IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1850 in_atomic(): 0, irqs_disabled(): 0, pid: 438, name: kworker/u4:4 4 locks held by kworker/u4:4/438: #0: 0000000073fd49f4 ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126 #1: 0000000030f0be3a ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130 #2: 0000000093215cfa (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline] #2: 0000000093215cfa (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675 #3: 0000000066f78b8f (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline] #3: 0000000066f78b8f (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661 Preemption disabled at: [] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1076 [inline] [] rcu_lockdep_current_cpu_online+0x32/0x1b0 kernel/rcu/tree.c:1068 FAT-fs (loop5): bogus number of reserved sectors FAT-fs (loop5): Can't find a valid FAT filesystem CPU: 0 PID: 438 Comm: kworker/u4:4 Not tainted 4.19.159-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy12 ieee80211_iface_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2fe lib/dump_stack.c:118 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6196 sta_info_move_state+0x32/0x900 net/mac80211/sta_info.c:1850 sta_info_free+0x55/0x390 net/mac80211/sta_info.c:260 sta_info_insert_rcu+0x517/0x2310 net/mac80211/sta_info.c:667 ieee80211_ibss_finish_sta+0x25b/0x360 net/mac80211/ibss.c:601 ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692 ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1366 process_one_work+0x864/0x1570 kernel/workqueue.c:2155 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 audit: type=1804 audit(1606043634.263:2): pid=9745 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir442661027/syzkaller.73thTH/1/file0/file0" dev="ramfs" ino=30474 res=1 L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. IPVS: ftp: loaded support on port[0] = 21 VFS: Warning: syz-executor.4 using old stat() call. Recompile your binary. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. IPVS: ftp: loaded support on port[0] = 21 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. VFS: Warning: syz-executor.4 using old stat() call. Recompile your binary. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. IPv6: veth0_to_bridge: IPv6 duplicate address ::ffff:0.0.0.0 used by aa:aa:aa:aa:aa:1c detected! netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. device batadv0 entered promiscuous mode new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored 8021q: adding VLAN 0 to HW filter on device batadv0 syz-executor.1 (9999) used greatest stack depth: 22448 bytes left new mount options do not match the existing superblock, will be ignored 8021q: adding VLAN 0 to HW filter on device batadv0