IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1850 wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 in_atomic(): 0, irqs_disabled(): 0, pid: 23, name: kworker/u4:1 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 4 locks held by kworker/u4:1/23: IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready #0: 00000000abfc40bf ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126 #1: 000000008018396a ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130 #2: 00000000a8de12fa (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline] #2: 00000000a8de12fa (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675 #3: 00000000c1a377a2 (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline] #3: 00000000c1a377a2 (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661 Preemption disabled at: [] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1076 [inline] [] rcu_lockdep_current_cpu_online+0x32/0x1b0 kernel/rcu/tree.c:1068 CPU: 1 PID: 23 Comm: kworker/u4:1 Not tainted 4.19.159-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy8 ieee80211_iface_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2fe lib/dump_stack.c:118 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6196 sta_info_move_state+0x32/0x900 net/mac80211/sta_info.c:1850 sta_info_free+0x55/0x390 net/mac80211/sta_info.c:260 sta_info_insert_rcu+0x517/0x2310 net/mac80211/sta_info.c:667 ieee80211_ibss_finish_sta+0x25b/0x360 net/mac80211/ibss.c:601 ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692 ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1366 process_one_work+0x864/0x1570 kernel/workqueue.c:2155 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. syz-executor.3 (9738) used greatest stack depth: 23288 bytes left nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: NLM_F_CREATE should be set when creating new route netlink: 'syz-executor.1': attribute type 13 has an invalid length. netlink: 6 bytes leftover after parsing attributes in process `syz-executor.3'. audit: type=1804 audit(1606195801.922:2): pid=10118 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir405947369/syzkaller.u5qgDL/19/bus" dev="sda1" ino=15813 res=1 audit: type=1804 audit(1606195802.012:3): pid=10126 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir405947369/syzkaller.u5qgDL/19/bus" dev="sda1" ino=15813 res=1 audit: type=1800 audit(1606195802.762:4): pid=10215 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15800 res=0 audit: type=1800 audit(1606195803.432:5): pid=10283 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15798 res=0 netlink: 27 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 27 bytes leftover after parsing attributes in process `syz-executor.2'. audit: type=1800 audit(1606195803.682:6): pid=10308 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15795 res=0 netlink: 27 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 27 bytes leftover after parsing attributes in process `syz-executor.2'. audit: type=1800 audit(1606195803.852:7): pid=10342 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15817 res=0 ptrace attach of "/root/syz-executor.5"[10355] was attempted by "/root/syz-executor.5"[10356] netlink: 27 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 27 bytes leftover after parsing attributes in process `syz-executor.2'. audit: type=1800 audit(1606195804.072:8): pid=10371 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15813 res=0 netlink: 27 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 27 bytes leftover after parsing attributes in process `syz-executor.2'. sd 0:0:1:0: [sg0] tag#212 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#212 CDB: opcode=0x76 (reserved) sd 0:0:1:0: [sg0] tag#212 CDB[00]: 76 ac aa 15 34 fe 52 69 09 0c 2b d7 65 a2 5d 45 sd 0:0:1:0: [sg0] tag#212 CDB[10]: 5f 43 b3 b5 44 d4 d9 72 be 4b bb 13 26 5c bb b6 sd 0:0:1:0: [sg0] tag#212 CDB[20]: 50 c6 06 f2 18 17 89 5a 49 41 70 96 0a bf 0c 70 sd 0:0:1:0: [sg0] tag#212 CDB[30]: e2 c7 cb f7 eb ef 31 7f 3b ac 1c 79 b0 17 9c 8b sd 0:0:1:0: [sg0] tag#212 CDB[40]: a8 0d d1 1a 54 45 cb 43 d0 2b 04 ac 21 d0 b7 9f sd 0:0:1:0: [sg0] tag#212 CDB[50]: ae 06 68 a5 46 4c 42 fe 55 ec d3 95 94 5c 70 5e sd 0:0:1:0: [sg0] tag#212 CDB[60]: b3 96 db 0e 9c 97 f0 f2 be c0 0b d9 ce 35 51 79 sd 0:0:1:0: [sg0] tag#212 CDB[70]: 89 42 b5 ea b9 3a 3c 9d 12 1f e8 c9 5b 55 02 03 sd 0:0:1:0: [sg0] tag#212 CDB[80]: 44 60 7e 2e 07 9b a6 ba 21 b7 5f 02 audit: type=1800 audit(1606195804.372:9): pid=10402 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15822 res=0 audit: type=1800 audit(1606195804.592:10): pid=10412 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15828 res=0