[ 191.033769][ T7] Bluetooth: hci1: command 0x0406 tx timeout [ 191.042070][ T7] Bluetooth: hci0: command 0x0406 tx timeout [ 194.012723][ T3225] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.019551][ T3225] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.444148][ T3225] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.450578][ T3225] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.886554][ T3225] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.893074][ T3225] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.312226][ T3225] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.319720][ T3225] ieee802154 phy1 wpan1: encryption failed: -22 [ 427.204332][ T278] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 427.365234][ T278] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 427.504978][ T278] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 427.656607][ T278] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 Warning: Permanently added '10.128.10.63' (ECDSA) to the list of known hosts. [ 429.239714][ T35] audit: type=1400 audit(1620517823.393:11): avc: denied { execmem } for pid=28629 comm="syz-executor575" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 429.725949][ T278] device hsr_slave_0 left promiscuous mode [ 429.733473][ T278] device hsr_slave_1 left promiscuous mode [ 429.744357][ T278] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 429.752400][ T278] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 429.763440][ T278] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 429.773244][ T278] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 429.784069][ T278] device bridge_slave_1 left promiscuous mode [ 429.791530][ T278] bridge0: port 2(bridge_slave_1) entered disabled state [ 429.801114][ T278] device bridge_slave_0 left promiscuous mode [ 429.808654][ T278] bridge0: port 1(bridge_slave_0) entered disabled state [ 429.820293][ T278] device veth1_macvtap left promiscuous mode [ 429.826711][ T278] device veth0_macvtap left promiscuous mode [ 429.834862][ T278] device veth1_vlan left promiscuous mode [ 429.842645][ T278] device veth0_vlan left promiscuous mode [ 430.371844][T28630] IPVS: ftp: loaded support on port[0] = 21 [ 432.387100][ T7] Bluetooth: hci0: command 0x0409 tx timeout [ 434.055399][ T278] team0 (unregistering): Port device team_slave_1 removed [ 434.071159][ T278] team0 (unregistering): Port device team_slave_0 removed [ 434.084846][ T278] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 434.102668][ T278] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 434.161304][ T278] bond0 (unregistering): Released all slaves [ 434.315104][ T190] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 434.328651][ T190] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 434.364949][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 434.386794][ T190] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 434.397581][ T190] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 434.409368][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 434.452282][ T190] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 [ 434.462576][ T190] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 190, name: kworker/u4:4 [ 434.473796][ T190] 4 locks held by kworker/u4:4/190: [ 434.474536][ T8758] Bluetooth: hci0: command 0x041b tx timeout [ 434.479547][ T190] #0: ffff8880318da938 ((wq_completion)phy17){+.+.}-{0:0}, at: process_one_work+0x680/0x1230 [ 434.497889][ T190] #1: ffffc900014c7db0 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x6ad/0x1230 [ 434.515255][ T190] #2: ffff8880327a0d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x8d/0xcc0 [ 434.525799][ T190] #3: ffffffff8aa08280 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x5a1/0x2700 [ 434.537172][ T190] Preemption disabled at: [ 434.537297][ T190] [] __mutex_lock+0x10f/0x1210 [ 434.549509][ T190] CPU: 1 PID: 190 Comm: kworker/u4:4 Not tainted 5.10.0-rc1-syzkaller #0 [ 434.558481][ T190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 434.569217][ T190] Workqueue: phy17 ieee80211_iface_work [ 434.575165][ T190] Call Trace: [ 434.578861][ T190] dump_stack+0x9a/0xcc [ 434.583123][ T190] ? __mutex_lock+0x10f/0x1210 [ 434.588707][ T190] ___might_sleep.cold+0x65/0x79 [ 434.593767][ T190] sta_info_move_state+0x2b/0x9d0 [ 434.598778][ T190] sta_info_free+0x5c/0x340 [ 434.603680][ T190] sta_info_insert_rcu+0x2a5/0x2700 [ 434.609280][ T190] ? find_held_lock+0x2d/0x110 [ 434.614120][ T190] ? rate_control_rate_init+0x2ce/0x580 [ 434.619760][ T190] ? sta_info_free+0x340/0x340 [ 434.624757][ T190] ? __local_bh_enable_ip+0x9c/0x110 [ 434.630127][ T190] ? rate_control_rate_init+0x2f7/0x580 [ 434.635870][ T190] ieee80211_ibss_finish_sta+0x1af/0x2d0 [ 434.641593][ T190] ? ieee80211_ibss_build_presp+0x1ab0/0x1ab0 [ 