Dear Linux kernel developers and maintainers,
We would like to report a filesystem corruption triggered bug that
causes a WARNING in drop_nlink() from the VFAT rmdir path, and leads
to a kernel panic when panic_on_warn is enabled. The bug titled
"WARNING in vfat_rmdir" was found on linux-6.17.1 and is also
reproducible on the latest 6.19-rc3.
The possible root cause is that the FAT directory iteration helpers
conflate real errors with "end of directory" in a way that hides
corruption from higher layers. Concretely, fat__get_entry() returns -1
both when it reaches EOF (!phys) and when fat_bmap() fails due to a
corrupted cluster chain (err != 0). Then fat_get_short_entry() treats
any < 0 from fat_get_entry() as "no more entries" and returns -ENOENT.
As a result, callers such as fat_dir_empty() and fat_subdirs() cannot
distinguish a genuinely empty directory from a directory walk that
terminates early due to corruption. In this situation, fat_dir_empty()
may incorrectly return success (empty), allowing vfat_rmdir() to
proceed with metadata updates, including drop_nlink(dir). Separately,
fat_subdirs() may silently "succeed" with an incorrect count (e.g., 0)
when the walk is cut short, which can further poison in-memory link
counts when inodes are built from corrupted on-disk state. Eventually,
the VFAT rmdir path can reach drop_nlink() with an already-zero
i_nlink, triggering WARN_ON(inode->i_nlink == 0) and panicking under
panic_on_warn.
This bug may lead to denial-of-service on systems that enable
panic_on_warn, and more broadly to inconsistent in-memory metadata
updates when operating on corrupted VFAT images.
We suggest the following potential patch:
(1) Propagate real errors from the directory iteration path instead of
folding them into -ENOENT and make fat_get_short_entry() translate
only true EOF into -ENOENT while propagating other negative errors.
(2) Update fat_dir_empty() / fat_subdirs() to treat propagated errors
as failures rather than "empty" / a weird count, and handle negative
returns at their call sites.
diff --git a/fs/fat/dir.c b/fs/fat/dir.c
index 92b091783966..f4c5a6f0cc84 100644
--- a/fs/fat/dir.c
+++ b/fs/fat/dir.c
@@ -92,8 +92,10 @@ static int fat__get_entry(struct inode *dir, loff_t *pos,
*bh = NULL;
iblock = *pos >> sb->s_blocksize_bits;
err = fat_bmap(dir, iblock, &phys, &mapped_blocks, 0, false);
- if (err || !phys)
- return -1; /* beyond EOF or error */
+ if (err)
+ return err; /* real error (e.g., -EIO, -EUCLEAN) */
+ if (!phys)
+ return -1; /* beyond EOF */
fat_dir_readahead(dir, iblock, phys);
@@ -882,12 +884,14 @@ static int fat_get_short_entry(struct inode
*dir, loff_t *pos,
struct buffer_head **bh,
struct msdos_dir_entry **de)
{
- while (fat_get_entry(dir, pos, bh, de) >= 0) {
+ int err;
+ while ((err = fat_get_entry(dir, pos, bh, de)) >= 0) {
/* free entry or long name entry or volume label */
if (!IS_FREE((*de)->name) && !((*de)->attr & ATTR_VOLUME))
return 0;
}
- return -ENOENT;
+ /* -1 is EOF sentinel; propagate other errors */
+ return (err == -1) ? -ENOENT : err;
}
/*
@@ -919,11 +923,11 @@ int fat_dir_empty(struct inode *dir)
struct buffer_head *bh;
struct msdos_dir_entry *de;
loff_t cpos;
- int result = 0;
+ int result = 0, err;
bh = NULL;
cpos = 0;
- while (fat_get_short_entry(dir, &cpos, &bh, &de) >= 0) {
+ while ((err = fat_get_short_entry(dir, &cpos, &bh, &de)) >= 0) {
if (strncmp(de->name, MSDOS_DOT , MSDOS_NAME) &&
strncmp(de->name, MSDOS_DOTDOT, MSDOS_NAME)) {
result = -ENOTEMPTY;
@@ -931,6 +935,8 @@ int fat_dir_empty(struct inode *dir)
}
}
brelse(bh);
+ if (err < 0 && err != -ENOENT)
+ return err;
return result;
}
EXPORT_SYMBOL_GPL(fat_dir_empty);
@@ -944,15 +950,17 @@ int fat_subdirs(struct inode *dir)
struct buffer_head *bh;
struct msdos_dir_entry *de;
loff_t cpos;
- int count = 0;
+ int count = 0, err;
bh = NULL;
cpos = 0;
- while (fat_get_short_entry(dir, &cpos, &bh, &de) >= 0) {
+ while ((err = fat_get_short_entry(dir, &cpos, &bh, &de)) >= 0) {
if (de->attr & ATTR_DIR)
count++;
}
brelse(bh);
+ if (err < 0 && err != -ENOENT)
+ return err;
return count;
}
diff --git a/fs/fat/inode.c b/fs/fat/inode.c
index 0b6009cd1844..36ec8901253e 100644
--- a/fs/fat/inode.c
+++ b/fs/fat/inode.c
@@ -535,7 +535,10 @@ int fat_fill_inode(struct inode *inode, struct
msdos_dir_entry *de)
return error;
MSDOS_I(inode)->mmu_private = inode->i_size;
- set_nlink(inode, fat_subdirs(inode));
+ int nsubs = fat_subdirs(inode);
+ if (nsubs < 0)
+ return nsubs;
+ set_nlink(inode, nsubs);
error = fat_validate_dir(inode);
if (error < 0)
@@ -1345,7 +1348,10 @@ static int fat_read_root(struct inode *inode)
fat_save_attrs(inode, ATTR_DIR);
inode_set_mtime_to_ts(inode,
inode_set_atime_to_ts(inode,
inode_set_ctime(inode, 0, 0)));
- set_nlink(inode, fat_subdirs(inode)+2);
+ int nsubs = fat_subdirs(inode);
+ if (nsubs < 0)
+ return nsubs;
+ set_nlink(inode, nsubs+2);
return 0;
}
If the approach above is acceptable, we are willing to submit a proper
patch immediately. Please let us know if any further information is
required.
Best regards,
Zhiyu Zhang
// autogenerated by syzkaller (https://github.com/google/syzkaller)
#define _GNU_SOURCE
#include <dirent.h>
#include <endian.h>
#include <errno.h>
#include <fcntl.h>
#include <pthread.h>
#include <setjmp.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/mman.h>
#include <sys/mount.h>
#include <sys/prctl.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>
#include <linux/futex.h>
#include <linux/loop.h>
#ifndef __NR_bpf
#define __NR_bpf 321
#endif
#ifndef __NR_memfd_create
#define __NR_memfd_create 319
#endif
static unsigned long long procid;
static void sleep_ms(uint64_t ms)
{
usleep(ms * 1000);
}
static uint64_t current_time_ms(void)
{
struct timespec ts;
if (clock_gettime(CLOCK_MONOTONIC, &ts))
exit(1);
return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}
static void use_temporary_dir(void)
{
char tmpdir_template[] = "./syzkaller.XXXXXX";
char* tmpdir = mkdtemp(tmpdir_template);
if (!tmpdir)
exit(1);
if (chmod(tmpdir, 0777))
exit(1);
if (chdir(tmpdir))
exit(1);
}
static void thread_start(void* (*fn)(void*), void* arg)
{
pthread_t th;
pthread_attr_t attr;
pthread_attr_init(&attr);
pthread_attr_setstacksize(&attr, 128 << 10);
int i = 0;
for (; i < 100; i++) {
if (pthread_create(&th, &attr, fn, arg) == 0) {
pthread_attr_destroy(&attr);
return;
}
if (errno == EAGAIN) {
usleep(50);
continue;
}
break;
}
exit(1);
}
typedef struct {
int state;
} event_t;
static void event_init(event_t* ev)
{
ev->state = 0;
}
static void event_reset(event_t* ev)
{
ev->state = 0;
}
static void event_set(event_t* ev)
{
if (ev->state)
exit(1);
__atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE);
syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000);
}
static void event_wait(event_t* ev)
{
while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE))
syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0);
}
static int event_isset(event_t* ev)
{
return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE);
}
static int event_timedwait(event_t* ev, uint64_t timeout)
{
uint64_t start = current_time_ms();
uint64_t now = start;
for (;;) {
uint64_t remain = timeout - (now - start);
struct timespec ts;
ts.tv_sec = remain / 1000;
ts.tv_nsec = (remain % 1000) * 1000 * 1000;
syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts);
if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE))
return 1;
now = current_time_ms();
if (now - start > timeout)
return 0;
}
}
static bool write_file(const char* file, const char* what, ...)
{
char buf[1024];
va_list args;
va_start(args, what);
vsnprintf(buf, sizeof(buf), what, args);
va_end(args);
buf[sizeof(buf) - 1] = 0;
int len = strlen(buf);
int fd = open(file, O_WRONLY | O_CLOEXEC);
if (fd == -1)
return false;
if (write(fd, buf, len) != len) {
int err = errno;
close(fd);
errno = err;
return false;
}
close(fd);
return true;
}
//% This code is derived from puff.{c,h}, found in the zlib development. The
//% original files come with the following copyright notice:
//% Copyright (C) 2002-2013 Mark Adler, all rights reserved
//% version 2.3, 21 Jan 2013
//% This software is provided 'as-is', without any express or implied
//% warranty. In no event will the author be held liable for any damages
//% arising from the use of this software.
//% Permission is granted to anyone to use this software for any purpose,
//% including commercial applications, and to alter it and redistribute it
//% freely, subject to the following restrictions:
//% 1. The origin of this software must not be misrepresented; you must not
//% claim that you wrote the original software. If you use this software
//% in a product, an acknowledgment in the product documentation would be
//% appreciated but is not required.
//% 2. Altered source versions must be plainly marked as such, and must not be
//% misrepresented as being the original software.
//% 3. This notice may not be removed or altered from any source distribution.
//% Mark Adler madler@alumni.caltech.edu
//% BEGIN CODE DERIVED FROM puff.{c,h}
#define MAXBITS 15
#define MAXLCODES 286
#define MAXDCODES 30
#define MAXCODES (MAXLCODES + MAXDCODES)
#define FIXLCODES 288
struct puff_state {
unsigned char* out;
unsigned long outlen;
unsigned long outcnt;
const unsigned char* in;
unsigned long inlen;
unsigned long incnt;
int bitbuf;
int bitcnt;
jmp_buf env;
};
static int puff_bits(struct puff_state* s, int need)
{
long val = s->bitbuf;
while (s->bitcnt < need) {
if (s->incnt == s->inlen)
longjmp(s->env, 1);
val |= (long)(s->in[s->incnt++]) << s->bitcnt;
s->bitcnt += 8;
}
s->bitbuf = (int)(val >> need);
s->bitcnt -= need;
return (int)(val & ((1L << need) - 1));
}
static int puff_stored(struct puff_state* s)
{
s->bitbuf = 0;
s->bitcnt = 0;
if (s->incnt + 4 > s->inlen)
return 2;
unsigned len = s->in[s->incnt++];
len |= s->in[s->incnt++] << 8;
if (s->in[s->incnt++] != (~len & 0xff) ||
s->in[s->incnt++] != ((~len >> 8) & 0xff))
return -2;
if (s->incnt + len > s->inlen)
return 2;
if (s->outcnt + len > s->outlen)
return 1;
for (; len--; s->outcnt++, s->incnt++) {
if (s->in[s->incnt])
s->out[s->outcnt] = s->in[s->incnt];
}
return 0;
}
struct puff_huffman {
short* count;
short* symbol;
};
static int puff_decode(struct puff_state* s, const struct puff_huffman* h)
{
int first = 0;
int index = 0;
int bitbuf = s->bitbuf;
int left = s->bitcnt;
int code = first = index = 0;
int len = 1;
short* next = h->count + 1;
while (1) {
while (left--) {
code |= bitbuf & 1;
bitbuf >>= 1;
int count = *next++;
if (code - count < first) {
s->bitbuf = bitbuf;
s->bitcnt = (s->bitcnt - len) & 7;
return h->symbol[index + (code - first)];
}
index += count;
first += count;
first <<= 1;
code <<= 1;
len++;
}
left = (MAXBITS + 1) - len;
if (left == 0)
break;
if (s->incnt == s->inlen)
longjmp(s->env, 1);
bitbuf = s->in[s->incnt++];
if (left > 8)
left = 8;
}
return -10;
}
static int puff_construct(struct puff_huffman* h, const short* length, int n)
{
int len;
for (len = 0; len <= MAXBITS; len++)
h->count[len] = 0;
int symbol;
for (symbol = 0; symbol < n; symbol++)
(h->count[length[symbol]])++;
if (h->count[0] == n)
return 0;
int left = 1;
for (len = 1; len <= MAXBITS; len++) {
left <<= 1;
left -= h->count[len];
if (left < 0)
return left;
}
short offs[MAXBITS + 1];
offs[1] = 0;
for (len = 1; len < MAXBITS; len++)
offs[len + 1] = offs[len] + h->count[len];
for (symbol = 0; symbol < n; symbol++)
if (length[symbol] != 0)
h->symbol[offs[length[symbol]]++] = symbol;
return left;
}
static int puff_codes(struct puff_state* s, const struct puff_huffman* lencode,
const struct puff_huffman* distcode)
{
static const short lens[29] = {3, 4, 5, 6, 7, 8, 9, 10, 11, 13,
15, 17, 19, 23, 27, 31, 35, 43, 51, 59,
67, 83, 99, 115, 131, 163, 195, 227, 258};
static const short lext[29] = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2,
2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0};
static const short dists[30] = {
1, 2, 3, 4, 5, 7, 9, 13, 17, 25,
33, 49, 65, 97, 129, 193, 257, 385, 513, 769,
