last executing test programs: 4m43.955366219s ago: executing program 0 (id=1463): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af0ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000020000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x12, 0x4, 0x4, 0xc}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000001800000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8a00fe00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4m35.572405329s ago: executing program 0 (id=1465): r0 = socket$unix(0x1, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000000)=0x2, 0x4) connect$unix(r0, &(0x7f0000000140)=@file={0x1, '.\x02\x00'}, 0x6e) connect$unix(r0, &(0x7f0000000280)=@abs={0x1, 0x0, 0x4e23}, 0x6e) 4m28.76329104s ago: executing program 0 (id=1467): r0 = socket$inet6(0xa, 0x3, 0x5) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x1, @loopback, 0x7}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4) getpeername$packet(r0, 0x0, &(0x7f0000003540)) 4m20.652778644s ago: executing program 0 (id=1469): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000400)="0231124dd58c3e6afdb5e752ce972c59c50440c0ada185b974883ee21c8d77b2f7a633f7cb05e1345b429d41469320c4868d0e5fc36947286f30e834374d49c19c4536392e082ffa2c", 0x49}], 0x1}}], 0x1, 0x805) 4m12.216813447s ago: executing program 0 (id=1471): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xf0, 0x32, 0x205, 0x70bd2d, 0x25dfdbfc, {}, [{0xc9}]}, 0xf0}, 0x1, 0x0, 0x0, 0x85}, 0x8000) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) 4m2.889558969s ago: executing program 0 (id=1473): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0) 3m8.890277213s ago: executing program 32 (id=1473): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0) 53.92602108s ago: executing program 1 (id=1495): unshare(0x2a020400) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0xa000, 0x4) unshare(0x2000400) close(r0) 47.255412404s ago: executing program 1 (id=1496): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000, 0x0, 0x0, 0x0, 0x4}) r0 = socket(0x10, 0x80002, 0x0) sendmsg(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000040)="24000000180003041dfffd946f610500020100000005fe060c10880008000f00fff3c00e140000001a00ffffba16a0aa1c091dbfa1090000", 0x38}], 0x1}, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r0) 39.46334017s ago: executing program 1 (id=1497): prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') preadv(r0, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) 22.8562268s ago: executing program 1 (id=1498): pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0x1, 0x1009, r0, 0x0) vmsplice(r1, &(0x7f0000001700)=[{&(0x7f0000000a40)="8b", 0x1}], 0x1, 0x8) 10.71334708s ago: executing program 1 (id=1499): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f00009a2000/0x3000)=nil, 0x3000, 0x3}) 0s ago: executing program 1 (id=1500): syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x1c1400) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)={0x1c, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x10) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:21771' (ED25519) to the list of known hosts. syzkaller login: [ 558.631722][ T3190] cgroup: Unknown subsys name 'net' [ 559.234119][ T3190] cgroup: Unknown subsys name 'cpuset' [ 559.355219][ T3190] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 647.607088][ T3190] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 805.570617][ T3205] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 806.524979][ T3205] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 807.167751][ T3204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 807.976155][ T3204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 819.983090][ T3205] hsr_slave_0: entered promiscuous mode [ 820.035585][ T3205] hsr_slave_1: entered promiscuous mode [ 823.346249][ T3204] hsr_slave_0: entered promiscuous mode [ 823.382505][ T3204] hsr_slave_1: entered promiscuous mode [ 823.407339][ T3204] debugfs: 'hsr0' already exists in 'hsr' [ 823.411085][ T3204] Cannot create hsr debugfs directory [ 834.955741][ T3205] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 835.287761][ T3205] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 835.496777][ T3205] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 835.986812][ T3205] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 838.743092][ T3204] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 839.058453][ T3204] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 839.755028][ T3204] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 840.146930][ T3204] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 862.308410][ T3205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 868.261203][ T3204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 929.652380][ T3205] veth0_vlan: entered promiscuous mode [ 930.498328][ T3205] veth1_vlan: entered promiscuous mode [ 932.305647][ T3205] veth0_macvtap: entered promiscuous mode [ 933.003861][ T3205] veth1_macvtap: entered promiscuous mode [ 933.890040][ T3204] veth0_vlan: entered promiscuous mode [ 934.991692][ T3204] veth1_vlan: entered promiscuous mode [ 936.305301][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 936.395439][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 936.552345][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 936.556008][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 939.055465][ T3204] veth0_macvtap: entered promiscuous mode [ 939.836435][ T3204] veth1_macvtap: entered promiscuous mode [ 942.884344][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 942.982250][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 942.984368][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 943.030372][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 943.227826][ T3205] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 971.128720][ T3834] netlink: 360 bytes leftover after parsing attributes in process `syz.0.6'. [ 1065.558056][ T3893] netlink: 8 bytes leftover after parsing attributes in process `syz.1.29'. [ 1068.265997][ T806] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1068.985225][ T806] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1068.996441][ T806] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1069.033192][ T806] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1069.038363][ T806] usb 1-1: New USB device found, idVendor=056a, idProduct=0010, bcdDevice= 0.00 [ 1069.068784][ T806] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1069.637644][ T806] usb 1-1: config 0 descriptor?? [ 1072.938588][ T806] wacom 0003:056A:0010.0001: Unknown device_type for 'HID 056a:0010'. Assuming pen. [ 1073.725148][ T806] wacom 0003:056A:0010.0001: hidraw0: USB HID v0.00 Device [HID 056a:0010] on usb-dummy_hcd.0-1/input0 [ 1074.067045][ T806] input: Wacom Graphire Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:056A:0010.0001/input/input0 [ 1074.946392][ T806] usb 1-1: USB disconnect, device number 2 [ 1108.522489][ T3937] block nbd1: Unsupported socket: should be TCP or UNIX. [ 1120.329127][ T3946] [U]  [ 1120.449027][ T3946] [U] K{ [ 1120.493701][ T3946] [U] t 1ŠFfˊ`GJgo/mC [ 1120.495797][ T3946] [U] tؖ/,~Ĝj}8'o1"7-JQKWq5c%"H12YX``+(!(z'tXlnIgjݭp~7!" (5Ob̓J [ 1120.497485][ T3946] [U] k\&}66XHX .`a$40|϶9ި U4Vbz}wMTQΦr 4 [ 1120.532319][ T3946] [U] ".h6"k[J4In[Z(C|T]z{3c=x4w)\TXJSH{q;칢t+gd.