IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1844 in_atomic(): 0, irqs_disabled(): 0, pid: 22, name: kworker/u4:1 4 locks held by kworker/u4:1/22: #0: ("%s"wiphy_name(local->hw.wiphy)){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&sdata->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 #2: (&wdev->mtx){+.+.}, at: [] sdata_lock net/mac80211/ieee80211_i.h:986 [inline] #2: (&wdev->mtx){+.+.}, at: [] ieee80211_ibss_work+0x72/0xc90 net/mac80211/ibss.c:1675 #3: (rcu_read_lock){....}, at: [] sta_info_insert_finish net/mac80211/sta_info.c:553 [inline] #3: (rcu_read_lock){....}, at: [] sta_info_insert_rcu+0x48d/0x1f40 net/mac80211/sta_info.c:634 Preemption disabled at: [] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1185 [inline] [] rcu_lockdep_current_cpu_online+0x30/0x140 kernel/rcu/tree.c:1177 CPU: 0 PID: 22 Comm: kworker/u4:1 Not tainted 4.14.208-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy27 ieee80211_iface_work Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x283 lib/dump_stack.c:58 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6042 sta_info_move_state+0x32/0x930 net/mac80211/sta_info.c:1844 sta_info_free+0x50/0x330 net/mac80211/sta_info.c:260 sta_info_insert_rcu+0x23c/0x1f40 net/mac80211/sta_info.c:640 ieee80211_ibss_finish_sta+0x1db/0x2b0 net/mac80211/ibss.c:601 ieee80211_ibss_work+0x260/0xc90 net/mac80211/ibss.c:1692 ieee80211_iface_work+0x690/0x770 net/mac80211/iface.c:1383 process_one_work+0x793/0x14a0 kernel/workqueue.c:2116 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. Bluetooth: hci4 command 0x0409 tx timeout encrypted_key: insufficient parameters specified netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. encrypted_key: insufficient parameters specified kauditd_printk_skb: 1 callbacks suppressed audit: type=1804 audit(1606191539.287:13): pid=11935 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir667346156/syzkaller.B9W5Fh/3/bus" dev="sda1" ino=15877 res=1 audit: type=1804 audit(1606191539.297:14): pid=11935 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir667346156/syzkaller.B9W5Fh/3/bus" dev="sda1" ino=15877 res=1 encrypted_key: insufficient parameters specified encrypted_key: insufficient parameters specified audit: type=1804 audit(1606191539.577:15): pid=11952 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir667346156/syzkaller.B9W5Fh/3/bus" dev="sda1" ino=15877 res=1 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. syz-executor.0 (11935) used greatest stack depth: 24928 bytes left audit: type=1804 audit(1606191539.647:16): pid=11935 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir667346156/syzkaller.B9W5Fh/3/bus" dev="sda1" ino=15877 res=1 audit: type=1804 audit(1606191539.647:17): pid=11952 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir667346156/syzkaller.B9W5Fh/3/bus" dev="sda1" ino=15877 res=1 audit: type=1804 audit(1606191539.737:18): pid=11963 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir667346156/syzkaller.B9W5Fh/3/bus" dev="sda1" ino=15877 res=1 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. audit: type=1804 audit(1606191540.027:19): pid=11991 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir667346156/syzkaller.B9W5Fh/4/bus" dev="sda1" ino=15884 res=1 audit: type=1804 audit(1606191540.027:20): pid=11991 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir667346156/syzkaller.B9W5Fh/4/bus" dev="sda1" ino=15884 res=1 L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. syz-executor.0 (11991) used greatest stack depth: 24808 bytes left audit: type=1804 audit(1606191540.247:21): pid=11991 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir667346156/syzkaller.B9W5Fh/4/bus" dev="sda1" ino=15884 res=1 audit: type=1804 audit(1606191540.577:22): pid=12042 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir667346156/syzkaller.B9W5Fh/5/bus" dev="sda1" ino=15886 res=1 Bluetooth: hci4 command 0x041b tx timeout Bluetooth: hci4 command 0x040f tx timeout Bluetooth: hci4 command 0x0419 tx timeout REISERFS (device loop4): found reiserfs format "3.6" with standard journal REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 REISERFS (device loop4): checking transaction log (loop4)