[�[0;32m OK �[0m] Started Getty on tty1.
[�[0;32m OK �[0m] Started Serial Getty on ttyS0.
[�[0;32m OK �[0m] Started OpenBSD Secure Shell server.
[�[0;32m OK �[0m] Started getty on tty2-tty6 if dbus and logind are not available.
[ 54.217299][ T8439] bash (8439) used greatest stack depth: 23224 bytes left
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.122' (ECDSA) to the list of known hosts.
2020/11/17 13:00:32 fuzzer started
2020/11/17 13:00:32 connecting to host at 10.128.0.26:43753
2020/11/17 13:00:32 checking machine...
2020/11/17 13:00:32 checking revisions...
2020/11/17 13:00:32 testing simple program...
syzkaller login: [ 64.825467][ T8487] IPVS: ftp: loaded support on port[0] = 21
[ 64.997474][ T8487] chnl_net:caif_netlink_parms(): no params data found
[ 65.050008][ T8487] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.058349][ T8487] bridge0: port 1(bridge_slave_0) entered disabled state
[ 65.066990][ T8487] device bridge_slave_0 entered promiscuous mode
[ 65.076259][ T8487] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.083546][ T8487] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.091136][ T8487] device bridge_slave_1 entered promiscuous mode
[ 65.110819][ T8487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 65.121615][ T8487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 65.144106][ T8487] team0: Port device team_slave_0 added
[ 65.151317][ T8487] team0: Port device team_slave_1 added
[ 65.168971][ T8487] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 65.175945][ T8487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.201896][ T8487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 65.215059][ T8487] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 65.221995][ T8487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.247924][ T8487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 65.274831][ T8487] device hsr_slave_0 entered promiscuous mode
[ 65.281426][ T8487] device hsr_slave_1 entered promiscuous mode
[ 65.379915][ T8487] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 65.390710][ T8487] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 65.400594][ T8487] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 65.410575][ T8487] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 65.435943][ T8487] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.443065][ T8487] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 65.450995][ T8487] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.458135][ T8487] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 65.506908][ T8487] 8021q: adding VLAN 0 to HW filter on device bond0
[ 65.520276][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 65.530835][ T3192] bridge0: port 1(bridge_slave_0) entered disabled state
[ 65.539256][ T3192] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.547650][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 65.560526][ T8487] 8021q: adding VLAN 0 to HW filter on device team0
[ 65.573396][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 65.581737][ T5] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.588862][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 65.603562][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 65.611839][ T3192] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.618944][ T3192] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 65.645189][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 65.654619][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 65.662899][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 65.671284][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 65.680663][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 65.691371][ T8487] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 65.712574][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 65.720089][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 65.736380][ T8487] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 65.756243][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 65.776020][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 65.785221][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 65.792964][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 65.804417][ T8487] device veth0_vlan entered promiscuous mode
[ 65.816507][ T8487] device veth1_vlan entered promiscuous mode
[ 65.838732][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 65.847472][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 65.855773][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 65.867136][ T8487] device veth0_macvtap entered promiscuous mode
[ 65.878293][ T8487] device veth1_macvtap entered promiscuous mode
[ 65.896333][ T8487] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 65.904497][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 65.914227][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 65.927606][ T8487] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 65.936220][ T3192] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 65.948996][ T8487] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 65.959193][ T8487] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 65.968202][ T8487] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 65.976955][ T8487] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.063436][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.075951][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 66.102187][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 66.122707][ T21] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.132022][ T21] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 66.141094][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 66.176055][ T8] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962
[ 66.193766][ T8] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 8, name: kworker/u4:0
[ 66.204352][ T8] 4 locks held by kworker/u4:0/8:
[ 66.209395][ T8] #0: ffff88801c2db938 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0
[ 66.233112][ T8] #1: ffffc90000cd7da8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0
[ 66.248648][ T8] #2: ffff88802792cd00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x93/0xe80
[ 66.273056][ T8] #3: ffffffff8b337160 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x680/0x2ba0
2020/11/17 13:00:35 building call list...
