last executing test programs: 4m22.846713342s ago: executing program 0 (id=1213): r0 = inotify_init1(0x80000) inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0x2000675) r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f00000003c0)=@file={0x1, './file1\x00'}, 0x6e) 4m16.564762004s ago: executing program 0 (id=1214): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x22) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000080)={0x0, 0x1, 0xdfe6, 0x2}) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc) lseek(r0, 0x8183, 0x3) 4m4.532569177s ago: executing program 0 (id=1217): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x730, 0x1d0, 0x5c8, 0x0, 0x5c8, 0x0, 0x6b0, 0x6b0, 0x6b0, 0x6b0, 0x6b0, 0x6, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @private0, [], [0xffffff00, 0x0, 0x0, 0x1f9814788dbf7ab2], 'veth1\x00', 'syz_tun\x00'}, 0x11e, 0xa8, 0x1d0, 0x1f000000, {0x0, 0x7}}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'unconfined\x00'}}}, {{@ipv6={@loopback, @dev, [], [], 'batadv_slave_0\x00', 'ip6gretap0\x00', {}, {}, 0x2b}, 0x0, 0x1e0, 0x208, 0x7400, {}, [@common=@rt={{0x138}, {0x0, [0x0, 0x5], 0x0, 0x0, 0x0, [@dev, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, @private2, @private1, @dev, @dev={0xfe, 0x80, '\x00', 0x34}, @mcast2, @local, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, @loopback, @mcast1, @private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00', 0x0, {0x68}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@TOS={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@mcast2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x790) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x1f, 0x402, 0x3ff, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000400), 0x401, r0}, 0x38) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r0, &(0x7f0000000340)="a9", &(0x7f0000000200)=""/31}, 0x20) 3m55.999945678s ago: executing program 0 (id=1219): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='hugetlbfs\x00', 0x0, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0) 3m49.102911895s ago: executing program 0 (id=1221): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x149282, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000680)='7', 0x1}], 0x1) close(r0) 3m39.244298573s ago: executing program 0 (id=1222): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) read$FUSE(r0, &(0x7f0000004500)={0x2020}, 0xfffffe0c) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4092011, r1, 0x0) 3m25.825367825s ago: executing program 32 (id=1222): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) read$FUSE(r0, &(0x7f0000004500)={0x2020}, 0xfffffe0c) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4092011, r1, 0x0) 53.835655205s ago: executing program 1 (id=1239): r0 = io_uring_setup(0x7d3, &(0x7f0000000580)={0x0, 0xddf7, 0x2, 0xfffffffe, 0x181}) clock_gettime(0x4, &(0x7f0000000000)={0x0, 0x0}) clock_nanosleep(0x2, 0x1, &(0x7f0000000040)={r1, r2+10000000}, 0xfffffffffffffffe) close_range(r0, r0, 0x0) 42.262252303s ago: executing program 1 (id=1240): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cgroup.clone_children\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0x2000000000000002) 28.722941812s ago: executing program 1 (id=1241): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r1) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x40, r2, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @local}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @remote}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @remote}]}, 0x40}, 0x1, 0x0, 0x0, 0x2400cc04}, 0x0) 19.934587574s ago: executing program 1 (id=1242): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x2, 0x0) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000040)=0xfffffff7) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x48, 0x0, &(0x7f0000000380)=[@register_looper, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x50, 0x0, &(0x7f0000000400)="f5f8bc844de1c02a7c9f049ef2cbefdd6ccc05c5c279cfffe3b1ae9eaf03bbac8fdf87c9ea45d4faace03589d639c417b54053f9f0950a9720cef8afcc1a6f9124bf7bcc5c3a6ae57145f63c85dfd263"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x44, 0x0, &(0x7f0000000280)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x4, 0x0, &(0x7f0000000480)="ab9a2fd8"}) 8.03503059s ago: executing program 1 (id=1243): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x8000000, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{0xfffffffe, 0x2, 0x40, 0x7, 0xe9, 0xcc36}, [@TCA_NETEM_RATE={0x14, 0x6, {0xdb5, 0xde5b, 0x0, 0x3}}, @TCA_NETEM_CORRUPT={0xc, 0x4, {0xbba5, 0x2}}]}}}]}, 0x6c}}, 0x0) 0s ago: executing program 1 (id=1244): syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x1c1400) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)={0x1c, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x10) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:40498' (ED25519) to the list of known hosts. syzkaller login: [ 572.675960][ T3194] cgroup: Unknown subsys name 'net' [ 573.534035][ T3194] cgroup: Unknown subsys name 'cpuset' [ 573.696001][ T3194] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 669.653798][ T3194] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 852.847036][ T3207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 853.184277][ T3207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 859.233201][ T3206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 859.803381][ T3206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 873.943024][ T3207] hsr_slave_0: entered promiscuous mode [ 874.016098][ T3207] hsr_slave_1: entered promiscuous mode [ 880.556585][ T3206] hsr_slave_0: entered promiscuous mode [ 880.600636][ T3206] hsr_slave_1: entered promiscuous mode [ 880.621886][ T3206] debugfs: 'hsr0' already exists in 'hsr' [ 880.625309][ T3206] Cannot create hsr debugfs directory [ 888.262662][ T3207] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 889.146247][ T3207] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 890.161602][ T3207] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 890.644547][ T3207] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 893.814619][ T3206] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 894.106908][ T3206] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 894.832749][ T3206] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 895.065465][ T3206] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 910.190227][ T3207] 8021q: adding VLAN 0 to HW filter on device bond0 [ 916.562309][ T3206] 8021q: adding VLAN 0 to HW filter on device bond0 [ 984.012931][ T3207] veth0_vlan: entered promiscuous mode [ 984.711557][ T3207] veth1_vlan: entered promiscuous mode [ 988.792498][ T3206] veth0_vlan: entered promiscuous mode [ 989.976628][ T3207] veth0_macvtap: entered promiscuous mode [ 990.812292][ T3206] veth1_vlan: entered promiscuous mode [ 991.197252][ T3207] veth1_macvtap: entered promiscuous mode [ 995.501149][ T3217] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 995.689957][ T3206] veth0_macvtap: entered promiscuous mode [ 995.940640][ T3217] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 996.062283][ T3217] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 996.065203][ T3217] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 996.571825][ T3206] veth1_macvtap: entered promiscuous mode [ 1002.363673][ T3217] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1002.366886][ T3217] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1002.426855][ T3217] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1002.482482][ T3217] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1006.523840][ T3207] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1037.623971][ T3834] hugetlbfs: Bad value '' for mount option 'size' [ 1037.623971][ T3834] [ 1063.535412][ T3848] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11'. [ 1081.252388][ T3859] ======================================================= [ 1081.252388][ T3859] WARNING: The mand mount option has been deprecated and [ 1081.252388][ T3859] and is ignored by this kernel. Remove the mand [ 1081.252388][ T3859] option from the mount to silence this warning. [ 1081.252388][ T3859] ======================================================= [ 1089.999931][ T3864] mmap: syz.1.18 (3864) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 1111.961024][ T3876] EXT4-fs: Conflicting test_dummy_encryption options [ 1150.597351][ T3900] netlink: 8 bytes leftover after parsing attributes in process `syz.1.34'. [ 1150.626115][ T3900] netlink: 8 bytes leftover after parsing attributes in process `syz.1.34'. [ 1166.286507][ T3909] pim6reg: entered allmulticast mode [ 1209.250900][ T3937] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1209.300691][ T3937] Zero length message leads to an empty skb [ 1290.088789][ T3986] capability: warning: `syz.0.72' uses deprecated v2 capabilities in a way that may be insecure [ 1331.351317][ T4006] netlink: 56 bytes leftover after parsing attributes in process `syz.0.81'. [ 1345.895586][ T4015] netlink: 'syz.0.85': attribute type 21 has an invalid length. [ 1345.909739][ T4015] netlink: 168 bytes leftover after parsing attributes in process `syz.0.85'. [ 1370.946722][ T4030] syz_tun: entered allmulticast mode [ 1459.503924][ T3818] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 1460.165758][ T3818] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1460.194270][ T3818] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1460.202365][ T3818] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1460.206185][ T3818] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1464.142054][ T3818] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 1464.319441][ T3818] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input0 [ 1464.470887][ T3818] input: failed to attach handler kbd to device input0, error: -5 [ 1465.065442][ T3818] usb 2-1: USB disconnect, device number 2 [ 1479.436828][ T4112] netlink: 320 bytes leftover after parsing attributes in process `syz.0.113'. [ 1498.856995][ T4126] faux_driver vgem: [drm] Unknown color mode 13; guessing buffer size. [ 1506.395459][ T29] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1506.750449][ T29] usb 1-1: Using ep0 maxpacket: 32 [ 1506.979233][ T29] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1506.981907][ T29] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1506.984099][ T29] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1507.007611][ T29] usb 1-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 1507.042179][ T29] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1507.370965][ T29] usb 1-1: config 0 descriptor?? [ 1510.479567][ T29] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5011.0001/input/input1 [ 1510.673425][ T29] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5011.0001/input/input2 [ 1511.364302][ T29] kye 0003:0458:5011.0001: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.0-1/input0 [ 1512.003843][ T29] usb 1-1: USB disconnect, device number 2 [ 1556.249110][ T4192] Driver unsupported XDP return value 0 on prog (id 13) dev N/A, expect packet loss! [ 1591.713721][ T4214] smc: net device bond0 applied user defined pnetid SYZ0 [ 1600.995463][ T4221] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 1600.995463][ T4221] The task syz.1.141 (4221) triggered the difference, watch for misbehavior. [ 1649.761054][ T4247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.153'. [ 1649.762722][ T4247] netlink: 4 bytes leftover after parsing attributes in process `syz.0.153'. [ 1649.764213][ T4247] netlink: 'syz.0.153': attribute type 13 has an invalid length. [ 1649.765913][ T4247] netlink: 'syz.0.153': attribute type 14 has an invalid length. [ 1651.376063][ T4251] process 'syz.1.154' launched './file2' with NULL argv: empty string added [ 1663.853071][ T4258] netlink: 8 bytes leftover after parsing attributes in process `syz.0.157'. [ 1719.675224][ T4291] netlink: 8 bytes leftover after parsing attributes in process `syz.1.172'. [ 1719.680456][ T4291] netlink: 4 bytes leftover after parsing attributes in process `syz.1.172'. [ 1719.686042][ T4291] netlink: 'syz.1.172': attribute type 13 has an invalid length. [ 1719.703839][ T4291] netlink: 'syz.1.172': attribute type 14 has an invalid length. [ 1749.481328][ T4310] netlink: 8 bytes leftover after parsing attributes in process `syz.1.181'. [ 1749.484271][ T4310] netlink: 36 bytes leftover after parsing attributes in process `syz.1.181'. [ 1751.296914][ T4310] vlan2: entered allmulticast mode [ 1751.351085][ T4310] gretap0: entered allmulticast mode [ 1758.715632][ T4316] tmpfs: Cannot enable quota on remount [ 1764.872883][ T3820] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1765.543030][ T3820] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1765.545703][ T3820] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1765.651727][ T3820] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1765.655495][ T3820] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 1765.666185][ T3820] usb 1-1: Manufacturer: syz [ 1765.996868][ T3820] usb 1-1: config 0 descriptor?? [ 1768.814716][ T3820] uclogic 0003:256C:006D.0002: failed retrieving Huion firmware version: -71 [ 1768.824832][ T3820] uclogic 0003:256C:006D.0002: failed probing parameters: -71 [ 1768.839992][ T3820] uclogic 0003:256C:006D.0002: probe with driver uclogic failed with error -71 [ 1769.224296][ T3820] usb 1-1: USB disconnect, device number 3 [ 1890.673042][ T4404] netlink: 104 bytes leftover after parsing attributes in process `syz.0.216'. [ 1912.302866][ T4416] netlink: 68 bytes leftover after parsing attributes in process `syz.1.221'. [ 1929.522032][ T4427] netlink: 'syz.0.224': attribute type 15 has an invalid length. [ 1994.051979][ T4462] netlink: 16 bytes leftover