BUG: sleeping function called from invalid context in sta_info_move_state
20 views
Skip to first unread message
syzbot
Nov 22, 2020, 4:21:18 AM11/22/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 0df445b0 Linux 4.14.208
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17cb33d5500000
kernel config: https://syzkaller.appspot.com/x/.config?x=6aa57f8c6d59e7d6
dashboard link: https://syzkaller.appspot.com/bug?extid=c3cbd941924ce253fbc9
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c3cbd9...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1844
in_atomic(): 0, irqs_disabled(): 0, pid: 11617, name: kworker/u4:9
4 locks held by kworker/u4:9/11617:
#0: ("%s"wiphy_name(local->hw.wiphy)){+.+.}, at: [<ffffffff81373610>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087
#1: ((&sdata->work)){+.+.}, at: [<ffffffff81373646>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091
#2: (&wdev->mtx){+.+.}, at: [<ffffffff86d20792>] sdata_lock net/mac80211/ieee80211_i.h:986 [inline]
#2: (&wdev->mtx){+.+.}, at: [<ffffffff86d20792>] ieee80211_ibss_work+0x72/0xc90 net/mac80211/ibss.c:1675
#3: (rcu_read_lock){....}, at: [<ffffffff86ce4afd>] sta_info_insert_finish net/mac80211/sta_info.c:553 [inline]
#3: (rcu_read_lock){....}, at: [<ffffffff86ce4afd>] sta_info_insert_rcu+0x48d/0x1f40 net/mac80211/sta_info.c:634
Preemption disabled at:
[<ffffffff81488060>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1185 [inline]
[<ffffffff81488060>] rcu_lockdep_current_cpu_online+0x30/0x140 kernel/rcu/tree.c:1177
CPU: 0 PID: 11617 Comm: kworker/u4:9 Not tainted 4.14.208-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy26 ieee80211_iface_work
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6042
sta_info_move_state+0x32/0x930 net/mac80211/sta_info.c:1844
sta_info_free+0x50/0x330 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x23c/0x1f40 net/mac80211/sta_info.c:640
ieee80211_ibss_finish_sta+0x1db/0x2b0 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x260/0xc90 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x690/0x770 net/mac80211/iface.c:1383
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
bridge0: port 2(bridge_slave_1) entered disabled state
bridge0: port 1(bridge_slave_0) entered disabled state
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
8021q: adding VLAN 0 to HW filter on device bond0
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
HTB: quantum of class FFFF0006 is big. Consider r2q change.
HTB: quantum of class FFFF0006 is big. Consider r2q change.
HTB: quantum of class FFFF0006 is big. Consider r2q change.
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device hsr_slave_1 left promiscuous mode
Bluetooth: hci1 command 0x0419 tx timeout
device hsr_slave_0 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
Bluetooth: hci5 command 0x0419 tx timeout
bond0 (unregistering): Released all slaves
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device hsr_slave_1 left promiscuous mode
device hsr_slave_0 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
bond0 (unregistering): Released all slaves
IPVS: ftp: loaded support on port[0] = 21
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
bond0: Enslaving bond_slave_0 as an active interface with an up link
bond0: Enslaving bond_slave_1 as an active interface with an up link
IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
team0: Port device team_slave_0 added
IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
team0: Port device team_slave_1 added
batman_adv: batadv0: Adding interface: batadv_slave_0
batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
batman_adv: batadv0: Adding interface: batadv_slave_1
batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
device hsr_slave_0 entered promiscuous mode
device hsr_slave_1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
8021q: adding VLAN 0 to HW filter on device bond0
IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
bridge0: port 1(bridge_slave_0) entered disabled state
bridge0: port 2(bridge_slave_1) entered disabled state
IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
device veth0_vlan entered promiscuous mode
device veth1_vlan entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
device veth0_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
device veth1_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_0
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
HTB: quantum of class FFFF0006 is big. Consider r2q change.
HTB: quantum of class FFFF0006 is big. Consider r2q change.
HTB: quantum of class FFFF0006 is big. Consider r2q change.
HTB: quantum of class FFFF0006 is big. Consider r2q change.
HTB: quantum of class FFFF0006 is big. Consider r2q change.
