------------[ cut here ]------------ IPVS: ftp: loaded support on port[0] = 21 no supported rates (0x0) in rate_mask 0xff with flags 0x0 WARNING: CPU: 1 PID: 10499 at net/mac80211/rate.c:359 __rate_control_send_low+0x4bb/0x580 net/mac80211/rate.c:359 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 10499 Comm: kworker/u4:8 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Workqueue: phy4 ieee80211_roc_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 panic+0x26a/0x50e kernel/panic.c:186 __warn.cold+0x20/0x5a kernel/panic.c:541 report_bug+0x262/0x2b0 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038 RIP: 0010:__rate_control_send_low+0x4bb/0x580 net/mac80211/rate.c:359 Code: 0f 85 d6 00 00 00 48 8b 44 24 18 44 8b 24 a8 e8 9b 42 c6 f9 8b 54 24 24 44 89 e9 44 89 e6 48 c7 c7 80 98 67 89 e8 6a 7a 56 00 <0f> 0b e9 03 fe ff ff e8 79 42 c6 f9 41 83 cd 10 e9 32 fc ff ff e8 RSP: 0018:ffff888053c1f760 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88809f2da5a8 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff814dff01 RDI: ffffed100a783ede RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000008 R15: ffff888053cc7870 rate_control_send_low+0x190/0x610 net/mac80211/rate.c:383 minstrel_ht_get_rate+0x58/0x1510 net/mac80211/rc80211_minstrel_ht.c:1045 rate_control_get_rate+0x2b1/0x520 net/mac80211/rate.c:907 ieee80211_tx_h_rate_ctrl+0x8b9/0x1450 net/mac80211/tx.c:751 invoke_tx_handlers_early+0x84f/0x1f90 net/mac80211/tx.c:1758 ieee80211_tx+0x283/0x3e0 net/mac80211/tx.c:1902 ieee80211_xmit+0x380/0x480 net/mac80211/tx.c:2003 __ieee80211_tx_skb_tid_band+0x209/0x2b0 net/mac80211/tx.c:4880 ieee80211_tx_skb_tid_band net/mac80211/ieee80211_i.h:1899 [inline] ieee80211_handle_roc_started+0x207/0x4f0 net/mac80211/offchannel.c:264 _ieee80211_start_next_roc+0x75d/0x11e0 net/mac80211/offchannel.c:396 __ieee80211_roc_work+0x19a/0x3b0 net/mac80211/offchannel.c:448 ieee80211_roc_work+0x2b/0x40 net/mac80211/offchannel.c:476 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Kernel Offset: disabled ===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 4.19.211-syzkaller #0 Not tainted ----------------------------------------------------- kworker/u4:8/10499 [HC0[0]:SC0[4]:HE0:SE0] is trying to acquire: 00000000901786f8 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:316 [inline] 00000000901786f8 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:304 [inline] 00000000901786f8 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain kernel/notifier.c:328 [inline] 00000000901786f8 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 and this task is already holding: 0000000066469cdc (&(&sta->rate_ctrl_lock)->rlock){+.-.}, at: spin_lock_bh include/linux/spinlock.h:334 [inline] 0000000066469cdc (&(&sta->rate_ctrl_lock)->rlock){+.-.}, at: rate_control_get_rate+0x22c/0x520 net/mac80211/rate.c:906 which would create a new lock dependency: (&(&sta->rate_ctrl_lock)->rlock){+.-.} -> ((fb_notifier_list).rwsem){++++} but this new dependency connects a SOFTIRQ-irq-safe lock: (&(&sta->rate_ctrl_lock)->rlock){+.-.