last executing test programs: 35.469532059s ago: executing program 1 (id=871): io_setup(0x7, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_timeval(r2, 0x1, 0x14, &(0x7f0000000000)={0x0, 0xea60}, 0x10) io_submit(r0, 0x2, &(0x7f0000001740)=[&(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x1, r2, 0x0}, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x5, 0xff, r1, &(0x7f0000000240), 0x0, 0x6, 0x0, 0x2}]) 33.441024948s ago: executing program 0 (id=872): r0 = syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00') madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) madvise(&(0x7f0000529000/0x2000)=nil, 0x2000, 0x16) lseek(r0, 0x2004, 0x0) 30.268051348s ago: executing program 1 (id=873): bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000142020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000e02800850000007000000095"], 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) 28.703953837s ago: executing program 0 (id=874): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18) sendmmsg$sock(r0, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000440)="588a", 0x2}], 0x1}}], 0x1, 0x0) 25.701823554s ago: executing program 1 (id=875): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000080)={0x7, 0x8, 0xfa00, {r1, 0x4}}, 0x10) close(0x3) 23.027796694s ago: executing program 0 (id=876): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x80801, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000000)={0xc, r1}) ioctl$IOMMU_VFIO_CHECK_EXTENSION(r0, 0x3b65, 0x4) 18.086699148s ago: executing program 1 (id=877): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@allocspi={0xf8, 0x16, 0x10, 0x70b52d, 0x25dfdbfe, {{{@in=@loopback, @in6=@private2={0xfc, 0x2, '\x00', 0x3}, 0x4e23, 0x0, 0x4e22, 0x0, 0xa, 0xa0, 0x80, 0x87}, {@in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1f}}, 0x4d3, 0x6c}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0xffffffffffffffc0, 0x3, 0xb, 0x7fffffffffffffff, 0x8000, 0x1, 0x94, 0x1}, {0x8000000000000000, 0x4, 0x9, 0x4ba15d0a}, {0x200, 0x401, 0x3}, 0x70bd25, 0x0, 0x2, 0x0, 0x20, 0x7e}, 0x13b, 0x8}}, 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) 15.466073237s ago: executing program 0 (id=878): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f00000000c0)=0x20) write$binfmt_elf32(r0, 0x0, 0x4cd) 10.379418404s ago: executing program 1 (id=879): sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c00000002720001000000000000000004001b4a0800010001"], 0x1c}, 0x1, 0x0, 0x0, 0x48841}, 0x2000c010) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000000203030100000000000000000400000a"], 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x2000c010) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x1c, 0x2, 0x3, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFQA_CFG_CMD={0x8, 0x1, {0x2, 0x0, 0x8}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20080041}, 0x20008090) 6.795068772s ago: executing program 0 (id=880): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000f00)=0x4997, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x40000, &(0x7f0000000180)={0xa, 0x4e20, 0x8001, @loopback, 0x627bcafb}, 0x1c) recvmmsg(r0, &(0x7f0000001b80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=""/60, 0x3c}, 0x12b}], 0x4000000000001e2, 0x40002003, 0x0) 3.744088609s ago: executing program 1 (id=881): r0 = socket(0x2, 0x1, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab04) 0s ago: executing program 0 (id=882): timer_create(0x5, &(0x7f0000000240)={0x0, 0x3a, 0x4, @thr={0x0, &(0x7f0000000040)="7c190fe4b4f05f300234126e3f876e19f52c19a76c279a24b4443346ad751b6903a714724bd36644c12e93ff1b2c98ca4b7fd96935807fa96aa13306a0711b50466d266c461a1a0ad69a64bf25b9da2f1643fdfde21c13e840263387ebc71e97fcd283a6615bfc530f6e7211a1f37141dda06302e276f62ed604df0150d65bd35a5cb0956dddbfebc17fe35b5b2084"}}, 0x0) r0 = io_uring_setup(0x79c4, &(0x7f00000001c0)={0x0, 0x701e, 0x400, 0x2, 0x64}) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f00000000c0)={0x0, 0x0, 0x1}, 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:4817' (ED25519) to the list of known hosts. syzkaller login: [ 453.842449][ T3188] cgroup: Unknown subsys name 'net' [ 454.556181][ T3188] cgroup: Unknown subsys name 'cpuset' [ 454.678940][ T3188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 535.174114][ T3188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 