˂>ywUhfNhl]S2\g%O&z)'pul_< ذ`ұT;_"(u{7j2X /'cIHcճV=Ai%wEs RjgrhIa6-DV i"n Asc~48c*OO5/J~wvK+3Y)Mvyq潀DTrOtpem%fejA5T_-X~^aaۂq [ 1120.537148][ T3946] [U] +wG?]'a: )' B>tf/<'U'hi.+]e.-ɿ%>2`^U8F.63+A«g3p6:^0tv'EtYCnrϩnPj ;Z8!\Aʖ2$­wi.#/Bai`4jdy@zgW5˿B ٜNy"vI2 [ 1120.564765][ T3946] [U] T_K5tYJ9c$brLNul 9w|G"ʃ%C؝q 3qN^HP*$ .7yӱ2 [ 1120.566585][ T3946] [U] ? h*37鍾^#Q"0~ (oX Lb,'v=CSGS0ւ`ه=1(p#2DO*Ƀ [ 1120.568415][ T3946] [U] sgGud-{|&2Lc_!`oz֥B%>rwSsH"yA4O.Y䏄RTԶB[+/<>{q_՝LX8U{Z)7?rR;crhײڣ1>)Măt(aϝ}9ڥJ*Mќġ'Lq DW=|q ÆW;5Ž!dBx`/E`ƦMX"\ [ 1120.662763][ T3946] [U] {; ٘_o2)o.2W2yx_ HPϱSD:]{ [ 1120.664630][ T3946] [U] I,> 51^1N4oǶ'0?֒i9w._.WaV`)Zc6GiӹaXL[F*OW)+'\n[K@2Ǭp"^` [ 1120.665917][ T3946] [U] 22Ʃx?0;3u [ 1120.667944][ T3946] [U] ޜsObx8W4(~/KUԖoQe+G-ygY_>v3.hә]̈́2)D, D~d+w; A\FPȘ|$)KؐIɿkYT^R癵A=#ܜ aet1ݯ4K.e"RS|s:>p r"z#P!KY"}FN84hޱosߙ̫%Dlwm [ 1120.694074][ T3946] [U] [['xn' ,mr/1D=!Dx91BwRlfKZ#` l؛˜b~m [ 1120.695709][ T3946] [U] L>d+d"5h3<iR=F^fnvDOIO:U>Y [ 1120.697131][ T3946] [U] 'B6v20瞥׌"t8{9FW]쩍 [ 1120.699004][ T3946] [U] 72uC6τI]8ctۨQSkYI |V'TV/g$[ 9kh`"}[^=0]%̂TF_v4C [ 1120.803550][ T3946] [U] ec [ 1120.805561][ T3946] [U] |<:^3$7nK~-@?/mtl۾Iw@g~t{P+$jp| IRipm Y 8tV,l, [ 1121.191317][ T3945] [U] K)0~ʪiP'fzr @B]5{ʼ'8ƥFUTqUdǩK;70c[yYCذmL8T͚5rxW xoQhVi'8L [ 1130.833140][ T3952] capability: warning: `syz.0.44' uses 32-bit capabilities (legacy support in use) [ 1134.666442][ T3954] netlink: 20 bytes leftover after parsing attributes in process `syz.1.45'. [ 1136.858913][ T3954] netlink: 20 bytes leftover after parsing attributes in process `syz.1.45'. [ 1187.444392][ T806] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1188.622855][ T806] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1188.625897][ T806] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1188.786465][ T806] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1188.789081][ T806] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 1188.798556][ T806] usb 1-1: Manufacturer: syz [ 1189.266528][ T806] usb 1-1: config 0 descriptor?? [ 1193.437990][ T806] uclogic 0003:256C:006D.0002: failed retrieving Huion firmware version: -71 [ 1193.443746][ T806] uclogic 0003:256C:006D.0002: failed probing parameters: -71 [ 1193.447615][ T806] uclogic 0003:256C:006D.0002: probe with driver uclogic failed with error -71 [ 1194.173184][ T806] usb 1-1: USB disconnect, device number 3 [ 1218.577488][ T4013] tmpfs: Too few inodes for current use [ 1250.014040][ T4035] netlink: 8 bytes leftover after parsing attributes in process `syz.1.74'. [ 1313.426887][ T4076] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 1378.743012][ T4117] tmpfs: Bad value for 'mpol' [ 1418.226472][ T3818] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 1418.554115][ T3818] usb 1-1: Using ep0 maxpacket: 16 [ 1418.728053][ T3818] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1418.759009][ T3818] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1418.771651][ T3818] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1418.775125][ T3818] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1418.782255][ T3818] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1419.305767][ T3818] usb 1-1: config 0 descriptor?? [ 1422.511441][ T3818] microsoft 0003:045E:07DA.0003: bogus close delimiter [ 1422.512863][ T3818] microsoft 0003:045E:07DA.0003: item 0 4 2 10 parsing failed [ 1422.525558][ T3818] microsoft 0003:045E:07DA.0003: parse failed [ 1422.527754][ T3818] microsoft 0003:045E:07DA.0003: probe with driver microsoft failed with error -22 [ 1423.246663][ T3818] usb 1-1: USB disconnect, device number 4 [ 1443.368220][ T4166] netlink: 8 bytes leftover after parsing attributes in process `syz.1.122'. [ 1458.676068][ T3820] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 1459.462496][ T3820] usb 1-1: too many configurations: 151, using maximum allowed: 8 [ 1461.666537][ T3820] usb 1-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7 [ 1461.669258][ T3820] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130 [ 1461.678973][ T3820] usb 1-1: Product: syz [ 1461.682797][ T3820] usb 1-1: Manufacturer: syz [ 1461.684352][ T3820] usb 1-1: SerialNumber: syz [ 1462.152632][ T3820] usb 1-1: config 0 descriptor?? [ 1467.545670][ T3820] ims_pcu 1-1:0.0: Zero length descriptor [ 1467.563164][ T3820] ims_pcu 1-1:0.0: probe with driver ims_pcu failed with error -22 [ 1467.847656][ T3820] usb 1-1: USB disconnect, device number 5 [ 1470.127351][ T4190] netlink: 24 bytes leftover after parsing attributes in process `syz.1.128'. [ 1531.288081][ T806] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 1531.322818][ T806] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 1531.325183][ T806] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 1531.327236][ T806] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 1531.364094][ T806] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 1531.366590][ T806] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 1531.368573][ T806] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 1531.390628][ T806] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 1531.393036][ T806] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 1531.395047][ T806] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 1531.662893][ T806] hid-generic 0003:0004:0000.0004: hidraw0: USB HID v0.02 Device [syz0] on syz1 [ 1672.643737][ T4323] process 'syz.1.184' launched './file2' with NULL argv: empty string added [ 1697.976644][ T4339] netlink: 'syz.0.191': attribute type 29 has an invalid length. [ 1698.307992][ T4339] netlink: 'syz.0.191': attribute type 29 has an invalid length. [ 1709.103924][ T4343] atomic_op ffffaf801914b198 conn xmit_atomic 0000000000000000 [ 1845.444309][ T3820] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1847.013589][ T3820] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1847.486818][ T30] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1942.674704][ T4487] netlink: 'syz.0.252': attribute type 22 has an invalid length. [ 1942.857475][ T4487] netlink: 'syz.0.252': attribute type 22 has an invalid length. [ 1942.882213][ T4487] netlink: 44 bytes leftover after parsing attributes in process `syz.0.252'. [ 1962.385979][ T806] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 1962.811789][ T806] usb 2-1: config 0 interface 0 altsetting 251 bulk endpoint 0x9 has invalid maxpacket 99 [ 1962.813797][ T806] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1963.085079][ T806] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1963.087568][ T806] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1963.102393][ T806] usb 2-1: Product: syz [ 1963.104316][ T806] usb 2-1: Manufacturer: syz [ 1963.105790][ T806] usb 2-1: SerialNumber: syz [ 1963.398270][ T806] usb 2-1: config 0 descriptor?? [ 1963.505587][ T4502] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1963.794936][ T806] usb 2-1: selecting invalid altsetting 0 [ 1967.993927][ T4501] snd-usb-audio 2-1:0.0: Runtime PM usage count underflow! [ 1968.100118][ T30] usb 2-1: USB disconnect, device number 2 [ 1980.935955][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1989.715145][ T4543] netlink: 20 bytes leftover after parsing attributes in process `syz.0.263'. [ 2003.859761][ C0] hrtimer: interrupt took 2411500 ns [ 2089.227395][ T4585] netlink: 48 bytes leftover after parsing attributes in process `syz.0.284'. [ 2111.527253][ T4599] ======================================================= [ 