1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577};
static const short dext[30] = {0, 0, 0, 0, 1, 1, 2, 2, 3, 3,
4, 4, 5, 5, 6, 6, 7, 7, 8, 8,
9, 9, 10, 10, 11, 11, 12, 12, 13, 13};
int symbol;
do {
symbol = puff_decode(s, lencode);
if (symbol < 0)
return symbol;
if (symbol < 256) {
if (s->outcnt == s->outlen)
return 1;
if (symbol)
s->out[s->outcnt] = symbol;
s->outcnt++;
} else if (symbol > 256) {
symbol -= 257;
if (symbol >= 29)
return -10;
int len = lens[symbol] + puff_bits(s, lext[symbol]);
symbol = puff_decode(s, distcode);
if (symbol < 0)
return symbol;
unsigned dist = dists[symbol] + puff_bits(s, dext[symbol]);
if (dist > s->outcnt)
return -11;
if (s->outcnt + len > s->outlen)
return 1;
while (len--) {
if (dist <= s->outcnt && s->out[s->outcnt - dist])
s->out[s->outcnt] = s->out[s->outcnt - dist];
s->outcnt++;
}
}
} while (symbol != 256);
return 0;
}
static int puff_fixed(struct puff_state* s)
{
static int virgin = 1;
static short lencnt[MAXBITS + 1], lensym[FIXLCODES];
static short distcnt[MAXBITS + 1], distsym[MAXDCODES];
static struct puff_huffman lencode, distcode;
if (virgin) {
lencode.count = lencnt;
lencode.symbol = lensym;
distcode.count = distcnt;
distcode.symbol = distsym;
short lengths[FIXLCODES];
int symbol;
for (symbol = 0; symbol < 144; symbol++)
lengths[symbol] = 8;
for (; symbol < 256; symbol++)
lengths[symbol] = 9;
for (; symbol < 280; symbol++)
lengths[symbol] = 7;
for (; symbol < FIXLCODES; symbol++)
lengths[symbol] = 8;
puff_construct(&lencode, lengths, FIXLCODES);
for (symbol = 0; symbol < MAXDCODES; symbol++)
lengths[symbol] = 5;
puff_construct(&distcode, lengths, MAXDCODES);
virgin = 0;
}
return puff_codes(s, &lencode, &distcode);
}
static int puff_dynamic(struct puff_state* s)
{
static const short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5,
11, 4, 12, 3, 13, 2, 14, 1, 15};
int nlen = puff_bits(s, 5) + 257;
int ndist = puff_bits(s, 5) + 1;
int ncode = puff_bits(s, 4) + 4;
if (nlen > MAXLCODES || ndist > MAXDCODES)
return -3;
short lengths[MAXCODES];
int index;
for (index = 0; index < ncode; index++)
lengths[order[index]] = puff_bits(s, 3);
for (; index < 19; index++)
lengths[order[index]] = 0;
short lencnt[MAXBITS + 1], lensym[MAXLCODES];
struct puff_huffman lencode = {lencnt, lensym};
int err = puff_construct(&lencode, lengths, 19);
if (err != 0)
return -4;
index = 0;
while (index < nlen + ndist) {
int symbol;
int len;
symbol = puff_decode(s, &lencode);
if (symbol < 0)
return symbol;
if (symbol < 16)
lengths[index++] = symbol;
else {
len = 0;
if (symbol == 16) {
if (index == 0)
return -5;
len = lengths[index - 1];
symbol = 3 + puff_bits(s, 2);
} else if (symbol == 17)
symbol = 3 + puff_bits(s, 3);
else
symbol = 11 + puff_bits(s, 7);
if (index + symbol > nlen + ndist)
return -6;
while (symbol--)
lengths[index++] = len;
}
}
if (lengths[256] == 0)
return -9;
err = puff_construct(&lencode, lengths, nlen);
if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1]))
return -7;
short distcnt[MAXBITS + 1], distsym[MAXDCODES];
struct puff_huffman distcode = {distcnt, distsym};
err = puff_construct(&distcode, lengths + nlen, ndist);
if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1]))
return -8;
return puff_codes(s, &lencode, &distcode);
}
static int puff(unsigned char* dest, unsigned long* destlen,
const unsigned char* source, unsigned long sourcelen)
{
struct puff_state s = {
.out = dest,
.outlen = *destlen,
.outcnt = 0,
.in = source,
.inlen = sourcelen,
.incnt = 0,
.bitbuf = 0,
.bitcnt = 0,
};
int err;
if (setjmp(s.env) != 0)
err = 2;
else {
int last;
do {
last = puff_bits(&s, 1);
int type = puff_bits(&s, 2);
err = type == 0 ? puff_stored(&s)
: (type == 1 ? puff_fixed(&s)
: (type == 2 ? puff_dynamic(&s) : -1));
if (err != 0)
break;
} while (!last);
}
*destlen = s.outcnt;
return err;
}
//% END CODE DERIVED FROM puff.{c,h}
#define ZLIB_HEADER_WIDTH 2
static int puff_zlib_to_file(const unsigned char* source,
unsigned long sourcelen, int dest_fd)
{
if (sourcelen < ZLIB_HEADER_WIDTH)
return 0;
source += ZLIB_HEADER_WIDTH;
sourcelen -= ZLIB_HEADER_WIDTH;
const unsigned long max_destlen = 132 << 20;
void* ret = mmap(0, max_destlen, PROT_WRITE | PROT_READ,
MAP_PRIVATE | MAP_ANON, -1, 0);
if (ret == MAP_FAILED)
return -1;
unsigned char* dest = (unsigned char*)ret;
unsigned long destlen = max_destlen;
int err = puff(dest, &destlen, source, sourcelen);
if (err) {
munmap(dest, max_destlen);
errno = -err;
return -1;
}
if (write(dest_fd, dest, destlen) != (ssize_t)destlen) {
munmap(dest, max_destlen);
return -1;
}
return munmap(dest, max_destlen);
}
static int setup_loop_device(unsigned char* data, unsigned long size,
const char* loopname, int* loopfd_p)
{
int err = 0, loopfd = -1;
int memfd = syscall(__NR_memfd_create, "syzkaller", 0);
if (memfd == -1) {
err = errno;
goto error;
}
if (puff_zlib_to_file(data, size, memfd)) {
err = errno;
goto error_close_memfd;
}
loopfd = open(loopname, O_RDWR);
if (loopfd == -1) {
err = errno;
goto error_close_memfd;
}
if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
if (errno != EBUSY) {
err = errno;
goto error_close_loop;
}
ioctl(loopfd, LOOP_CLR_FD, 0);
usleep(1000);
if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
err = errno;
goto error_close_loop;
}
}
close(memfd);
*loopfd_p = loopfd;
return 0;
error_close_loop:
close(loopfd);
error_close_memfd:
close(memfd);
error:
errno = err;
return -1;
}
static void reset_loop_device(const char* loopname)
{
int loopfd = open(loopname, O_RDWR);
if (loopfd == -1) {
return;
}
if (ioctl(loopfd, LOOP_CLR_FD, 0)) {
}
close(loopfd);
}
static long syz_mount_image(volatile long fsarg, volatile long dir,
volatile long flags, volatile long optsarg,
volatile long change_dir,
volatile unsigned long size, volatile long image)
{
unsigned char* data = (unsigned char*)image;
int res = -1, err = 0, need_loop_device = !!size;
char* mount_opts = (char*)optsarg;
char* target = (char*)dir;
char* fs = (char*)fsarg;
char* source = NULL;
char loopname[64];
if (need_loop_device) {
int loopfd;
memset(loopname, 0, sizeof(loopname));
snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid);
if (setup_loop_device(data, size, loopname, &loopfd) == -1)
return -1;
close(loopfd);
source = loopname;
}
mkdir(target, 0777);
char opts[256];
memset(opts, 0, sizeof(opts));
if (strlen(mount_opts) > (sizeof(opts) - 32)) {
}
strncpy(opts, mount_opts, sizeof(opts) - 32);
if (strcmp(fs, "iso9660") == 0) {
flags |= MS_RDONLY;
} else if (strncmp(fs, "ext", 3) == 0) {
bool has_remount_ro = false;
char* remount_ro_start = strstr(opts, "errors=remount-ro");
if (remount_ro_start != NULL) {
char after = *(remount_ro_start + strlen("errors=remount-ro"));
char before = remount_ro_start == opts ? '\0' : *(remount_ro_start - 1);
has_remount_ro = ((before == '\0' || before == ',') &&
(after == '\0' || after == ','));
}
if (strstr(opts, "errors=panic") || !has_remount_ro)
strcat(opts, ",errors=continue");
} else if (strcmp(fs, "xfs") == 0) {
strcat(opts, ",nouuid");
} else if (strncmp(fs, "gfs2", 4) == 0 &&
(strstr(opts, "errors=panic") || strstr(opts, "debug"))) {
strcat(opts, ",errors=withdraw");
}
res = mount(source, target, fs, flags, opts);
if (res == -1) {
err = errno;
goto error_clear_loop;
}
res = open(target, O_RDONLY | O_DIRECTORY);
if (res == -1) {
err = errno;
goto error_clear_loop;
}
if (change_dir) {
res = chdir(target);
if (res == -1) {
err = errno;
}
}
error_clear_loop:
if (need_loop_device)
reset_loop_device(loopname);
errno = err;
return res;
}
#define FS_IOC_SETFLAGS _IOW('f', 2, long)
static void remove_dir(const char* dir)
{
int iter = 0;
DIR* dp = 0;
const int umount_flags = MNT_FORCE | UMOUNT_NOFOLLOW;
retry:
while (umount2(dir, umount_flags) == 0) {
}
dp = opendir(dir);
if (dp == NULL) {
if (errno == EMFILE) {
exit(1);
}
exit(1);
}
struct dirent* ep = 0;
while ((ep = readdir(dp))) {
if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0)
continue;
char filename[FILENAME_MAX];
snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name);
while (umount2(filename, umount_flags) == 0) {
}
struct stat st;
if (lstat(filename, &st))
exit(1);
if (S_ISDIR(st.st_mode)) {
remove_dir(filename);
continue;
}
int i;
for (i = 0;; i++) {
if (unlink(filename) == 0)
break;
if (errno == EPERM) {
int fd = open(filename, O_RDONLY);
if (fd != -1) {
long flags = 0;
if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) {
}
close(fd);
continue;
}
}
if (errno == EROFS) {
break;
}
if (errno != EBUSY || i > 100)
exit(1);
if (umount2(filename, umount_flags))
exit(1);
}
}
closedir(dp);
for (int i = 0;; i++) {
if (rmdir(dir) == 0)
break;
if (i < 100) {
if (errno == EPERM) {
int fd = open(dir, O_RDONLY);
if (fd != -1) {
long flags = 0;
if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) {
}
close(fd);
continue;
}
}
if (errno == EROFS) {
break;
}
if (errno == EBUSY) {
if (umount2(dir, umount_flags))
exit(1);
continue;
}
if (errno == ENOTEMPTY) {
if (iter < 100) {
iter++;
goto retry;
}
}
}
exit(1);
}
}
static void kill_and_wait(int pid, int* status)
{
kill(-pid, SIGKILL);
kill(pid, SIGKILL);
for (int i = 0; i < 100; i++) {
if (waitpid(-1, status, WNOHANG | __WALL) == pid)
return;
usleep(1000);
}
DIR* dir = opendir("/sys/fs/fuse/connections");
if (dir) {
for (;;) {
struct dirent* ent = readdir(dir);
if (!ent)
break;
if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
continue;
char abort[300];
snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort",
ent->d_name);
int fd = open(abort, O_WRONLY);
if (fd == -1) {
continue;
}
if (write(fd, abort, 1) < 0) {
}
close(fd);
}
closedir(dir);
} else {
}
while (waitpid(-1, status, __WALL) != pid) {
}
}
static void reset_loop()
{
char buf[64];
snprintf(buf, sizeof(buf), "/dev/loop%llu", procid);
int loopfd = open(buf, O_RDWR);
if (loopfd != -1) {
ioctl(loopfd, LOOP_CLR_FD, 0);
close(loopfd);
}
}
static void setup_test()
{
prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
setpgrp();
write_file("/proc/self/oom_score_adj", "1000");
if (symlink("/dev/binderfs", "./binderfs")) {
}
}
struct thread_t {
int created, call;
event_t ready, done;
};
static struct thread_t threads[16];
static void execute_call(int call);
static int running;
static void* thr(void* arg)
{
struct thread_t* th = (struct thread_t*)arg;
for (;;) {
event_wait(&th->ready);
event_reset(&th->ready);
execute_call(th->call);
__atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED);
event_set(&th->done);
}
return 0;
}
static void execute_one(void)
{
if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
}
int i, call, thread;
for (call = 0; call < 7; call++) {
for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0]));
thread++) {
struct thread_t* th = &threads[thread];
if (!th->created) {
th->created = 1;
event_init(&th->ready);
event_init(&th->done);
event_set(&th->done);
thread_start(thr, th);
}
if (!event_isset(&th->done))
continue;
event_reset(&th->done);
th->call = call;
__atomic_fetch_add(&running, 1, __ATOMIC_RELAXED);
event_set(&th->ready);
event_timedwait(&th->done, 50 + (call == 2 ? 4000 : 0));
break;
}
}
for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++)
sleep_ms(1);
}
static void execute_one(void);
#define WAIT_FLAGS __WALL
static void loop(void)
{
int iter = 0;
for (;; iter++) {
char cwdbuf[32];
sprintf(cwdbuf, "./%d", iter);
if (mkdir(cwdbuf, 0777))
exit(1);
reset_loop();
int pid = fork();
if (pid < 0)
exit(1);
if (pid == 0) {
if (chdir(cwdbuf))
exit(1);
setup_test();
execute_one();
exit(0);
}
int status = 0;
uint64_t start = current_time_ms();
for (;;) {
sleep_ms(10);
if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
break;
if (current_time_ms() - start < 5000)
continue;
kill_and_wait(pid, &status);
break;
}
remove_dir(cwdbuf);
}
}
uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};
void execute_call(int call)
{
intptr_t res = 0;
switch (call) {
case 0:
// bpf$MAP_CREATE arguments: [
// cmd: const = 0x0 (8 bytes)
// arg: ptr[inout, array[ANYUNION]] {
// array[ANYUNION] {
// union ANYUNION {
// ANYBLOB: buffer: {0b 00 00 00 00 01 00 00 fd 00 00 00 09 00 00
