last executing test programs: 43.740070129s ago: executing program 1 (id=1638): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'gre0\x00', 0x0}) setreuid(0xee01, 0xee01) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000a80)={0x11, 0x88a8, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 43.323435292s ago: executing program 0 (id=1639): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400}) ioctl$TUNGETIFF(r0, 0x800454d2, &(0x7f0000000100)={'team_slave_0\x00'}) 38.394224698s ago: executing program 1 (id=1640): r0 = syz_io_uring_setup(0x1d5a, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x10000, 0x374}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') syz_io_uring_submit(r1, r2, r3, &(0x7f0000000000)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x4004, @fd_index=0x4, 0x718a, 0x0, 0x0, 0x12, 0x1, {0x2}}) io_uring_enter(r0, 0x742f, 0x77ae, 0x1, 0x0, 0x0) 32.196088475s ago: executing program 0 (id=1641): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f00000001c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0) preadv2(r1, &(0x7f0000000040)=[{&(0x7f0000000100)=""/65, 0x41}], 0x1, 0x7, 0xfffffffc, 0x0) 28.989821775s ago: executing program 1 (id=1642): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x14c) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota']) umount2(&(0x7f00000000c0)='./file1\x00', 0x9) 25.083509544s ago: executing program 0 (id=1643): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4, 0x107) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001180), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000640)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f0000000100)=r0) 15.135685411s ago: executing program 1 (id=1644): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x8, @remote, 0x6}, 0x1c) write(r0, &(0x7f0000000200)="89", 0x3f80) 15.134901092s ago: executing program 0 (id=1645): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r0, 0x1, 0x10, &(0x7f0000000040), 0x4) sendmsg$inet(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) sendmsg$unix(r0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x24004844) 11.101167448s ago: executing program 0 (id=1646): pipe2$9p(0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4043, 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x100) syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') 8.55935917s ago: executing program 1 (id=1647): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000080)=0x7f) read$dsp(r0, &(0x7f00000011c0)=""/4117, 0x200021d5) 2.004661978s ago: executing program 0 (id=1648): r0 = epoll_create1(0x0) r1 = socket$unix(0x1, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0xffff, 0x4) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0xa0028000}) 0s ago: executing program 1 (id=1649): r0 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_SET_SOCK(r0, 0xab08, r1) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:40644' (ED25519) to the list of known hosts. syzkaller login: [ 525.503331][ T3187] cgroup: Unknown subsys name 'net' [ 526.468222][ T3187] cgroup: Unknown subsys name 'cpuset' [ 526.611907][ T3187] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 610.320360][ T3187] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 749.902816][ T3193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 750.034384][ T3193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 753.098538][ T3194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 753.202201][ T3194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 763.834167][ T3193] hsr_slave_0: entered promiscuous mode [ 763.907743][ T3193] hsr_slave_1: entered promiscuous mode [ 766.342731][ T3194] hsr_slave_0: entered promiscuous mode [ 766.412757][ T3194] hsr_slave_1: entered promiscuous mode [ 766.460688][ T3194] debugfs: 'hsr0' already exists in 'hsr' [ 766.464399][ T3194] Cannot create hsr debugfs directory [ 776.767530][ T3193] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 777.004603][ T3193] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 777.204527][ T3193] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 777.843045][ T3193] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 780.141271][ T3194] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 780.392854][ T3194] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 780.567321][ T3194] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 781.640884][ T3194] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 800.222060][ T3193] 8021q: adding VLAN 0 to HW filter on device bond0 [ 807.041564][ T3194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 875.496445][ T3193] veth0_vlan: entered promiscuous mode [ 875.788290][ T3194] veth0_vlan: entered promiscuous mode [ 876.442778][ T3194] veth1_vlan: entered promiscuous mode [ 876.550154][ T3193] veth1_vlan: entered promiscuous mode [ 879.058870][ T3194] veth0_macvtap: entered promiscuous mode [ 879.591579][ T3193] veth0_macvtap: entered promiscuous mode [ 879.742804][ T3194] veth1_macvtap: entered promiscuous mode [ 880.622448][ T3193] veth1_macvtap: entered promiscuous mode [ 883.470435][ T47] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 883.473103][ T47] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 883.509876][ T47] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 883.679123][ T47] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 883.776046][ T47] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 883.853305][ T47] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 883.856486][ T47] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 883.858245][ T47] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 889.884569][ T3193] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 975.781161][ T3862] netlink: 48 bytes leftover after parsing attributes in process `syz.0.24'. [ 1007.141555][ T3885] autofs: Bad value for 'fd' [ 1015.223232][ T3891] netlink: 68 bytes leftover after parsing attributes in process `syz.1.38'. [ 1016.554085][ T3893] rdma_op ffffaf801a8971f0 conn xmit_rdma 0000000000000000 [ 1033.977552][ T3904] netlink: 8 bytes leftover after parsing attributes in process `syz.1.44'. [ 1045.919643][ T3910] random: crng reseeded on system resumption [ 