======================================================
WARNING: possible circular locking dependency detected
4.14.305-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.2/10141 is trying to acquire lock:
 (&xt[i].mutex){+.+.}, at: [<ffffffff85f21683>] match_revfn+0x43/0x210 net/netfilter/x_tables.c:332

but task is already holding lock:
 (&table[i].mutex){+.+.}, at: [<ffffffff85e4d3b6>] nfnl_lock net/netfilter/nfnetlink.c:61 [inline]
 (&table[i].mutex){+.+.}, at: [<ffffffff85e4d3b6>] nfnetlink_rcv_msg+0x726/0xc00 net/netfilter/nfnetlink.c:209

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&table[i].mutex){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
       nf_tables_netdev_event+0x10d/0x4d0 net/netfilter/nf_tables_netdev.c:122
       notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93
       call_netdevice_notifiers_info net/core/dev.c:1667 [inline]
       call_netdevice_notifiers net/core/dev.c:1683 [inline]
       rollback_registered_many+0x765/0xbb0 net/core/dev.c:7211
       unregister_netdevice_many.part.0+0x18/0x2e0 net/core/dev.c:8293
       unregister_netdevice_many+0x36/0x50 net/core/dev.c:8292
       ip6gre_exit_net+0x41e/0x570 net/ipv6/ip6_gre.c:1211
       ops_exit_list+0xad/0x160 net/core/net_namespace.c:142
       cleanup_net+0x3b3/0x840 net/core/net_namespace.c:487
       process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
       worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406

-> #1 (rtnl_mutex){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
       unregister_netdevice_notifier+0x5e/0x2b0 net/core/dev.c:1630
       tee_tg_destroy+0x5c/0xb0 net/netfilter/xt_TEE.c:123
       cleanup_entry+0x1fd/0x2d0 net/ipv4/netfilter/ip_tables.c:666
       __do_replace+0x38d/0x570 net/ipv4/netfilter/ip_tables.c:1086
       do_replace net/ipv4/netfilter/ip_tables.c:1142 [inline]
       do_ipt_set_ctl+0x256/0x3a0 net/ipv4/netfilter/ip_tables.c:1676
       nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
       nf_setsockopt+0x5f/0xb0 net/netfilter/nf_sockopt.c:115
       ip_setsockopt net/ipv4/ip_sockglue.c:1255 [inline]
       ip_setsockopt+0x94/0xb0 net/ipv4/ip_sockglue.c:1240
       raw_setsockopt+0xac/0xd0 net/ipv4/raw.c:860
       SYSC_setsockopt net/socket.c:1865 [inline]
       SyS_setsockopt+0x110/0x1e0 net/socket.c:1844
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

-> #0 (&xt[i].mutex){+.+.}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
       match_revfn+0x43/0x210 net/netfilter/x_tables.c:332
       xt_find_revision+0x8d/0x1d0 net/netfilter/x_tables.c:380
       nfnl_compat_get+0x1f7/0x870 net/netfilter/nft_compat.c:678
       nfnetlink_rcv_msg+0x9bb/0xc00 net/netfilter/nfnetlink.c:214
       netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2461
       nfnetlink_rcv+0x1ab/0x1da0 net/netfilter/nfnetlink.c:515
       netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
       netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1328
       netlink_sendmsg+0x651/0xbc0 net/netlink/af_netlink.c:1900
       sock_sendmsg_nosec net/socket.c:646 [inline]
       sock_sendmsg+0xb5/0x100 net/socket.c:656
       ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
       __sys_sendmsg+0xa3/0x120 net/socket.c:2096
       SYSC_sendmsg net/socket.c:2107 [inline]
