last executing test programs: 2h0m31.308868085s ago: executing program 1 (id=315): r0 = socket(0x40000000015, 0x5, 0x0) connect$l2tp6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @dev, 0x7fff}, 0x20) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 2h0m26.615443003s ago: executing program 1 (id=316): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000640)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x19}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x65, 0x0, 0x0, 0x3a, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x8000, 0x4e21, 0x10, 0x0, @gue={{0x2, 0x0, 0x3, 0x0, 0x100}}}}}}}, 0x0) 2h0m18.877559745s ago: executing program 1 (id=319): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x80109, "fa02946a000000001dda524f03000000000000000000003673000000002000", 0xffffffffffffffff}) prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, 0x0) 2h0m13.320315948s ago: executing program 1 (id=321): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='hugetlbfs\x00', 0x0, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0) 2h0m7.23310222s ago: executing program 1 (id=323): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x12, r0, 0x0) r1 = dup(r0) pwritev2(r1, &(0x7f0000001140)=[{&(0x7f00000000c0)='\b', 0x1}], 0x1, 0x9, 0xfff, 0xf) 1h59m59.816962076s ago: executing program 1 (id=324): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x44, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xb, 0xfff3}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x1}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x3}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0) 1h59m42.709469611s ago: executing program 32 (id=324): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x44, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xb, 0xfff3}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x1}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x3}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0) 58.516925155s ago: executing program 0 (id=2081): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000004c0)="ce363680087146cf5c59762738f6b688d69084c3a9d109b47c0815cd054a03ad9b0cec4c6adbd56210574f1efd79341361a23ae27170659c2e1e981a412827d46a58303a7afad469befcc0fe2cf71f89906404d8388fe4aa610be31af86e7b32c1f1780f30c564ae32f92a47c21293c4f18d6d7d9decccc8a7c79e815ca9606d6d42f5e7f961323e1fa6e9199a09500187dcd8f45ebe304a64a86cc6192775ead0f3313b62ab90ddad159670ad0a4c1893bf435071d6d9696989ef2b720d196e1bbdd5986c7f7eeceb3e53ba72ab37b851623364e2c078136272f2e886c78117b17fd264b82c73b7a1d02dde28ad", 0xee}, {&(0x7f00000006c0)="3dcd857822d6cce49126650ad7ac3b4fcdadab9b3f72733c2414bc1568a12571ee84d42fdd48befd49ebc9aa53e3f931fd0f755434d2d6878c587356a0bd4ab1205f5ce839071447", 0x48}], 0x2}}], 0x1, 0x0) 52.504665747s ago: executing program 2 (id=2082): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'macvlan1\x00', 0x0}) sendto$packet(r0, &(0x7f00000001c0)="330520000a00160006007ef52f555f2ab34eb67eabe2f3febf30f8784f997bea54fefeb022516dce92cc5b8691ffb71675553f", 0xfe0a, 0x801, &(0x7f0000000000)={0x11, 0x8, r1, 0x1, 0x5f, 0x6, @local}, 0x14) 52.048118666s ago: executing program 0 (id=2083): r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) 47.367394844s ago: executing program 2 (id=2084): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}}, 0x40004) recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x140, &(0x7f0000000100)=[{&(0x7f00000004c0)=""/4091, 0x110c}, {&(0x7f0000001580)=""/238, 0xf0}, {&(0x7f0000000040)=""/98}, {&(0x7f0000001680)=""/4096}], 0x4, 0x0, 0x353}}], 0x40000000000002e, 0x10002, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, 0x0) 38.688545046s ago: executing program 0 (id=2085): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x20048810) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) 37.563433357s ago: executing program 2 (id=2086): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000003c0)={'veth0_to_hsr\x00', 0x2dbd854266873d48}) close(0x3) 31.643005858s ago: executing program 0 (id=2087): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x80000) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r0, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000) 19.365315328s ago: executing program 2 (id=2088): r0 = socket(0x2000000015, 0x80005, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) recvfrom$packet(r0, 0x0, 0x0, 0x2, &(0x7f0000000440)={0x11, 0x1c, 0x0, 0x1, 0x6}, 0x14) 18.883259196s ago: executing program 0 (id=2089): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_procfs(0x0, &(0x7f0000004600)='map_files\x00') fchdir(r1) sendmmsg$unix(r0, &(0x7f0000002d80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000080)=@abs={0x1, 0x30, 0x6e30}, 0x6e, 0x0}}], 0x40000000000039b, 0x40008004) 10.469199794s ago: executing program 2 (id=2090): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x18, &(0x7f0000000000)=0xf3, 0x4) getsockopt$inet_tcp_buf(r0, 0x6, 0xb, 0x0, &(0x7f0000000180)) 5.85036097s ago: executing program 0 (id=2091): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x54, r1, 0x1, 0xffffbffe, 0x4, {}, [@NBD_ATTR_SOCKETS={0x28, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c1937}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xfffd}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x2400c0d0) 0s ago: executing program 2 (id=2092): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:9311' (ED25519) to the list of known hosts. syzkaller login: [ 457.802250][ T3192] cgroup: Unknown subsys name 'net' [ 458.518149][ T3192] cgroup: Unknown subsys name 'cpuset' [ 458.696811][ T3192] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 551.547605][ T3192] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 744.560759][ T3208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 744.702687][ T3208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 747.529264][ T3211] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 747.692997][ T3211] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 757.435111][ T3208] hsr_slave_0: entered promiscuous mode [ 757.496824][ T3208] hsr_slave_1: entered promiscuous mode [ 759.601431][ T3211] hsr_slave_0: entered promiscuous mode [ 759.643734][ T3211] hsr_slave_1: entered promiscuous mode [ 759.673672][ T3211] debugfs: 'hsr0' already exists in 'hsr' [ 759.677012][ T3211] Cannot create hsr debugfs directory [ 768.230843][ T3208] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 768.472652][ T3208] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 768.650598][ T3208] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 769.141438][ T3208] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 771.797612][ T3211] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 771.966463][ T3211] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 772.128287][ T3211] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 772.510753][ T3211] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 781.769521][ T3208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 787.448276][ T3211] 8021q: adding VLAN 0 to HW filter on device bond0 [ 827.721721][ T3208] veth0_vlan: entered promiscuous mode [ 828.180027][ T3208] veth1_vlan: entered promiscuous mode [ 829.904230][ T3211] veth0_vlan: entered promiscuous mode [ 831.091237][ T3208] veth0_macvtap: entered promiscuous mode [ 831.958055][ T3211] veth1_vlan: entered promiscuous mode [ 832.057281][ T3208] veth1_macvtap: entered promiscuous mode [ 835.168169][ T3289] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 835.272166][ T3289] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 835.377418][ T3289] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 835.450748][ T3289] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 835.540231][ T3211] veth0_macvtap: entered promiscuous mode [ 835.918589][ T3211] veth1_macvtap: entered promiscuous mode [ 840.523818][ T3289] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.564772][ T3289] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.696680][ T3289] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.699814][ T3289] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 842.022920][ T3208] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 862.740036][ T3838] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6'. [ 862.759933][ T3838] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6'. [ 868.211810][ T3842] Zero length message leads to an empty skb [ 904.023653][ T3870] netlink: 8 bytes leftover after parsing attributes in process `syz.0.20'. [ 933.788318][ T3896] netlink: 240 bytes leftover after parsing attributes in process `syz.0.33'. [ 967.706652][ T3928] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 968.142448][ T3929] netlink: 16 