} ... which became SOFTIRQ-irq-safe at: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] rate_control_tx_status+0xfb/0x2e0 net/mac80211/rate.c:76 __ieee80211_tx_status+0xd2e/0x25f0 net/mac80211/status.c:813 ieee80211_tx_status+0x264/0x430 net/mac80211/status.c:926 ieee80211_tasklet_handler+0x11f/0x160 net/mac80211/main.c:233 tasklet_action_common.constprop.0+0x265/0x360 kernel/softirq.c:522 __do_softirq+0x265/0x980 kernel/softirq.c:292 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092 do_softirq.part.0+0x160/0x1c0 kernel/softirq.c:336 do_softirq kernel/softirq.c:328 [inline] __local_bh_enable_ip+0x20e/0x270 kernel/softirq.c:189 ieee80211_tx_skb_tid net/mac80211/ieee80211_i.h:1916 [inline] ieee80211_tx_skb net/mac80211/ieee80211_i.h:1925 [inline] ieee80211_mgmt_tx+0x128a/0x1d40 net/mac80211/offchannel.c:941 rdev_mgmt_tx net/wireless/rdev-ops.h:728 [inline] cfg80211_mlme_mgmt_tx+0x55e/0x12b0 net/wireless/mlme.c:692 nl80211_tx_mgmt+0x7ef/0xc30 net/wireless/nl80211.c:10130 genl_family_rcv_msg+0x642/0xc40 net/netlink/genetlink.c:602 genl_rcv_msg+0xbf/0x160 net/netlink/genetlink.c:627 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 genl_rcv+0x24/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227 __sys_sendmsg net/socket.c:2265 [inline] __do_sys_sendmsg net/socket.c:2274 [inline] __se_sys_sendmsg net/socket.c:2272 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe to a SOFTIRQ-irq-unsafe lock: ((fb_notifier_list).rwsem){++++} ... which became SOFTIRQ-irq-unsafe at: ... down_write+0x34/0x90 kernel/locking/rwsem.c:70 blocking_notifier_chain_register+0x78/0x350 kernel/notifier.c:226 fb_console_init+0x1c/0x305 drivers/video/fbdev/core/fbcon.c:3432 fbmem_init+0x105/0x126 drivers/video/fbdev/core/fbmem.c:1932 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock((fb_notifier_list).rwsem); local_irq_disable(); lock(&(&sta->rate_ctrl_lock)->rlock); lock((fb_notifier_list).rwsem); lock(&(&sta->rate_ctrl_lock)->rlock); *** DEADLOCK *** 5 locks held by kworker/u4:8/10499: #0: 00000000bc94d4b0 ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 00000000d6b1e59f ((work_completion)(&(&local->roc_work)->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 0000000058eb62a1 (&local->mtx){+.+.}, at: ieee80211_roc_work+0x23/0x40 net/mac80211/offchannel.c:475 #3: 000000001f75917d (rcu_read_lock){....}, at: ieee80211_handle_roc_started+0x17d/0x4f0 net/mac80211/offchannel.c:264 #4: 0000000066469cdc (&(&sta->rate_ctrl_lock)->rlock){+.-.}, at: spin_lock_bh include/linux/spinlock.h:334 [inline] #4: 0000000066469cdc (&(&sta->rate_ctrl_lock)->rlock){+.-.}, at: rate_control_get_rate+0x22c/0x520 net/mac80211/rate.c:906 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&(&sta->rate_ctrl_lock)->rlock){+.-.