// 00 01} (length 0x11)
// }
// }
// }
// size: len = 0x48 (8 bytes)
// ]
// returns fd_bpf_map
memcpy(
(void*)0x200000000180,
"\x0b\x00\x00\x00\x00\x01\x00\x00\xfd\x00\x00\x00\x09\x00\x00\x00\x01",
17);
res = syscall(__NR_bpf, /*cmd=*/0ul, /*arg=*/0x200000000180ul,
/*size=*/0x48ul);
if (res != -1)
r[0] = res;
break;
case 1:
// bpf$MAP_UPDATE_BATCH arguments: [
// cmd: const = 0x1a (8 bytes)
// arg: ptr[in, bpf_map_batch_arg] {
// bpf_map_batch_arg {
// in_batch: nil
// out_batch: nil
// key: ptr[in, buffer] {
// buffer: {} (length 0x0)
// }
// val: ptr[in, buffer] {
// buffer: {} (length 0x0)
// }
// count: int32 = 0xcff5 (4 bytes)
// map_fd: fd_bpf_map (resource)
// elem_flags: bpf_batch_flags = 0x0 (8 bytes)
// flags: const = 0x0 (8 bytes)
// }
// }
// size: len = 0x38 (8 bytes)
// ]
*(uint64_t*)0x200000000000 = 0;
*(uint64_t*)0x200000000008 = 0;
*(uint64_t*)0x200000000010 = 0x200000000000;
*(uint64_t*)0x200000000018 = 0x200000000000;
*(uint32_t*)0x200000000020 = 0xcff5;
*(uint32_t*)0x200000000024 = r[0];
*(uint64_t*)0x200000000028 = 0;
*(uint64_t*)0x200000000030 = 0;
syscall(__NR_bpf, /*cmd=*/0x1aul, /*arg=*/0x200000000000ul,
/*size=*/0x38ul);
break;
case 2:
// syz_mount_image$vfat arguments: [
// fs: ptr[in, buffer] {
// buffer: {76 66 61 74 00} (length 0x5)
// }
// dir: ptr[in, buffer] {
// buffer: {2e 2f 62 75 73 00} (length 0x6)
// }
// flags: mount_flags = 0xa00400 (8 bytes)
// opts: ptr[inout, array[ANYUNION]] {
// array[ANYUNION] {
// union ANYUNION {
// ANYRES64: ANYRES64 (resource)
// }
// }
// }
// chdir: int8 = 0x1 (1 bytes)
// size: len = 0x1230 (8 bytes)
// img: ptr[in, buffer] {
// buffer: (compressed buffer with length 0x1230)
// }
// ]
// returns fd_dir
memcpy((void*)0x200000000080, "vfat\000", 5);
memcpy((void*)0x200000001240, "./bus\000", 6);
*(uint64_t*)0x200000000000 = 0;
memcpy(
(void*)0x2000000024c0,
"\x78\x9c\xec\xdd\x41\x6b\x1c\x65\x18\x07\xf0\x67\x93\xad\x4d\x52\x93"
"\x8d\x5a\xab\x2d\x88\x2f\x7a\x51\x84\xb1\xc9\xc1\x93\x97\x20\x2d\x88"
"\x01\xa5\x9a\x82\x0a\xc2\xd4\x4c\x74\xc9\x66\x37\x64\x96\xc0\x8a\x58"
"\x3d\x79\x12\xfc\x18\xa2\x1e\xbd\x09\xe2\x17\xc8\xc5\x8b\x67\xc1\x8b"
"\xe4\xe2\xb1\x07\x71\xa4\x99\x45\x4d\xdc\x58\xb4\x6e\x36\x96\xdf\xef"
"\x32\x0f\x3b\xf3\xdf\x79\x67\x87\x5d\x78\x97\xf7\x61\xf6\x9f\xff\x74"
"\x6b\x73\xa3\xcc\x36\xf2\x7e\x4c\x35\x1a\xd1\xdc\x3e\x13\xcd\x5b\x29"
"\x52\x4c\xc5\x74\xd4\x3e\x8c\xa7\xaf\x7f\xff\xc3\x63\xaf\xbe\xfe\xc6"
"\x4b\x2b\xab\xab\x57\xae\xa5\x74\x75\xe5\xb5\xa5\xe7\x52\x4a\x0b\x8f"
"\x7f\xf3\xe6\xfb\x5f\x3e\xf1\x6d\xff\xdc\xf5\xaf\x16\xbe\x3e\x1b\x7b"
"\x8b\x6f\xed\xff\xbc\xfc\xe3\xde\x85\xbd\x8b\xfb\xbf\x7e\x11\xed\x32"
"\xb5\xcb\xd4\xed\xf5\x53\x9e\x6e\xf4\x7a\xfd\xfc\x46\xa7\x48\xeb\xed"
"\x72\x33\x4b\xe9\x95\x4e\x91\x97\x45\x6a\x77\xcb\x62\xe7\xd0\xfe\x8d"
"\x4e\x6f\x7b\x7b\x90\xf2\xee\xfa\xfc\xdc\xf6\x4e\x51\x96\x29\xef\x0e"
"\xd2\x66\x31\x48\xfd\x5e\xea\xef\x0c\x52\xfe\x4e\xde\xee\xa6\x2c\xcb"
"\xd2\xfc\x5c\x70\x37\xd6\x3e\xbf\x55\x55\x55\x44\x55\x9d\x89\xfb\xa2"
"\xaa\xaa\x6a\x36\xe6\xe2\x5c\xdc\x1f\xf3\xb1\x10\xad\x58\x8c\x07\xe2"
"\xc1\x78\x28\xce\xc7\xc3\x71\x21\x1e\x89\x47\xe3\xe2\xc1\x51\x93\x1e"
"\x37\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdc"
"\x5b\xee\xd0\xff\xdf\xd0\xff\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\xe3\x77\xb4\xff\xbf\x19\xe1\xf9\xff\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x70\xc2\xee\xf0"
"\xfc\xff\x23\xfd\xff\xcf\xe8\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x80\x71\x98\xa9\x37\xd7\x52\x9a\x89\xd8\xfa"
"\x78\x77\x6d\x77\xad\xde\xd6\xaf\xaf\x6c\x44\x3b\x3a\x51\xc4\xe5\x68"
"\xc5\x2f\x71\xd0\xfd\x5f\xab\xeb\xab\x2f\xae\x5e\xb9\x9c\x0e\x2c\xc6"
"\xb3\x5b\x37\x87\xf9\x9b\xbb\x6b\xd3\x87\xf3\x4b\xd1\x8a\xc5\xc6\xc8"
"\xfc\x52\x9d\x4f\x87\xf3\x67\x63\xee\xcf\xf9\xe5\x68\xc5\xf9\xd1\xe7"
"\x5f\x1e\x99\x9f\x89\xa7\x9e\xbc\x9d\xff\xa8\xce\x67\xd1\x8a\xef\xde"
"\x8e\x5e\x74\x62\x3d\xa2\x31\xbc\xfa\x83\xfc\x07\x4b\x29\xbd\xf0\xf2"
"\xea\xec\xe1\xfc\xa5\xdb\xc7\x1d\x6b\x7a\xcc\xb7\x05\x00\x00\x00\xfe"
"\x4b\x59\xfa\xdd\xc8\xf9\x7b\x96\x1d\xb7\xbf\xce\x0f\xe7\xe7\x69\xf8"
"\x76\x8d\xbf\xf9\x7f\xe0\xc8\xfc\xbc\x19\x97\x9a\x93\xbb\x6e\x6a\xe5"
"\xe0\xbd\xcd\xbc\xd3\x29\x76\x4e\x7f\xd1\x88\x88\x53\x30\x8c\x51\xc5"
"\xf4\xe9\x18\x46\x5d\xfc\x9f\xee\xe9\x98\x8a\x9f\x3e\x9b\xe0\xd9\xa7"
"\x86\x5f\xad\x49\x7f\x08\x77\x59\x4c\xf8\x87\x89\x13\xf1\xc7\x4d\x9f"
"\xf4\x48\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf8\x27\x46\xae\xfe\x9b"
"\x8d\x88\xbf\xac\x07\x7c\xf7\x5f\x2f\x27\x3c\xfe\xec\x9f\x9c\xe4\xa5"
"\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\xbf\xb1\x03\xc7\x02\x00\x00\x00\x00\xc2\xfc\xad"
"\xd3\xe8\xd8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x80\x9d\x02\x00\x00\xff\xff\xd9\xfe\xe2\xb9",
4656);
syz_mount_image(/*fs=*/0x200000000080, /*dir=*/0x200000001240,
/*flags=MS_I_VERSION|MS_RELATIME|MS_NOATIME*/ 0xa00400,
/*opts=*/0x200000000000, /*chdir=*/1, /*size=*/0x1230,
/*img=*/0x2000000024c0);
break;
case 3:
// openat arguments: [
// fd: fd_dir (resource)
// file: ptr[in, buffer] {
// buffer: {2e 00} (length 0x2)
// }
// flags: open_flags = 0x0 (4 bytes)
// mode: open_mode = 0x0 (2 bytes)
// ]
// returns fd
memcpy((void*)0x200000000040, ".\000", 2);
res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000040ul,
/*flags=*/0, /*mode=*/0);
if (res != -1)
r[1] = res;
break;
case 4:
// mkdirat arguments: [
// fd: fd_dir (resource)
// path: ptr[in, buffer] {
// buffer: {2e 2f 62 75 73 00} (length 0x6)
// }
// mode: open_mode = 0x0 (8 bytes)
// ]
memcpy((void*)0x200000000180, "./bus\000", 6);
syscall(__NR_mkdirat, /*fd=*/r[1], /*path=*/0x200000000180ul, /*mode=*/0ul);
break;
case 5:
// mkdirat arguments: [
// fd: fd_dir (resource)
// path: ptr[in, buffer] {
// buffer: {2e 2f 66 69 6c 65 30 2f 66 69 6c 65 30 00} (length 0xe)
// }
// mode: open_mode = 0x0 (8 bytes)
// ]
memcpy((void*)0x200000000100, "./file0/file0\000", 14);
syscall(__NR_mkdirat, /*fd=*/r[1], /*path=*/0x200000000100ul, /*mode=*/0ul);
for (int i = 0; i < 64; i++) {
syscall(__NR_mkdirat, /*fd=*/r[1], /*path=*/0x200000000100ul,
/*mode=*/0ul);
}
break;
case 6:
// unlinkat arguments: [
// fd: fd_dir (resource)
// path: ptr[in, buffer] {
// buffer: {2e 2f 62 75 73 2f 66 69 6c 65 30 00} (length 0xc)
// }
// flags: unlinkat_flags = 0x200 (8 bytes)
// ]
memcpy((void*)0x2000000001c0, "./bus/file0\000", 12);
syscall(__NR_unlinkat, /*fd=*/r[1], /*path=*/0x2000000001c0ul,
/*flags=AT_REMOVEDIR*/ 0x200ul);
for (int i = 0; i < 64; i++) {
syscall(__NR_unlinkat, /*fd=*/r[1], /*path=*/0x2000000001c0ul,
/*flags=AT_REMOVEDIR*/ 0x200ul);
}
break;
}
}
int main(void)
{
syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
/*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
/*fd=*/(intptr_t)-1, /*offset=*/0ul);
syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul,
/*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
/*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
/*fd=*/(intptr_t)-1, /*offset=*/0ul);
syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
/*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
/*fd=*/(intptr_t)-1, /*offset=*/0ul);
const char* reason;
(void)reason;
for (procid = 0; procid < 8; procid++) {
if (fork() == 0) {
use_temporary_dir();
loop();
}
}
sleep(1000000);
return 0;
}
------------[ cut here ]------------
WARNING: CPU: 0 PID: 19582 at fs/inode.c:417 drop_nlink+0xac/0xd0 fs/inode.c:417
Modules linked in:
CPU: 0 UID: 0 PID: 19582 Comm: syz.0.361 Not tainted 6.17.1 #1 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:drop_nlink+0xac/0xd0 fs/inode.c:417
Code: 48 8b 5d 28 be 08 00 00 00 48 8d bb 78 07 00 00 e8 79 e9 e5 ff f0 48 ff 83 78 07 00 00 5b 5d e9 0a 76 80 ff e8 05 76 80 ff 90 <0f> 0b 90 c7 45 48 ff ff ff ff 5b 5d e9 f3 75 80 ff e8 4e e1 e5 ff
RSP: 0018:ffffc90004497cb8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff823a62ff
RDX: ffff888108c7ca00 RSI: ffffffff823a636b RDI: 0000000000000005
RBP: ffff88804cc7b9c8 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90004497d30
R13: ffff88811321f098 R14: 0000000000000030 R15: ffff88804cc7b9c8
FS: 00007fb10d7c3640(0000) GS:ffff8880ce8be000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb10d7c2ff0 CR3: 0000000049583000 CR4: 0000000000752ef0
PKRU: 80000000
Call Trace:
<TASK>
vfat_rmdir+0x32f/0x400 fs/fat/namei_vfat.c:806
vfs_rmdir fs/namei.c:4461 [inline]
vfs_rmdir+0x203/0x690 fs/namei.c:4438
do_rmdir+0x2e8/0x3c0 fs/namei.c:4516
__do_sys_unlinkat fs/namei.c:4690 [inline]
__se_sys_unlinkat fs/namei.c:4684 [inline]
__x64_sys_unlinkat+0xef/0x130 fs/namei.c:4684
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x5677dd
Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb10d7c2fc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
RAX: ffffffffffffffda RBX: 00000000007c6180 RCX: 00000000005677dd
RDX: 0000000000000200 RSI: 00002000000001c0 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000007c6218 R14: 00000000007c6180 R15: 00007fb10d7a3000
</TASK>
<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>
Modules linked in:
CPU: 0 UID: 0 PID: 19582 Comm: syz.0.361 Not tainted 6.17.1 #1 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:drop_nlink+0xac/0xd0
Code: 48 8b 5d 28 be 08 00 00 00 48 8d bb 78 07 00 00 e8 79 e9 e5 ff f0 48 ff 83 78 07 00 00 5b 5d e9 0a 76 80 ff e8 05 76 80 ff 90 <0f> 0b 90 c7 45 48 ff ff ff ff 5b 5d e9 f3 75 80 ff e8 4e e1 e5 ff
RSP: 0018:ffffc90004497cb8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff823a62ff
RDX: ffff888108c7ca00 RSI: ffffffff823a636b RDI: 0000000000000005
RBP: ffff88804cc7b9c8 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90004497d30
R13: ffff88811321f098 R14: 0000000000000030 R15: ffff88804cc7b9c8
FS: 00007fb10d7c3640(0000) GS:ffff8880ce8be000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb10d7c2ff0 CR3: 0000000049583000 CR4: 0000000000752ef0
PKRU: 80000000
Call Trace:
<TASK>
vfat_rmdir+0x32f/0x400
vfs_rmdir+0x203/0x690
do_rmdir+0x2e8/0x3c0
__x64_sys_unlinkat+0xef/0x130
do_syscall_64+0xcd/0x4c0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x5677dd
Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb10d7c2fc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
RAX: ffffffffffffffda RBX: 00000000007c6180 RCX: 00000000005677dd
RDX: 0000000000000200 RSI: 00002000000001c0 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000007c6218 R14: 00000000007c6180 R15: 00007fb10d7a3000
</TASK>
Kernel panic - not syncing: kernel: panic_on_warn set ...
CPU: 0 UID: 0 PID: 19582 Comm: syz.0.361 Not tainted 6.17.1 #1 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x3d/0x1f0
vpanic+0x6e8/0x7a0
panic+0xca/0xd0
check_panic_on_warn+0xab/0xb0
__warn+0xf6/0x3c0
report_bug+0x3c3/0x580
handle_bug+0x184/0x210
exc_invalid_op+0x17/0x50
asm_exc_invalid_op+0x1a/0x20
RIP: 0010:drop_nlink+0xac/0xd0
Code: 48 8b 5d 28 be 08 00 00 00 48 8d bb 78 07 00 00 e8 79 e9 e5 ff f0 48 ff 83 78 07 00 00 5b 5d e9 0a 76 80 ff e8 05 76 80 ff 90 <0f> 0b 90 c7 45 48 ff ff ff ff 5b 5d e9 f3 75 80 ff e8 4e e1 e5 ff
RSP: 0018:ffffc90004497cb8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff823a62ff
RDX: ffff888108c7ca00 RSI: ffffffff823a636b RDI: 0000000000000005
RBP: ffff88804cc7b9c8 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90004497d30
R13: ffff88811321f098 R14: 0000000000000030 R15: ffff88804cc7b9c8
vfat_rmdir+0x32f/0x400
vfs_rmdir+0x203/0x690
do_rmdir+0x2e8/0x3c0
__x64_sys_unlinkat+0xef/0x130
do_syscall_64+0xcd/0x4c0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x5677dd
Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb10d7c2fc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
RAX: ffffffffffffffda RBX: 00000000007c6180 RCX: 00000000005677dd
RDX: 0000000000000200 RSI: 00002000000001c0 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000007c6218 R14: 00000000007c6180 R15: 00007fb10d7a3000
</TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..
<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>
Warning: Permanently added '[localhost]:31708' (ED25519) to the list of known hosts.