bytes leftover after parsing attributes in process `syz.0.46'. [ 968.144489][ T3929] netlink: 4 bytes leftover after parsing attributes in process `syz.0.46'. [ 976.883289][ T3935] xt_hashlimit: size too large, truncated to 1048576 [ 998.668225][ T804] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 999.067711][ T804] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 999.070552][ T804] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 999.170741][ T804] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 999.172122][ T804] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 999.173196][ T804] usb 2-1: Manufacturer: syz [ 999.271097][ T804] usb 2-1: config 0 descriptor?? [ 1001.718920][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 1001.735001][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 1001.794858][ T804] uclogic 0003:256C:006D.0001: failed retrieving Huion firmware version: -71 [ 1001.800455][ T804] uclogic 0003:256C:006D.0001: failed probing parameters: -71 [ 1001.803313][ T804] uclogic 0003:256C:006D.0001: probe with driver uclogic failed with error -71 [ 1002.014855][ T804] usb 2-1: USB disconnect, device number 2 [ 1011.753116][ T3977] netlink: 'syz.0.60': attribute type 16 has an invalid length. [ 1011.843160][ T3977] netlink: 152 bytes leftover after parsing attributes in process `syz.0.60'. [ 1050.217967][ T4015] netlink: 24 bytes leftover after parsing attributes in process `syz.0.76'. [ 1050.990044][ T4015] vlan2: entered promiscuous mode [ 1051.003100][ T4015] geneve1: entered promiscuous mode [ 1051.090284][ T4015] vlan2: entered allmulticast mode [ 1051.092484][ T4015] geneve1: entered allmulticast mode [ 1062.934155][ T4029] netlink: 8 bytes leftover after parsing attributes in process `syz.0.80'. [ 1072.991426][ T4036] netlink: 72 bytes leftover after parsing attributes in process `syz.1.82'. [ 1115.901988][ T4063] Driver unsupported XDP return value 0 on prog (id 9) dev N/A, expect packet loss! [ 1125.810650][ T4069] mmap: syz.0.98 (4069) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 1134.057200][ T4075] netlink: 56 bytes leftover after parsing attributes in process `syz.1.100'. [ 1165.629072][ T3283] bond0: (slave bond_slave_0): interface is now down [ 1165.631407][ T3283] bond0: (slave bond_slave_1): interface is now down [ 1165.779214][ T3283] bond0: (slave bond_slave_0): interface is now down [ 1165.781397][ T3283] bond0: (slave bond_slave_1): interface is now down [ 1165.902706][ T3283] bond0: now running without any active interface! [ 1171.977744][ T4100] capability: warning: `syz.1.110' uses deprecated v2 capabilities in a way that may be insecure [ 1181.639651][ T31] audit: type=1326 audit(1180.390:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4105 comm="syz.0.113" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffa3133992 code=0x7fc00000 [ 1224.483180][ T4131] netlink: 60 bytes leftover after parsing attributes in process `syz.1.125'. [ 1224.707845][ T4131] netlink: 60 bytes leftover after parsing attributes in process `syz.1.125'. [ 1295.009195][ T3821] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 1295.282552][ T3821] usb 2-1: Using ep0 maxpacket: 16 [ 1295.490372][ T3821] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 1295.492867][ T3821] usb 2-1: config 0 has no interface number 0 [ 1295.495006][ T3821] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1295.687309][ T3821] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 1295.690812][ T3821] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 1295.703728][ T3821] usb 2-1: Product: syz [ 1295.713591][ T3821] usb 2-1: SerialNumber: syz [ 1295.982170][ T3821] usb 2-1: config 0 descriptor?? [ 1296.709604][ T3821] cm109 2-1:0.8: invalid payload size 24, expected 4 [ 1297.137792][ T3821] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input0 [ 1297.567907][ C1] cm109 2-1:0.8: cm109_urb_irq_callback: urb status -71 [ 1297.573263][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1297.583343][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1297.587816][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1297.591998][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1297.594568][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1297.606383][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1297.616296][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1297.626116][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1297.631427][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1297.633966][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1297.928990][ T3821] usb 2-1: USB disconnect, device number 3 [ 1297.936562][ C1] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 1298.081435][ T3821] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 1304.242368][ T4204] capability: warning: `syz.0.149' uses 32-bit capabilities (legacy support in use) [ 1305.028006][ T4204] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1342.968064][ T4232] netlink: 8 bytes leftover after parsing attributes in process `syz.1.160'. [ 1343.080768][ T4234] netlink: 16 bytes leftover after parsing attributes in process `syz.0.161'. [ 1369.811829][ T4253] bridge_slave_0: default FDB implementation only supports local addresses [ 1376.412605][ T4257] netlink: 12 bytes leftover after parsing attributes in process `syz.1.172'. [ 1376.414901][ T4257] netlink: 12 bytes leftover after parsing attributes in process `syz.1.172'. [ 1413.865552][ C0] hrtimer: interrupt took 1613000 ns [ 1443.702003][ T4299] CUSE: unknown device info "" [ 1443.712718][ T4299] CUSE: unknown device info "Ö" [ 1443.713840][ T4299] CUSE: unknown device info "" [ 1443.714822][ T4299] CUSE: zero length info key specified [ 1464.130145][ T4311] netlink: 8 bytes leftover after parsing attributes in process `syz.0.199'. [ 1464.132010][ T4311] netlink: 120 bytes leftover after parsing attributes in process `syz.0.199'. [ 1464.136307][ T4311] netlink: 12 bytes leftover after parsing attributes in process `syz.0.199'. [ 1499.509043][ T4337] xt_hashlimit: size too large, truncated to 1048576 [ 1667.070266][ T4092] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1667.338426][ T4092] usb 1-1: Using ep0 maxpacket: 16 [ 1667.718381][ T4092] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1667.720888][ T4092] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1667.723253][ T4092] usb 1-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00 [ 1667.738208][ T4092] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1667.910151][ T4092] usb 1-1: config 0 descriptor?? [ 1671.630271][ T4092] ntrig 0003:1B96:0008.0002: hidraw0: USB HID v0.00 Device [HID 1b96:0008] on usb-dummy_hcd.0-1/input0 [ 1672.050715][ T4092] usb 1-1: USB disconnect, device number 2 [ 1677.574039][ T4471] netlink: 8 bytes leftover after parsing attributes in process `syz.1.259'. [ 1677.599604][ T4471] netlink: 12 bytes leftover after parsing attributes in process `syz.1.259'. [ 1765.435139][ T4520] netlink: 36 bytes leftover after parsing attributes in process `syz.1.281'. [ 1771.100192][ T3821] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 1771.331015][ T3821] usb 2-1: too many configurations: 151, using maximum allowed: 8 [ 1772.797135][ T3821] usb 2-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7 [ 1772.800635][ T3821] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130 [ 1772.816578][ T3821] usb 2-1: Product: syz [ 1772.819151][ T3821] usb 2-1: Manufacturer: syz [ 1772.820759][ T3821] usb 2-1: SerialNumber: syz [ 1773.284136][ T3821] usb 2-1: config 0 descriptor?? [ 1775.943175][ T3821] ims_pcu 2-1:0.0: Zero length descriptor [ 1775.951280][ T3821] ims_pcu 2-1:0.0: probe with driver ims_pcu failed with error -22 [ 1776.103809][ T3821] usb 2-1: USB disconnect, device number 4 [ 1793.347981][ T4553] netlink: 16 bytes leftover after parsing attributes in process `syz.0.289'. [ 1815.257674][ T4567] netlink: 8 bytes leftover after parsing attributes in process `syz.1.296'. [ 1872.071738][ T4605] block nbd1: NBD_DISCONNECT [ 1872.129658][ T4605] block nbd1: Send disconnect failed -32 [ 1872.235054][ T4604] block nbd1: Disconnected due to user request. [ 1872.270698][ T4604] block nbd1: shutting down sockets [ 1903.994388][ T4414] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1906.062261][ T4414] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1908.283574][ T4414] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1909.931995][ T4414] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1927.866341][ T4414] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1928.162984][ T4414] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1928.364015][ T4414] bond0 (unregistering): Released