       SyS_sendmsg+0x27/0x40 net/socket.c:2103
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

other info that might help us debug this:

Chain exists of:
  &xt[i].mutex --> rtnl_mutex --> &table[i].mutex

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&table[i].mutex);
                               lock(rtnl_mutex);
                               lock(&table[i].mutex);
  lock(&xt[i].mutex);

 *** DEADLOCK ***

1 lock held by syz-executor.2/10141:
 #0:  (&table[i].mutex){+.+.}, at: [<ffffffff85e4d3b6>] nfnl_lock net/netfilter/nfnetlink.c:61 [inline]
 #0:  (&table[i].mutex){+.+.}, at: [<ffffffff85e4d3b6>] nfnetlink_rcv_msg+0x726/0xc00 net/netfilter/nfnetlink.c:209

stack backtrace:
CPU: 0 PID: 10141 Comm: syz-executor.2 Not tainted 4.14.305-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
 match_revfn+0x43/0x210 net/netfilter/x_tables.c:332
 xt_find_revision+0x8d/0x1d0 net/netfilter/x_tables.c:380
 nfnl_compat_get+0x1f7/0x870 net/netfilter/nft_compat.c:678
 nfnetlink_rcv_msg+0x9bb/0xc00 net/netfilter/nfnetlink.c:214
 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2461
 nfnetlink_rcv+0x1ab/0x1da0 net/netfilter/nfnetlink.c:515
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x651/0xbc0 net/netlink/af_netlink.c:1900
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xb5/0x100 net/socket.c:656
 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
 __sys_sendmsg+0xa3/0x120 net/socket.c:2096
 SYSC_sendmsg net/socket.c:2107 [inline]
 SyS_sendmsg+0x27/0x40 net/socket.c:2103
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7faf535ec0f9
RSP: 002b:00007faf51b5e168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007faf5370bf80 RCX: 00007faf535ec0f9
RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
RBP: 00007faf53647ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe4798b9ff R14: 00007faf51b5e300 R15: 0000000000022000
unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1
SQUASHFS error: squashfs_read_data failed to read block 0x736
SQUASHFS error: Unable to read metadata cache entry [736]
SQUASHFS error: squashfs_read_data failed to read block 0x4e8
audit: type=1800 audit(1676091300.933:18): pid=10163 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.2" name="file1" dev="loop2" ino=5 res=0
SQUASHFS error: squashfs_read_data failed to read block 0x736
audit: type=1800 audit(1676091301.013:19): pid=10169 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="loop4" ino=7 res=0
SQUASHFS error: Unable to read metadata cache entry [736]
SQUASHFS error: squashfs_read_data failed to read block 0x4e8
audit: type=1800 audit(1676091301.193:20): pid=10185 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.2" name="file1" dev="loop2" ino=5 res=0
SQUASHFS error: squashfs_read_data failed to read block 0x736
SQUASHFS error: Unable to read metadata cache entry [736]
SQUASHFS error: squashfs_read_data failed to read block 0x4e8
audit: type=1800 audit(1676091301.493:21): pid=10203 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="loop4" ino=7 res=0
audit: type=1800 audit(1676091301.493:22): pid=10204 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.2" name="file1" dev="loop2" ino=5 res=0
BFS-fs: bfs_fill_super(): Inode 0x00000002 corrupted
SQUASHFS error: squashfs_read_data failed to read block 0x736
SQUASHFS error: Unable to read metadata cache entry [736]
