BUG: sleeping function called from invalid context in hci_sock_create BUG: sleeping function called from invalid context at kernel/locking/mutex.c:938 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 8452, name: syz-executor.0 1 lock held by syz-executor.0/8452: #0: ffffffff8d2ca998 (bt_proto_lock){++++}-{2:2}, at: bt_sock_create+0x96/0x340 net/bluetooth/af_bluetooth.c:127 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 0 PID: 8452 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:96 ___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:9153 __mutex_lock_common kernel/locking/mutex.c:938 [inline] __mutex_lock+0x9a/0x10a0 kernel/locking/mutex.c:1104 hci_sock_create+0x187/0x220 net/bluetooth/hci_sock.c:2058 bt_sock_create+0x17c/0x340 net/bluetooth/af_bluetooth.c:130 __sock_create+0x3de/0x780 net/socket.c:1443 sock_create net/socket.c:1494 [inline] __sys_socket+0xef/0x200 net/socket.c:1536 __do_sys_socket net/socket.c:1545 [inline] __se_sys_socket net/socket.c:1543 [inline] __x64_sys_socket+0x6f/0xb0 net/socket.c:1543 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x467c47 Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff68684488 EFLAGS: 00000206 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007fff68684b28 RCX: 0000000000467c47 RDX: 0000000000000001 RSI: 0000000000000003 RDI: 000000000000001f RBP: 00007fff686845c0 R08: 00000000004af878 R09: 00007fff68683f70 R10: 0000000000000000 R11: 0000000000000206 R12: 00000000ffffffff R13: 000000000056cb88 R14: 0000000000000000 R15: 00000000000000f8 ============================= [ BUG: Invalid wait context ] 5.13.0-syzkaller #0 Tainted: G W ----------------------------- syz-executor.0/8452 is trying to lock: ffffffff8d2dcae8 (hci_sk_list_lock){....}-{3:3}, at: hci_sock_create+0x187/0x220 net/bluetooth/hci_sock.c:2058 other info that might help us debug this: context-{4:4} 1 lock held by syz-executor.0/8452: #0: ffffffff8d2ca998 (bt_proto_lock){++++}-{2:2}, at: bt_sock_create+0x96/0x340 net/bluetooth/af_bluetooth.c:127 stack backtrace: CPU: 0 PID: 8452 Comm: syz-executor.0 Tainted: G W 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:96 print_lock_invalid_wait_context kernel/locking/lockdep.c:4666 [inline] check_wait_context kernel/locking/lockdep.c:4727 [inline] __lock_acquire.cold+0x213/0x3ab kernel/locking/lockdep.c:4965 lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __mutex_lock_common kernel/locking/mutex.c:959 [inline] __mutex_lock+0x12a/0x10a0 kernel/locking/mutex.c:1104 hci_sock_create+0x187/0x220 net/bluetooth/hci_sock.c:2058 bt_sock_create+0x17c/0x340 net/bluetooth/af_bluetooth.c:130 __sock_create+0x3de/0x780 net/socket.c:1443 sock_create net/socket.c:1494 [inline] __sys_socket+0xef/0x200 net/socket.c:1536 __do_sys_socket net/socket.c:1545 [inline] __se_sys_socket net/socket.c:1543 [inline] __x64_sys_socket+0x6f/0xb0 net/socket.c:1543 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x467c47 Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff68684488 EFLAGS: 00000206 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007fff68684b28 RCX: 0000000000467c47 RDX: 0000000000000001 RSI: 0000000000000003 RDI: 000000000000001f RBP: 00007fff686845c0 R08: 00000000004af878 R09: 00007fff68683f70 R10: 0000000000000000 R11: 0000000000000206 R12: 00000000ffffffff R13: 000000000056cb88 R14: 0000000000000000 R15: 00000000000000f8 chnl_net:caif_netlink_parms(): no params data found bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered disabled state device bridge_slave_0 entered promiscuous mode bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_1 entered promiscuous mode bond0: (slave bond_slave_0): Enslaving as an active interface with an up link bond0: (slave bond_slave_1): Enslaving as an active interface with an up link team0: Port device team_slave_0 added team0: Port device team_slave_1 added batman_adv: batadv0: Adding interface: batadv_slave_0 batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active batman_adv: batadv0: Adding interface: batadv_slave_1 batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active device hsr_slave_0 entered promiscuous mode device hsr_slave_1 entered promiscuous mode netdevsim netdevsim0 netdevsim0: renamed from eth0 netdevsim netdevsim0 netdevsim1: renamed from eth1 netdevsim netdevsim0 netdevsim2: renamed from eth2 netdevsim netdevsim0 netdevsim3: renamed from eth3 bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered forwarding state 8021q: adding VLAN 0 to HW filter on device bond0 8021q: adding VLAN 0 to HW filter on device team0 hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 8021q: adding VLAN 0 to HW filter on device batadv0 device veth0_vlan entered promiscuous mode device veth1_vlan entered promiscuous mode device veth0_macvtap entered promiscuous mode device veth1_macvtap entered promiscuous mode batman_adv: batadv0: Interface activated: batadv_slave_0 batman_adv: batadv0: Interface activated: batadv_slave_1 netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 ieee80211 phy3: Selected rate control algorithm 'minstrel_ht' ieee80211 phy4: Selected rate control algorithm 'minstrel_ht' [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.146' (ECDSA) to the list of known hosts. 