[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.214' (ECDSA) to the list of known hosts. syzkaller login: [ 69.777885][ T8493] IPVS: ftp: loaded support on port[0] = 21 [ 69.908921][ T8521] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.916958][ T8521] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.950528][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.971652][ T106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 executing program [ 69.994239][ T106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.005744][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 70.128260][ C1] [ 70.130659][ C1] ================================ [ 70.135758][ C1] WARNING: inconsistent lock state [ 70.140861][ C1] 5.10.0-rc4-syzkaller #0 Not tainted [ 70.146239][ C1] -------------------------------- [ 70.151333][ C1] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 70.158164][ C1] kworker/u4:2/26 [HC0[0]:SC1[1]:HE1:SE0] takes: [ 70.164473][ C1] ffff888140f238a8 (&file_data->lock){+.?.}-{2:2}, at: io_file_data_ref_zero+0x75/0x480 [ 70.174204][ C1] {SOFTIRQ-ON-W} state was registered at: [ 70.179929][ C1] lock_acquire+0x2a3/0x8c0 [ 70.184524][ C1] _raw_spin_lock+0x2a/0x40 [ 70.189192][ C1] __do_sys_io_uring_register+0x343a/0x40d0 [ 70.195156][ C1] do_syscall_64+0x2d/0x70 [ 70.199650][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 70.205608][ C1] irq event stamp: 124034 [ 70.209930][ C1] hardirqs last enabled at (124034): [] _raw_spin_unlock_irqrestore+0x42/0x50 [ 70.220414][ C1] hardirqs last disabled at (124033): [] _raw_spin_lock_irqsave+0x4e/0x50 [ 70.230473][ C1] softirqs last enabled at (123802): [] cfg80211_bss_update+0x26b/0x1c60 [ 70.240525][ C1] softirqs last disabled at (123803): [] asm_call_irq_on_stack+0xf/0x20 [ 70.250391][ C1] [ 70.250391][ C1] other info that might help us debug this: [ 70.258439][ C1] Possible unsafe locking scenario: [ 70.258439][ C1] [ 70.265878][ C1] CPU0 [ 70.269149][ C1] ---- [ 70.272413][ C1] lock(&file_data->lock); [ 70.276904][ C1] [ 70.280346][ C1] lock(&file_data->lock); [ 70.285008][ C1] [ 70.285008][ C1] *** DEADLOCK *** [ 70.285008][ C1] [ 70.293158][ C1] 5 locks held by kworker/u4:2/26: [ 70.298253][ C1] #0: ffff888024850138 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 70.308420][ C1] #1: ffffc90000e1fda8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 70.319636][ C1] #2: ffff88801bbdcd00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_rx_queued_mgmt+0xe9/0x1870 [ 70.330189][ C1] #3: ffffffff8b337700 (rcu_callback){....}-{0:0}, at: rcu_core+0x576/0xe80 [ 70.338966][ C1] #4: ffffffff8b337820 (rcu_read_lock){....}-{1:2}, at: percpu_ref_put_many.constprop.0+0x0/0x250 [ 70.349653][ C1] [ 70.349653][ C1] stack backtrace: [ 70.355536][ C1] CPU: 1 PID: 26 Comm: kworker/u4:2 Not tainted 5.10.0-rc4-syzkaller #0 [ 70.363925][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.373976][ C1] Workqueue: phy3 ieee80211_iface_work [ 70.379419][ C1] Call Trace: [ 70.382692][ C1] [ 70.385721][ C1] dump_stack+0x107/0x163 [ 70.390042][ C1] mark_lock.cold+0x32/0x74 [ 70.394539][ C1] ? lock_chain_count+0x20/0x20 [ 70.399379][ C1] ? ret_from_fork+0x1f/0x30 [ 70.403960][ C1] ? mark_lock+0xf7/0x24c0 [ 70.408369][ C1] ? __lock_acquire+0x16c4/0x5c00 [ 70.413431][ C1] ? lock_chain_count+0x20/0x20 [ 70.418271][ C1] ? __lock_acquire+0x16c4/0x5c00 [ 70.423285][ C1] __lock_acquire+0x11b1/0x5c00 [ 70.428133][ C1] ? __lock_acquire+0xbe0/0x5c00 [ 