434.648095][ T190] ? __local_bh_enable_ip+0x9c/0x110 [ 434.653732][ T190] ieee80211_ibss_work+0x265/0xcc0 [ 434.659043][ T190] ? mark_held_locks+0x9f/0xe0 [ 434.663801][ T190] ? ieee80211_ibss_rx_queued_mgmt+0x1340/0x1340 [ 434.670777][ T190] ? lockdep_hardirqs_on_prepare+0x187/0x420 [ 434.677306][ T190] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 434.683246][ T190] ? lockdep_hardirqs_on+0x85/0x110 [ 434.688848][ T190] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 434.694912][ T190] ? skb_dequeue+0x110/0x1a0 [ 434.699681][ T190] ? ieee80211_iface_work+0x24e/0x7e0 [ 434.705155][ T190] process_one_work+0x75b/0x1230 [ 434.710684][ T190] ? lock_release+0x710/0x710 [ 434.715510][ T190] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 434.721048][ T190] ? rwlock_bug.part.0+0x90/0x90 [ 434.726084][ T190] ? _raw_spin_lock_irq+0x41/0x50 [ 434.731523][ T190] worker_thread+0x598/0xf80 [ 434.736571][ T190] ? process_one_work+0x1230/0x1230 [ 434.742036][ T190] kthread+0x36d/0x450 [ 434.746241][ T190] ? _raw_spin_unlock_irq+0x1f/0x40 [ 434.752453][ T190] ? __kthread_bind_mask+0x90/0x90 [ 434.757934][ T190] ret_from_fork+0x1f/0x30 [ 434.778845][ T190] [ 434.781554][ T190] ============================= [ 434.786672][ T190] [ BUG: Invalid wait context ] [ 434.791496][ T190] 5.10.0-rc1-syzkaller #0 Tainted: G W [ 434.798364][ T190] ----------------------------- [ 434.803187][ T190] kworker/u4:4/190 is trying to lock: [ 434.808681][ T190] ffff88802fc229d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x43/0x100 [ 434.819715][ T190] other info that might help us debug this: [ 434.825790][ T190] context-{4:4} [ 434.829483][ T190] 4 locks held by kworker/u4:4/190: [ 434.837211][ T190] #0: ffff8880318da938 ((wq_completion)phy17){+.+.}-{0:0}, at: process_one_work+0x680/0x1230 [ 434.848176][ T190] #1: ffffc900014c7db0 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x6ad/0x1230 [ 434.859475][ T190] #2: ffff8880327a0d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x8d/0xcc0 [ 434.870497][ T190] #3: ffffffff8aa08280 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x5a1/0x2700 [ 434.880639][ T190] stack backtrace: [ 434.884332][ T190] CPU: 0 PID: 190 Comm: kworker/u4:4 Tainted: G W 5.10.0-rc1-syzkaller #0 [ 434.894117][ T190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 434.904175][ T190] Workqueue: phy17 ieee80211_iface_work [ 434.909702][ T190] Call Trace: [ 434.913240][ T190] dump_stack+0x9a/0xcc [ 434.917814][ T190] __lock_acquire.cold+0x333/0x3cc [ 434.923241][ T190] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 434.929446][ T190] lock_acquire+0x2a3/0x910 [ 434.933927][ T190] ? ieee80211_recalc_min_chandef+0x43/0x100 [ 434.940772][ T190] ? lock_release+0x710/0x710 [ 434.945452][ T190] __mutex_lock+0x134/0x1210 [ 434.950267][ T190] ? ieee80211_recalc_min_chandef+0x43/0x100 [ 434.956669][ T190] ? ieee80211_recalc_min_chandef+0x43/0x100 [ 434.962873][ T190] ? mutex_lock_io_nested+0x1090/0x1090 [ 434.968667][ T190] ? ieee80211_clear_fast_rx+0x66/0x90 [ 434.974471][ T190] ? mark_held_locks+0x9f/0xe0 [ 434.979508][ T190] ieee80211_recalc_min_chandef+0x43/0x100 [ 434.985632][ T190] sta_info_move_state+0x140/0x9d0 [ 434.990861][ T190] sta_info_free+0x5c/0x340 [ 434.995607][ T190] sta_info_insert_rcu+0x2a5/0x2700 [ 435.001083][ T190] ? find_held_lock+0x2d/0x110 [ 435.006012][ T190] ? rate_control_rate_init+0x2ce/0x580 [ 435.011925][ T190] ? sta_info_free+0x340/0x340 [ 435.017031][ T190] ? __local_bh_enable_ip+0x9c/0x110 [ 435.022394][ T190] ? rate_control_rate_init+0x2f7/0x580 [ 435.028475][ T190] ieee80211_ibss_finish_sta+0x1af/0x2d0 [ 435.034356][ T190] ? ieee80211_ibss_build_presp+0x1ab0/0x1ab0 [ 435.040589][ T190] ? __local_bh_enable_ip+0x9c/0x110 [ 435.045852][ T190] ieee80211_ibss_work+0x265/0xcc0 [ 435.051384][ T190] ? mark_held_locks+0x9f/0xe0 [ 435.056405][ T190] ? ieee80211_ibss_rx_queued_mgmt+0x1340/0x1340 [ 435.062800][ T190] ? lockdep_hardirqs_on_prepare+0x187/0x420 [ 435.069054][ T190] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 435.075007][ T190] ? lockdep_hardirqs_on+0x85/0x110 [ 435.080555][ T190] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 435.086343][ T190] ? skb_dequeue+0x110/0x1a0 [ 435.091525][ T190] ? ieee80211_iface_work+0x24e/0x7e0 [ 435.097283][ T190] process_one_work+0x75b/0x1230 [ 435.102203][ T190] ? lock_release+0x710/0x710 [ 435.106998][ T190] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 435.112818][ T190] ? rwlock_bug.part.0+0x90/0x90 [ 435.117906][ T190] ? _raw_spin_lock_irq+0x41/0x50 [ 435.123019][ T190] worker_thread+0x598/0xf80 [ 435.127920][ T190] ? process_one_work+0x1230/0x1230 [ 435.133203][ T190] kthread+0x36d/0x450 [ 435.137552][ T190] ? _raw_spin_unlock_irq+0x1f/0x40 [ 435.142874][ T190] ? __kthread_bind_mask+0x90/0x90 [ 435.147963][ T190] ret_from_fork+0x1f/0x30