2111.527253][ T4599] WARNING: The mand mount option has been deprecated and [ 2111.527253][ T4599] and is ignored by this kernel. Remove the mand [ 2111.527253][ T4599] option from the mount to silence this warning. [ 2111.527253][ T4599] ======================================================= [ 2118.992925][ T4601] faux_driver vkms: [drm] Unknown color mode 9; guessing buffer size. [ 2216.853421][ T4659] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 2237.988009][ T4669] netlink: 28 bytes leftover after parsing attributes in process `syz.1.320'. [ 2254.923065][ T3818] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 2255.653549][ T3818] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 2255.656101][ T3818] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2255.672279][ T3818] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 2255.675576][ T3818] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2256.157080][ T3818] usb 1-1: config 0 descriptor?? [ 2256.406098][ T3818] hub 1-1:0.0: USB hub found [ 2258.255481][ T3818] hub 1-1:0.0: 1 port detected [ 2258.693151][ T3818] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 2258.696253][ T3818] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 2259.127995][ T3818] usbhid 1-1:0.0: can't add hid device: -71 [ 2259.144934][ T3818] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 2259.383427][ T3818] usb 1-1: USB disconnect, device number 6 [ 2283.886721][ T4705] capability: warning: `syz.1.329' uses deprecated v2 capabilities in a way that may be insecure [ 2293.224783][ T4709] netlink: 4 bytes leftover after parsing attributes in process `syz.1.331'. [ 2297.627883][ T4711] netlink: 14 bytes leftover after parsing attributes in process `syz.0.332'. [ 2351.342654][ T4739] sch_tbf: burst 274 is lower than device lo mtu (65550) ! [ 2388.745144][ T4757] tmpfs: Cannot change global quota limit on remount [ 2396.392630][ T4766] netlink: 12 bytes leftover after parsing attributes in process `syz.1.350'. [ 2433.809261][ T31] audit: type=1326 audit(2432.260:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4783 comm="syz.0.359" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fffa35332c6 code=0x0 [ 2475.132819][ T4178] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 2475.422600][ T4178] usb 1-1: Using ep0 maxpacket: 32 [ 2475.698700][ T4178] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 2475.702966][ T4178] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 2475.705453][ T4178] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 2475.707519][ T4178] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 2475.750924][ T4178] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 2475.763737][ T4178] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 2475.766047][ T4178] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2476.111848][ T4178] usb 1-1: config 0 descriptor?? [ 2478.245171][ T10] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 2478.735628][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 2478.738313][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2478.755282][ T10] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 2478.773195][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2479.005250][ T4178] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 2479.186103][ T10] usb 2-1: config 0 descriptor?? [ 2479.487685][ T10] hub 2-1:0.0: USB hub found [ 2481.731937][ T10] hub 2-1:0.0: 1 port detected [ 2482.686663][ T10] hub 2-1:0.0: hub_hub_status failed (err = -71) [ 2482.688965][ T10] hub 2-1:0.0: config failed, can't get hub status (err -71) [ 2483.174495][ T10] usbhid 2-1:0.0: can't add hid device: -71 [ 2483.236599][ T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 2483.555431][ T10] usb 2-1: USB disconnect, device number 3 [ 2491.504029][ T10] usb 1-1: USB disconnect, device number 7 [ 2492.013755][ T10] usblp0: removed [ 2524.626742][ T4859] Zero length message leads to an empty skb [ 2565.097504][ T4439] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 2565.556237][ T4439] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 2565.558931][ T4439] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2565.595270][ T4439] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 2565.598812][ T4439] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2566.006135][ T4439] usb 1-1: config 0 descriptor?? [ 2566.523669][ T4439] hub 1-1:0.0: USB hub found [ 2569.277279][ T4439] hub 1-1:0.0: 1 port detected [ 2569.904032][ T4439] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 2569.907019][ T4439] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 2570.456066][ T4439] usbhid 1-1:0.0: can't add hid device: -71 [ 2570.477574][ T4439] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 2570.784975][ T4439] usb 1-1: USB disconnect, device number 8 [ 2571.242492][ T4892] : renamed from vlan0 (while UP) [ 2630.546298][ T4929] xt_connbytes: Forcing CT accounting to be enabled [ 2631.376053][ T4931] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 2772.801937][ C1] Illegal XDP return value 16128 on prog (id 39) dev lo, expect packet loss! [ 2776.195117][ T5023] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 2843.664977][ T5052] Invalid ELF header magic: != ELF [ 2866.477672][ T5064] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 2886.047105][ T5077] netlink: 'syz.1.457': attribute type 9 has an invalid length. [ 2897.812532][ T5082] netlink: 12 bytes leftover after parsing attributes in process `syz.1.458'. [ 2934.553936][ T5101] input: syz0 as /devices/virtual/input/input4 [ 2955.036967][ T5116] netlink: 8 bytes leftover after parsing attributes in process `syz.1.470'. [ 2955.064144][ T5116] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 2955.175099][ T5116] netlink: 44 bytes leftover after parsing attributes in process `syz.1.470'. [ 2955.178541][ T5116] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 3038.713182][ T5160] netlink: 4 bytes leftover after parsing attributes in process `syz.1.491'. [ 3086.824356][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 3153.105721][ T5233] binder: 5231:5233 ioctl c0306201 200000000100 returned -14 [ 3233.406304][ T5273] netlink: 4 bytes leftover after parsing attributes in process `syz.1.530'. [ 3233.595711][ T5273] netlink: 12 bytes leftover after parsing attributes in process `syz.1.530'. [ 3315.853826][ T5325] erspan0: entered promiscuous mode [ 3362.274666][ T4439] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 3362.557301][ T4439] usb 1-1: Using ep0 maxpacket: 32 [ 3362.687265][ T4439] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 3362.734837][ T4439] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 3362.736912][ T4439] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 3362.738597][ T4439] usb 1-1: SerialNumber: syz [ 3364.558057][ T4439] usb 1-1: bad CDC descriptors [ 3365.067861][ T4439] usb 1-1: USB disconnect, device number 9 [ 3416.109215][ T5395] netlink: 8 bytes leftover after parsing attributes in process `syz.0.573'. [ 3416.141022][ T5395] netlink: 'syz.0.573': attribute type 15 has an invalid length. [ 3416.143408][ T5395] netlink: 'syz.0.573': attribute type 25 has an invalid length. [ 3416.145324][ T5395] netlink: 4 bytes leftover after parsing attributes in process `syz.0.573'. [ 3438.749059][ T5408] binder: 5407:5408 ioctl c018620c 200000000000 returned -22 [ 3500.208153][ T5450] netlink: 