70.433063][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 70.439031][ C1] lock_acquire+0x2a3/0x8c0 [ 70.443524][ C1] ? io_file_data_ref_zero+0x75/0x480 [ 70.448881][ C1] ? lock_release+0x710/0x710 [ 70.453545][ C1] ? lock_release+0x710/0x710 [ 70.458211][ C1] ? rcu_core+0x576/0xe80 [ 70.462527][ C1] _raw_spin_lock+0x2a/0x40 [ 70.467019][ C1] ? io_file_data_ref_zero+0x75/0x480 [ 70.472382][ C1] io_file_data_ref_zero+0x75/0x480 [ 70.477568][ C1] ? __percpu_ref_exit+0xa7/0x100 [ 70.482580][ C1] ? rcu_core+0x576/0xe80 [ 70.486900][ C1] percpu_ref_put_many.constprop.0+0x217/0x250 [ 70.493039][ C1] rcu_core+0x5df/0xe80 [ 70.497184][ C1] ? rcu_implicit_dynticks_qs+0x990/0x990 [ 70.502907][ C1] __do_softirq+0x2a0/0x9f6 [ 70.507403][ C1] asm_call_irq_on_stack+0xf/0x20 [ 70.512406][ C1] [ 70.515334][ C1] do_softirq_own_stack+0xaa/0xd0 [ 70.520346][ C1] do_softirq+0xb5/0xe0 [ 70.524509][ C1] ? cfg80211_bss_update+0x26b/0x1c60 [ 70.529866][ C1] __local_bh_enable_ip+0xf0/0x110 [ 70.534962][ C1] cfg80211_bss_update+0x26b/0x1c60 [ 70.540151][ C1] ? rcu_read_lock_sched_held+0x3a/0x70 [ 70.545682][ C1] ? kasan_unpoison_shadow+0x33/0x40 [ 70.550953][ C1] ? __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 70.556747][ C1] cfg80211_inform_single_bss_frame_data+0x6e2/0xe90 [ 70.563413][ C1] ? cfg80211_inform_bss_data+0x160/0x160 [ 70.569121][ C1] ? create_prof_cpu_mask+0x20/0x20 [ 70.574312][ C1] ? acpi_check_dsm+0xc3/0x250 [ 70.579068][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 70.585035][ C1] cfg80211_inform_bss_frame_data+0xa7/0xb10 [ 70.591003][ C1] ? find_held_lock+0x2d/0x110 [ 70.595754][ C1] ? ieee80211_bss_info_update+0x374/0xb70 [ 70.601544][ C1] ? cfg80211_inform_single_bss_frame_data+0xe90/0xe90 [ 70.608415][ C1] ieee80211_bss_info_update+0x3ce/0xb70 [ 70.614035][ C1] ? ieee80211_rx_bss_put+0x50/0x50 [ 70.619221][ C1] ? __lock_acquire+0xbe0/0x5c00 [ 70.624148][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 70.630120][ C1] ? find_held_lock+0x2d/0x110 [ 70.634898][ C1] ? find_held_lock+0x2d/0x110 [ 70.639653][ C1] ? ieee80211_rx_mgmt_probe_beacon+0xc2c/0x1690 [ 70.645983][ C1] ieee80211_rx_mgmt_probe_beacon+0xc77/0x1690 [ 70.652126][ C1] ? ieee80211_ibss_add_sta+0x750/0x750 [ 70.657659][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 70.663638][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 70.669621][ C1] ? lock_chain_count+0x20/0x20 [ 70.674461][ C1] ? lock_chain_count+0x20/0x20 [ 70.679300][ C1] ? wake_up_new_task+0x740/0xd20 [ 70.684309][ C1] ? mark_lock+0xf7/0x24c0 [ 70.688711][ C1] ? mark_lock+0xf7/0x24c0 [ 70.693128][ C1] ieee80211_ibss_rx_queued_mgmt+0xe3e/0x1870 [ 70.699187][ C1] ? ieee80211_ibss_rx_no_sta+0x840/0x840 [ 70.704898][ C1] ? mark_lock+0xf7/0x24c0 [ 70.709306][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 70.715287][ C1] ? __lock_acquire+0x16c4/0x5c00 [ 70.720299][ C1] ? lock_chain_count+0x20/0x20 [ 70.725138][ C1] ? find_held_lock+0x2d/0x110 [ 70.729908][ C1] ? skb_dequeue+0x125/0x180 [ 70.734487][ C1] ? mark_held_locks+0x9f/0xe0 [ 70.739242][ C1] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 70.745038][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 70.750224][ C1] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 70.756020][ C1] ieee80211_iface_work+0x706/0x970 [ 70.761207][ C1] process_one_work+0x933/0x15a0 [ 70.766132][ C1] ? lock_release+0x710/0x710 [ 70.770793][ C1] ? pwq_dec_nr_in_flight+0x320/0x320 [ 70.776150][ C1] ? rwlock_bug.part.0+0x90/0x90 [