SQUASHFS error: squashfs_read_data failed to read block 0x4e8
audit: type=1800 audit(1676091301.983:23): pid=10228 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.2" name="file1" dev="loop2" ino=5 res=0
BFS-fs: bfs_fill_super(): Inode 0x00000002 corrupted
BFS-fs: bfs_fill_super(): Inode 0x00000002 corrupted
BFS-fs: bfs_fill_super(): Inode 0x00000002 corrupted
9pnet: Insufficient options for proto=fd
sd 0:0:1:0: [sda] tag#6828 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sda] tag#6828 CDB: opcode=0x71 (reserved)
sd 0:0:1:0: [sda] tag#6828 CDB[00]: 71 60 01 06 5e 9d cb 77 89 37 fb 86 e0 4f e0 cf
sd 0:0:1:0: [sda] tag#6828 CDB[10]: 35 49 0c 86 92 b5 3e 96 57 1e eb 38 04 59 b2 84
sd 0:0:1:0: [sda] tag#6828 CDB[20]: ae 43 f6 bd d9 bf f8 3b a0 2d 59 b9 71 c2 ee b0
sd 0:0:1:0: [sda] tag#6828 CDB[30]: da 67 46 8e f2 b6 66 1e 16 4c 95 9a 4b 6a 6e 65
sd 0:0:1:0: [sda] tag#6828 CDB[40]: 10 4d 0e 9a 9f 95 03 00 00 00 00 00 00 00 90 3b
sd 0:0:1:0: [sda] tag#6828 CDB[50]: 6c db f1 89 ae f0 e2 72 3b 77 cd 85 44 bf 45 a1
sd 0:0:1:0: [sda] tag#6828 CDB[60]: 02 cb 04 9a 14 b2 45 5d 70 7b 78 f3 04 1e f3 fe
sd 0:0:1:0: [sda] tag#6828 CDB[70]: be
9pnet: Insufficient options for proto=fd
sd 0:0:1:0: [sda] tag#6934 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sda] tag#6934 CDB: opcode=0x71 (reserved)
sd 0:0:1:0: [sda] tag#6934 CDB[00]: 71 60 01 06 5e 9d cb 77 89 37 fb 86 e0 4f e0 cf
sd 0:0:1:0: [sda] tag#6934 CDB[10]: 35 49 0c 86 92 b5 3e 96 57 1e eb 38 04 59 b2 84
sd 0:0:1:0: [sda] tag#6934 CDB[20]: ae 43 f6 bd d9 bf f8 3b a0 2d 59 b9 71 c2 ee b0
sd 0:0:1:0: [sda] tag#6934 CDB[30]: da 67 46 8e f2 b6 66 1e 16 4c 95 9a 4b 6a 6e 65
sd 0:0:1:0: [sda] tag#6934 CDB[40]: 10 4d 0e 9a 9f 95 03 00 00 00 00 00 00 00 90 3b
sd 0:0:1:0: [sda] tag#6934 CDB[50]: 6c db f1 89 ae f0 e2 72 3b 77 cd 85 44 bf 45 a1
sd 0:0:1:0: [sda] tag#6934 CDB[60]: 02 cb 04 9a 14 b2 45 5d 70 7b 78 f3 04 1e f3 fe
sd 0:0:1:0: [sda] tag#6934 CDB[70]: be
9pnet: Insufficient options for proto=fd
9pnet: Insufficient options for proto=fd
sd 0:0:1:0: [sda] tag#6934 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sda] tag#6934 CDB: opcode=0x71 (reserved)
sd 0:0:1:0: [sda] tag#6934 CDB[00]: 71 60 01 06 5e 9d cb 77 89 37 fb 86 e0 4f e0 cf
sd 0:0:1:0: [sda] tag#6934 CDB[10]: 35 49 0c 86 92 b5 3e 96 57 1e eb 38 04 59 b2 84
sd 0:0:1:0: [sda] tag#6934 CDB[20]: ae 43 f6 bd d9 bf f8 3b a0 2d 59 b9 71 c2 ee b0
sd 0:0:1:0: [sda] tag#6934 CDB[30]: da 67 46 8e f2 b6 66 1e 16 4c 95 9a 4b 6a 6e 65
sd 0:0:1:0: [sda] tag#6934 CDB[40]: 10 4d 0e 9a 9f 95 03 00 00 00 00 00 00 00 90 3b
sd 0:0:1:0: [sda] tag#6934 CDB[50]: 6c db f1 89 ae f0 e2 72 3b 77 cd 85 44 bf 45 a1
sd 0:0:1:0: [sda] tag#6934 CDB[60]: 02 cb 04 9a 14 b2 45 5d 70 7b 78 f3 04 1e f3 fe
sd 0:0:1:0: [sda] tag#6934 CDB[70]: be
sd 0:0:1:0: [sda] tag#6934 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sda] tag#6934 CDB: opcode=0x71 (reserved)
sd 0:0:1:0: [sda] tag#6934 CDB[00]: 71 60 01 06 5e 9d cb 77 89 37 fb 86 e0 4f e0 cf
sd 0:0:1:0: [sda] tag#6934 CDB[10]: 35 49 0c 86 92 b5 3e 96 57 1e eb 38 04 59 b2 84
sd 0:0:1:0: [sda] tag#6934 CDB[20]: ae 43 f6 bd d9 bf f8 3b a0 2d 59 b9 71 c2 ee b0
sd 0:0:1:0: [sda] tag#6934 CDB[30]: da 67 46 8e f2 b6 66 1e 16 4c 95 9a 4b 6a 6e 65
sd 0:0:1:0: [sda] tag#6934 CDB[40]: 10 4d 0e 9a 9f 95 03 00 00 00 00 00 00 00 90 3b
