last executing test programs: 44.606576522s ago: executing program 0 (id=940): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000780)=[@enter_looper, @register_looper], 0x0, 0x0, 0x0}) 38.624767633s ago: executing program 1 (id=941): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5, 0xfffffffffffffffb}, {0x0, 0x40000000000000, 0x200000000000000}, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000015}, 0x2c000010) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x14, 0x1, 0x0, 0x400000, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}}}, 0xb8}}, 0x2c000010) 37.6956542s ago: executing program 0 (id=942): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x14c) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota']) umount2(&(0x7f00000000c0)='./file1\x00', 0x9) 32.449673697s ago: executing program 1 (id=943): r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f00000001c0), 0x0) clock_adjtime(0x0, &(0x7f0000000340)={0x2925, 0x0, 0x0, 0x3, 0x41, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x40000000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x20007ff, 0x3ff, 0x0, 0x59, 0xb}) timerfd_settime(r0, 0x3, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0) 26.511663878s ago: executing program 0 (id=944): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNGETDEVNETNS(r0, 0xff07, 0x0) 23.912440036s ago: executing program 1 (id=945): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {r1, 0x4734}}, 0x10) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000040)={0x7, 0x8, 0xfa00, {r1, 0x3}}, 0x10) 17.515228785s ago: executing program 1 (id=946): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x66960000) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0) readv(r0, &(0x7f00000002c0)=[{&(0x7f0000001500)=""/4110, 0x100e}], 0x1) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0) 16.550054663s ago: executing program 0 (id=947): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000000012"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x1c, &(0x7f0000000440)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xf1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 8.762596877s ago: executing program 0 (id=948): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x101040, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000080)={'ipvlan0\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000000)={0x0, 0x0}) 7.849736344s ago: executing program 1 (id=949): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000020085000000a800000095"], 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r0, 0x0, 0x0}, 0x10) 471.012261ms ago: executing program 1 (id=950): io_setup(0x9, &(0x7f0000000340)=0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x14, 0x2, &(0x7f0000000900)=ANY=[@ANYBLOB="186a0000130000000000000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$xdp(0x2c, 0x3, 0x0) io_submit(r0, 0x2000000000000211, &(0x7f0000000840)=[&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x8, 0x9, r1, 0x0}]) 0s ago: executing program 0 (id=951): r0 = socket(0x2, 0x1, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab04) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:41799' (ED25519) to the list of known hosts. syzkaller login: [ 512.029199][ T3192] cgroup: Unknown subsys name 'net' [ 512.950838][ T3192] cgroup: Unknown subsys name 'cpuset' [ 513.138986][ T3192] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 600.368295][ T3192] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 768.270475][ T3205] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 768.459156][ T3205] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 771.664859][ T3206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 771.802034][ T3206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 788.014440][ T3205] hsr_slave_0: entered promiscuous mode [ 788.108418][ T3205] hsr_slave_1: entered promiscuous mode [ 793.063480][ T3206] hsr_slave_0: entered promiscuous mode [ 793.091432][ T3206] hsr_slave_1: entered promiscuous mode [ 793.157351][ T3206] debugfs: 'hsr0' already exists in 'hsr' [ 793.159478][ T3206] Cannot create hsr debugfs directory [ 803.861769][ T3205] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 804.319762][ T3205] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 804.481718][ T3205] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 804.718840][ T3205] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 808.290730][ T3206] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 808.757306][ T3206] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 809.000622][ T3206] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 809.336831][ T3206] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 829.076301][ T3205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 832.256863][ T3206] 8021q: adding VLAN 0 to HW filter on device bond0 [ 907.006874][ T3205] veth0_vlan: entered promiscuous mode [ 908.161572][ T3205] veth1_vlan: entered promiscuous mode [ 911.236718][ T3206] veth0_vlan: entered promiscuous mode [ 913.287375][ T3205] veth0_macvtap: entered promiscuous mode [ 913.697595][ T3206] veth1_vlan: entered promiscuous mode [ 914.365323][ T3205] veth1_macvtap: entered promiscuous mode [ 919.525344][ T30] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 919.637821][ T3206] veth0_macvtap: entered promiscuous mode [ 919.834031][ T30] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 919.837628][ T30] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 920.019551][ T30] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 920.811642][ T3206] veth1_macvtap: entered promiscuous mode [ 925.726998][ T3307] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 925.730089][ T3307] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 925.760743][ T3307] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 925.966566][ T3307] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 927.476761][ T3205] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 940.891172][ T3822] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 951.468111][ T3828] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5'. [ 951.504891][ T3828] netlink: 43 bytes leftover after parsing attributes in process `syz.0.5'. [ 951.507890][ T3828] netlink: 'syz.0.5': attribute type 5 has an invalid length. [ 951.509407][ T3828] netlink: 43 bytes leftover after parsing attributes in process `syz.0.5'. [ 965.138588][ T3837] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8'. [ 