1061.902241][ T3923] netlink: 40 bytes leftover after parsing attributes in process `syz.1.52'. [ 1064.676141][ T3925] Illegal XDP return value 4294967274 on prog (id 3) dev N/A, expect packet loss! [ 1069.994295][ T3929] netlink: 763 bytes leftover after parsing attributes in process `syz.0.55'. [ 1075.272831][ T3934] faux_driver vgem: [drm] Unknown color mode 9; guessing buffer size. [ 1126.038487][ T3975] netlink: 48 bytes leftover after parsing attributes in process `syz.0.74'. [ 1130.552969][ T3977] netlink: 8 bytes leftover after parsing attributes in process `syz.1.76'. [ 1130.590812][ T3977] netlink: 'syz.1.76': attribute type 29 has an invalid length. [ 1130.634048][ T3977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.76'. [ 1156.006863][ T4000] netlink: 4 bytes leftover after parsing attributes in process `syz.1.83'. [ 1163.566071][ T31] audit: type=1326 audit(1162.130:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4003 comm="syz.1.85" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0x7fff90b332c6 code=0x0 [ 1170.551715][ T4007] netlink: 8 bytes leftover after parsing attributes in process `syz.0.86'. [ 1170.861791][ T4007] netlink: 8 bytes leftover after parsing attributes in process `syz.0.86'. [ 1203.297663][ T4036] batadv_slave_1: entered promiscuous mode [ 1203.389119][ T4036] batadv_slave_1: left promiscuous mode [ 1240.398263][ T4056] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1240.949578][ T4056] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1240.953213][ T4056] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1241.451643][ T4056] usb 1-1: config 0 descriptor?? [ 1244.502166][ T4056] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1245.772744][ T4056] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2 [ 1245.812856][ T4056] [drm] Initialized udl on minor 2 [ 1245.982008][ T4056] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffe0 [ 1246.323368][ T4056] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 1247.044287][ T4056] usb 1-1: USB disconnect, device number 2 [ 1247.346431][ T24] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 1316.289201][ T4127] input: syz1 as /devices/virtual/input/input0 [ 1324.513471][ T4140] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1350.021422][ T4157] netlink: 68 bytes leftover after parsing attributes in process `syz.1.136'. [ 1381.078304][ T30] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 1381.449738][ T30] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 130, using maximum allowed: 30 [ 1381.458442][ T30] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1381.462372][ T30] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1381.470703][ T30] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 130 [ 1381.473332][ T30] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00 [ 1381.493476][ T30] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1381.624057][ T30] usb 2-1: config 0 descriptor?? [ 1384.454443][ T30] corsair 0003:1B1C:1B3E.0001: unknown main item tag 0x0 [ 1384.469840][ T30] corsair 0003:1B1C:1B3E.0001: unknown main item tag 0x0 [ 1384.472513][ T30] corsair 0003:1B1C:1B3E.0001: unknown main item tag 0x0 [ 1384.474667][ T30] corsair 0003:1B1C:1B3E.0001: unknown main item tag 0x0 [ 1384.531321][ T30] corsair 0003:1B1C:1B3E.0001: unknown main item tag 0x0 [ 1384.533323][ T30] corsair 0003:1B1C:1B3E.0001: unknown main item tag 0x0 [ 1384.564063][ T30] corsair 0003:1B1C:1B3E.0001: unknown main item tag 0x0 [ 1384.586505][ T30] corsair 0003:1B1C:1B3E.0001: unknown main item tag 0x0 [ 1384.588758][ T30] corsair 0003:1B1C:1B3E.0001: unknown main item tag 0x0 [ 1384.590676][ T30] corsair 0003:1B1C:1B3E.0001: unknown main item tag 0x0 [ 1384.689323][ T30] corsair 0003:1B1C:1B3E.0001: unexpected long global item [ 1384.840648][ T30] corsair 0003:1B1C:1B3E.0001: parse failed [ 1384.869940][ T30] corsair 0003:1B1C:1B3E.0001: probe with driver corsair failed with error -22 [ 1385.571165][ T30] usb 2-1: USB disconnect, device number 2 [ 1397.503544][ T4206] input: syz1 as /devices/virtual/input/input1 [ 1421.500589][ T4227] block nbd1: not configured, cannot reconfigure [ 1422.507414][ T4229] netlink: 'syz.0.159': attribute type 32 has an invalid length. [ 1422.509058][ T4229] netlink: 24 bytes leftover after parsing attributes in process `syz.0.159'. [ 1422.511769][ T4229] bond0: option coupled_control: mode dependency failed, not supported in mode balance-rr(0) [ 1428.130695][ T4237] capability: warning: `syz.0.161' uses deprecated v2 capabilities in a way that may be insecure [ 1469.747269][ T4266] netlink: 44 bytes leftover after parsing attributes in process `syz.1.173'. [ 1490.544204][ T4284] netlink: 12 bytes leftover after parsing attributes in process `syz.1.178'. [ 1491.874662][ T4286] netlink: 12 bytes leftover after parsing attributes in process `syz.1.178'. [ 1505.547562][ T4299] netlink: 400 bytes leftover after parsing attributes in process `syz.0.182'. [ 1537.851792][ T31] audit: type=1326 audit(1536.360:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4320 comm="syz.1.191" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fff90b332c6 code=0x0 [ 1557.513345][ T4333] netlink: 48 bytes leftover after parsing attributes in process `syz.1.196'. [ 1635.977713][ T4383] process 'syz.0.218' launched './file1' with NULL argv: empty string added [ 1690.588510][ T3996] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 1690.593036][ C0] raw-gadget.0 gadget.1: ignoring, device is not running [ 1690.879393][ T3996] usb 2-1: device descriptor read/64, error -32 [ 1691.480604][ T3996] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 1691.778887][ T3996] usb 2-1: Using ep0 maxpacket: 16 [ 1691.889794][ T3996] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1691.892299][ T3996] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1691.894659][ T3996] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1691.910491][ T3996] usb 2-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 1691.912695][ T3996] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1692.086150][ T3996] usb 2-1: config 0 descriptor?? [ 1696.830799][ T4412] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1696.909392][ T4412] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1697.470518][ T3996] hid (null): global environment stack underflow [ 1697.474355][ T3996] hid (null): bogus close delimiter [ 1697.490556][ T3996] hid (null): unknown global tag 0xd [ 1697.851193][ T3996] hid_parser_main: 53 callbacks suppressed [ 1697.851731][ T3996] cougar 0003:060B:500A.0002: unknown main item tag 0x0 [ 1697.853470][ T3996] cougar 0003:060B:500A.0002: unknown main item tag 0x0 [ 1697.854545][ T3996] cougar 0003:060B:500A.0002: unknown main item tag 0x0 [ 1697.882240][ T3996] cougar 0003:060B:500A.0002: unknown main item tag 0x0 [ 1697.883665][ T3996] cougar 0003:060B:500A.0002: unknown main item tag 0x0 [ 1697.909511][ T3996] cougar 0003:060B:500A.0002: unknown main item tag 0x0 [ 1697.911434][ T3996] cougar 0003:060B:500A.0002: unknown main item tag 0x0 [ 1697.912576][ T3996] cougar 0003:060B:500A.0002: unknown main item tag 0x0 [ 1697.913663][ T3996] cougar 0003:060B:500A.0002: unknown main item tag 0x0 [ 1697.960127][ T3996] cougar 0003:060B:500A.0002: unknown main item tag 0x0 [ 1697.981680][ T3996] cougar 0003:060B:500A.0002: unexpected long global item [ 1698.039674][ T3996] cougar 0003:060B:500A.0002: parse failed [ 1698.041774][ T3996] cougar 0003:060B:500A.0002: probe with driver cougar failed with error -22 [ 1698.544020][ T3996] usb 2-1: USB disconnect, device number 4 [ 1731.449316][ T4452] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1731.452425][ T4452] IPv6: NLM_F_CREATE should be set when creating new route [ 1731.454048][ T4452] IPv6: NLM_F_CREATE should be set when creating new route [ 1731.471082][ T4452] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1731.479732][ T4452] Zero length message leads to an empty skb [ 1740.498663][ T4460] loop0: Can't mount, would change RO state [ 1757.293644][ T31] audit: type=1326 audit(1755.840:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4469 comm="syz.1.246" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0x7fff90b332c6 code=0x0 [ 1772.074655][ C1] vcan0: j1939_tp_rxtimer: 0xffffaf80215bb400: rx timeout, send abort [ 1772.581615][ C1] vcan0: j1939_tp_rxtimer: 0xffffaf80215bb400: abort rx timeout. Force session deactivation [ 1781.344655][ T4483] block nbd0: not configured, cannot reconfigure [ 1792.709680][ T4493] dummy0: entered allmulticast mode [ 1834.024128][ T4517] mmap: syz.0.265 (4517) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 1860.930323][ T4537] netlink: 36 bytes leftover after parsing attributes in process `syz.0.275'. [ 1914.959177][ C0] vcan0: j1939_tp_rxtimer: 0xffffaf801fe43800: rx timeout, send abort [ 1915.462541][ C0] vcan0: j1939_tp_rxtimer: 0xffffaf801fe43800: abort rx timeout. Force session deactivation [ 1924.408927][ T4577] syz_tun: entered allmulticast mode [ 1924.578438][ T4577] syz_tun: left allmulticast mode [ 2035.692829][ T4652] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 2108.964105][ T4690] netlink: 4 bytes leftover after parsing attributes in process `syz.0.338'. [ 2146.832092][ T4709] netlink: 'syz.0.346': attribute type 14 has an invalid length. [ 2162.740318][ T3810] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 2163.834251][ T3810] usb 1-1: Using ep0 maxpacket: 32 [ 2164.048217][ T3810] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2164.212822][ T3810] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2164.217176][ T3810] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 2164.219142][ T3810] usb 1-1: SerialNumber: syz [ 2168.777415][ T3810] usb 1-1: bad CDC descriptors [ 2169.221007][ T3810] usb 1-1: USB disconnect, device number 3 [ 2244.924451][ T4772] netlink: 12 bytes leftover after parsing attributes in process `syz.1.367'. [ 2244.978874][ T4772] netlink: 12 bytes leftover after parsing attributes in process `syz.1.367'. [ 2248.376807][ T4774] ======================================================= [ 2248.376807][ T4774] WARNING: The mand mount option has been deprecated and [ 2248.376807][ T4774] and is ignored by this kernel. Remove the mand [ 2248.376807][ T4774] option from the mount to silence this warning. [ 2248.376807][ T4774] ======================================================= [ 2290.778044][ T4797] binder: 4796:4797 ioctl 4018620d 0 returned -22 [ 2293.728614][ T4799] netlink: 20 bytes leftover after parsing attributes in process `syz.0.379'. [ 2294.719587][ T4800] netlink: 20 bytes leftover after parsing attributes in process `syz.0.379'. [ 2314.830512][ T4810] xt_connbytes: Forcing CT accounting to be enabled [ 2315.613072][ T4812] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 2390.832099][ T4856] block nbd1: shutting down sockets [ 2438.719549][ T4880] input: syz0 as /devices/virtual/input/input3 [ 2521.643445][ T4933] netlink: 8 bytes leftover after parsing attributes in process `syz.0.426'. [ 2584.465580][ T4960] ptrace attach of "/syz-executor exec"[3193] was attempted by "/syz-executor exec"[4960] [ 2630.401539][ T4983] netlink: 4 bytes leftover after parsing attributes in process `syz.0.448'. [ 2631.142384][ T4983] netlink: 4 bytes leftover after parsing attributes in process `syz.0.448'. [ 2648.829745][ T4993] netlink: 8 bytes leftover after parsing attributes in process `syz.1.453'. [ 2676.128522][ T5005] bond0: entered promiscuous mode [ 2676.129979][ T5005] bond_slave_0: entered promiscuous mode [ 2676.189660][ T5005] bond_slave_1: entered promiscuous mode [ 2769.499369][ T5057] veth0: entered promiscuous mode [ 2769.507593][ T5057] veth0: left promiscuous mode [ 2888.859215][ T5119] netlink: 32 bytes leftover after parsing attributes in process `syz.1.504'. [ 2943.099294][ T31] audit: type=1326 audit(2941.590:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5140 comm="syz.1.512" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff90b332c6 code=0x7fc00000 [ 2959.302696][ T5152] netlink: 4 bytes leftover after parsing attributes in process `syz.0.516'. [ 2971.917322][ T5156] netlink: 32 bytes leftover after parsing attributes in process `syz.0.518'. [ 3001.479381][ T5178] binder: BC_ACQUIRE_RESULT not supported [ 3001.513856][ T5178] binder: 5177:5178 ioctl c0306201 2000000003c0 returned -22 [ 3029.540643][ T5190] binder: 5189:5190 ioctl c0306201 200000000640 