716.763720][ T3200] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 717.109740][ T3200] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 719.714158][ T3202] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 719.871812][ T3202] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 731.598681][ T3200] hsr_slave_0: entered promiscuous mode [ 731.643949][ T3200] hsr_slave_1: entered promiscuous mode [ 733.811064][ T3202] hsr_slave_0: entered promiscuous mode [ 733.866341][ T3202] hsr_slave_1: entered promiscuous mode [ 733.893399][ T3202] debugfs: 'hsr0' already exists in 'hsr' [ 733.898368][ T3202] Cannot create hsr debugfs directory [ 743.730497][ T3200] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 743.968816][ T3200] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 744.136329][ T3200] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 744.673220][ T3200] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 746.616459][ T3202] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 746.760710][ T3202] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 746.943482][ T3202] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 747.137441][ T3202] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 760.878046][ T3200] 8021q: adding VLAN 0 to HW filter on device bond0 [ 765.863071][ T3202] 8021q: adding VLAN 0 to HW filter on device bond0 [ 817.785861][ T3200] veth0_vlan: entered promiscuous mode [ 818.220110][ T3200] veth1_vlan: entered promiscuous mode [ 819.939600][ T3200] veth0_macvtap: entered promiscuous mode [ 820.321347][ T3200] veth1_macvtap: entered promiscuous mode [ 823.897442][ T3280] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 824.349670][ T3280] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 824.352476][ T3280] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 824.457718][ T3280] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.008978][ T3202] veth0_vlan: entered promiscuous mode [ 826.789004][ T3202] veth1_vlan: entered promiscuous mode [ 831.799277][ T3202] veth0_macvtap: entered promiscuous mode [ 831.933193][ T3200] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 833.117352][ T3202] veth1_macvtap: entered promiscuous mode [ 836.811263][ T3423] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 836.826912][ T3423] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 837.080765][ T3423] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 837.136595][ T3423] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.891553][ T3853] hub 1-0:1.0: USB hub found [ 896.932373][ T3853] hub 1-0:1.0: 1 port detected [ 982.323521][ T3920] netlink: 36 bytes leftover after parsing attributes in process `syz.1.43'. [ 1002.711885][ T3934] bond0: option mode: unable to set because the bond device has slaves [ 1009.249163][ T893] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1010.500214][ T893] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 1010.502408][ T893] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1010.503731][ T893] usb 1-1: Product: syz [ 1010.513189][ T893] usb 1-1: Manufacturer: syz [ 1010.526120][ T893] usb 1-1: SerialNumber: syz [ 1014.265038][ T893] rtl8150 1-1:1.0: couldn't reset the device [ 1014.283794][ T893] rtl8150 1-1:1.0: probe with driver rtl8150 failed with error -5 [ 1020.897624][ T3951] Driver unsupported XDP return value 0 on prog (id 5) dev N/A, expect packet loss! [ 1026.054039][ T3812] usb 1-1: USB disconnect, device number 2 [ 1036.810295][ T3963] netlink: 8 bytes leftover after parsing attributes in process `syz.1.56'. [ 1049.862232][ T3973] Zero length message leads to an empty skb [ 1054.791249][ T3977] netlink: 12 bytes leftover after parsing attributes in process `syz.0.63'. [ 1056.687366][ T3977] netlink: 12 bytes leftover after parsing attributes in process `syz.0.63'. [ 1058.305152][ T3982] mmap: syz.1.64 (3982) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 1061.722194][ T3977] netlink: 12 bytes leftover after parsing attributes in process `syz.0.63'. [ 1068.719881][ T3986] input: syz0 as /devices/virtual/input/input0 [ 1082.109213][ T3998] ======================================================= [ 1082.109213][ T3998] WARNING: The mand mount option has been deprecated and [ 1082.109213][ T3998] and is ignored by this kernel. Remove the mand [ 