x4a0 [ 66.885593][ T8] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 66.891479][ T8] ret_from_fork+0x1f/0x30 [ 67.068437][ T8] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.155666][ T8] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.224196][ T8] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.297744][ T8] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.493771][ T8] device hsr_slave_0 left promiscuous mode [ 68.500008][ T8] device hsr_slave_1 left promiscuous mode [ 68.514444][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 68.523607][ T8] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 68.532495][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 68.540742][ T8] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 68.550787][ T8] device bridge_slave_1 left promiscuous mode [ 68.557572][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.566447][ T8] device bridge_slave_0 left promiscuous mode [ 68.572630][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.583737][ T8] device veth1_macvtap left promiscuous mode [ 68.589745][ T8] device veth0_macvtap left promiscuous mode [ 68.596233][ T8] device veth1_vlan left promiscuous mode [ 68.602146][ T8] device veth0_vlan left promiscuous mode executing program [ 69.474415][ T8] team0 (unregistering): Port device team_slave_1 removed [ 69.484408][ T8] team0 (unregistering): Port device team_slave_0 removed [ 69.496390][ T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 69.507150][ T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 69.533637][ T8] bond0 (unregistering): Released all slaves [ 69.599473][ T8472] can: request_module (can-proto-0) failed. [ 70.007771][ T8472] can: request_module (can-proto-0) failed. [ 70.017227][ T8472] can: request_module (can-proto-0) failed. [ 70.153963][ T8472] base_sock_release(00000000286a07e0) sk=00000000a72bbea7