Bluetooth: hci0 command 0x0409 tx timeout
IPVS: ftp: loaded support on port[0] = 21
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
bond0: Enslaving bond_slave_0 as an active interface with an up link
Bluetooth: hci0 command 0x041b tx timeout
bond0: Enslaving bond_slave_1 as an active interface with an up link
IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
team0: Port device team_slave_0 added
IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
team0: Port device team_slave_1 added
batman_adv: batadv0: Adding interface: batadv_slave_0
batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
batman_adv: batadv0: Adding interface: batadv_slave_1
batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
device hsr_slave_0 entered promiscuous mode
device hsr_slave_1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
8021q: adding VLAN 0 to HW filter on device bond0
IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
bridge0: port 1(bridge_slave_0) entered disabled state
bridge0: port 2(bridge_slave_1) entered disabled state
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
device veth0_vlan entered promiscuous mode
device veth1_vlan entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
device veth0_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
device veth1_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_0
IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
HTB: quantum of class FFFF0006 is big. Consider r2q change.
Bluetooth: hci3 command 0x0409 tx timeout
Bluetooth: hci0 command 0x040f tx timeout
REISERFS warning (device loop2): super-6505 reiserfs_getopt: head of option "usrjquota" is only correct
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 0df445b0 Linux 4.14.208
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17cb33d5500000
kernel config: https://syzkaller.appspot.com/x/.config?x=6aa57f8c6d59e7d6
dashboard link: https://syzkaller.appspot.com/bug?extid=c3cbd941924ce253fbc9
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c3cbd9...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1844
in_atomic(): 0, irqs_disabled(): 0, pid: 11617, name: kworker/u4:9
4 locks held by kworker/u4:9/11617:
#0: ("%s"wiphy_name(local->hw.wiphy)){+.+.}, at: [<ffffffff81373610>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087
#1: ((&sdata->work)){+.+.}, at: [<ffffffff81373646>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091
#2: (&wdev->mtx){+.+.}, at: [<ffffffff86d20792>] sdata_lock net/mac80211/ieee80211_i.h:986 [inline]
#2: (&wdev->mtx){+.+.}, at: [<ffffffff86d20792>] ieee80211_ibss_work+0x72/0xc90 net/mac80211/ibss.c:1675
#3: (rcu_read_lock){....}, at: [<ffffffff86ce4afd>] sta_info_insert_finish net/mac80211/sta_info.c:553 [inline]
#3: (rcu_read_lock){....}, at: [<ffffffff86ce4afd>] sta_info_insert_rcu+0x48d/0x1f40 net/mac80211/sta_info.c:634
Preemption disabled at:
[<ffffffff81488060>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1185 [inline]
[<ffffffff81488060>] rcu_lockdep_current_cpu_online+0x30/0x140 kernel/rcu/tree.c:1177
CPU: 0 PID: 11617 Comm: kworker/u4:9 Not tainted 4.14.208-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy26 ieee80211_iface_work
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6042
sta_info_move_state+0x32/0x930 net/mac80211/sta_info.c:1844
sta_info_free+0x50/0x330 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x23c/0x1f40 net/mac80211/sta_info.c:640
ieee80211_ibss_finish_sta+0x1db/0x2b0 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x260/0xc90 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x690/0x770 net/mac80211/iface.c:1383
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
bridge0: port 2(bridge_slave_1) entered disabled state
bridge0: port 1(bridge_slave_0) entered disabled state
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
8021q: adding VLAN 0 to HW filter on device bond0
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
HTB: quantum of class FFFF0006 is big. Consider r2q change.
HTB: quantum of class FFFF0006 is big. Consider r2q change.
HTB: quantum of class FFFF0006 is big. Consider r2q change.