all slaves [ 1928.390157][ T3688] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1929.127447][ T3688] usb 1-1: Using ep0 maxpacket: 32 [ 1929.446584][ T3688] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1929.577576][ T3688] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1929.580101][ T3688] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1929.582746][ T3688] usb 1-1: SerialNumber: syz [ 1931.911305][ T3688] usb 1-1: bad CDC descriptors [ 1932.060376][ T4414] hsr_slave_0: left promiscuous mode [ 1932.152684][ T4414] hsr_slave_1: left promiscuous mode [ 1932.483190][ T3688] usb 1-1: USB disconnect, device number 3 [ 1933.294850][ T4414] veth1_macvtap: left promiscuous mode [ 1933.309143][ T4414] veth0_macvtap: left promiscuous mode [ 1933.313982][ T4414] veth1_vlan: left promiscuous mode [ 1933.338179][ T4414] veth0_vlan: left promiscuous mode [ 2007.418206][ T3857] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 2008.010085][ T3857] usb 1-1: config 1 has an invalid interface number: 7 but max is 0 [ 2008.012563][ T3857] usb 1-1: config 1 has no interface number 0 [ 2008.014772][ T3857] usb 1-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 2008.040159][ T3857] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1023 [ 2008.042968][ T3857] usb 1-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2008.192784][ T3857] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 2008.227236][ T3857] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2008.229725][ T3857] usb 1-1: Product: syz [ 2008.231306][ T3857] usb 1-1: Manufacturer: syz [ 2008.232962][ T3857] usb 1-1: SerialNumber: syz [ 2008.885523][ T4797] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 2014.350959][ T3857] usb 1-1: Error in usbnet_get_endpoints (-71) [ 2015.768748][ T3857] usb 1-1: USB disconnect, device number 4 [ 2023.602107][ T4659] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2024.102683][ T4659] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2041.399791][ T4868] netlink: 12 bytes leftover after parsing attributes in process `syz.0.340'. [ 2041.402177][ T4868] netlink: 8 bytes leftover after parsing attributes in process `syz.0.340'. [ 2047.949782][ T4888] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2047.953214][ T4888] IPv6: NLM_F_CREATE should be set when creating new route [ 2047.954593][ T4888] IPv6: NLM_F_CREATE should be set when creating new route [ 2048.142725][ T4888] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.341'. [ 2063.752737][ T4659] hsr_slave_0: entered promiscuous mode [ 2064.162393][ T4659] hsr_slave_1: entered promiscuous mode [ 2086.212178][ T4659] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 2086.667275][ T4659] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 2087.054394][ T4659] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 2087.498260][ T4659] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 2121.214051][ T4659] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2197.060211][ T4659] veth0_vlan: entered promiscuous mode [ 2197.871368][ T4659] veth1_vlan: entered promiscuous mode [ 2200.424346][ T4659] veth0_macvtap: entered promiscuous mode [ 2201.087810][ T4659] veth1_macvtap: entered promiscuous mode [ 2204.039069][ T4662] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2204.089259][ T3283] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2204.159242][ T4414] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2204.162084][ T4414] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2240.490286][ T5111] input: syz1 as /devices/virtual/input/input1 [ 2281.097490][ T3824] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 2281.387681][ T3824] usb 1-1: Using ep0 maxpacket: 16 [ 2281.493220][ T3824] usb 1-1: config index 0 descriptor too short (expected 52, got 36) [ 2281.494486][ T3824] usb 1-1: config 0 has an invalid interface number: 251 but max is 0 [ 2281.497156][ T3824] usb 1-1: config 0 has no interface number 0 [ 2281.498414][ T3824] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 2281.499996][ T3824] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 2281.731193][ T3824] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 2281.732976][ T3824] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2281.734261][ T3824] usb 1-1: Product: syz [ 2281.746035][ T3824] usb 1-1: Manufacturer: syz [ 2281.747313][ T3824] usb 1-1: SerialNumber: syz [ 2282.084594][ T3824] usb 1-1: config 0 descriptor?? [ 2282.102814][ T5140] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 2282.120943][ T5140] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 2284.494780][ T5140] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 2284.663878][ T5140] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 2286.189517][ T3824] asix 1-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 2286.192050][ T3824] asix 1-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 2286.238366][ T3824] asix 1-1:0.251: probe with driver asix failed with error -71 [ 2286.720274][ T3824] usb 1-1: USB disconnect, device number 5 [ 2323.847240][ T5180] netlink: 8 bytes leftover after parsing attributes in process `syz.0.379'. [ 2349.318312][ T5196] netlink: 4 bytes leftover after parsing attributes in process `syz.2.386'. [ 2419.889295][ T5245] nbd0: detected capacity change from 0 to 63 [ 2420.524540][ T865] block nbd0: Receive control failed (result -32) [ 2439.700952][ T31] audit: type=1326 audit(2438.580:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5262 comm="syz.2.411" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0x7fff93533992 code=0x0 [ 2495.351525][ T5303] netlink: 8 bytes leftover after parsing attributes in process `syz.2.427'. [ 2501.004256][ T5311] veth1_macvtap: left promiscuous mode [ 2501.011324][ T5311] macsec0: entered promiscuous mode [ 2501.642407][ T5314] veth1_macvtap: entered promiscuous mode [ 2501.691099][ T5314] macsec0: left promiscuous mode [ 2518.721172][ T5327] binder: 5326:5327 ioctl 541b 0 returned -22 [ 2534.389246][ T5338] input: syz0 as /devices/virtual/input/input3 [ 2544.808176][ T5357] input: syz1 as /devices/virtual/input/input4 [ 2565.943118][ T5385] binder: 5384:5385 ioctl c018620c 200000000000 returned -22 [ 2592.358672][ T31] audit: type=1326 audit(2591.210:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5394 comm="syz.2.456" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fff93533992 code=0x0 [ 2607.039405][ T5405] input: syz1 as /devices/virtual/input/input5 [ 2610.381208][ T5411] wireguard: wg1: Could not create IPv4 socket [ 2611.778394][ T5413] netlink: 'syz.0.461': attribute type 2 has an invalid length. [ 2611.781535][ T5413] netlink: 'syz.0.461': attribute type 1 has an invalid length. [ 2611.794852][ T5413] netlink: 2704 bytes leftover after parsing attributes in process `syz.0.461'. [ 2664.459017][ T5438] hub 1-0:1.0: USB hub found [ 2664.538993][ T5438] hub 1-0:1.0: 1 port detected [ 2689.563300][ T5463] ======================================================= [ 2689.563300][ T5463] WARNING: The mand mount option has been deprecated and [ 2689.563300][ T5463] and is ignored by this kernel. Remove the mand [ 2689.563300][ T5463] option from the mount to silence this warning. [ 2689.563300][ T5463] ======================================================= [ 2720.053461][ T5498] tun0: tun_chr_ioctl cmd 1074025675 [ 2720.066859][ T5498] tun0: persist enabled [ 2776.697034][ T5548] syz.2.507 uses obsolete (PF_INET,SOCK_PACKET) [ 2810.356784][ T5580] netlink: 36 bytes leftover after parsing attributes in process `syz.2.522'. [ 2812.190753][ T5582] vxcan1: tx address claim with dlc 0 [ 2859.410089][ T5621] netlink: 16 bytes leftover after parsing attributes in process `syz.2.538'. [ 3011.170770][ T5718] process 'syz.0.581' launched './file2' with NULL argv: empty string added [ 3070.812878][ T5759] ipvlan1: entered allmulticast mode [ 3070.814937][ T5759] veth0_vlan: entered allmulticast mode [ 3110.009269][ T5792] can0: slcan on ttyS3. [ 3111.293464][ T5795] can0 (unregistered): slcan off ttyS3. [ 3136.818542][ T5815] netlink: 8 bytes leftover after parsing attributes in process `syz.2.621'. [ 3136.870319][ T5815] netlink: 8 bytes leftover after parsing attributes in process `syz.2.621'. [ 3146.954367][ T5823] netlink: 400 bytes leftover after parsing attributes in process `syz.0.626'. [ 3149.919463][ T5827] can0: slcan on ttyS3. [ 3151.410169][ T5827] can0 (unregistered): slcan off ttyS3. [ 3264.173847][ T5932] netlink: 16 bytes leftover after parsing attributes in process `syz.0.662'. [ 3306.512067][ T5958] netlink: 12 bytes leftover after parsing attributes in process `syz.2.673'. [ 3327.714624][ T5971] blkio.reset_stats is deprecated [ 