56 bytes leftover after parsing attributes in process `syz.0.590'. [ 3549.356465][ T5480] tmpfs: Cannot retroactively limit size [ 3555.163728][ T5482] mmap: syz.0.601 (5482) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 3566.618836][ T31] audit: type=1326 audit(3565.080:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5485 comm="syz.0.603" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffa35332c6 code=0x7ffc0000 [ 3566.660151][ T31] audit: type=1326 audit(3565.130:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5485 comm="syz.0.603" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffa35332c6 code=0x7ffc0000 [ 3567.032305][ T31] audit: type=1326 audit(3565.490:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5485 comm="syz.0.603" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0x7fffa35332c6 code=0x7ffc0000 [ 3567.233351][ T31] audit: type=1326 audit(3565.670:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5485 comm="syz.0.603" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffa35332c6 code=0x7ffc0000 [ 3567.267170][ T31] audit: type=1326 audit(3565.710:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5485 comm="syz.0.603" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffa35332c6 code=0x7ffc0000 [ 3567.473079][ T31] audit: type=1326 audit(3565.900:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5485 comm="syz.0.603" exe="/syz-executor" sig=0 arch=c00000f3 syscall=277 compat=0 ip=0x7fffa35332c6 code=0x7ffc0000 [ 3567.578635][ T31] audit: type=1326 audit(3566.030:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5485 comm="syz.0.603" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffa35332c6 code=0x50000 [ 3567.596902][ T31] audit: type=1326 audit(3566.060:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5485 comm="syz.0.603" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffa35332c6 code=0x50000 [ 3567.677133][ T31] audit: type=1326 audit(3566.060:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5485 comm="syz.0.603" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffa35332c6 code=0x50000 [ 3567.717915][ T31] audit: type=1326 audit(3566.150:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5485 comm="syz.0.603" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffa35332c6 code=0x50000 [ 3660.085221][ T5536] binder: BC_ACQUIRE_RESULT not supported [ 3660.088348][ T5536] binder: 5535:5536 ioctl c0306201 2000000003c0 returned -22 [ 3663.397850][ T5538] netlink: 8 bytes leftover after parsing attributes in process `syz.1.628'. [ 3673.278618][ T5544] netlink: 16 bytes leftover after parsing attributes in process `syz.0.631'. [ 3755.748439][ T5589] veth1_to_team: entered promiscuous mode [ 3756.083585][ T5589] ip6gretap0: entered promiscuous mode [ 3756.891924][ T5589] hsr1: Slave A (veth1_to_team) is not up; please bring it up to get a fully working HSR network [ 3756.896358][ T5589] hsr1: entered promiscuous mode [ 3806.478469][ T5616] block nbd1: shutting down sockets [ 3817.533575][ T5364] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 3817.843737][ T5364] usb 2-1: Using ep0 maxpacket: 32 [ 3818.112831][ T5364] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 3818.115897][ T5364] usb 2-1: config 0 has no interface number 0 [ 3818.392502][ T5364] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 3818.394482][ T5364] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3818.396053][ T5364] usb 2-1: Product: syz [ 3818.397328][ T5364] usb 2-1: Manufacturer: syz [ 3818.398574][ T5364] usb 2-1: SerialNumber: syz [ 3818.704103][ T5364] usb 2-1: config 0 descriptor?? [ 3819.038611][ T5364] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 3822.168212][ T5364] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 3822.812523][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 3823.115804][ T5364] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 3823.774170][ T5364] usb 2-1: USB disconnect, device number 4 [ 3825.378174][ T5364] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 3826.338925][ T5364] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 3826.585814][ T5364] quatech2 2-1:0.51: device disconnected [ 3833.748127][ T5652] netlink: 8 bytes leftover after parsing attributes in process `syz.0.660'. [ 3846.366868][ C0] vcan0: j1939_tp_rxtimer: 0xffffaf802236f000: rx timeout, send abort [ 3846.878385][ C0] vcan0: j1939_tp_rxtimer: 0xffffaf802236f000: abort rx timeout. Force session deactivation [ 3881.042743][ T5674] netlink: 4 bytes leftover after parsing attributes in process `syz.1.669'. [ 3895.628726][ T5681] netlink: 4 bytes leftover after parsing attributes in process `syz.1.672'. [ 3904.325589][ T5688] netlink: 28 bytes leftover after parsing attributes in process `syz.0.675'. [ 3904.336880][ T5688] netlink: 28 bytes leftover after parsing attributes in process `syz.0.675'. [ 3904.516262][ T5688] netlink: 28 bytes leftover after parsing attributes in process `syz.0.675'. [ 3904.533427][ T5688] netlink: 28 bytes leftover after parsing attributes in process `syz.0.675'. [ 3904.581995][ T5688] netlink: 28 bytes leftover after parsing attributes in process `syz.0.675'. [ 3904.583979][ T5688] netlink: 28 bytes leftover after parsing attributes in process `syz.0.675'. [ 3912.122445][ T5374] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 3912.462384][ T5374] usb 1-1: Using ep0 maxpacket: 16 [ 3912.528291][ T5374] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 3912.537007][ T5374] usb 1-1: config 0 has no interface number 0 [ 3912.547866][ T5374] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3912.556853][ T5374] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3912.567925][ T5374] usb 1-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 3912.577758][ T5374] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3912.903258][ T5374] usb 1-1: config 0 descriptor?? [ 3915.837155][ T5374] input: HID 28bd:0071 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.1/0003:28BD:0071.0005/input/input5 [ 3916.996993][ T5374] input: HID 28bd:0071 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.1/0003:28BD:0071.0005/input/input6 [ 3917.597175][ T5374] uclogic 0003:28BD:0071.0005: input,hidraw0: USB HID v0.02 Keypad [HID 28bd:0071] on usb-dummy_hcd.0-1/input1 [ 3918.514036][ T5374] usb 1-1: USB disconnect, device number 10 [ 3920.608232][ T5713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.678'. [ 3920.803689][ T5713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.678'. [ 3992.505547][ T5758] netlink: 68 bytes leftover after parsing attributes in process `syz.0.694'. [ 4006.148331][ T5769] netlink: 'syz.0.696': attribute type 3 has an invalid length. [ 4015.718899][ T5773] block nbd0: shutting down sockets [ 4050.647503][ T5788] input: syz1 as /devices/virtual/input/input7 [ 4079.527258][ T5807] netlink: 8 bytes leftover after parsing attributes in process `syz.0.712'. [ 4079.662152][ T5807] netlink: 8 bytes leftover after parsing attributes in process `syz.0.712'. [ 4132.729157][ T5830] bond0: option lp_interval: invalid value (18446744073709551607) [ 4132.732885][ T5830] bond0: option lp_interval: allowed values 1 - 2147483647 [ 4153.717321][ T5842] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 4240.924603][ T4890] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 4242.224032][ T4890] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 4242.226742][ T4890] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 4242.958225][ T4890] usb 1-1: config 0 descriptor?? [ 4243.443591][ T4890] cp210x 1-1:0.0: cp210x converter detected [ 4246.394163][ T4890] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 4246.397580][ T4890] cp210x 1-1:0.0: GPIO initialisation failed: -71 [ 4246.846625][ T4890] usb 1-1: cp210x converter now attached to ttyUSB0 [ 4247.353642][ T4890] usb 1-1: USB disconnect, device number 11 [ 4248.352615][ T4890] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 4248.475209][ T4890] cp210x 1-1:0.0: device disconnected [ 4296.723048][ T5009] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 4297.113801][ T5009] usb 2-1: Using ep0 maxpacket: 16 [ 4297.905334][ T5009] usb 2-1: config index 0 descriptor too short (expected 16456, got 72) [ 4297.907092][ T5009] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 4297.908296][ T5009] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 4297.913386][ T5009] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 4297.915061][ T5009] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 4297.916478][ T5009] usb 2-1: config 0 has no interface number 0 [ 4297.917809][ T5009] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 4297.971977][ T5009] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 4297.981222][ T5009] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 4297.983048][ T5009] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 4297.984773][ T5009] usb 2-1: config 0 interface 125 has no altsetting 0 [ 4297.985806][ T5009] usb 2-1: config 0 interface 125 has no altsetting 2 [ 4298.298559][ T5009] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 4298.321450][ T5009] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 4298.323348][ T5009] usb 2-1: Product: syz [ 4298.324409][ T5009] usb 2-1: Manufacturer: syz [ 4298.325367][ T5009] usb 2-1: SerialNumber: syz [ 4298.537437][ T5009] usb 2-1: config 0 descriptor?? [ 4299.159030][ T5009] usb 2-1: selecting invalid altsetting 2 [ 4300.416922][ T5009] get_1284_register timeout [ 4300.424502][ C0] usb 2-1: async_complete: urb error -104 [ 4300.428089][ C0] usb 2-1: async_complete: urb error -104 [ 4300.430498][ C0] usb 2-1: async_complete: urb error -104 [ 4300.432662][ C0] usb 2-1: async_complete: urb error -104 [ 4303.904850][ T5666] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 4304.357426][ T5666] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 4304.364632][ T5666] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 4304.453567][ T5666] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 4304.458265][ T5666] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 4304.476477][ T5666] usb 1-1: Product: syz [ 4304.478717][ T5666] usb 1-1: SerialNumber: syz [ 4310.296951][ T5666] cdc_ncm 1-1:1.0: SET_NTB_FORMAT failed [ 4310.366364][ T5666] cdc_ncm 1-1:1.0: bind() failure [ 4311.129000][ T5666] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 4311.174303][ T5666] cdc_ncm 1-1:1.1: bind() failure [ 4311.984177][ T5666] usb 1-1: USB disconnect, device number 12 [ 4314.039008][ T5364] usb 2-1: USB disconnect, device number 5 [ 4333.965604][ T5975] input: syz0 as /devices/virtual/input/input8 [ 4440.596032][ T6033] IPv6: NLM_F_CREATE should be specified when creating new route [ 4513.947900][ T6072] netlink: 76 bytes leftover after parsing attributes in process `syz.1.796'. [ 4529.445507][ T6081] bond0: option all_slaves_active: invalid value (7) [ 4573.208217][ T31] kauditd_printk_skb: 11 callbacks suppressed [ 4573.208906][ T31] audit: type=1326 audit(4827.604:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6107 comm="syz.1.811" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0x7fffaef332c6 code=0x0 [ 4624.917938][ T6136] trusted_key: encrypted_key: keyword 'updat' not recognized [ 4646.014502][ T6147] netlink: 360 bytes leftover after parsing attributes in process `syz.0.826'. [ 4726.184942][ T6188] vxcan1: tx address claim with dest, not broadcast [ 4765.701525][ T5009] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 4765.933979][ T5009] usb 2-1: Using ep0 maxpacket: 32 [ 4766.076585][ T5009] usb 2-1: config 0 has an invalid interface number: 10 but max is 0 [ 4766.081708][ T5009] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 4766.088969][ T5009] usb 2-1: config 0 has no interface number 0 [ 4766.108594][ T5009] usb 2-1: config 0 interface 10 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 4766.519096][ T5009] usb 2-1: New USB device found, idVendor=0424, idProduct=c001, bcdDevice=aa.5f [ 4766.534159][ T5009] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 4766.535994][ T5009] usb 2-1: Product: syz [ 4766.537247][ T5009] usb 2-1: Manufacturer: syz [ 4766.538696][ T5009] usb 2-1: SerialNumber: syz [ 4766.867398][ T5009] usb 2-1: config 0 descriptor?? [ 4769.773626][ T5009] usb 2-1: USB disconnect, device number 6 [ 4818.497904][ T6259] pim6reg1: tun_chr_ioctl cmd 1074025678 [ 4818.503749][ T6259] pim6reg1: group set to 0 [ 4877.226846][ T6303] netlink: 48 bytes leftover after parsing attributes in process `syz.0.877'. [ 4910.689011][ T6319] netlink: 36 bytes leftover after parsing attributes in process `syz.0.883'. [ 5089.296169][ T6411] netlink: 36 bytes leftover after parsing attributes in process `syz.1.925'. [ 5100.016933][ T6420] input: syz1 as /devices/virtual/input/input9 [ 5173.628777][ T6469] sit0: entered promiscuous mode [ 5174.347157][ T6469] netlink: 'syz.0.942': attribute type 1 has an invalid length. [ 5174.452935][ T6469] netlink: 1 bytes leftover after parsing attributes in process `syz.0.942'. [ 5212.657276][ T6486] input: syz0 as /devices/virtual/input/input10 [ 5246.299110][ T6509] ptrace attach of "/syz-executor exec"[3204] was attempted by "        [ 5257.684684][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 5258.213732][ T6521] netpci0: tun_chr_ioctl cmd 1074025677 [ 5258.218107][ T6521] netpci0: linktype set to 6 [ 5272.318040][ T6529] binder: 6528:6529 ioctl 541b 0 returned -22 [ 5278.078313][ T6533] netlink: 'syz.0.965': attribute type 12 has an invalid length. [ 5322.125138][ T6552] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.973'. [ 5367.967158][ T6577] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.984'. [ 5408.737529][ T6600] netpci0: tun_chr_ioctl cmd 1074025677 [ 5408.743968][ T6600] netpci0: linktype set to 6 [ 5473.148136][ T6645] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1010'. [ 5520.496581][ T6668] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1019'. [ 5524.375077][ T6670] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1020'. [ 5524.714814][ T6670] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1020'. [ 5645.834735][ T6749] nbd0: detected capacity change from 0 to 63 [ 5646.593844][ T866] block nbd0: Receive control failed (result -32) [ 5675.395504][ T6767] sit0: left promiscuous mode [ 5713.281397][ T6793] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1071'. [ 5713.283878][ T6793] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1071'. [ 5750.296206][ T6820] netlink: 'syz.0.1082': attribute type 1 has an invalid length. [ 5763.656210][ T6834] netlink: 292 bytes leftover after parsing attributes in process `syz.0.1088'. [ 5784.475350][ T6848] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1093'. [ 5784.672928][ T6848] hsr_slave_0: left promiscuous mode [ 5784.820730][ T6848] hsr_slave_1: left promiscuous