returned -22 [ 3047.100721][ T31] audit: type=1326 audit(3045.690:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5195 comm="syz.1.534" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0x7fff90b332c6 code=0x0 [ 3048.425289][ C1] hrtimer: interrupt took 1501500 ns [ 3059.587810][ T5205] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 3130.507800][ T5244] block nbd0: server does not support multiple connections per device. [ 3130.700064][ T5244] block nbd0: shutting down sockets [ 3227.153784][ T31] audit: type=1326 audit(3225.740:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5292 comm="syz.1.572" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff90b332c6 code=0x7fc00000 [ 3297.117796][ T5331] can0: slcan on ttyS3. [ 3298.402709][ T5332] can0 (unregistered): slcan off ttyS3. [ 3313.319493][ T5347] netlink: 4 bytes leftover after parsing attributes in process `syz.0.593'. [ 3313.508621][ T5347] hsr_slave_0: left promiscuous mode [ 3313.791802][ T5347] hsr_slave_1: left promiscuous mode [ 3413.290370][ T5397] netlink: 20 bytes leftover after parsing attributes in process `syz.1.615'. [ 3413.292854][ T5397] netlink: 12 bytes leftover after parsing attributes in process `syz.1.615'. [ 3413.431895][ T5397] netlink: 20 bytes leftover after parsing attributes in process `syz.1.615'. [ 3413.438345][ T5397] netlink: 12 bytes leftover after parsing attributes in process `syz.1.615'. [ 3507.783694][ T31] audit: type=1326 audit(3506.330:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5442 comm="syz.0.634" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb8b332c6 code=0x0 [ 3545.318639][ T31] audit: type=1326 audit(3543.900:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5463 comm="syz.1.640" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fff90b332c6 code=0x0 [ 3593.461743][ T5488] input: syz0 as /devices/virtual/input/input5 [ 3715.803634][ T5548] netlink: 8 bytes leftover after parsing attributes in process `syz.0.674'. [ 3789.530750][ T5588] netlink: 8 bytes leftover after parsing attributes in process `syz.1.692'. [ 3789.534398][ T5588] bond0: Unable to set up delay as MII monitoring is disabled [ 3808.971772][ T5600] netlink: 220 bytes leftover after parsing attributes in process `syz.1.696'. [ 3860.746117][ T5624] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 3929.366754][ T5662] macvlan1: entered promiscuous mode [ 3929.369099][ T5662] macvlan1: entered allmulticast mode [ 3930.553377][ T5663] veth1_vlan: entered allmulticast mode [ 3964.650382][ T5680] wireguard: wg1: Could not create IPv4 socket [ 4048.970710][ T5728] bond0: option lp_interval: invalid value (18446744073709551607) [ 4048.973397][ T5728] bond0: option lp_interval: allowed values 1 - 2147483647 [ 4063.897017][ T5739] netlink: 36 bytes leftover after parsing attributes in process `syz.0.751'. [ 4124.476282][ T31] audit: type=1326 audit(4123.020:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5772 comm="syz.0.764" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb8b332c6 code=0x7fc00000 [ 4209.209856][ T5820] veth1_to_team: entered promiscuous mode [ 4209.671391][ T5820] ip6gretap0: entered promiscuous mode [ 4209.820817][ T5820] debugfs: 'hsr0' already exists in 'hsr' [ 4209.822090][ T5820] Cannot create hsr debugfs directory [ 4209.888155][ T5820] hsr0: Slave A (veth1_to_team) is not up; please bring it up to get a fully working HSR network [ 4209.892721][ T5820] hsr0: entered promiscuous mode [ 4302.245938][ T31] audit: type=1800 audit(4300.830:11): pid=5878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.805" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=8953 res=0 errno=0 [ 4307.657572][ T5885] netlink: 4 bytes leftover after parsing attributes in process `syz.0.807'. [ 4307.707405][ T5885] netlink: 12 bytes leftover after parsing attributes in process `syz.0.807'. [ 4351.574116][ T5914] netlink: 44 bytes leftover after parsing attributes in process `syz.0.819'. [ 4398.221476][ T5937] block nbd0: NBD_DISCONNECT [ 4416.770016][ T5945] netlink: 12 bytes leftover after parsing attributes in process `syz.0.834'. [ 4416.799848][ T5945] netlink: 8 bytes leftover after parsing attributes in process `syz.0.834'. [ 4604.062531][ T6042] netlink: 8 bytes leftover after parsing attributes in process `syz.0.873'. [ 4605.027410][ T6042] netlink: 'syz.0.873': attribute type 2 has an invalid length. [ 4617.123351][ T6049] netlink: 100 bytes leftover after parsing attributes in process `syz.1.876'. [ 4623.261020][ T6054] netlink: 9 bytes leftover after parsing attributes in process `syz.1.878'. [ 4623.314003][ T6054] netlink: 9 bytes leftover after parsing attributes in process `syz.1.878'. [ 4662.092275][ T6070] netlink: 16255 bytes leftover after parsing attributes in process `syz.0.886'. [ 4712.199443][ T6099] blkio.reset_stats is deprecated [ 4753.830825][ T6120] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4757.483110][ T6120] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4760.430078][ T6120] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4763.482496][ T6120] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4769.362452][ T5009] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4770.559122][ T5413] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4771.781921][ T6136] nbd0: detected capacity change from 0 to 127 [ 4771.790215][ T5413] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4772.250839][ T865] block nbd0: Receive control failed (result -32) [ 4772.948777][ T5413] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4794.534096][ T6159] netlink: 4 bytes leftover after parsing attributes in process `syz.0.913'. [ 4809.761587][ T6166] gretap0: entered promiscuous mode [ 4809.909338][ T6166] vlan2: entered promiscuous mode [ 4887.137526][ T6223] netlink: 8 bytes leftover after parsing attributes in process `syz.0.937'. [ 4927.310309][ T6252] netlink: 32 bytes leftover after parsing attributes in process `syz.1.949'. [ 4960.063903][ T6274] ubi31: attaching mtd0 [ 4965.618558][ T6278] netlink: 16 bytes leftover after parsing attributes in process `syz.1.960'. [ 4980.070006][ T6288] netlink: 422 bytes leftover after parsing attributes in process `syz.1.965'. [ 5044.661253][ T6332] pimreg: entered allmulticast mode [ 5044.840707][ T6335] pimreg: left allmulticast mode [ 5179.664508][ T6416] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1014'. [ 5221.789473][ T6439] pim6reg0: tun_chr_ioctl cmd 1074025676 [ 5221.791541][ T6439] pim6reg0: owner set to 0 [ 5278.359654][ T31] audit: type=1326 audit(5276.920:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.1033" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb8b332c6 code=0x7ffc0000 [ 5278.442821][ T31] audit: type=1326 audit(5276.950:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.1033" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb8b332c6 code=0x7ffc0000 [ 5278.966151][ T31] audit: type=1326 audit(5277.550:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.1033" exe="/syz-executor" sig=0 arch=c00000f3 syscall=56 compat=0 ip=0x7fffb8b332c6 code=0x7ffc0000 [ 5279.127763][ T31] audit: type=1326 audit(5277.660:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.1033" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb8b332c6 code=0x7ffc0000 [ 5279.211113][ T31] audit: type=1326 audit(5277.760:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.1033" exe="/syz-executor" sig=0 arch=c00000f3 syscall=7 compat=0 ip=0x7fffb8b332c6 code=0x7ffc0000 [ 5279.337546][ T31] audit: type=1326 audit(5277.840:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.1033" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb8b332c6 code=0x7ffc0000 [ 5279.381376][ T31] audit: type=1326 audit(5277.950:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.1033" exe="/syz-executor" sig=0 arch=c00000f3 syscall=10 compat=0 ip=0x7fffb8b332c6 code=0x7ffc0000 [ 5279.463735][ T31] audit: type=1326 audit(5278.050:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.1033" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb8b332c6 code=0x7ffc0000 [ 5279.612773][ T31] audit: type=1326 audit(5278.200:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.1033" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb8b332c6 code=0x7ffc0000 [ 5335.178310][ T6503] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 5418.893900][ T6549] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1065'. [ 5419.539354][ T6549] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1065'. [ 5511.229333][ T6592] erspan0: entered promiscuous mode [ 5523.287988][ T6601] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1085'. [ 5529.856223][ T6608] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 5680.047797][ T6704] Invalid ELF header magic: != ELF [ 5687.051941][ T6712] netem: change failed [ 5718.303334][ T6739] binder: 6738:6739 ioctl c0306201 200000000480 returned -14 [ 5820.040820][ T6800] ptrace attach of "/syz-executor exec"[3193] was attempted by " Ðÿ ð¥ Àÿ Àÿ Ðÿ àÿ ðÿ °ÿ Àÿ ÿÿÿÿ    ÿÿÿÿ   ÿÿÿÿ  [ 5900.463747][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 5905.933533][ T6851] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 5918.180124][ T6858] netlink: 'syz.0.1193': attribute type 9 has an invalid length. [ 5992.614022][ T6902] netpci0: tun_chr_ioctl cmd 1074025677 [ 5992.630192][ T6902] netpci0: linktype set to 6 [ 6059.337649][ T6943] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1223'. [ 6079.499782][ T6997] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1226'. [ 6102.928559][ T6935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 6103.137286][ T6935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 6125.193550][ T6935] hsr_slave_0: entered promiscuous mode [ 6125.260886][ T6935] hsr_slave_1: entered promiscuous mode [ 6125.324590][ T6935] debugfs: 'hsr0' already exists in 'hsr' [ 6125.329132][ T6935] Cannot create hsr debugfs directory [ 6126.960278][ T7159] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 6127.059062][ T7159] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 6127.062659][ T7159] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 6127.066217][ T7159] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 6127.069389][ T7159] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 6127.072089][ T7159] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 6127.074254][ T7159] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 6127.077493][ T7159] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 6127.080208][ T7159] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 6127.083654][ T7159] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 6138.913596][ T6935] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6140.532369][ T6935] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6142.984226][ T6935] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6145.023057][ T6935] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6150.436267][ T6935] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 6150.972979][ T6935] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 6151.318521][ T6935] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 6151.791451][ T6935] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 6176.078868][ T6935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 6244.028042][ T6935] veth0_vlan: entered promiscuous mode [ 6245.508465][ T6935] veth1_vlan: entered promiscuous mode [ 6248.343310][ T6141] block nbd1: Receive control failed (result -32) [ 6248.407136][ T6141] block nbd1: Receive control failed (result -32) [ 6248.588907][ T7324] nbd1: detected capacity change from 0 to 63 [ 6248.950505][ T6935] veth0_macvtap: entered promiscuous mode [ 6249.647887][ T6935] veth1_macvtap: entered promiscuous mode [ 6254.171527][ T6928] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 6254.316125][ T6928] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 6254.424264][ T6591] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 6254.549314][ T6591] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 6258.074479][ T7328] netem: change failed [ 6309.943670][ T7352] ªªªªªª: renamed from vlan0 (while UP) [ 6314.934028][ T7354] netlink: 9275 bytes leftover after parsing attributes in process `syz.1.1260'. [ 6343.973812][ T7366] netlink: 'syz.0.1265': attribute type 13 has an invalid length. [ 6343.979284][ T7366] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1265'. [ 6344.149714][ T7366] macvtap0: refused to change device tx_queue_len [ 6357.829085][ T7372] net_ratelimit: 503 callbacks suppressed [ 6357.830191][ T7372] skbuff: bad partial csum: csum=65506/2 headroom=144 headlen=65526 [ 6415.332401][ T7405] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 6415.333879][ T7405] IPv6: NLM_F_CREATE should be set when creating new route [ 6415.336547][ T7405] IPv6: NLM_F_CREATE should be set when creating new route [ 6415.338017][ T7405] IPv6: NLM_F_CREATE should be set when creating new route [ 6415.401118][ T7405] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 6489.698112][ T7463] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1303'. [ 6588.857788][ T7523] block nbd2: Unsupported socket: should be TCP or UNIX. [ 6798.812952][ T7658] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 6877.110294][ T7698] pimreg: entered allmulticast mode [ 6939.131060][ T7732] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1417'. [ 6967.627621][ T7750] random: crng reseeded on system resumption [ 7019.922478][ T7778] binder: 7777:7778 ioctl 541b 0 returned -22 [ 7027.474345][ T7784] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1438'. [ 7031.600524][ T7786] netpci0: tun_chr_ioctl cmd 1074025672 [ 7031.602596][ T7786] netpci0: ignored: set checksum enabled [ 7070.352175][ T7810] ip6erspan0: entered allmulticast mode [ 7137.227793][ T7852] netlink: 232 bytes leftover after parsing attributes in process `syz.0.1466'. [ 7137.252815][ T7852] netlink: 232 bytes leftover after parsing attributes in process `syz.0.1466'. [ 7330.324132][ T7994] netlink: 'syz.0.1518': attribute type 29 has an invalid length. [ 7330.521514][ T7994] netlink: 'syz.0.1518': attribute type 29 has an invalid length. [ 7331.081235][ T7994] netlink: 'syz.0.1518': attribute type 29 has an invalid length. [ 7365.233184][ T8013] netlink: 'syz.1.1526': attribute type 3 has an invalid length. [ 7376.577692][ T8019] af_packet: tpacket_rcv: packet too big, clamped from 122 to 4294967286. macoff=82 [ 7481.231902][ T8073] binder: 8071:8073 ioctl c0306201 200000000640 returned -22 [ 7500.312035][ T8082] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1555'. [ 7501.406519][ T8083] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1555'. [ 7507.413213][ T8085] binder: 8084:8085 ioctl c018620c 200000000000 returned -1 [ 7616.720667][ T8135] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1574'. [ 7636.927148][ T8150] pimreg: left allmulticast mode [ 7668.619228][ T8163] input: syz0 as /devices/virtual/input/input7 [ 7685.232167][ T8176] binder: BC_ATTEMPT_ACQUIRE not supported [ 7685.234088][ T8176] binder: 8175:8176 ioctl c0306201 2000000001c0 returned -22 [ 7713.592148][ T8190] netlink: 564 bytes leftover after parsing attributes in process `syz.0.1595'. [ 7713.599152][ T8190] netlink: 564 bytes leftover after parsing attributes in process `syz.0.1595'. [ 7769.927838][ T8227] macvlan0: entered allmulticast mode [ 7769.929426][ T8227] veth1_vlan: entered allmulticast mode [ 7817.113565][ T8253] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1620'. [ 7869.018177][ T8284] capability: warning: `syz.1.1634' uses 32-bit capabilities (legacy support in use) [ 7927.941640][ T8329] [ 7927.943308][ T8329] ====================================================== [ 7927.946053][ T8329] WARNING: possible circular locking dependency detected [ 7927.948335][ T8329] syzkaller #0 Tainted: G L [ 7927.949441][ T8329] ------------------------------------------------------ [ 7927.950398][ T8329] syz.1.1649/8329 is trying to acquire lock: [ 7927.951490][ T8329] ffffaf801f4e1c70 (&nsock->tx_lock){+.+.}-{4:4}, at: nbd_queue_rq+0x372/0xe44 [ 7927.955254][ T8329] [ 7927.955254][ T8329] but task is already holding lock: [ 7927.956375][ T8329] ffffaf802ff08180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 7927.957978][ T8329] [ 7927.957978][ T8329] which lock already depends on the new lock. [ 7927.957978][ T8329] [ 7927.959269][ T8329] [ 7927.959269][ T8329] the existing dependency chain (in reverse order) is: [ 7927.959992][ T8329] [ 7927.959992][ T8329] -> #6 (&cmd->lock){+.+.}-{4:4}: [ 7927.961237][ T8329] lock_acquire+0x24a/0x504 [ 7927.961981][ T8329] __mutex_lock+0x164/0x1890 [ 7927.962800][ T8329] mutex_lock_nested+0x14/0x1c [ 7927.963682][ T8329] nbd_queue_rq+0xc4/0xe44 [ 7927.964333][ T8329] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 7927.965284][ T8329] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 7927.966592][ T8329] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 7927.967545][ T8329] blk_mq_run_hw_queue+0x274/0x6ec [ 7927.968520][ T8329] blk_mq_dispatch_list+0x53e/0x1430 [ 7927.969447][ T8329] blk_mq_flush_plug_list+0x114/0x55c [ 7927.970219][ T8329] __blk_flush_plug+0x270/0x464 [ 7927.970941][ T8329] __submit_bio+0x42e/0x504 [ 7927.971720][ T8329] submit_bio_noacct_nocheck+0x458/0xdf4 [ 7927.972485][ T8329] submit_bio_noacct+0x6fe/0x2170 [ 7927.973221][ T8329] submit_bio+0xb6/0x5b8 [ 7927.973909][ T8329] submit_bh_wbc+0x428/0x5c0 [ 7927.974678][ T8329] block_read_full_folio+0x396/0x788 [ 7927.975613][ T8329] blkdev_read_folio+0x26/0x30 [ 7927.976329][ T8329] filemap_read_folio+0xc2/0x270 [ 7927.977098][ T8329] do_read_cache_folio+0x22e/0x518 [ 7927.977864][ T8329] read_cache_folio+0x4e/0x68 [ 7927.978629][ T8329] read_part_sector+0xbc/0x408 [ 7927.979403][ T8329] read_lba+0x1b6/0x32c [ 7927.980081][ T8329] find_valid_gpt.constprop.0+0x212/0x21ec [ 7927.980833][ T8329] efi_partition+0xfe/0x9e0 [ 7927.981752][ T8329] bdev_disk_changed+0x5a0/0x1180 [ 7927.982610][ T8329] blkdev_get_whole+0x168/0x25c [ 7927.983545][ T8329] bdev_open+0x288/0xcc4 [ 7927.984450][ T8329] blkdev_open+0x2ec/0x454 [ 7927.985321][ T8329] do_dentry_open+0x418/0x1170 [ 7927.986128][ T8329] vfs_open+0xba/0x3a8 [ 7927.987159][ T8329] path_openat+0x144e/0x2f28 [ 7927.988286][ T8329] do_file_open+0x1ae/0x398 [ 7927.989259][ T8329] do_sys_openat2+0xfe/0x1c0 [ 7927.990147][ T8329] __riscv_sys_openat+0x122/0x1e4 [ 7927.991090][ T8329] syscall_handler+0x92/0x114 [ 7927.992057][ T8329] do_trap_ecall_u+0x402/0x680 [ 7927.992948][ T8329] handle_exception+0x15e/0x16a [ 7927.994012][ T8329] [ 7927.994012][ T8329] -> #5 (set->srcu){.+.