2025/11/23 09:17:25 parsed 1 programs
syzkaller login: [ 47.404236][ T9875] cgroup: Unknown subsys name 'net'
[ 47.551318][ T9875] cgroup: Unknown subsys name 'cpuset'
[ 47.555295][ T9875] cgroup: Unknown subsys name 'rlimit'
[ 48.821292][ T9875] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 50.437750][ T9904] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 50.441848][ T9904] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 50.443052][ T9904] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 50.444633][ T9904] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 50.445443][ T9904] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 51.194285][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 51.194863][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 51.386569][ T4232] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 51.387808][ T4232] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 51.691722][T10137] chnl_net:caif_netlink_parms(): no params data found
[ 51.804269][T10137] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.806802][T10137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.807340][T10137] bridge_slave_0: entered allmulticast mode
[ 51.823988][T10137] bridge_slave_0: entered promiscuous mode
[ 51.832514][T10137] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.833012][T10137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.833539][T10137] bridge_slave_1: entered allmulticast mode
[ 51.834824][T10137] bridge_slave_1: entered promiscuous mode
[ 51.880349][T10137] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 51.882598][T10137] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 51.912160][T10137] team0: Port device team_slave_0 added
[ 51.913934][T10137] team0: Port device team_slave_1 added
[ 51.944022][T10137] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 51.944460][T10137] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 51.946026][T10137] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 51.948509][T10137] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 51.948964][T10137] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 51.950615][T10137] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 51.998846][T10137] hsr_slave_0: entered promiscuous mode
[ 52.000549][T10137] hsr_slave_1: entered promiscuous mode
[ 52.116782][T10137] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 52.120796][T10137] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 52.125274][T10137] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 52.128124][T10137] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 52.179272][T10137] 8021q: adding VLAN 0 to HW filter on device bond0
[ 52.187909][T10137] 8021q: adding VLAN 0 to HW filter on device team0
[ 52.193145][ T4232] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.194096][ T4232] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 52.198846][ T4232] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.199501][ T4232] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 52.317529][T10137] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 52.452457][T10137] veth0_vlan: entered promiscuous mode
[ 52.457952][T10137] veth1_vlan: entered promiscuous mode
[ 52.475358][T10137] veth0_macvtap: entered promiscuous mode
[ 52.477721][T10137] veth1_macvtap: entered promiscuous mode
[ 52.487233][T10137] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 52.493845][T10137] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 52.500005][T10777] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 52.501879][T10777] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 52.504117][T10777] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 52.505187][T10777] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/11/23 09:17:33 executed programs: 0
[ 52.623071][ T65] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 52.624997][ T65] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 52.625950][ T65] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 52.626988][ T65] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 52.627768][ T65] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 52.642286][ T65] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 52.643457][ T65] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 52.644274][ T65] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 52.645886][ T65] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 52.646656][ T65] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 52.682285][T10921] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 52.683040][T10921] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 52.684838][T10921] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 52.685516][T10921] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 52.686363][T10921] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 52.696829][T10928] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 52.699177][T10932] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 52.700389][T10932] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 52.701637][T10941] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 52.702648][T10932] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 52.703256][T10932] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 52.703883][T10943] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 52.705357][T10943] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 52.706121][T10932] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 52.706923][T10932] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 52.707532][T10932] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 52.710573][ T65] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 52.711081][ T65] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 52.714976][T10932] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 52.715835][T10932] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 52.725136][T10921] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 52.726956][T10943] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 52.731874][T10943] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 52.733068][T10943] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 52.734383][T10943] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 52.770509][T10928] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 52.772596][T10928] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 52.773897][T10928] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 52.776774][T10928] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 52.780382][T10928] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 53.200181][T10900] chnl_net:caif_netlink_parms(): no params data found
[ 53.328622][T10899] chnl_net:caif_netlink_parms(): no params data found
[ 53.352203][ T12] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 53.477336][T10900] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.478482][T10900] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.481039][T10900] bridge_slave_0: entered allmulticast mode
[ 53.482206][T10900] bridge_slave_0: entered promiscuous mode
[ 53.491367][ T12] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 53.510975][T10913] chnl_net:caif_netlink_parms(): no params data found
[ 53.563733][T10900] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.564414][T10900] bridge0: port 2(bridge_slave_1) entered disabled state
[ 53.565101][T10900] bridge_slave_1: entered allmulticast mode
[ 53.566724][T10900] bridge_slave_1: entered promiscuous mode
[ 53.606361][T10912] chnl_net:caif_netlink_parms(): no params data found
[ 53.621387][ T12] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 53.684594][ T12] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 53.745965][T10900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 53.771779][T10917] chnl_net:caif_netlink_parms(): no params data found
[ 53.784062][T10899] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.784573][T10899] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.785153][T10899] bridge_slave_0: entered allmulticast mode
[ 53.786351][T10899] bridge_slave_0: entered promiscuous mode
[ 53.806247][T10900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 53.842701][T10900] team0: Port device team_slave_0 added
[ 53.856462][T10899] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.857077][T10899] bridge0: port 2(bridge_slave_1) entered disabled state
[ 53.857732][T10899] bridge_slave_1: entered allmulticast mode
[ 53.859076][T10899] bridge_slave_1: entered promiscuous mode
[ 53.861251][T10944] chnl_net:caif_netlink_parms(): no params data found
[ 53.896806][T10900] team0: Port device team_slave_1 added
[ 53.897643][T10938] chnl_net:caif_netlink_parms(): no params data found
[ 53.921876][T10913] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.922611][T10913] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.923254][T10913] bridge_slave_0: entered allmulticast mode
[ 53.924710][T10913] bridge_slave_0: entered promiscuous mode
[ 53.973361][T10916] chnl_net:caif_netlink_parms(): no params data found
[ 54.009770][T10900] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 54.010209][T10900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 54.011710][T10900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 54.020917][T10913] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.021405][T10913] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.021987][T10913] bridge_slave_1: entered allmulticast mode
[ 54.023120][T10913] bridge_slave_1: entered promiscuous mode
[ 54.037796][T10899] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 54.083940][T10900] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 54.084700][T10900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 54.087293][T10900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 54.114200][T10899] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 54.116276][T10913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 54.226159][T10913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 54.250568][T10912] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.251615][T10912] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.252608][T10912] bridge_slave_0: entered allmulticast mode
[ 54.254870][T10912] bridge_slave_0: entered promiscuous mode
[ 54.264033][T10917] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.264522][T10917] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.265023][T10917] bridge_slave_0: entered allmulticast mode
[ 54.266161][T10917] bridge_slave_0: entered promiscuous mode
[ 54.302004][T10899] team0: Port device team_slave_0 added
[ 54.304479][T10899] team0: Port device team_slave_1 added
[ 54.319987][T10912] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.320487][T10912] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.321018][T10912] bridge_slave_1: entered allmulticast mode
[ 54.322172][T10912] bridge_slave_1: entered promiscuous mode
[ 54.327817][T10917] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.328801][T10917] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.330018][T10917] bridge_slave_1: entered allmulticast mode
[ 54.332167][T10917] bridge_slave_1: entered promiscuous mode
[ 54.456161][T10917] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 54.493995][T10913] team0: Port device team_slave_0 added
[ 54.506561][T10944] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.507104][T10944] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.507644][T10944] bridge_slave_0: entered allmulticast mode
[ 54.508890][T10944] bridge_slave_0: entered promiscuous mode
[ 54.514399][T10944] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.514933][T10944] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.515423][T10944] bridge_slave_1: entered allmulticast mode
[ 54.516575][T10944] bridge_slave_1: entered promiscuous mode
[ 54.517821][T10899] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 54.518267][T10899] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 54.520239][T10899] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 54.581735][T10917] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 54.586204][T10900] hsr_slave_0: entered promiscuous mode
[ 54.587121][T10900] hsr_slave_1: entered promiscuous mode
[ 54.587880][T10900] debugfs: 'hsr0' already exists in 'hsr'
[ 54.588370][T10900] Cannot create hsr debugfs directory
[ 54.592145][T10913] team0: Port device team_slave_1 added
[ 54.605625][T10938] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.606484][T10938] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.607352][T10938] bridge_slave_0: entered allmulticast mode
[ 54.610507][T10938] bridge_slave_0: entered promiscuous mode
[ 54.612939][T10899] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 54.613389][T10899] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 54.615126][T10899] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 54.616127][T10938] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.616687][T10938] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.617177][T10938] bridge_slave_1: entered allmulticast mode
[ 54.618282][T10938] bridge_slave_1: entered promiscuous mode
[ 54.636290][T10912] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 54.638701][T10944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 54.641509][T10916] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.642041][T10916] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.642645][T10916] bridge_slave_0: entered allmulticast mode
[ 54.643846][T10916] bridge_slave_0: entered promiscuous mode
[ 54.671433][T10917] team0: Port device team_slave_0 added
[ 54.689948][T10928] Bluetooth: hci0: command tx timeout
[ 54.689959][ T9904] Bluetooth: hci1: command tx timeout
[ 54.716185][T10912] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 54.735790][T10944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 54.744645][T10916] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.745413][T10916] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.746211][T10916] bridge_slave_1: entered allmulticast mode
[ 54.748090][T10916] bridge_slave_1: entered promiscuous mode
[ 54.769463][ T9904] Bluetooth: hci2: command tx timeout
[ 54.769481][T10928] Bluetooth: hci5: command tx timeout
[ 54.770680][ T9904] Bluetooth: hci6: command tx timeout
[ 54.779695][T10932] Bluetooth: hci3: command tx timeout
[ 54.780227][T10932] Bluetooth: hci4: command tx timeout
[ 54.788082][T10917] team0: Port device team_slave_1 added
[ 54.789759][T10913] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 54.790435][T10913] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 54.792790][T10913] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 54.807748][T10938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 54.849856][T10928] Bluetooth: hci7: command tx timeout
[ 54.898540][T10913] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 54.901082][T10913] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 54.902553][T10913] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 54.924843][T10938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 54.926633][T10912] team0: Port device team_slave_0 added
[ 54.928752][T10944] team0: Port device team_slave_0 added
[ 54.936794][T10944] team0: Port device team_slave_1 added
[ 54.940098][T10916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 55.004548][T10912] team0: Port device team_slave_1 added
[ 55.006108][T10938] team0: Port device team_slave_0 added
[ 55.031196][T10916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 55.053926][T10917] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 55.055025][T10917] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 55.058963][T10917] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 55.087359][T10938] team0: Port device team_slave_1 added
[ 55.101282][ T12] bridge_slave_1: left allmulticast mode
[ 55.102062][ T12] bridge_slave_1: left promiscuous mode
[ 55.103556][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.108171][ T12] bridge_slave_0: left allmulticast mode
[ 55.108574][ T12] bridge_slave_0: left promiscuous mode
[ 55.109015][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.363511][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 55.365465][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 55.366737][ T12] bond0 (unregistering): Released all slaves
[ 55.456319][T10944] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 55.456893][T10944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 55.458848][T10944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 55.477577][T10916] team0: Port device team_slave_0 added
[ 55.512809][T10917] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 55.513268][T10917] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 55.514834][T10917] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 55.526106][T10899] hsr_slave_0: entered promiscuous mode
[ 55.526970][T10899] hsr_slave_1: entered promiscuous mode
[ 55.527666][T10899] debugfs: 'hsr0' already exists in 'hsr'
[ 55.528037][T10899] Cannot create hsr debugfs directory
[ 55.567913][T10912] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 55.568394][T10912] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 55.570425][T10912] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 55.588383][T10944] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 55.591658][T10944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 55.595007][T10944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 55.597950][T10916] team0: Port device team_slave_1 added
[ 55.605000][T10913] hsr_slave_0: entered promiscuous mode
[ 55.605897][T10913] hsr_slave_1: entered promiscuous mode
[ 55.606620][T10913] debugfs: 'hsr0' already exists in 'hsr'
[ 55.607038][T10913] Cannot create hsr debugfs directory
[ 55.655082][T10938] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 55.655521][T10938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 55.657015][T10938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 55.658523][T10912] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 55.659509][T10912] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 55.662744][T10912] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 55.712874][T10916] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 55.713329][T10916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 55.714903][T10916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 55.716509][T10916] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 55.716964][T10916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 55.718548][T10916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 55.751829][T10938] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 55.752389][T10938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 55.755092][T10938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 55.878747][T10912] hsr_slave_0: entered promiscuous mode
[ 55.880827][T10912] hsr_slave_1: entered promiscuous mode
[ 55.881473][T10912] debugfs: 'hsr0' already exists in 'hsr'
[ 55.881839][T10912] Cannot create hsr debugfs directory
[ 55.907479][T10917] hsr_slave_0: entered promiscuous mode
[ 55.908313][T10917] hsr_slave_1: entered promiscuous mode
[ 55.908985][T10917] debugfs: 'hsr0' already exists in 'hsr'
[ 55.911335][T10917] Cannot create hsr debugfs directory
[ 55.970280][T10944] hsr_slave_0: entered promiscuous mode
[ 55.971595][T10944] hsr_slave_1: entered promiscuous mode
[ 55.972803][T10944] debugfs: 'hsr0' already exists in 'hsr'
[ 55.973245][T10944] Cannot create hsr debugfs directory
[ 56.072865][T10938] hsr_slave_0: entered promiscuous mode
[ 56.073858][T10938] hsr_slave_1: entered promiscuous mode
[ 56.074609][T10938] debugfs: 'hsr0' already exists in 'hsr'
[ 56.074988][T10938] Cannot create hsr debugfs directory
[ 56.185657][T10916] hsr_slave_0: entered promiscuous mode
[ 56.186722][T10916] hsr_slave_1: entered promiscuous mode
[ 56.188068][T10916] debugfs: 'hsr0' already exists in 'hsr'
[ 56.188537][T10916] Cannot create hsr debugfs directory
[ 56.195752][ T12] hsr_slave_0: left promiscuous mode
[ 56.196446][ T12] hsr_slave_1: left promiscuous mode