mode [ 5897.436816][ T6908] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1118'. [ 5899.958080][ T6910] binder: 6909:6910 ioctl 4018620d 0 returned -22 [ 5937.806230][ T6289] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5940.278677][ T6289] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5942.226150][ T6289] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5943.821928][ T6289] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5962.731822][ T6289] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5963.572835][ T6289] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5963.876348][ T6289] bond0 (unregistering): Released all slaves [ 5966.952080][ T6289] veth1_macvtap: left promiscuous mode [ 5966.956090][ T6289] veth0_macvtap: left promiscuous mode [ 5967.014823][ T6289] veth1_vlan: left promiscuous mode [ 5967.052452][ T6289] veth0_vlan: left promiscuous mode [ 6062.126732][ T6953] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 6062.484043][ T6953] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 6064.245673][ T7116] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1139'. [ 6064.278343][ T7116] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1139'. [ 6099.319249][ T6953] hsr_slave_0: entered promiscuous mode [ 6099.449221][ T6953] hsr_slave_1: entered promiscuous mode [ 6133.307866][ T6953] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 6133.663763][ T6953] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 6134.095678][ T6953] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 6134.517264][ T6953] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 6165.324118][ T6953] 8021q: adding VLAN 0 to HW filter on device bond0 [ 6202.897706][ T7352] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 6276.005995][ T6953] veth0_vlan: entered promiscuous mode [ 6278.038046][ T6953] veth1_vlan: entered promiscuous mode [ 6282.553845][ T6953] veth0_macvtap: entered promiscuous mode [ 6283.568942][ T6953] veth1_macvtap: entered promiscuous mode [ 6289.651295][ T6587] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 6289.692402][ T6587] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 6289.695230][ T6587] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 6289.697645][ T6587] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 6339.164090][ T31] audit: type=1326 audit(6849.627:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7442 comm="syz.1.1164" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fff847332c6 code=0x0 [ 6490.282791][ T7531] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1199'. [ 6521.654678][ T7548] gretap0: entered promiscuous mode [ 6521.658045][ T7548] vlan2: entered promiscuous mode [ 6574.187839][ T7584] af_packet: tpacket_rcv: packet too big, clamped from 122 to 4294967286. macoff=82 [ 6606.744243][ T7603] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1225'. [ 6687.936465][ T7666] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1250'. [ 6745.584358][ T31] audit: type=1326 audit(7256.017:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7694 comm="syz.1.1262" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff847332c6 code=0x7fc00000 [ 6746.853930][ T31] audit: type=1326 audit(7257.247:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7694 comm="syz.1.1262" exe="/syz-executor" sig=0 arch=c00000f3 syscall=211 compat=0 ip=0x7fff847332c6 code=0x7fc00000 [ 6746.942359][ T31] audit: type=1326 audit(7257.307:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7694 comm="syz.1.1262" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff847332c6 code=0x7fc00000 [ 6765.815599][ T7704] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1266'. [ 6766.666073][ T7706] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1266'. [ 6780.212027][ T7715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1269'. [ 6850.287375][ T7754] ip6erspan0: entered allmulticast mode [ 6893.473377][ T7783] binder: 7781:7783 ioctl c0306201 200000000640 returned -22 [ 6924.025497][ T7802] input: syz1 as /devices/virtual/input/input12 [ 7130.902262][ T7912] input: syz1 as /devices/virtual/input/input13 [ 7151.837027][ T7928] bond0: entered promiscuous mode [ 7151.843937][ T7928] bond_slave_0: entered promiscuous mode [ 7151.876707][ T7928] bond_slave_1: entered promiscuous mode [ 7319.563642][ T8020] netlink: 59 bytes leftover after parsing attributes in process `syz.0.1389'. [ 7344.118699][ T8036] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1395'. [ 7362.064762][ T6750] block nbd1: Receive control failed (result -32) [ 7362.093440][ T6750] block nbd1: Receive control failed (result -32) [ 7362.114916][ T6750] block nbd1: Receive control failed (result -32) [ 7362.192821][ T8044] nbd1: detected capacity change from 0 to 127 [ 7374.568900][ T31] audit: type=1326 audit(7885.037:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8053 comm="syz.1.1401" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0x7fff847332c6 code=0x0 [ 7479.865272][ T8125] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1427'. [ 7479.995173][ T8125] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1427'. [ 7480.184806][ T8125] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1427'. [ 7552.168190][ T8166] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1445'. [ 7587.936342][ T8189] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1455'. [ 7588.027300][ T8189] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1455'. [ 7588.063865][ T8189] netlink: 'syz.1.1455': attribute type 19 has an invalid length. [ 7588.066219][ T8189] netlink: 'syz.1.1455': attribute type 20 has an invalid length. [ 7588.785518][ T8191] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1455'. [ 7588.822896][ T8191] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1455'. [ 7588.825518][ T8191] netlink: 'syz.1.1455': attribute type 19 has an invalid length. [ 7588.828829][ T8191] netlink: 'syz.1.1455': attribute type 20 has an invalid length. [ 7590.306202][ T6587] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 7590.322027][ T6587] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 7590.325323][ T6587] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 7590.328172][ T6587] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 7792.627343][ T8342] can0: slcan on ttyS3. [ 7794.948316][ T8347] can0 (unregistered): slcan off ttyS3. [ 7808.087323][ T8250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7808.597132][ T8250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7831.706238][ T8446] block nbd2: Unsupported socket: should be TCP or UNIX. [ 7836.517941][ T8250] hsr_slave_0: entered promiscuous mode [ 7836.651795][ T8250] hsr_slave_1: entered promiscuous mode [ 7836.712733][ T8250] debugfs: 'hsr0' already exists in 'hsr' [ 7836.714792][ T8250] Cannot create hsr debugfs directory [ 7855.044800][ T8250] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 7855.441528][ T8250] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 7856.105888][ T8250] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 7856.708094][ T8250] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 7880.502047][ T8250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7908.012087][ T8582] [ 7908.013302][ T8582] ====================================================== [ 7908.014573][ T8582] WARNING: possible circular locking dependency detected [ 7908.016367][ T8582] syzkaller #0 Tainted: G L [ 7908.017498][ T8582] ------------------------------------------------------ [ 7908.018554][ T8582] syz.1.1500/8582 is trying to acquire lock: [ 7908.019860][ T8582] ffffaf80204e8e70 (&nsock->tx_lock){+.