3338.132078][ T5981] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 3355.115012][ T5992] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 3392.733392][ T6014] Device tree not included in the provided image [ 3411.952773][ T6027] trusted_key: encrypted_key: keyword 'updat' not recognized [ 3419.520744][ T6030] bond0: option lp_interval: invalid value (18446744073709551607) [ 3419.522788][ T6030] bond0: option lp_interval: allowed values 1 - 2147483647 [ 3459.888811][ T6054] pim6reg1: tun_chr_ioctl cmd 1074025678 [ 3459.890272][ T6054] pim6reg1: group set to 0 [ 3550.114455][ T6118] pimreg: entered allmulticast mode [ 3550.592964][ T6121] pimreg: left allmulticast mode [ 3577.812054][ T6137] netlink: 68 bytes leftover after parsing attributes in process `syz.2.737'. [ 3614.869226][ T6161] input: syz1 as /devices/virtual/input/input8 [ 3745.620277][ T6240] netlink: 8 bytes leftover after parsing attributes in process `syz.0.780'. [ 3758.451952][ T6248] netlink: 8 bytes leftover after parsing attributes in process `syz.2.784'. [ 3758.891891][ T6248] netlink: 'syz.2.784': attribute type 2 has an invalid length. [ 3770.389449][ T6258] input: syz0 as /devices/virtual/input/input10 [ 3825.441623][ T6294] netlink: 8 bytes leftover after parsing attributes in process `syz.2.803'. [ 3825.469311][ T6294] netlink: 'syz.2.803': attribute type 5 has an invalid length. [ 3889.320210][ T6332] batadv_slave_1: entered promiscuous mode [ 3889.507921][ T6332] batadv_slave_1: left promiscuous mode [ 3915.570468][ T6345] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 3958.280428][ T6374] faux_driver vgem: [drm] Unknown color mode 13; guessing buffer size. [ 3976.280142][ T6383] macvlan0: entered allmulticast mode [ 3976.282929][ T6383] veth1_vlan: entered allmulticast mode [ 3988.690742][ T6390] netlink: 204 bytes leftover after parsing attributes in process `syz.2.844'. [ 3988.693055][ T6390] netlink: 72 bytes leftover after parsing attributes in process `syz.2.844'. [ 3988.749667][ T6390] netlink: 16 bytes leftover after parsing attributes in process `syz.2.844'. [ 3993.213793][ T6392] netlink: 'syz.0.845': attribute type 4 has an invalid length. [ 4177.330837][ T6485] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 4177.432936][ T6485] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 4264.396747][ T6532] netlink: 48 bytes leftover after parsing attributes in process `syz.0.905'. [ 4314.201575][ T6560] kvm [6560]: VCPU exit error -95 [ 4314.220792][ T6560] kvm [6560]: SEPC=0x0 SSTATUS=0x200004120 HSTATUS=0x2002001c0 [ 4314.224426][ T6560] kvm [6560]: SCAUSE=0x14 STVAL=0x0 HTVAL=0x0 HTINST=0x0 [ 4337.324664][ T6572] ip6erspan0: entered allmulticast mode [ 4402.040833][ T6603] nbd1: detected capacity change from 0 to 127 [ 4402.611962][ T5249] block nbd1: Receive control failed (result -32) [ 4496.288996][ T6675] netlink: 16 bytes leftover after parsing attributes in process `syz.0.955'. [ 4598.401239][ T6743] random: crng reseeded on system resumption [ 4620.963298][ T6761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 4621.061020][ T6761] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 4669.230954][ T6798] dummy0: mtu less than device minimum [ 4671.914759][ T6802] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1003'. [ 4737.622435][ C1] vcan0: j1939_tp_rxtimer: 0xffffaf802b035c00: Timeout. Failed to send simple message. [ 4769.260649][ T6879] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 4769.261767][ T6879] IPv6: NLM_F_CREATE should be set when creating new route [ 4787.612241][ T6892] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 4787.616407][ T6892] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 4791.491097][ T6895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1045'. [ 4791.493268][ T6895] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1045'. [ 4791.511505][ T6895] netlink: 'syz.2.1045': attribute type 18 has an invalid length. [ 4829.534280][ T6925] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1058'. [ 4844.722029][ T6939] netlink: 564 bytes leftover after parsing attributes in process `syz.0.1064'. [ 4844.723735][ T6939] netlink: 564 bytes leftover after parsing attributes in process `syz.0.1064'. [ 4883.112286][ T6961] pimreg: entered allmulticast mode [ 4901.066407][ C1] vcan0: j1939_tp_rxtimer: 0xffffaf802c7d2400: Timeout. Failed to send simple message. [ 4914.259296][ T6984] netlink: 220 bytes leftover after parsing attributes in process `syz.2.1083'. [ 4956.058047][ T7007] binder: 7006:7007 ioctl 4018620d 0 returned -22 [ 4970.348052][ T6354] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 4970.827044][ T6354] usb 1-1: Using ep0 maxpacket: 32 [ 4970.950883][ T6354] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 4970.953153][ T6354] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 4970.970607][ T6354] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 4970.972767][ T6354] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 4971.263950][ T6354] usb 1-1: config 0 descriptor?? [ 4971.902636][ T6354] hub 1-1:0.0: USB hub found [ 4973.619877][ T6354] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 4974.083007][ T6354] usbhid 1-1:0.0: can't add hid device: -71 [ 4974.118760][ T6354] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 4974.375054][ T6354] usb 1-1: USB disconnect, device number 6 [ 5027.741768][ T7064] can0: slcan on ttyS3. [ 5030.171852][ T7067] can0 (unregistered): slcan off ttyS3. [ 5074.608548][ T7099] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1123'. [ 5074.613503][ T7099] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1123'. [ 5086.462817][ T7112] ªªªªªª: renamed from vlan0 (while UP) [ 5126.493111][ T7134] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1137'. [ 5126.551234][ T7134] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1137'. [ 5126.553688][ T7134] netlink: 'syz.0.1137': attribute type 19 has an invalid length. [ 5126.581133][ T7134] netlink: 'syz.0.1137': attribute type 20 has an invalid length. [ 5127.334175][ T7136] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1137'. [ 5127.390912][ T7136] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1137'. [ 5127.394066][ T7136] netlink: 'syz.0.1137': attribute type 19 has an invalid length. [ 5127.437778][ T7136] netlink: 'syz.0.1137': attribute type 20 has an invalid length. [ 5128.583466][ T4662] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 5128.632574][ T6875] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 5128.688915][ T6875] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 5128.691589][ T6875] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 5374.902232][ T7309] netlink: 'syz.0.1199': attribute type 12 has an invalid length. [ 5443.783306][ T7357] netem: change failed [ 5468.400616][ T7373] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1225'. [ 5468.402261][ T7373] netlink: 'syz.2.1225': attribute type 15 has an invalid length. [ 5468.403568][ T7373] netlink: 'syz.2.1225': attribute type 25 has an invalid length. [ 5468.404762][ T7373] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1225'. [ 5508.517563][ T7408] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1240'. [ 5541.992665][ T7428] netlink: 'syz.2.1250': attribute type 3 has an invalid length. [ 5548.751796][ T31] audit: type=1326 audit(5547.670:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7436 comm="syz.2.1254" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff93533992 code=0x7ffc0000 [ 5548.779796][ T31] audit: type=1326 audit(5547.700:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7436 comm="syz.2.1254" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff93533992 code=0x7ffc0000 [ 5548.971072][ T31] audit: type=1326 audit(5547.890:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7436 comm="syz.2.1254" exe="/syz-executor" sig=0 arch=c00000f3 syscall=277 compat=0 ip=0x7fff93533992 code=0x7ffc0000 [ 5549.017125][ T31] audit: type=1326 audit(5547.930:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7436 comm="syz.2.1254" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fff93533992 code=0x0 [ 5553.449328][ T7442] netlink: 'syz.0.1256': attribute type 12 has an invalid length. [ 5601.819093][ T6926] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 5602.136489][ T6926] usb 1-1: Using ep0 maxpacket: 32 [ 5602.402459][ T6926] usb 1-1: too many configurations: 17, using maximum allowed: 8 [ 5602.488965][ T6926] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 5602.491132][ T6926] usb 1-1: config 0 has no interface number 0 [ 5602.493113][ T6926] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 5602.494991][ T6926] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 