bridge0: port 5(batadv3) entered blocking state bridge0: port 5(batadv3) entered disabled state device batadv3 entered promiscuous mode overlayfs: at least 2 lowerdir are needed while upperdir nonexistent ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled ------------------------------------------------------ syz-executor.0/10858 is trying to acquire lock: 0000000013a90dfc (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_get_block+0x292/0x960 fs/hfsplus/extents.c:260 batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled but task is already holding lock: 0000000046d8f951 (&tree->tree_lock#2){+.+.}, at: hfsplus_find_init+0x1b7/0x220 fs/hfsplus/bfind.c:30 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&tree->tree_lock#2){+.+.}: hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595 hfsplus_setattr+0x1e7/0x310 fs/hfsplus/inode.c:263 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 handle_truncate fs/namei.c:3009 [inline] do_last fs/namei.c:3427 [inline] path_openat+0x2308/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 hfsplus_get_block+0x292/0x960 fs/hfsplus/extents.c:260 block_read_full_page+0x288/0xd10 fs/buffer.c:2259 do_read_cache_page+0x533/0x1170 mm/filemap.c:2828 read_mapping_page include/linux/pagemap.h:402 [inline] __hfs_bnode_create+0x5b7/0xb60 fs/hfsplus/bnode.c:447 hfsplus_bnode_find+0x2aa/0xb80 fs/hfsplus/bnode.c:497 hfsplus_brec_find+0x2af/0x500 fs/hfsplus/bfind.c:183 hfsplus_brec_read+0x28/0x120 fs/hfsplus/bfind.c:222 hfsplus_find_cat+0x1d0/0x480 fs/hfsplus/catalog.c:202 hfsplus_iget+0x400/0x790 fs/hfsplus/super.c:81 hfsplus_fill_super+0xc5f/0x19e0 fs/hfsplus/super.c:503 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&tree->tree_lock#2); lock(&HFSPLUS_I(inode)->extents_lock); lock(&tree->tree_lock#2); lock(&HFSPLUS_I(inode)->extents_lock); *** DEADLOCK *** 2 locks held by syz-executor.0/10858: #0: 0000000055460472 (&type->s_umount_key#69/1){+.+.}, at: alloc_super fs/super.c:226 [inline] #0: 0000000055460472 (&type->s_umount_key#69/1){+.+.}, at: sget_userns+0x20b/0xcd0 fs/super.c:519 #1: 0000000046d8f951 (&tree->tree_lock#2){+.+.}, at: hfsplus_find_init+0x1b7/0x220 fs/hfsplus/bfind.c:30 stack backtrace: CPU: 0 PID: 10858 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 hfsplus_get_block+0x292/0x960 fs/hfsplus/extents.c:260 block_read_full_page+0x288/0xd10 fs/buffer.c:2259 do_read_cache_page+0x533/0x1170 mm/filemap.c:2828 read_mapping_page include/linux/pagemap.h:402 [inline] __hfs_bnode_create+0x5b7/0xb60 fs/hfsplus/bnode.c:447 hfsplus_bnode_find+0x2aa/0xb80 fs/hfsplus/bnode.c:497 hfsplus_brec_find+0x2af/0x500 fs/hfsplus/bfind.c:183 hfsplus_brec_read+0x28/0x120 fs/hfsplus/bfind.c:222 hfsplus_find_cat+0x1d0/0x480 fs/hfsplus/catalog.c:202 hfsplus_iget+0x400/0x790 fs/hfsplus/super.c:81 hfsplus_fill_super+0xc5f/0x19e0 fs/hfsplus/super.c:503 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f1be770a62a Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f1be5c7af88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00000000000005f6 RCX: 00007f1be770a62a RDX: 0000000020000000 RSI: 00000000200000c0 RDI: 00007f1be5c7afe0 RBP: 00007f1be5c7b020 R08: 00007f1be5c7b020 R09: 0000000000200008 R10: 0000000000200008 R11: 0000000000000202 R12: 0000000020000000 R13: 00000000200000c0 R14: 00007f1be5c7afe0 R15: 0000000020000080 hfsplus: failed to load root directory batman_adv: batadv3: No IGMP Querier present - multicast optimizations disabled batman_adv: batadv3: No MLD Querier present - multicast optimizations disabled batman_adv: batadv2: No IGMP Querier present - multicast optimizations disabled batman_adv: batadv2: No MLD Querier present - multicast optimizations disabled BTRFS info (device loop5): enabling inode map caching BTRFS info (device loop5): force clearing of disk cache BTRFS info (device loop5): disabling free space tree bridge0: port 6(batadv4) entered blocking state BTRFS info (device loop5): has skinny extents bridge0: port 6(batadv4) entered disabled state device batadv4 entered promiscuous mode IPVS: ftp: loaded support on port[0] = 21 bridge0: port 7(batadv5) entered blocking state bridge0: port 7(batadv5) entered disabled state device batadv5 entered promiscuous mode BTRFS info (device loop5): clearing free space tree BTRFS info (device loop5): clearing 1 ro feature flag BTRFS info (device loop5): clearing 2 ro feature flag nla_parse: 6 callbacks suppressed netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 hfsplus: failed to load root directory netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. ubi0: attaching mtd0 ubi0: scanning is finished ubi0: empty MTD device detected device batadv6 entered promiscuous mode 8021q: adding VLAN 0 to HW filter on device batadv6 hfsplus: failed to load root directory batman_adv: batadv4: No IGMP Querier present - multicast optimizations disabled batman_adv: batadv4: No MLD Querier present - multicast optimizations disabled ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 ubi0: VID header offset: 64 (aligned 64), data offset: 128 ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 batman_adv: batadv5: No IGMP Querier present - multicast optimizations disabled batman_adv: batadv5: No MLD Querier present - multicast optimizations disabled ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1283338158 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 IPVS: ftp: loaded support on port[0] = 21 bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state ubi0: background thread "ubi_bgt0d" started, PID 11049 ubi0: detaching mtd0 ubi0: mtd0 is detached ubi0: attaching mtd0 ubi0: scanning is finished IPVS: ftp: loaded support on port[0] = 21 ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 ubi0: VID header offset: 64 (aligned 64), data offset: 128 ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 1283338158 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 device batadv5 left promiscuous mode bridge0: port 7(batadv5) entered disabled state ubi0: background thread "ubi_bgt0d" started, PID 11137 ubi0: detaching mtd0 ubi0: mtd0 is detached device batadv4 left promiscuous mode bridge0: port 6(batadv4) entered disabled state device batadv3 left promiscuous mode bridge0: port 5(batadv3) entered disabled state ubi0: attaching mtd0 ubi0: scanning is finished device batadv2 left promiscuous mode bridge0: port 4(batadv2) entered disabled state device batadv1 left promiscuous mode bridge0: port 3(batadv1) entered disabled state ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) device bridge_slave_1 left promiscuous mode ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes bridge0: port 2(bridge_slave_1) entered disabled state ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 device bridge_slave_0 left promiscuous mode XFS (loop4): Mounting V4 Filesystem bridge0: port 1(bridge_slave_0) entered disabled state ubi0: VID header offset: 64 (aligned 64), data offset: 128 XFS (loop4): Ending clean mount XFS (loop5): Mounting V4 Filesystem ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 kauditd_printk_skb: 9 callbacks suppressed audit: type=1804 audit(1677980327.326:24): pid=11116 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir642968723/syzkaller.JmR3re/20/file0/bus" dev="loop4" ino=41 res=1 XFS (loop5): Ending clean mount ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1283338158 syz-executor.4 (11116) used greatest stack depth: 21736 bytes left ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 audit: type=1800 audit(1677980327.346:25): pid=11116 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=41 res=0 XFS (loop5): Quotacheck needed: Please wait. XFS (loop4): Unmounting Filesystem ubi0: background thread "ubi_bgt0d" started, PID 11159 ubi0: detaching mtd0 ubi0: mtd0 is detached audit: type=1804 audit(1677980327.436:26): pid=11209 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir642968723/syzkaller.JmR3re/20/file0/bus" dev="loop4" ino=41 res=1 bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state XFS (loop5): Quotacheck: Done. XFS (loop5): unknown mount option [ÿî§<< G4š¶mRŸ±â½ÆuÆÌëê0º‰wÆ2ÝËàíù†¶Žæ]. IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state wlan1: Trigger new scan to find an IBSS to join audit: type=1804 audit(1677980328.306:27): pid=11107 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir1243637663/syzkaller.kbrWnr/22/file0/bus" dev="loop5" ino=42 res=1 XFS (loop5): Unmounting Filesystem audit: type=1804 audit(1677980328.776:28): pid=11322 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir642968723/syzkaller.JmR3re/22/bus" dev="sda1" ino=14026 res=1 audit: type=1800 audit(1677980328.776:29): pid=11322 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=14026 res=0 ubi0: attaching mtd0 audit: type=1804 audit(1677980328.836:30): pid=11329 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir642968723/syzkaller.JmR3re/22/bus" dev="sda1" ino=14026 res=1 ubi0: scanning is finished wlan1: Creating new IBSS network, BSSID 7e:c0:a8:85:8a:ca ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 