[ 66.293325][ T8] Preemption disabled at:
[ 66.293355][ T8] [<ffffffff88e7fb9f>] __mutex_lock+0x10f/0x10e0
[ 66.319261][ T8] CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.10.0-rc3-syzkaller #0
[ 66.327546][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 66.337621][ T8] Workqueue: phy3 ieee80211_iface_work
[ 66.343091][ T8] Call Trace:
[ 66.346390][ T8] dump_stack+0x107/0x163
[ 66.350732][ T8] ? __mutex_lock+0x10f/0x10e0
[ 66.355505][ T8] ___might_sleep.cold+0x1e8/0x22e
[ 66.360631][ T8] sta_info_move_state+0x32/0x8d0
[ 66.365670][ T8] sta_info_free+0x65/0x3b0
[ 66.370183][ T8] sta_info_insert_rcu+0x303/0x2ba0
[ 66.375391][ T8] ? find_held_lock+0x2d/0x110
[ 66.380167][ T8] ? rate_control_rate_init+0x32c/0x6a0
[ 66.385725][ T8] ? sta_info_free+0x3b0/0x3b0
[ 66.390494][ T8] ? __local_bh_enable_ip+0x9c/0x110
[ 66.395796][ T8] ? rate_control_rate_init+0x35f/0x6a0
[ 66.401352][ T8] ieee80211_ibss_finish_sta+0x212/0x390
[ 66.406990][ T8] ? ieee80211_ibss_build_presp+0x15f0/0x15f0
[ 66.413065][ T8] ? __local_bh_enable_ip+0x9c/0x110
[ 66.418370][ T8] ieee80211_ibss_work+0x2c7/0xe80
[ 66.423493][ T8] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870
[ 66.429835][ T8] ? mark_held_locks+0x9f/0xe0
[ 66.434613][ T8] ? _raw_spin_unlock_irqrestore+0x42/0x50
executing program
[ 66.440424][ T8] ? lockdep_hardirqs_on+0x79/0x100
[ 66.445628][ T8] ? _raw_spin_unlock_irqrestore+0x2f/0x50
[ 66.451445][ T8] ieee80211_iface_work+0x91f/0xa90
[ 66.456661][ T8] process_one_work+0x933/0x15a0
[ 66.461612][ T8] ? lock_release+0x710/0x710
[ 66.466291][ T8] ? pwq_dec_nr_in_flight+0x320/0x320
[ 66.471670][ T8] ? rwlock_bug.part.0+0x90/0x90
[ 66.476610][ T8] ? _raw_spin_lock_irq+0x41/0x50
[ 66.481649][ T8] worker_thread+0x64c/0x1120
[ 66.486342][ T8] ? process_one_work+0x15a0/0x15a0
[ 66.491552][ T8] kthread+0x3af/0x4a0
[ 66.495630][ T8] ? kthread_create_worker_on_cpu+0xf0/0xf0
[ 66.501534][ T8] ret_from_fork+0x1f/0x30
[ 66.544322][ T8]
[ 66.546669][ T8] =============================
[ 66.551500][ T8] [ BUG: Invalid wait context ]
[ 66.556540][ T8] 5.10.0-rc3-syzkaller #0 Tainted: G W
[ 66.563284][ T8] -----------------------------
[ 66.568117][ T8] kworker/u4:0/8 is trying to lock:
[ 66.573297][ T8] ffff88801c1ca9d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x49/0x140
[ 66.583898][ T8] other info that might help us debug this:
[ 66.589775][ T8] context-{4:4}
[ 66.593222][ T8] 4 locks held by kworker/u4:0/8:
[ 66.598224][ T8] #0: ffff88801c2db938 ((wq_completion)phy3){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0
[ 66.608391][ T8] #1: ffffc90000cd7da8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0
[ 66.619721][ T8] #2: ffff88802792cd00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x93/0xe80
[ 66.629199][ T8] #3: ffffffff8b337160 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x680/0x2ba0
[ 66.639105][ T8] stack backtrace:
[ 66.642816][ T8] CPU: 0 PID: 8 Comm: kworker/u4:0 Tainted: G W 5.10.0-rc3-syzkaller #0
[ 66.652429][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 66.662486][ T8] Workqueue: phy3 ieee80211_iface_work
[ 66.667933][ T8] Call Trace:
[ 66.671217][ T8] dump_stack+0x107/0x163
[ 66.675545][ T8] __lock_acquire.cold+0x310/0x3a2
[ 66.680658][ T8] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 66.686718][ T8] ? find_held_lock+0x2d/0x110
[ 66.691473][ T8] lock_acquire+0x2a3/0x8c0
[ 66.695981][ T8] ? ieee80211_recalc_min_chandef+0x49/0x140
[ 66.701952][ T8] ? lock_release+0x710/0x710
[ 66.706623][ T8] __mutex_lock+0x134/0x10e0
[ 66.711203][ T8] ? ieee80211_recalc_min_chandef+0x49/0x140