[ 56.197172][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 56.197656][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 56.198719][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 56.199709][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 56.212300][ T12] veth1_macvtap: left promiscuous mode
[ 56.213404][ T12] veth0_macvtap: left promiscuous mode
[ 56.214594][ T12] veth1_vlan: left promiscuous mode
[ 56.215433][ T12] veth0_vlan: left promiscuous mode
[ 56.470413][ T12] team0 (unregistering): Port device team_slave_1 removed
[ 56.488710][ T12] team0 (unregistering): Port device team_slave_0 removed
[ 56.769376][T10928] Bluetooth: hci0: command tx timeout
[ 56.769415][T10932] Bluetooth: hci1: command tx timeout
[ 56.849780][T10932] Bluetooth: hci6: command tx timeout
[ 56.850021][T10928] Bluetooth: hci5: command tx timeout
[ 56.850620][T10932] Bluetooth: hci4: command tx timeout
[ 56.851526][T10928] Bluetooth: hci3: command tx timeout
[ 56.852254][T10932] Bluetooth: hci2: command tx timeout
[ 56.929458][T10932] Bluetooth: hci7: command tx timeout
[ 56.995770][T10900] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 57.000451][T10900] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 57.063663][T10900] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 57.115891][T10900] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 57.216956][T10913] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 57.225018][T10913] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 57.236775][T10913] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 57.240282][T10913] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 57.317785][T10900] 8021q: adding VLAN 0 to HW filter on device bond0
[ 57.329942][T10913] 8021q: adding VLAN 0 to HW filter on device bond0
[ 57.332191][T10900] 8021q: adding VLAN 0 to HW filter on device team0
[ 57.337006][ T40] bridge0: port 1(bridge_slave_0) entered blocking state
[ 57.337512][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 57.344740][ T40] bridge0: port 2(bridge_slave_1) entered blocking state
[ 57.345409][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 57.351122][T10913] 8021q: adding VLAN 0 to HW filter on device team0
[ 57.363483][ T40] bridge0: port 1(bridge_slave_0) entered blocking state
[ 57.364058][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 57.370996][ T40] bridge0: port 2(bridge_slave_1) entered blocking state
[ 57.371470][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 57.523957][T10900] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 57.524551][T10899] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 57.527665][T10899] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 57.536803][T10899] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 57.545647][T10899] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 57.578965][T10913] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 57.604601][T10944] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 57.611330][T10944] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 57.627766][T10944] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 57.639714][T10944] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 57.659023][T10900] veth0_vlan: entered promiscuous mode
[ 57.666589][T10912] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 57.676866][T10912] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 57.679340][T10912] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 57.681794][T10912] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 57.722274][T10913] veth0_vlan: entered promiscuous mode
[ 57.732435][T10900] veth1_vlan: entered promiscuous mode
[ 57.751679][T10913] veth1_vlan: entered promiscuous mode
[ 57.756764][T10917] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 57.767350][T10917] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 57.771171][T10917] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 57.775087][T10917] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 57.824836][T10899] 8021q: adding VLAN 0 to HW filter on device bond0
[ 57.865554][T10938] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 57.868843][T10938] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 57.871512][T10938] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 57.875103][T10938] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 57.888264][T10900] veth0_macvtap: entered promiscuous mode
[ 57.900330][T10899] 8021q: adding VLAN 0 to HW filter on device team0
[ 57.910835][T10900] veth1_macvtap: entered promiscuous mode
[ 57.914995][T10913] veth0_macvtap: entered promiscuous mode
[ 57.942662][T10913] veth1_macvtap: entered promiscuous mode
[ 57.964744][ T50] bridge0: port 1(bridge_slave_0) entered blocking state
[ 57.965578][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 57.996394][ T76] bridge0: port 2(bridge_slave_1) entered blocking state
[ 57.996928][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 58.005538][T10900] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 58.007634][T10916] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 58.010897][T10916] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 58.028985][T10913] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 58.033154][T10944] 8021q: adding VLAN 0 to HW filter on device bond0
[ 58.034919][T10916] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 58.048076][T10900] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 58.054593][T10913] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 58.056806][T10916] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 58.070350][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.071444][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.072326][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.085011][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.096116][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.108422][T10944] 8021q: adding VLAN 0 to HW filter on device team0
[ 58.111944][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.115972][T10912] 8021q: adding VLAN 0 to HW filter on device bond0
[ 58.116722][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.125919][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.128307][ T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 58.128798][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 58.152063][T10917] 8021q: adding VLAN 0 to HW filter on device bond0
[ 58.158829][ T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 58.159445][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 58.198925][T10912] 8021q: adding VLAN 0 to HW filter on device team0
[ 58.203055][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 58.203720][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 58.207270][ T45] bridge0: port 1(bridge_slave_0) entered blocking state
[ 58.207883][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 58.225983][ T45] bridge0: port 2(bridge_slave_1) entered blocking state
[ 58.227133][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 58.233888][T10917] 8021q: adding VLAN 0 to HW filter on device team0
[ 58.256237][T10938] 8021q: adding VLAN 0 to HW filter on device bond0
[ 58.279011][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 58.280598][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 58.283028][ T45] bridge0: port 1(bridge_slave_0) entered blocking state
[ 58.283644][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 58.291630][ T1025] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 58.292182][ T1025] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 58.299946][ T45] bridge0: port 2(bridge_slave_1) entered blocking state
[ 58.300815][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state
2025/11/23 09:17:38 executed programs: 16
[ 58.346399][T10938] 8021q: adding VLAN 0 to HW filter on device team0
[ 58.363919][ T1025] bridge0: port 1(bridge_slave_0) entered blocking state
[ 58.364548][ T1025] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 58.368843][ T1025] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 58.371218][ T1025] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 58.404864][ T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 58.405434][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 58.409275][T10899] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 58.418845][T15474] loop1: detected capacity change from 0 to 8192
[ 58.462325][T10916] 8021q: adding VLAN 0 to HW filter on device bond0
[ 58.548411][T10899] veth0_vlan: entered promiscuous mode
[ 58.582001][T10916] 8021q: adding VLAN 0 to HW filter on device team0
[ 58.585388][T10899] veth1_vlan: entered promiscuous mode
[ 58.612350][T10944] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 58.622950][ T4232] bridge0: port 1(bridge_slave_0) entered blocking state
[ 58.624167][ T4232] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 58.626437][ T4232] bridge0: port 2(bridge_slave_1) entered blocking state
[ 58.627743][ T4232] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 58.641849][T15490] loop3: detected capacity change from 0 to 8192
[ 58.648966][T10912] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 58.683039][T10899] veth0_macvtap: entered promiscuous mode
[ 58.687147][T10899] veth1_macvtap: entered promiscuous mode
[ 58.835767][T10917] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 58.861556][T10932] Bluetooth: hci0: command tx timeout
[ 58.861955][T10932] Bluetooth: hci1: command tx timeout
[ 58.898447][T10899] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 58.929438][T10928] Bluetooth: hci3: command tx timeout
[ 58.929470][T10932] Bluetooth: hci2: command tx timeout
[ 58.933617][T15511] loop1: detected capacity change from 0 to 8192
[ 58.933725][T10899] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 58.939321][T10932] Bluetooth: hci4: command tx timeout
[ 58.939460][T10928] Bluetooth: hci5: command tx timeout
[ 58.940264][T10932] Bluetooth: hci6: command tx timeout
[ 58.995722][T10777] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.996945][T10777] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.009487][T10932] Bluetooth: hci7: command tx timeout
[ 59.047638][T10938] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 59.059404][T10777] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.064059][T10777] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.073321][T10944] veth0_vlan: entered promiscuous mode
[ 59.080569][T10912] veth0_vlan: entered promiscuous mode
[ 59.088148][T10912] veth1_vlan: entered promiscuous mode
[ 59.217280][T15528] loop3: detected capacity change from 0 to 8192
[ 59.241442][T10916] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 59.316306][T10944] veth1_vlan: entered promiscuous mode
[ 59.401678][T10912] veth0_macvtap: entered promiscuous mode
[ 59.402499][T15544] loop1: detected capacity change from 0 to 8192
[ 59.454892][T10912] veth1_macvtap: entered promiscuous mode
[ 59.469925][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 59.470434][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 59.493462][T10912] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 59.498854][T10912] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 59.517739][T10917] veth0_vlan: entered promiscuous mode
[ 59.535099][T10938] veth0_vlan: entered promiscuous mode
[ 59.545690][T14158] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.552760][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 59.553362][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 59.560668][T10944] veth0_macvtap: entered promiscuous mode
[ 59.561771][T14158] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.563789][T10944] veth1_macvtap: entered promiscuous mode
[ 59.571931][T10944] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 59.574362][T10944] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 59.598216][T14158] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.613344][T14158] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.615352][T14158] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.615929][T14158] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.616468][T14158] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.617011][T14158] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.618144][T10917] veth1_vlan: entered promiscuous mode
[ 59.647626][T10916] veth0_vlan: entered promiscuous mode
[ 59.653618][T10938] veth1_vlan: entered promiscuous mode
[ 59.779912][T10938] veth0_macvtap: entered promiscuous mode
[ 59.786802][T10938] veth1_macvtap: entered promiscuous mode
[ 59.808116][T10938] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 59.813590][T10938] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 59.817593][T10086] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.818535][T10086] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.829477][T10086] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.830095][T10086] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.832019][T10916] veth1_vlan: entered promiscuous mode
[ 59.850572][T10917] veth0_macvtap: entered promiscuous mode
[ 59.864724][T15566] loop0: detected capacity change from 0 to 8192
[ 59.897905][ T1025] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 59.898432][ T1025] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 59.949940][T10916] veth0_macvtap: entered promiscuous mode
[ 59.952605][T10916] veth1_macvtap: entered promiscuous mode
[ 59.960417][T10916] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 59.963022][T10916] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 59.980813][T10917] veth1_macvtap: entered promiscuous mode
[ 59.990624][T10777] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.991647][T10777] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.992660][T10777] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.993654][T10777] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.036323][T15583] loop1: detected capacity change from 0 to 8192
[ 60.162682][T15575] loop3: detected capacity change from 0 to 8192
[ 60.632150][T10917] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 60.633489][ T3650] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.633985][ T3650] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.663965][T10917] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 60.670208][T15600] loop0: detected capacity change from 0 to 8192
[ 60.706379][ T2168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.706892][ T2168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.720560][ T1025] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.721101][ T1025] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.741678][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.761457][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.762008][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.762542][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.875924][T15622] loop3: detected capacity change from 0 to 8192
[ 60.909714][ T1025] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.910217][ T1025] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.913337][T15623] loop1: detected capacity change from 0 to 8192
[ 60.940557][T10932] Bluetooth: hci1: command tx timeout
[ 60.940577][T10928] Bluetooth: hci0: command tx timeout
[ 60.965739][T15636] loop7: detected capacity change from 0 to 8192
[ 61.010755][T10928] Bluetooth: hci6: command tx timeout
[ 61.010849][T10932] Bluetooth: hci5: command tx timeout
[ 61.011147][T10928] Bluetooth: hci2: command tx timeout
[ 61.011494][T10932] Bluetooth: hci3: command tx timeout
[ 61.011828][T10928] Bluetooth: hci4: command tx timeout
[ 61.099206][ T65] Bluetooth: hci7: command tx timeout
[ 61.136482][T15639] loop2: detected capacity change from 0 to 8192
[ 61.678036][ T770] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 61.679420][ T770] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 61.921013][T15670] loop3: detected capacity change from 0 to 8192
[ 61.998703][T15674] loop0: detected capacity change from 0 to 8192
[ 62.003649][T15677] loop2: detected capacity change from 0 to 8192
[ 62.004930][ T3650] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 62.005447][ T3650] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 62.140501][T15680] loop7: detected capacity change from 0 to 8192
[ 62.226553][ T770] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 62.227066][ T770] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 62.433266][T15693] loop1: detected capacity change from 0 to 8192
[ 62.675466][ T2168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 62.676704][ T2168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 63.102798][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 63.103327][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 63.190556][T15714] loop5: detected capacity change from 0 to 8192
[ 63.234530][T15720] loop6: detected capacity change from 0 to 8192
2025/11/23 09:17:44 executed programs: 41
[ 63.895009][T15737] loop3: detected capacity change from 0 to 8192
[ 63.941426][T15756] loop7: detected capacity change from 0 to 8192
[ 64.047562][T15757] loop1: detected capacity change from 0 to 8192
[ 64.058961][T15760] loop5: detected capacity change from 0 to 8192
[ 64.194019][T15738] loop0: detected capacity change from 0 to 8192
[ 64.214157][T15747] loop2: detected capacity change from 0 to 8192
[ 64.884236][T15770] loop4: detected capacity change from 0 to 8192
[ 65.113214][T15782] loop6: detected capacity change from 0 to 8192
[ 65.432991][T15786] loop3: detected capacity change from 0 to 8192
[ 65.494237][T15783] loop7: detected capacity change from 0 to 8192
[ 66.035104][T15801] loop2: detected capacity change from 0 to 8192
[ 66.070900][T15803] loop5: detected capacity change from 0 to 8192
[ 66.440129][T15822] loop6: detected capacity change from 0 to 8192
[ 66.730621][T15823] loop0: detected capacity change from 0 to 8192
[ 66.939878][T15815] loop4: detected capacity change from 0 to 8192
[ 66.955815][T15827] loop1: detected capacity change from 0 to 8192
[ 67.280094][T15836] loop7: detected capacity change from 0 to 8192
[ 67.358150][T15847] loop3: detected capacity change from 0 to 8192
[ 67.366891][T15848] loop2: detected capacity change from 0 to 8192
[ 67.830682][T15857] loop6: detected capacity change from 0 to 8192
[ 67.897885][T15870] loop1: detected capacity change from 0 to 8192
[ 68.176124][T15871] loop4: detected capacity change from 0 to 8192
[ 68.455504][T15885] loop5: detected capacity change from 0 to 8192
2025/11/23 09:17:49 executed programs: 63
[ 69.087851][T15910] loop0: detected capacity change from 0 to 8192
[ 69.248577][T15923] loop4: detected capacity change from 0 to 8192
[ 69.364887][T15932] loop1: detected capacity change from 0 to 8192
[ 69.430633][T15914] loop2: detected capacity change from 0 to 8192
[ 69.440039][T15920] loop6: detected capacity change from 0 to 8192
[ 69.517227][T15924] loop3: detected capacity change from 0 to 8192
[ 69.523076][T15919] loop7: detected capacity change from 0 to 8192
[ 69.982482][T15951] loop2: detected capacity change from 0 to 8192
[ 70.348662][T15959] loop5: detected capacity change from 0 to 8192
[ 70.614802][T15963] loop4: detected capacity change from 0 to 8192
[ 71.007009][T15981] loop3: detected capacity change from 0 to 8192
[ 71.127003][T15990] loop0: detected capacity change from 0 to 8192
[ 71.130712][T15989] loop7: detected capacity change from 0 to 8192
[ 71.484156][T15992] loop1: detected capacity change from 0 to 8192
[ 71.537559][T15994] loop6: detected capacity change from 0 to 8192
[ 71.646574][T16006] loop2: detected capacity change from 0 to 8192
[ 71.893688][T16016] loop5: detected capacity change from 0 to 8192
[ 72.079459][T16020] loop3: detected capacity change from 0 to 8192
[ 73.139564][T16031] loop4: detected capacity change from 0 to 8192
[ 73.227221][T16050] loop7: detected capacity change from 0 to 8192
[ 73.352743][T16053] loop2: detected capacity change from 0 to 8192
[ 73.461928][T16056] loop1: detected capacity change from 0 to 8192
[ 73.561536][T16060] loop5: detected capacity change from 0 to 8192
[ 73.598869][T16058] loop0: detected capacity change from 0 to 8192
[ 73.968882][T16073] loop3: detected capacity change from 0 to 8192
[ 73.971859][T16076] loop6: detected capacity change from 0 to 8192
2025/11/23 09:17:54 executed programs: 85
[ 74.954392][T16097] loop4: detected capacity change from 0 to 8192