+.}-{4:4}, at: nbd_queue_rq+0x372/0xe44 [ 7908.024866][ T8582] [ 7908.024866][ T8582] but task is already holding lock: [ 7908.025921][ T8582] ffffaf801ec78180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 7908.028479][ T8582] [ 7908.028479][ T8582] which lock already depends on the new lock. [ 7908.028479][ T8582] [ 7908.029937][ T8582] [ 7908.029937][ T8582] the existing dependency chain (in reverse order) is: [ 7908.031124][ T8582] [ 7908.031124][ T8582] -> #6 (&cmd->lock){+.+.}-{4:4}: [ 7908.033273][ T8582] lock_acquire+0x24a/0x504 [ 7908.034581][ T8582] __mutex_lock+0x164/0x1890 [ 7908.035930][ T8582] mutex_lock_nested+0x14/0x1c [ 7908.037285][ T8582] nbd_queue_rq+0xc4/0xe44 [ 7908.038458][ T8582] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 7908.039983][ T8582] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 7908.041641][ T8582] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 7908.043379][ T8582] blk_mq_run_hw_queue+0x274/0x6ec [ 7908.044619][ T8582] blk_mq_dispatch_list+0x53e/0x1430 [ 7908.045984][ T8582] blk_mq_flush_plug_list+0x114/0x55c [ 7908.047414][ T8582] __blk_flush_plug+0x270/0x464 [ 7908.048643][ T8582] __submit_bio+0x42e/0x504 [ 7908.049901][ T8582] submit_bio_noacct_nocheck+0x458/0xdf4 [ 7908.051331][ T8582] submit_bio_noacct+0x6fe/0x2170 [ 7908.052628][ T8582] submit_bio+0xb6/0x5b8 [ 7908.053798][ T8582] submit_bh_wbc+0x428/0x5c0 [ 7908.055095][ T8582] block_read_full_folio+0x396/0x788 [ 7908.056524][ T8582] blkdev_read_folio+0x26/0x30 [ 7908.057784][ T8582] filemap_read_folio+0xc2/0x270 [ 7908.059248][ T8582] do_read_cache_folio+0x22e/0x518 [ 7908.060626][ T8582] read_cache_folio+0x4e/0x68 [ 7908.062098][ T8582] read_part_sector+0xbc/0x408 [ 7908.063360][ T8582] read_lba+0x1b6/0x32c [ 7908.064512][ T8582] find_valid_gpt.constprop.0+0x212/0x21ec [ 7908.065848][ T8582] efi_partition+0xfe/0x9e0 [ 7908.067134][ T8582] bdev_disk_changed+0x5a0/0x1180 [ 7908.068414][ T8582] blkdev_get_whole+0x168/0x25c [ 7908.069781][ T8582] bdev_open+0x288/0xcc4 [ 7908.071025][ T8582] blkdev_open+0x2ec/0x454 [ 7908.072234][ T8582] do_dentry_open+0x418/0x1170 [ 7908.073417][ T8582] vfs_open+0xba/0x3a8 [ 7908.074714][ T8582] path_openat+0x144e/0x2f28 [ 7908.076131][ T8582] do_file_open+0x1ae/0x398 [ 7908.077510][ T8582] do_sys_openat2+0xfe/0x1c0 [ 7908.078805][ T8582] __riscv_sys_openat+0x122/0x1e4 [ 7908.080057][ T8582] syscall_handler+0x92/0x114 [ 7908.081326][ T8582] do_trap_ecall_u+0x402/0x680 [ 7908.082595][ T8582] handle_exception+0x15e/0x16a [ 7908.084002][ T8582] [ 7908.084002][ T8582] -> #5 (set->srcu){.+.+}-{0:0}: [ 7908.086107][ T8582] lock_sync+0xea/0x1cc [ 7908.087246][ T8582] __synchronize_srcu+0xd4/0x24c [ 7908.088645][ T8582] synchronize_srcu+0x14c/0x3fc [ 7908.090086][ T8582] blk_mq_quiesce_queue+0x124/0x194 [ 7908.091280][ T8582] elevator_switch+0x16a/0x4e4 [ 7908.092605][ T8582] elevator_change+0x2f4/0x4ac [ 7908.093897][ T8582] elevator_set_default+0x280/0x370 [ 7908.095312][ T8582] blk_register_queue+0x3a8/0x50c [ 7908.096611][ T8582] __add_disk+0x69a/0xda4 [ 7908.097707][ T8582] add_disk_fwnode+0xe8/0x48c [ 7908.098851][ T8582] device_add_disk+0x28/0x38 [ 7908.100038][ T8582] nbd_dev_add+0x692/0xaec [ 7908.101387][ T8582] nbd_init+0x3d4/0x3f8 [ 7908.102614][ T8582] do_one_initcall+0x18c/0xcdc [ 7908.103726][ T8582] kernel_init_freeable+0x6ca/0x7b4 [ 7908.105004][ T8582] kernel_init+0x28/0x240 [ 7908.106263][ T8582] ret_from_fork_kernel+0x94/0xef8 [ 7908.107492][ T8582] ret_from_fork_kernel_asm+0x16/0x18 [ 7908.108803][ T8582] [ 7908.108803][ T8582] -> #4 (&q->elevator_lock){+.+.}-{4:4}: [ 7908.110992][ T8582] lock_acquire+0x24a/0x504 [ 7908.112234][ T8582] __mutex_lock+0x164/0x1890 [ 7908.113589][ T8582] mutex_lock_nested+0x14/0x1c [ 7908.114937][ T8582] elevator_change+0x192/0x4ac [ 7908.116240][ T8582] elevator_set_none+0xa8/0x120 [ 7908.117592][ T8582] blk_mq_update_nr_hw_queues+0x43a/0x13a0 [ 7908.119100][ T8582] nbd_start_device+0x156/0xb74 [ 7908.120231][ T8582] nbd_genl_connect+0xe74/0x1a4c [ 7908.121401][ T8582] genl_family_rcv_msg_doit+0x1f6/0x2d8 [ 7908.123090][ T8582] genl_rcv_msg+0x4b2/0x73c [ 7908.124201][ T8582] netlink_rcv_skb+0x1e8/0x394 [ 7908.125635][ T8582] genl_rcv+0x32/0x4c [ 7908.127062][ T8582] netlink_unicast+0x50c/0x7d8 [ 7908.128503][ T8582] netlink_sendmsg+0x7e0/0xd64 [ 7908.129986][ T8582] __sock_sendmsg+0xca/0x160 [ 7908.131462][ T8582] ____sys_sendmsg+0x636/0x794 [ 7908.132876][ T8582] ___sys_sendmsg+0x1a4/0x1e8 [ 7908.134395][ T8582] __sys_sendmsg+0x18e/0x234 [ 7908.135578][ T8582] __riscv_sys_sendmsg+0x70/0xa4 [ 7908.136778][ T8582] syscall_handler+0x92/0x114 [ 7908.138084][ T8582] do_trap_ecall_u+0x402/0x680 [ 7908.139714][ T8582] handle_exception+0x15e/0x16a [ 7908.141008][ T8582] [ 7908.141008][ T8582] -> #3 (&q->q_usage_counter(io)#20){++++}-{0:0}: [ 7908.143571][ T8582] lock_acquire+0x24a/0x504 [ 7908.144802][ T8582] blk_alloc_queue+0x5b4/0x6f4 [ 7908.146077][ T8582] blk_mq_alloc_queue+0x15e/0x250 [ 7908.147439][ T8582] __blk_mq_alloc_disk+0x2a/0xd8 [ 7908.148733][ T8582] nbd_dev_add+0x426/0xaec [ 7908.150153][ T8582] nbd_init+0x3d4/0x3f8 [ 7908.151282][ T8582] do_one_initcall+0x18c/0xcdc [ 7908.152576][ T8582] kernel_init_freeable+0x6ca/0x7b4 [ 7908.153884][ T8582] kernel_init+0x28/0x240 [ 7908.155112][ T8582] ret_from_fork_kernel+0x94/0xef8 [ 7908.156364][ T8582] ret_from_fork_kernel_asm+0x16/0x18 [ 7908.157701][ T8582] [ 7908.157701][ T8582] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 7908.159772][ T8582] lock_acquire+0x24a/0x504 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 7908.160977][ T8582] fs_reclaim_acquire+0xc6/0x100 [ 7908.162571][ T8582] kmem_cache_alloc_node_noprof+0x40/0x6e8 [ 7908.163817][ T8582] __alloc_skb+0x17c/0x778 [ 7908.165004][ T8582] tcp_stream_alloc_skb+0x2e/0x4d8 [ 7908.166501][ T8582] tcp_sendmsg_locked+0xe16/0x408c [ 7908.168037][ T8582] tcp_sendmsg+0x32/0x50 [ 7908.169364][ T8582] inet_sendmsg+0x9a/0xd8 [ 7908.170597][ T8582] __sock_sendmsg+0xca/0x160 [ 7908.172124][ T8582] sock_write_iter+0x298/0x3e8 [ 7908.173551][ T8582] vfs_write+0x648/0xd08 [ 7908.174863][ T8582] ksys_write+0x1f4/0x244 [ 7908.176329][ T8582] __riscv_sys_write+0x6e/0xa0 [ 7908.177705][ T8582] syscall_handler+0x92/0x114 [ 7908.179120][ T8582] do_trap_ecall_u+0x402/0x680 [ 7908.180509][ T8582] handle_exception+0x15e/0x16a [ 7908.181828][ T8582] [ 7908.181828][ T8582] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 7908.184081][ T8582] lock_acquire+0x24a/0x504 [ 7908.185410][ T8582] lock_sock_nested+0x38/0xf8 [ 7908.186859][ T8582] inet_shutdown+0x68/0x3c0 [ 7908.188319][ T8582] kernel_sock_shutdown+0x58/0x7c [ 7908.189800][ T8582] nbd_mark_nsock_dead+0xaa/0x510 [ 7908.191548][ T8582] sock_shutdown+0x144/0x238 [ 7908.193090][ T8582] nbd_ioctl+0x22c/0xbd4 [ 7908.194269][ T8582] blkdev_ioctl+0x4cc/0x12e4 [ 7908.195753][ T8582] __riscv_sys_ioctl+0x17c/0x1e4 [ 7908.196955][ T8582] syscall_handler+0x92/0x114 [ 7908.198310][ T8582] do_trap_ecall_u+0x402/0x680 [ 7908.199681][ T8582] handle_exception+0x15e/0x16a [ 7908.201019][ T8582] [ 7908.201019][ T8582] -> #0 (&nsock->tx_lock){+.+.