last executing test programs: 43.144466592s ago: executing program 0 (id=807): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfb, 0x1}, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0x3c) 41.832072123s ago: executing program 1 (id=808): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff038}, {0x6}]}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000d40)=ANY=[], 0x18}}, 0x4000000) sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0) 36.819755105s ago: executing program 0 (id=809): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000005c0), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0) recvfrom$packet(r0, 0x0, 0x0, 0x40000000, 0x0, 0x0) 31.600174428s ago: executing program 1 (id=810): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103) r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file7\x00', 0x0) 28.483528166s ago: executing program 0 (id=811): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x54, r1, 0x1, 0xffffbffe, 0x4, {}, [@NBD_ATTR_SOCKETS={0x28, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c1937}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xfffd}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x2400c0d0) 24.53678371s ago: executing program 1 (id=812): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{0x0, 0x2}, 'syz1\x00', 0x40}) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x2) 13.949531724s ago: executing program 0 (id=813): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='syz_tun\x00', 0x10) syz_emit_ethernet(0x32, &(0x7f00000019c0)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x1, 0xb7}}}}}}}, 0x0) 13.548413156s ago: executing program 1 (id=814): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x9c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x6c, 0x2, {{}, [@TCA_NETEM_LOSS={0x30, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x18}, @NETEM_LOSS_GI={0x18}]}, @TCA_NETEM_RATE={0x14, 0xd}, @TCA_NETEM_CORRUPT={0xc, 0x2}]}}}]}, 0x9c}}, 0x0) 11.216996712s ago: executing program 0 (id=815): r0 = syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00') madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) madvise(&(0x7f0000529000/0x2000)=nil, 0x2000, 0x16) lseek(r0, 0x2004, 0x0) 8.602188384s ago: executing program 1 (id=816): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/vlan/vlan0\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8923, &(0x7f0000000000)={'vlan0\x00', @local}) ppoll(&(0x7f0000000140)=[{r0, 0x4000}], 0x1, &(0x7f0000000180)={0x0, 0x989680}, 0x0, 0x0) 3.273286532s ago: executing program 0 (id=817): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) 0s ago: executing program 1 (id=818): syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x1c1400) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)={0x1c, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x10) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:15051' (ED25519) to the list of known hosts. syzkaller login: [ 552.890898][ T3216] cgroup: Unknown subsys name 'net' [ 553.625509][ T3216] cgroup: Unknown subsys name 'cpuset' [ 553.802530][ T3216] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 639.331973][ T3216] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 779.902075][ T3224] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 780.052953][ T3223] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 780.215085][ T3224] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 780.312662][ T3223] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 800.169145][ T3224] hsr_slave_0: entered promiscuous mode [ 800.212069][ T3224] hsr_slave_1: entered promiscuous mode [ 800.621880][ T3223] hsr_slave_0: entered promiscuous mode [ 800.647090][ T3223] hsr_slave_1: entered promiscuous mode [ 800.674386][ T3223] debugfs: 'hsr0' already exists in 'hsr' [ 800.677779][ T3223] Cannot create hsr debugfs directory [ 812.011398][ T3224] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 812.282655][ T3224] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 812.543427][ T3224] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 813.202665][ T3224] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 815.474380][ T3223] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 815.641705][ T3223] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 815.778045][ T3223] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 816.168145][ T3223] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 832.430734][ T3223] 8021q: adding VLAN 0 to HW filter on device bond0 [ 833.751358][ T3224] 8021q: adding VLAN 0 to HW filter on device bond0 [ 894.469344][ T3224] veth0_vlan: entered promiscuous mode [ 895.175545][ T3224] veth1_vlan: entered promiscuous mode [ 896.089309][ T3223] veth0_vlan: entered promiscuous mode [ 897.103167][ T3223] veth1_vlan: entered promiscuous mode [ 898.093800][ T3224] veth0_macvtap: entered promiscuous mode [ 898.877091][ T3224] veth1_macvtap: entered promiscuous mode [ 901.894585][ T3223] veth0_macvtap: entered promiscuous mode [ 902.568601][ T3223] veth1_macvtap: entered promiscuous mode [ 903.564340][ T27] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 903.623003][ T27] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 903.764847][ T27] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 903.801961][ T27] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 907.447574][ T27] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 907.722904][ T27] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 907.759979][ T27] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 907.762837][ T27] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 911.532164][ T3224] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 937.313759][ T3847] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5'. [ 1038.987179][ T3929] netlink: 12 bytes leftover after parsing attributes in process `syz.1.36'. [ 1110.905470][ T3969] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1137.495279][ T3987] ptrace attach of "/syz-executor exec"[3989] was attempted by "/syz-executor exec"[3987] [ 1191.902263][ T4034] Driver unsupported XDP return value 0 on prog (id 8) dev N/A, expect packet loss! [ 1222.958466][ T3836] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 1223.231582][ T3836] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1231.740530][ T4068] netlink: 164 bytes leftover after parsing attributes in process `syz.1.88'. [ 1237.375055][ T4072] capability: warning: `syz.0.90' uses 32-bit capabilities (legacy support in use) [ 1286.000171][ T4098] devtmpfs: Cannot disable swap on remount [ 1342.634503][ T4129] pimreg: entered allmulticast mode [ 1357.701141][ T4141] netlink: 12 bytes leftover after parsing attributes in process `syz.0.121'. [ 1401.098835][ T4170] Device tree not included in the provided image [ 1406.380645][ T4172] faux_driver vgem: [drm] Unknown color mode 14; guessing buffer size. [ 1419.790529][ T4187] syz_tun: entered allmulticast mode [ 1419.933549][ T4187] syz_tun: left allmulticast mode [ 1428.035280][ T4193] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1428.704448][ T4193] No such timeout policy "syz0" [ 1465.211160][ T4209] netlink: 422 bytes leftover after parsing attributes in process `syz.0.149'. [ 1543.049438][ T4272] netlink: 64 bytes leftover after parsing attributes in process `syz.1.168'. [ 1543.054652][ T4272] netlink: 64 bytes leftover after parsing attributes in process `syz.1.168'. [ 1595.380565][ T4308] netlink: 'syz.1.181': attribute type 4 has an invalid length. [ 1629.319977][ T4329] netlink: 64 bytes leftover after parsing attributes in process `syz.0.188'. [ 1629.322936][ T4329] netlink: 64 bytes leftover after parsing attributes in process `syz.0.188'. [ 1663.494467][ T4344] input: syz1 as /devices/virtual/input/input0 [ 1671.460522][ T4354] netlink: 220 bytes leftover after parsing attributes in process `syz.0.199'. [ 1671.696039][ C1] hrtimer: interrupt took 1275200 ns [ 1709.039306][ T4375] input: syz0 as /devices/virtual/input/input1 [ 1720.632683][ T4388] mmap: syz.1.213 (4388) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 1724.603366][ T4391] process 'syz.0.214' launched '/dev/fd/3' with NULL argv: empty string added [ 1743.747151][ T31] audit: type=1326 audit(1742.240:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4404 comm="syz.0.220" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff92f332c6 code=0x7fc00000 [ 1744.990728][ T31] audit: type=1326 audit(1743.510:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4404 comm="syz.0.220" exe="/syz-executor" sig=0 arch=c00000f3 syscall=211 compat=0 ip=0x7fff92f332c6 code=0x7fc00000 [ 1745.099098][ T31] audit: type=1326 audit(1743.530:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4404 comm="syz.0.220" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff92f332c6 code=0x7fc00000 [ 1768.751773][ T4419] capability: warning: `syz.1.226' uses deprecated v2 capabilities in a way that may be insecure [ 1781.554212][ T4430] pim6reg1: tun_chr_ioctl cmd 1074025678 [ 1781.562274][ T4430] pim6reg1: group set to 0 [ 1801.012178][ T4451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.238'. [ 1872.510269][ T4462] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1873.109709][ T4462] usb 1-1: config 1 has an invalid interface number: 7 but max is 0 [ 1873.113347][ T4462] usb 1-1: config 1 has no interface number 0 [ 1873.121962][ T4462] usb 1-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 1873.127193][ T4462] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1023 [ 1873.134924][ T4462] usb 1-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1873.530149][ T4462] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 1873.531549][ T4462] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1873.533095][ T4462] usb 1-1: Product: syz [ 1873.533974][ T4462] usb 1-1: Manufacturer: syz [ 1873.534911][ T4462] usb 1-1: SerialNumber: syz [ 1873.920785][ T4504] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1879.222275][ T4462] usb 1-1: Error in usbnet_get_endpoints (-110) [ 1883.589692][ T4462] usb 1-1: USB disconnect, device number 2 [ 1924.064991][ T4548] netlink: 12 bytes leftover after parsing attributes in process `syz.0.269'. [ 1928.138887][ T4548] netlink: 12 bytes leftover after parsing attributes in process `syz.0.269'. [ 1976.418759][ T4576] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1976.430620][ T4576] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 2017.551005][ T4599] input: syz1 as /devices/virtual/input/input2 [ 2024.170013][ T4606] netlink: 8 bytes leftover after parsing attributes in process `syz.1.287'. [ 2024.173884][ T4606] netlink: 4 bytes leftover after parsing attributes in process `syz.1.287'. [ 2024.230207][ T4606] netlink: 'syz.1.287': attribute type 19 has