ubi0: VID header offset: 64 (aligned 64), data offset: 128 ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1283338158 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 ubi0: detaching mtd0 ubi0: background thread "ubi_bgt0d" started, PID 11344 ubi0: mtd0 is detached XFS (loop3): Mounting V4 Filesystem XFS (loop1): Mounting V4 Filesystem XFS (loop3): Ending clean mount ubi0: attaching mtd0 XFS (loop1): Ending clean mount ubi0: scanning is finished audit: type=1804 audit(1677980329.876:31): pid=11328 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2709532692/syzkaller.vbXINv/24/file0/bus" dev="loop3" ino=41 res=1 ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes audit: type=1800 audit(1677980329.876:32): pid=11328 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=41 res=0 syz-executor.3 (11328) used greatest stack depth: 21680 bytes left ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 XFS (loop3): Unmounting Filesystem ubi0: VID header offset: 64 (aligned 64), data offset: 128 ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 audit: type=1804 audit(1677980329.936:33): pid=11319 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590236763/syzkaller.qmeZ1D/28/file0/bus" dev="loop1" ino=41 res=1 XFS (loop0): Mounting V4 Filesystem ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1283338158 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 XFS (loop1): Unmounting Filesystem ubi0: detaching mtd0 ubi0: background thread "ubi_bgt0d" started, PID 11383 ubi0: mtd0 is detached ubi0: attaching mtd0 XFS (loop0): Ending clean mount ubi0: scanning is finished ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) XFS (loop5): Mounting V4 Filesystem ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes XFS (loop5): Ending clean mount ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 XFS (loop5): Quotacheck needed: Please wait. ubi0: VID header offset: 64 (aligned 64), data offset: 128 XFS (loop0): Unmounting Filesystem ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 XFS (loop5): Quotacheck: Done. ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1283338158 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 XFS (loop5): unknown mount option [ÿî§<< G4š¶mRŸ±â½ÆuÆÌëê0º‰wÆ2ÝËàíù†¶Žæ]. ubi0: background thread "ubi_bgt0d" started, PID 11424 ubi0: detaching mtd0 ubi0: mtd0 is detached ubi0: attaching mtd0 ubi0: scanning is finished ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 ubi0: VID header offset: 64 (aligned 64), data offset: 128 ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1283338158 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 ubi0: background thread "ubi_bgt0d" started, PID 11451 ubi0: detaching mtd0 XFS (loop5): Unmounting Filesystem ubi0: mtd0 is detached XFS (loop1): Mounting V4 Filesystem ubi0: attaching mtd0 ubi0: scanning is finished XFS (loop1): Ending clean mount XFS (loop3): Mounting V4 Filesystem XFS (loop3): Ending clean mount ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 XFS (loop1): Unmounting Filesystem ubi0: VID header offset: 64 (aligned 64), data offset: 128 ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1283338158 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 ubi0: background thread "ubi_bgt0d" started, PID 11490 XFS (loop3): Unmounting Filesystem ubi0: detaching mtd0 ubi0: mtd0 is detached ubi0: attaching mtd0 ubi0: scanning is finished ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 XFS (loop0): Mounting V4 Filesystem ubi0: VID header offset: 64 (aligned 64), data offset: 128 ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 XFS (loop0): Ending clean mount ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1283338158 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 ubi0: background thread "ubi_bgt0d" started, PID 11514 ubi0: detaching mtd0 ubi0: mtd0 is detached ubi0: attaching mtd0 ubi0: scanning is finished XFS (loop5): Mounting V4 Filesystem XFS (loop5): Ending clean mount XFS (loop0): Unmounting Filesystem XFS (loop5): Quotacheck needed: Please wait. XFS (loop5): Quotacheck: Done. ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) XFS (loop5): unknown mount option [ÿî§<< G4š¶mRŸ±â½ÆuÆÌëê0º‰wÆ2ÝËàíù†¶Žæ]. ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 ubi0: VID header offset: 64 (aligned 64), data offset: 128 kauditd_printk_skb: 16 callbacks suppressed audit: type=1804 audit(1677980332.416:50): pid=11497 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir1243637663/syzkaller.kbrWnr/24/file0/bus" dev="loop5" ino=42 res=1 ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1283338158 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 XFS (loop1): Mounting V4 Filesystem ubi0: background thread "ubi_bgt0d" started, PID 11553 ubi0: detaching mtd0 XFS (loop1): Ending clean mount ubi0: mtd0 is detached ubi0: attaching mtd0 ubi0: scanning is finished audit: type=1804 audit(1677980332.746:51): pid=11506 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir590236763/syzkaller.qmeZ1D/30/file0/bus" dev="loop1" ino=41 res=1 XFS (loop3): Mounting V4 Filesystem XFS (loop3): Ending clean mount ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) audit: type=1800 audit(1677980332.756:52): pid=11506 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=41 res=0 syz-executor.1 (11506) used greatest stack depth: 21488 bytes left ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 XFS (loop1): Unmounting Filesystem ubi0: VID header offset: 64 (aligned 64), data offset: 128 XFS (loop5): Unmounting Filesystem ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1283338158 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 ubi0: background thread "ubi_bgt0d" started, PID 11597 audit: type=1804 audit(1677980332.876:53): pid=11592 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir590236763/syzkaller.qmeZ1D/30/file0/bus" dev="loop1" ino=41 res=1 ubi0: detaching mtd0 audit: type=1804 audit(1677980333.116:54): pid=11529 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2709532692/syzkaller.vbXINv/26/file0/bus" dev="loop3" ino=41 res=1 ubi0: mtd0 is detached ubi0: attaching mtd0 ubi0: scanning is finished audit: type=1800 audit(1677980333.146:55): pid=11529 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=41 res=0 XFS (loop3): Unmounting Filesystem XFS (loop0): Mounting V4 Filesystem XFS (loop0): Ending clean mount audit: type=1804 audit(1677980333.216:56): pid=11613 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir2709532692/syzkaller.vbXINv/26/file0/bus" dev="loop3" ino=41 res=1 ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes audit: type=1804 audit(1677980333.396:57): pid=11567 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2023394756/syzkaller.j7Lno8/32/file0/bus" dev="loop0" ino=41 res=1 ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 ubi0: VID header offset: 64 (aligned 64), data offset: 128 ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 audit: type=1800 audit(1677980333.396:58): pid=11567 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="loop0" ino=41 res=0 ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1283338158 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 ubi0: background thread "ubi_bgt0d" started, PID 11629 audit: type=1804 audit(1677980333.496:59): pid=11635 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2023394756/syzkaller.j7Lno8/32/file0/bus" dev="loop0" ino=41 res=1 ubi: mtd0 is already attached to ubi0 XFS (loop0): Unmounting Filesystem ubi0: detaching mtd0 ubi0: mtd0 is detached ubi0: attaching mtd0 ubi0: scanning is finished ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 ubi0: VID header offset: 64 (aligned 64), data offset: 128 ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1283338158 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 ubi0: background thread "ubi_bgt0d" started, PID 11655 ubi0: detaching mtd0 ubi0: mtd0 is detached ubi0: attaching mtd0 ubi0: scanning is finished XFS (loop1): Mounting V4 Filesystem XFS (loop1): Ending clean mount ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes XFS (loop3): Mounting V4 Filesystem ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 XFS (loop3): Ending clean mount ubi0: VID header offset: 64 (aligned 64), data offset: 128 ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1283338158 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 ubi0: background thread "ubi_bgt0d" started, PID 11686 ubi: mtd0 is already attached to ubi0 ubi0: detaching mtd0 XFS (loop1): Unmounting Filesystem ubi0: mtd0 is detached ubi0: attaching mtd0 ubi0: scanning is finished XFS (loop3): Unmounting Filesystem XFS (loop0): Mounting V4 Filesystem XFS (loop0): Ending clean mount ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 ubi0: VID header offset: 64 (aligned 64), data offset: 128 ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1283338158 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 ubi0: background thread "ubi_bgt0d" started, PID 11727 ubi0: detaching mtd0