}-{4:4}: [ 7908.203141][ T8582] check_noncircular+0x138/0x14c [ 7908.204407][ T8582] __lock_acquire+0xe9c/0x25ac [ 7908.205648][ T8582] lock_acquire+0x24a/0x504 [ 7908.206860][ T8582] __mutex_lock+0x164/0x1890 [ 7908.208240][ T8582] mutex_lock_nested+0x14/0x1c [ 7908.209689][ T8582] nbd_queue_rq+0x372/0xe44 [ 7908.210939][ T8582] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 7908.212326][ T8582] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 7908.213976][ T8582] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 7908.215513][ T8582] blk_mq_run_hw_queue+0x274/0x6ec [ 7908.216818][ T8582] blk_mq_dispatch_list+0x53e/0x1430 [ 7908.218137][ T8582] blk_mq_flush_plug_list+0x114/0x55c [ 7908.219641][ T8582] __blk_flush_plug+0x270/0x464 [ 7908.220895][ T8582] __submit_bio+0x42e/0x504 [ 7908.222122][ T8582] submit_bio_noacct_nocheck+0x458/0xdf4 [ 7908.223466][ T8582] submit_bio_noacct+0x6fe/0x2170 [ 7908.224882][ T8582] submit_bio+0xb6/0x5b8 [ 7908.226087][ T8582] submit_bh_wbc+0x428/0x5c0 [ 7908.227343][ T8582] block_read_full_folio+0x396/0x788 [ 7908.228714][ T8582] blkdev_read_folio+0x26/0x30 [ 7908.229923][ T8582] filemap_read_folio+0xc2/0x270 [ 7908.231276][ T8582] do_read_cache_folio+0x22e/0x518 [ 7908.232631][ T8582] read_cache_folio+0x4e/0x68 [ 7908.234033][ T8582] read_part_sector+0xbc/0x408 [ 7908.235300][ T8582] read_lba+0x1b6/0x32c [ 7908.236459][ T8582] find_valid_gpt.constprop.0+0x212/0x21ec [ 7908.237790][ T8582] efi_partition+0xfe/0x9e0 [ 7908.239050][ T8582] bdev_disk_changed+0x5a0/0x1180 [ 7908.240303][ T8582] blkdev_get_whole+0x168/0x25c [ 7908.241486][ T8582] bdev_open+0x288/0xcc4 [ 7908.242673][ T8582] blkdev_open+0x2ec/0x454 [ 7908.243850][ T8582] do_dentry_open+0x418/0x1170 [ 7908.244982][ T8582] vfs_open+0xba/0x3a8 [ 7908.246055][ T8582] path_openat+0x144e/0x2f28 [ 7908.247363][ T8582] do_file_open+0x1ae/0x398 [ 7908.248731][ T8582] do_sys_openat2+0xfe/0x1c0 [ 7908.249981][ T8582] __riscv_sys_openat+0x122/0x1e4 [ 7908.251164][ T8582] syscall_handler+0x92/0x114 [ 7908.252431][ T8582] do_trap_ecall_u+0x402/0x680 [ 7908.253665][ T8582] handle_exception+0x15e/0x16a [ 7908.255011][ T8582] [ 7908.255011][ T8582] other info that might help us debug this: [ 7908.255011][ T8582] [ 7908.256273][ T8582] Chain exists of: [ 7908.256273][ T8582] &nsock->tx_lock --> set->srcu --> &cmd->lock [ 7908.256273][ T8582] [ 7908.259336][ T8582] Possible unsafe locking scenario: [ 7908.259336][ T8582] [ 7908.260334][ T8582] CPU0 CPU1 [ 7908.261219][ T8582] ---- ---- [ 7908.262135][ T8582] lock(&cmd->lock); [ 7908.263405][ T8582] lock(set->srcu); [ 7908.264873][ T8582] lock(&cmd->lock); [ 7908.266341][ T8582] lock(&nsock->tx_lock); [ 7908.267645][ T8582] [ 7908.267645][ T8582] *** DEADLOCK *** [ 7908.267645][ T8582] [ 7908.268707][ T8582] 3 locks held by syz.1.1500/8582: [ 7908.269788][ T8582] #0: ffffaf801a9a3358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x3c4/0xcc4 [ 7908.272679][ T8582] #1: ffffaf8018c41098 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x22c/0x6ec [ 7908.275528][ T8582] #2: ffffaf801ec78180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 7908.278161][ T8582] [ 7908.278161][ T8582] stack backtrace: [ 7908.280104][ T8582] CPU: 1 UID: 0 PID: 8582 Comm: syz.1.1500 Tainted: G L syzkaller #0 PREEMPT [ 7908.280966][ T8582] Tainted: [L]=SOFTLOCKUP [ 7908.281225][ T8582] Hardware name: riscv-virtio,qemu (DT) [ 7908.281869][ T8582] Call Trace: [ 7908.282202][ T8582] [] dump_backtrace+0x2e/0x3c [ 7908.282972][ T8582] [] show_stack+0x30/0x3c [ 7908.283479][ T8582] [] dump_stack_lvl+0x114/0x1ac [ 7908.284261][ T8582] [] dump_stack+0x1c/0x28 [ 7908.285025][ T8582] [] print_circular_bug+0x250/0x29c [ 7908.285583][ T8582] [] check_noncircular+0x138/0x14c [ 7908.286190][ T8582] [] __lock_acquire+0xe9c/0x25ac [ 7908.286760][ T8582] [] lock_acquire+0x24a/0x504 [ 7908.287298][ T8582] [] __mutex_lock+0x164/0x1890 [ 7908.288028][ T8582] [] mutex_lock_nested+0x14/0x1c [ 7908.288786][ T8582] [] nbd_queue_rq+0x372/0xe44 [ 7908.289302][ T8582] [] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 7908.290015][ T8582] [] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 7908.290812][ T8582] [] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 7908.291593][ T8582] [] blk_mq_run_hw_queue+0x274/0x6ec [ 7908.292399][ T8582] [] blk_mq_dispatch_list+0x53e/0x1430 [ 7908.293151][ T8582] [] blk_mq_flush_plug_list+0x114/0x55c [ 7908.293834][ T8582] [] __blk_flush_plug+0x270/0x464 [ 7908.294473][ T8582] [] __submit_bio+0x42e/0x504 [ 7908.295084][ T8582] [] submit_bio_noacct_nocheck+0x458/0xdf4 [ 7908.295764][ T8582] [] submit_bio_noacct+0x6fe/0x2170 [ 7908.296460][ T8582] [] submit_bio+0xb6/0x5b8 [ 7908.297159][ T8582] [] submit_bh_wbc+0x428/0x5c0 [ 7908.297828][ T8582] [] block_read_full_folio+0x396/0x788 [ 7908.298682][ T8582] [] blkdev_read_folio+0x26/0x30 [ 7908.299327][ T8582] [] filemap_read_folio+0xc2/0x270 [ 7908.300097][ T8582] [] do_read_cache_folio+0x22e/0x518 [ 7908.300856][ T8582] [] read_cache_folio+0x4e/0x68 [ 7908.301568][ T8582] [] read_part_sector+0xbc/0x408 [ 7908.302228][ T8582] [] read_lba+0x1b6/0x32c [ 7908.302812][ T8582] [] find_valid_gpt.constprop.0+0x212/0x21ec [ 7908.303462][ T8582] [] efi_partition+0xfe/0x9e0 [ 7908.304059][ T8582] [] bdev_disk_changed+0x5a0/0x1180 [ 7908.304705][ T8582] [] blkdev_get_whole+0x168/0x25c [ 7908.305316][ T8582] [] bdev_open+0x288/0xcc4 [ 7908.305911][ T8582] [] blkdev_open+0x2ec/0x454 [ 7908.306573][ T8582] [] do_dentry_open+0x418/0x1170 [ 7908.307103][ T8582] [] vfs_open+0xba/0x3a8 [ 7908.307657][ T8582] [] path_openat+0x144e/0x2f28 [ 7908.308404][ T8582] [] do_file_open+0x1ae/0x398 [ 7908.309174][ T8582] [] do_sys_openat2+0xfe/0x1c0 [ 7908.309764][ T8582] [] __riscv_sys_openat+0x122/0x1e4 [ 7908.310446][ T8582] [] syscall_handler+0x92/0x114 [ 7908.311136][ T8582] [] do_trap_ecall_u+0x402/0x680 [ 7908.311759][ T8582] [] handle_exception+0x15e/0x16a [ 7908.501368][ T8582] block nbd1: Dead connection, failed to find a fallback [ 7908.504921][ T8582] block nbd1: shutting down sockets [ 7908.508320][ T8582] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7908.631737][ T8582] Buffer I/O error on dev nbd1, logical block 0, async page read [ 7908.637142][ T8582] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7908.800582][ T8582] Buffer I/O error on dev nbd1, logical block 1, async page read [ 7908.832645][ T8582] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7908.836658][ T8582] Buffer I/O error on dev nbd1, logical block 2, async page read [ 7909.012342][ T8582] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7909.014859][ T8582] Buffer I/O error on dev nbd1, logical block 3, async page read [ 7909.140782][ T8582] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7909.143394][ T8582] Buffer I/O error on dev nbd1, logical block 0, async page read [ 7909.147635][ T8582] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7909.250925][ T8582] Buffer I/O error on dev nbd1, logical block 1, async page read [ 7909.257586][ T8582] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7909.421239][ T8582] Buffer I/O error on dev nbd1, logical block 2, async page read [ 7909.476272][ T8582] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7909.543362][ T8582] Buffer I/O error on dev nbd1, logical block 3, async page read [ 7909.547171][ T8582] nbd1: unable to read partition table [ 7937.048345][ T3273] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 7937.063388][ T3273] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0