985.360094][ T3846] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1011.660583][ T3860] netlink: 44 bytes leftover after parsing attributes in process `syz.0.17'. [ 1011.679979][ T3860] netlink: 43 bytes leftover after parsing attributes in process `syz.0.17'. [ 1011.681427][ T3860] netlink: 'syz.0.17': attribute type 5 has an invalid length. [ 1011.717724][ T3860] netlink: 43 bytes leftover after parsing attributes in process `syz.0.17'. [ 1043.460294][ T3871] binder: 3870:3871 unknown command 224 [ 1043.504380][ T3871] binder: 3870:3871 ioctl c0306201 200000000080 returned -22 [ 1057.767816][ T3878] netlink: 8 bytes leftover after parsing attributes in process `syz.0.25'. [ 1057.774989][ T3878] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25'. [ 1057.777552][ T3878] netlink: 'syz.0.25': attribute type 13 has an invalid length. [ 1057.781171][ T3878] netlink: 'syz.0.25': attribute type 14 has an invalid length. [ 1072.929674][ T3888] capability: warning: `syz.1.30' uses 32-bit capabilities (legacy support in use) [ 1138.256794][ T3934] netlink: 32 bytes leftover after parsing attributes in process `syz.1.40'. [ 1161.801287][ T9] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 1163.189080][ T9] usb 2-1: config index 0 descriptor too short (expected 6427, got 27) [ 1163.203941][ T9] usb 2-1: config 0 has an invalid interface number: 21 but max is 0 [ 1163.206256][ T9] usb 2-1: config 0 has no interface number 0 [ 1163.208817][ T9] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 1163.211294][ T9] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1163.255545][ T9] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 1163.257963][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1163.858028][ T9] usb 2-1: config 0 descriptor?? [ 1170.946731][ T9] usb 2-1: USB disconnect, device number 2 [ 1291.011653][ T4010] random: crng reseeded on system resumption [ 1409.404700][ T4061] binder: 4060:4061 ioctl 4018620d 0 returned -22 [ 1420.058177][ T4068] netlink: 64 bytes leftover after parsing attributes in process `syz.0.91'. [ 1429.750812][ T3761] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1430.135277][ T3761] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1430.207670][ T3761] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1430.210023][ T3761] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1430.217918][ T3761] usb 1-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 1430.220339][ T3761] usb 1-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 1430.223699][ T3761] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1430.226041][ T3761] usb 1-1: config 1 interface 1 has no altsetting 0 [ 1430.597809][ T3761] usb 1-1: string descriptor 0 read error: -22 [ 1430.610914][ T3761] usb 1-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 1430.614231][ T3761] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1433.084674][ T3761] usb 1-1: 2:0: failed to get current value for ch 0 (-32) [ 1433.419025][ T3761] usb 1-1: 2:0: cannot get min/max values for control 2 (id 2) [ 1434.441642][ T3761] usb 1-1: 2:0: cannot get min/max values for control 2 (id 2) [ 1434.834420][ T3761] usb 1-1: 2:0: cannot get min/max values for control 2 (id 2) [ 1435.656999][ T3761] usb 1-1: USB disconnect, device number 2 [ 1438.860946][ T4102] faux_driver vkms: [drm] Unknown color mode 6; guessing buffer size. [ 1601.211511][ T24] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 1602.137124][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 1602.307707][ T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1602.311002][ T24] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 16 [ 1602.339935][ T24] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64 [ 1602.370277][ T24] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 23 [ 1602.544116][ T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1602.549335][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1602.551354][ T24] usb 2-1: SerialNumber: syz [ 1602.980557][ T4189] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1603.184430][ T4189] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1603.479751][ T24] hub 2-1:1.0: bad descriptor, ignoring hub [ 1603.488169][ T24] hub 2-1:1.0: probe with driver hub failed with error -5 [ 1603.643548][ T24] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 1605.391879][ T24] cdc_acm 2-1:1.0: ttyACM0: USB ACM device [ 1606.184482][ T24] usb 2-1: USB disconnect, device number 3 [ 1713.921716][ T4257] netlink: 16 bytes leftover after parsing attributes in process `syz.0.155'. [ 1782.136306][ T4295] netlink: 40 bytes leftover after parsing attributes in process `syz.0.168'. [ 1782.144461][ T4295] netlink: 32 bytes leftover after parsing attributes in process `syz.0.168'. [ 1820.518106][ T4309] input: syz1 as /devices/virtual/input/input1 [ 1836.566704][ T4318] netlink: 4 bytes leftover after parsing attributes in process `syz.1.177'. [ 1876.025941][ T3830] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 1876.826215][ T3830] usb 2-1: Using ep0 maxpacket: 16 [ 1876.965998][ T3830] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1876.968283][ T3830] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1876.970343][ T3830] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1877.239087][ T3830] usb 2-1: config 0 descriptor?? [ 1881.967559][ T3830] mcp2221 0003:04D8:00DD.0001: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 1883.310589][ T3830] usb 2-1: USB disconnect, device number 4 [ 2008.265705][ T4419] Driver unsupported XDP return value 0 on prog (id 28) dev N/A, expect packet loss! [ 2017.856463][ T4423] input: syz0 as /devices/virtual/input/input2 [ 2033.247794][ T4435] netlink: 12 bytes leftover after parsing attributes in process `syz.0.209'. [ 2060.488994][ T4448] netlink: 'syz.1.214': attribute type 3 has an invalid length. [ 2064.964775][ T4450] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 2072.299718][ T4454] syz.1.216 uses obsolete (PF_INET,SOCK_PACKET) [ 2098.015693][ T3830] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 2099.138211][ T3830] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 2099.141449][ T3830] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2099.188341][ T3830] usb 1-1: Product: syz [ 2099.190852][ T3830] usb 1-1: Manufacturer: syz [ 2099.224667][ T3830] usb 1-1: SerialNumber: syz [ 2103.363854][ T3830] rtl8150 1-1:1.0: couldn't reset the device [ 2103.386898][ T3830] rtl8150 