[ 75.088916][T16104] loop7: detected capacity change from 0 to 8192
[ 75.155509][T16117] loop1: detected capacity change from 0 to 8192
[ 75.313274][T16113] loop2: detected capacity change from 0 to 8192
[ 75.408824][T16123] loop0: detected capacity change from 0 to 8192
[ 75.557269][T16116] loop5: detected capacity change from 0 to 8192
[ 75.731495][T16119] loop3: detected capacity change from 0 to 8192
[ 76.004377][ T1358] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.004930][ T1358] ieee802154 phy1 wpan1: encryption failed: -22
[ 76.090868][T16139] loop4: detected capacity change from 0 to 8192
[ 76.475490][T16153] loop5: detected capacity change from 0 to 8192
[ 76.536957][T16157] loop7: detected capacity change from 0 to 8192
[ 76.567692][T16158] loop6: detected capacity change from 0 to 8192
[ 76.769643][T16166] loop1: detected capacity change from 0 to 8192
[ 77.303749][T16180] loop0: detected capacity change from 0 to 8192
[ 77.368557][T16177] loop3: detected capacity change from 0 to 8192
[ 78.107640][T16200] loop7: detected capacity change from 0 to 8192
[ 78.290153][T16218] loop5: detected capacity change from 0 to 8192
[ 78.343173][T16215] loop6: detected capacity change from 0 to 8192
[ 78.357315][T16219] loop1: detected capacity change from 0 to 8192
[ 78.429541][T16217] loop4: detected capacity change from 0 to 8192
[ 78.638857][T16231] loop2: detected capacity change from 0 to 8192
[ 78.993273][T16229] loop0: detected capacity change from 0 to 8192
2025/11/23 09:17:59 executed programs: 110
[ 79.225546][T16240] loop3: detected capacity change from 0 to 8192
[ 79.776030][T16261] loop4: detected capacity change from 0 to 8192
[ 79.778312][T16257] loop5: detected capacity change from 0 to 8192
[ 79.969295][T16258] loop7: detected capacity change from 0 to 8192
[ 80.218203][T16286] loop0: detected capacity change from 0 to 8192
[ 80.243453][T16281] loop6: detected capacity change from 0 to 8192
[ 80.312677][T16283] loop2: detected capacity change from 0 to 8192
[ 80.313705][T16287] loop1: detected capacity change from 0 to 8192
[ 80.864412][T16302] loop7: detected capacity change from 0 to 8192
[ 81.065827][T16320] loop4: detected capacity change from 0 to 8192
[ 81.201792][T16319] loop5: detected capacity change from 0 to 8192
[ 81.250320][T16315] loop3: detected capacity change from 0 to 8192
[ 81.962018][T16337] loop1: detected capacity change from 0 to 8192
[ 82.040478][T16347] loop2: detected capacity change from 0 to 8192
[ 82.066553][T16345] loop6: detected capacity change from 0 to 8192
[ 82.564588][T16353] loop0: detected capacity change from 0 to 8192
[ 82.605729][T16362] loop7: detected capacity change from 0 to 8192
[ 82.848419][T16372] loop3: detected capacity change from 0 to 8192
[ 82.985242][T16371] loop1: detected capacity change from 0 to 8192
[ 83.452941][T16392] loop4: detected capacity change from 0 to 8192
[ 83.723682][T16393] loop2: detected capacity change from 0 to 8192
[ 83.737801][T16383] loop5: detected capacity change from 0 to 8192
2025/11/23 09:18:04 executed programs: 135
[ 85.029589][T16432] loop2: detected capacity change from 0 to 8192
[ 85.032754][T16426] loop6: detected capacity change from 0 to 8192
[ 85.034140][T16434] loop5: detected capacity change from 0 to 8192
[ 85.046111][T16437] loop0: detected capacity change from 0 to 8192
[ 85.094794][T16439] loop1: detected capacity change from 0 to 8192
[ 85.119904][T16442] loop7: detected capacity change from 0 to 8192
[ 85.269329][T16441] loop3: detected capacity change from 0 to 8192
[ 85.312058][T16447] loop4: detected capacity change from 0 to 8192
[ 86.270178][T16478] loop6: detected capacity change from 0 to 8192
[ 86.337939][T16479] loop1: detected capacity change from 0 to 8192
[ 86.418721][T16480] loop7: detected capacity change from 0 to 8192
[ 86.437007][T16473] loop3: detected capacity change from 0 to 8192
[ 87.010670][T16504] loop5: detected capacity change from 0 to 8192
[ 87.020547][T16496] loop4: detected capacity change from 0 to 8192
[ 87.050056][T16502] loop2: detected capacity change from 0 to 8192
[ 87.434973][T16507] loop0: detected capacity change from 0 to 8192
[ 88.010481][T16527] loop6: detected capacity change from 0 to 8192
[ 88.032127][T16528] loop3: detected capacity change from 0 to 8192
[ 88.186799][T16539] loop5: detected capacity change from 0 to 8192
[ 88.214306][T16537] loop1: detected capacity change from 0 to 8192
[ 88.553626][T16545] loop7: detected capacity change from 0 to 8192
[ 88.744495][T16558] loop4: detected capacity change from 0 to 8192
[ 88.863494][T16557] loop2: detected capacity change from 0 to 8192
[ 89.045414][T16566] loop0: detected capacity change from 0 to 8192
2025/11/23 09:18:09 executed programs: 153
[ 89.728542][T16578] loop1: detected capacity change from 0 to 8192
[ 89.991832][T16590] loop5: detected capacity change from 0 to 8192
[ 90.031015][T16589] loop6: detected capacity change from 0 to 8192
[ 90.219941][T16597] loop4: detected capacity change from 0 to 8192
[ 90.515607][T16617] loop0: detected capacity change from 0 to 8192
[ 90.529020][T16609] loop3: detected capacity change from 0 to 8192
[ 90.633518][T16618] loop2: detected capacity change from 0 to 8192
[ 90.652519][T16619] loop7: detected capacity change from 0 to 8192
[ 91.072339][T16636] loop6: detected capacity change from 0 to 8192
[ 91.261959][T16637] loop4: detected capacity change from 0 to 8192
[ 92.133978][T16651] loop5: detected capacity change from 0 to 8192
[ 92.516694][T16662] loop1: detected capacity change from 0 to 8192
[ 92.544271][T16672] loop0: detected capacity change from 0 to 8192
[ 92.618081][T16676] loop3: detected capacity change from 0 to 8192
[ 92.625476][T16680] loop2: detected capacity change from 0 to 8192
[ 92.708329][T16681] loop6: detected capacity change from 0 to 8192
[ 92.730531][T16688] loop4: detected capacity change from 0 to 8192
[ 93.031920][T16683] loop7: detected capacity change from 0 to 8192
[ 93.333908][T16704] loop5: detected capacity change from 0 to 8192
[ 93.368928][T16705] loop0: detected capacity change from 0 to 8192
[ 94.106752][T16732] loop4: detected capacity change from 0 to 8192
[ 94.128226][T16731] loop1: detected capacity change from 0 to 8192
[ 94.150524][T16736] loop6: detected capacity change from 0 to 8192
2025/11/23 09:18:14 executed programs: 179
[ 94.525709][T16748] loop3: detected capacity change from 0 to 8192
[ 94.897584][T16754] loop7: detected capacity change from 0 to 8192
[ 95.124105][T16755] loop2: detected capacity change from 0 to 8192
[ 95.536666][T16770] loop5: detected capacity change from 0 to 8192
[ 95.544782][T16774] loop0: detected capacity change from 0 to 8192
[ 95.863066][T16775] loop4: detected capacity change from 0 to 8192
[ 96.257395][T16797] loop1: detected capacity change from 0 to 8192
[ 96.260491][T16795] loop3: detected capacity change from 0 to 8192
[ 96.406306][T16806] loop7: detected capacity change from 0 to 8192
[ 96.412700][T16801] loop2: detected capacity change from 0 to 8192
[ 96.550525][T16794] loop6: detected capacity change from 0 to 8192
[ 97.099049][T16820] loop0: detected capacity change from 0 to 8192
[ 97.360532][T16829] loop5: detected capacity change from 0 to 8192
[ 97.484988][T16833] loop4: detected capacity change from 0 to 8192
[ 97.818977][T16850] loop6: detected capacity change from 0 to 8192
[ 98.191747][T16872] loop1: detected capacity change from 0 to 8192
[ 98.204618][T16871] loop4: detected capacity change from 0 to 8192
[ 98.211397][T16868] loop2: detected capacity change from 0 to 8192
[ 98.257381][T16870] loop7: detected capacity change from 0 to 8192
[ 98.610448][T16888] loop0: detected capacity change from 0 to 8192
[ 99.000859][T16897] loop6: detected capacity change from 0 to 8192
[ 99.003334][T16901] loop3: detected capacity change from 0 to 8192
[ 99.033002][T16900] loop5: detected capacity change from 0 to 8192
[ 99.263465][T16911] loop4: detected capacity change from 0 to 8192
2025/11/23 09:18:19 executed programs: 204
[ 99.574564][T16919] loop2: detected capacity change from 0 to 8192
[ 99.840597][T16932] loop6: detected capacity change from 0 to 8192
[ 99.971441][T16934] loop7: detected capacity change from 0 to 8192
[ 100.030506][T16957] loop3: detected capacity change from 0 to 8192
[ 100.240117][T16955] loop1: detected capacity change from 0 to 8192
[ 100.268605][T16944] loop0: detected capacity change from 0 to 8192
[ 100.346639][T16958] loop5: detected capacity change from 0 to 8192
[ 100.449956][T16962] loop4: detected capacity change from 0 to 8192
[ 100.662828][T16971] loop2: detected capacity change from 0 to 8192
[ 101.546639][T16997] loop1: detected capacity change from 0 to 8192
[ 101.624800][T16996] loop6: detected capacity change from 0 to 8192
[ 101.630204][T17010] loop7: detected capacity change from 0 to 8192
[ 101.630317][T16998] loop4: detected capacity change from 0 to 8192
[ 101.655265][T17005] loop0: detected capacity change from 0 to 8192
[ 101.677602][T17016] loop5: detected capacity change from 0 to 8192
[ 101.722206][T17017] loop3: detected capacity change from 0 to 8192
[ 102.447930][T17038] loop2: detected capacity change from 0 to 8192
[ 102.450592][T17047] loop5: detected capacity change from 0 to 8192
[ 102.512222][T17049] loop7: detected capacity change from 0 to 8192
[ 102.616932][T17059] loop4: detected capacity change from 0 to 8192
[ 102.878818][T17065] loop1: detected capacity change from 0 to 8192
[ 103.044206][T17066] loop6: detected capacity change from 0 to 8192
[ 103.365830][T17083] loop0: detected capacity change from 0 to 8192
[ 104.235599][T17099] loop3: detected capacity change from 0 to 8192
[ 104.356894][T17106] loop6: detected capacity change from 0 to 8192
[ 104.826794][T17122] loop2: detected capacity change from 0 to 8192
[ 104.853991][T17130] loop4: detected capacity change from 0 to 8192
[ 104.855380][T17121] loop1: detected capacity change from 0 to 8192
[ 104.929254][T17117] loop5: detected capacity change from 0 to 8192
[ 105.247501][T17132] loop7: detected capacity change from 0 to 8192
2025/11/23 09:18:25 executed programs: 232
[ 105.336152][T17141] loop0: detected capacity change from 0 to 8192
[ 105.891495][T17148] loop3: detected capacity change from 0 to 8192
[ 105.992190][T17160] loop4: detected capacity change from 0 to 8192
[ 106.286482][T17169] loop1: detected capacity change from 0 to 8192
[ 106.470632][T17175] loop6: detected capacity change from 0 to 8192
[ 106.755018][T17209] loop3: detected capacity change from 0 to 8192
[ 106.883233][T17200] loop7: detected capacity change from 0 to 8192
[ 106.903335][T17205] loop4: detected capacity change from 0 to 8192
[ 107.106888][T17201] loop0: detected capacity change from 0 to 8192
[ 107.248157][T17217] loop2: detected capacity change from 0 to 8192
[ 107.930249][T17237] loop1: detected capacity change from 0 to 8192
[ 108.019424][T17228] loop5: detected capacity change from 0 to 8192
[ 108.255664][T17253] loop6: detected capacity change from 0 to 8192
[ 108.391088][T17254] loop4: detected capacity change from 0 to 8192
[ 108.661100][T17261] loop0: detected capacity change from 0 to 8192
[ 108.950339][T17268] loop3: detected capacity change from 0 to 8192
[ 108.958254][T17271] loop7: detected capacity change from 0 to 8192
[ 109.110613][T17280] loop5: detected capacity change from 0 to 8192
[ 109.114732][T17278] loop2: detected capacity change from 0 to 8192
[ 109.849776][T17297] loop6: detected capacity change from 0 to 8192
[ 110.026936][T17296] loop1: detected capacity change from 0 to 8192
2025/11/23 09:18:30 executed programs: 258
[ 110.437608][T17313] loop5: detected capacity change from 0 to 8192
[ 110.510550][T17312] loop3: detected capacity change from 0 to 8192
[ 110.750398][T17326] loop7: detected capacity change from 0 to 8192
[ 110.867884][T17329] loop4: detected capacity change from 0 to 8192
[ 111.100489][T17332] loop0: detected capacity change from 0 to 8192
[ 111.450481][T17345] loop6: detected capacity change from 0 to 8192
[ 111.534937][T17347] loop2: detected capacity change from 0 to 8192
[ 111.611487][T17355] loop1: detected capacity change from 0 to 8192
[ 111.788096][T17369] loop5: detected capacity change from 0 to 8192
[ 112.163529][T17372] loop3: detected capacity change from 0 to 8192
[ 112.426307][T17381] loop4: detected capacity change from 0 to 8192
[ 112.897453][T17400] loop1: detected capacity change from 0 to 8192
[ 112.945900][T17397] loop7: detected capacity change from 0 to 8192
[ 113.189531][T17398] loop0: detected capacity change from 0 to 8192
[ 113.557111][T17427] loop2: detected capacity change from 0 to 8192
[ 113.742995][T17426] loop3: detected capacity change from 0 to 8192
[ 113.768986][T17430] loop6: detected capacity change from 0 to 8192
[ 113.882485][T17429] loop5: detected capacity change from 0 to 8192
[ 113.938771][T17434] loop4: detected capacity change from 0 to 8192
[ 114.306350][T17453] loop7: detected capacity change from 0 to 8192
[ 114.534425][T17456] loop0: detected capacity change from 0 to 8192
[ 114.703113][T17457] loop1: detected capacity change from 0 to 8192
[ 115.282867][T17486] loop6: detected capacity change from 0 to 8192
[ 115.311388][T17485] loop5: detected capacity change from 0 to 8192
[ 115.314917][T17487] loop2: detected capacity change from 0 to 8192
[ 115.513808][T17490] loop3: detected capacity change from 0 to 8192
[ 115.611204][T17489] loop7: detected capacity change from 0 to 8192
2025/11/23 09:18:36 executed programs: 282
[ 115.866089][T17505] loop0: detected capacity change from 0 to 8192
[ 116.573488][T17522] loop7: detected capacity change from 0 to 8192
[ 116.667949][T17517] loop1: detected capacity change from 0 to 8192
[ 117.120299][T17533] loop5: detected capacity change from 0 to 8192
[ 117.205135][T17551] loop2: detected capacity change from 0 to 8192
[ 117.270359][T17548] loop4: detected capacity change from 0 to 8192
[ 117.386820][T17550] loop3: detected capacity change from 0 to 8192
[ 117.501509][T17558] loop6: detected capacity change from 0 to 8192
[ 117.630996][T17564] loop0: detected capacity change from 0 to 8192
[ 117.775681][T17571] loop1: detected capacity change from 0 to 8192
[ 117.844819][T17568] loop7: detected capacity change from 0 to 8192
[ 118.758944][T17597] loop3: detected capacity change from 0 to 8192
[ 118.930355][T17599] loop4: detected capacity change from 0 to 8192
[ 118.932243][T17601] loop5: detected capacity change from 0 to 8192
[ 119.011778][T17607] loop7: detected capacity change from 0 to 8192
[ 119.260991][T17615] loop2: detected capacity change from 0 to 8192
[ 119.293302][T17624] loop6: detected capacity change from 0 to 8192
[ 119.337259][T17628] loop0: detected capacity change from 0 to 8192
[ 119.520514][T17630] loop1: detected capacity change from 0 to 8192
[ 119.841074][T17642] loop7: detected capacity change from 0 to 8192
[ 119.960727][T17649] loop4: detected capacity change from 0 to 8192
[ 120.277936][T17672] loop3: detected capacity change from 0 to 8192
[ 120.317799][T17673] loop5: detected capacity change from 0 to 8192
[ 120.344021][T17669] loop6: detected capacity change from 0 to 8192
[ 120.510999][T17674] loop2: detected capacity change from 0 to 8192
2025/11/23 09:18:41 executed programs: 308
[ 121.624165][T17715] loop3: detected capacity change from 0 to 8192
[ 121.629275][T17713] loop2: detected capacity change from 0 to 8192
[ 121.719439][T17700] loop0: detected capacity change from 0 to 8192
[ 121.738815][T17707] loop1: detected capacity change from 0 to 8192
[ 121.759993][T17716] loop7: detected capacity change from 0 to 8192
[ 122.145526][T17726] loop4: detected capacity change from 0 to 8192
[ 122.269303][T17735] loop5: detected capacity change from 0 to 8192
[ 122.381417][T17720] loop6: detected capacity change from 0 to 8192
[ 122.539325][T17720] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 122.539957][T17720] FAT-fs (loop6): Filesystem has been set read-only
[ 122.542173][T17720] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 122.542823][T17720] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 122.543428][T17720] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 122.544031][T17720] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 122.545125][T17720] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 122.545754][T17720] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 122.546352][T17720] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 122.546955][T17720] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 122.547579][T17720] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 123.204221][T17752] loop0: detected capacity change from 0 to 8192
[ 123.230368][T17757] loop2: detected capacity change from 0 to 8192
[ 123.286526][T17758] loop7: detected capacity change from 0 to 8192
[ 123.885691][T17778] loop1: detected capacity change from 0 to 8192
[ 123.898301][T17779] loop4: detected capacity change from 0 to 8192
[ 123.925058][T17777] loop6: detected capacity change from 0 to 8192
[ 124.133880][T17788] loop5: detected capacity change from 0 to 8192
[ 124.249827][T17789] loop3: detected capacity change from 0 to 8192
[ 124.637416][T17798] loop2: detected capacity change from 0 to 8192
[ 125.229312][T17789] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 125.229913][T17789] FAT-fs (loop3): Filesystem has been set read-only
[ 125.230539][T17789] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 125.231153][T17789] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 125.231753][T17789] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 125.232354][T17789] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 125.232986][T17789] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 125.234186][T17789] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 125.234795][T17789] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 125.235426][T17789] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 125.236279][T17789] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 125.270761][T17819] loop5: detected capacity change from 0 to 8192
[ 125.600575][T17824] loop7: detected capacity change from 0 to 8192
[ 125.610520][T17830] loop4: detected capacity change from 0 to 8192
[ 125.616095][T17816] loop0: detected capacity change from 0 to 8192
[ 125.671609][T17831] loop1: detected capacity change from 0 to 8192
2025/11/23 09:18:46 executed programs: 332
[ 126.024488][T17839] loop6: detected capacity change from 0 to 8192
[ 126.115508][T17855] loop2: detected capacity change from 0 to 8192
[ 126.229708][T17854] loop3: detected capacity change from 0 to 8192
[ 126.484079][T17870] loop0: detected capacity change from 0 to 8192
[ 126.618011][T17873] loop5: detected capacity change from 0 to 8192
[ 126.786286][T17883] loop4: detected capacity change from 0 to 8192
[ 127.151007][T17893] loop2: detected capacity change from 0 to 8192
[ 127.417204][T17906] loop1: detected capacity change from 0 to 8192
[ 127.868227][T17915] loop7: detected capacity change from 0 to 8192
[ 127.884466][T17908] loop3: detected capacity change from 0 to 8192
[ 128.129640][T17926] loop6: detected capacity change from 0 to 8192
[ 128.532288][T17948] loop5: detected capacity change from 0 to 8192
[ 128.571517][T17935] loop0: detected capacity change from 0 to 8192
[ 128.629234][T17938] loop2: detected capacity change from 0 to 8192
[ 129.014035][T17949] loop4: detected capacity change from 0 to 8192
[ 129.230924][T17964] loop3: detected capacity change from 0 to 8192
[ 129.473908][T17963] loop7: detected capacity change from 0 to 8192
[ 129.672317][T17973] loop1: detected capacity change from 0 to 8192
[ 130.186904][T17999] loop6: detected capacity change from 0 to 8192
[ 130.285295][T17991] loop2: detected capacity change from 0 to 8192
[ 130.386451][T17996] loop3: detected capacity change from 0 to 8192
[ 130.530330][T18001] loop0: detected capacity change from 0 to 8192
[ 130.552763][T18007] loop5: detected capacity change from 0 to 8192
[ 130.582641][T18016] loop7: detected capacity change from 0 to 8192
[ 130.783992][T18014] loop4: detected capacity change from 0 to 8192
[ 130.873406][T18028] loop1: detected capacity change from 0 to 8192
2025/11/23 09:18:51 executed programs: 354
[ 131.138479][T18041] loop6: detected capacity change from 0 to 8192