2021/07/08 07:32:57 fuzzer started 2021/07/08 07:32:57 connecting to host at 10.128.0.169:45493 2021/07/08 07:32:57 checking machine... 2021/07/08 07:32:57 checking revisions... 2021/07/08 07:32:57 testing simple program... syzkaller login: [ 57.641603][ T8452] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:938 [ 57.651716][ T8452] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 8452, name: syz-executor.0 [ 57.662320][ T8452] 1 lock held by syz-executor.0/8452: [ 57.667785][ T8452] #0: ffffffff8d2ca998 (bt_proto_lock){++++}-{2:2}, at: bt_sock_create+0x96/0x340 [ 57.677618][ T8452] Preemption disabled at: [ 57.677628][ T8452] [<0000000000000000>] 0x0 [ 57.686840][ T8452] CPU: 0 PID: 8452 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 57.695161][ T8452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.705301][ T8452] Call Trace: [ 57.708567][ T8452] dump_stack_lvl+0xcd/0x134 [ 57.713143][ T8452] ___might_sleep.cold+0x1f1/0x237 [ 57.718242][ T8452] __mutex_lock+0x9a/0x10a0 [ 57.722729][ T8452] ? hci_sock_create+0x187/0x220 [ 57.727645][ T8452] ? debug_object_destroy+0x210/0x210 [ 57.732998][ T8452] ? mutex_lock_io_nested+0xf00/0xf00 [ 57.738346][ T8452] ? lockdep_init_map_type+0x2c3/0x7b0 [ 57.743803][ T8452] ? lockdep_init_map_type+0x2c3/0x7b0 [ 57.749240][ T8452] ? lockdep_init_map_type+0x2c3/0x7b0 [ 57.754681][ T8452] hci_sock_create+0x187/0x220 [ 57.759428][ T8452] bt_sock_create+0x17c/0x340 [ 57.764099][ T8452] __sock_create+0x3de/0x780 [ 57.768670][ T8452] __sys_socket+0xef/0x200 [ 57.773065][ T8452] ? move_addr_to_kernel+0x70/0x70 [ 57.778158][ T8452] __x64_sys_socket+0x6f/0xb0 [ 57.782813][ T8452] ? syscall_enter_from_user_mode+0x21/0x70 [ 57.788686][ T8452] do_syscall_64+0x35/0xb0 [ 57.793079][ T8452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.798951][ T8452] RIP: 0033:0x467c47 [ 57.802825][ T8452] Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 57.822412][ T8452] RSP: 002b:00007fff68684488 EFLAGS: 00000206 ORIG_RAX: 0000000000000029 [ 57.830820][ T8452] RAX: ffffffffffffffda RBX: 00007fff68684b28 RCX: 0000000000467c47 [ 57.838768][ T8452] RDX: 0000000000000001 RSI: 0000000000000003 RDI: 000000000000001f [ 57.846714][ T8452] RBP: 00007fff686845c0 R08: 00000000004af878 R09: 00007fff68683f70 [ 57.854748][ T8452] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000ffffffff [ 57.862693][ T8452] R13: 000000000056cb88 R14: 0000000000000000 R15: 00000000000000f8 [ 57.870898][ T8452] [ 57.873214][ T8452] ============================= [ 57.878038][ T8452] [ BUG: Invalid wait context ] [ 57.882853][ T8452] 5.13.0-syzkaller #0 Tainted: G W [ 57.889232][ T8452] ----------------------------- [ 57.894046][ T8452] syz-executor.0/8452 is trying to lock: [ 57.899644][ T8452] ffffffff8d2dcae8 (hci_sk_list_lock){....}-{3:3}, at: hci_sock_create+0x187/0x220 [ 57.908921][ T8452] other info that might help us debug this: [ 57.914778][ T8452] context-{4:4} [ 57.918208][ T8452] 1 lock held by syz-executor.0/8452: [ 57.923562][ T8452] #0: ffffffff8d2ca998 (bt_proto_lock){++++}-{2:2}, at: bt_sock_create+0x96/0x340 [ 57.932834][ T8452] stack backtrace: [ 57.936534][ T8452] CPU: 0 PID: 8452 Comm: syz-executor.0 Tainted: G W 5.13.0-syzkaller #0 [ 57.946222][ T8452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.956247][ T8452] Call Trace: [ 57.959503][ T8452] dump_stack_lvl+0xcd/0x134 [ 57.964072][ T8452] __lock_acquire.cold+0x213/0x3ab [ 57.969161][ T8452] ? lock_chain_count+0x20/0x20 [ 57.973986][ T8452] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 57.979945][ T8452] lock_acquire+0x1ab/0x510 [ 57.984506][ T8452] ? hci_sock_create+0x187/0x220 [ 57.989584][ T8452] ? lock_release+0x720/0x720 [ 57.994267][ T8452] ? dump_stack_lvl+0x120/0x134 [ 57.999167][ T8452] ? dump_stack_lvl+0x12a/0x134 [ 58.004001][ T8452] ? dump_stack_lvl+0x12c/0x134 [ 58.008833][ T8452] __mutex_lock+0x12a/0x10a0 [ 58.013399][ T8452] ? hci_sock_create+0x187/0x220 [ 58.018311][ T8452] ? hci_sock_create+0x187/0x220 [ 58.023235][ T8452] ? mutex_lock_io_nested+0xf00/0xf00 [ 58.028585][ T8452] ? lockdep_init_map_type+0x2c3/0x7b0 [ 58.034020][ T8452] ? lockdep_init_map_type+0x2c3/0x7b0 [ 58.039454][ T8452] ? lockdep_init_map_type+0x2c3/0x7b0 [ 58.044888][ T8452] hci_sock_create+0x187/0x220 [ 58.049684][ T8452] bt_sock_create+0x17c/0x340 [ 58.054340][ T8452] __sock_create+0x3de/0x780 [ 58.058970][ T8452] __sys_socket+0xef/0x200 [ 58.063359][ T8452] ? move_addr_to_kernel+0x70/0x70 [ 58.068445][ T8452] __x64_sys_socket+0x6f/0xb0 [ 58.073096][ T8452] ? syscall_enter_from_user_mode+0x21/0x70 [ 58.078968][ T8452] do_syscall_64+0x35/0xb0 [ 58.083357][ T8452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 58.089229][ T8452] RIP: 0033:0x467c47 [ 58.093105][ T8452] Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 58.112863][ T8452] RSP: 002b:00007fff68684488 EFLAGS: 00000206 ORIG_RAX: 0000000000000029 [ 58.121254][ T8452] RAX: ffffffffffffffda RBX: 00007fff68684b28 RCX: 0000000000467c47 [ 58.129205][ T8452] RDX: 0000000000000001 RSI: 0000000000000003 RDI: 000000000000001f [ 58.137168][ T8452] RBP: 00007fff686845c0 R08: 00000000004af878 R09: 00007fff68683f70 [ 58.145210][ T8452] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000ffffffff [ 58.153177][ T8452] R13: 000000000056cb88 R14: 0000000000000000 R15: 00000000000000f8 [ 59.366178][ T8452] chnl_net:caif_netlink_parms(): no params data found [ 59.395719][ T8452] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.402878][ T8452] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.411083][ T8452] device bridge_slave_0 entered promiscuous mode [ 59.418922][ T8452] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.426401][ T8452] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.433791][ T8452] device bridge_slave_1 entered promiscuous mode [ 59.447251][ T8452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.457401][ T8452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.472676][ T8452] team0: Port device team_slave_0 added [ 59.479484][ T8452] team0: Port device team_slave_1 added [ 59.490847][ T8452] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.498432][ T8452] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.524621][ T8452] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.536087][ T8452] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.543007][ T8452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.570053][ T8452] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.588546][ T8452] device hsr_slave_0 entered promiscuous mode [ 59.595112][ T8452] device hsr_slave_1 entered promiscuous mode [ 59.645278][ T8452] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.653279][ T8452] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.661509][ T8452] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.669930][ T8452] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.684003][ T8452] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.691268][ T8452] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.698571][ T8452] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.705686][ T8452] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.730830][ T8452] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.741258][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.749269][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.756862][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.764975][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 59.774343][ T8452] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.785401][ T4890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.794359][ T4890] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.801385][ T4890] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.809319][ T4890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.817634][ T4890] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.825126][ T4890] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.839153][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.847390][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.857270][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.869575][ T8452] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 59.880340][ T8452] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.891801][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.900137][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.909497][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.923716][ T8452] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.931929][ T3164] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 59.939903][ T3164] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 59.953195][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.969510][ T8452] device veth0_vlan entered promiscuous mode [ 59.975856][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.984475][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.991966][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 60.002521][ T8452] device veth1_vlan entered promiscuous mode [ 60.016576][ T3164] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 60.024848][ T3164] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 60.032647][ T3164] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 60.042234][ T8452] device veth0_macvtap entered promiscuous mode [ 60.050900][ T8452] device veth1_macvtap entered promiscuous mode [ 60.063827][ T8452] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.071221][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 60.080639][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 60.090331][ T8452] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.098004][ T3164] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 60.107905][ T8452] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.117308][ T8452] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.126178][ T8452] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.134989][ T8452] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.156957][ T8452] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht' [ 60.186432][ T185] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.189705][ T8452] ieee80211 phy4: Selected rate control algorithm 'minstrel_ht' [ 60.194502][ T185] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.211972][ T4890] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 60.233454][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.241549][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.249678][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2021/07/08 07:33:00 building call list... executing program [ 60.553332][ T185] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.995090][ T8444] can: request_module (can-proto-0) failed. [ 62.005546][ T8444] can: request_module (can-proto-0) failed. [ 62.015297][ T8444] can: request_module (can-proto-0) failed. [ 62.152621][ T8444] base_sock_release(ffff88803a11c000) sk=ffff8880215c9000 [ 62.178571][ T8444] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:938 [ 62.188025][ T8444] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 8444, name: syz-fuzzer [ 62.197331][ T8444] INFO: lockdep is turned off. [ 62.202256][ T8444] Preemption disabled at: [ 62.202264][ T8444] [<0000000000000000>] 0x0 [ 62.211099][ T8444] CPU: 1 PID: 8444 Comm: syz-fuzzer Tainted: G W 5.13.0-syzkaller #0 [ 62.221058][ T8444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.231362][ T8444] Call Trace: [ 62.235247][ T8444] dump_stack_lvl+0xcd/0x134 [ 62.239909][ T8444] ___might_sleep.cold+0x1f1/0x237 [ 62.244998][ T8444] __mutex_lock+0x9a/0x10a0 [ 62.249479][ T8444] ? hci_sock_create+0x187/0x220 [ 62.254393][ T8444] ? debug_object_destroy+0x210/0x210 [ 62.259933][ T8444] ? mutex_lock_io_nested+0xf00/0xf00 [ 62.265368][ T8444] ? lockdep_init_map_type+0x2c3/0x7b0 [ 62.271111][ T8444] ? lockdep_init_map_type+0x2c3/0x7b0 [ 62.276703][ T8444] ? lockdep_init_map_type+0x2c3/0x7b0 [ 62.282266][ T8444] hci_sock_create+0x187/0x220 [ 62.287018][ T8444] bt_sock_create+0x17c/0x340 [ 62.291868][ T8444] __sock_create+0x3de/0x780 [ 62.296457][ T8444] __sys_socket+0xef/0x200 [ 62.300873][ T8444] ? move_addr_to_kernel+0x70/0x70 [ 62.305963][ T8444] __x64_sys_socket+0x6f/0xb0 [ 62.310634][ T8444] ? syscall_enter_from_user_mode+0x21/0x70 [ 62.316531][ T8444] do_syscall_64+0x35/0xb0 [ 62.320935][ T8444] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 62.326832][ T8444] RIP: 0033:0x4af276 [ 62.330726][ T8444] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 1b 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 62.350347][ T8444] RSP: 002b:000000c000323470 EFLAGS: 00000216 ORIG_RAX: 0000000000000029 [ 62.358852][ T8444] RAX: ffffffffffffffda RBX: 000000000098ea60 RCX: 00000000004af276 [ 62.366806][ T8444] RDX: 0000000000000001 RSI: 0000000000000003 RDI: 000000000000001f [ 62.374757][ T8444] RBP: 000000c0003234b8 R08: 0000000000f66dc0 R09: 00000000007bd351 [ 62.382709][ T8444] R10: 0000000000000000 R11: 0000000000000216 R12: 0000000000000003 [ 62.390662][ T8444] R13: 000000c0003ac448 R14: 0000000000000001 R15: 000000c0003f13f8