sd 0:0:1:0: [sda] tag#6934 CDB[50]: 6c db f1 89 ae f0 e2 72 3b 77 cd 85 44 bf 45 a1
sd 0:0:1:0: [sda] tag#6934 CDB[60]: 02 cb 04 9a 14 b2 45 5d 70 7b 78 f3 04 1e f3 fe
sd 0:0:1:0: [sda] tag#6934 CDB[70]: be
9pnet: Insufficient options for proto=fd
9pnet: Insufficient options for proto=fd
9pnet: Insufficient options for proto=fd
sd 0:0:1:0: [sda] tag#6828 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
*** Guest State ***
sd 0:0:1:0: [sda] tag#6828 CDB: opcode=0x71 (reserved)
CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
sd 0:0:1:0: [sda] tag#6828 CDB[00]: 71 60 01 06 5e 9d cb 77 89 37 fb 86 e0 4f e0 cf
CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
sd 0:0:1:0: [sda] tag#6828 CDB[10]: 35 49 0c 86 92 b5 3e 96 57 1e eb 38 04 59 b2 84
CR3 = 0x00000000fffbc000
sd 0:0:1:0: [sda] tag#6828 CDB[20]: ae 43 f6 bd d9 bf f8 3b a0 2d 59 b9 71 c2 ee b0
RSP = 0x0000000000000f80  RIP = 0x0000000000000000
sd 0:0:1:0: [sda] tag#6828 CDB[30]: da 67 46 8e f2 b6 66 1e 16 4c 95 9a 4b 6a 6e 65
sd 0:0:1:0: [sda] tag#6828 CDB[40]: 10 4d 0e 9a 9f 95 03 00 00 00 00 00 00 00 90 3b
RFLAGS=0x00000002         DR7 = 0x0000000000000400
sd 0:0:1:0: [sda] tag#6828 CDB[50]: 6c db f1 89 ae f0 e2 72 3b 77 cd 85 44 bf 45 a1
sd 0:0:1:0: [sda] tag#6934 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sda] tag#6828 CDB[60]: 02 cb 04 9a 14 b2 45 5d 70 7b 78 f3 04 1e f3 fe
sd 0:0:1:0: [sda] tag#6828 CDB[70]: be
sd 0:0:1:0: [sda] tag#6934 CDB: opcode=0x71 (reserved)
sd 0:0:1:0: [sda] tag#6934 CDB[00]: 71 60 01 06 5e 9d cb 77 89 37 fb 86 e0 4f e0 cf
sd 0:0:1:0: [sda] tag#6934 CDB[10]: 35 49 0c 86 92 b5 3e 96 57 1e eb 38 04 59 b2 84
sd 0:0:1:0: [sda] tag#6934 CDB[20]: ae 43 f6 bd d9 bf f8 3b a0 2d 59 b9 71 c2 ee b0
sd 0:0:1:0: [sda] tag#6934 CDB[30]: da 67 46 8e f2 b6 66 1e 16 4c 95 9a 4b 6a 6e 65
sd 0:0:1:0: [sda] tag#6934 CDB[40]: 10 4d 0e 9a 9f 95 03 00 00 00 00 00 00 00 90 3b
sd 0:0:1:0: [sda] tag#6934 CDB[50]: 6c db f1 89 ae f0 e2 72 3b 77 cd 85 44 bf 45 a1
sd 0:0:1:0: [sda] tag#6828 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sda] tag#6934 CDB[60]: 02 cb 04 9a 14 b2 45 5d 70 7b 78 f3 04 1e f3 fe
sd 0:0:1:0: [sda] tag#6828 CDB: opcode=0x71 (reserved)
sd 0:0:1:0: [sda] tag#6934 CDB[70]: be
sd 0:0:1:0: [sda] tag#6828 CDB[00]: 71 60 01 06 5e 9d cb 77 89 37 fb 86 e0 4f e0 cf
sd 0:0:1:0: [sda] tag#6828 CDB[10]: 35 49 0c 86 92 b5 3e 96 57 1e eb 38 04 59 b2 84
sd 0:0:1:0: [sda] tag#6828 CDB[20]: ae 43 f6 bd d9 bf f8 3b a0 2d 59 b9 71 c2 ee b0
sd 0:0:1:0: [sda] tag#6828 CDB[30]: da 67 46 8e f2 b6 66 1e 16 4c 95 9a 4b 6a 6e 65
sd 0:0:1:0: [sda] tag#6828 CDB[40]: 10 4d 0e 9a 9f 95 03 00 00 00 00 00 00 00 90 3b
sd 0:0:1:0: [sda] tag#6828 CDB[50]: 6c db f1 89 ae f0 e2 72 3b 77 cd 85 44 bf 45 a1
sd 0:0:1:0: [sda] tag#6828 CDB[60]: 02 cb 04 9a 14 b2 45 5d 70 7b 78 f3 04 1e f3 fe
Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810
sd 0:0:1:0: [sda] tag#6828 CDB[70]: be
CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
9pnet: Insufficient options for proto=fd
SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
9pnet: Insufficient options for proto=fd
ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
9pnet: Insufficient options for proto=fd
GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
GDTR:                           limit=0x000007ff, base=0x0000000000001000