after parsing attributes in process `syz.1.239'. [ 2057.851628][ T31] audit: type=1326 audit(2056.510:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4499 comm="syz.1.255" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb21332c6 code=0x7ffc0000 [ 2057.891539][ T31] audit: type=1326 audit(2056.580:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4499 comm="syz.1.255" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb21332c6 code=0x7ffc0000 [ 2058.141762][ T31] audit: type=1326 audit(2056.720:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4499 comm="syz.1.255" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0x7fffb21332c6 code=0x7ffc0000 [ 2058.261611][ T31] audit: type=1326 audit(2056.870:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4499 comm="syz.1.255" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb21332c6 code=0x7ffc0000 [ 2058.329216][ T31] audit: type=1326 audit(2056.950:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4499 comm="syz.1.255" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb21332c6 code=0x7ffc0000 [ 2064.965074][ T4504] MPI: mpi too large (185152 bits) [ 2151.136118][ T4557] devtmpfs: Cannot disable swap on remount [ 2176.958490][ T4572] netlink: 480 bytes leftover after parsing attributes in process `syz.1.288'. [ 2177.791165][ T4574] netlink: 8 bytes leftover after parsing attributes in process `syz.0.289'. [ 2178.046184][ T4574] bond0: (slave bond_slave_0): Releasing backup interface [ 2179.199104][ T4574] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 2262.776404][ T3203] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 2263.123508][ T3203] usb 2-1: Using ep0 maxpacket: 16 [ 2263.385361][ T3203] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2263.406904][ T3203] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2264.313699][ T3203] usb 2-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20 [ 2264.316370][ T3203] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2264.339244][ T3203] usb 2-1: Product: syz [ 2264.341155][ T3203] usb 2-1: Manufacturer: syz [ 2264.342771][ T3203] usb 2-1: SerialNumber: syz [ 2264.734480][ T3203] usb 2-1: config 0 descriptor?? [ 2267.645333][ T4622] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false [ 2268.251311][ T3203] usb 2-1: USB disconnect, device number 3 [ 2294.022099][ T4645] netlink: 4 bytes leftover after parsing attributes in process `syz.0.312'. [ 2316.593239][ T4592] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 2317.062055][ T4592] usb 1-1: config 0 has an invalid interface number: 69 but max is 0 [ 2317.064547][ T4592] usb 1-1: config 0 has no interface number 0 [ 2317.066687][ T4592] usb 1-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 2317.101121][ T4592] usb 1-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 62, changing to 9 [ 2317.501332][ T4592] usb 1-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 2317.531520][ T4592] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2317.533608][ T4592] usb 1-1: Product: syz [ 2317.535125][ T4592] usb 1-1: Manufacturer: syz [ 2317.536715][ T4592] usb 1-1: SerialNumber: syz [ 2318.075453][ T4592] usb 1-1: config 0 descriptor?? [ 2318.238163][ T4657] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 2318.550264][ T4592] cyberjack 1-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 2319.143789][ T4592] usb 1-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 2323.006605][ T29] usb 1-1: USB disconnect, device number 4 [ 2323.911583][ T29] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 2323.990138][ T29] cyberjack 1-1:0.69: device disconnected [ 2354.185602][ T4696] comedi: No check for data length of config insn id 6 is implemented [ 2354.230036][ T4696] comedi: Add a check to check_insn_config_length in drivers/comedi/comedi_fops.c [ 2354.250436][ T4696] comedi: Assuming n=419 is correct [ 2373.335860][ T4707] devpts: Bad value for 'max' [ 2396.516071][ T4723] netlink: 16 bytes leftover after parsing attributes in process `syz.0.336'. [ 2412.766368][ T4733] [U]  [ 2412.781639][ T4733] [U] K{ [ 2412.784651][ T4733] [U] t 1ŠFfˊ`GJgo/mC [ 2412.787187][ T4733] [U] tؖ/,~Ĝj}8'o1"7-JQKWq5c%"H12YX``+(!(z'tXlnIgjݭp~7!" (5Ob̓J [ 2412.833780][ T4733] [U] k\&}66XHX .`a$40|϶9ި U4Vbz}wMTQΦr 4 [ 2412.853646][ T4733] [U] ".h6"k[J4In[Z(C|T]z{3c=x4w)\TXJSH{q;칢t+gd.˂>ywUhfNhl]S2\g%O&z)'pul_< ذ`ұT;_"(u{7j2X /'cIHcճV=Ai%wEs RjgrhIa6-DV i"n Asc~48c*OO5/J~wvK+3Y)Mvyq潀DTrOtpem%fejA5T_-X~^aaۂq [ 2412.885362][ T4733] [U] +wG?]'a: )' B>tf/<'U'hi.+]e.-ɿ%>2`^U8F.63+A«g3p6:^0tv'EtYCnrϩnPj ;Z8!\Aʖ2$­wi.#/Bai`4jdy@zgW5˿B ٜNy"vI2 [ 2412.919239][ T4733] [U] T_K5tYJ9c$brLNul 9w|G"ʃ%C؝q 3qN^HP*$ .7yӱ2 [ 2412.923270][ T4733] [U] ? h*37鍾^#Q"0~ (oX Lb,'v=CSGS0ւ`ه=1(p#2DO*Ƀ [ 2412.925780][ T4733] [U] sgGud-{|&2Lc_!`oz֥B%>rwSsH"yA4O.Y䏄RTԶB[+/<>{q_՝LX8U{Z)7?rR;crhײڣ1>)Măt(aϝ}9ڥJ*Mќġ'Lq DW=|q ÆW;5Ž!dBx`/E`ƦMX"\ [ 2413.004798][ T4733] [U] {; ٘_o2)o.2W2yx_ HPϱSD:]{ [ 2413.021625][ T4733] [U] I,> 51^1N4oǶ'0?֒i9w._.WaV`)Zc6GiӹaXL[F*OW)+'\n[K@2Ǭp"^` [ 2413.027574][ T4733] [U] 22Ʃx?0;3u [ 2413.034787][ T4733] [U] ޜsObx8W4(~/KUԖoQe+G-ygY_>v3.hә]̈́2)D, D~d+w; A\FPȘ|$)KؐIɿkYT^R癵A=#ܜ aet1ݯ4K.e"RS|s:>p r"z#P!KY"}FN84hޱosߙ̫%Dlwm [ 2413.053682][ T4733] [U] [['xn' ,mr/1D=!Dx91BwRlfKZ#` l؛˜b~m [ 2413.055955][ T4733] [U] L>d+d"5h3<iR=F^fnvDOIO:U>Y [ 2413.070915][ T4733] [U] 'B6v20瞥׌"t8{9FW]쩍 [ 2413.073096][ T4733] [U] 72uC6τI]8ctۨQSkYI |V'TV/g$[ 9kh`"}[^=0]%̂TF_v4C [ 2413.090766][ T4733] [U] ec [ 2413.096036][ T4733] [U] |<:^3$7nK~-@?/mtl۾Iw@g~t{P+$jp| IRipm Y 8tV,l, [ 2413.860205][ T4732] [U] K)0~ʪiP'fzr @B]5{ʼ'8ƥFUTqUdǩK;70c[yYCذmL8T͚5rxW xoQhVi'8L [ 2427.484163][ T3203] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 2427.951989][ T3203] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 2427.954352][ T3203] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2428.297430][ T3203] usb 2-1: config 0 descriptor?? [ 2428.816091][ T3203] cp210x 2-1:0.0: cp210x converter detected [ 2430.509937][ T3203] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -71 [ 2430.533314][ T3203] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 2430.537095][ T3203] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 2430.841397][ T3203] usb 2-1: cp210x converter now attached to ttyUSB0 [ 2431.124285][ T3203] usb 2-1: USB disconnect, device number 4 [ 2431.906877][ T3203] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 2432.042882][ T3203] cp210x 2-1:0.0: device disconnected [ 2453.307149][ T4773] netlink: 12 bytes leftover after parsing attributes in process `syz.1.351'. [ 2457.516601][ T4775] netlink: 60 bytes leftover after parsing attributes in process `syz.0.352'. [ 2469.149336][ T31] audit: type=1326 audit(2467.840:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4780 comm="syz.1.355" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb21332c6 code=0x0 [ 2503.672906][ T4802] fuse: Invalid rootmode [ 2521.635055][ T29] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 2522.090211][ T29] usb 2-1: Using ep0 maxpacket: 8 [ 2522.445182][ T29] usb 2-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb [ 2522.460308][ T29] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2522.462456][ T29] usb 2-1: Product: syz [ 2522.463908][ T29] usb 2-1: Manufacturer: syz [ 2522.465391][ T29] usb 2-1: SerialNumber: syz [ 2522.894883][ T4815] CUSE: unknown device info "KJ H+ۤ2LhnL1`Ccn80(3նi>f_ٮ,<_eF" [ 2522.921245][ T4815] CUSE: unknown device info "3ܟ,̘" [ 2522.935060][ T4815] CUSE: unknown device info "J2S Z !e/J+-na4D|G$5O~q [ 2522.935060][ T4815] fzXSAxjTǔw xRɐQ(hҏj pVdY0|M?2JIv^R@" [ 2523.003008][ T4815] CUSE: unknown device info "!To}ݝ&|L+Uoϲ"FstV:׌E gJ<@c4TMM|" [ 2523.006953][ T4815] CUSE: DEVNAME unspecified [ 2525.841043][ T29] mxuport 2-1:254.0: mxuport_recv_ctrl_urb - short read (0 / 4) [ 2525.847395][ T29] mxuport 2-1:254.0: probe with driver mxuport failed with error -5 [ 2528.472177][ T29] usb 2-1: USB disconnect, device number 5 [ 2575.217191][ T4849] netlink: 16 bytes leftover after parsing attributes in process `syz.1.379'. [ 2599.924892][ T4863] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? [ 2639.197261][ T4883] syz.1.395 uses obsolete (PF_INET,SOCK_PACKET) [ 2654.965701][ T4890] netlink: 24 bytes leftover after parsing attributes in process `syz.1.399'. [ 2654.975679][ T4890] netlink: 88 bytes leftover after parsing attributes in process `syz.1.399'. [ 2654.985851][ T4890] netlink: 40 bytes leftover after parsing attributes in process `syz.1.399'. [ 2655.045538][ T4890] netlink: 8 bytes leftover after parsing attributes in process `syz.1.399'. [ 2755.221454][ T4531] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 2755.597158][ T4531] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 2755.617245][ T4531] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2756.012844][ T4531] usb 1-1: config 0 descriptor?? [ 2756.314225][ T4531] cp210x 1-1:0.0: cp210x converter detected [ 2759.521266][ T4531] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -71 [ 2759.599923][ T4531] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 2759.602548][ T4531] cp210x 1-1:0.0: GPIO initialisation failed: -71 [ 2759.841074][ T4531] usb 1-1: cp210x converter now attached to ttyUSB0 [ 2760.097303][ T4531] usb 1-1: USB disconnect, device number 5 [ 2760.770776][ T4531] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 2760.885302][ T4531] cp210x 1-1:0.0: device disconnected [ 2787.551299][ T4983] netlink: 16 bytes leftover after parsing attributes in process `syz.1.430'. [ 2795.059501][ T4988] netlink: 4 bytes leftover after parsing attributes in process `syz.1.432'. [ 2795.095290][ T4988] netlink: 4 bytes leftover after parsing attributes in process `syz.1.432'. [ 2795.123307][ T4988] netlink: 4 bytes leftover after parsing attributes in process `syz.1.432'. [ 2795.156016][ T4988] netlink: 4 bytes leftover after parsing attributes in process `syz.1.432'. [ 2795.194940][ T4988] netlink: 4 bytes leftover after parsing attributes in process `syz.1.432'. [ 2795.223555][ T4988] netlink: 4 bytes leftover after parsing attributes in process `syz.1.432'. [ 2795.226788][ T4988] netlink: 4 bytes leftover after parsing attributes in process `syz.1.432'. [ 2795.263126][ T4988] netlink: 4 bytes leftover after parsing attributes in process `syz.1.432'. [ 2795.266273][ T4988] netlink: 4 bytes leftover after parsing attributes in process `syz.1.432'. [ 2795.345215][ T4988] netlink: 4 bytes leftover after parsing attributes in process `syz.1.432'. [ 2918.532082][ T5062] capability: warning: `syz.0.466' uses 32-bit capabilities (legacy support in use) [ 2986.852670][ T5098] __nla_validate_parse: 40 callbacks suppressed [ 2986.853095][ T5098] netlink: 8 bytes leftover after parsing attributes in process `syz.0.483'. [ 2986.856053][ T5098] netlink: 12 bytes leftover after parsing attributes in process `syz.0.483'. [ 3047.057332][ T5130] netlink: 8 bytes leftover after parsing attributes in process `syz.1.498'. [ 3047.061203][ T5130] netlink: 4 bytes leftover after parsing attributes in process `syz.1.498'. [ 3047.145611][ T5130] netlink: 'syz.1.498': attribute type 14 has an invalid length. [ 3047.183920][ T5130] netlink: 'syz.1.498': attribute type 12 has an invalid length. [ 3063.842729][ T5136] syz.1.501 (5136): /proc/5135/oom_adj is deprecated, please use /proc/5135/oom_score_adj instead. [ 3116.655988][ T5160] netlink: 'syz.0.510': attribute type 10 has an invalid length. [ 3175.084171][ T5181] vlan2: entered promiscuous mode [ 3175.085882][ T5181] geneve1: entered promiscuous mode [ 3175.154072][ T5181] vlan2: entered allmulticast mode [ 3175.155423][ T5181] geneve1: entered allmulticast mode [ 3195.326343][ T5194] netlink: 56 bytes leftover after parsing attributes in process `syz.1.525'. [ 3349.461876][ T5245] netlink: 104 bytes leftover after parsing attributes in process `syz.1.545'. [ 3373.610963][ T5228] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 3374.776249][ T5228] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3374.782102][ T5228] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3374.785684][ T5228] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3374.801390][ T5228] usb 1-1: New USB device found, idVendor=056a, idProduct=0010, bcdDevice= 0.00 [ 3374.803855][ T5228] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3375.197562][ T5228] usb 1-1: config 0 descriptor?? [ 3380.205517][ T5228] wacom 0003:056A:0010.0003: Unknown device_type for 'HID 056a:0010'. Assuming pen. [ 3380.413928][ T5228] wacom 0003:056A:0010.0003: hidraw0: USB HID v0.00 Device [HID 056a:0010] on usb-dummy_hcd.0-1/input0 [ 3380.985167][ T5228] input: Wacom Graphire Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:056A:0010.0003/input/input3 [ 3381.653249][ T5228] usb 1-1: USB disconnect, device number 6 [ 3461.262612][ T5314] netlink: 12 bytes leftover after parsing attributes in process `syz.0.563'. [ 3467.996809][ T5317] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 3484.711741][ T5322] netlink: 16 bytes leftover after parsing attributes in process `syz.1.567'. [ 3568.801246][ T5362] netlink: 256 bytes leftover after parsing attributes in process `syz.1.584'. [ 3568.802928][ T5362] netlink: 56 bytes leftover after parsing attributes in process `syz.1.584'. [ 3579.885069][ T5368] netlink: 16 bytes leftover after parsing attributes in process `syz.1.586'. [ 3640.983760][ T5401] netlink: 12 bytes leftover after parsing attributes in process `syz.0.603'. [ 3735.865902][ T5447] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 3745.076633][ T3196] hid-generic 0000:0000:0004.0004: unknown main item tag 0x0 [ 3745.103593][ T3196] hid-generic 0000:0000:0004.0004: unknown main item tag 0x0 [ 3745.106008][ T3196] hid-generic 0000:0000:0004.0004: unknown main item tag 0x0 [ 3745.151938][ T3196] hid-generic 0000:0000:0004.0004: unknown main