[ 131.847607][T18051] loop3: detected capacity change from 0 to 8192
[ 132.294856][T18073] loop4: detected capacity change from 0 to 8192
[ 132.305070][T18061] loop0: detected capacity change from 0 to 8192
[ 132.305975][T18064] loop5: detected capacity change from 0 to 8192
[ 132.373053][T18075] loop2: detected capacity change from 0 to 8192
[ 132.410857][T18078] loop7: detected capacity change from 0 to 8192
[ 133.087687][T18099] loop6: detected capacity change from 0 to 8192
[ 133.323168][T18097] loop1: detected capacity change from 0 to 8192
[ 133.433703][T18104] loop5: detected capacity change from 0 to 8192
[ 133.768243][T18119] loop7: detected capacity change from 0 to 8192
[ 133.862982][T18127] loop4: detected capacity change from 0 to 8192
[ 133.976769][T18123] loop3: detected capacity change from 0 to 8192
[ 134.198879][T18136] loop2: detected capacity change from 0 to 8192
[ 134.335517][T18142] loop0: detected capacity change from 0 to 8192
[ 134.616162][T18153] loop1: detected capacity change from 0 to 8192
[ 134.660328][T18148] loop6: detected capacity change from 0 to 8192
[ 135.183098][T18164] loop7: detected capacity change from 0 to 8192
[ 135.499901][T18171] loop5: detected capacity change from 0 to 8192
[ 135.771774][T18181] loop4: detected capacity change from 0 to 8192
[ 136.105269][T18199] loop1: detected capacity change from 0 to 8192
[ 136.149795][T18184] loop3: detected capacity change from 0 to 8192
2025/11/23 09:18:56 executed programs: 379
[ 136.292190][T18198] loop6: detected capacity change from 0 to 8192
[ 136.359607][T18207] loop0: detected capacity change from 0 to 8192
[ 136.452324][T18206] loop2: detected capacity change from 0 to 8192
[ 136.645223][T18226] loop7: detected capacity change from 0 to 8192
[ 136.727732][T18220] loop1: detected capacity change from 0 to 8192
[ 137.411661][ T1358] ieee802154 phy0 wpan0: encryption failed: -22
[ 137.412085][ T1358] ieee802154 phy1 wpan1: encryption failed: -22
[ 137.630131][T18249] loop5: detected capacity change from 0 to 8192
[ 137.649905][T18242] loop4: detected capacity change from 0 to 8192
[ 137.657027][T18263] loop1: detected capacity change from 0 to 8192
[ 137.737947][T18262] loop6: detected capacity change from 0 to 8192
[ 137.753911][T18261] loop0: detected capacity change from 0 to 8192
[ 137.901654][T18264] loop3: detected capacity change from 0 to 8192
[ 137.928155][T18272] loop7: detected capacity change from 0 to 8192
[ 138.025712][T18278] loop2: detected capacity change from 0 to 8192
[ 138.356040][T18292] loop5: detected capacity change from 0 to 8192
[ 139.150536][T18309] loop0: detected capacity change from 0 to 8192
[ 139.250863][T18310] loop7: detected capacity change from 0 to 8192
[ 139.273363][T18311] loop2: detected capacity change from 0 to 8192
[ 139.683775][T18333] loop6: detected capacity change from 0 to 8192
[ 139.706351][T18342] loop5: detected capacity change from 0 to 8192
[ 139.711080][T18338] loop1: detected capacity change from 0 to 8192
[ 139.740563][T18340] loop3: detected capacity change from 0 to 8192
[ 139.746201][T18336] loop4: detected capacity change from 0 to 8192
[ 140.810807][T18368] loop2: detected capacity change from 0 to 8192
[ 141.006540][T18379] loop7: detected capacity change from 0 to 8192
[ 141.017863][T18378] loop0: detected capacity change from 0 to 8192
[ 141.227328][T18390] loop5: detected capacity change from 0 to 8192
[ 141.239068][T18396] loop6: detected capacity change from 0 to 8192
[ 141.460709][T18403] loop3: detected capacity change from 0 to 8192
[ 141.464613][T18384] loop1: detected capacity change from 0 to 8192
2025/11/23 09:19:02 executed programs: 406
[ 141.818741][T18404] loop4: detected capacity change from 0 to 8192
[ 141.974797][T18418] loop6: detected capacity change from 0 to 8192
[ 142.575857][T18425] loop0: detected capacity change from 0 to 8192
[ 142.605234][T18441] loop1: detected capacity change from 0 to 8192
[ 142.668117][T18440] loop5: detected capacity change from 0 to 8192
[ 142.945436][T18457] loop3: detected capacity change from 0 to 8192
[ 142.962530][T18446] loop2: detected capacity change from 0 to 8192
[ 143.002135][T18460] loop7: detected capacity change from 0 to 8192
[ 143.797326][T18468] loop4: detected capacity change from 0 to 8192
[ 144.164460][T18476] loop0: detected capacity change from 0 to 8192
[ 144.587047][T18500] loop7: detected capacity change from 0 to 8192
[ 144.603194][T18485] loop6: detected capacity change from 0 to 8192
[ 144.744950][T18508] loop1: detected capacity change from 0 to 8192
[ 144.745212][T18501] loop3: detected capacity change from 0 to 8192
[ 144.923511][T18520] loop2: detected capacity change from 0 to 8192
[ 144.931793][T18522] loop5: detected capacity change from 0 to 8192
[ 145.007877][T18519] loop4: detected capacity change from 0 to 8192
[ 145.039673][T18520] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 145.040220][T18520] FAT-fs (loop2): Filesystem has been set read-only
[ 145.040729][T18520] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 145.041336][T18520] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 145.041949][T18520] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 145.042563][T18520] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 145.043172][T18520] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 145.043786][T18520] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 145.044404][T18520] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 145.044997][T18520] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 145.045600][T18520] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 145.299019][T18541] loop0: detected capacity change from 0 to 8192
[ 145.535661][T18540] loop6: detected capacity change from 0 to 8192
[ 146.585660][T18588] loop3: detected capacity change from 0 to 8192
[ 146.586960][T18585] loop0: detected capacity change from 0 to 8192
[ 146.626659][T18595] loop4: detected capacity change from 0 to 8192
[ 146.639484][T18597] loop2: detected capacity change from 0 to 8192
[ 146.650100][T18594] loop7: detected capacity change from 0 to 8192
[ 146.667940][T18598] loop5: detected capacity change from 0 to 8192
2025/11/23 09:19:07 executed programs: 431
[ 146.721152][T18590] loop1: detected capacity change from 0 to 8192
[ 147.251487][T18613] loop6: detected capacity change from 0 to 8192
[ 147.595932][T18627] loop7: detected capacity change from 0 to 8192
[ 147.680425][T18626] loop0: detected capacity change from 0 to 8192
[ 147.859997][T18643] ------------[ cut here ]------------
[ 147.860487][T18643] WARNING: CPU: 0 PID: 18643 at fs/inode.c:417 drop_nlink+0xac/0xd0
[ 147.861018][T18643] Modules linked in:
[ 147.861301][T18643] CPU: 0 UID: 0 PID: 18643 Comm: syz.7.435 Not tainted 6.17.1 #1 PREEMPT(full)
[ 147.861863][T18643] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 147.862423][T18643] RIP: 0010:drop_nlink+0xac/0xd0
[ 147.862740][T18643] Code: 48 8b 5d 28 be 08 00 00 00 48 8d bb 78 07 00 00 e8 79 e9 e5 ff f0 48 ff 83 78 07 00 00 5b 5d e9 0a 76 80 ff e8 05 76 80 ff 90 <0f> 0b 90 c7 45 48 ff ff ff ff 5b 5d e9 f3 75 80 ff e8 4e e1 e5 ff
[ 147.863883][T18643] RSP: 0018:ffffc90014917cb8 EFLAGS: 00010293
[ 147.864252][T18643] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff823a62ff
[ 147.864992][T18643] RDX: ffff888021542500 RSI: ffffffff823a636b RDI: 0000000000000005
[ 147.865470][T18643] RBP: ffff88811ddc39c8 R08: 0000000000000005 R09: 0000000000000000
[ 147.866894][T18643] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90014917d30
[ 147.867369][T18643] R13: ffff8880314061e8 R14: 0000000000000030 R15: ffff88811ddc39c8
[ 147.868320][T18643] FS: 00007fbf71703640(0000) GS:ffff8880ce8be000(0000) knlGS:0000000000000000
[ 147.869380][T18643] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 147.870247][T18643] CR2: 0000200000033000 CR3: 00000000231af000 CR4: 0000000000752ef0
[ 147.871049][T18643] PKRU: 00000000
[ 147.871422][T18643] Call Trace:
[ 147.871773][T18643] <TASK>
[ 147.872085][T18643] vfat_rmdir+0x32f/0x400
[ 147.872563][T18643] ? __pfx_vfat_rmdir+0x10/0x10
[ 147.873085][T18643] ? __pfx_down_write+0x10/0x10
[ 147.873608][T18643] vfs_rmdir+0x203/0x690
[ 147.874065][T18643] do_rmdir+0x2e8/0x3c0
[ 147.874505][T18643] ? __pfx_do_rmdir+0x10/0x10
[ 147.874993][T18643] ? strncpy_from_user+0x203/0x2e0
[ 147.875536][T18643] ? getname_flags.part.0+0x1c5/0x550
[ 147.876104][T18643] __x64_sys_unlinkat+0xef/0x130
[ 147.876630][T18643] do_syscall_64+0xcd/0x4c0
[ 147.877109][T18643] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.877725][T18643] RIP: 0033:0x5677dd
[ 147.878104][T18643] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 147.879293][T18643] RSP: 002b:00007fbf71702fc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[ 147.879805][T18643] RAX: ffffffffffffffda RBX: 00000000007c6270 RCX: 00000000005677dd
[ 147.880281][T18643] RDX: 0000000000000200 RSI: 00002000000001c0 RDI: 0000000000000005
[ 147.880763][T18643] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 147.881245][T18643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 147.881732][T18643] R13: 00000000007c6308 R14: 00000000007c6270 R15: 00007fbf716e3000
[ 147.882224][T18643] </TASK>
[ 147.882438][T18643] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 147.882882][T18643] CPU: 0 UID: 0 PID: 18643 Comm: syz.7.435 Not tainted 6.17.1 #1 PREEMPT(full)
[ 147.883427][T18643] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 147.883974][T18643] Call Trace:
[ 147.884184][T18643] <TASK>
[ 147.884373][T18643] dump_stack_lvl+0x3d/0x1f0
[ 147.884675][T18643] vpanic+0x6e8/0x7a0
[ 147.884934][T18643] ? __pfx_vpanic+0x10/0x10
[ 147.885229][T18643] ? drop_nlink+0xac/0xd0
[ 147.885505][T18643] panic+0xca/0xd0
[ 147.885754][T18643] ? __pfx_panic+0x10/0x10
[ 147.886059][T18643] ? check_panic_on_warn+0x1f/0xb0
[ 147.886400][T18643] check_panic_on_warn+0xab/0xb0
[ 147.886715][T18643] __warn+0xf6/0x3c0
[ 147.886971][T18643] ? drop_nlink+0xac/0xd0
[ 147.887248][T18643] report_bug+0x3c3/0x580
[ 147.887537][T18643] ? drop_nlink+0xac/0xd0
[ 147.887823][T18643] handle_bug+0x184/0x210
[ 147.888104][T18643] exc_invalid_op+0x17/0x50
[ 147.888397][T18643] asm_exc_invalid_op+0x1a/0x20
[ 147.888710][T18643] RIP: 0010:drop_nlink+0xac/0xd0
[ 147.889034][T18643] Code: 48 8b 5d 28 be 08 00 00 00 48 8d bb 78 07 00 00 e8 79 e9 e5 ff f0 48 ff 83 78 07 00 00 5b 5d e9 0a 76 80 ff e8 05 76 80 ff 90 <0f> 0b 90 c7 45 48 ff ff ff ff 5b 5d e9 f3 75 80 ff e8 4e e1 e5 ff
[ 147.890298][T18643] RSP: 0018:ffffc90014917cb8 EFLAGS: 00010293
[ 147.890681][T18643] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff823a62ff
[ 147.891171][T18643] RDX: ffff888021542500 RSI: ffffffff823a636b RDI: 0000000000000005
[ 147.891661][T18643] RBP: ffff88811ddc39c8 R08: 0000000000000005 R09: 0000000000000000
[ 147.892149][T18643] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90014917d30
[ 147.892637][T18643] R13: ffff8880314061e8 R14: 0000000000000030 R15: ffff88811ddc39c8
[ 147.893127][T18643] ? drop_nlink+0x3f/0xd0
[ 147.893406][T18643] ? drop_nlink+0xab/0xd0
[ 147.893678][T18643] ? drop_nlink+0xab/0xd0
[ 147.893939][T18643] vfat_rmdir+0x32f/0x400
[ 147.894227][T18643] ? __pfx_vfat_rmdir+0x10/0x10
[ 147.894543][T18643] ? __pfx_down_write+0x10/0x10
[ 147.894855][T18643] vfs_rmdir+0x203/0x690
[ 147.895127][T18643] do_rmdir+0x2e8/0x3c0
[ 147.895396][T18643] ? __pfx_do_rmdir+0x10/0x10
[ 147.895701][T18643] ? strncpy_from_user+0x203/0x2e0
[ 147.896040][T18643] ? getname_flags.part.0+0x1c5/0x550
[ 147.896393][T18643] __x64_sys_unlinkat+0xef/0x130
[ 147.896716][T18643] do_syscall_64+0xcd/0x4c0
[ 147.897010][T18643] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.897391][T18643] RIP: 0033:0x5677dd
[ 147.897648][T18643] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 147.898848][T18643] RSP: 002b:00007fbf71702fc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[ 147.899371][T18643] RAX: ffffffffffffffda RBX: 00000000007c6270 RCX: 00000000005677dd
[ 147.899865][T18643] RDX: 0000000000000200 RSI: 00002000000001c0 RDI: 0000000000000005
[ 147.900363][T18643] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 147.900856][T18643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 147.901348][T18643] R13: 00000000007c6308 R14: 00000000007c6270 R15: 00007fbf716e3000
[ 147.901861][T18643] </TASK>
[ 147.902325][T18643] Kernel Offset: disabled
[ 147.902599][T18643] Rebooting in 86400 seconds..
VM DIAGNOSIS:
17:19:08 Registers:
info registers vcpu 0
RAX=0000000000000036 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8561a2f5 RDI=ffffffff9b0fe780 RBP=ffffffff9b0fe740 RSP=ffffc90014917630
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000036 R14=ffffffff9b0fe740 R15=ffffffff8561a290
RIP=ffffffff8561a31f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fbf71703640 ffffffff 00c00000
GS =0000 ffff8880ce8be000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000033000 CR3=00000000231af000 CR4=00752ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000f4240 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000f4240
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000006 000000000003fde8
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0000003000000028
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000020 fffffffffffffffa
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000006 000000000000001a
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000004200a3 0000000000000006
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000001b30a2421c 0000000600000026
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000794468 0000000000794460 0000000000794458 0000000000794430
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000012fcf60 0000000000794420 0000000000794438 0000000700080006
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000794478 0000000000794470 0000000000794468 0000000000794460
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 b9e2fed9ffff0000 029d800000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d8e8d3adfcc20000 000002c703b1bf00
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=00000000989bb60b RBX=00000000989bb60b RCX=ffff8880276949f0 RDX=ffffffff810015ea
RSI=0000000000000002 RDI=00000000bd00d8cb RBP=000000000000000d RSP=ffffc900001f8ac0
R8 =0000000000000001 R9 =ffff8881357b60b0 R10=000000003cc00455 R11=0000000000000000
R12=0000000000000001 R13=0000000000402900 R14=000000000000000d R15=ffffc900001f8b18
RIP=ffffffff85145aee RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f101e2e3640 ffffffff 00c00000
GS =0000 ffff8881a20be000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000020000058f000 CR3=0000000025b8c000 CR4=00752ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000f4240 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000f4240
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000004f2c46 0000000000000032
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0000003000000028
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 0000001b2dd63ff2
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000001b2dd24218 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000004201a0 0000001b2dd24218
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000040e6d7 000000000000000e
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000794468 0000000000794460 0000000000794458 0000000000794430
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000012fcf60 0000000000794420 0000000000794438 0000000700080006
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000794478 0000000000794470 0000000000794468 0000000000794460
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 b9e2fed9ffff0000 029d800000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d8e8d3adfcc20000 000002c703b1bf00
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2
RAX=ffffffff9142b542 RBX=ffffffff90bdc460 RCX=dffffc0000000000 RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff90bdc460 RBP=ffffffff90bdc460 RSP=ffffc90013eb76c8
R8 =ffffffff9142b548 R9 =0000000000000000 R10=0000000000000002 R11=00000000000084ac
R12=ffffffff90bdc460 R13=ffffffff8184acf1 R14=ffffffff90bdc460 R15=ffffffff90bdc460
RIP=ffffffff816a7af5 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880ce9be000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe000008f000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000020000001d000 CR3=0000000026a05000 CR4=00752ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000001000002 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000004f2c46 0000000000000032
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd61b998e0 0000003000000028
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 95b1e291862a3500 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000023e6e 00000000000927c0
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000006 0000000000001388
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000794468 0000000000794460 0000000000794458 0000000000794430
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000012fcf60 0000000000794420 0000000000794438 0000000000794480
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000794478 0000000000794470 0000000000794468 0000000000794460
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3
RAX=00000000000005a2 RBX=ffff888110b9aff0 RCX=0000000000000000 RDX=0000000000000000
RSI=ffff888110b9b018 RDI=000000000000064b RBP=0000000000000000 RSP=ffffc9000accf8d0
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000050 R11=0000000000000001
R12=0000000000009d53 R13=ffff888110b9a500 R14=0000000000000001 R15=ffff888135f3b880
RIP=ffffffff81970d00 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a21be000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe00000d6000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000000000d5c0e72 CR3=000000011bf80000 CR4=00752ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000080040001 Opmask01=0000000001000002 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000989680 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000989680
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000012fd520 00000000012fd520
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd6f75ef20 00007ffd6f75ef20
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd6f75ef5f
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000d5c0500 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000055ddb8 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000012fd520 00000000012fd520
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
# {Threaded:true Repeat:true RepeatTimes:0 Procs:8 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000000010000fd0000000900000001"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcff5, r0}, 0x38)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000001240)='./bus\x00', 0xa00400, &(0x7f0000000000)=ANY=[@ANYRES64=0x0], 0x1, 0x1230, &(0x7f00000024c0)="$eJzs3UFrHGUYB/Bnk61NUpONWqstiC96UYSxycGTlyAtiAGlmoIKwtRMdMlmN2SWwIpYPXkS/BiiHr0J4hfIxYtnwYvk4rEHcaSZRU3cWLRuNpbf7zIPO/PfeWeHXXiX92H2n/90a3OjzDbyfkw1GtHcPhPNWylSTMV01D6Mp69//8Njr77+xksrq6tXrqV0deW1pedSSguPf/Pm+18+8W3/3PWvFr4+G3uLb+3/vPzj3oW9i/u/fhHtMrXL1O31U55u9Hr9/EanSOvtcjNL6ZVOkZdFanfLYufQ/o1Ob3t7kPLu+vzc9k5RlinvDtJmMUj9XurvDFL+Tt7upizL0vxccDfWPr9VVVVEVZ2J+6Kqqmo25uJc3B/zsRCtWIwH4sF4KM7Hw3EhHolH4+LBUZMeNwAAAAAAAAAAAAAAAAAAANxb7tD/39D/DwAAAAAAAAAAAAAAAAAAAON3tP+/GeH5/wAAAAAAAAAAAAAAAAAAAHDC7vD8/yP9/8/o/wcAAAAAAAAAAAAAAAAAAIBxmKk311Kaidj6eHdtd63e1q+vbEQ7OlHE5WjFL3HQ/V+r66svrl65nA4sxrNbN4f5m7tr04fzS9GKxcbI/FKdT4fzZ2Puz/nlaMX50edfHpmfiaeevJ3/qM5n0Yrv3o5edGI9ojG8+oP8B0spvfDy6uzh/KXbxx1resy3BQAAAP5LWfrdyPl7lh23v84P5+dp+HaNv/l/4Mj8vBmXmpO7bmrl4L3NvNMpdk5/0YiIUzCMUcX06RhGXfyf7umYip8+m+DZp4ZfrUl/CHdZTPiHiRPxx02f9EgAAAAAAAAAAAD4J0au/puNiL+sB3z3Xy8nPP7sn5zkpQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+xA8cCAAAAAML8rdPo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdAgAA///Z/uK5")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000180)='./bus\x00', 0x0)
mkdirat(r1, &(0x7f0000000100)='./file0/file0\x00', 0x0) (rerun: 64)
unlinkat(r1, &(0x7f00000001c0)='./bus/file0\x00', 0x200) (rerun: 64)
Dear Linux kernel developers and maintainers,
I’m sorry — the root cause analysis in my previous report was likely
incorrect, and the patch I suggested there does not alleviate the
issue after further testing, which means that the root cause is not on
the errno passing.