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device hsr_slave_1 left promiscuous mode
Bluetooth: hci1 command 0x0419 tx timeout
device hsr_slave_0 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
Bluetooth: hci5 command 0x0419 tx timeout
bond0 (unregistering): Released all slaves
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device hsr_slave_1 left promiscuous mode
device hsr_slave_0 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
bond0 (unregistering): Released all slaves
IPVS: ftp: loaded support on port[0] = 21
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
bond0: Enslaving bond_slave_0 as an active interface with an up link
bond0: Enslaving bond_slave_1 as an active interface with an up link
IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
team0: Port device team_slave_0 added
IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
team0: Port device team_slave_1 added
batman_adv: batadv0: Adding interface: batadv_slave_0
batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
batman_adv: batadv0: Adding interface: batadv_slave_1
batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
device hsr_slave_0 entered promiscuous mode
device hsr_slave_1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
8021q: adding VLAN 0 to HW filter on device bond0
IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
bridge0: port 1(bridge_slave_0) entered disabled state
bridge0: port 2(bridge_slave_1) entered disabled state
IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
device veth0_vlan entered promiscuous mode
device veth1_vlan entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
device veth0_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
device veth1_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_0
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
HTB: quantum of class FFFF0006 is big. Consider r2q change.
HTB: quantum of class FFFF0006 is big. Consider r2q change.
HTB: quantum of class FFFF0006 is big. Consider r2q change.
HTB: quantum of class FFFF0006 is big. Consider r2q change.
HTB: quantum of class FFFF0006 is big. Consider r2q change.
Bluetooth: hci0 command 0x0409 tx timeout
IPVS: ftp: loaded support on port[0] = 21
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
bond0: Enslaving bond_slave_0 as an active interface with an up link
Bluetooth: hci0 command 0x041b tx timeout
bond0: Enslaving bond_slave_1 as an active interface with an up link
IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
team0: Port device team_slave_0 added
IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
team0: Port device team_slave_1 added
batman_adv: batadv0: Adding interface: batadv_slave_0
batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
batman_adv: batadv0: Adding interface: batadv_slave_1
batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
device hsr_slave_0 entered promiscuous mode
device hsr_slave_1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
8021q: adding VLAN 0 to HW filter on device bond0
IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
bridge0: port 1(bridge_slave_0) entered disabled state
bridge0: port 2(bridge_slave_1) entered disabled state
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
device veth0_vlan entered promiscuous mode
device veth1_vlan entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
device veth0_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
device veth1_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_0
IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
HTB: quantum of class FFFF0006 is big. Consider r2q change.
Bluetooth: hci3 command 0x0409 tx timeout
Bluetooth: hci0 command 0x040f tx timeout
REISERFS warning (device loop2): super-6505 reiserfs_getopt: head of option "usrjquota" is only correct
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Nov 22, 2020, 4:39:25 AM11/22/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 76bda503 Linux 4.19.159
syzbot found the following issue on:
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=178092b9500000
kernel config: https://syzkaller.appspot.com/x/.config?x=9312892b010d9dd0
dashboard link: https://syzkaller.appspot.com/bug?extid=f1f5fadb1e03d4d54b6b
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f1f5fa...@syzkaller.appspotmail.com
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1850
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
in_atomic(): 0, irqs_disabled(): 0, pid: 7, name: kworker/u4:0
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
4 locks held by kworker/u4:0/7:
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
F2FS-fs (loop4): Unable to read 1th superblock
F2FS-fs (loop4): Unable to read 2th superblock
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
#0: 000000001b9a82ac ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(1143668739)