item tag 0x0 [ 3745.155118][ T3196] hid-generic 0000:0000:0004.0004: unknown main item tag 0x0 [ 3745.195960][ T3196] hid-generic 0000:0000:0004.0004: unknown main item tag 0x0 [ 3745.214238][ T3196] hid-generic 0000:0000:0004.0004: unknown main item tag 0x0 [ 3745.216453][ T3196] hid-generic 0000:0000:0004.0004: unknown main item tag 0x0 [ 3745.245294][ T3196] hid-generic 0000:0000:0004.0004: unknown main item tag 0x0 [ 3745.272375][ T3196] hid-generic 0000:0000:0004.0004: unknown main item tag 0x0 [ 3745.614841][ T3196] hid-generic 0000:0000:0004.0004: hidraw0: HID v0.03 Device [syz1] on syz1 [ 3787.850381][ T5478] netlink: 4 bytes leftover after parsing attributes in process `syz.1.636'. [ 3797.146318][ T5482] netlink: 36 bytes leftover after parsing attributes in process `syz.1.638'. [ 3797.153498][ T5482] netlink: 16 bytes leftover after parsing attributes in process `syz.1.638'. [ 3797.202953][ T5482] netlink: 36 bytes leftover after parsing attributes in process `syz.1.638'. [ 3797.254661][ T5482] netlink: 36 bytes leftover after parsing attributes in process `syz.1.638'. [ 3808.487162][ T5488] option changes via remount are deprecated (pid=5487 comm=syz.0.641) [ 3825.534139][ T5497] netlink: 20 bytes leftover after parsing attributes in process `syz.1.645'. [ 3839.081432][ T5505] netem: change failed [ 3890.012897][ T5529] netlink: 60 bytes leftover after parsing attributes in process `syz.0.661'. [ 3987.905764][ T5582] binder: 5581:5582 ioctl c018620c 200000000000 returned -1 [ 4124.296531][ T5648] netlink: 4 bytes leftover after parsing attributes in process `syz.1.707'. [ 4159.923171][ T5666] input: syz1 as /devices/virtual/input/input6 [ 4185.388796][ T5683] netlink: 8 bytes leftover after parsing attributes in process `syz.0.720'. [ 4229.106241][ T5703] netlink: 'syz.0.729': attribute type 1 has an invalid length. [ 4229.154213][ T5703] netlink: 'syz.0.729': attribute type 2 has an invalid length. [ 4247.586240][ T5712] netlink: 64 bytes leftover after parsing attributes in process `syz.1.733'. [ 4272.432436][ T5726] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 4272.439307][ T5726] IPv6: NLM_F_CREATE should be set when creating new route [ 4337.415288][ T5750] input: syz1 as /devices/virtual/input/input8 [ 4408.491689][ T5783] netlink: 12 bytes leftover after parsing attributes in process `syz.0.760'. [ 4408.496600][ T5783] netlink: 12 bytes leftover after parsing attributes in process `syz.0.760'. [ 4432.826392][ T5795] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 4498.024350][ T5827] netlink: 104 bytes leftover after parsing attributes in process `syz.1.779'. [ 4649.742835][ T5898] ip6erspan0: entered allmulticast mode [ 4703.485865][ T5925] netlink: 32 bytes leftover after parsing attributes in process `syz.1.817'. [ 4762.815266][ T5950] input: syz1 as /devices/virtual/input/input9 [ 4807.606827][ T5974] netlink: 8 bytes leftover after parsing attributes in process `syz.0.836'. [ 4815.586462][ T5978] netlink: 8 bytes leftover after parsing attributes in process `syz.0.838'. [ 4823.090754][ T5980] input: syz1 as /devices/virtual/input/input10 [ 4828.104884][ T5704] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 4830.801264][ T5704] usb 1-1: unable to get BOS descriptor or descriptor too short [ 4831.144262][ T5704] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 4831.147393][ T5704] usb 1-1: can't read configurations, error -71 [ 4857.684310][ T6003] block nbd0: NBD_DISCONNECT [ 4907.493459][ T6022] netlink: 8 bytes leftover after parsing attributes in process `syz.1.853'. [ 5002.861092][ T5696] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 5003.674141][ T5696] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 5003.676678][ T5696] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 5003.712141][ T5696] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 5003.715419][ T5696] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 5004.056163][ T5696] usb 2-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 5004.075783][ T5696] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5004.173489][ T5696] usb 2-1: Product: syz [ 5004.176173][ T5696] usb 2-1: Manufacturer: syz [ 5004.183248][ T5696] usb 2-1: SerialNumber: syz [ 5005.035128][ T5696] usb 2-1: config 0 descriptor?? [ 5005.754543][ T5696] ums-isd200 2-1:0.0: USB Mass Storage device detected [ 5008.299542][ T5696] scsi host0: usb-storage 2-1:0.0 [ 5009.883390][ T5696] usb 2-1: USB disconnect, device number 6 [ 5181.655517][ T6167] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 5181.661602][ T6167] IPv6: NLM_F_CREATE should be set when creating new route [ 5181.665410][ T6167] IPv6: NLM_F_CREATE should be set when creating new route [ 5182.475668][ T6167] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.900'. [ 5281.301927][ T5254] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 5281.799760][ T5254] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 5281.802247][ T5254] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 5281.804737][ T5254] usb 2-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00 [ 5281.806518][ T5254] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 5282.416538][ T5254] usb 2-1: config 0 descriptor?? [ 5286.047113][ T6218] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 5286.050275][ T6218] IPv6: NLM_F_CREATE should be set when creating new route [ 5286.052209][ T6218] IPv6: NLM_F_CREATE should be set when creating new route [ 5286.194120][ T5254] razer 0003:1532:010E.0005: failed to enable macro keys: -71 [ 5286.245388][ T6218] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 5286.521877][ T5254] razer 0003:1532:010E.0005: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.1-1/input0 [ 5287.012512][ T5254] usb 2-1: USB disconnect, device number 7 [ 5353.790455][ T31] audit: type=1800 audit(5352.462:8): pid=6265 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.932" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=9879 res=0 errno=0 [ 5421.506519][ T6298] netlink: 36 bytes leftover after parsing attributes in process `syz.1.946'. [ 5552.966961][ T6360] netlink: 8 bytes leftover after parsing attributes in process `syz.0.967'. [ 5622.477186][ T6210] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 5622.875246][ T6210] usb 2-1: Using ep0 maxpacket: 8 [ 5623.006423][ T6210] usb 2-1: config index 0 descriptor too short (expected 6427, got 27) [ 5623.013624][ T6210] usb 2-1: config 0 has an invalid interface number: 21 but max is 0 [ 5623.091612][ T6210] usb 2-1: config 0 has no interface number 0 [ 5623.094075][ T6210] usb 2-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 5623.096376][ T6210] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 5623.170489][ T6210] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 5623.344772][ T6210] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 5623.347180][ T6210] usb 