5602.687764][ T6926] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 5602.690745][ T6926] usb 1-1: config 0 has no interface number 0 [ 5602.714734][ T6926] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 5602.720431][ T6926] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 5602.928998][ T6926] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 5602.931153][ T6926] usb 1-1: config 0 has no interface number 0 [ 5602.934523][ T6926] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 5602.966341][ T6926] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 5603.039260][ T6926] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 5603.041439][ T6926] usb 1-1: config 0 has no interface number 0 [ 5603.043394][ T6926] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 5603.086312][ T6926] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 5603.157816][ T6926] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 5603.159949][ T6926] usb 1-1: config 0 has no interface number 0 [ 5603.161808][ T6926] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 5603.163673][ T6926] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 5603.454649][ T6926] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 5603.470425][ T6926] usb 1-1: config 0 has no interface number 0 [ 5603.472523][ T6926] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 5603.474368][ T6926] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 5603.592787][ T6926] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 5603.594962][ T6926] usb 1-1: config 0 has no interface number 0 [ 5603.611383][ T6926] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 5603.613440][ T6926] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 5603.752499][ T6926] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 5603.754669][ T6926] usb 1-1: config 0 has no interface number 0 [ 5603.769446][ T6926] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 5603.771487][ T6926] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 5604.214521][ T6926] usb 1-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 5604.231697][ T6926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5604.233645][ T6926] usb 1-1: Product: syz [ 5604.249692][ T6926] usb 1-1: Manufacturer: syz [ 5604.251667][ T6926] usb 1-1: SerialNumber: syz [ 5604.791390][ T6926] usb 1-1: config 0 descriptor?? [ 5605.090959][ T6926] etas_es58x 1-1:0.2: Starting syz syz (Serial Number syz) [ 5606.808932][ T6926] etas_es58x 1-1:0.2: could not parse product info: '424242424242' [ 5607.658357][ T6926] usb 1-1: USB disconnect, device number 7 [ 5607.874887][ T6926] etas_es58x 1-1:0.2: Disconnecting syz syz [ 5625.583276][ T7525] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1278'. [ 5641.184536][ T7541] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1283'. [ 5641.212374][ T7541] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1283'. [ 5647.434166][ T7551] netlink: 'syz.2.1285': attribute type 3 has an invalid length. [ 5735.316864][ T31] audit: type=1326 audit(5734.230:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7617 comm="syz.2.1316" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff93533992 code=0x7fc00000 [ 5749.791832][ T7634] TCP: TCP_TX_DELAY enabled [ 5771.691479][ T7654] netlink: 'syz.0.1333': attribute type 1 has an invalid length. [ 5771.694022][ T7654] netlink: 'syz.0.1333': attribute type 2 has an invalid length. [ 5809.734562][ T7678] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1342'. [ 5824.482869][ T7686] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1346'. [ 5824.549974][ T7686] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1346'. [ 5838.402685][ T7691] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1348'. [ 5917.490459][ T7734] netpci0: tun_chr_ioctl cmd 1074025672 [ 5917.492693][ T7734] netpci0: ignored: set checksum enabled [ 5923.520927][ T7744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 5923.611670][ T7744] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 5943.557255][ T7753] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1370'. [ 5967.149308][ T7763] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1375'. [ 5967.653482][ T7763] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1375'. [ 5975.754354][ T7770] binder: 7769:7770 ioctl c0306201 200000000640 returned -22 [ 6030.281233][ T7800] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6030.404208][ T7800] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6087.950058][ T7831] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1401'. [ 6099.429130][ T7841] lo: entered promiscuous mode [ 6099.431280][ T7841] lo: entered allmulticast mode [ 6117.589661][ T7853] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1412'. [ 6117.777315][ T7853] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1412'. [ 6117.798857][ T7853] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1412'. [ 6133.994733][ T7861] af_packet: tpacket_rcv: packet too big, clamped from 122 to 4294967286. macoff=82 [ 6143.498223][ T7865] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1417'. [ 6151.251213][ T7867] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1418'. [ 6225.254445][ T7905] kernel profiling enabled (shift: 18) [ 6250.089116][ T7922] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1444'. [ 6250.091452][ T7922] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1444'. [ 6276.253982][ T7938] Invalid ELF header magic: != ELF [ 6292.969405][ T7949] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1456'. [ 6292.972203][ T7949] netem: unknown loss type 0 [ 6292.975136][ T7949] netem: change failed [ 6321.599501][ T7968] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1465'. [ 6321.601616][ T7968] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 6321.653374][ T7968] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1465'. [ 6321.654963][ T7968] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 6333.463390][ T7976] netlink: 'syz.0.1469': attribute type 8 has an invalid length. [ 6333.488242][ T7976] sch_fq: defrate 0 ignored. [ 6338.190791][ T7353] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 6338.489063][ T7353] usb 1-1: Using ep0 maxpacket: 8 [ 6338.869072][ T7353] usb 1-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice= d.68 [ 6338.870816][ T7353] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 6338.871873][ T7353] usb 1-1: Product: syz [ 6338.872696][ T7353] usb 1-1: Manufacturer: syz [ 6338.873633][ T7353] usb 1-1: SerialNumber: syz [ 6340.091398][ T7353] kalmia 1-1:1.0 (unnamed net_device) (uninitialized): Error sending init packet. Status -71 [ 6340.124886][ T7353] kalmia 1-1:1.0: probe with driver kalmia failed with error -71 [ 6340.342403][ T7353] usb 1-1: USB disconnect, device number 8 [ 6371.988259][ T8008] netlink: 292 bytes leftover after parsing attributes in process `syz.2.1478'. [ 6475.249197][ T8077] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1507'. [ 6540.098609][ T8123] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1527'. [ 6639.081256][ T8172] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1543'. [ 6688.654113][ T8194] syz.2.1553: vmalloc error: size 2037431678, exceeds total pages, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 6688.755176][ T8194] CPU: 1 UID: 0 PID: 8194 Comm: syz.2.1553 Tainted: G L syzkaller #0 PREEMPT [ 6688.756260][ T8194] Tainted: [L]=SOFTLOCKUP [ 6688.756503][ T8194] Hardware name: riscv-virtio,qemu (DT) [ 6688.757096][ T8194] Call Trace: [ 6688.757502][ T8194] [] dump_backtrace+0x2e/0x3c [ 6688.758330][ T8194] [] show_stack+0x30/0x3c [ 6688.758896][ T8194] [] dump_stack_lvl+0x114/0x1ac [ 6688.759736][ T8194] [] dump_stack+0x1c/0x28 [ 6688.760488][ T8194] [] warn_alloc+0x188/0x2a4 [ 6688.760964][ T8194] [] __vmalloc_node_range_noprof+0x14fc/0x18e8 [ 6688.761618][ T8194] [] __kvmalloc_node_noprof+0x4b2/0xa14 [ 6688.762162][ T8194] [] drm_property_create_blob+0x7c/0x2f8 [ 6688.762753][ T8194] [] drm_mode_createblob_ioctl+0xf4/0x3d8 [ 6688.763391][ T8194] [] drm_ioctl_kernel+0x1de/0x370 [ 6688.764005][ T8194] [] drm_ioctl+0x4e6/0xb98 [ 6688.764617][ T8194] [] __riscv_sys_ioctl+0x17c/0x1e4 [ 6688.765155][ T8194] [] syscall_handler+0x92/0x114 [ 6688.765785][ T8194] [] do_trap_ecall_u+0x402/0x680 [ 6688.766377][ T8194] [] handle_exception+0x15e/0x16a [ 6688.923158][ T8194] Mem-Info: [ 6688.962144][ T8194] active_anon:11148 inactive_anon:0 isolated_anon:0 [ 6688.962144][ T8194] active_file:15361 inactive_file:36533 isolated_file:0 [ 6688.962144][ T8194] unevictable:768 dirty:85 writeback:0 [ 6688.962144][ T8194] slab_reclaimable:2924 slab_unreclaimable:29796 [ 6688.962144][ T8194] mapped:19552 shmem:8191 