} ops: 23 { HARDIRQ-ON-W at: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] rate_control_rate_init+0x23a/0x4f0 net/mac80211/rate.c:57 ieee80211_ibss_finish_sta+0x253/0x360 net/mac80211/ibss.c:598 ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692 ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1362 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 IN-SOFTIRQ-W at: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] rate_control_tx_status+0xfb/0x2e0 net/mac80211/rate.c:76 __ieee80211_tx_status+0xd2e/0x25f0 net/mac80211/status.c:813 ieee80211_tx_status+0x264/0x430 net/mac80211/status.c:926 ieee80211_tasklet_handler+0x11f/0x160 net/mac80211/main.c:233 tasklet_action_common.constprop.0+0x265/0x360 kernel/softirq.c:522 __do_softirq+0x265/0x980 kernel/softirq.c:292 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092 do_softirq.part.0+0x160/0x1c0 kernel/softirq.c:336 do_softirq kernel/softirq.c:328 [inline] __local_bh_enable_ip+0x20e/0x270 kernel/softirq.c:189 ieee80211_tx_skb_tid net/mac80211/ieee80211_i.h:1916 [inline] ieee80211_tx_skb net/mac80211/ieee80211_i.h:1925 [inline] ieee80211_mgmt_tx+0x128a/0x1d40 net/mac80211/offchannel.c:941 rdev_mgmt_tx net/wireless/rdev-ops.h:728 [inline] cfg80211_mlme_mgmt_tx+0x55e/0x12b0 net/wireless/mlme.c:692 nl80211_tx_mgmt+0x7ef/0xc30 net/wireless/nl80211.c:10130 genl_family_rcv_msg+0x642/0xc40 net/netlink/genetlink.c:602 genl_rcv_msg+0xbf/0x160 net/netlink/genetlink.c:627 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 genl_rcv+0x24/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227 __sys_sendmsg net/socket.c:2265 [inline] __do_sys_sendmsg net/socket.c:2274 [inline] __se_sys_sendmsg net/socket.c:2272 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe INITIAL USE at: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] rate_control_rate_init+0x23a/0x4f0 net/mac80211/rate.c:57 ieee80211_ibss_finish_sta+0x253/0x360 net/mac80211/ibss.c:598 ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692 ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1362 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 } ... key at: [] __key.4+0x0/0x40 ... acquired at: down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 fb_blank+0xb5/0x1d0 drivers/video/fbdev/core/fbmem.c:1074 fbcon_blank+0x932/0xec0 drivers/video/fbdev/core/fbcon.c:2221 do_unblank_screen+0x241/0x610 drivers/tty/vt/vt.c:4294 panic+0x313/0x50e kernel/panic.c:239 __warn.cold+0x20/0x5a kernel/panic.c:541 report_bug+0x262/0x2b0 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038 __rate_control_send_low+0x4bb/0x580 net/mac80211/rate.c:359 rate_control_send_low+0x190/0x610 net/mac80211/rate.c:383 minstrel_ht_get_rate+0x58/0x1510 net/mac80211/rc80211_minstrel_ht.c:1045 rate_control_get_rate+0x2b1/0x520 net/mac80211/rate.c:907 ieee80211_tx_h_rate_ctrl+0x8b9/0x1450 net/mac80211/tx.c:751 invoke_tx_handlers_early+0x84f/0x1f90 net/mac80211/tx.c:1758 ieee80211_tx+0x283/0x3e0 net/mac80211/tx.c:1902 ieee80211_xmit+0x380/0x480 net/mac80211/tx.c:2003 __ieee80211_tx_skb_tid_band+0x209/0x2b0 net/mac80211/tx.c:4880 ieee80211_tx_skb_tid_band net/mac80211/ieee80211_i.h:1899 [inline] ieee80211_handle_roc_started+0x207/0x4f0 net/mac80211/offchannel.c:264 _ieee80211_start_next_roc+0x75d/0x11e0 net/mac80211/offchannel.c:396 __ieee80211_roc_work+0x19a/0x3b0 net/mac80211/offchannel.c:448 ieee80211_roc_work+0x2b/0x40 net/mac80211/offchannel.c:476 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> ((fb_notifier_list).rwsem){++++} ops: 5 { HARDIRQ-ON-W at: down_write+0x34/0x90 kernel/locking/rwsem.c:70 blocking_notifier_chain_register+0x78/0x350 