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
#1: 00000000bffc662e ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130
F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
#2: 0000000023428922 (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline]
#2: 0000000023428922 (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675
F2FS-fs (loop4): Unable to read 2th superblock
#3: 000000008e2b02c2 (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline]
#3: 000000008e2b02c2 (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661
Preemption disabled at:
[<ffffffff81533622>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1076 [inline]
[<ffffffff81533622>] rcu_lockdep_current_cpu_online+0x32/0x1b0 kernel/rcu/tree.c:1068
CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy8 ieee80211_iface_work
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6196
sta_info_move_state+0x32/0x900 net/mac80211/sta_info.c:1850
sta_info_free+0x55/0x390 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x517/0x2310 net/mac80211/sta_info.c:667
ieee80211_ibss_finish_sta+0x25b/0x360 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1366
process_one_work+0x864/0x1570 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
F2FS-fs (loop4): Unable to read 1th superblock
F2FS-fs (loop4): Unable to read 2th superblock
F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(1143668739)
F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop4): Unable to read 2th superblock
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
(unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode balance-rr(0)
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
syzbot
Nov 22, 2020, 6:58:16 AM11/22/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 76bda503 Linux 4.19.159
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=112f58a5500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f1f5fa...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
#2: 000000003438100e (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675
#3: 000000006d117964 (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline]
#3: 000000006d117964 (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661
HEAD commit: 76bda503 Linux 4.19.159
git tree: linux-4.19.y
kernel config: https://syzkaller.appspot.com/x/.config?x=9312892b010d9dd0
dashboard link: https://syzkaller.appspot.com/bug?extid=f1f5fadb1e03d4d54b6b
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12f8e925500000
dashboard link: https://syzkaller.appspot.com/bug?extid=f1f5fadb1e03d4d54b6b
compiler: gcc (GCC) 10.1.0-syz 20200507
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f1f5fa...@syzkaller.appspotmail.com
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1850
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
in_atomic(): 0, irqs_disabled(): 0, pid: 9436, name: kworker/u4:6
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
4 locks held by kworker/u4:6/9436:
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
#0: 00000000467ea305 ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126
IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
#1: 000000003ba5f658 ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
#2: 000000003438100e (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline]
#2: 000000003438100e (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675
#3: 000000006d117964 (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline]
#3: 000000006d117964 (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
Preemption disabled at:
[<ffffffff81533622>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1076 [inline]
[<ffffffff81533622>] rcu_lockdep_current_cpu_online+0x32/0x1b0 kernel/rcu/tree.c:1068
[<ffffffff81533622>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1076 [inline]
[<ffffffff81533622>] rcu_lockdep_current_cpu_online+0x32/0x1b0 kernel/rcu/tree.c:1068
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
CPU: 1 PID: 9436 Comm: kworker/u4:6 Not tainted 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
Workqueue: phy6 ieee80211_iface_work
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6196
sta_info_move_state+0x32/0x900 net/mac80211/sta_info.c:1850
sta_info_free+0x55/0x390 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x517/0x2310 net/mac80211/sta_info.c:667
ieee80211_ibss_finish_sta+0x25b/0x360 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1366
process_one_work+0x864/0x1570 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6196
sta_info_move_state+0x32/0x900 net/mac80211/sta_info.c:1850
sta_info_free+0x55/0x390 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x517/0x2310 net/mac80211/sta_info.c:667
ieee80211_ibss_finish_sta+0x25b/0x360 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1366
process_one_work+0x864/0x1570 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
