IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1850 Bluetooth: hci4: command 0x0419 tx timeout in_atomic(): 0, irqs_disabled(): 0, pid: 7, name: kworker/u4:0 4 locks held by kworker/u4:0/7: #0: 000000009a46dd1b ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126 hrtimer: interrupt took 34252 ns #1: 0000000020941248 ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130 #2: 0000000060ce7043 (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline] #2: 0000000060ce7043 (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675 #3: 00000000ec825093 (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline] #3: 00000000ec825093 (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661 Preemption disabled at: [] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1076 [inline] [] rcu_lockdep_current_cpu_online+0x32/0x1b0 kernel/rcu/tree.c:1068 CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 4.19.159-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy7 ieee80211_iface_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2fe lib/dump_stack.c:118 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6196 sta_info_move_state+0x32/0x900 net/mac80211/sta_info.c:1850 sta_info_free+0x55/0x390 net/mac80211/sta_info.c:260 sta_info_insert_rcu+0x517/0x2310 net/mac80211/sta_info.c:667 ieee80211_ibss_finish_sta+0x25b/0x360 net/mac80211/ibss.c:601 gfs2: quota_quantum mount option requires a positive numeric argument ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692 gfs2: can't parse mount arguments ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1366 process_one_work+0x864/0x1570 kernel/workqueue.c:2155 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Bluetooth: hci5: command 0x0419 tx timeout tmpfs: Bad value '-%e1927' for mount option 'nr_inodes' tmpfs: Bad value '-%e1927' for mount option 'nr_inodes' IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 netlink: 168 bytes leftover after parsing attributes in process `syz-executor.0'. IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'. wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready nvme_fabrics: unknown parameter or missing value '' in ctrl creation request Unknown ioctl -2147199741 nvme_fabrics: unknown parameter or missing value '' in ctrl creation request IPVS: set_ctl: invalid protocol: 135 224.0.0.2:20004 ADFS-fs: unrecognised mount option "/dev/hwrng" or missing value EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (60935!=0) EXT4-fs (loop5): orphan cleanup on readonly fs EXT4-fs error (device loop5): ext4_quota_enable:5841: comm syz-executor.5: Bad quota inode # 3 EXT4-fs warning (device loop5): ext4_enable_quotas:5878: Failed to enable quota tracking (type=0, err=-116). Please run e2fsck to fix. EXT4-fs (loop5): Cannot turn on quotas: error -116 EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) syz-executor.1 uses obsolete (PF_INET,SOCK_PACKET) EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) EXT4-fs error (device loop1): ext4_fill_super:4448: inode #2: comm syz-executor.1: iget: bogus i_mode (35101) EXT4-fs (loop1): get root inode failed EXT4-fs (loop1): mount failed EXT4-fs error (device loop1): ext4_fill_super:4448: inode #2: comm syz-executor.1: iget: bogus i_mode (35101) EXT4-fs (loop1): get root inode failed EXT4-fs (loop1): mount failed UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock EXT4-fs (loop5): group descriptors corrupted! hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors xt_l2tp: invalid flags combination: 0 EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 0)! EXT4-fs (loop5): group descriptors corrupted! xt_l2tp: invalid flags combination: 0 audit: type=1804 audit(1606114695.603:2): pid=9945 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir808503887/syzkaller.plO95O/10/bus" dev="sda1" ino=15777 res=1 audit: type=1804 audit(1606114695.703:3): pid=9952 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir808503887/syzkaller.plO95O/10/bus" dev="sda1" ino=15777 res=1 EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors audit: type=1804 audit(1606114695.763:4): pid=9952 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir808503887/syzkaller.plO95O/10/bus" dev="sda1" ino=15777 res=1 EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 0)! UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) audit: type=1804 audit(1606114695.853:5): pid=9968 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir808503887/syzkaller.plO95O/10/bus" dev="sda1" ino=15777 res=1 EXT4-fs (loop5): group descriptors corrupted! netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. IPVS: ftp: loaded support on port[0] = 21 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. IPVS: ftp: loaded support on port[0] = 21 bridge0: port 3(ipvlan2) entered blocking state bridge0: port 3(ipvlan2) entered disabled state mmap: syz-executor.5 (10080) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 not in group (block 14712915058090835971)! EXT4-fs (loop2): group descriptors corrupted! UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) bridge0: port 3(ipvlan2) entered blocking state bridge0: port 3(ipvlan2) entered disabled state erofs: read_super, device -> /dev/loop2 erofs: options -> ./file0 erofs: cannot find valid erofs superblock *** Guest State *** UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x0000000000000000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811acbff RSP = 0xffff88804d2778c0 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f26da16c700 GSBase=ffff8880ba000000 TRBase=fffffe0000003000 EXT4-fs (loop4): Unrecognized mount option " °Ü¶Ò[Ä Í‚$]¬òt;34ÛHd°FÑù»³Dݹ¬àæ>Ã6é»7 ;K†Ñ®ñ¥äÜ[¾• ¼IÎ\u" or missing value GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 CR0=0000000080050033 CR3=000000009bf96000 CR4=00000000001426f0 Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff88201290 EFER = 0x0000000000000d01 PAT = 0x0407050600070106 *** Control State *** PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ea UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) EntryControls=0000d1ff ExitControls=002fefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff9f70368ee6 EPT pointer = 0x000000009936e01e Virtual processor ID = 0x0001 EXT4-fs (loop4): Unrecognized mount option " °Ü¶Ò[Ä Í‚$]¬òt;34ÛHd°FÑù»³Dݹ¬àæ>Ã6é»7 ;K†Ñ®ñ¥äÜ[¾• ¼IÎ\u" or missing value mkiss: ax0: crc mode is auto. netlink: 92 bytes leftover after parsing attributes in process `syz-executor.2'. UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) netlink: 92 bytes leftover after parsing attributes in process `syz-executor.2'. syz-executor.2 (10257) used greatest stack depth: 22848 bytes left