kernel/notifier.c:226 fb_console_init+0x1c/0x305 drivers/video/fbdev/core/fbcon.c:3432 fbmem_init+0x105/0x126 drivers/video/fbdev/core/fbmem.c:1932 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 HARDIRQ-ON-R at: down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 do_register_framebuffer drivers/video/fbdev/core/fbmem.c:1718 [inline] register_framebuffer+0x5df/0x9e0 drivers/video/fbdev/core/fbmem.c:1841 vga16fb_probe+0x6b4/0x7b5 drivers/video/fbdev/vga16fb.c:1373 platform_drv_probe+0xd4/0x1b0 drivers/base/platform.c:584 really_probe+0x622/0xbd0 drivers/base/dd.c:506 driver_probe_device+0x218/0x340 drivers/base/dd.c:667 __device_attach_driver+0x29e/0x370 drivers/base/dd.c:754 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:464 __device_attach+0x226/0x470 drivers/base/dd.c:822 bus_probe_device+0x1ea/0x2a0 drivers/base/bus.c:524 device_add+0xb37/0x16d0 drivers/base/core.c:2170 platform_device_add+0x364/0x830 drivers/base/platform.c:420 vga16fb_init+0x152/0x1c8 drivers/video/fbdev/vga16fb.c:1431 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 SOFTIRQ-ON-W at: down_write+0x34/0x90 kernel/locking/rwsem.c:70 blocking_notifier_chain_register+0x78/0x350 kernel/notifier.c:226 fb_console_init+0x1c/0x305 drivers/video/fbdev/core/fbcon.c:3432 fbmem_init+0x105/0x126 drivers/video/fbdev/core/fbmem.c:1932 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 SOFTIRQ-ON-R at: down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 do_register_framebuffer drivers/video/fbdev/core/fbmem.c:1718 [inline] register_framebuffer+0x5df/0x9e0 drivers/video/fbdev/core/fbmem.c:1841 vga16fb_probe+0x6b4/0x7b5 drivers/video/fbdev/vga16fb.c:1373 platform_drv_probe+0xd4/0x1b0 drivers/base/platform.c:584 really_probe+0x622/0xbd0 drivers/base/dd.c:506 driver_probe_device+0x218/0x340 drivers/base/dd.c:667 __device_attach_driver+0x29e/0x370 drivers/base/dd.c:754 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:464 __device_attach+0x226/0x470 drivers/base/dd.c:822 bus_probe_device+0x1ea/0x2a0 drivers/base/bus.c:524 device_add+0xb37/0x16d0 drivers/base/core.c:2170 platform_device_add+0x364/0x830 drivers/base/platform.c:420 vga16fb_init+0x152/0x1c8 drivers/video/fbdev/vga16fb.c:1431 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INITIAL USE at: down_write+0x34/0x90 kernel/locking/rwsem.c:70 blocking_notifier_chain_register+0x78/0x350 kernel/notifier.c:226 fb_console_init+0x1c/0x305 drivers/video/fbdev/core/fbcon.c:3432 fbmem_init+0x105/0x126 drivers/video/fbdev/core/fbmem.c:1932 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 } ... key at: [] fb_notifier_list+0x60/0x1a0 ... acquired at: down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 fb_blank+0xb5/0x1d0 drivers/video/fbdev/core/fbmem.c:1074 fbcon_blank+0x932/0xec0 drivers/video/fbdev/core/fbcon.c:2221 do_unblank_screen+0x241/0x610 drivers/tty/vt/vt.c:4294 panic+0x313/0x50e kernel/panic.c:239 __warn.cold+0x20/0x5a kernel/panic.c:541 report_bug+0x262/0x2b0 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038 __rate_control_send_low+0x4bb/0x580 net/mac80211/rate.c:359 rate_control_send_low+0x190/0x610 