1-1:1.0: probe with driver rtl8150 failed with error -5 [ 2115.379126][ T24] usb 1-1: USB disconnect, device number 3 [ 2169.577907][ T4510] input: syz0 as /devices/virtual/input/input3 [ 2195.461631][ T4523] ======================================================= [ 2195.461631][ T4523] WARNING: The mand mount option has been deprecated and [ 2195.461631][ T4523] and is ignored by this kernel. Remove the mand [ 2195.461631][ T4523] option from the mount to silence this warning. [ 2195.461631][ T4523] ======================================================= [ 2214.509265][ T4533] netlink: 28 bytes leftover after parsing attributes in process `syz.1.244'. [ 2214.519894][ T4533] netlink: 28 bytes leftover after parsing attributes in process `syz.1.244'. [ 2214.721801][ T4533] netlink: 28 bytes leftover after parsing attributes in process `syz.1.244'. [ 2214.725224][ T4533] netlink: 28 bytes leftover after parsing attributes in process `syz.1.244'. [ 2214.751798][ T4533] netlink: 28 bytes leftover after parsing attributes in process `syz.1.244'. [ 2214.767186][ T4533] netlink: 28 bytes leftover after parsing attributes in process `syz.1.244'. [ 2214.801452][ T4533] Zero length message leads to an empty skb [ 2264.597501][ T4560] mmap: syz.1.254 (4560) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 2287.326113][ T4568] netlink: 'syz.1.259': attribute type 9 has an invalid length. [ 2358.156285][ T31] audit: type=1326 audit(2356.790:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4603 comm="syz.0.275" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0x7fff91b33992 code=0x0 [ 2371.656409][ T4613] netpci0: tun_chr_ioctl cmd 1074025672 [ 2371.658644][ T4613] netpci0: ignored: set checksum enabled [ 2590.834570][ T4744] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 2654.454402][ T4786] veth1_macvtap: left promiscuous mode [ 2654.455998][ T4786] macsec0: entered promiscuous mode [ 2655.910440][ T4788] veth1_macvtap: entered promiscuous mode [ 2656.055872][ T4788] macsec0: left promiscuous mode [ 2667.187225][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 2667.880385][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 2668.196481][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2668.200230][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2668.215744][ T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 2668.217477][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2669.288115][ T9] usb 1-1: config 0 descriptor?? [ 2669.601204][ T9] hub 1-1:0.0: USB hub found [ 2671.501065][ T9] hub 1-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 2673.147177][ T9] hid-generic 0003:046D:C31C.0002: item fetching failed at offset 0/1 [ 2673.328865][ T9] hid-generic 0003:046D:C31C.0002: probe with driver hid-generic failed with error -22 [ 2673.821708][ T9] usb 1-1: USB disconnect, device number 4 [ 2683.296862][ T4816] loop0: Can't mount, would change RO state [ 2696.601898][ T4824] netlink: 12 bytes leftover after parsing attributes in process `syz.0.351'. [ 2696.621640][ T4824] netlink: 12 bytes leftover after parsing attributes in process `syz.0.351'. [ 2734.688800][ T4846] hub 1-0:1.0: USB hub found [ 2734.756075][ T4846] hub 1-0:1.0: 1 port detected [ 2747.325317][ T4862] input: syz0 as /devices/virtual/input/input4 [ 2757.676884][ T4874] input: syz1 as /devices/virtual/input/input5 [ 2801.926851][ T3758] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 2802.165902][ T3758] usb 2-1: Using ep0 maxpacket: 16 [ 2802.457148][ T3758] usb 2-1: config 0 has an invalid interface number: 34 but max is 0 [ 2802.458625][ T3758] usb 2-1: config 0 has no interface number 0 [ 2802.459883][ T3758] usb 2-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 2802.461581][ T3758] usb 2-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 2802.690688][ T3758] usb 2-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73 [ 2802.694684][ T3758] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2802.696398][ T3758] usb 2-1: Product: syz [ 2802.697803][ T3758] usb 2-1: Manufacturer: syz [ 2802.699232][ T3758] usb 2-1: SerialNumber: syz [ 2803.099250][ T3758] usb 2-1: config 0 descriptor?? [ 2804.025777][ T4913] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2804.030157][ T4913] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2805.850499][ T4913] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2805.875021][ T4913] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2806.483205][ T3758] asix 2-1:0.34 (unnamed net_device) (uninitialized): invalid hw address, using random [ 2807.220725][ T3758] asix 2-1:0.34 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 2807.274747][ T3758] asix 2-1:0.34: probe with driver asix failed with error -71 [ 2807.646808][ T3758] usb 2-1: USB disconnect, device number 5 [ 2809.716561][ T4924] tun0: tun_chr_ioctl cmd 1074025675 [ 2809.725731][ T4924] tun0: persist enabled [ 2828.661580][ T4943] vxcan1: tx address claim with dlc 0 [ 2947.197564][ T4262] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 2947.677641][ T4262] usb 1-1: Using ep0 maxpacket: 8 [ 2947.869069][ T4262] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 2947.891447][ T4262] usb 1-1: config 0 has an invalid interface number: 21 but max is 0 [ 2947.896413][ T4262] usb 1-1: config 0 has no interface number 0 [ 2947.899480][ T4262] usb 1-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 2947.915824][ T4262] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 2947.919801][ T4262] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 2948.050697][ T4262] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 2948.076822][ T4262] usb 1-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 2948.079090][ T4262] usb 1-1: Product: syz [ 2948.884968][ T4262] usb 1-1: config 0 descriptor?? [ 2952.305915][ T4262] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.21/input/input6 [ 2952.496606][ T4262] input: failed to attach handler kbd to device input6, error: -5 [ 2953.375495][ T4262] usb 1-1: USB disconnect, device number 5 [ 3027.121416][ T864] block nbd0: Receive control failed (result -32) [ 3027.145554][ T50] block nbd0: Receive control failed (result -32) [ 3027.207942][ T5080] nbd0: detected capacity change from 0 to 63 [ 3088.856448][ T5118] binder: 5117:5118 ioctl c0306201 200000000480 returned -14 [ 3101.555256][ T5124] netlink: 4 bytes leftover after parsing attributes in process `syz.0.458'. [ 3133.489348][ T5147] kernel profiling enabled (shift: 18) [ 3203.558034][ T5190] pimreg: entered allmulticast mode [ 3207.981322][ T5195] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 3240.047336][ T5214] binder: 5213:5214 ioctl c0306201 200000000100 returned -14 [ 3273.719162][ T5233] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 3300.370430][ T5250] macvlan1: entered promiscuous mode [ 3300.385495][ T5250] macvlan1: entered allmulticast mode [ 3301.004386][ T5250] veth1_vlan: entered allmulticast mode [ 3322.638036][ T5265] netlink: 36 bytes leftover after parsing attributes in process `syz.0.514'. [ 3375.069992][ T5302] syz.0.530: vmalloc error: size 2037431678, exceeds total pages, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 3375.179743][ T5302] CPU: 1 UID: 0 PID: 5302 Comm: syz.0.530 Tainted: G L syzkaller #0 PREEMPT [ 3375.180854][ T5302] Tainted: [L]=SOFTLOCKUP [ 3375.181151][ T5302] Hardware name: riscv-virtio,qemu (DT) [ 3375.181740][ T5302] Call Trace: [ 3375.182311][ T5302] [] dump_backtrace+0x2e/0x3c [ 3375.183169][ T5302] [] show_stack+0x30/0x3c [ 3375.183723][ T5302] [] dump_stack_lvl+0x114/0x1ac [ 3375.184624][ T5302] [] dump_stack+0x1c/0x28 [ 3375.185562][ T5302] [] warn_alloc+0x188/0x2a4 [ 3375.186115][ T5302] [] __vmalloc_node_range_noprof+0x14fc/0x18e8 [ 3375.186774][ T5302] [] __kvmalloc_node_noprof+0x4b2/0xa14 [ 3375.187370][ T5302] [] drm_property_create_blob+0x7c/0x2f8 [ 3375.188009][ T5302] [] drm_mode_createblob_ioctl+0xf4/0x3d8 [ 3375.188665][ T5302] [] drm_ioctl_kernel+0x1de/0x370 [ 3375.189361][ T5302] [] drm_ioctl+0x4e6/0xb98 [ 3375.189996][ T5302] [] __riscv_sys_ioctl+0x17c/0x1e4 [ 3375.190562][ T5302] [] syscall_handler+0x92/0x114 [ 3375.191268][ T5302] [] do_trap_ecall_u+0x402/0x680 [ 3375.191923][ T5302] [] handle_exception+0x15e/0x16a [ 3375.339509][ T5302] Mem-Info: [ 3375.398665][ T5302] active_anon:3245 inactive_anon:0 isolated_anon:0 [ 3375.398665][ T5302] active_file:14336 inactive_file:35351 isolated_file:0 [ 3375.398665][ T5302] unevictable:768 dirty:87 writeback:0 [ 3375.398665][ T5302] slab_reclaimable:2697 slab_unreclaimable:28273 [ 3375.398665][ T5302] mapped:12496 shmem:807 pagetables:817 [ 3375.398665][ T5302] sec_pagetables:0 bounce:0 [ 3375.398665][ T5302] kernel_misc_reclaimable:0 [ 3375.398665][ T5302] free:206033 free_pcp:4726 free_cma:52672 [ 3375.504075][ T5302] Node 0 active_anon:12980kB inactive_anon:0kB active_file:57344kB inactive_file:141404kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:49984kB dirty:352kB writeback:0kB shmem:3228kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6128kB pagetables:3272kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 3375.576462][ T5302] Node 0 DMA32 free:824132kB boost:0kB min:22528kB low:28160kB high:33792kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12980kB inactive_anon:0kB active_file:57344kB inactive_file:141404kB unevictable:3072kB writepending:352kB zspages:0kB present:2097152kB managed:1424720kB mlocked:0kB bounce:0kB free_pcp:19192kB local_pcp:7888kB free_cma:210688kB [ 3375.619651][ T5302] lowmem_reserve[]: 0 0 0 [ 3375.640576][ T5302] Node 0 DMA32: 927*4kB (UME) 415*8kB (UME) 359*16kB (UME) 137*32kB (ME) 123*64kB (UME) 85*128kB (ME) 53*256kB (UMEC) 35*512kB (MEC) 9*1024kB (UMEC) 7*2048kB (UMEC) 179*4096kB (MC) = 824132kB [ 3375.697574][ T5302] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3375.699348][ T5302] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 3375.701088][ T5302] 50496 total pagecache pages [ 3375.830225][ T5302] 0 pages in swap cache [ 3375.831789][ T5302] Free swap = 124996kB [ 3375.849644][ T5302] Total swap = 124996kB [ 3375.851400][ T5302] 524288 pages RAM [ 3375.871147][ T5302] 0 pages HighMem/MovableOnly [ 3375.878941][ T5302] 168108 pages reserved [ 3375.880271][ T5302] 52736 pages cma reserved [ 3406.295832][ T3830] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 3406.886153][ T3830] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 3406.889629][ T3830] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 3406.904774][ T3830] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.00 [ 3406.907003][ T3830] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3407.108524][ T3830] usb 1-1: config 0 descriptor?? [ 3407.200325][ T5318] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 3410.025772][ T3830] keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor [ 3410.524948][ T3830] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0003/input/input7 [ 3411.066990][ T3830] keytouch 0003:0926:3333.0003: input,hidraw0: USB HID v0.20 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 3411.424949][ T3830] usb 1-1: USB disconnect, device number 6 [ 3415.222370][ C1] hrtimer: interrupt took 1134700 ns [ 3538.406675][ T4259] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 3538.658049][ T4259] usb 1-1: Using ep0 maxpacket: 8 [ 3539.011103][ T4259] usb 1-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice= d.68 [ 3539.015638][ T4259] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3539.017680][ T4259] usb 1-1: Product: syz [ 3539.019174][ T4259] usb 1-1: Manufacturer: syz [ 3539.020549][ T4259] usb 1-1: SerialNumber: syz [ 3540.808866][ T4259] kalmia 1-1:1.0 (unnamed net_device) (uninitialized): Error sending init packet. Status -71 [ 3540.829062][ T4259] kalmia 1-1:1.0: probe with driver kalmia failed with error -71 [ 3541.387373][ T4259] usb 1-1: USB disconnect, device number 7 [ 3586.788887][ T5447] netlink: 'syz.1.581': attribute type 12 has an invalid length. [ 3605.157577][ T5457] netlink: 40 bytes leftover after parsing attributes in process `syz.1.586'. [ 3704.945283][ T5510] netlink: 12 bytes leftover after parsing attributes in process `syz.0.609'. [ 3822.380050][ T5587] netlink: 8 bytes leftover after parsing attributes in process `syz.0.640'. [ 3822.390052][ T5587] netlink: 4 bytes leftover after parsing attributes in process `syz.0.640'. [ 3822.405390][ T5587] netlink: 'syz.0.640': attribute type 18 has an invalid length. [ 3833.295439][ T5597] block nbd1: NBD_DISCONNECT [ 3833.333891][ T5597] block nbd1: Send disconnect failed -32 [ 3833.449214][ T5595] block nbd1: Disconnected due to user request. [ 3833.450873][ T5595] block nbd1: shutting down sockets [ 3932.607641][ T5224] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 3932.926087][ T5224] usb 2-1: Using ep0 maxpacket: 32 [ 3933.209547][ T5224] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 3933.254324][ T5224] usb 2-1: config 0 has no interface