syzbot
Nov 22, 2020, 7:14:23 AM11/22/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 0df445b0 Linux 4.14.208
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17126a21500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c3cbd9...@syzkaller.appspotmail.com
HEAD commit: 0df445b0 Linux 4.14.208
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=6aa57f8c6d59e7d6
dashboard link: https://syzkaller.appspot.com/bug?extid=c3cbd941924ce253fbc9
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15a3d2cd500000
dashboard link: https://syzkaller.appspot.com/bug?extid=c3cbd941924ce253fbc9
compiler: gcc (GCC) 10.1.0-syz 20200507
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c3cbd9...@syzkaller.appspotmail.com
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1844
in_atomic(): 0, irqs_disabled(): 0, pid: 9236, name: kworker/u4:5
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
4 locks held by kworker/u4:5/9236:
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
#0: ("%s"wiphy_name(local->hw.wiphy)){+.+.}, at: [<ffffffff81373610>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
#1: ((&sdata->work)){+.+.}, at: [<ffffffff81373646>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091
#2: (&wdev->mtx){+.+.}, at: [<ffffffff86d20792>] sdata_lock net/mac80211/ieee80211_i.h:986 [inline]
#2: (&wdev->mtx){+.+.}, at: [<ffffffff86d20792>] ieee80211_ibss_work+0x72/0xc90 net/mac80211/ibss.c:1675
#3: (rcu_read_lock){....}, at: [<ffffffff86ce4afd>] sta_info_insert_finish net/mac80211/sta_info.c:553 [inline]
#3: (rcu_read_lock){....}, at: [<ffffffff86ce4afd>] sta_info_insert_rcu+0x48d/0x1f40 net/mac80211/sta_info.c:634
Preemption disabled at:
[<ffffffff81488060>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1185 [inline]
[<ffffffff81488060>] rcu_lockdep_current_cpu_online+0x30/0x140 kernel/rcu/tree.c:1177
#2: (&wdev->mtx){+.+.}, at: [<ffffffff86d20792>] sdata_lock net/mac80211/ieee80211_i.h:986 [inline]
#2: (&wdev->mtx){+.+.}, at: [<ffffffff86d20792>] ieee80211_ibss_work+0x72/0xc90 net/mac80211/ibss.c:1675
#3: (rcu_read_lock){....}, at: [<ffffffff86ce4afd>] sta_info_insert_finish net/mac80211/sta_info.c:553 [inline]
#3: (rcu_read_lock){....}, at: [<ffffffff86ce4afd>] sta_info_insert_rcu+0x48d/0x1f40 net/mac80211/sta_info.c:634
Preemption disabled at:
[<ffffffff81488060>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1185 [inline]
[<ffffffff81488060>] rcu_lockdep_current_cpu_online+0x30/0x140 kernel/rcu/tree.c:1177
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
CPU: 1 PID: 9236 Comm: kworker/u4:5 Not tainted 4.14.208-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy2 ieee80211_iface_work
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6042
sta_info_move_state+0x32/0x930 net/mac80211/sta_info.c:1844
sta_info_free+0x50/0x330 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x23c/0x1f40 net/mac80211/sta_info.c:640
ieee80211_ibss_finish_sta+0x1db/0x2b0 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x260/0xc90 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x690/0x770 net/mac80211/iface.c:1383
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6042
sta_info_move_state+0x32/0x930 net/mac80211/sta_info.c:1844
sta_info_free+0x50/0x330 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x23c/0x1f40 net/mac80211/sta_info.c:640
ieee80211_ibss_finish_sta+0x1db/0x2b0 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x260/0xc90 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x690/0x770 net/mac80211/iface.c:1383
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
syzbot
Nov 22, 2020, 7:14:23 AM11/22/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 76bda503 Linux 4.19.159
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13b4cb96500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14a2ba3e500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f1f5fa...@syzkaller.appspotmail.com
4 locks held by kworker/u4:6/9425:
#0: 00000000b45d6bb4 ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126
#1: 00000000e0967db5 ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130
#2: 000000001038fa62 (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline]
#2: 000000001038fa62 (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675
#3: 00000000fe80a846 (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline]
#3: 00000000fe80a846 (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661
audit: type=1804 audit(1606047093.007:378): pid=10463 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.trtSUm/70/bus" dev="sda1" ino=15750 res=1
audit: type=1804 audit(1606047093.027:379): pid=10472 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.W4krKm/70/bus" dev="sda1" ino=15775 res=1
audit: type=1804 audit(1606047093.027:380): pid=10473 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.TbW8zj/59/bus" dev="sda1" ino=15783 res=1