pagetables:942 [ 6688.962144][ T8194] sec_pagetables:0 bounce:0 [ 6688.962144][ T8194] kernel_misc_reclaimable:0 [ 6688.962144][ T8194] free:194062 free_pcp:3728 free_cma:52640 [ 6688.980046][ T8194] Node 0 active_anon:44592kB inactive_anon:0kB active_file:61444kB inactive_file:146132kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:78208kB dirty:340kB writeback:0kB shmem:32764kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6336kB pagetables:3768kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 6688.984635][ T8194] Node 0 DMA32 free:776248kB boost:0kB min:22528kB low:28160kB high:33792kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44592kB inactive_anon:0kB active_file:61444kB inactive_file:146132kB unevictable:3072kB writepending:340kB zspages:0kB present:2097152kB managed:1424720kB mlocked:0kB bounce:0kB free_pcp:14912kB local_pcp:9696kB free_cma:210560kB [ 6689.018626][ T8194] lowmem_reserve[]: 0 0 0 [ 6689.022578][ T8194] Node 0 DMA32: 2072*4kB (UME) 949*8kB (U) 547*16kB (UE) 2*32kB (ME) 5*64kB (UME) 11*128kB (UMEC) 47*256kB (UME) 47*512kB (UMC) 15*1024kB (UMEC) 9*2048kB (UMEC) 166*4096kB (MC) = 776248kB [ 6689.143940][ T8194] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 6689.218892][ T8194] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 6689.222559][ T8194] 60115 total pagecache pages [ 6689.224046][ T8194] 0 pages in swap cache [ 6689.262375][ T8194] Free swap = 124996kB [ 6689.264479][ T8194] Total swap = 124996kB [ 6689.279173][ T8194] 524288 pages RAM [ 6689.280810][ T8194] 0 pages HighMem/MovableOnly [ 6689.282022][ T8194] 168108 pages reserved [ 6689.283166][ T8194] 52736 pages cma reserved [ 6711.052502][ T8204] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1557'. [ 6884.710732][ T8288] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1593'. [ 6898.093185][ T8295] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1597'. [ 6898.148883][ T8295] netlink: 'syz.2.1597': attribute type 7 has an invalid length. [ 6898.150931][ T8295] netlink: 'syz.2.1597': attribute type 8 has an invalid length. [ 6898.152497][ T8295] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1597'. [ 6937.270368][ T8315] binder: BC_ATTEMPT_ACQUIRE not supported [ 6937.271575][ T8315] binder: 8314:8315 ioctl c0306201 2000000001c0 returned -22 [ 6952.440828][ T8324] xt_hashlimit: size too large, truncated to 1048576 [ 7005.580162][ T8354] veth1_to_team: entered promiscuous mode [ 7005.738015][ T8354] ip6gretap0: entered promiscuous mode [ 7005.812882][ T8354] hsr1: Slave A (veth1_to_team) is not up; please bring it up to get a fully working HSR network [ 7005.861384][ T8354] hsr1: entered promiscuous mode [ 7012.802984][ T8362] netlink: 'syz.0.1627': attribute type 9 has an invalid length. [ 7048.676275][ T31] audit: type=1326 audit(7047.480:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8378 comm="syz.2.1634" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff93533992 code=0x7fc00000 [ 7049.969220][ T31] audit: type=1326 audit(7048.870:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8378 comm="syz.2.1634" exe="/syz-executor" sig=0 arch=c00000f3 syscall=211 compat=0 ip=0x7fff93533992 code=0x7fc00000 [ 7082.219861][ T8404] ªªªªªª: renamed from vlan0 (while UP) [ 7264.552255][ T8503] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 7264.700036][ T8503] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 7298.619214][ T8522] input: syz0 as /devices/virtual/input/input12 [ 7363.917503][ T8573] bpf: Bad value for 'uid' [ 7364.227508][ T8572] input: syz1 as /devices/virtual/input/input13 [ 7431.330162][ T8617] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1726'. [ 7431.331629][ T8617] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1726'. [ 7431.657911][ T5641] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 7431.660028][ T5641] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 7431.665125][ T5641] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 7431.670300][ T5641] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 7442.718717][ T8625] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1729'. [ 7471.252654][ T8641] dummy0: entered allmulticast mode [ 7532.968548][ T8678] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1750'. [ 7532.971120][ T8678] netlink: 'syz.2.1750': attribute type 29 has an invalid length. [ 7532.972873][ T8678] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1750'. [ 7552.971180][ T8686] netlink: 136 bytes leftover after parsing attributes in process `syz.0.1754'. [ 7552.974612][ T8686] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 7580.278671][ T8700] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 7580.340179][ T8700] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 7581.020383][ T8700] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 7581.071143][ T8700] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 7629.920303][ T8729] [U] ©„ [ 7629.983978][ T8728] [U] © [ 7649.678781][ T8736] block nbd0: Dead connection, failed to find a fallback [ 7649.680720][ T8736] block nbd0: shutting down sockets [ 7649.683530][ T8736] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7649.740574][ T8736] Buffer I/O error on dev nbd0, logical block 0, async page read [ 7649.743200][ T8736] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7649.744522][ T8736] Buffer I/O error on dev nbd0, logical block 1, async page read [ 7649.777989][ T8736] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7649.779767][ T8736] Buffer I/O error on dev nbd0, logical block 2, async page read [ 7649.782513][ T8736] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7649.783927][ T8736] Buffer I/O error on dev nbd0, logical block 3, async page read [ 7649.868126][ T8736] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7649.869711][ T8736] Buffer I/O error on dev nbd0, logical block 0, async page read [ 7649.871664][ T8736] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7649.872903][ T8736] Buffer I/O error on dev nbd0, logical block 1, async page read [ 7649.927360][ T8736] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7649.928931][ T8736] Buffer I/O error on dev nbd0, logical block 2, async page read [ 7649.947498][ T8736] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 7649.949368][ T8736] Buffer I/O error on dev nbd0, logical block 3, async page read [ 7649.950815][ T8736] nbd0: unable to read partition table [ 7650.149980][ T8737] block nbd0: NBD_DISCONNECT [ 7650.171778][ T8737] block nbd0: Send disconnect failed -32 [ 7666.424141][ T8746] input: syz1 as /devices/virtual/input/input14 [ 7670.857860][ T8754] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 7670.944838][ T8754] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 7765.061023][ T8825] block nbd0: NBD_DISCONNECT [ 7765.291544][ T8824] block nbd0: Disconnected due to user request. [ 7765.293194][ T8824] block nbd0: shutting down sockets [ 7787.491951][ T8846] input: syz0 as /devices/virtual/input/input15 [ 7893.814999][ T8925] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1851'. [ 7897.269070][ T8927] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1853'. [ 7975.649509][ T7824] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 7975.891106][ T7824] usb 1-1: Using ep0 maxpacket: 32 [ 7976.242867][ T7824] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 7976.258746][ T7824] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 7976.261392][ T7824] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 7976.263256][ T7824] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 7976.570242][ T7824] usb 1-1: config 0 descriptor?? [ 7976.770743][ T7824] hub 1-1:0.0: USB hub found [ 7979.229631][ T7824] hub 1-1:0.0: 3 ports detected [ 7979.718999][ T7824] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 7979.722329][ T7824] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 7980.278056][ T7824] usbhid 1-1:0.0: can't add hid device: -71 [ 7980.283765][ T7824] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 7980.703537][ T7824] usb 1-1: USB disconnect, device number 9 [ 7984.804451][ T8998] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1875'. [ 7984.809728][ T8998] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1875'. [ 8004.657013][ T9009] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1879'. [ 8004.729067][ T9009] hsr_slave_0: left promiscuous mode [ 8004.919443][ T9009] hsr_slave_1: left promiscuous mode [ 8131.718299][ T9077] bond0: entered promiscuous mode [ 8131.720865][ T9077] bond_slave_0: entered promiscuous mode [ 8131.743841][ T9077] bond_slave_1: entered promiscuous mode [ 8145.794852][ T9089] netlink: 'syz.0.1909': attribute type 9 has an invalid length. [ 