2-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 5623.353675][ T6210] usb 2-1: Product: syz [ 5623.370243][ T5847] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 5623.665645][ T5847] usb 1-1: Using ep0 maxpacket: 16 [ 5623.941556][ T5847] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 5623.943804][ T5847] usb 1-1: config 0 has no interface number 0 [ 5623.971106][ T5847] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 5623.974316][ T5847] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 5624.019741][ T5847] usb 1-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 5624.022796][ T5847] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 5624.127555][ T6210] usb 2-1: config 0 descriptor?? [ 5624.550846][ T5847] usb 1-1: config 0 descriptor?? [ 5628.635114][ T5847] input: HID 28bd:0071 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.1/0003:28BD:0071.0006/input/input13 [ 5629.147062][ T6210] input: syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.21/input/input12 [ 5629.497367][ T6210] input: failed to attach handler kbd to device input12, error: -5 [ 5629.796872][ T5847] input: HID 28bd:0071 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.1/0003:28BD:0071.0006/input/input14 [ 5630.803145][ T5847] uclogic 0003:28BD:0071.0006: input,hidraw0: USB HID v0.02 Keypad [HID 28bd:0071] on usb-dummy_hcd.0-1/input1 [ 5630.892740][ T6210] usb 2-1: USB disconnect, device number 8 [ 5631.615014][ T5847] usb 1-1: USB disconnect, device number 9 [ 5786.650794][ T6501] block nbd0: NBD_DISCONNECT [ 5786.684290][ T6501] block nbd0: Send disconnect failed -32 [ 5786.936509][ T6500] block nbd0: Disconnected due to user request. [ 5786.999300][ T6500] block nbd0: shutting down sockets [ 5942.834712][ T6575] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 5969.011684][ T6592] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1044'. [ 5969.224761][ T6592] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1044'. [ 5980.591331][ T6598] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1047'. [ 5987.214655][ T6600] nbd0: detected capacity change from 0 to 127 [ 5988.284785][ T866] block nbd0: Receive control failed (result -32) [ 6074.471769][ T6644] binder: 6643:6644 ioctl c018620c 200000000000 returned -22 [ 6087.371101][ T6650] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1070'. [ 6150.759364][ T6676] nbd1: detected capacity change from 0 to 63 [ 6151.802329][ T6604] block nbd1: Receive control failed (result -32) [ 6151.803095][ T869] block nbd1: Receive control failed (result -32) [ 6176.992337][ T31] audit: type=1326 audit(6175.672:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6690 comm="syz.1.1088" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb21332c6 code=0x0 [ 6228.636937][ T6577] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 6229.270394][ T6577] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 6229.273344][ T6577] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 6229.276718][ T6577] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 6229.424267][ T6577] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 6229.566099][ T6577] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 6229.570524][ T6577] usb 2-1: SerialNumber: syz [ 6230.334002][ T6577] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 6230.336317][ T6577] cdc_acm 2-1:1.0: This needs exactly 3 endpoints [ 6230.373303][ T6577] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -22 [ 6234.662760][ T5704] usb 2-1: USB disconnect, device number 9 [ 6246.814498][ T6730] pimreg: entered allmulticast mode [ 6419.326215][ T6806] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1124'. [ 6419.374967][ T6806] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1124'. [ 6570.552059][ T6867] lo: entered promiscuous mode [ 6570.554185][ T6867] lo: entered allmulticast mode [ 6581.441445][ T6873] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1146'. [ 6605.059217][ T6887] netlink: 'syz.0.1152': attribute type 9 has an invalid length. [ 6630.123058][ T6900] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1158'. [ 6643.629835][ T6910] random: crng reseeded on system resumption [ 6675.075577][ T6927] ubi31: attaching mtd0 [ 6688.550024][ T6933] input: syz0 as /devices/virtual/input/input15 [ 6700.934918][ T6944] netlink: 87 bytes leftover after parsing attributes in process `syz.0.1174'. [ 6809.262177][ T6997] netlink: 'syz.1.1194': attribute type 11 has an invalid length. [ 6809.270828][ T6997] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1194'. [ 6809.424043][ T6997] netlink: 'syz.1.1194': attribute type 11 has an invalid length. [ 6809.425646][ T6997] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1194'. [ 6888.234130][ T7033] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1210'. [ 6888.454752][ T7033] hsr_slave_0: left promiscuous mode [ 6888.651123][ T7033] hsr_slave_1: left promiscuous mode [ 6934.757322][ T5792] syz_tun (unregistering): left allmulticast mode [ 6990.103316][ T7083] netlink: 'syz.1.1229': attribute type 9 has an invalid length. [ 7036.328596][ T7069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7036.571463][ T7069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7046.287403][ T7228] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1233'. [ 7065.744864][ T7069] hsr_slave_0: entered promiscuous mode [ 7065.772917][ T7069] hsr_slave_1: entered promiscuous mode [ 7087.791162][ T7069] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 7088.166112][ T7069] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 7088.673695][ T7069] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 7089.446333][ T7069] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 7117.096224][ T7069] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7156.704526][ T7398] netem: change failed [ 7165.231822][ T7404] [ 7165.232945][ T7404] ====================================================== [ 7165.233907][ T7404] WARNING: possible circular locking dependency detected [ 7165.235992][ T7404] syzkaller #0 Tainted: G L [ 7165.237081][ T7404] ------------------------------------------------------ [ 7165.238064][ T7404] syz.1.1244/7404 is trying to acquire lock: [ 7165.239081][ T7404] ffffaf801e9d6e70 (&nsock->tx_lock){+.+.}-{4:4}, at: nbd_queue_rq+0x372/0xe44 [ 7165.243844][ T7404] [ 7165.243844][ T7404] but task is already holding lock: [ 7165.244810][ T7404] ffffaf8034698180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 7165.247130][ T7404] [ 7165.247130][ T7404] which lock already depends on the new lock. [ 7165.247130][ T7404] [ 7165.248252][ T7404] [ 7165.248252][ T7404] the existing dependency chain (in reverse order) is: [ 7165.249306][ T7404] [ 7165.249306][ T7404] -> #6 (&cmd->lock){+.+.