an invalid length. [ 2024.232816][ T4606] netlink: 'syz.1.287': attribute type 20 has an invalid length. [ 2024.944992][ T4607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.287'. [ 2024.971076][ T4607] netlink: 4 bytes leftover after parsing attributes in process `syz.1.287'. [ 2024.974709][ T4607] netlink: 'syz.1.287': attribute type 19 has an invalid length. [ 2024.999373][ T4607] netlink: 'syz.1.287': attribute type 20 has an invalid length. [ 2025.710260][ T4506] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 2025.714612][ T4506] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 2025.817644][ T4506] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 2025.821999][ T4506] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 2025.825557][ T4607] Zero length message leads to an empty skb [ 2027.114062][ T4611] netlink: 8 bytes leftover after parsing attributes in process `syz.0.288'. [ 2027.138368][ T4611] netlink: 'syz.0.288': attribute type 29 has an invalid length. [ 2027.141900][ T4611] netlink: 4 bytes leftover after parsing attributes in process `syz.0.288'. [ 2071.488942][ T31] audit: type=1326 audit(2070.010:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4635 comm="syz.0.299" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fff92f332c6 code=0x0 [ 2086.993153][ T4647] block nbd0: server does not support multiple connections per device. [ 2087.020743][ T4647] block nbd0: shutting down sockets [ 2140.351129][ T4684] netlink: 8 bytes leftover after parsing attributes in process `syz.0.319'. [ 2152.029856][ T31] audit: type=1326 audit(2150.520:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4691 comm="syz.0.323" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fff92f332c6 code=0x0 [ 2192.080321][ T4720] netlink: 24 bytes leftover after parsing attributes in process `syz.0.334'. [ 2192.790233][ T4721] netlink: 24 bytes leftover after parsing attributes in process `syz.0.334'. [ 2196.647847][ T4723] sit0: entered promiscuous mode [ 2196.932345][ T4723] netlink: 'syz.1.335': attribute type 1 has an invalid length. [ 2196.933916][ T4723] netlink: 1 bytes leftover after parsing attributes in process `syz.1.335'. [ 2275.758934][ T4772] macvlan0: entered allmulticast mode [ 2275.760796][ T4772] veth1_vlan: entered allmulticast mode [ 2300.788534][ T3788] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 2301.759137][ T3788] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2301.761953][ T3788] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2301.764220][ T3788] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 2301.818339][ T3788] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2301.820690][ T3788] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2302.295165][ T3788] usb 2-1: config 0 descriptor?? [ 2304.983191][ T3788] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 2305.020764][ T3788] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 2305.023288][ T3788] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 2305.025470][ T3788] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 2305.041995][ T3788] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 2305.044272][ T3788] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 2305.081977][ T3788] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 2305.084472][ T3788] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 2305.148860][ T3788] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 2305.154795][ T3788] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 2306.031235][ T3788] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 2306.763375][ T3788] usb 2-1: USB disconnect, device number 2 [ 2327.184691][ T4819] netlink: 'syz.0.368': attribute type 12 has an invalid length. [ 2358.123692][ T31] audit: type=1326 audit(2356.640:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4836 comm="syz.1.375" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb65332c6 code=0x0 [ 2381.593627][ T31] audit: type=1326 audit(2380.060:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4851 comm="syz.1.381" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb65332c6 code=0x0 [ 2406.303131][ T3848] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 2406.910010][ T3848] usb 2-1: config 1 has an invalid interface number: 7 but max is 0 [ 2406.912269][ T3848] usb 2-1: config 1 has no interface number 0 [ 2406.921197][ T3848] usb 2-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 2406.923713][ T3848] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1023 [ 2406.930385][ T3848] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2407.190576][ T3848] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 2407.192156][ T3848] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2407.193511][ T3848] usb 2-1: Product: syz [ 2407.194418][ T3848] usb 2-1: Manufacturer: syz [ 2407.195313][ T3848] usb 2-1: SerialNumber: syz [ 2407.462781][ T4869] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2412.876693][ T3848] usb 2-1: Error in usbnet_get_endpoints (-110) [ 2413.850165][ T3848] usb 2-1: USB disconnect, device number 3 [ 2447.811955][ T3835] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 2448.239989][ T3835] usb 1-1: config 1 has an invalid interface number: 7 but max is 0 [ 2448.242330][ T3835] usb 1-1: config 1 has no interface number 0 [ 2448.244380][ T3835] usb 1-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 