8163.434068][ T9101] tmpfs: Cannot retroactively limit size [ 8181.849396][ T9116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 8181.873275][ T9116] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 8198.112909][ T9125] binder: 9124:9125 ioctl c0306201 200000000100 returned -14 [ 8218.310177][ T9138] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1926'. [ 8225.824093][ T8166] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 8226.089803][ T8166] usb 1-1: Using ep0 maxpacket: 16 [ 8226.263724][ T8166] usb 1-1: config 0 has an invalid interface number: 34 but max is 0 [ 8226.293249][ T8166] usb 1-1: config 0 has no interface number 0 [ 8226.300088][ T8166] usb 1-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 8226.302225][ T8166] usb 1-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 8226.549197][ T8166] usb 1-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73 [ 8226.551501][ T8166] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 8226.553226][ T8166] usb 1-1: Product: syz [ 8226.554586][ T8166] usb 1-1: Manufacturer: syz [ 8226.569397][ T8166] usb 1-1: SerialNumber: syz [ 8226.764210][ T8166] usb 1-1: config 0 descriptor?? [ 8227.150398][ T9142] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 8227.210973][ T9142] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 8230.083856][ T9142] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 8230.279883][ T9142] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 8231.141204][ T8166] asix 1-1:0.34 (unnamed net_device) (uninitialized): invalid hw address, using random [ 8232.201961][ T8166] asix 1-1:0.34 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 8232.213078][ T8166] asix 1-1:0.34: probe with driver asix failed with error -71 [ 8233.035045][ T8166] usb 1-1: USB disconnect, device number 10 [ 8237.102116][ T9158] netlink: 16255 bytes leftover after parsing attributes in process `syz.2.1930'. [ 8248.279480][ T9162] nbd0: detected capacity change from 0 to 127 [ 8248.974658][ T5249] block nbd0: Receive control failed (result -32) [ 8315.541322][ T8421] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 8316.358188][ T8421] usb 1-1: Using ep0 maxpacket: 16 [ 8317.039065][ T8421] usb 1-1: unable to get BOS descriptor or descriptor too short [ 8317.050860][ T8421] usb 1-1: no configurations [ 8317.082402][ T8421] usb 1-1: can't read configurations, error -22 [ 8408.689713][ T9257] netpci0: tun_chr_ioctl cmd 1074025677 [ 8408.693192][ T9257] netpci0: linktype set to 6 [ 8468.358618][ T9288] pim6reg0: tun_chr_ioctl cmd 1074025676 [ 8468.361343][ T9288] pim6reg0: owner set to 0 [ 8514.217370][ T9308] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1981'. [ 8514.221173][ T9308] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1981'. [ 8514.550656][ T9308] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1981'. [ 8514.553011][ T9308] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1981'. [ 8514.622271][ T9308] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1981'. [ 8514.625142][ T9308] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1981'. [ 8620.424186][ T9357] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2001'. [ 8620.468096][ T9357] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2001'. [ 8683.633565][ T9389] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2012'. [ 8770.444302][ T9423] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2027'. [ 8883.650129][ T9470] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2049'. [ 8897.830841][ T9474] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2051'. [ 8898.580074][ T9474] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2051'. [ 8961.403433][ T9496] binder: 9495:9496 ioctl c0306201 200000000640 returned -22 [ 8966.344314][ T9498] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2062'. [ 8976.344588][ T9502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2064'. [ 8976.379108][ T9502] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2064'. [ 9018.462140][ T9523] netlink: 'syz.0.2074': attribute type 29 has an invalid length. [ 9046.203077][ T9533] macvlan4: entered promiscuous mode [ 9046.500500][ T9533] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 9109.363123][ T9576] [ 9109.364391][ T9576] ====================================================== [ 9109.365490][ T9576] WARNING: possible circular locking dependency detected [ 9109.366694][ T9576] syzkaller #0 Tainted: G L [ 9109.368015][ T9576] ------------------------------------------------------ [ 9109.368720][ T9576] syz.0.2091/9576 is trying to acquire lock: [ 9109.369330][ T9576] ffffaf801a742b98 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x192/0x4ac [ 9109.371318][ T9576] [ 9109.371318][ T9576] but task is already holding lock: [ 9109.371960][ T9576] ffffaf801a742660 (&q->q_usage_counter(io)#21){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x1a/0x2c [ 9109.374367][ T9576] [ 9109.374367][ T9576] which lock already depends on the new lock. [ 9109.374367][ T9576] [ 9109.375720][ T9576] [ 9109.375720][ T9576] the existing dependency chain (in reverse order) is: [ 9109.376918][ T9576] [ 9109.376918][ T9576] -> #6 (&q->q_usage_counter(io)#21){++++}-{0:0}: [ 9109.379581][ T9576] lock_acquire+0x24a/0x504 [ 9109.381034][ T9576] blk_alloc_queue+0x5b4/0x6f4 [ 9109.382329][ T9576] blk_mq_alloc_queue+0x15e/0x250 [ 9109.383774][ T9576] __blk_mq_alloc_disk+0x2a/0xd8 [ 9109.385205][ T9576] nbd_dev_add+0x426/0xaec [ 9109.386687][ T9576] nbd_init+0x3d4/0x3f8 [ 9109.387913][ T9576] do_one_initcall+0x18c/0xcdc [ 9109.389101][ T9576] kernel_init_freeable+0x6ca/0x7b4 [ 9109.390650][ T9576] kernel_init+0x28/0x240 [ 9109.392114][ T9576] ret_from_fork_kernel+0x94/0xef8 [ 9109.393519][ T9576] ret_from_fork_kernel_asm+0x16/0x18 [ 9109.395029][ T9576] [ 9109.395029][ T9576] -> #5 (fs_reclaim){+.+.}-{0:0}: [ 9109.397231][ T9576] lock_acquire+0x24a/0x504 [ 9109.398459][ T9576] fs_reclaim_acquire+0xc6/0x100 [ 9109.399899][ T9576] kmem_cache_alloc_node_noprof+0x40/0x6e8 [ 9109.401202][ T9576] __alloc_skb+0x17c/0x778 [ 9109.402374][ T9576] tcp_stream_alloc_skb+0x2e/0x4d8 [ 9109.403789][ T9576] tcp_sendmsg_locked+0xe16/0x408c [ 9109.405276][ T9576] tcp_sendmsg+0x32/0x50 [ 9109.406596][ T9576] inet_sendmsg+0x9a/0xd8 [ 9109.407757][ T9576] __sock_sendmsg+0xca/0x160 [ 9109.409431][ T9576] sock_write_iter+0x298/0x3e8 [ 9109.410951][ T9576] vfs_write+0x648/0xd08 [ 9109.412243][ T9576] ksys_write+0x1f4/0x244 [ 9109.413542][ T9576] __riscv_sys_write+0x6e/0xa0 [ 9109.414858][ T9576] syscall_handler+0x92/0x114 [ 9109.416251][ T9576] do_trap_ecall_u+0x402/0x680 [ 9109.417535][ T9576] handle_exception+0x15e/0x16a [ 9109.418831][ T9576] [ 9109.418831][ T9576] -> #4 (sk_lock-AF_INET){+.+.}-{0:0}: [ 9109.420944][ T9576] lock_acquire+0x24a/0x504 [ 9109.422147][ T9576] lock_sock_nested+0x38/0xf8 [ 9109.423544][ T9576] tcp_sendmsg+0x28/0x50 [ 9109.424821][ T9576] inet_sendmsg+0x9a/0xd8 [ 9109.425943][ T9576] sock_sendmsg+0x206/0x2d4 [ 9109.427315][ T9576] __sock_xmit+0x244/0x578 [ 9109.428709][ T9576] nbd_disconnect.isra.0+0x312/0x3e8 [ 9109.430065][ T9576] nbd_ioctl+0xbc8/0xbd4 [ 9109.431152][ T9576] blkdev_ioctl+0x4cc/0x12e4 [ 9109.432563][ T9576] __riscv_sys_ioctl+0x17c/0x1e4 [ 9109.433734][ T9576] syscall_handler+0x92/0x114 [ 9109.435009][ T9576] do_trap_ecall_u+0x402/0x680 [ 9109.436315][ T9576] handle_exception+0x15e/0x16a [ 9109.437548][ T9576] [ 9109.437548][ T9576] -> #3 (&nsock->tx_lock){+.+.}-{4:4}: [ 9109.439690][ T9576] lock_acquire+0x24a/0x504 [ 9109.440909][ T9576] __mutex_lock+0x164/0x1890 [ 9109.442240][ T9576] mutex_lock_nested+0x14/0x1c [ 9109.443690][ T9576] nbd_queue_rq+0x372/0xe44 [ 9109.444903][ T9576] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 9109.446283][ T9576] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 9109.447860][ T9576] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 9109.449409][ T9576] blk_mq_run_hw_queue+0x274/0x6ec [ 9109.450701][ T9576] blk_mq_dispatch_list+0x53e/0x1430 [ 9109.452060][ T9576] blk_mq_flush_plug_list+0x114/0x55c [ 9109.453399][ T9576] __blk_flush_plug+0x270/0x464 [ 9109.454677][ T9576] __submit_bio+0x42e/0x504 [ 9109.456006][ T9576] submit_bio_noacct_nocheck+0x458/0xdf4 [ 9109.457397][ T9576] submit_bio_noacct+0x6fe/0x2170 [ 9109.458695][ T9576] submit_bio+0xb6/0x5b8 [ 9109.459943][ T9576] submit_bh_wbc+0x428/0x5c0 [ 9109.461290][ T9576] block_read_full_folio+0x396/0x788 [ 9109.462853][ T9576] blkdev_read_folio+0x26/0x30 [ 9109.464169][ T9576] filemap_read_folio+0xc2/0x270 [ 9109.465750][ T9576] do_read_cache_folio+0x22e/0x518 [ 9109.467180][ T9576] read_cache_folio+0x4e/0x68 [ 9109.468676][ T9576] read_part_sector+0xbc/0x408 [ 9109.469935][ T9576] read_lba+0x1b6/0x32c [ 9109.471153][ T9576] find_valid_gpt.constprop.0+0x212/0x21ec [ 9109.472597][ T9576] efi_partition+0xfe/0x9e0 [ 9109.473812][ T9576] bdev_disk_changed+0x5a0/0x1180 [ 9109.475040][ T9576] blkdev_get_whole+0x168/0x25c [ 9109.476369][ T9576] bdev_open+0x288/0xcc4 [ 9109.477550][ T9576] blkdev_open+0x2ec/0x454 [ 9109.478850][ T9576] do_dentry_open+0x418/0x1170 [ 9109.480044][ T9576] vfs_open+0xba/0x3a8 [ 9109.481187][ T9576] path_openat+0x144e/0x2f28 [ 9109.482579][ T9576] do_file_open+0x1ae/0x398 [ 9109.483966][ T9576] do_sys_openat2+0xfe/0x1c0 [ 9109.485338][ T9576] __riscv_sys_openat+0x122/0x1e4 [ 9109.486604][ T9576] syscall_handler+0x92/0x114 [ 9109.487906][ T9576] do_trap_ecall_u+0x402/0x680 [ 9109.489196][ T9576] handle_exception+0x15e/0x16a [ 9109.490482][ T9576] [ 9109.490482][ T9576] -> #2 (&cmd->lock){+.