[ 66.717188][ T8] ? ieee80211_recalc_min_chandef+0x49/0x140
[ 66.723165][ T8] ? mutex_lock_io_nested+0xf60/0xf60
[ 66.728532][ T8] ? ieee80211_clear_fast_rx+0x58/0x80
[ 66.733985][ T8] ? mark_held_locks+0x9f/0xe0
[ 66.738743][ T8] ieee80211_recalc_min_chandef+0x49/0x140
[ 66.744541][ T8] sta_info_move_state+0x3cf/0x8d0
[ 66.749644][ T8] sta_info_free+0x65/0x3b0
[ 66.754138][ T8] sta_info_insert_rcu+0x303/0x2ba0
[ 66.759334][ T8] ? find_held_lock+0x2d/0x110
[ 66.764093][ T8] ? rate_control_rate_init+0x32c/0x6a0
[ 66.769643][ T8] ? sta_info_free+0x3b0/0x3b0
[ 66.774408][ T8] ? __local_bh_enable_ip+0x9c/0x110
[ 66.779699][ T8] ? rate_control_rate_init+0x35f/0x6a0
[ 66.785347][ T8] ieee80211_ibss_finish_sta+0x212/0x390
[ 66.790978][ T8] ? ieee80211_ibss_build_presp+0x15f0/0x15f0
[ 66.797044][ T8] ? __local_bh_enable_ip+0x9c/0x110
[ 66.802335][ T8] ieee80211_ibss_work+0x2c7/0xe80
[ 66.807565][ T8] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870
[ 66.813887][ T8] ? mark_held_locks+0x9f/0xe0
[ 66.818643][ T8] ? _raw_spin_unlock_irqrestore+0x42/0x50
[ 66.824440][ T8] ? lockdep_hardirqs_on+0x79/0x100
[ 66.829627][ T8] ? _raw_spin_unlock_irqrestore+0x2f/0x50
[ 66.835427][ T8] ieee80211_iface_work+0x91f/0xa90
[ 66.840705][ T8] process_one_work+0x933/0x15a0
[ 66.843157][ T3192] Bluetooth: hci0: command 0x0409 tx timeout
[ 66.845724][ T8] ? lock_release+0x710/0x710
[ 66.856335][ T8] ? pwq_dec_nr_in_flight+0x320/0x320
[ 66.861703][ T8] ? rwlock_bug.part.0+0x90/0x90
[ 66.866640][ T8] ? _raw_spin_lock_irq+0x41/0x50
[ 66.871664][ T8] worker_thread+0x64c/0x1120
[ 66.876339][ T8] ? process_one_work+0x15a0/0x15a0
[ 66.881528][ T8] kthread+0x3af/0x4a0
[ 66.885593][ T8] ? kthread_create_worker_on_cpu+0xf0/0xf0
[ 66.891479][ T8] ret_from_fork+0x1f/0x30
[ 67.068437][ T8] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 67.155666][ T8] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 67.224196][ T8] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 67.297744][ T8] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 68.493771][ T8] device hsr_slave_0 left promiscuous mode
[ 68.500008][ T8] device hsr_slave_1 left promiscuous mode
[ 68.514444][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 68.523607][ T8] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 68.532495][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 68.540742][ T8] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 68.550787][ T8] device bridge_slave_1 left promiscuous mode
[ 68.557572][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 68.566447][ T8] device bridge_slave_0 left promiscuous mode
[ 68.572630][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 68.583737][ T8] device veth1_macvtap left promiscuous mode
[ 68.589745][ T8] device veth0_macvtap left promiscuous mode
[ 68.596233][ T8] device veth1_vlan left promiscuous mode
[ 68.602146][ T8] device veth0_vlan left promiscuous mode
executing program
[ 69.474415][ T8] team0 (unregistering): Port device team_slave_1 removed
[ 69.484408][ T8] team0 (unregistering): Port device team_slave_0 removed
[ 69.496390][ T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 69.507150][ T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 69.533637][ T8] bond0 (unregistering): Released all slaves
[ 69.599473][ T8472] can: request_module (can-proto-0) failed.
[ 70.007771][ T8472] can: request_module (can-proto-0) failed.
[ 70.017227][ T8472] can: request_module (can-proto-0) failed.
[ 70.153963][ T8472] base_sock_release(00000000286a07e0) sk=00000000a72bbea7