+}-{0:0}: [ 7927.995579][ T8329] lock_sync+0xea/0x1cc [ 7927.996471][ T8329] __synchronize_srcu+0xd4/0x24c [ 7927.997888][ T8329] synchronize_srcu+0x14c/0x3fc [ 7927.998878][ T8329] blk_mq_quiesce_queue+0x124/0x194 [ 7928.000245][ T8329] elevator_switch+0x16a/0x4e4 [ 7928.001313][ T8329] elevator_change+0x2f4/0x4ac [ 7928.002389][ T8329] elevator_set_default+0x280/0x370 [ 7928.003467][ T8329] blk_register_queue+0x3a8/0x50c [ 7928.004458][ T8329] __add_disk+0x69a/0xda4 [ 7928.005291][ T8329] add_disk_fwnode+0xe8/0x48c [ 7928.006181][ T8329] device_add_disk+0x28/0x38 [ 7928.007059][ T8329] nbd_dev_add+0x692/0xaec [ 7928.008049][ T8329] nbd_init+0x3d4/0x3f8 [ 7928.008911][ T8329] do_one_initcall+0x18c/0xcdc [ 7928.009777][ T8329] kernel_init_freeable+0x6ca/0x7b4 [ 7928.010733][ T8329] kernel_init+0x28/0x240 [ 7928.011776][ T8329] ret_from_fork_kernel+0x94/0xef8 [ 7928.012741][ T8329] ret_from_fork_kernel_asm+0x16/0x18 [ 7928.013764][ T8329] [ 7928.013764][ T8329] -> #4 (&q->elevator_lock){+.+.}-{4:4}: [ 7928.015503][ T8329] lock_acquire+0x24a/0x504 [ 7928.016487][ T8329] __mutex_lock+0x164/0x1890 [ 7928.017437][ T8329] mutex_lock_nested+0x14/0x1c [ 7928.018399][ T8329] elevator_change+0x192/0x4ac [ 7928.019378][ T8329] elevator_set_none+0xa8/0x120 [ 7928.020327][ T8329] blk_mq_update_nr_hw_queues+0x43a/0x13a0 [ 7928.021423][ T8329] nbd_start_device+0x156/0xb74 [ 7928.022261][ T8329] nbd_genl_connect+0xe74/0x1a4c [ 7928.023128][ T8329] genl_family_rcv_msg_doit+0x1f6/0x2d8 [ 7928.024351][ T8329] genl_rcv_msg+0x4b2/0x73c [ 7928.025204][ T8329] netlink_rcv_skb+0x1e8/0x394 [ 7928.026198][ T8329] genl_rcv+0x32/0x4c [ 7928.027149][ T8329] netlink_unicast+0x50c/0x7d8 [ 7928.028094][ T8329] netlink_sendmsg+0x7e0/0xd64 [ 7928.029043][ T8329] __sock_sendmsg+0xca/0x160 [ 7928.030238][ T8329] ____sys_sendmsg+0x636/0x794 [ 7928.031252][ T8329] ___sys_sendmsg+0x1a4/0x1e8 [ 7928.032276][ T8329] __sys_sendmsg+0x18e/0x234 [ 7928.033196][ T8329] __riscv_sys_sendmsg+0x70/0xa4 [ 7928.034058][ T8329] syscall_handler+0x92/0x114 [ 7928.035253][ T8329] do_trap_ecall_u+0x402/0x680 [ 7928.036185][ T8329] handle_exception+0x15e/0x16a [ 7928.037057][ T8329] [ 7928.037057][ T8329] -> #3 (&q->q_usage_counter(io)#20){++++}-{0:0}: [ 7928.038653][ T8329] lock_acquire+0x24a/0x504 [ 7928.039538][ T8329] blk_alloc_queue+0x5b4/0x6f4 [ 7928.040400][ T8329] blk_mq_alloc_queue+0x15e/0x250 [ 7928.041364][ T8329] __blk_mq_alloc_disk+0x2a/0xd8 [ 7928.042320][ T8329] nbd_dev_add+0x426/0xaec [ 7928.043315][ T8329] nbd_init+0x3d4/0x3f8 [ 7928.044237][ T8329] do_one_initcall+0x18c/0xcdc [ 7928.045315][ T8329] kernel_init_freeable+0x6ca/0x7b4 [ 7928.046246][ T8329] kernel_init+0x28/0x240 [ 7928.047326][ T8329] ret_from_fork_kernel+0x94/0xef8 [ 7928.048231][ T8329] ret_from_fork_kernel_asm+0x16/0x18 [ 7928.049178][ T8329] [ 7928.049178][ T8329] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 7928.051200][ T8329] lock_acquire+0x24a/0x504 [ 7928.052074][ T8329] fs_reclaim_acquire+0xc6/0x100 [ 7928.053250][ T8329] kmem_cache_alloc_node_noprof+0x40/0x6e8 [ 7928.054408][ T8329] __alloc_skb+0x17c/0x778 [ 7928.055397][ T8329] tcp_stream_alloc_skb+0x2e/0x4d8 [ 7928.056412][ T8329] tcp_sendmsg_locked+0xe16/0x408c [ 7928.057431][ T8329] tcp_sendmsg+0x32/0x50 [ 7928.058337][ T8329] inet_sendmsg+0x9a/0xd8 [ 7928.059154][ T8329] __sock_sendmsg+0xca/0x160 [ 7928.060097][ T8329] sock_write_iter+0x298/0x3e8 [ 7928.061056][ T8329] vfs_write+0x648/0xd08 [ 7928.061913][ T8329] ksys_write+0x1f4/0x244 [ 7928.062767][ T8329] __riscv_sys_write+0x6e/0xa0 [ 7928.063747][ T8329] syscall_handler+0x92/0x114 [ 7928.064675][ T8329] do_trap_ecall_u+0x402/0x680 [ 7928.065628][ T8329] handle_exception+0x15e/0x16a [ 7928.066534][ T8329] [ 7928.066534][ T8329] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 7928.068140][ T8329] lock_acquire+0x24a/0x504 [ 7928.069042][ T8329] lock_sock_nested+0x38/0xf8 [ 7928.069956][ T8329] inet_shutdown+0x68/0x3c0 [ 7928.070939][ T8329] kernel_sock_shutdown+0x58/0x7c [ 7928.071941][ T8329] nbd_mark_nsock_dead+0xaa/0x510 [ 7928.072924][ T8329] sock_shutdown+0x144/0x238 [ 7928.073887][ T8329] nbd_ioctl+0x22c/0xbd4 [ 7928.074778][ T8329] blkdev_ioctl+0x4cc/0x12e4 [ 7928.075903][ T8329] __riscv_sys_ioctl+0x17c/0x1e4 [ 7928.076729][ T8329] syscall_handler+0x92/0x114 [ 7928.077679][ T8329] do_trap_ecall_u+0x402/0x680 [ 7928.078535][ T8329] handle_exception+0x15e/0x16a [ 7928.079447][ T8329] [ 7928.079447][ T8329] -> #0 (&nsock->tx_lock){+.+.}-{4:4}: [ 7928.080793][ T8329] check_noncircular+0x138/0x14c [ 7928.081640][ T8329] __lock_acquire+0xe9c/0x25ac [ 7928.082500][ T8329] lock_acquire+0x24a/0x504 [ 7928.083399][ T8329] __mutex_lock+0x164/0x1890 [ 7928.084368][ T8329] mutex_lock_nested+0x14/0x1c [ 7928.085406][ T8329] nbd_queue_rq+0x372/0xe44 [ 7928.086226][ T8329] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 7928.087223][ T8329] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 7928.088374][ T8329] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 7928.089457][ T8329] blk_mq_run_hw_queue+0x274/0x6ec [ 7928.090395][ T8329] blk_mq_dispatch_list+0x53e/0x1430 [ 7928.091394][ T8329] blk_mq_flush_plug_list+0x114/0x55c [ 7928.092370][ T8329] __blk_flush_plug+0x270/0x464 [ 7928.093279][ T8329] __submit_bio+0x42e/0x504 [ 7928.094140][ T8329] submit_bio_noacct_nocheck+0x458/0xdf4 [ 7928.095443][ T8329] submit_bio_noacct+0x6fe/0x2170 [ 7928.096430][ T8329] submit_bio+0xb6/0x5b8 [ 7928.097238][ T8329] submit_bh_wbc+0x428/0x5c0 [ 7928.098190][ T8329] block_read_full_folio+0x396/0x788 [ 7928.099186][ T8329] blkdev_read_folio+0x26/0x30 [ 7928.100049][ T8329] filemap_read_folio+0xc2/0x270 [ 7928.100963][ T8329] do_read_cache_folio+0x22e/0x518 [ 7928.101963][ T8329] read_cache_folio+0x4e/0x68 [ 7928.102873][ T8329] read_part_sector+0xbc/0x408 [ 7928.103787][ T8329] read_lba+0x1b6/0x32c [ 7928.104648][ T8329] find_valid_gpt.constprop.0+0x212/0x21ec [ 7928.105636][ T8329] efi_partition+0xfe/0x9e0 [ 7928.106512][ T8329] bdev_disk_changed+0x5a0/0x1180 [ 7928.107374][ T8329] blkdev_get_whole+0x168/0x25c [ 7928.108242][ T8329] bdev_open+0x288/0xcc4 [ 7928.109026][ T8329] blkdev_open+0x2ec/0x454 [ 7928.109840][ T8329] do_dentry_open+0x418/0x1170 [ 7928.110628][ T8329] vfs_open+0xba/0x3a8 [ 7928.111422][ T8329] path_openat+0x144e/0x2f28 [ 7928.112386][ T8329] do_file_open+0x1ae/0x398 [ 7928.113286][ T8329] do_sys_openat2+0xfe/0x1c0 [ 7928.114233][ T8329] __riscv_sys_openat+0x122/0x1e4 [ 7928.115250][ T8329] syscall_handler+0x92/0x114 [ 7928.116175][ T8329] do_trap_ecall_u+0x402/0x680 [ 7928.117027][ T8329] handle_exception+0x15e/0x16a [ 7928.118031][ T8329] [ 7928.118031][ T8329] other info that might help us debug this: [ 7928.118031][ T8329] [ 7928.119105][ T8329] Chain exists of: [ 7928.119105][ T8329] &nsock->tx_lock --> set->srcu --> &cmd->lock [ 7928.119105][ T8329] [ 7928.121021][ T8329] Possible unsafe locking scenario: [ 7928.121021][ T8329] [ 7928.121757][ T8329] CPU0 CPU1 [ 7928.122380][ T8329] ---- ---- [ 7928.123063][ T8329] lock(&cmd->lock); [ 7928.124035][ T8329] lock(set->srcu); [ 7928.125282][ T8329] lock(&cmd->lock); [ 7928.126529][ T8329] lock(&nsock->tx_lock); [ 7928.127417][ T8329] [ 7928.127417][ T8329] *** DEADLOCK *** [ 7928.127417][ T8329] [ 7928.128330][ T8329] 3 locks held by syz.1.1649/8329: [ 7928.129091][ T8329] #0: ffffaf801a976358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x3c4/0xcc4 [ 7928.131087][ T8329] #1: ffffaf8019e2b818 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x22c/0x6ec [ 7928.132971][ T8329] #2: ffffaf802ff08180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 7928.134929][ T8329] [ 7928.134929][ T8329] stack backtrace: [ 7928.136561][ T8329] CPU: 0 UID: 0 PID: 8329 Comm: syz.1.1649 Tainted: G L syzkaller #0 PREEMPT [ 7928.137133][ T8329] Tainted: [L]=SOFTLOCKUP [ 7928.137311][ T8329] Hardware name: riscv-virtio,qemu (DT) [ 7928.137722][ T8329] Call Trace: [ 7928.137898][ T8329] [] dump_backtrace+0x2e/0x3c [ 7928.138367][ T8329] [] show_stack+0x30/0x3c [ 7928.138679][ T8329] [] dump_stack_lvl+0x114/0x1ac [ 7928.139179][ T8329] [] dump_stack+0x1c/0x28 [ 7928.139723][ T8329] [] print_circular_bug+0x250/0x29c [ 7928.140080][ T8329] [] check_noncircular+0x138/0x14c [ 7928.140420][ T8329] [] __lock_acquire+0xe9c/0x25ac [ 7928.140785][ T8329] [] lock_acquire+0x24a/0x504 [ 7928.141097][ T8329] [] __mutex_lock+0x164/0x1890 [ 7928.141513][ T8329] [] mutex_lock_nested+0x14/0x1c [ 7928.141940][ T8329] [] nbd_queue_rq+0x372/0xe44 [ 7928.142224][ T8329] [] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 7928.142593][ T8329] [] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 7928.143190][ T8329] [] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 7928.143658][ T8329] [] blk_mq_run_hw_queue+0x274/0x6ec [ 7928.143998][ T8329] [] blk_mq_dispatch_list+0x53e/0x1430 [ 7928.144377][ T8329] [] blk_mq_flush_plug_list+0x114/0x55c [ 7928.144829][ T8329] [] __blk_flush_plug+0x270/0x464 [ 7928.145208][ T8329] [] __submit_bio+0x42e/0x504 [ 7928.145578][ T8329] [] submit_bio_noacct_nocheck+0x458/0xdf4 [ 7928.145971][ T8329] [] submit_bio_noacct+0x6fe/0x2170 [ 7928.146308][ T8329] [] submit_bio+0xb6/0x5b8 [ 7928.146637][ T8329] [] submit_bh_wbc+0x428/0x5c0 [ 7928.147036][ T8329] [] block_read_full_folio+0x396/0x788 [ 7928.147524][ T8329] [] blkdev_read_folio+0x26/0x30 [ 7928.147871][ T8329] [] filemap_read_folio+0xc2/0x270 [ 7928.148260][ T8329] [] do_read_cache_folio+0x22e/0x518 [ 7928.148686][ T8329] [] read_cache_folio+0x4e/0x68 [ 7928.149091][ T8329] [] read_part_sector+0xbc/0x408 [ 7928.149418][ T8329] [] read_lba+0x1b6/0x32c [ 7928.149738][ T8329] [] find_valid_gpt.constprop.0+0x212/0x21ec [ 7928.150105][ T8329] [] efi_partition+0xfe/0x9e0 [ 7928.150425][ T8329] [] bdev_disk_changed+0x5a0/0x1180 [ 7928.150756][ T8329] [] blkdev_get_whole+0x168/0x25c [ 7928.151133][ T8329] [] bdev_open+0x288/0xcc4 [ 7928.151445][ T8329] [] blkdev_open+0x2ec/0x454 [ 7928.151805][ T8329] [] do_dentry_open+0x418/0x1170 [ 7928.152090][ T8329] [] vfs_open+0xba/0x3a8 [ 7928.152379][ T8329] [] path_openat+0x144e/0x2f28 [ 7928.152788][ T8329] [] do_file_open+0x1ae/0x398 [ 7928.153187][ T8329] [] do_sys_openat2+0xfe/0x1c0 [ 7928.153492][ T8329] [] __riscv_sys_openat+0x122/0x1e4 [ 7928.153819][ T8329] [] syscall_handler+0x92/0x114 [ 7928.154175][ T8329] [] do_trap_ecall_u+0x402/0x680 [ 7928.154507][ T8329] [] handle_exception+0x15e/0x16a [ 7928.210886][ T8329] block nbd1: Dead connection, failed to find a fallback [ 7928.212563][ T8329] block nbd1: shutting down sockets [ 7928.229055][ T8329] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7928.231085][ T8329] Buffer I/O error on dev nbd1, logical block 0, async page read [ 7928.233545][ T8329] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7928.236037][ T8329] Buffer I/O error on dev nbd1, logical block 1, async page read [ 7928.238114][ T8329] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7928.241402][ T8329] Buffer I/O error on dev nbd1, logical block 2, async page read [ 7928.243641][ T8329] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7928.247640][ T8329] Buffer I/O error on dev nbd1, logical block 3, async page read [ 7928.253811][ T8329] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 SYZFAIL: failed to recv rpc [ 7928.467068][ T8329] Buffer I/O error on dev nbd1, logical block 0, async page read [ 7928.470672][ T8329] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7928.472857][ T8329] Buffer I/O error on dev nbd1, logical block 1, async page read [ 7928.571293][ T8329] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7928.573918][ T8329] Buffer I/O error on dev nbd1, logical block 2, async page read [ 7928.659906][ T8329] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7928.662326][ T8329] Buffer I/O error on dev nbd1, logical block 3, async page read [ 7928.756180][ T8329] nbd1: unable to read partition table fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 7929.766718][ T8329] block nbd1: Cannot use ioctl interface on a netlink controlled device. [ 7929.800494][ T8329] block nbd1: NBD_DISCONNECT [ 7929.801960][ T8329] block nbd1: Send disconnect failed -32 [ 7929.802921][ T8329] block nbd1: Send disconnect failed -32 [ 7950.099993][ T6591] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7951.081934][ T6591] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7952.552973][ T6591] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7954.162768][ T6591] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0