audit: type=1804 audit(1606047093.037:381): pid=10475 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.Hk63Um/59/bus" dev="sda1" ino=15751 res=1
audit: type=1804 audit(1606047093.057:382): pid=10468 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.t1itSm/56/bus" dev="sda1" ino=15785 res=1
audit: type=1804 audit(1606047093.067:383): pid=10478 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.Z6Kxzm/62/bus" dev="sda1" ino=15786 res=1
audit: type=1804 audit(1606047093.067:384): pid=10480 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.trtSUm/71/bus" dev="sda1" ino=15732 res=1
audit: type=1804 audit(1606047093.077:385): pid=10481 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.TbW8zj/60/bus" dev="sda1" ino=15789 res=1
audit: type=1804 audit(1606047093.087:386): pid=10486 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.t1itSm/57/bus" dev="sda1" ino=15732 res=1
audit: type=1804 audit(1606047093.107:387): pid=10482 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.W4krKm/71/bus" dev="sda1" ino=15735 res=1
kauditd_printk_skb: 465 callbacks suppressed
audit: type=1804 audit(1606047098.018:854): pid=11513 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.W4krKm/148/bus" dev="sda1" ino=15832 res=1
audit: type=1804 audit(1606047098.008:853): pid=11514 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.Hk63Um/136/bus" dev="sda1" ino=15830 res=1
audit: type=1804 audit(1606047098.048:855): pid=11520 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.Z6Kxzm/141/bus" dev="sda1" ino=15781 res=1
audit: type=1804 audit(1606047098.058:856): pid=11521 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.t1itSm/135/bus" dev="sda1" ino=15821 res=1
audit: type=1804 audit(1606047098.068:857): pid=11515 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.trtSUm/153/bus" dev="sda1" ino=15746 res=1
audit: type=1804 audit(1606047098.068:858): pid=11518 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.TbW8zj/138/bus" dev="sda1" ino=15735 res=1
audit: type=1804 audit(1606047098.088:859): pid=11528 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.Z6Kxzm/142/bus" dev="sda1" ino=15735 res=1
audit: type=1804 audit(1606047098.098:861): pid=11527 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.W4krKm/149/bus" dev="sda1" ino=15818 res=1
audit: type=1804 audit(1606047098.088:860): pid=11529 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.Hk63Um/137/bus" dev="sda1" ino=15819 res=1
audit: type=1804 audit(1606047098.108:862): pid=11531 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.trtSUm/154/bus" dev="sda1" ino=15735 res=1
HEAD commit: 76bda503 Linux 4.19.159
git tree: linux-4.19.y
kernel config: https://syzkaller.appspot.com/x/.config?x=9312892b010d9dd0
dashboard link: https://syzkaller.appspot.com/bug?extid=f1f5fadb1e03d4d54b6b
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11f16305500000
dashboard link: https://syzkaller.appspot.com/bug?extid=f1f5fadb1e03d4d54b6b
compiler: gcc (GCC) 10.1.0-syz 20200507
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14a2ba3e500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f1f5fa...@syzkaller.appspotmail.com
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1850
in_atomic(): 0, irqs_disabled(): 0, pid: 9425, name: kworker/u4:6
4 locks held by kworker/u4:6/9425:
#0: 00000000b45d6bb4 ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126
#1: 00000000e0967db5 ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130
#2: 000000001038fa62 (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline]
#2: 000000001038fa62 (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675
#3: 00000000fe80a846 (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline]
#3: 00000000fe80a846 (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661
Preemption disabled at:
[<ffffffff81533622>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1076 [inline]
[<ffffffff81533622>] rcu_lockdep_current_cpu_online+0x32/0x1b0 kernel/rcu/tree.c:1068
CPU: 0 PID: 9425 Comm: kworker/u4:6 Not tainted 4.19.159-syzkaller #0
[<ffffffff81533622>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1076 [inline]
[<ffffffff81533622>] rcu_lockdep_current_cpu_online+0x32/0x1b0 kernel/rcu/tree.c:1068
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy11 ieee80211_iface_work
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6196
sta_info_move_state+0x32/0x900 net/mac80211/sta_info.c:1850
sta_info_free+0x55/0x390 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x517/0x2310 net/mac80211/sta_info.c:667
ieee80211_ibss_finish_sta+0x25b/0x360 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1366
process_one_work+0x864/0x1570 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
kauditd_printk_skb: 366 callbacks suppressed
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6196