}-{4:4}: [ 7165.251276][ T7404] lock_acquire+0x24a/0x504 [ 7165.252636][ T7404] __mutex_lock+0x164/0x1890 [ 7165.253958][ T7404] mutex_lock_nested+0x14/0x1c [ 7165.255289][ T7404] nbd_queue_rq+0xc4/0xe44 [ 7165.256430][ T7404] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 7165.257924][ T7404] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 7165.259369][ T7404] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 7165.260831][ T7404] blk_mq_run_hw_queue+0x274/0x6ec [ 7165.261956][ T7404] blk_mq_dispatch_list+0x53e/0x1430 [ 7165.263157][ T7404] blk_mq_flush_plug_list+0x114/0x55c [ 7165.264493][ T7404] __blk_flush_plug+0x270/0x464 [ 7165.265693][ T7404] __submit_bio+0x42e/0x504 [ 7165.266846][ T7404] submit_bio_noacct_nocheck+0x458/0xdf4 [ 7165.268292][ T7404] submit_bio_noacct+0x6fe/0x2170 [ 7165.269481][ T7404] submit_bio+0xb6/0x5b8 [ 7165.270572][ T7404] submit_bh_wbc+0x428/0x5c0 [ 7165.271772][ T7404] block_read_full_folio+0x396/0x788 [ 7165.273087][ T7404] blkdev_read_folio+0x26/0x30 [ 7165.274253][ T7404] filemap_read_folio+0xc2/0x270 [ 7165.275564][ T7404] do_read_cache_folio+0x22e/0x518 [ 7165.276979][ T7404] read_cache_folio+0x4e/0x68 [ 7165.278244][ T7404] read_part_sector+0xbc/0x408 [ 7165.279420][ T7404] read_lba+0x1b6/0x32c [ 7165.280565][ T7404] find_valid_gpt.constprop.0+0x212/0x21ec [ 7165.281811][ T7404] efi_partition+0xfe/0x9e0 [ 7165.282933][ T7404] bdev_disk_changed+0x5a0/0x1180 [ 7165.284145][ T7404] blkdev_get_whole+0x168/0x25c [ 7165.285285][ T7404] bdev_open+0x288/0xcc4 [ 7165.286381][ T7404] blkdev_open+0x2ec/0x454 [ 7165.287606][ T7404] do_dentry_open+0x418/0x1170 [ 7165.288928][ T7404] vfs_open+0xba/0x3a8 [ 7165.290062][ T7404] path_openat+0x144e/0x2f28 [ 7165.291460][ T7404] do_file_open+0x1ae/0x398 [ 7165.292770][ T7404] do_sys_openat2+0xfe/0x1c0 [ 7165.293934][ T7404] __riscv_sys_openat+0x122/0x1e4 [ 7165.295138][ T7404] syscall_handler+0x92/0x114 [ 7165.296476][ T7404] do_trap_ecall_u+0x402/0x680 [ 7165.297753][ T7404] handle_exception+0x15e/0x16a [ 7165.299224][ T7404] [ 7165.299224][ T7404] -> #5 (set->srcu){.+.+}-{0:0}: [ 7165.301253][ T7404] lock_sync+0xea/0x1cc [ 7165.303189][ T7404] __synchronize_srcu+0xd4/0x24c [ 7165.304630][ T7404] synchronize_srcu+0x14c/0x3fc [ 7165.305971][ T7404] blk_mq_quiesce_queue+0x124/0x194 [ 7165.307122][ T7404] elevator_switch+0x16a/0x4e4 [ 7165.308477][ T7404] elevator_change+0x2f4/0x4ac [ 7165.309759][ T7404] elevator_set_default+0x280/0x370 [ 7165.311112][ T7404] blk_register_queue+0x3a8/0x50c [ 7165.312561][ T7404] __add_disk+0x69a/0xda4 [ 7165.313684][ T7404] add_disk_fwnode+0xe8/0x48c [ 7165.314821][ T7404] device_add_disk+0x28/0x38 [ 7165.315995][ T7404] nbd_dev_add+0x692/0xaec [ 7165.317386][ T7404] nbd_init+0x3d4/0x3f8 [ 7165.318503][ T7404] do_one_initcall+0x18c/0xcdc [ 7165.319643][ T7404] kernel_init_freeable+0x6ca/0x7b4 [ 7165.320918][ T7404] kernel_init+0x28/0x240 [ 7165.322099][ T7404] ret_from_fork_kernel+0x94/0xef8 [ 7165.323305][ T7404] ret_from_fork_kernel_asm+0x16/0x18 [ 7165.324752][ T7404] [ 7165.324752][ T7404] -> #4 (&q->elevator_lock){+.+.}-{4:4}: [ 7165.326817][ T7404] lock_acquire+0x24a/0x504 [ 7165.328163][ T7404] __mutex_lock+0x164/0x1890 [ 7165.329530][ T7404] mutex_lock_nested+0x14/0x1c [ 7165.330847][ T7404] elevator_change+0x192/0x4ac [ 7165.332124][ T7404] elevator_set_none+0xa8/0x120 [ 7165.333421][ T7404] blk_mq_update_nr_hw_queues+0x43a/0x13a0 [ 7165.334748][ T7404] nbd_start_device+0x156/0xb74 [ 7165.335909][ T7404] nbd_genl_connect+0xe74/0x1a4c [ 7165.337075][ T7404] genl_family_rcv_msg_doit+0x1f6/0x2d8 [ 7165.338674][ T7404] genl_rcv_msg+0x4b2/0x73c [ 7165.339837][ T7404] netlink_rcv_skb+0x1e8/0x394 [ 7165.341237][ T7404] genl_rcv+0x32/0x4c [ 7165.342499][ T7404] netlink_unicast+0x50c/0x7d8 [ 7165.343850][ T7404] netlink_sendmsg+0x7e0/0xd64 [ 7165.345179][ T7404] __sock_sendmsg+0xca/0x160 [ 7165.346478][ T7404] ____sys_sendmsg+0x636/0x794 [ 7165.348113][ T7404] ___sys_sendmsg+0x1a4/0x1e8 [ 7165.349489][ T7404] __sys_sendmsg+0x18e/0x234 [ 7165.350592][ T7404] __riscv_sys_sendmsg+0x70/0xa4 [ 7165.351791][ T7404] syscall_handler+0x92/0x114 [ 7165.353041][ T7404] do_trap_ecall_u+0x402/0x680 [ 7165.354216][ T7404] handle_exception+0x15e/0x16a [ 7165.355419][ T7404] [ 7165.355419][ T7404] -> #3 (&q->q_usage_counter(io)#20){++++}-{0:0}: [ 7165.357892][ T7404] lock_acquire+0x24a/0x504 [ 7165.359078][ T7404] blk_alloc_queue+0x5b4/0x6f4 [ 7165.360304][ T7404] blk_mq_alloc_queue+0x15e/0x250 [ 7165.361565][ T7404] __blk_mq_alloc_disk+0x2a/0xd8 [ 7165.362763][ T7404] nbd_dev_add+0x426/0xaec [ 7165.364158][ T7404] nbd_init+0x3d4/0x3f8 [ 7165.365295][ T7404] do_one_initcall+0x18c/0xcdc [ 7165.366405][ T7404] kernel_init_freeable+0x6ca/0x7b4 [ 7165.367776][ T7404] kernel_init+0x28/0x240 [ 7165.369032][ T7404] ret_from_fork_kernel+0x94/0xef8 [ 7165.370239][ T7404] ret_from_fork_kernel_asm+0x16/0x18 [ 7165.371499][ T7404] [ 7165.371499][ T7404] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 7165.373493][ T7404] lock_acquire+0x24a/0x504 [ 7165.374699][ T7404] fs_reclaim_acquire+0xc6/0x100 [ 7165.376142][ T7404] kmem_cache_alloc_node_noprof+0x40/0x6e8 [ 7165.377372][ T7404] __alloc_skb+0x17c/0x778 [ 7165.378560][ T7404] tcp_stream_alloc_skb+0x2e/0x4d8 [ 7165.379932][ T7404] tcp_sendmsg_locked+0xe16/0x408c [ 7165.381202][ T7404] tcp_sendmsg+0x32/0x50 [ 7165.382370][ T7404] inet_sendmsg+0x9a/0xd8 [ 7165.383469][ T7404] __sock_sendmsg+0xca/0x160 [ 7165.384865][ T7404] sock_write_iter+0x298/0x3e8 [ 7165.386256][ T7404] vfs_write+0x648/0xd08 [ 7165.387455][ T7404] ksys_write+0x1f4/0x244 [ 7165.388758][ T7404] __riscv_sys_write+0x6e/0xa0 [ 7165.390022][ T7404] syscall_handler+0x92/0x114 [ 7165.391239][ T7404] do_trap_ecall_u+0x402/0x680 [ 7165.392448][ T7404] handle_exception+0x15e/0x16a [ 7165.393632][ T7404] [ 7165.393632][ T7404] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 7165.395768][ T7404] lock_acquire+0x24a/0x504 [ 7165.397018][ T7404] lock_sock_nested+0x38/0xf8 [ 7165.398279][ T7404] tcp_sendmsg+0x28/0x50 [ 7165.399444][ T7404] inet_sendmsg+0x9a/0xd8 [ 7165.400488][ T7404] sock_sendmsg+0x206/0x2d4 [ 7165.401781][ T7404] __sock_xmit+0x244/0x578 [ 7165.403098][ T7404] nbd_disconnect.isra.0+0x312/0x3e8 [ 7165.404414][ T7404] nbd_ioctl+0xbc8/0xbd4 [ 7165.405452][ T7404] blkdev_ioctl+0x4cc/0x12e4 [ 7165.406910][ T7404] __riscv_sys_ioctl+0x17c/0x1e4 [ 7165.408063][ T7404] syscall_handler+0x92/0x114 [ 7165.409342][ T7404] do_trap_ecall_u+0x402/0x680 [ 7165.410567][ T7404] handle_exception+0x15e/0x16a [ 7165.411796][ T7404] [ 7165.411796][ T7404] -> #0 (&nsock->tx_lock){+.+.