[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts. 2020/11/14 05:02:21 fuzzer started 2020/11/14 05:02:22 connecting to host at 10.128.0.26:46665 2020/11/14 05:02:22 checking machine... 2020/11/14 05:02:22 checking revisions... 2020/11/14 05:02:22 testing simple program... syzkaller login: [ 48.917031][ T8463] IPVS: ftp: loaded support on port[0] = 21 [ 49.033939][ T8463] chnl_net:caif_netlink_parms(): no params data found [ 49.103142][ T8463] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.111996][ T8463] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.121086][ T8463] device bridge_slave_0 entered promiscuous mode [ 49.130670][ T8463] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.138570][ T8463] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.147436][ T8463] device bridge_slave_1 entered promiscuous mode [ 49.167370][ T8463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 49.178058][ T8463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.201017][ T8463] team0: Port device team_slave_0 added [ 49.208206][ T8463] team0: Port device team_slave_1 added [ 49.225969][ T8463] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 49.232923][ T8463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.260566][ T8463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 49.273937][ T8463] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 49.280898][ T8463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.308349][ T8463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 49.334636][ T8463] device hsr_slave_0 entered promiscuous mode [ 49.341242][ T8463] device hsr_slave_1 entered promiscuous mode [ 49.429720][ T8463] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 49.439584][ T8463] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 49.453657][ T8463] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 49.462933][ T8463] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 49.488918][ T8463] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.496119][ T8463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.503993][ T8463] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.511281][ T8463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.555229][ T8463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.567977][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.579467][ T2989] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.588264][ T2989] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.597213][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 49.610069][ T8463] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.621253][ T3180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.630650][ T3180] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.637788][ T3180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.656458][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.664930][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.671966][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.692187][ T8463] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 49.703709][ T8463] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 49.718065][ T4878] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.727118][ T4878] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.736412][ T4878] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.746382][ T4878] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.754916][ T4878] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.762628][ T4878] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.780137][ T3180] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 49.787622][ T3180] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 49.800716][ T8463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.818946][ T4878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.837763][ T3180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.845978][ T3180] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.854824][ T3180] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.864906][ T8463] device veth0_vlan entered promiscuous mode [ 49.877998][ T8463] device veth1_vlan entered promiscuous mode [ 49.897981][ T4878] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 49.906899][ T4878] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 49.916182][ T4878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.926715][ T8463] device veth0_macvtap entered promiscuous mode [ 49.937420][ T8463] device veth1_macvtap entered promiscuous mode [ 49.954916][ T8463] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.962442][ T3180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.972673][ T3180] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 49.984803][ T8463] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.994893][ T4878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.007407][ T8463] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.016261][ T8463] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.029529][ T8463] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.040749][ T8463] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.118359][ T184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.136793][ T184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.148800][ T4878] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 50.176713][ T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.187300][ T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.197107][ T4878] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 50.236354][ T28] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 [ 50.264116][ T28] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 28, name: kworker/u4:2 [ 50.275925][ T28] 4 locks held by kworker/u4:2/28: [ 50.294713][ T28] #0: ffff8880292b3938 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x6f4/0xfc0 2020/11/14 05:02:25 building call list... [ 50.343639][ T28] #1: ffffc90000e2fd80 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x733/0xfc0 [ 50.357086][ T28] #2: ffff88802f4d8d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x4e/0x1450 [ 50.368013][ T28] #3: ffffffff8bae6840 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 50.379043][ T28] Preemption disabled at: [ 50.379068][ T28] [] __mutex_lock_common+0x15c/0x2f20 [ 50.394233][ T28] CPU: 0 PID: 28 Comm: kworker/u4:2 Not tainted 5.10.0-rc3-syzkaller #0 [ 50.402616][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.412712][ T28] Workqueue: phy3 ieee80211_iface_work [ 50.418185][ T28] Call Trace: [ 50.421474][ T28] dump_stack+0x137/0x1be [ 50.425804][ T28] ? wake_up_klogd+0xb2/0xf0 [ 50.430401][ T28] ___might_sleep+0x3ef/0x530 [ 50.435088][ T28] ? __mutex_lock_common+0x15c/0x2f20 [ 50.440464][ T28] sta_info_move_state+0x35/0x830 [ 50.445496][ T28] sta_info_free+0xcb/0x330 [ 50.450004][ T28] sta_info_insert_rcu+0x1462/0x1fb0 [ 50.455316][ T28] ? rcu_lock_release+0x5/0x20 [ 50.460087][ T28] ? minstrel_ht_alloc_sta+0x3b0/0x3b0 [ 50.465559][ T28] ? rate_control_rate_init+0x4c6/0x560 [ 50.471122][ T28] ieee80211_ibss_finish_sta+0x21c/0x2e0 [ 50.476779][ T28] ieee80211_ibss_work+0x218/0x1450 [ 50.481999][ T28] ? ieee80211_iface_work+0x949/0xa80 [ 50.487405][ T28] process_one_work+0x789/0xfc0 [ 50.492290][ T28] worker_thread+0xaa4/0x1460 [ 50.497002][ T28] kthread+0x36b/0x390 [ 50.501107][ T28] ? rcu_lock_release+0x20/0x20 [ 50.505966][ T28] ? kthread_blkcg+0xd0/0xd0 [ 50.510563][ T28] ret_from_fork+0x1f/0x30 [ 50.533063][ T28] [ 50.535424][ T28] ============================= [ 50.540292][ T28] [ BUG: Invalid wait context ] executing program [ 50.545135][ T28] 5.10.0-rc3-syzkaller #0 Tainted: G W [ 50.551883][ T28] ----------------------------- [ 50.556726][ T28] kworker/u4:2/28 is trying to lock: [ 50.562026][ T28] ffff8880293929d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x4d/0x120 [ 50.572622][ T28] other info that might help us debug this: [ 50.578501][ T28] context-{4:4} [ 50.581948][ T28] 4 locks held by kworker/u4:2/28: [ 50.587040][ T28] #0: ffff8880292b3938 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x6f4/0xfc0 [ 50.597124][ T28] #1: ffffc90000e2fd80 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x733/0xfc0 [ 50.608254][ T28] #2: ffff88802f4d8d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x4e/0x1450 [ 50.617814][ T28] #3: ffffffff8bae6840 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 50.627108][ T28] stack backtrace: [ 50.630827][ T28] CPU: 0 PID: 28 Comm: kworker/u4:2 Tainted: G W 5.10.0-rc3-syzkaller #0 [ 50.640527][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.650583][ T28] Workqueue: phy3 ieee80211_iface_work [ 50.656031][ T28] Call Trace: [ 50.659314][ T28] dump_stack+0x137/0x1be [ 50.663636][ T28] ? wake_up_klogd+0xb2/0xf0 [ 50.668214][ T28] __lock_acquire+0x25be/0x6250 [ 50.673073][ T28] ? rcu_read_lock_sched_held+0x41/0xb0 [ 50.678624][ T28] lock_acquire+0x114/0x5e0 [ 50.683138][ T28] ? ieee80211_recalc_min_chandef+0x4d/0x120 [ 50.689123][ T28] __mutex_lock_common+0x189/0x2f20 [ 50.694315][ T28] ? ieee80211_recalc_min_chandef+0x4d/0x120 [ 50.700283][ T28] ? ieee80211_clear_fast_rx+0x6f/0xb0 [ 50.705729][ T28] ? ieee80211_clear_fast_rx+0x6f/0xb0 [ 50.711184][ T28] ? rcu_read_lock_sched_held+0x41/0xb0 [ 50.716727][ T28] ? ieee80211_recalc_min_chandef+0x4d/0x120 [ 50.722699][ T28] mutex_lock_nested+0x1a/0x20 [ 50.727459][ T28] ieee80211_recalc_min_chandef+0x4d/0x120 [ 50.733255][ T28] sta_info_move_state+0x38a/0x830 [ 50.738357][ T28] sta_info_free+0xcb/0x330 [ 50.742850][ T28] sta_info_insert_rcu+0x1462/0x1fb0 [ 50.748127][ T28] ? rcu_lock_release+0x5/0x20 [ 50.752885][ T28] ? minstrel_ht_alloc_sta+0x3b0/0x3b0 [ 50.758359][ T28] ? rate_control_rate_init+0x4c6/0x560 [ 50.763895][ T28] ieee80211_ibss_finish_sta+0x21c/0x2e0 [ 50.769519][ T28] ieee80211_ibss_work+0x218/0x1450 [ 50.774709][ T28] ? ieee80211_iface_work+0x949/0xa80 [ 50.780078][ T28] process_one_work+0x789/0xfc0 [ 50.784928][ T28] worker_thread+0xaa4/0x1460 [ 50.789602][ T28] kthread+0x36b/0x390 [ 50.793660][ T28] ? rcu_lock_release+0x20/0x20 [ 50.798497][ T28] ? kthread_blkcg+0xd0/0xd0 [ 50.803089][ T28] ret_from_fork+0x1f/0x30 [ 50.982053][ T123] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.067362][ T123] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.165531][ T123] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.257031][ T123] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.428026][ T123] device hsr_slave_0 left promiscuous mode [ 52.434647][ T123] device hsr_slave_1 left promiscuous mode [ 52.443919][ T123] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 52.451350][ T123] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 52.461265][ T123] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 52.469736][ T123] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 52.478716][ T123] device bridge_slave_1 left promiscuous mode [ 52.486214][ T123] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.495319][ T123] device bridge_slave_0 left promiscuous mode [ 52.501559][ T123] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.513224][ T123] device veth1_macvtap left promiscuous mode [ 52.519258][ T123] device veth0_macvtap left promiscuous mode [ 52.525779][ T123] device veth1_vlan left promiscuous mode [ 52.531553][ T123] device veth0_vlan left promiscuous mode [ 53.360902][ T123] team0 (unregistering): Port device team_slave_1 removed [ 53.371140][ T123] team0 (unregistering): Port device team_slave_0 removed [ 53.381610][ T123] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 53.393241][ T123] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 53.418439][ T123] bond0 (unregistering): Released all slaves [ 53.481562][ T8447] can: request_module (can-proto-0) failed. executing program [ 53.913854][ T8447] can: request_module (can-proto-0) failed. [ 53.924084][ T8447] can: request_module (can-proto-0) failed. [ 54.055240][ T8447] base_sock_release(0000000011daa283) sk=00000000a27bbbbb