2448.261013][ T3835] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1023 [ 2448.263454][ T3835] usb 1-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2448.807844][ T3835] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 2448.812137][ T3835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2448.814158][ T3835] usb 1-1: Product: syz [ 2448.820671][ T3835] usb 1-1: Manufacturer: syz [ 2448.822621][ T3835] usb 1-1: SerialNumber: syz [ 2449.143602][ T4903] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 2454.500387][ T3835] usb 1-1: Error in usbnet_get_endpoints (-110) [ 2455.053824][ T3835] usb 1-1: USB disconnect, device number 3 [ 2467.525554][ T4922] veth0: entered promiscuous mode [ 2467.730413][ T4922] veth0: left promiscuous mode [ 2485.129051][ T4930] skbuff: bad partial csum: csum=65506/2 headroom=144 headlen=65526 [ 2540.102080][ T4963] binder: BC_ATTEMPT_ACQUIRE not supported [ 2540.104837][ T4963] binder: 4962:4963 ioctl c0306201 2000000001c0 returned -22 [ 2572.150422][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 2575.348023][ T4984] netlink: 24 bytes leftover after parsing attributes in process `syz.1.423'. [ 2576.533364][ T4986] netlink: 24 bytes leftover after parsing attributes in process `syz.1.423'. [ 2578.067862][ T4985] ip6erspan0: entered allmulticast mode [ 2585.451846][ T4991] bond0: option packets_per_slave: invalid value (18446744072268814746) [ 2585.453861][ T4991] bond0: option packets_per_slave: allowed values 0 - 65535 [ 2593.920093][ T4996] netlink: 4 bytes leftover after parsing attributes in process `syz.0.426'. [ 2615.624944][ T5007] netlink: 4 bytes leftover after parsing attributes in process `syz.1.433'. [ 2618.009546][ T5009] netlink: 8 bytes leftover after parsing attributes in process `syz.0.434'. [ 2618.013175][ T5009] netem: unknown loss type 0 [ 2618.039492][ T5009] netem: change failed [ 2711.332449][ T5069] binder: 5068:5069 ioctl c0306201 200000000100 returned -14 [ 2719.711600][ T5075] block nbd0: shutting down sockets [ 2745.450317][ T5097] bpf: Bad value for 'uid' [ 2752.854583][ T5111] netlink: 20 bytes leftover after parsing attributes in process `syz.1.472'. [ 2755.003770][ T5103] bond1: entered promiscuous mode [ 2785.901556][ T5166] nbd0: detected capacity change from 0 to 127 [ 2786.228194][ T866] block nbd0: Receive control failed (result -32) [ 2816.241896][ T3788] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 2816.549228][ T3788] usb 2-1: Using ep0 maxpacket: 32 [ 2816.663098][ T3788] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 2816.664999][ T3788] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 2816.702854][ T3788] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 2816.724045][ T3788] usb 2-1: config 1 has no interface number 0 [ 2816.737624][ T3788] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2816.740310][ T3788] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 2816.743272][ T3788] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 2816.745463][ T3788] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2817.718649][ T3788] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 2818.884464][ T3788] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached [ 2821.734689][ T3836] snd_usb_pod 2-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 2822.662761][ T4462] usb 2-1: USB disconnect, device number 4 [ 2823.160093][ T4462] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 2840.129960][ T5211] veth1_macvtap: left promiscuous mode [ 2840.131788][ T5211] macsec0: entered promiscuous mode [ 2841.155257][ T5212] veth1_macvtap: entered promiscuous mode [ 2841.164998][ T5212] macsec0: left promiscuous mode [ 2853.299402][ T5217] trusted_key: encrypted_key: keyword 'updat' not recognized [ 2872.733450][ T5230] blkio.reset_stats is deprecated [ 2907.872475][ T5248] dummy0: entered promiscuous mode [ 2907.923148][ T5248] macvlan2: entered promiscuous mode [ 2907.951443][ T5248] macvlan2: entered allmulticast mode [ 2907.952953][ T5248] dummy0: entered allmulticast mode [ 2921.852294][ T5261] netlink: 28 bytes leftover after parsing attributes in process `syz.0.513'. [ 2936.290360][ T3836] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 2936.599810][ T3836] usb 1-1: Using ep0 maxpacket: 16 [ 2936.749457][ T3836] usb 1-1: config index 0 descriptor too short (expected 16456, got 72) [ 2936.754441][ T3836] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 2936.782624][ T3836] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 2936.785365][ T3836] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 2936.789116][ T3836] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 2936.792292][ T3836] usb 1-1: config 0 has no interface number 0 [ 2936.820064][ T3836] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 2936.840748][ T3836] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 2936.853982][ T3836] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 2936.861231][ T3836] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 2936.873029][ T3836] usb 1-1: config 0 interface 125 has no altsetting 0 [ 2936.879816][ T3836] usb 1-1: config 0 interface 125 has no altsetting 2 [ 2937.278964][ T3836] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 2937.283317][ T3836] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2937.329087][ T3836] usb 1-1: Product: syz [ 2937.331715][ T3836] usb 1-1: Manufacturer: syz [ 2937.334015][ T3836] usb 1-1: SerialNumber: syz [ 2938.043578][ T3836] usb 1-1: config 0 descriptor?? [ 2938.331556][ T3836] usb 1-1: selecting invalid altsetting 2 [ 2939.789299][ T3836] get_1284_register timeout [ 2939.798634][ C0] usb 1-1: async_complete: urb error -104 [ 2939.802075][ C0] usb 1-1: async_complete: urb error -104 [ 2939.804161][ C0] usb 1-1: async_complete: urb error -104 [ 2939.806224][ C0] usb 1-1: async_complete: urb error -104 [ 2952.140625][ T4415] usb 1-1: USB disconnect, device number 4 [ 2999.551705][ T5323] netlink: 8 bytes leftover after parsing attributes in process `syz.0.534'. [ 3054.743297][ T5359] input: syz0 as /devices/virtual/input/input4 [ 3082.949106][ T5377] input: syz0 as /devices/virtual/input/input5 [ 3127.507851][ T5410] netlink: 12 bytes leftover after parsing attributes in process `syz.1.563'. [ 3127.513081][ T5410] netlink: 12 bytes leftover after parsing attributes in process `syz.1.563'. [ 3293.919666][ T5516] netlink: 8 bytes leftover after parsing attributes in process `syz.1.602'. [ 3338.642509][ T5538] netlink: 4 bytes leftover after parsing attributes in process `syz.1.611'. [ 3344.373175][ T5542] netlink: 59 bytes leftover after parsing attributes in process `syz.1.613'. [ 3565.033537][ T5651] syz.0.651: vmalloc error: size 2037431678, exceeds total pages, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 3565.215627][ T5651] CPU: 1 UID: 0 PID: 5651 Comm: syz.0.651 Tainted: G L syzkaller #0 PREEMPT [ 3565.216698][ T5651] Tainted: [L]=SOFTLOCKUP [ 3565.217006][ T5651] Hardware name: riscv-virtio,qemu (DT) [ 3565.217666][ T5651] Call Trace: [ 3565.218177][ T5651] [] dump_backtrace+0x2e/0x3c [ 3565.220675][ T5651] [] show_stack+0x30/0x3c [ 3565.221333][ T5651] [] dump_stack_lvl+0x114/0x1ac [ 3565.222151][ T5651] [] dump_stack+0x1c/0x28 [ 3565.222986][ T5651] [] warn_alloc+0x188/0x2a4 [ 3565.223505][ T5651] [] __vmalloc_node_range_noprof+0x14fc/0x18e8 [ 3565.224195][ T5651] [] __kvmalloc_node_noprof+0x4b2/0xa14 [ 3565.224802][ T5651] [] drm_property_create_blob+0x7c/0x2f8 [ 3565.225486][ T5651] [] drm_mode_createblob_ioctl+0xf4/0x3d8 [ 3565.226218][ T5651] [] drm_ioctl_kernel+0x1de/0x370 [ 3565.226890][ T5651] [] drm_ioctl+0x4e6/0xb98 [ 3565.227516][ T5651] [] __riscv_sys_ioctl+0x17c/0x1e4 [ 3565.228096][ T5651] [] syscall_handler+0x92/0x114 [ 3565.228791][ T5651] [] do_trap_ecall_u+0x402/0x680 [ 3565.229480][ T5651] [] handle_exception+0x15e/0x16a [ 3565.427884][ T5651] Mem-Info: [ 3565.489459][ T5651] active_anon:17711 inactive_anon:0 isolated_anon:0 [ 3565.489459][ T5651] active_file:14336 inactive_file:35387 isolated_file:0 [ 3565.489459][ T5651] unevictable:768 dirty:23 writeback:0 [ 3565.489459][ T5651] slab_reclaimable:2745 slab_unreclaimable:28148 [ 3565.489459][ T5651] mapped:16513 shmem:15410 pagetables:796 [ 3565.489459][ T5651] sec_pagetables:0 bounce:0 [ 3565.489459][ T5651] kernel_misc_reclaimable:0 [ 3565.489459][ T5651] free:189757 free_pcp:6895 free_cma:52672 [ 3565.533939][ T5651] Node 0 active_anon:70760kB inactive_anon:0kB active_file:57344kB inactive_file:141548kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:66136kB dirty:92kB writeback:0kB shmem:61640kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6112kB pagetables:3184kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 3565.605342][ T5651] Node 0 DMA32 free:759028kB boost:0kB min:22528kB low:28160kB high:33792kB reserved_highatomic:0KB free_highatomic:0KB active_anon:70760kB inactive_anon:0kB active_file:57344kB inactive_file:141548kB unevictable:3072kB writepending:112kB zspages:0kB present:2097152kB managed:1424720kB mlocked:0kB bounce:0kB free_pcp:27564kB local_pcp:14068kB free_cma:210688kB [ 3565.722930][ T5651] lowmem_reserve[]: 0 0 0 [ 3565.813469][ T5651] Node 0 DMA32: 1587*4kB (UM) 605*8kB (UM) 212*16kB (UME) 118*32kB (UME) 37*64kB (UM) 18*128kB (UME) 7*256kB (MEC) 6*512kB (UMEC) 2*1024kB (EC) 4*2048kB (MEC) 176*4096kB (MC) = 759028kB [ 3565.963098][ T5651] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3565.989053][ T5651] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 3565.993152][ T5651] 65107 total pagecache pages [ 3565.995644][ T5651] 0 pages in swap cache [ 3566.097425][ T5651] Free swap = 124996kB [ 3566.100272][ T5651] Total swap = 124996kB [ 3566.102726][ T5651] 524288 pages RAM [ 3566.104430][ T5651] 0 pages HighMem/MovableOnly [ 3566.200471][ T5651] 168108 pages reserved [ 3566.202321][ T5651] 52736 pages cma reserved [ 3581.421972][ T5655] netlink: 16 bytes leftover after parsing attributes in process `syz.0.653'. [ 3581.751180][ T5655] netlink: 12 bytes leftover after parsing attributes in process `syz.0.653'. [ 3581.755669][ T5655] netlink: 12 bytes leftover after parsing attributes in process `syz.0.653'. [ 3718.884722][ T5716] netlink: 16 bytes leftover after parsing attributes in process `syz.0.680'. [ 3797.284711][ T5748] block nbd1: shutting down sockets [ 3866.102848][ T5784] netlink: 20 bytes leftover after parsing attributes in process `syz.1.710'. [ 3866.153285][ T5784] netlink: 12 bytes leftover after parsing attributes in process `syz.1.710'. [ 3866.690108][ T5784] netlink: 20 bytes leftover after parsing attributes in process `syz.1.710'. [ 3866.692416][ T5784] netlink: 12 bytes leftover after parsing attributes in process `syz.1.710'. [ 3905.665437][ T5812] input: syz0 as /devices/virtual/input/input6 [ 4091.571733][ T5939] binder: 5937:5939 ioctl c018620c 200000000000 returned -1 [ 4125.023880][ T5963] netlink: 4 bytes leftover after parsing attributes in process `syz.0.780'. [ 4146.872504][ T5980] netlink: 16255 bytes leftover after parsing attributes in process `syz.0.788'. [ 4230.612772][ T6036] input: syz1 as /devices/virtual/input/input7 [ 4230.858880][ T5168] block nbd1: Receive control failed (result -32) [ 4230.880387][ T5168] block nbd1: Receive control failed (result -32) [ 4230.885288][ T5168] block nbd1: Receive control failed (result -32) [ 4231.070495][ T6034] nbd1: detected capacity change from 0 to 127 [ 4244.963302][ T6052] ªªªªªª: renamed from vlan0 (while UP) [ 4251.456450][ T6056] [ 4251.457583][ T6056] ====================================================== [ 4251.458510][ T6056] WARNING: possible circular locking dependency detected [ 4251.459578][ T6056] syzkaller #0 Tainted: G L [ 4251.461632][ T6056] ------------------------------------------------------ [ 4251.462604][ T6056] syz.1.818/6056 is trying to acquire lock: [ 4251.463989][ T6056] ffffaf801bdeb870 (&nsock->tx_lock){+.+.}-{4:4}, at: nbd_queue_rq+0x372/0xe44 [ 4251.468415][ T6056] [ 4251.468415][ T6056] but task is already holding lock: [ 4251.469566][ T6056] ffffaf80335a0180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 4251.471960][ T6056] [ 4251.471960][ T6056] which lock already depends on the new lock. [ 4251.471960][ T6056] [ 4251.473493][ T6056] [ 4251.473493][ T6056] the existing dependency chain (in reverse order) is: [ 4251.476146][ T6056] [ 4251.476146][ T6056] -> #6 (&cmd->lock){+.+.}-{4:4}: [ 4251.478365][ T6056] lock_acquire+0x24a/0x504 [ 4251.479680][ T6056] __mutex_lock+0x164/0x1890 [ 4251.481168][ T6056] mutex_lock_nested+0x14/0x1c [ 4251.482638][ T6056] nbd_queue_rq+0xc4/0xe44 [ 4251.483761][ T6056] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 4251.485158][ T6056] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 4251.486649][ T6056] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 4251.488041][ T6056] blk_mq_run_hw_queue+0x274/0x6ec [ 4251.490021][ T6056] blk_mq_dispatch_list+0x53e/0x1430 [ 4251.492182][ T6056] blk_mq_flush_plug_list+0x114/0x55c [ 4251.494458][ T6056] __blk_flush_plug+0x270/0x464 [ 4251.496939][ T6056] __submit_bio+0x42e/0x504 [ 4251.497848][ T6056] submit_bio_noacct_nocheck+0x458/0xdf4 [ 4251.498815][ T6056] submit_bio_noacct+0x6fe/0x2170 [ 4251.499717][ T6056] submit_bio+0xb6/0x5b8 [ 4251.500513][ T6056] submit_bh_wbc+0x428/0x5c0 [ 4251.501479][ T6056] block_read_full_folio+0x396/0x788 [ 4251.502425][ T6056] blkdev_read_folio+0x26/0x30 [ 4251.503390][ T6056] filemap_read_folio+0xc2/0x270 [ 4251.504265][ T6056] do_read_cache_folio+0x22e/0x518 [ 4251.505185][ T6056] read_cache_folio+0x4e/0x68 [ 4251.506211][ T6056] read_part_sector+0xbc/0x408 [ 4251.507080][ T6056] read_lba+0x1b6/0x32c [ 4251.507935][ T6056] find_valid_gpt.constprop.0+0x212/0x21ec [ 4251.508837][ T6056] efi_partition+0xfe/0x9e0 [ 4251.509640][ T6056] bdev_disk_changed+0x5a0/0x1180 [ 4251.510400][ T6056] blkdev_get_whole+0x168/0x25c [ 4251.511134][ T6056] bdev_open+0x288/0xcc4 [ 4251.511908][ T6056] blkdev_open+0x2ec/0x454 [ 4251.512785][ T6056] do_dentry_open+0x418/0x1170 [ 4251.513751][ T6056] vfs_open+0xba/0x3a8 [ 4251.514523][ T6056] path_openat+0x144e/0x2f28 [ 4251.515435][ T6056] do_file_open+0x1ae/0x398 [ 4251.516383][ T6056] do_sys_openat2+0xfe/0x1c0 [ 4251.517199][ T6056] __riscv_sys_openat+0x122/0x1e4 [ 4251.518094][ T6056] syscall_handler+0x92/0x114 [ 4251.518973][ T6056] do_trap_ecall_u+0x402/0x680 [ 4251.519816][ T6056] handle_exception+0x15e/0x16a [ 4251.520759][ T6056] [ 4251.520759][ T6056] -> #5 (set->srcu){.+.+}-{0:0}: [ 4251.522158][ T6056] lock_sync+0xea/0x1cc [ 4251.523019][ T6056] __synchronize_srcu+0xd4/0x24c [ 4251.524011][ T6056] synchronize_srcu+0x14c/0x3fc [ 4251.524972][ T6056] blk_mq_quiesce_queue+0x124/0x194 [ 4251.525972][ T6056] elevator_switch+0x16a/0x4e4 [ 4251.526940][ T6056] elevator_change+0x2f4/0x4ac [ 4251.527835][ T6056] elevator_set_default+0x280/0x370 [ 4251.528757][ T6056] blk_register_queue+0x3a8/0x50c [ 4251.529827][ T6056] __add_disk+0x69a/0xda4 [ 4251.530626][ T6056] add_disk_fwnode+0xe8/0x48c [ 4251.531400][ T6056] device_add_disk+0x28/0x38 [ 4251.532185][ T6056] nbd_dev_add+0x692/0xaec [ 4251.533126][ T6056] nbd_init+0x3d4/0x3f8 [ 4251.533905][ T6056] do_one_initcall+0x18c/0xcdc [ 4251.534679][ T6056] kernel_init_freeable+0x6ca/0x7b4 [ 4251.535555][ T6056] kernel_init+0x28/0x240 [ 4251.536445][ T6056] ret_from_fork_kernel+0x94/0xef8 [ 4251.537368][ T6056] ret_from_fork_kernel_asm+0x16/0x18 [ 4251.538310][ T6056] [ 4251.538310][ T6056] -> #4 (&q->elevator_lock){+.+.