}-{4:4}: [ 7165.413739][ T7404] check_noncircular+0x138/0x14c [ 7165.414926][ T7404] __lock_acquire+0xe9c/0x25ac [ 7165.416187][ T7404] lock_acquire+0x24a/0x504 [ 7165.417338][ T7404] __mutex_lock+0x164/0x1890 [ 7165.418722][ T7404] mutex_lock_nested+0x14/0x1c [ 7165.420116][ T7404] nbd_queue_rq+0x372/0xe44 [ 7165.421248][ T7404] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 7165.422587][ T7404] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 7165.424140][ T7404] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 7165.425651][ T7404] blk_mq_run_hw_queue+0x274/0x6ec [ 7165.426868][ T7404] blk_mq_dispatch_list+0x53e/0x1430 [ 7165.428208][ T7404] blk_mq_flush_plug_list+0x114/0x55c [ 7165.429512][ T7404] __blk_flush_plug+0x270/0x464 [ 7165.430699][ T7404] __submit_bio+0x42e/0x504 [ 7165.431907][ T7404] submit_bio_noacct_nocheck+0x458/0xdf4 [ 7165.433191][ T7404] submit_bio_noacct+0x6fe/0x2170 [ 7165.434382][ T7404] submit_bio+0xb6/0x5b8 [ 7165.435495][ T7404] submit_bh_wbc+0x428/0x5c0 [ 7165.436778][ T7404] block_read_full_folio+0x396/0x788 [ 7165.438120][ T7404] blkdev_read_folio+0x26/0x30 [ 7165.439299][ T7404] filemap_read_folio+0xc2/0x270 [ 7165.440607][ T7404] do_read_cache_folio+0x22e/0x518 [ 7165.441822][ T7404] read_cache_folio+0x4e/0x68 [ 7165.443073][ T7404] read_part_sector+0xbc/0x408 [ 7165.444247][ T7404] read_lba+0x1b6/0x32c [ 7165.445351][ T7404] find_valid_gpt.constprop.0+0x212/0x21ec [ 7165.446690][ T7404] efi_partition+0xfe/0x9e0 [ 7165.447837][ T7404] bdev_disk_changed+0x5a0/0x1180 [ 7165.448918][ T7404] blkdev_get_whole+0x168/0x25c [ 7165.450012][ T7404] bdev_open+0x288/0xcc4 [ 7165.451077][ T7404] blkdev_open+0x2ec/0x454 [ 7165.452226][ T7404] do_dentry_open+0x418/0x1170 [ 7165.453321][ T7404] vfs_open+0xba/0x3a8 [ 7165.454355][ T7404] path_openat+0x144e/0x2f28 [ 7165.455613][ T7404] do_file_open+0x1ae/0x398 [ 7165.456907][ T7404] do_sys_openat2+0xfe/0x1c0 [ 7165.457979][ T7404] __riscv_sys_openat+0x122/0x1e4 [ 7165.459079][ T7404] syscall_handler+0x92/0x114 [ 7165.460285][ T7404] do_trap_ecall_u+0x402/0x680 [ 7165.461433][ T7404] handle_exception+0x15e/0x16a [ 7165.462586][ T7404] [ 7165.462586][ T7404] other info that might help us debug this: [ 7165.462586][ T7404] [ 7165.463743][ T7404] Chain exists of: [ 7165.463743][ T7404] &nsock->tx_lock --> set->srcu --> &cmd->lock [ 7165.463743][ T7404] [ 7165.466286][ T7404] Possible unsafe locking scenario: [ 7165.466286][ T7404] [ 7165.467225][ T7404] CPU0 CPU1 [ 7165.468054][ T7404] ---- ---- [ 7165.468880][ T7404] lock(&cmd->lock); [ 7165.470062][ T7404] lock(set->srcu); [ 7165.471333][ T7404] lock(&cmd->lock); [ 7165.472871][ T7404] lock(&nsock->tx_lock); [ 7165.474108][ T7404] [ 7165.474108][ T7404] *** DEADLOCK *** [ 7165.474108][ T7404] [ 7165.475095][ T7404] 3 locks held by syz.1.1244/7404: [ 7165.476110][ T7404] #0: ffffaf801ad42358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x3c4/0xcc4 [ 7165.478960][ T7404] #1: ffffaf801ac0b218 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x22c/0x6ec [ 7165.481607][ T7404] #2: ffffaf8034698180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 7165.484218][ T7404] [ 7165.484218][ T7404] stack backtrace: [ 7165.486082][ T7404] CPU: 0 UID: 0 PID: 7404 Comm: syz.1.1244 Tainted: G L syzkaller #0 PREEMPT [ 7165.486911][ T7404] Tainted: [L]=SOFTLOCKUP [ 7165.487193][ T7404] Hardware name: riscv-virtio,qemu (DT) [ 7165.487874][ T7404] Call Trace: [ 7165.488163][ T7404] [] dump_backtrace+0x2e/0x3c [ 7165.488983][ T7404] [] show_stack+0x30/0x3c [ 7165.489504][ T7404] [] dump_stack_lvl+0x114/0x1ac [ 7165.490252][ T7404] [] dump_stack+0x1c/0x28 [ 7165.491045][ T7404] [] print_circular_bug+0x250/0x29c [ 7165.491577][ T7404] [] check_noncircular+0x138/0x14c [ 7165.492129][ T7404] [] __lock_acquire+0xe9c/0x25ac [ 7165.492691][ T7404] [] lock_acquire+0x24a/0x504 [ 7165.493239][ T7404] [] __mutex_lock+0x164/0x1890 [ 7165.493963][ T7404] [] mutex_lock_nested+0x14/0x1c [ 7165.494652][ T7404] [] nbd_queue_rq+0x372/0xe44 [ 7165.495126][ T7404] [] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 7165.495791][ T7404] [] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 7165.496591][ T7404] [] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 7165.497329][ T7404] [] blk_mq_run_hw_queue+0x274/0x6ec [ 7165.497905][ T7404] [] blk_mq_dispatch_list+0x53e/0x1430 [ 7165.498518][ T7404] [] blk_mq_flush_plug_list+0x114/0x55c [ 7165.499126][ T7404] [] __blk_flush_plug+0x270/0x464 [ 7165.499740][ T7404] [] __submit_bio+0x42e/0x504 [ 7165.500293][ T7404] [] submit_bio_noacct_nocheck+0x458/0xdf4 [ 7165.500909][ T7404] [] submit_bio_noacct+0x6fe/0x2170 [ 7165.501483][ T7404] [] submit_bio+0xb6/0x5b8 [ 7165.502040][ T7404] [] submit_bh_wbc+0x428/0x5c0 [ 7165.502668][ T7404] [] block_read_full_folio+0x396/0x788 [ 7165.503349][ T7404] [] blkdev_read_folio+0x26/0x30 [ 7165.504306][ T7404] [] filemap_read_folio+0xc2/0x270 [ 7165.505028][ T7404] [] do_read_cache_folio+0x22e/0x518 [ 7165.505758][ T7404] [] read_cache_folio+0x4e/0x68 [ 7165.506459][ T7404] [] read_part_sector+0xbc/0x408 [ 7165.507004][ T7404] [] read_lba+0x1b6/0x32c [ 7165.507543][ T7404] [] find_valid_gpt.constprop.0+0x212/0x21ec [ 7165.508184][ T7404] [] efi_partition+0xfe/0x9e0 [ 7165.508762][ T7404] [] bdev_disk_changed+0x5a0/0x1180 [ 7165.509278][ T7404] [] blkdev_get_whole+0x168/0x25c [ 7165.509812][ T7404] [] bdev_open+0x288/0xcc4 [ 7165.510348][ T7404] [] blkdev_open+0x2ec/0x454 [ 7165.510923][ T7404] [] do_dentry_open+0x418/0x1170 [ 7165.511459][ T7404] [] vfs_open+0xba/0x3a8 [ 7165.511985][ T7404] [] path_openat+0x144e/0x2f28 [ 7165.512688][ T7404] [] do_file_open+0x1ae/0x398 [ 7165.513379][ T7404] [] do_sys_openat2+0xfe/0x1c0 [ 7165.513899][ T7404] [] __riscv_sys_openat+0x122/0x1e4 [ 7165.514448][ T7404] [] syscall_handler+0x92/0x114 [ 7165.515043][ T7404] [] do_trap_ecall_u+0x402/0x680 [ 7165.515610][ T7404] [] handle_exception+0x15e/0x16a SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 7165.731846][ T7404] block nbd1: Dead connection, failed to find a fallback [ 7165.734311][ T7404] block nbd1: shutting down sockets [ 7165.797489][ T7404] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7165.826398][ T7404] Buffer I/O error on dev nbd1, logical block 0, async page read [ 7165.842693][ T7404] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7165.845174][ T7404] Buffer I/O error on dev nbd1, logical block 1, async page read [ 7165.941731][ T7404] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7165.944758][ T7404] Buffer I/O error on dev nbd1, logical block 2, async page read [ 7166.014403][ T7404] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7166.015662][ T7404] Buffer I/O error on dev nbd1, logical block 3, async page read [ 7166.093285][ T7404] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7166.095914][ T7404] Buffer I/O error on dev nbd1, logical block 0, async page read [ 7166.196029][ T7404] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7166.389201][ T7404] Buffer I/O error on dev nbd1, logical block 1, async page read [ 7166.392925][ T7404] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7166.395132][ T7404] Buffer I/O error on dev nbd1, logical block 2, async page read [ 7166.551575][ T7404] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7166.554371][ T7404] Buffer I/O error on dev nbd1, logical block 3, async page read [ 7166.556695][ T7404] nbd1: unable to read partition table