number 0 [ 3933.449249][ T5224] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 3933.451028][ T5224] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3933.469347][ T5224] usb 2-1: Product: syz [ 3933.470567][ T5224] usb 2-1: Manufacturer: syz [ 3933.471604][ T5224] usb 2-1: SerialNumber: syz [ 3933.718781][ T5224] usb 2-1: config 0 descriptor?? [ 3934.518429][ T5224] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 3935.898505][ T5224] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 3936.625478][ T5224] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 3936.749204][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 3937.113679][ T5224] usb 2-1: USB disconnect, device number 6 [ 3937.906572][ T5224] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 3938.784276][ T5224] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 3938.986939][ T5224] quatech2 2-1:0.51: device disconnected [ 3994.199206][ T5725] input: syz0 as /devices/virtual/input/input9 [ 4001.146869][ T3758] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 4001.656307][ T3758] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 135, changing to 11 [ 4001.658999][ T3758] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24844, setting to 1024 [ 4001.661649][ T3758] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 4001.691381][ T3758] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 4001.946638][ T3758] usb 2-1: config 0 descriptor?? [ 4004.118334][ T3758] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x4 [ 4004.120656][ T3758] cm6533_jd 0003:0D8C:0022.0004: item fetching failed at offset 4/5 [ 4004.259245][ T3758] cm6533_jd 0003:0D8C:0022.0004: parse failed [ 4004.266567][ T3758] cm6533_jd 0003:0D8C:0022.0004: probe with driver cm6533_jd failed with error -22 [ 4004.818857][ T3758] usb 2-1: USB disconnect, device number 7 [ 4016.756037][ T5760] can0: slcan on ttyS3. [ 4018.128769][ T5764] can0 (unregistered): slcan off ttyS3. [ 4052.009363][ T5785] input: syz1 as /devices/virtual/input/input10 [ 4069.464687][ T5807] netlink: 24 bytes leftover after parsing attributes in process `syz.1.708'. [ 4070.395352][ T5807] netlink: 24 bytes leftover after parsing attributes in process `syz.1.708'. [ 4107.411355][ T5829] netlink: 20 bytes leftover after parsing attributes in process `syz.0.719'. [ 4143.821493][ T5853] netlink: 12 bytes leftover after parsing attributes in process `syz.1.728'. [ 4143.825131][ T5853] netlink: 8 bytes leftover after parsing attributes in process `syz.1.728'. [ 4186.988837][ T5891] process 'syz.0.735' launched '/dev/fd/3' with NULL argv: empty string added [ 4200.189228][ T5902] veth1_to_team: entered promiscuous mode [ 4200.378881][ T5902] ip6gretap0: entered promiscuous mode [ 4200.525111][ T5902] hsr1: Slave A (veth1_to_team) is not up; please bring it up to get a fully working HSR network [ 4200.528382][ T5902] hsr1: entered promiscuous mode [ 4239.248766][ T5920] netlink: 8 bytes leftover after parsing attributes in process `syz.1.747'. [ 4239.256053][ T5920] netlink: 4 bytes leftover after parsing attributes in process `syz.1.747'. [ 4240.276674][ T3307] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 4240.278989][ T3307] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 4240.280835][ T3307] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 4240.350776][ T3307] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 4268.011255][ T4259] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 4268.376437][ T4259] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 4268.379935][ T4259] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 4269.057531][ T4259] usb 2-1: config 0 descriptor?? [ 4269.387333][ T4259] cp210x 2-1:0.0: cp210x converter detected [ 4272.668844][ T4259] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 4272.670942][ T4259] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 4272.918173][ T4259] usb 2-1: cp210x converter now attached to ttyUSB0 [ 4273.415330][ T4259] usb 2-1: USB disconnect, device number 8 [ 4273.956237][ T4259] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 4274.046695][ T4259] cp210x 2-1:0.0: device disconnected [ 4437.896429][ T5224] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 4438.505980][ T5224] usb 2-1: Using ep0 maxpacket: 16 [ 4438.671446][ T5224] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 4438.706670][ T5224] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 4438.708726][ T5224] usb 2-1: config 0 interface 0 has no altsetting 0 [ 4438.710873][ T5224] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 4438.723981][ T5224] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 4439.085270][ T5224] usb 2-1: config 0 descriptor?? [ 4440.906698][ T5224] hid (null): unknown global tag 0xd [ 4442.157606][ T5224] usb 2-1: USB disconnect, device number 9 [ 4498.038336][ T6128] nbd1: detected capacity change from 0 to 127 [ 4498.216364][ T50] block nbd1: Receive control failed (result -32) [ 4510.396116][ T5569] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 4510.409583][ C1] raw-gadget.0 gadget.0: ignoring, device is not running [ 4510.676471][ T5569] usb 1-1: device descriptor read/64, error -32 [ 4511.064375][ T5569] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 4511.429278][ T5569] usb 1-1: Using ep0 maxpacket: 32 [ 4512.156737][ T5569] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 4512.158984][ T5569] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 4512.160871][ T5569] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 4512.173596][ T5569] usb 1-1: config 1 has no interface number 0 [ 4512.175705][ T5569] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 4512.177625][ T5569] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 4512.180312][ T5569] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 4512.193505][ T5569] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 4513.097294][ T5569] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 4515.206610][ T5569] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached [ 4516.257473][ T6142] snd_usb_pod 1-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 4521.158322][ T5990] usb 1-1: USB disconnect, device number 9 [ 4521.426911][ T5990] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 4587.749045][ T6208] netlink: 'syz.0.828': attribute type 32 has an invalid length. [ 4587.750529][ T6208] netlink: 24 bytes leftover after parsing attributes in process `syz.0.828'. [ 4587.776616][ T6208] bond0: option coupled_control: mode dependency failed, not supported in mode balance-rr(0) [ 4600.557961][ T6218] netlink: 'syz.0.831': attribute type 29 has an invalid length. [ 4600.820349][ T6218] netlink: 'syz.0.831': attribute type 29 has an invalid length. [ 4601.308398][ T6218] netlink: 'syz.0.831': attribute type 29 has an invalid length. [ 4637.481166][ T6247] netlink: 360 bytes leftover after parsing attributes in process `syz.1.844'. [ 4643.841074][ T6249] bond0: entered promiscuous mode [ 4643.858709][ T6249] bond_slave_0: entered promiscuous mode [ 4643.883387][ T6249] bond_slave_1: entered promiscuous mode [ 4686.491134][ T6286] netlink: 64 bytes leftover after parsing attributes in process `syz.1.857'. [ 4686.565885][ T6286] netlink: 64 bytes leftover after parsing attributes in process `syz.1.857'. [ 4727.969641][ T6304] ªªªªªª: renamed from vlan0 (while UP) [ 4742.047941][ T6313] netlink: 8 bytes leftover after parsing attributes in process `syz.1.868'. [ 4742.051630][ T6313] netlink: 'syz.1.868': attribute type 29 has an invalid length. [ 4742.145708][ T6313] netlink: 4 bytes leftover after parsing attributes in process `syz.1.868'. [ 4772.340942][ T5990] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 4772.604391][ T5990] usb 1-1: Using ep0 maxpacket: 16 [ 4772.771018][ T5990] usb 1-1: config index 0 descriptor too short (expected 52, got 36) [ 4772.776716][ T5990] usb 1-1: config 0 has an invalid interface number: 251 but max is 0 [ 4772.778779][ T5990] usb 1-1: config 0 has no interface number 0 [ 4772.780588][ T5990] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 4772.794025][ T5990] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 4772.984570][ T5990] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 4772.986226][ T5990] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 4772.987561][ T5990] usb 1-1: Product: syz [ 4772.988703][ T5990] usb 1-1: Manufacturer: syz [ 4772.989774][ T5990] usb 1-1: SerialNumber: syz [ 4773.269696][ T5990] usb 1-1: config 0 descriptor?? [ 4773.400978][ T6327] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 4773.488956][ T6327] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 4774.450728][ T6327] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 4774.500398][ T6327] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 4775.889397][ T5990] asix 1-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 4775.943592][ T5990] asix 1-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 4776.005303][ T5990] asix 1-1:0.251: probe with driver asix failed with error -71 [ 4776.501593][ T5990] usb 1-1: USB disconnect, device number 10 [ 4797.954740][ T6353] Device tree not included in the provided image [ 4896.388975][ T5569] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 4897.384172][ T5569] usb 1-1: config 1 has an invalid interface number: 7 but max is 0 [ 4897.386378][ T5569] usb 1-1: config 1 has no interface number 0 [ 4897.388193][ T5569] usb 1-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 4897.390318][ T5569] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1023 [ 4897.397313][ T5569] usb 1-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 4897.609659][ T5569] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 4897.650130][ T5569] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 4897.657656][ T5569] usb 1-1: Product: syz [ 4897.663915][ T5569] usb 1-1: Manufacturer: syz [ 4897.665710][ T5569] usb 1-1: SerialNumber: syz [ 4898.156099][ T6407] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 4903.617698][ T5569] usb 1-1: Error in usbnet_get_endpoints (-110) [ 4904.406741][ T5569] usb 1-1: USB disconnect, device number 11 [ 5038.343403][ T5224] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 5038.715315][ T5224] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 5038.716959][ T5224] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 5038.811147][ T5224] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 5038.816973][ T5224] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 5038.818405][ T5224] usb 1-1: Product: syz [ 5038.819376][ T5224] usb 1-1: SerialNumber: syz [ 5041.928060][ T5224] cdc_ncm 1-1:1.0: SET_NTB_FORMAT failed [ 5041.988571][ T5224] cdc_ncm 1-1:1.0: bind() failure [ 5042.761469][ T5224] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 5042.795418][ T5224] cdc_ncm 1-1:1.1: bind() failure [ 5043.266862][ T5224] usb 1-1: USB disconnect, device number 12 [ 5063.786154][ T6523] netlink: 104 bytes leftover after parsing attributes in process `syz.1.941'. [ 5102.061644][ T6551] [ 5102.063053][ T6551] ====================================================== [ 5102.064052][ T6551] WARNING: possible circular locking dependency detected [ 5102.065231][ T6551] syzkaller #0 Tainted: G L [ 5102.066300][ T6551] ------------------------------------------------------ [ 5102.067304][ T6551] syz.0.951/6551 is trying to acquire lock: [ 5102.068346][ T6551] ffffaf801f2f6270 (&nsock->tx_lock){+.+.}-{4:4}, at: nbd_queue_rq+0x372/0xe44 [ 5102.071581][ T6551] [ 5102.071581][ T6551] but task is already holding lock: [ 5102.072541][ T6551] ffffaf803a828180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 5102.074939][ T6551] [ 5102.074939][ T6551] which lock already depends on the new lock. [ 5102.074939][ T6551] [ 5102.076027][ T6551] [ 5102.076027][ T6551] the existing dependency chain (in reverse order) is: [ 5102.077112][ T6551] [ 5102.077112][ T6551] -> #6 (&cmd->lock){+.+.}-{4:4}: [ 5102.079171][ T6551] lock_acquire+0x24a/0x504 [ 5102.080385][ T6551] __mutex_lock+0x164/0x1890 [ 5102.081815][ T6551] mutex_lock_nested+0x14/0x1c [ 5102.083180][ T6551] nbd_queue_rq+0xc4/0xe44 [ 5102.084300][ T6551] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 5102.085721][ T6551] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 5102.087223][ T6551] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 5102.088697][ T6551] blk_mq_run_hw_queue+0x274/0x6ec [ 5102.089999][ T6551] blk_mq_dispatch_list+0x53e/0x1430 [ 5102.091344][ T6551] blk_mq_flush_plug_list+0x114/0x55c [ 5102.092664][ T6551] __blk_flush_plug+0x270/0x464 [ 5102.093914][ T6551] __submit_bio+0x42e/0x504 [ 5102.095095][ T6551] submit_bio_noacct_nocheck+0x458/0xdf4 [ 5102.096390][ T6551] submit_bio_noacct+0x6fe/0x2170 [ 5102.097634][ T6551] submit_bio+0xb6/0x5b8 [ 5102.099245][ T6551] submit_bh_wbc+0x428/0x5c0 [ 5102.100550][ T6551] block_read_full_folio+0x396/0x788 [ 5102.101977][ T6551] blkdev_read_folio+0x26/0x30 [ 5102.103203][ T6551] filemap_read_folio+0xc2/0x270 [ 5102.104515][ T6551] do_read_cache_folio+0x22e/0x518 [ 5102.105906][ T6551] read_cache_folio+0x4e/0x68 [ 5102.107247][ T6551] read_part_sector+0xbc/0x408 [ 5102.108410][ T6551] read_lba+0x1b6/0x32c [ 5102.109586][ T6551] find_valid_gpt.constprop.0+0x212/0x21ec [ 5102.110878][ T6551] efi_partition+0xfe/0x9e0 [ 5102.112107][ T6551] bdev_disk_changed+0x5a0/0x1180 [ 5102.113337][ T6551] blkdev_get_whole+0x168/0x25c [ 5102.114615][ T6551] bdev_open+0x288/0xcc4 [ 5102.115763][ T6551] blkdev_open+0x2ec/0x454 [ 5102.116978][ T6551] do_dentry_open+0x418/0x1170 [ 5102.118123][ T6551] vfs_open+0xba/0x3a8 [ 5102.119209][ T6551] path_openat+0x144e/0x2f28 [ 5102.120579][ T6551] do_file_open+0x1ae/0x398 [ 5102.121960][ T6551] do_sys_openat2+0xfe/0x1c0 [ 5102.123107][ T6551] __riscv_sys_openat+0x122/0x1e4 [ 5102.124278][ T6551] syscall_handler+0x92/0x114 [ 5102.125536][ T6551] do_trap_ecall_u+0x402/0x680 [ 5102.126716][ T6551] handle_exception+0x15e/0x16a [ 5102.128008][ T6551] [ 5102.128008][ T6551] -> #5 (set->srcu){.+.+}-{0:0}: [ 5102.130127][ T6551] lock_sync+0xea/0x1cc [ 5102.131509][ T6551] __synchronize_srcu+0xd4/0x24c [ 5102.132977][ T6551] synchronize_srcu+0x14c/0x3fc [ 5102.134411][ T6551] blk_mq_quiesce_queue+0x124/0x194 [ 5102.135598][ T6551] elevator_switch+0x16a/0x4e4 [ 5102.136997][ T6551] elevator_change+0x2f4/0x4ac [ 5102.138373][ T6551] elevator_set_default+0x280/0x370 [ 5102.139766][ T6551] blk_register_queue+0x3a8/0x50c [ 5102.141078][ T6551] __add_disk+0x69a/0xda4 [ 5102.142259][ T6551] add_disk_fwnode+0xe8/0x48c [ 5102.143419][ T6551] device_add_disk+0x28/0x38 [ 5102.144553][ T6551] nbd_dev_add+0x692/0xaec [ 5102.145947][ T6551] nbd_init+0x3d4/0x3f8 [ 5102.147041][ T6551] do_one_initcall+0x18c/0xcdc [ 5102.148118][ T6551] kernel_init_freeable+0x6ca/0x7b4 [ 5102.149419][ T6551] kernel_init+0x28/0x240 [ 5102.150656][ T6551] ret_from_fork_kernel+0x94/0xef8 [ 5102.151917][ T6551] ret_from_fork_kernel_asm+0x16/0x18 [ 5102.153244][ T6551] [ 5102.153244][ T6551] -> #4 (&q->elevator_lock){+.+.}-{4:4}: [ 5102.155204][ T6551] lock_acquire+0x24a/0x504 [ 5102.156359][ T6551] __mutex_lock+0x164/0x1890 [ 5102.157702][ T6551] mutex_lock_nested+0x14/0x1c [ 5102.159114][ T6551] elevator_change+0x192/0x4ac [ 5102.160502][ T6551] elevator_set_none+0xa8/0x120 [ 5102.161830][ T6551] blk_mq_update_nr_hw_queues+0x43a/0x13a0 [ 5102.163155][ T6551] nbd_start_device+0x156/0xb74 [ 5102.164251][ T6551] nbd_genl_connect+0xe74/0x1a4c [ 5102.165401][ T6551] genl_family_rcv_msg_doit+0x1f6/0x2d8 [ 5102.166991][ T6551] genl_rcv_msg+0x4b2/0x73c [ 5102.168102][ T6551] netlink_rcv_skb+0x1e8/0x394 [ 5102.169510][ T6551] genl_rcv+0x32/0x4c [ 5102.170854][ T6551] netlink_unicast+0x50c/0x7d8 [ 5102.172399][ T6551] netlink_sendmsg+0x7e0/0xd64 [ 5102.173830][ T6551] __sock_sendmsg+0xca/0x160 [ 5102.175189][ T6551] ____sys_sendmsg+0x636/0x794 [ 5102.176544][ T6551] ___sys_sendmsg+0x1a4/0x1e8 [ 5102.178094][ T6551] __sys_sendmsg+0x18e/0x234 [ 5102.179251][ T6551] __riscv_sys_sendmsg+0x70/0xa4 [ 5102.180400][ T6551] syscall_handler+0x92/0x114 [ 5102.181652][ T6551] do_trap_ecall_u+0x402/0x680 [ 5102.182873][ T6551] handle_exception+0x15e/0x16a [ 5102.184087][ T6551] [ 5102.184087][ T6551] -> #3 (&q->q_usage_counter(io)#19){++++}-{0:0}: [ 5102.186466][ T6551] lock_acquire+0x24a/0x504 [ 5102.187628][ T6551] blk_alloc_queue+0x5b4/0x6f4 [ 5102.188798][ T6551] blk_mq_alloc_queue+0x15e/0x250 [ 5102.190075][ T6551] __blk_mq_alloc_disk+0x2a/0xd8 [ 5102.191461][ T6551] nbd_dev_add+0x426/0xaec [ 5102.192789][ T6551] nbd_init+0x3d4/0x3f8 [ 5102.193902][ T6551] do_one_initcall+0x18c/0xcdc [ 5102.195050][ T6551] kernel_init_freeable+0x6ca/0x7b4 [ 5102.196290][ T6551] kernel_init+0x28/0x240 [ 5102.197526][ T6551] ret_from_fork_kernel+0x94/0xef8 [ 5102.198760][ T6551] ret_from_fork_kernel_asm+0x16/0x18 [ 5102.199996][ T6551] [ 5102.199996][ T6551] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 5102.201998][ T6551] lock_acquire+0x24a/0x504 [ 5102.203159][ T6551] fs_reclaim_acquire+0xc6/0x100 [ 5102.204525][ T6551] kmem_cache_alloc_node_noprof+0x40/0x6e8 [ 5102.205729][ T6551] __alloc_skb+0x17c/0x778 [ 5102.206757][ T6551] tcp_stream_alloc_skb+0x2e/0x4d8 [ 5102.208009][ T6551] tcp_sendmsg_locked+0xe16/0x408c [ 5102.209282][ T6551] tcp_sendmsg+0x32/0x50 [ 5102.210451][ T6551] inet_sendmsg+0x9a/0xd8 [ 5102.211514][ T6551] __sock_sendmsg+0xca/0x160 [ 5102.212797][ T6551] sock_write_iter+0x298/0x3e8 [ 5102.214156][ T6551] vfs_write+0x648/0xd08 [ 5102.215284][ T6551] ksys_write+0x1f4/0x244 [ 5102.216407][ T6551] __riscv_sys_write+0x6e/0xa0 [ 5102.217634][ T6551] syscall_handler+0x92/0x114 [ 5102.218841][ T6551] do_trap_ecall_u+0x402/0x680 [ 5102.220007][ T6551] handle_exception+0x15e/0x16a [ 5102.221304][ T6551] [ 5102.221304][ T6551] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 5102.223263][ T6551] lock_acquire+0x24a/0x504 [ 5102.224369][ T6551] lock_sock_nested+0x38/0xf8 [ 5102.225613][ T6551] tcp_sendmsg+0x28/0x50 [ 5102.226779][ T6551] inet_sendmsg+0x9a/0xd8 [ 5102.227822][ T6551] sock_sendmsg+0x206/0x2d4 [ 5102.229127][ T6551] __sock_xmit+0x244/0x578 [ 5102.230435][ T6551] nbd_disconnect.isra.0+0x312/0x3e8 [ 5102.231758][ T6551] nbd_ioctl+0xbc8/0xbd4 [ 5102.232868][ T6551] blkdev_ioctl+0x4cc/0x12e4 [ 5102.234334][ T6551] __riscv_sys_ioctl+0x17c/0x1e4 [ 5102.235421][ T6551] syscall_handler+0x92/0x114 [ 5102.236576][ T6551] do_trap_ecall_u+0x402/0x680 [ 5102.237752][ T6551] handle_exception+0x15e/0x16a [ 5102.238938][ T6551] [ 5102.238938][ T6551] -> #0 (&nsock->tx_lock){+.+.