1082.109213][ T3998] option from the mount to silence this warning. [ 1082.109213][ T3998] ======================================================= [ 1112.709278][ T4017] netlink: 'syz.0.74': attribute type 9 has an invalid length. [ 1155.280170][ T4051] netlink: 8 bytes leftover after parsing attributes in process `syz.1.85'. [ 1172.629751][ T4063] binder: 4062:4063 ioctl c0306201 200000000100 returned -14 [ 1179.160668][ T4068] input: syz0 as /devices/virtual/input/input1 [ 1179.831897][ T4069] IPv6: addrconf: prefix option has invalid lifetime [ 1228.239447][ T3812] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 1229.161468][ T3812] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1229.163926][ T3812] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1229.689829][ T3812] usb 2-1: config 0 descriptor?? [ 1230.163349][ T3812] cp210x 2-1:0.0: cp210x converter detected [ 1232.472699][ T3812] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 1232.482638][ T3812] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 1232.951908][ T3812] usb 2-1: cp210x converter now attached to ttyUSB0 [ 1233.381554][ T3812] usb 2-1: USB disconnect, device number 2 [ 1234.132378][ T3812] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1234.212377][ T3812] cp210x 2-1:0.0: device disconnected [ 1275.472312][ T4150] hub 1-0:1.0: USB hub found [ 1275.536792][ T4150] hub 1-0:1.0: 1 port detected [ 1334.708502][ T4190] hub 1-0:1.0: USB hub found [ 1334.769000][ T4190] hub 1-0:1.0: 1 port detected [ 1336.872881][ T4196] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1336.879421][ T4196] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1346.218273][ T4202] netlink: 104 bytes leftover after parsing attributes in process `syz.1.136'. [ 1346.577852][ T51] block nbd0: Receive control failed (result -32) [ 1346.599335][ T865] block nbd0: Receive control failed (result -32) [ 1346.599349][ T51] block nbd0: Receive control failed (result -32) [ 1346.659196][ T4200] nbd0: detected capacity change from 0 to 127 [ 1365.428527][ T4217] netlink: 422 bytes leftover after parsing attributes in process `syz.1.141'. [ 1403.502699][ T31] audit: type=1800 audit(1402.620:2): pid=4243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.152" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=4332 res=0 errno=0 [ 1411.923541][ T4249] hub 1-0:1.0: USB hub found [ 1411.940307][ T4249] hub 1-0:1.0: 1 port detected [ 1421.693813][ T4260] pimreg: entered allmulticast mode [ 1422.147408][ T4260] pimreg: left allmulticast mode [ 1439.191060][ T4274] netlink: 9275 bytes leftover after parsing attributes in process `syz.0.162'. [ 1466.037259][ T4292] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1477.132365][ T4299] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 1477.499105][ T31] audit: type=1326 audit(1476.580:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4301 comm="syz.0.174" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb7533992 code=0x0 [ 1546.083296][ T4343] netlink: 12 bytes leftover after parsing attributes in process `syz.1.192'. [ 1546.123053][ T4343] netlink: 12 bytes leftover after parsing attributes in process `syz.1.192'. [ 1570.593946][ T4357] netlink: 4 bytes leftover after parsing attributes in process `syz.1.198'. [ 1571.070503][ T4357] netlink: 4 bytes leftover after parsing attributes in process `syz.1.198'. [ 1599.678502][ T4109] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1600.252733][ T4109] usb 1-1: Using ep0 maxpacket: 16 [ 1600.402861][ T4109] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1600.408993][ T4109] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1600.410221][ T4109] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1600.523755][ T4109] usb 1-1: config 0 descriptor?? [ 1605.463940][ T4109] mcp2221 0003:04D8:00DD.0001: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 1606.950982][ T4109] usb 1-1: USB disconnect, device number 3 [ 1611.650267][ T4414] ªªªªªª: renamed from vlan0 (while UP) [ 1626.522755][ T4418] netlink: 4 bytes leftover after parsing attributes in process `syz.1.208'. [ 1731.988100][ T4478] netlink: 'syz.1.232': attribute type 9 has an invalid length. [ 1780.222725][ T31] audit: type=1326 audit(1779.340:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4507 comm="syz.0.246" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb7533992 