sta_info_move_state+0x32/0x900 net/mac80211/sta_info.c:1850
sta_info_free+0x55/0x390 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x517/0x2310 net/mac80211/sta_info.c:667
ieee80211_ibss_finish_sta+0x25b/0x360 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1366
process_one_work+0x864/0x1570 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
audit: type=1804 audit(1606047093.007:378): pid=10463 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.trtSUm/70/bus" dev="sda1" ino=15750 res=1
audit: type=1804 audit(1606047093.027:379): pid=10472 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.W4krKm/70/bus" dev="sda1" ino=15775 res=1
audit: type=1804 audit(1606047093.027:380): pid=10473 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.TbW8zj/59/bus" dev="sda1" ino=15783 res=1
audit: type=1804 audit(1606047093.037:381): pid=10475 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.Hk63Um/59/bus" dev="sda1" ino=15751 res=1
audit: type=1804 audit(1606047093.057:382): pid=10468 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.t1itSm/56/bus" dev="sda1" ino=15785 res=1
audit: type=1804 audit(1606047093.067:383): pid=10478 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.Z6Kxzm/62/bus" dev="sda1" ino=15786 res=1
audit: type=1804 audit(1606047093.067:384): pid=10480 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.trtSUm/71/bus" dev="sda1" ino=15732 res=1
audit: type=1804 audit(1606047093.077:385): pid=10481 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.TbW8zj/60/bus" dev="sda1" ino=15789 res=1
audit: type=1804 audit(1606047093.087:386): pid=10486 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.t1itSm/57/bus" dev="sda1" ino=15732 res=1
audit: type=1804 audit(1606047093.107:387): pid=10482 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.W4krKm/71/bus" dev="sda1" ino=15735 res=1
kauditd_printk_skb: 465 callbacks suppressed
audit: type=1804 audit(1606047098.018:854): pid=11513 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.W4krKm/148/bus" dev="sda1" ino=15832 res=1
audit: type=1804 audit(1606047098.008:853): pid=11514 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.Hk63Um/136/bus" dev="sda1" ino=15830 res=1
audit: type=1804 audit(1606047098.048:855): pid=11520 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.Z6Kxzm/141/bus" dev="sda1" ino=15781 res=1
audit: type=1804 audit(1606047098.058:856): pid=11521 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.t1itSm/135/bus" dev="sda1" ino=15821 res=1
audit: type=1804 audit(1606047098.068:857): pid=11515 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.trtSUm/153/bus" dev="sda1" ino=15746 res=1
audit: type=1804 audit(1606047098.068:858): pid=11518 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.TbW8zj/138/bus" dev="sda1" ino=15735 res=1
audit: type=1804 audit(1606047098.088:859): pid=11528 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.Z6Kxzm/142/bus" dev="sda1" ino=15735 res=1
audit: type=1804 audit(1606047098.098:861): pid=11527 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.W4krKm/149/bus" dev="sda1" ino=15818 res=1
audit: type=1804 audit(1606047098.088:860): pid=11529 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.Hk63Um/137/bus" dev="sda1" ino=15819 res=1
audit: type=1804 audit(1606047098.108:862): pid=11531 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor053" name="/root/syzkaller.trtSUm/154/bus" dev="sda1" ino=15735 res=1
syzbot
Nov 22, 2020, 9:08:21 AM11/22/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 0df445b0 Linux 4.14.208
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13d77d89500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1508c3d5500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c3cbd9...@syzkaller.appspotmail.com
4 locks held by kworker/u4:1/22:
HEAD commit: 0df445b0 Linux 4.14.208
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=6aa57f8c6d59e7d6
dashboard link: https://syzkaller.appspot.com/bug?extid=c3cbd941924ce253fbc9
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16f1fd6d500000
dashboard link: https://syzkaller.appspot.com/bug?extid=c3cbd941924ce253fbc9
compiler: gcc (GCC) 10.1.0-syz 20200507
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1508c3d5500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c3cbd9...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1844
in_atomic(): 0, irqs_disabled(): 0, pid: 22, name: kworker/u4:1
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1844
4 locks held by kworker/u4:1/22:
#0: ("%s"wiphy_name(local->hw.wiphy)){+.+.}, at: [<ffffffff81373610>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087
#1: ((&sdata->work)){+.+.}, at: [<ffffffff81373646>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091
#2: (&wdev->mtx){+.+.}, at: [<ffffffff86d20792>] sdata_lock net/mac80211/ieee80211_i.h:986 [inline]