}-{4:4}: [ 4251.539680][ T6056] lock_acquire+0x24a/0x504 [ 4251.540494][ T6056] __mutex_lock+0x164/0x1890 [ 4251.541503][ T6056] mutex_lock_nested+0x14/0x1c [ 4251.542440][ T6056] elevator_change+0x192/0x4ac [ 4251.543296][ T6056] elevator_set_none+0xa8/0x120 [ 4251.544184][ T6056] blk_mq_update_nr_hw_queues+0x43a/0x13a0 [ 4251.545149][ T6056] nbd_start_device+0x156/0xb74 [ 4251.546158][ T6056] nbd_genl_connect+0xe74/0x1a4c [ 4251.546977][ T6056] genl_family_rcv_msg_doit+0x1f6/0x2d8 [ 4251.548039][ T6056] genl_rcv_msg+0x4b2/0x73c [ 4251.548823][ T6056] netlink_rcv_skb+0x1e8/0x394 [ 4251.549785][ T6056] genl_rcv+0x32/0x4c [ 4251.550680][ T6056] netlink_unicast+0x50c/0x7d8 [ 4251.551645][ T6056] netlink_sendmsg+0x7e0/0xd64 [ 4251.552577][ T6056] __sock_sendmsg+0xca/0x160 [ 4251.553569][ T6056] ____sys_sendmsg+0x636/0x794 [ 4251.554513][ T6056] ___sys_sendmsg+0x1a4/0x1e8 [ 4251.555495][ T6056] __sys_sendmsg+0x18e/0x234 [ 4251.556303][ T6056] __riscv_sys_sendmsg+0x70/0xa4 [ 4251.557146][ T6056] syscall_handler+0x92/0x114 [ 4251.557991][ T6056] do_trap_ecall_u+0x402/0x680 [ 4251.558850][ T6056] handle_exception+0x15e/0x16a [ 4251.559690][ T6056] [ 4251.559690][ T6056] -> #3 (&q->q_usage_counter(io)#20){++++}-{0:0}: [ 4251.561271][ T6056] lock_acquire+0x24a/0x504 [ 4251.562114][ T6056] blk_alloc_queue+0x5b4/0x6f4 [ 4251.563069][ T6056] blk_mq_alloc_queue+0x15e/0x250 [ 4251.564215][ T6056] __blk_mq_alloc_disk+0x2a/0xd8 [ 4251.565169][ T6056] nbd_dev_add+0x426/0xaec [ 4251.566164][ T6056] nbd_init+0x3d4/0x3f8 [ 4251.567040][ T6056] do_one_initcall+0x18c/0xcdc [ 4251.567853][ T6056] kernel_init_freeable+0x6ca/0x7b4 [ 4251.568743][ T6056] kernel_init+0x28/0x240 [ 4251.569836][ T6056] ret_from_fork_kernel+0x94/0xef8 [ 4251.570975][ T6056] ret_from_fork_kernel_asm+0x16/0x18 [ 4251.571881][ T6056] [ 4251.571881][ T6056] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 4251.573255][ T6056] lock_acquire+0x24a/0x504 [ 4251.574151][ T6056] fs_reclaim_acquire+0xc6/0x100 [ 4251.575100][ T6056] kmem_cache_alloc_node_noprof+0x40/0x6e8 [ 4251.576438][ T6056] __alloc_skb+0x17c/0x778 [ 4251.577308][ T6056] tcp_stream_alloc_skb+0x2e/0x4d8 [ 4251.578285][ T6056] tcp_sendmsg_locked+0xe16/0x408c [ 4251.579256][ T6056] tcp_sendmsg+0x32/0x50 [ 4251.580168][ T6056] inet_sendmsg+0x9a/0xd8 [ 4251.580978][ T6056] __sock_sendmsg+0xca/0x160 [ 4251.582096][ T6056] sock_write_iter+0x298/0x3e8 [ 4251.583154][ T6056] vfs_write+0x648/0xd08 [ 4251.584204][ T6056] ksys_write+0x1f4/0x244 [ 4251.585142][ T6056] __riscv_sys_write+0x6e/0xa0 [ 4251.586305][ T6056] syscall_handler+0x92/0x114 [ 4251.587251][ T6056] do_trap_ecall_u+0x402/0x680 [ 4251.588191][ T6056] handle_exception+0x15e/0x16a [ 4251.589169][ T6056] [ 4251.589169][ T6056] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 4251.590584][ T6056] lock_acquire+0x24a/0x504 [ 4251.591481][ T6056] lock_sock_nested+0x38/0xf8 [ 4251.592525][ T6056] inet_shutdown+0x68/0x3c0 [ 4251.593583][ T6056] kernel_sock_shutdown+0x58/0x7c [ 4251.594616][ T6056] nbd_mark_nsock_dead+0xaa/0x510 [ 4251.596356][ T6056] sock_shutdown+0x144/0x238 [ 4251.597410][ T6056] nbd_ioctl+0x22c/0xbd4 [ 4251.598286][ T6056] blkdev_ioctl+0x4cc/0x12e4 [ 4251.599293][ T6056] __riscv_sys_ioctl+0x17c/0x1e4 [ 4251.600142][ T6056] syscall_handler+0x92/0x114 [ 4251.601086][ T6056] do_trap_ecall_u+0x402/0x680 [ 4251.601992][ T6056] handle_exception+0x15e/0x16a [ 4251.602917][ T6056] [ 4251.602917][ T6056] -> #0 (&nsock->tx_lock){+.+.}-{4:4}: [ 4251.604413][ T6056] check_noncircular+0x138/0x14c [ 4251.605464][ T6056] __lock_acquire+0xe9c/0x25ac [ 4251.606396][ T6056] lock_acquire+0x24a/0x504 [ 4251.607380][ T6056] __mutex_lock+0x164/0x1890 [ 4251.608405][ T6056] mutex_lock_nested+0x14/0x1c [ 4251.609454][ T6056] nbd_queue_rq+0x372/0xe44 [ 4251.610240][ T6056] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 4251.611448][ T6056] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 4251.613021][ T6056] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 4251.615155][ T6056] blk_mq_run_hw_queue+0x274/0x6ec [ 4251.616559][ T6056] blk_mq_dispatch_list+0x53e/0x1430 [ 4251.617970][ T6056] blk_mq_flush_plug_list+0x114/0x55c [ 4251.619428][ T6056] __blk_flush_plug+0x270/0x464 [ 4251.620618][ T6056] __submit_bio+0x42e/0x504 [ 4251.621858][ T6056] submit_bio_noacct_nocheck+0x458/0xdf4 [ 4251.623230][ T6056] submit_bio_noacct+0x6fe/0x2170 [ 4251.624464][ T6056] submit_bio+0xb6/0x5b8 [ 4251.625716][ T6056] submit_bh_wbc+0x428/0x5c0 [ 4251.626959][ T6056] block_read_full_folio+0x396/0x788 [ 4251.628359][ T6056] blkdev_read_folio+0x26/0x30 [ 4251.629734][ T6056] filemap_read_folio+0xc2/0x270 [ 4251.631117][ T6056] do_read_cache_folio+0x22e/0x518 [ 4251.632472][ T6056] read_cache_folio+0x4e/0x68 [ 4251.633798][ T6056] read_part_sector+0xbc/0x408 [ 4251.634995][ T6056] read_lba+0x1b6/0x32c [ 4251.636188][ T6056] find_valid_gpt.constprop.0+0x212/0x21ec [ 4251.637571][ T6056] efi_partition+0xfe/0x9e0 [ 4251.638738][ T6056] bdev_disk_changed+0x5a0/0x1180 [ 4251.639970][ T6056] blkdev_get_whole+0x168/0x25c [ 4251.641211][ T6056] bdev_open+0x288/0xcc4 [ 4251.642357][ T6056] blkdev_open+0x2ec/0x454 [ 4251.643547][ T6056] do_dentry_open+0x418/0x1170 [ 4251.644609][ T6056] vfs_open+0xba/0x3a8 [ 4251.645745][ T6056] path_openat+0x144e/0x2f28 [ 4251.647085][ T6056] do_file_open+0x1ae/0x398 [ 4251.648433][ T6056] do_sys_openat2+0xfe/0x1c0 [ 4251.649600][ T6056] __riscv_sys_openat+0x122/0x1e4 [ 4251.650814][ T6056] syscall_handler+0x92/0x114 [ 4251.652084][ T6056] do_trap_ecall_u+0x402/0x680 [ 4251.653368][ T6056] handle_exception+0x15e/0x16a [ 4251.654648][ T6056] [ 4251.654648][ T6056] other info that might help us debug this: [ 4251.654648][ T6056] [ 4251.656003][ T6056] Chain exists of: [ 4251.656003][ T6056] &nsock->tx_lock --> set->srcu --> &cmd->lock [ 4251.656003][ T6056] [ 4251.658846][ T6056] Possible unsafe locking scenario: [ 4251.658846][ T6056] [ 4251.660159][ T6056] CPU0 CPU1 [ 4251.661019][ T6056] ---- ---- [ 4251.661865][ T6056] lock(&cmd->lock); [ 4251.663280][ T6056] lock(set->srcu); [ 4251.664707][ T6056] lock(&cmd->lock); [ 