After adding debug prints in fat__get_entry(), I observed frequent
cases of err=0, phys=0 at pos == i_size, which means the code is
taking a "normal EOF" path (as decided by fat_bmap()) rather than
hitting and swallowing a negative errno. As a result,
fat_get_short_entry() still returns -ENOENT, fat_dir_empty() still
returns 0, and the code path does not prevent drop_nlink(dir) from
being executed even when the parent directory's i_nlink is already
abnormal. In other words, the parent directory's i_nlink appears to be
wrong/corrupted in the first place. Subsequent vfat_rmdir() calls then
decrement the already-too-low link count, eventually reaching 0 and
triggering WARN_ON(inode->i_nlink == 0) in drop_nlink() (and panicking
if panic_on_warn is enabled).
So please IGNORE my previous patch proposal. A conservative mitigation
that I tested EFFECTIVE is similar to the UDF fix for corrupted parent
link count handling (Jan Kara's WARNING in udf_rmdir fix:
"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5566903af56dd1abb092f18dcb0c770d6cd8dcb").
static int vfat_rmdir(struct inode *dir, struct dentry *dentry)
err = fat_remove_entries(dir, &sinfo); /* and releases bh */
if (err)
goto out;
- drop_nlink(dir);
+ if (dir->i_nlink >= 3)
+ drop_nlink(dir);
+ else
+ fat_fs_error_ratelimit(sb, "parent dir link count too
low (%u)\n",
+ dir->i_nlink);
clear_nlink(inode);
fat_truncate_time(inode, NULL, S_ATIME|S_MTIME);
Given that the Syz reproducer (part) looks like:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000001240)='./bus\x00',
0xa00400, &(0x7f0000000000)=ANY=[@ANYRES64=0x0], 0x1, 0x1230,
&(0x7f00000024c0)="$XXX...")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000180)='./bus\x00', 0x0)
mkdirat(r1, &(0x7f0000000100)='./file0/file0\x00', 0x0) (rerun: 64)
unlinkat(r1, &(0x7f00000001c0)='./bus/file0\x00', 0x200) (rerun: 64)
I'm still debugging why, with the corrupted image, creation of
./file0/file0 seems to end up writing into bus's directory data blocks
(cluster sharing), so bus's on-disk directory content appears to
contain a subdir entry while bus->i_nlink remains 2.
Best,
Zhiyu Zhang
Zhiyu Zhang <zhiyuzhang999@gmail.com> 于2025年12月30日周二 02:18写道:
>
> Dear Linux kernel developers and maintainers,
>
> We would like to report a filesystem corruption triggered bug that
> causes a WARNING in drop_nlink() from the VFAT rmdir path, and leads
> to a kernel panic when panic_on_warn is enabled. The bug titled
> "WARNING in vfat_rmdir" was found on linux-6.17.1 and is also
> reproducible on the latest 6.19-rc3.
>
> The possible root cause is that the FAT directory iteration helpers
> conflate real errors with "end of directory" in a way that hides
> corruption from higher layers. Concretely, fat__get_entry() returns -1
> both when it reaches EOF (!phys) and when fat_bmap() fails due to a
> corrupted cluster chain (err != 0). Then fat_get_short_entry() treats
> any < 0 from fat_get_entry() as "no more entries" and returns -ENOENT.
> As a result, callers such as fat_dir_empty() and fat_subdirs() cannot
> distinguish a genuinely empty directory from a directory walk that
> terminates early due to corruption. In this situation, fat_dir_empty()
> may incorrectly return success (empty), allowing vfat_rmdir() to
> proceed with metadata updates, including drop_nlink(dir). Separately,
> fat_subdirs() may silently "succeed" with an incorrect count (e.g., 0)
> when the walk is cut short, which can further poison in-memory link
> counts when inodes are built from corrupted on-disk state. Eventually,
> the VFAT rmdir path can reach drop_nlink() with an already-zero
> i_nlink, triggering WARN_ON(inode->i_nlink == 0) and panicking under
> panic_on_warn.
>
> This bug may lead to denial-of-service on systems that enable
> panic_on_warn, and more broadly to inconsistent in-memory metadata
> updates when operating on corrupted VFAT images.
>
> We suggest the following potential patch:
> (1) Propagate real errors from the directory iteration path instead of
> folding them into -ENOENT and make fat_get_short_entry() translate
> only true EOF into -ENOENT while propagating other negative errors.
> (2) Update fat_dir_empty() / fat_subdirs() to treat propagated errors
> as failures rather than "empty" / a weird count, and handle negative
> returns at their call sites.
>
> diff --git a/fs/fat/dir.c b/fs/fat/dir.c
> index 92b091783966..f4c5a6f0cc84 100644
> --- a/fs/fat/dir.c
> +++ b/fs/fat/dir.c
> @@ -92,8 +92,10 @@ static int fat__get_entry(struct inode *dir, loff_t *pos,
> *bh = NULL;
> iblock = *pos >> sb->s_blocksize_bits;
> err = fat_bmap(dir, iblock, &phys, &mapped_blocks, 0, false);
> - if (err || !phys)
> - return -1; /* beyond EOF or error */
> + if (err)
> + return err; /* real error (e.g., -EIO, -EUCLEAN) */
> + if (!phys)
> + return -1; /* beyond EOF */
>
> fat_dir_readahead(dir, iblock, phys);
>
> @@ -882,12 +884,14 @@ static int fat_get_short_entry(struct inode
> *dir, loff_t *pos,
> struct buffer_head **bh,
> struct msdos_dir_entry **de)
> {
> - while (fat_get_entry(dir, pos, bh, de) >= 0) {
> + int err;
> + while ((err = fat_get_entry(dir, pos, bh, de)) >= 0) {
> /* free entry or long name entry or volume label */
> if (!IS_FREE((*de)->name) && !((*de)->attr & ATTR_VOLUME))
> return 0;
> }
> - return -ENOENT;
> + /* -1 is EOF sentinel; propagate other errors */
> + return (err == -1) ? -ENOENT : err;
> }
>
> /*
> @@ -919,11 +923,11 @@ int fat_dir_empty(struct inode *dir)
> struct buffer_head *bh;
> struct msdos_dir_entry *de;
> loff_t cpos;
> - int result = 0;
> + int result = 0, err;
>
> bh = NULL;
> cpos = 0;
> - while (fat_get_short_entry(dir, &cpos, &bh, &de) >= 0) {
> + while ((err = fat_get_short_entry(dir, &cpos, &bh, &de)) >= 0) {
> if (strncmp(de->name, MSDOS_DOT , MSDOS_NAME) &&
> strncmp(de->name, MSDOS_DOTDOT, MSDOS_NAME)) {
> result = -ENOTEMPTY;
> @@ -931,6 +935,8 @@ int fat_dir_empty(struct inode *dir)
> }
> }
> brelse(bh);
> + if (err < 0 && err != -ENOENT)
> + return err;
> return result;
> }
> EXPORT_SYMBOL_GPL(fat_dir_empty);
> @@ -944,15 +950,17 @@ int fat_subdirs(struct inode *dir)
> struct buffer_head *bh;
> struct msdos_dir_entry *de;
> loff_t cpos;
> - int count = 0;
> + int count = 0, err;
>
> bh = NULL;
> cpos = 0;
> - while (fat_get_short_entry(dir, &cpos, &bh, &de) >= 0) {
> + while ((err = fat_get_short_entry(dir, &cpos, &bh, &de)) >= 0) {
> if (de->attr & ATTR_DIR)
> count++;
> }
> brelse(bh);
> + if (err < 0 && err != -ENOENT)
> + return err;
> return count;
> }
>
> diff --git a/fs/fat/inode.c b/fs/fat/inode.c
> index 0b6009cd1844..36ec8901253e 100644
> --- a/fs/fat/inode.c
> +++ b/fs/fat/inode.c
> @@ -535,7 +535,10 @@ int fat_fill_inode(struct inode *inode, struct
> msdos_dir_entry *de)
> return error;
> MSDOS_I(inode)->mmu_private = inode->i_size;
>
> - set_nlink(inode, fat_subdirs(inode));
> + int nsubs = fat_subdirs(inode);
> + if (nsubs < 0)
> + return nsubs;
> + set_nlink(inode, nsubs);
>
> error = fat_validate_dir(inode);
> if (error < 0)
> @@ -1345,7 +1348,10 @@ static int fat_read_root(struct inode *inode)
> fat_save_attrs(inode, ATTR_DIR);
> inode_set_mtime_to_ts(inode,
> inode_set_atime_to_ts(inode,
> inode_set_ctime(inode, 0, 0)));
> - set_nlink(inode, fat_subdirs(inode)+2);
> + int nsubs = fat_subdirs(inode);
> + if (nsubs < 0)
> + return nsubs;
> + set_nlink(inode, nsubs+2);
>
> return 0;
> }
>
> If the approach above is acceptable, we are willing to submit a proper
> patch immediately. Please let us know if any further information is
> required.
>
> Best regards,
> Zhiyu Zhang
Zhiyu Zhang <zhiyuzhang999@gmail.com> writes:
> Dear Linux kernel developers and maintainers,
>
> I’m sorry — the root cause analysis in my previous report was likely
> incorrect, and the patch I suggested there does not alleviate the
> issue after further testing, which means that the root cause is not on
> the errno passing.
>
> After adding debug prints in fat__get_entry(), I observed frequent
> cases of err=0, phys=0 at pos == i_size, which means the code is
> taking a "normal EOF" path (as decided by fat_bmap()) rather than
> hitting and swallowing a negative errno. As a result,
> fat_get_short_entry() still returns -ENOENT, fat_dir_empty() still
> returns 0, and the code path does not prevent drop_nlink(dir) from
> being executed even when the parent directory's i_nlink is already
> abnormal. In other words, the parent directory's i_nlink appears to be
> wrong/corrupted in the first place. Subsequent vfat_rmdir() calls then
> decrement the already-too-low link count, eventually reaching 0 and
> triggering WARN_ON(inode->i_nlink == 0) in drop_nlink() (and panicking
> if panic_on_warn is enabled).
>
> So please IGNORE my previous patch proposal. A conservative mitigation
> that I tested EFFECTIVE is similar to the UDF fix for corrupted parent
> link count handling (Jan Kara's WARNING in udf_rmdir fix:
> "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5566903af56dd1abb092f18dcb0c770d6cd8dcb").
It can occur on a corrupted image that didn't correctly initialized as a
directory.
> static int vfat_rmdir(struct inode *dir, struct dentry *dentry)
> err = fat_remove_entries(dir, &sinfo); /* and releases bh */
> if (err)
> goto out;
> - drop_nlink(dir);
> + if (dir->i_nlink >= 3)
> + drop_nlink(dir);
> + else
> + fat_fs_error_ratelimit(sb, "parent dir link count too
> low (%u)\n",
> + dir->i_nlink);
Looks good sanity check. However, I think it doesn't need
_ratelimit. And this should be done in msdos_namei.c too.
And fat_fs_error() should remove last "\n", and please add {} for 2
lines code (it is not necessary as c though, sorry for kind of my
preference), also looks like no "sb" here, need testing before actually
submitting the patch.
else {
fat_fs_error(sb, "parent dir link count too low (%u)",
dir->i_nlink);
}
Thanks.
> clear_nlink(inode);
> fat_truncate_time(inode, NULL, S_ATIME|S_MTIME);
--
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
On Tue, Dec 30, 2025 at 02:18:17AM +0800, Zhiyu Zhang wrote: > +++ b/fs/fat/dir.c > @@ -92,8 +92,10 @@ static int fat__get_entry(struct inode *dir, loff_t *pos, > *bh = NULL; > iblock = *pos >> sb->s_blocksize_bits; > err = fat_bmap(dir, iblock, &phys, &mapped_blocks, 0, false); > - if (err || !phys) > - return -1; /* beyond EOF or error */ > + if (err) > + return err; /* real error (e.g., -EIO, -EUCLEAN) */ > + if (!phys) > + return -1; /* beyond EOF */ Ooh, -1 is a real errno, so -1 or errno is a bad API. I'd suggest just returning -ENOENT directly instead of translating it in the caller.
Hi Matthew,
Thanks for your reply!
> Ooh, -1 is a real errno, so -1 or errno is a bad API. I'd suggest just
> returning -ENOENT directly instead of translating it in the caller.
I agree with this advice. I can let fat_get_entry() return -ENOENT like:
static int fat__get_entry(struct inode *dir, loff_t *pos,
*bh = NULL;
iblock = *pos >> sb->s_blocksize_bits;
err = fat_bmap(dir, iblock, &phys, &mapped_blocks, 0, false);
- if (err || !phys)
- return -1; /* beyond EOF or error */
+ if (err)
+ return err; /* real error (e.g., -EIO)*/
+ if (!phys)
+ return -ENOENT; /* EOF */
Then I also need to re-handle the callers of fat_get_entry() as some
of them are still waiting for a "-1".
I'm willing to submit a patch to standardize the errno (though it
seems to unrelated to this bug), as long as it is approved :)
Best,
Zhiyu Zhang
© 2016 - 2026 Red Hat, Inc.