}-{4:4}: [ 5102.240891][ T6551] check_noncircular+0x138/0x14c [ 5102.242093][ T6551] __lock_acquire+0xe9c/0x25ac [ 5102.243262][ T6551] lock_acquire+0x24a/0x504 [ 5102.244371][ T6551] __mutex_lock+0x164/0x1890 [ 5102.245685][ T6551] mutex_lock_nested+0x14/0x1c [ 5102.246969][ T6551] nbd_queue_rq+0x372/0xe44 [ 5102.248022][ T6551] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 5102.249353][ T6551] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 5102.250855][ T6551] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 5102.252338][ T6551] blk_mq_run_hw_queue+0x274/0x6ec [ 5102.253596][ T6551] blk_mq_dispatch_list+0x53e/0x1430 [ 5102.254800][ T6551] blk_mq_flush_plug_list+0x114/0x55c [ 5102.256001][ T6551] __blk_flush_plug+0x270/0x464 [ 5102.257172][ T6551] __submit_bio+0x42e/0x504 [ 5102.258298][ T6551] submit_bio_noacct_nocheck+0x458/0xdf4 [ 5102.259516][ T6551] submit_bio_noacct+0x6fe/0x2170 [ 5102.260722][ T6551] submit_bio+0xb6/0x5b8 [ 5102.261818][ T6551] submit_bh_wbc+0x428/0x5c0 [ 5102.263013][ T6551] block_read_full_folio+0x396/0x788 [ 5102.264310][ T6551] blkdev_read_folio+0x26/0x30 [ 5102.265530][ T6551] filemap_read_folio+0xc2/0x270 [ 5102.266746][ T6551] do_read_cache_folio+0x22e/0x518 [ 5102.267991][ T6551] read_cache_folio+0x4e/0x68 [ 5102.269226][ T6551] read_part_sector+0xbc/0x408 [ 5102.270313][ T6551] read_lba+0x1b6/0x32c [ 5102.271360][ T6551] find_valid_gpt.constprop.0+0x212/0x21ec [ 5102.272618][ T6551] efi_partition+0xfe/0x9e0 [ 5102.273795][ T6551] bdev_disk_changed+0x5a0/0x1180 [ 5102.274932][ T6551] blkdev_get_whole+0x168/0x25c [ 5102.276045][ T6551] bdev_open+0x288/0xcc4 [ 5102.277106][ T6551] blkdev_open+0x2ec/0x454 [ 5102.278315][ T6551] do_dentry_open+0x418/0x1170 [ 5102.279362][ T6551] vfs_open+0xba/0x3a8 [ 5102.280407][ T6551] path_openat+0x144e/0x2f28 [ 5102.281669][ T6551] do_file_open+0x1ae/0x398 [ 5102.282958][ T6551] do_sys_openat2+0xfe/0x1c0 [ 5102.284063][ T6551] __riscv_sys_openat+0x122/0x1e4 [ 5102.285268][ T6551] syscall_handler+0x92/0x114 [ 5102.286537][ T6551] do_trap_ecall_u+0x402/0x680 [ 5102.287670][ T6551] handle_exception+0x15e/0x16a [ 5102.288847][ T6551] [ 5102.288847][ T6551] other info that might help us debug this: [ 5102.288847][ T6551] [ 5102.290038][ T6551] Chain exists of: [ 5102.290038][ T6551] &nsock->tx_lock --> set->srcu --> &cmd->lock [ 5102.290038][ T6551] [ 5102.292652][ T6551] Possible unsafe locking scenario: [ 5102.292652][ T6551] [ 5102.293583][ T6551] CPU0 CPU1 [ 5102.294367][ T6551] ---- ---- [ 5102.295146][ T6551] lock(&cmd->lock); [ 5102.296317][ T6551] lock(set->srcu); [ 5102.297761][ T6551] lock(&cmd->lock); [ 5102.299140][ T6551] lock(&nsock->tx_lock); [ 5102.300308][ T6551] [ 5102.300308][ T6551] *** DEADLOCK *** [ 5102.300308][ T6551] [ 5102.301300][ T6551] 3 locks held by syz.0.951/6551: [ 5102.302314][ T6551] #0: ffffaf801a943358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x3c4/0xcc4 [ 5102.305010][ T6551] #1: ffffaf8018c8fb98 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x22c/0x6ec [ 5102.307695][ T6551] #2: ffffaf803a828180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 5102.310236][ T6551] [ 5102.310236][ T6551] stack backtrace: [ 5102.311190][ T6551] CPU: 1 UID: 0 PID: 6551 Comm: syz.0.951 Tainted: G L syzkaller #0 PREEMPT [ 5102.311839][ T6551] Tainted: [L]=SOFTLOCKUP [ 5102.312030][ T6551] Hardware name: riscv-virtio,qemu (DT) [ 5102.312243][ T6551] Call Trace: [ 5102.312445][ T6551] [] dump_backtrace+0x2e/0x3c [ 5102.313193][ T6551] [] show_stack+0x30/0x3c [ 5102.313719][ T6551] [] dump_stack_lvl+0x114/0x1ac [ 5102.314509][ T6551] [] dump_stack+0x1c/0x28 [ 5102.315253][ T6551] [] print_circular_bug+0x250/0x29c [ 5102.315797][ T6551] [] check_noncircular+0x138/0x14c [ 5102.316354][ T6551] [] __lock_acquire+0xe9c/0x25ac [ 5102.316930][ T6551] [] lock_acquire+0x24a/0x504 [ 5102.317498][ T6551] [] __mutex_lock+0x164/0x1890 [ 5102.318232][ T6551] [] mutex_lock_nested+0x14/0x1c [ 5102.318972][ T6551] [] nbd_queue_rq+0x372/0xe44 [ 5102.319476][ T6551] [] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 5102.320112][ T6551] [] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 5102.320939][ T6551] [] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 5102.321719][ T6551] [] blk_mq_run_hw_queue+0x274/0x6ec [ 5102.322351][ T6551] [] blk_mq_dispatch_list+0x53e/0x1430 [ 5102.322982][ T6551] [] blk_mq_flush_plug_list+0x114/0x55c [ 5102.323634][ T6551] [] __blk_flush_plug+0x270/0x464 [ 5102.324228][ T6551] [] __submit_bio+0x42e/0x504 [ 5102.324804][ T6551] [] submit_bio_noacct_nocheck+0x458/0xdf4 [ 5102.325469][ T6551] [] submit_bio_noacct+0x6fe/0x2170 [ 5102.326059][ T6551] [] submit_bio+0xb6/0x5b8 [ 5102.326616][ T6551] [] submit_bh_wbc+0x428/0x5c0 [ 5102.327242][ T6551] [] block_read_full_folio+0x396/0x788 [ 5102.327953][ T6551] [] blkdev_read_folio+0x26/0x30 [ 5102.328549][ T6551] [] filemap_read_folio+0xc2/0x270 [ 5102.329270][ T6551] [] do_read_cache_folio+0x22e/0x518 [ 5102.329991][ T6551] [] read_cache_folio+0x4e/0x68 [ 5102.330691][ T6551] [] read_part_sector+0xbc/0x408 [ 5102.331273][ T6551] [] read_lba+0x1b6/0x32c [ 5102.331802][ T6551] [] find_valid_gpt.constprop.0+0x212/0x21ec [ 5102.332464][ T6551] [] efi_partition+0xfe/0x9e0 [ 5102.333059][ T6551] [] bdev_disk_changed+0x5a0/0x1180 [ 5102.333637][ T6551] [] blkdev_get_whole+0x168/0x25c [ 5102.334198][ T6551] [] bdev_open+0x288/0xcc4 [ 5102.334741][ T6551] [] blkdev_open+0x2ec/0x454 [ 5102.335327][ T6551] [] do_dentry_open+0x418/0x1170 [ 5102.335830][ T6551] [] vfs_open+0xba/0x3a8 [ 5102.336366][ T6551] [] path_openat+0x144e/0x2f28 [ 5102.337114][ T6551] [] do_file_open+0x1ae/0x398 [ 5102.337892][ T6551] [] do_sys_openat2+0xfe/0x1c0 [ 5102.338441][ T6551] [] __riscv_sys_openat+0x122/0x1e4 [ 5102.339017][ T6551] [] syscall_handler+0x92/0x114 [ 5102.339640][ T6551] [] do_trap_ecall_u+0x402/0x680 [ 5102.340227][ T6551] [] handle_exception+0x15e/0x16a [ 5102.446554][ T6551] block nbd0: Dead connection, failed to find a fallback [ 5102.448710][ T6551] block nbd0: shutting down sockets [ 5102.475607][ T6551] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5102.478594][ T6551] Buffer I/O error on dev nbd0, logical block 0, async page read [ 5102.507004][ T6551] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5102.509542][ T6551] Buffer I/O error on dev nbd0, logical block 1, async page read [ 5102.574779][ T6551] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5102.578243][ T6551] Buffer I/O error on dev nbd0, logical block 2, async page read [ 5102.581412][ T6551] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5102.641471][ T6551] Buffer I/O error on dev nbd0, logical block 3, async page read [ 5102.796829][ T6551] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5102.799505][ T6551] Buffer I/O error on dev nbd0, logical block 0, async page read [ 5102.894015][ T6551] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5102.896476][ T6551] Buffer I/O error on dev nbd0, logical block 1, async page read [ 5102.926534][ T6551] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5102.948867][ T6551] Buffer I/O error on dev nbd0, logical block 2, async page read [ 5102.996445][ T6551] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5103.008733][ T6551] Buffer I/O error on dev nbd0, logical block 3, async page read [ 5103.050000][ T6551] nbd0: unable to read partition table