4251.666239][ T6056] lock(&nsock->tx_lock); [ 4251.667536][ T6056] [ 4251.667536][ T6056] *** DEADLOCK *** [ 4251.667536][ T6056] [ 4251.668593][ T6056] 3 locks held by syz.1.818/6056: [ 4251.669586][ T6056] #0: ffffaf801aa4f358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x3c4/0xcc4 [ 4251.672387][ T6056] #1: ffffaf801a2e8c98 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x22c/0x6ec [ 4251.675875][ T6056] #2: ffffaf80335a0180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 4251.678882][ T6056] [ 4251.678882][ T6056] stack backtrace: [ 4251.679968][ T6056] CPU: 0 UID: 0 PID: 6056 Comm: syz.1.818 Tainted: G L syzkaller #0 PREEMPT [ 4251.680653][ T6056] Tainted: [L]=SOFTLOCKUP [ 4251.680846][ T6056] Hardware name: riscv-virtio,qemu (DT) [ 4251.681148][ T6056] Call Trace: [ 4251.681370][ T6056] [] dump_backtrace+0x2e/0x3c [ 4251.682066][ T6056] [] show_stack+0x30/0x3c [ 4251.682609][ T6056] [] dump_stack_lvl+0x114/0x1ac [ 4251.683401][ T6056] [] dump_stack+0x1c/0x28 [ 4251.684151][ T6056] [] print_circular_bug+0x250/0x29c [ 4251.684745][ T6056] [] check_noncircular+0x138/0x14c [ 4251.685373][ T6056] [] __lock_acquire+0xe9c/0x25ac [ 4251.685952][ T6056] [] lock_acquire+0x24a/0x504 [ 4251.686533][ T6056] [] __mutex_lock+0x164/0x1890 [ 4251.687280][ T6056] [] mutex_lock_nested+0x14/0x1c [ 4251.688039][ T6056] [] nbd_queue_rq+0x372/0xe44 [ 4251.688539][ T6056] [] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 4251.689230][ T6056] [] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 4251.690040][ T6056] [] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 4251.690827][ T6056] [] blk_mq_run_hw_queue+0x274/0x6ec [ 4251.691426][ T6056] [] blk_mq_dispatch_list+0x53e/0x1430 [ 4251.692055][ T6056] [] blk_mq_flush_plug_list+0x114/0x55c [ 4251.692724][ T6056] [] __blk_flush_plug+0x270/0x464 [ 4251.693383][ T6056] [] __submit_bio+0x42e/0x504 [ 4251.693950][ T6056] [] submit_bio_noacct_nocheck+0x458/0xdf4 [ 4251.694564][ T6056] [] submit_bio_noacct+0x6fe/0x2170 [ 4251.695146][ T6056] [] submit_bio+0xb6/0x5b8 [ 4251.695773][ T6056] [] submit_bh_wbc+0x428/0x5c0 [ 4251.696403][ T6056] [] block_read_full_folio+0x396/0x788 [ 4251.697128][ T6056] [] blkdev_read_folio+0x26/0x30 [ 4251.697722][ T6056] [] filemap_read_folio+0xc2/0x270 [ 4251.698384][ T6056] [] do_read_cache_folio+0x22e/0x518 [ 4251.699091][ T6056] [] read_cache_folio+0x4e/0x68 [ 4251.699793][ T6056] [] read_part_sector+0xbc/0x408 [ 4251.700370][ T6056] [] read_lba+0x1b6/0x32c [ 4251.700974][ T6056] [] find_valid_gpt.constprop.0+0x212/0x21ec [ 4251.701647][ T6056] [] efi_partition+0xfe/0x9e0 [ 4251.702221][ T6056] [] bdev_disk_changed+0x5a0/0x1180 [ 4251.702818][ T6056] [] blkdev_get_whole+0x168/0x25c [ 4251.703380][ T6056] [] bdev_open+0x288/0xcc4 [ 4251.703920][ T6056] [] blkdev_open+0x2ec/0x454 [ 4251.704489][ T6056] [] do_dentry_open+0x418/0x1170 [ 4251.705020][ T6056] [] vfs_open+0xba/0x3a8 [ 4251.705570][ T6056] [] path_openat+0x144e/0x2f28 [ 4251.706265][ T6056] [] do_file_open+0x1ae/0x398 [ 4251.706986][ T6056] [] do_sys_openat2+0xfe/0x1c0 [ 4251.707541][ T6056] [] __riscv_sys_openat+0x122/0x1e4 [ 4251.708123][ T6056] [] syscall_handler+0x92/0x114 [ 4251.708789][ T6056] [] do_trap_ecall_u+0x402/0x680 [ 4251.709446][ T6056] [] handle_exception+0x15e/0x16a [ 4251.923520][ T6056] block nbd1: Dead connection, failed to find a fallback [ 4251.925541][ T6056] block nbd1: shutting down sockets [ 4251.928997][ T6056] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 4251.932196][ T6056] Buffer I/O error on dev nbd1, logical block 0, async page read SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 4251.997041][ T6056] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 4251.999490][ T6056] Buffer I/O error on dev nbd1, logical block 1, async page read [ 4252.002862][ T6056] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 4252.005265][ T6056] Buffer I/O error on dev nbd1, logical block 2, async page read [ 4252.222306][ T6056] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 4252.224988][ T6056] Buffer I/O error on dev nbd1, logical block 3, async page read [ 4252.403661][ T6056] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 4252.527178][ T6056] Buffer I/O error on dev nbd1, logical block 0, async page read [ 4252.531977][ T6056] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 4252.534385][ T6056] Buffer I/O error on dev nbd1, logical block 1, async page read [ 4252.650122][ T6056] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 4252.678314][ T6056] Buffer I/O error on dev nbd1, logical block 2, async page read [ 4252.680949][ T6056] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 4252.682469][ T6056] Buffer I/O error on dev nbd1, logical block 3, async page read [ 4252.684030][ T6056] nbd1: unable to read partition table [ 4277.199031][ T5417] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 4277.201721][ T5417] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4278.654035][ T5417] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 4278.678829][ T5417] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4280.026366][ T5417] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 4280.028942][ T5417] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4281.192502][ T5417] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 4281.208857][ T5417] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0