sd 0:0:1:0: [sda] tag#6828 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
sd 0:0:1:0: [sda] tag#6828 CDB: opcode=0x71 (reserved)
IDTR:                           limit=0x000001ff, base=0x0000000000003800
sd 0:0:1:0: [sda] tag#6828 CDB[00]: 71 60 01 06 5e 9d cb 77 89 37 fb 86 e0 4f e0 cf
TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
sd 0:0:1:0: [sda] tag#6828 CDB[10]: 35 49 0c 86 92 b5 3e 96 57 1e eb 38 04 59 b2 84
EFER =     0x0000000000000001  PAT = 0x0007040600070406
sd 0:0:1:0: [sda] tag#6828 CDB[20]: ae 43 f6 bd d9 bf f8 3b a0 2d 59 b9 71 c2 ee b0
sd 0:0:1:0: [sda] tag#6828 CDB[30]: da 67 46 8e f2 b6 66 1e 16 4c 95 9a 4b 6a 6e 65
sd 0:0:1:0: [sda] tag#6828 CDB[40]: 10 4d 0e 9a 9f 95 03 00 00 00 00 00 00 00 90 3b
DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
sd 0:0:1:0: [sda] tag#6828 CDB[50]: 6c db f1 89 ae f0 e2 72 3b 77 cd 85 44 bf 45 a1
sd 0:0:1:0: [sda] tag#6828 CDB[60]: 02 cb 04 9a 14 b2 45 5d 70 7b 78 f3 04 1e f3 fe
sd 0:0:1:0: [sda] tag#6828 CDB[70]: be
sd 0:0:1:0: [sda] tag#6934 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sda] tag#6934 CDB: opcode=0x71 (reserved)
sd 0:0:1:0: [sda] tag#6934 CDB[00]: 71 60 01 06 5e 9d cb 77 89 37 fb 86 e0 4f e0 cf
sd 0:0:1:0: [sda] tag#6934 CDB[10]: 35 49 0c 86 92 b5 3e 96 57 1e eb 38 04 59 b2 84
sd 0:0:1:0: [sda] tag#6934 CDB[20]: ae 43 f6 bd d9 bf f8 3b a0 2d 59 b9 71 c2 ee b0
sd 0:0:1:0: [sda] tag#6934 CDB[30]: da 67 46 8e f2 b6 66 1e 16 4c 95 9a 4b 6a 6e 65
sd 0:0:1:0: [sda] tag#6934 CDB[40]: 10 4d 0e 9a 9f 95 03 00 00 00 00 00 00 00 90 3b
sd 0:0:1:0: [sda] tag#6829 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sda] tag#6934 CDB[50]: 6c db f1 89 ae f0 e2 72 3b 77 cd 85 44 bf 45 a1
sd 0:0:1:0: [sda] tag#6829 CDB: opcode=0x71 (reserved)
sd 0:0:1:0: [sda] tag#6934 CDB[60]: 02 cb 04 9a 14 b2 45 5d 70 7b 78 f3 04 1e f3 fe
sd 0:0:1:0: [sda] tag#6829 CDB[00]: 71 60 01 06 5e 9d cb 77 89 37 fb 86 e0 4f e0 cf
sd 0:0:1:0: [sda] tag#6934 CDB[70]: be
sd 0:0:1:0: [sda] tag#6829 CDB[10]: 35 49 0c 86 92 b5 3e 96 57 1e eb 38 04 59 b2 84
sd 0:0:1:0: [sda] tag#6829 CDB[20]: ae 43 f6 bd d9 bf f8 3b a0 2d 59 b9 71 c2 ee b0
sd 0:0:1:0: [sda] tag#6829 CDB[30]: da 67 46 8e f2 b6 66 1e 16 4c 95 9a 4b 6a 6e 65
sd 0:0:1:0: [sda] tag#6829 CDB[40]: 10 4d 0e 9a 9f 95 03 00 00 00 00 00 00 00 90 3b
Interruptibility = 00000000  ActivityState = 00000000
sd 0:0:1:0: [sda] tag#6829 CDB[50]: 6c db f1 89 ae f0 e2 72 3b 77 cd 85 44 bf 45 a1
sd 0:0:1:0: [sda] tag#6829 CDB[60]: 02 cb 04 9a 14 b2 45 5d 70 7b 78 f3 04 1e f3 fe
*** Host State ***
sd 0:0:1:0: [sda] tag#6829 CDB[70]: be
RIP = 0xffffffff8116183e  RSP = 0xffff8880596279b8
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
FSBase=00007ff0d9e9c700 GSBase=ffff8880ba400000 TRBase=fffffe0000003000
GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
CR0=0000000080050033 CR3=000000009c3cd000 CR4=00000000003426f0
Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff87401780
EFER = 0x0000000000000d01  PAT = 0x0407050600070106
*** Control State ***
PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000ea
EntryControls=0000d1ff ExitControls=002fefff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=80000040 errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
        reason=80000021 qualification=0000000000000000