+.}-{4:4}: [ 9109.492533][ T9576] lock_acquire+0x24a/0x504 [ 9109.493726][ T9576] __mutex_lock+0x164/0x1890 [ 9109.495132][ T9576] mutex_lock_nested+0x14/0x1c [ 9109.496554][ T9576] nbd_queue_rq+0xc4/0xe44 [ 9109.497689][ T9576] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 9109.499024][ T9576] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 9109.500700][ T9576] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 9109.502232][ T9576] blk_mq_run_hw_queue+0x274/0x6ec [ 9109.503532][ T9576] blk_mq_dispatch_list+0x53e/0x1430 [ 9109.504927][ T9576] blk_mq_flush_plug_list+0x114/0x55c [ 9109.506352][ T9576] __blk_flush_plug+0x270/0x464 [ 9109.507662][ T9576] __submit_bio+0x42e/0x504 [ 9109.508861][ T9576] submit_bio_noacct_nocheck+0x458/0xdf4 [ 9109.510187][ T9576] submit_bio_noacct+0x6fe/0x2170 [ 9109.511526][ T9576] submit_bio+0xb6/0x5b8 [ 9109.512726][ T9576] submit_bh_wbc+0x428/0x5c0 [ 9109.514117][ T9576] block_read_full_folio+0x396/0x788 [ 9109.515560][ T9576] blkdev_read_folio+0x26/0x30 [ 9109.516774][ T9576] filemap_read_folio+0xc2/0x270 [ 9109.518103][ T9576] do_read_cache_folio+0x22e/0x518 [ 9109.519482][ T9576] read_cache_folio+0x4e/0x68 [ 9109.520816][ T9576] read_part_sector+0xbc/0x408 [ 9109.522070][ T9576] read_lba+0x1b6/0x32c [ 9109.522862][ T9576] find_valid_gpt.constprop.0+0x212/0x21ec [ 9109.524251][ T9576] efi_partition+0xfe/0x9e0 [ 9109.525668][ T9576] bdev_disk_changed+0x5a0/0x1180 [ 9109.526952][ T9576] blkdev_get_whole+0x168/0x25c [ 9109.528206][ T9576] bdev_open+0x288/0xcc4 [ 9109.528890][ T9576] blkdev_open+0x2ec/0x454 [ 9109.529580][ T9576] do_dentry_open+0x418/0x1170 [ 9109.530253][ T9576] vfs_open+0xba/0x3a8 [ 9109.530884][ T9576] path_openat+0x144e/0x2f28 [ 9109.531685][ T9576] do_file_open+0x1ae/0x398 [ 9109.532501][ T9576] do_sys_openat2+0xfe/0x1c0 [ 9109.533285][ T9576] __riscv_sys_openat+0x122/0x1e4 [ 9109.534178][ T9576] syscall_handler+0x92/0x114 [ 9109.535640][ T9576] do_trap_ecall_u+0x402/0x680 [ 9109.536433][ T9576] handle_exception+0x15e/0x16a [ 9109.537108][ T9576] [ 9109.537108][ T9576] -> #1 (set->srcu){.+.+}-{0:0}: [ 9109.538268][ T9576] lock_sync+0xea/0x1cc [ 9109.538926][ T9576] __synchronize_srcu+0xd4/0x24c [ 9109.539744][ T9576] synchronize_srcu+0x14c/0x3fc [ 9109.540522][ T9576] blk_mq_quiesce_queue+0x124/0x194 [ 9109.541211][ T9576] elevator_switch+0x16a/0x4e4 [ 9109.541990][ T9576] elevator_change+0x2f4/0x4ac [ 9109.542836][ T9576] elevator_set_default+0x280/0x370 [ 9109.544035][ T9576] blk_register_queue+0x3a8/0x50c [ 9109.545315][ T9576] __add_disk+0x69a/0xda4 [ 9109.546560][ T9576] add_disk_fwnode+0xe8/0x48c [ 9109.547386][ T9576] device_add_disk+0x28/0x38 [ 9109.548159][ T9576] nbd_dev_add+0x692/0xaec [ 9109.548942][ T9576] nbd_init+0x3d4/0x3f8 [ 9109.549595][ T9576] do_one_initcall+0x18c/0xcdc [ 9109.550233][ T9576] kernel_init_freeable+0x6ca/0x7b4 [ 9109.550964][ T9576] kernel_init+0x28/0x240 [ 9109.551720][ T9576] ret_from_fork_kernel+0x94/0xef8 [ 9109.552417][ T9576] ret_from_fork_kernel_asm+0x16/0x18 [ 9109.553239][ T9576] [ 9109.553239][ T9576] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 9109.554931][ T9576] check_noncircular+0x138/0x14c [ 9109.555759][ T9576] __lock_acquire+0xe9c/0x25ac [ 9109.556540][ T9576] lock_acquire+0x24a/0x504 [ 9109.557268][ T9576] __mutex_lock+0x164/0x1890 [ 9109.558096][ T9576] mutex_lock_nested+0x14/0x1c [ 9109.558861][ T9576] elevator_change+0x192/0x4ac [ 9109.559668][ T9576] elevator_set_none+0xa8/0x120 [ 9109.560515][ T9576] blk_mq_update_nr_hw_queues+0x43a/0x13a0 [ 9109.561271][ T9576] nbd_start_device+0x156/0xb74 [ 9109.561909][ T9576] nbd_genl_connect+0xe74/0x1a4c [ 9109.562545][ T9576] genl_family_rcv_msg_doit+0x1f6/0x2d8 [ 9109.563527][ T9576] genl_rcv_msg+0x4b2/0x73c [ 9109.564158][ T9576] netlink_rcv_skb+0x1e8/0x394 [ 9109.564965][ T9576] genl_rcv+0x32/0x4c [ 9109.565801][ T9576] netlink_unicast+0x50c/0x7d8 [ 9109.566672][ T9576] netlink_sendmsg+0x7e0/0xd64 [ 9109.567560][ T9576] __sock_sendmsg+0xca/0x160 [ 9109.568369][ T9576] ____sys_sendmsg+0x636/0x794 [ 9109.569134][ T9576] ___sys_sendmsg+0x1a4/0x1e8 [ 9109.569930][ T9576] __sys_sendmsg+0x18e/0x234 [ 9109.570868][ T9576] __riscv_sys_sendmsg+0x70/0xa4 [ 9109.571777][ T9576] syscall_handler+0x92/0x114 [ 9109.572493][ T9576] do_trap_ecall_u+0x402/0x680 [ 9109.573305][ T9576] handle_exception+0x15e/0x16a [ 9109.574070][ T9576] [ 9109.574070][ T9576] other info that might help us debug this: [ 9109.574070][ T9576] [ 9109.575061][ T9576] Chain exists of: [ 9109.575061][ T9576] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#21 [ 9109.575061][ T9576] [ 9109.577387][ T9576] Possible unsafe locking scenario: [ 9109.577387][ T9576] [ 9109.578112][ T9576] CPU0 CPU1 [ 9109.578628][ T9576] ---- ---- [ 9109.579143][ T9576] lock(&q->q_usage_counter(io)#21); [ 9109.580441][ T9576] lock(fs_reclaim); [ 9109.581508][ T9576] lock(&q->q_usage_counter(io)#21); [ 9109.582834][ T9576] lock(&q->elevator_lock); [ 9109.583846][ T9576] [ 9109.583846][ T9576] *** DEADLOCK *** [ 9109.583846][ T9576] [ 9109.584715][ T9576] 6 locks held by syz.0.2091/9576: [ 9109.585689][ T9576] #0: ffffffff89e81710 (cb_lock){++++}-{4:4}, at: genl_rcv+0x24/0x4c [ 9109.587780][ T9576] #1: ffffffff89e81608 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x4d2/0x73c [ 9109.589586][ T9576] #2: ffffaf801a9659d0 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x9e/0x13a0 [ 9109.591623][ T9576] #3: ffffaf801a9658d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xb2/0x13a0 [ 9109.593467][ T9576] #4: ffffaf801a742660 (&q->q_usage_counter(io)#21){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x1a/0x2c [ 9109.595998][ T9576] #5: ffffaf801a742698 (&q->q_usage_counter(queue)#5){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x1a/0x2c [ 9109.598044][ T9576] [ 9109.598044][ T9576] stack backtrace: [ 9109.598850][ T9576] CPU: 1 UID: 0 PID: 9576 Comm: syz.0.2091 Tainted: G L syzkaller #0 PREEMPT [ 9109.599272][ T9576] Tainted: [L]=SOFTLOCKUP [ 9109.599441][ T9576] Hardware name: riscv-virtio,qemu (DT) [ 9109.599570][ T9576] Call Trace: [ 9109.599691][ T9576] [] dump_backtrace+0x2e/0x3c [ 9109.600134][ T9576] [] show_stack+0x30/0x3c [ 9109.600439][ T9576] [] dump_stack_lvl+0x114/0x1ac [ 9109.600914][ T9576] [] dump_stack+0x1c/0x28 [ 9109.601415][ T9576] [] print_circular_bug+0x250/0x29c [ 9109.601748][ T9576] [] check_noncircular+0x138/0x14c [ 9109.602108][ T9576] [] __lock_acquire+0xe9c/0x25ac [ 9109.602439][ T9576] [] lock_acquire+0x24a/0x504 [ 9109.602796][ T9576] [] __mutex_lock+0x164/0x1890 [ 9109.603320][ T9576] [] mutex_lock_nested+0x14/0x1c [ 9109.603830][ T9576] [] elevator_change+0x192/0x4ac [ 9109.604533][ T9576] [] elevator_set_none+0xa8/0x120 [ 9109.604948][ T9576] [] blk_mq_update_nr_hw_queues+0x43a/0x13a0 [ 9109.605420][ T9576] [] nbd_start_device+0x156/0xb74 [ 9109.605726][ T9576] [] nbd_genl_connect+0xe74/0x1a4c [ 9109.606101][ T9576] [] genl_family_rcv_msg_doit+0x1f6/0x2d8 [ 9109.606604][ T9576] [] genl_rcv_msg+0x4b2/0x73c [ 9109.606976][ T9576] [] netlink_rcv_skb+0x1e8/0x394 [ 9109.607480][ T9576] [] genl_rcv+0x32/0x4c [ 9109.607909][ T9576] [] netlink_unicast+0x50c/0x7d8 [ 9109.608333][ T9576] [] netlink_sendmsg+0x7e0/0xd64 [ 9109.608810][ T9576] [] __sock_sendmsg+0xca/0x160 [ 9109.609275][ T9576] [] ____sys_sendmsg+0x636/0x794 [ 9109.609718][ T9576] [] ___sys_sendmsg+0x1a4/0x1e8 [ 9109.610147][ T9576] [] __sys_sendmsg+0x18e/0x234 [ 9109.610461][ T9576] [] __riscv_sys_sendmsg+0x70/0xa4 [ 9109.610781][ T9576] [] syscall_handler+0x92/0x114 [ 9109.611140][ T9576] [] do_trap_ecall_u+0x402/0x680 [ 9109.611540][ T9576] [] handle_exception+0x15e/0x16a [ 9112.119186][ T5249] block nbd2: Receive control failed (result -32) [ 9112.189778][ T5249] block nbd2: Receive control failed (result -32) [ 9112.267063][ T5249] block nbd2: Receive control failed (result -32) [ 9112.374533][ T9576] nbd2: detected capacity change from 0 to 127