#2: (&wdev->mtx){+.+.}, at: [<ffffffff86d20792>] ieee80211_ibss_work+0x72/0xc90 net/mac80211/ibss.c:1675
#3: (rcu_read_lock){....}, at: [<ffffffff86ce4afd>] sta_info_insert_finish net/mac80211/sta_info.c:553 [inline]
#3: (rcu_read_lock){....}, at: [<ffffffff86ce4afd>] sta_info_insert_rcu+0x48d/0x1f40 net/mac80211/sta_info.c:634
Preemption disabled at:
[<ffffffff81488060>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1185 [inline]
[<ffffffff81488060>] rcu_lockdep_current_cpu_online+0x30/0x140 kernel/rcu/tree.c:1177
CPU: 1 PID: 22 Comm: kworker/u4:1 Not tainted 4.14.208-syzkaller #0
#1: ((&sdata->work)){+.+.}, at: [<ffffffff81373646>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091
#2: (&wdev->mtx){+.+.}, at: [<ffffffff86d20792>] sdata_lock net/mac80211/ieee80211_i.h:986 [inline]
#2: (&wdev->mtx){+.+.}, at: [<ffffffff86d20792>] ieee80211_ibss_work+0x72/0xc90 net/mac80211/ibss.c:1675
#3: (rcu_read_lock){....}, at: [<ffffffff86ce4afd>] sta_info_insert_finish net/mac80211/sta_info.c:553 [inline]
#3: (rcu_read_lock){....}, at: [<ffffffff86ce4afd>] sta_info_insert_rcu+0x48d/0x1f40 net/mac80211/sta_info.c:634
Preemption disabled at:
[<ffffffff81488060>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1185 [inline]
[<ffffffff81488060>] rcu_lockdep_current_cpu_online+0x30/0x140 kernel/rcu/tree.c:1177
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy3 ieee80211_iface_work
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6042
sta_info_move_state+0x32/0x930 net/mac80211/sta_info.c:1844
sta_info_free+0x50/0x330 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x23c/0x1f40 net/mac80211/sta_info.c:640
ieee80211_ibss_finish_sta+0x1db/0x2b0 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x260/0xc90 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x690/0x770 net/mac80211/iface.c:1383
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6042
sta_info_move_state+0x32/0x930 net/mac80211/sta_info.c:1844
sta_info_free+0x50/0x330 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x23c/0x1f40 net/mac80211/sta_info.c:640
ieee80211_ibss_finish_sta+0x1db/0x2b0 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x260/0xc90 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x690/0x770 net/mac80211/iface.c:1383
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Bluetooth: hci0 command 0x0409 tx timeout
Bluetooth: hci0 command 0x041b tx timeout
Bluetooth: hci0 command 0x040f tx timeout
Bluetooth: hci0 command 0x0419 tx timeout
syzbot
Dec 24, 2020, 11:09:09 AM12/24/20
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit 499b109be6889b4a5442b7652c32370bb2d741a2
Author: Johannes Berg <johann...@intel.com>
Date: Thu Nov 12 10:22:04 2020 +0000
mac80211: free sta in sta_info_insert_finish() on errors
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=110fb4db500000
start commit: 76bda503 Linux 4.19.159
git tree: linux-4.19.y
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12e80ef1500000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: mac80211: free sta in sta_info_insert_finish() on errors
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 499b109be6889b4a5442b7652c32370bb2d741a2
Author: Johannes Berg <johann...@intel.com>
Date: Thu Nov 12 10:22:04 2020 +0000
mac80211: free sta in sta_info_insert_finish() on errors
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=110fb4db500000
start commit: 76bda503 Linux 4.19.159
git tree: linux-4.19.y
kernel config: https://syzkaller.appspot.com/x/.config?x=9312892b010d9dd0
dashboard link: https://syzkaller.appspot.com/bug?extid=f1f5fadb1e03d4d54b6b
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=145446ae500000
dashboard link: https://syzkaller.appspot.com/bug?extid=f1f5fadb1e03d4d54b6b
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12e80ef1500000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: mac80211: free sta in sta_info_insert_finish() on errors
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot
Dec 24, 2020, 2:48:07 PM12/24/20
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit 89ab6b90b7d92d0e561fed063baac6e6b287bc84
Author: Johannes Berg <johann...@intel.com>
Date: Thu Nov 12 10:22:04 2020 +0000
mac80211: free sta in sta_info_insert_finish() on errors
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10ff142b500000
Date: Thu Nov 12 10:22:04 2020 +0000
mac80211: free sta in sta_info_insert_finish() on errors
start commit: 0df445b0 Linux 4.14.208
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=6aa57f8c6d59e7d6
dashboard link: https://syzkaller.appspot.com/bug?extid=c3cbd941924ce253fbc9
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13814701500000
dashboard link: https://syzkaller.appspot.com/bug?extid=c3cbd941924ce253fbc9
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14fe5e43500000
Reply all
Reply to author
Forward
0 new messages