IDTVectoring: info=00000000 errcode=00000000
TSC Offset = 0xffffffa3513b360c
EPT pointer = 0x00000000a9d2701e
Virtual processor ID = 0x0001
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
audit: type=1804 audit(1676091305.343:24): pid=10524 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir1694443308/syzkaller.gw9xsq/16/file0/bus" dev="loop5" ino=3 res=1
attempt to access beyond end of device
loop5: rw=1, want=2064, limit=2048
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
SQUASHFS error: zlib decompression failed, data probably corrupt
SQUASHFS error: squashfs_read_data failed to read block 0x13c
SQUASHFS error: Unable to read metadata cache entry [13c]
SQUASHFS error: Unable to read directory block [13c:26]
BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5
BTRFS info (device loop5): enabling inode map caching
BTRFS warning (device loop5): excessive commit interval 622039222
BTRFS info (device loop5): force zlib compression
BTRFS info (device loop5): using free space tree
BTRFS info (device loop5): has skinny extents
9pnet: Unknown protocol version 9pü˙˙˙˙˙˙˙id>00000000000000000000
SQUASHFS error: zlib decompression failed, data probably corrupt
SQUASHFS error: squashfs_read_data failed to read block 0x13c
SQUASHFS error: Unable to read metadata cache entry [13c]
SQUASHFS error: Unable to read directory block [13c:26]
BTRFS info (device loop5): enabling inode map caching
SQUASHFS error: zlib decompression failed, data probably corrupt
SQUASHFS error: squashfs_read_data failed to read block 0x13c
BTRFS warning (device loop5): excessive commit interval 622039222
SQUASHFS error: Unable to read metadata cache entry [13c]
SQUASHFS error: Unable to read directory block [13c:26]
BTRFS info (device loop5): force zlib compression
BTRFS info (device loop5): using free space tree
BTRFS info (device loop5): has skinny extents
9pnet: Unknown protocol version 9pü˙˙˙˙˙˙˙id>00000000000000000000
9pnet: Unknown protocol version 9pü˙˙˙˙˙˙˙id>00000000000000000000
9pnet: Unknown protocol version 9pü˙˙˙˙˙˙˙id>00000000000000000000
caif:caif_disconnect_client(): nothing to disconnect
SQUASHFS error: zlib decompression failed, data probably corrupt
caif:caif_disconnect_client(): nothing to disconnect
SQUASHFS error: squashfs_read_data failed to read block 0x13c
SQUASHFS error: Unable to read metadata cache entry [13c]
SQUASHFS error: Unable to read directory block [13c:26]
9pnet: Unknown protocol version 9pü˙˙˙˙˙˙˙id>00000000000000000000
caif:caif_disconnect_client(): nothing to disconnect
BTRFS info (device loop5): enabling inode map caching
caif:caif_disconnect_client(): nothing to disconnect
BTRFS warning (device loop5): excessive commit interval 622039222
BTRFS info (device loop5): force zlib compression
BTRFS info (device loop5): using free space tree
BTRFS info (device loop5): has skinny extents
9pnet: Unknown protocol version 9pü˙˙˙˙˙˙˙id>00000000000000000000
9pnet: Unknown protocol version 9pü˙˙˙˙˙˙˙id>00000000000000000000
9pnet: Unknown protocol version 9pü˙˙˙˙˙˙˙id>00000000000000000000
BTRFS info (device loop5): enabling inode map caching
BTRFS warning (device loop5): excessive commit interval 622039222
BTRFS info (device loop5): force zlib compression
BTRFS info (device loop5): using free space tree
BTRFS info (device loop5): has skinny extents