net/mac80211/rate.c:383 minstrel_ht_get_rate+0x58/0x1510 net/mac80211/rc80211_minstrel_ht.c:1045 rate_control_get_rate+0x2b1/0x520 net/mac80211/rate.c:907 ieee80211_tx_h_rate_ctrl+0x8b9/0x1450 net/mac80211/tx.c:751 invoke_tx_handlers_early+0x84f/0x1f90 net/mac80211/tx.c:1758 ieee80211_tx+0x283/0x3e0 net/mac80211/tx.c:1902 ieee80211_xmit+0x380/0x480 net/mac80211/tx.c:2003 __ieee80211_tx_skb_tid_band+0x209/0x2b0 net/mac80211/tx.c:4880 ieee80211_tx_skb_tid_band net/mac80211/ieee80211_i.h:1899 [inline] ieee80211_handle_roc_started+0x207/0x4f0 net/mac80211/offchannel.c:264 _ieee80211_start_next_roc+0x75d/0x11e0 net/mac80211/offchannel.c:396 __ieee80211_roc_work+0x19a/0x3b0 net/mac80211/offchannel.c:448 ieee80211_roc_work+0x2b/0x40 net/mac80211/offchannel.c:476 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 stack backtrace: CPU: 1 PID: 10499 Comm: kworker/u4:8 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Workqueue: phy4 ieee80211_roc_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_bad_irq_dependency kernel/locking/lockdep.c:1573 [inline] check_usage.cold+0x7ea/0xbad kernel/locking/lockdep.c:1605 check_irq_usage kernel/locking/lockdep.c:1661 [inline] check_prev_add_irq kernel/locking/lockdep_states.h:8 [inline] check_prev_add kernel/locking/lockdep.c:1871 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x1da1/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 fb_blank+0xb5/0x1d0 drivers/video/fbdev/core/fbmem.c:1074 fbcon_blank+0x932/0xec0 drivers/video/fbdev/core/fbcon.c:2221 do_unblank_screen+0x241/0x610 drivers/tty/vt/vt.c:4294 panic+0x313/0x50e kernel/panic.c:239 __warn.cold+0x20/0x5a kernel/panic.c:541 report_bug+0x262/0x2b0 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038 RIP: 0010:__rate_control_send_low+0x4bb/0x580 net/mac80211/rate.c:359 Code: 0f 85 d6 00 00 00 48 8b 44 24 18 44 8b 24 a8 e8 9b 42 c6 f9 8b 54 24 24 44 89 e9 44 89 e6 48 c7 c7 80 98 67 89 e8 6a 7a 56 00 <0f> 0b e9 03 fe ff ff e8 79 42 c6 f9 41 83 cd 10 e9 32 fc ff ff e8 RSP: 0018:ffff888053c1f760 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88809f2da5a8 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff814dff01 RDI: ffffed100a783ede RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000008 R15: ffff888053cc7870 rate_control_send_low+0x190/0x610 net/mac80211/rate.c:383 minstrel_ht_get_rate+0x58/0x1510 net/mac80211/rc80211_minstrel_ht.c:1045 rate_control_get_rate+0x2b1/0x520 net/mac80211/rate.c:907 ieee80211_tx_h_rate_ctrl+0x8b9/0x1450 net/mac80211/tx.c:751 invoke_tx_handlers_early+0x84f/0x1f90 net/mac80211/tx.c:1758 ieee80211_tx+0x283/0x3e0 net/mac80211/tx.c:1902 ieee80211_xmit+0x380/0x480 net/mac80211/tx.c:2003 __ieee80211_tx_skb_tid_band+0x209/0x2b0 net/mac80211/tx.c:4880 ieee80211_tx_skb_tid_band net/mac80211/ieee80211_i.h:1899 [inline] ieee80211_handle_roc_started+0x207/0x4f0 net/mac80211/offchannel.c:264 _ieee80211_start_next_roc+0x75d/0x11e0 net/mac80211/offchannel.c:396 __ieee80211_roc_work+0x19a/0x3b0 net/mac80211/offchannel.c:448 ieee80211_roc_work+0x2b/0x40 net/mac80211/offchannel.c:476 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Rebooting in 86400 seconds..