code=0x7fc00000 [ 1844.502853][ T4551] tun0: tun_chr_ioctl cmd 1074025675 [ 1844.518742][ T4551] tun0: persist enabled [ 1905.161116][ T4600] CUSE: info not properly terminated [ 1934.528837][ T4616] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 1934.528837][ T4616] The task syz.0.289 (4616) triggered the difference, watch for misbehavior. [ 1965.252426][ T4640] kernel profiling enabled (shift: 18) [ 1980.602434][ T4646] faux_driver vgem: [drm] Unknown color mode 11173; guessing buffer size. [ 2022.178638][ T4672] capability: warning: `syz.0.315' uses deprecated v2 capabilities in a way that may be insecure [ 2063.039457][ T4695] random: crng reseeded on system resumption [ 2360.929102][ T4829] netlink: 16 bytes leftover after parsing attributes in process `syz.1.378'. [ 2550.091653][ T4916] binder: BC_ATTEMPT_ACQUIRE not supported [ 2550.093970][ T4916] binder: 4915:4916 ioctl c0306201 2000000001c0 returned -22 [ 2610.085851][ T4947] netlink: 8 bytes leftover after parsing attributes in process `syz.1.426'. [ 2610.087340][ T4947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.426'. [ 2610.090761][ T4947] netlink: 'syz.1.426': attribute type 18 has an invalid length. [ 2683.705710][ T4991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.445'. [ 2712.640439][ T5006] capability: warning: `syz.1.450' uses 32-bit capabilities (legacy support in use) [ 2728.740752][ T5013] netlink: 24 bytes leftover after parsing attributes in process `syz.1.453'. [ 2729.521563][ T5014] netlink: 24 bytes leftover after parsing attributes in process `syz.1.453'. [ 2757.310590][ T5029] blkio.reset_stats is deprecated [ 2785.329001][ T5044] netlink: 8 bytes leftover after parsing attributes in process `syz.0.465'. [ 2841.571971][ T5066] netlink: 'syz.0.475': attribute type 3 has an invalid length. [ 2848.358768][ T5070] netlink: 4 bytes leftover after parsing attributes in process `syz.0.477'. [ 2848.390482][ T5070] hsr_slave_0: left promiscuous mode [ 2848.700488][ T5070] hsr_slave_1: left promiscuous mode [ 2856.033870][ T5079] block nbd0: Dead connection, failed to find a fallback [ 2856.048829][ T5079] block nbd0: shutting down sockets [ 2856.053111][ T5079] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2856.081882][ T5079] Buffer I/O error on dev nbd0, logical block 0, async page read [ 2856.119455][ T5079] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2856.121314][ T5079] Buffer I/O error on dev nbd0, logical block 1, async page read [ 2856.123371][ T5079] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2856.142470][ T5079] Buffer I/O error on dev nbd0, logical block 2, async page read [ 2856.151424][ T5079] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2856.153042][ T5079] Buffer I/O error on dev nbd0, logical block 3, async page read [ 2856.177892][ T5079] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2856.179575][ T5079] Buffer I/O error on dev nbd0, logical block 0, async page read [ 2856.181756][ T5079] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2856.183636][ T5079] Buffer I/O error on dev nbd0, logical block 1, async page read [ 2856.207429][ T5079] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2856.209460][ T5079] Buffer I/O error on dev nbd0, logical block 2, async page read [ 2856.212012][ T5079] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2856.213455][ T5079] Buffer I/O error on dev nbd0, logical block 3, async page read [ 2856.249472][ T5079] nbd0: unable to read partition table [ 2856.639912][ T5079] block nbd0: Cannot use ioctl interface on a netlink controlled device. [ 2856.681699][ T5079] block nbd0: NBD_DISCONNECT [ 2856.683540][ T5079] block nbd0: Send disconnect failed -32 [ 2856.699654][ T5079] block nbd0: Send disconnect failed -32 [ 2856.700981][ T5079] block nbd0: Send disconnect failed -32 [ 3033.880316][ T5203] syz.0.531: vmalloc error: size 2037431678, exceeds total pages, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 3033.904437][ T5203] CPU: 1 UID: 0 PID: 5203 Comm: syz.0.531 Tainted: G L syzkaller #0 PREEMPT [ 3033.905403][ T5203] Tainted: [L]=SOFTLOCKUP [ 3033.905681][ T5203] Hardware name: riscv-virtio,qemu (DT) [ 3033.906342][ T5203] Call Trace: [ 3033.906866][ T5203] [] dump_backtrace+0x2e/0x3c [ 3033.907899][ T5203] [] show_stack+0x30/0x3c [ 3033.908498][ T5203] [] dump_stack_lvl+0x114/0x1ac [ 3033.909405][ T5203] [] dump_stack+0x1c/0x28 [ 3033.910225][ T5203] [] warn_alloc+0x188/0x2a4 [ 3033.910776][ T5203] [] __vmalloc_node_range_noprof+0x14fc/0x18e8 [ 3033.911482][ T5203] [] __kvmalloc_node_noprof+0x4b2/0xa14 [ 3033.912118][ T5203] [] drm_property_create_blob+0x7c/0x2f8 [ 3033.912842][ T5203] [] drm_mode_createblob_ioctl+0xf4/0x3d8 [ 3033.913575][ T5203] [] drm_ioctl_kernel+0x1de/0x370 [ 3033.914318][ T5203] [] drm_ioctl+0x4e6/0xb98 [ 3033.914996][ T5203] [] __riscv_sys_ioctl+0x17c/0x1e4 [ 3033.915602][ T5203] [] syscall_handler+0x92/0x114 [ 3033.916353][ T5203] [] do_trap_ecall_u+0x402/0x680 [ 3033.917062][ T5203] [] handle_exception+0x15e/0x16a [ 3033.980555][ T5203] Mem-Info: [ 3033.983535][ T5203] active_anon:3437 inactive_anon:0 isolated_anon:0 [ 3033.983535][ T5203] active_file:14336 inactive_file:35235 isolated_file:0 [ 3033.983535][ T5203] unevictable:768 dirty:43 writeback:0 [ 3033.983535][ T5203] slab_reclaimable:2736 slab_unreclaimable:27277 [ 3033.983535][ T5203] mapped:12524 shmem:805 pagetables:768 [ 3033.983535][ T5203] sec_pagetables:0 bounce:0 [ 3033.983535][ T5203] kernel_misc_reclaimable:0 [ 3033.983535][ T5203] free:205521 free_pcp:6162 free_cma:52672 [ 3034.051785][ T5203] Node 0 active_anon:13780kB inactive_anon:0kB active_file:57344kB inactive_file:140948kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:50044kB dirty:188kB writeback:0kB shmem:3288kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6016kB pagetables:3100kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 3034.108731][ T5203] Node 0 DMA32 free:822084kB boost:0kB min:22528kB low:28160kB high:33792kB reserved_highatomic:0KB free_highatomic:0KB active_anon:13780kB inactive_anon:0kB active_file:57344kB inactive_file:140948kB unevictable:3072kB writepending:188kB zspages:0kB present:2097152kB managed:1424720kB mlocked:0kB bounce:0kB free_pcp:24660kB local_pcp:13216kB free_cma:210688kB [ 3034.135720][ T5203] lowmem_reserve[]: 0 0 0 [ 3034.140866][ T5203] Node 0 DMA32: 1737*4kB (UME) 582*8kB (UME) 325*16kB (UME) 147*32kB (UME) 97*64kB (UME) 56*128kB (UME) 35*256kB (UMEC) 6*512kB (UMEC) 5*1024kB (MEC) 4*2048kB (MEC) 186*4096kB (UMC) = 822084kB [ 3034.330911][ T5203] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3034.333275][ T5203] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 3034.362430][ T5203] 50395 total pagecache pages [ 3034.364157][ T5203] 0 pages in swap cache [ 3034.412832][ T5203] Free swap = 124996kB [ 3034.432809][ T5203] Total swap = 124996kB [ 3034.457824][ T5203] 524288 pages RAM [ 3034.459596][ T5203] 0 pages HighMem/MovableOnly [ 3034.461009][ T5203] 168108 pages reserved [ 3034.462321][ T5203] 52736 pages cma reserved [ 3086.853522][ T5239] netlink: 100 bytes leftover after parsing attributes in process `syz.0.544'. [ 3091.297674][ T5241] input: syz0 as /devices/virtual/input/input2 [ 3105.812538][ T5258] netlink: 48 bytes leftover after parsing attributes in process `syz.1.551'. [ 3113.403166][ T5262] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 3167.422729][ T5294] netlink: 4 bytes leftover after parsing attributes in process `syz.1.568'. [ 3193.829222][ T5308] netlink: 76 bytes leftover after parsing attributes in process `syz.0.573'. [ 3220.629803][ T5325] process 'syz.0.581' launched '/dev/fd/4' with NULL argv: empty string added [ 3234.919362][ T5335] netlink: 4 bytes leftover after parsing attributes in process `syz.1.586'. [ 3280.976514][ T5231] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 3281.350524][ T5231] usb 1-1: Using ep0 maxpacket: 32 [ 3281.624134][ T5231] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3281.628578][ T5231] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 16 [ 3281.630951][ T5231] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64 [ 3281.633179][ T5231] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 23 [ 3281.821012][ T5231] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 3281.823483][ T5231] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 3281.879896][ T5231] usb 1-1: SerialNumber: syz [ 3282.641580][ T5367] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 3282.719953][ T5367] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 3283.078074][ T5231] hub 1-1:1.0: bad descriptor, ignoring hub [ 3283.081247][ T5231] hub 1-1:1.0: probe with driver hub failed with error -5 [ 3283.280139][ T5231] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 3285.834043][ T5231] cdc_acm 1-1:1.0: ttyACM0: USB ACM device [ 3286.801320][ T5231] usb 1-1: USB disconnect, device number 4 [ 3397.233946][ T5458] netlink: 'syz.1.625': attribute type 8 has an invalid length. [ 3439.560920][ T5485] netlink: 564 bytes leftover after parsing attributes in process `syz.0.638'. [ 3439.563401][ T5485] netlink: 564 bytes leftover after parsing attributes in process `syz.0.638'. [ 3448.622245][ T5491] netlink: 16 bytes leftover after parsing attributes in process `syz.1.641'. [ 3529.878040][ T5573] binder: 5572:5573 ioctl c018620c 200000000000 returned -1 [ 3652.398152][ T5343] usb 1-1: new low-speed USB device number 5 using dummy_hcd [ 3652.876439][ T5343] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 3652.880053][ T5343] usb 1-1: config 0 has an invalid interface number: 21 but max is 0 [ 3652.881427][ T5343] usb 1-1: config 0 has no interface number 0 [ 3653.059161][ T5343] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 3653.061088][ T5343] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 3653.063118][ T5343] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 3653.092104][ T5343] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3653.419424][ T5343] usb 1-1: config 0 descriptor?? [ 3655.699760][ T5343] usb 1-1: USB disconnect, device number 5 [ 3669.458960][ T5680] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 3669.465733][ T5680] IPv6: NLM_F_CREATE should be set when creating new route [ 3680.412445][ T5688] netlink: 12 bytes leftover after parsing attributes in process `syz.1.704'. [ 3680.417745][ T5688] netlink: 12 bytes leftover after parsing attributes in process `syz.1.704'. [ 3764.701962][ T5751] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 3764.707024][ T5751] IPv6: NLM_F_CREATE should be set when creating new route [ 3764.709309][ T5751] IPv6: NLM_F_CREATE should be set when creating new route [ 3764.935505][ T5751] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.732'. [ 3772.859063][ T5755] input: syz0 as /devices/virtual/input/input4 [ 3844.900197][ T5806] bond0: option lp_interval: invalid value (18446744073709551607) [ 3844.901935][ T5806] bond0: option lp_interval: allowed values 1 - 2147483647 [ 3898.217949][ T5842] netlink: 400 bytes leftover after parsing attributes in process `syz.1.771'. [ 3921.628820][ T5854] batadv_slave_1: entered promiscuous mode [ 3921.738288][ T5854] batadv_slave_1: left promiscuous mode [ 3940.727722][ T5376] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 3940.958341][ T5376] usb 1-1: Using ep0 maxpacket: 16 [ 3941.096127][ T5376] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3941.099372][ T5376] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 3941.102511][ T5376] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 3941.112028][ T5376] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 3941.127534][ T5376] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 3941.251259][ T5376] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 3941.253661][ T5376] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 3941.289672][ T5376] usb 1-1: Manufacturer: syz [ 3941.519317][ T5376] usb 1-1: config 0 descriptor?? [ 3946.601027][ T5878] vxcan1: tx address claim with dlc 0 [ 3949.997819][ T5376] rc_core: IR keymap rc-hauppauge not found [ 3950.000117][ T5376] Registered IR keymap rc-empty [ 3950.072313][ T5376] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 3950.128854][ T5376] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 3950.252911][ T5376] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 3950.552718][ T5376] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input5 [ 3950.876501][ T5376] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 3950.908706][ T5376] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 3950.938862][ T5376] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 3951.001290][ T5376] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 3951.026605][ T5376] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 3951.071517][ T5376] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 3951.130738][ T5376] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 3951.161069][ T5376] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 3951.201256][ T5376] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 3951.229848][ T5376] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 3951.809610][ T5376] mceusb 1-1:0.0: Registered with mce emulator interface version 1 [ 3951.811543][ T5376] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 3952.350436][ T5376] usb 1-1: USB disconnect, device number 6 [ 4014.270713][ T5938] netlink: 4 bytes leftover after parsing attributes in process `syz.1.803'. [ 4033.070819][ T5952] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 4033.071930][ T5952] IPv6: NLM_F_CREATE should be set when creating new route [ 4033.073349][ T5952] IPv6: NLM_F_CREATE should be set when creating new route [ 4033.075495][ T5952] IPv6: NLM_F_CREATE should be set when creating new route [ 4033.129148][ T5952] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 4051.211883][ T5968] netlink: 28 bytes leftover after parsing attributes in process `syz.0.815'. [ 4051.213477][ T5968] netlink: 28 bytes leftover after parsing attributes in process `syz.0.815'. [ 4051.340112][ T5968] netlink: 28 bytes leftover after parsing attributes in process `syz.0.815'. [ 4051.341801][ T5968] netlink: 28 bytes leftover after parsing attributes in process `syz.0.815'. [ 4051.361707][ T5968] netlink: 28 bytes leftover after parsing attributes in process `syz.0.815'. [ 4051.363346][ T5968] netlink: 28 bytes leftover after parsing attributes in process `syz.0.815'. [ 4054.610273][ T5970] netlink: 'syz.1.816': attribute type 11 has an invalid length. [ 4054.612639][ T5970] netlink: 56 bytes leftover after parsing attributes in process `syz.1.816'. [ 4079.248919][ T5987] netlink: 36 bytes leftover after parsing attributes in process `syz.0.823'. [ 4103.250246][ T6007] sit0: entered promiscuous mode [ 4103.629487][ T6007] netlink: 'syz.0.830': attribute type 1 has an invalid length. [ 4103.631014][ T6007] netlink: 1 bytes leftover after parsing attributes in process `syz.0.830'. [ 4173.409405][ T6054] netlink: 8 bytes leftover after parsing attributes in process `syz.1.850'. [ 4173.411759][ T6054] netlink: 40 bytes leftover after parsing attributes in process `syz.1.850'. [ 4199.560444][ T6068] block nbd1: server does not support multiple connections per device. [ 4199.609109][ T6068] block nbd1: shutting down sockets [ 4275.741844][ T6118] [ 4275.742891][ T6118] ====================================================== [ 4275.743831][ T6118] WARNING: possible circular locking dependency detected [ 4275.745047][ T6118] syzkaller #0 Tainted: G L [ 4275.746100][ T6118] ------------------------------------------------------ [ 4275.747102][ T6118] syz.1.881/6118 is trying to acquire lock: [ 4275.748131][ T6118] ffffaf803408e860 (sk_lock-AF_INET){+.+.}-{0:0}, at: inet_shutdown+0x68/0x3c0 [ 4275.751500][ T6118] [ 4275.751500][ T6118] but task is already holding lock: [ 4275.752478][ T6118] ffffaf80156e6e70 (&nsock->tx_lock){+.+.}-{4:4}, at: sock_shutdown+0x13a/0x238 [ 4275.755421][ T6118] [ 4275.755421][ T6118] which lock already depends on the new lock. [ 4275.755421][ T6118] [ 4275.756664][ T6118] [ 4275.756664][ T6118] the existing dependency chain (in reverse order) is: [ 4275.757863][ T6118] [ 4275.757863][ T6118] -> #6 (&nsock->tx_lock){+.+.}-{4:4}: [ 4275.760038][ T6118] lock_acquire+0x24a/0x504 [ 4275.761328][ T6118] __mutex_lock+0x164/0x1890 [ 4275.762734][ T6118] mutex_lock_nested+0x14/0x1c [ 4275.764203][ T6118] nbd_queue_rq+0x372/0xe44 [ 4275.765377][ T6118] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 4275.766744][ T6118] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 4275.768261][ T6118] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 4275.769802][ T6118] blk_mq_run_hw_queue+0x274/0x6ec [ 4275.771014][ T6118] blk_mq_dispatch_list+0x53e/0x1430 [ 4275.772255][ T6118] blk_mq_flush_plug_list+0x114/0x55c [ 4275.773606][ T6118] __blk_flush_plug+0x270/0x464 [ 4275.774912][ T6118] __submit_bio+0x42e/0x504 [ 4275.776150][ T6118] submit_bio_noacct_nocheck+0x458/0xdf4 [ 4275.777534][ T6118] submit_bio_noacct+0x6fe/0x2170 [ 4275.778833][ T6118] submit_bio+0xb6/0x5b8 [ 4275.780023][ T6118] submit_bh_wbc+0x428/0x5c0 [ 4275.781299][ T6118] block_read_full_folio+0x396/0x788 [ 4275.782581][ T6118] blkdev_read_folio+0x26/0x30 [ 4275.783773][ T6118] filemap_read_folio+0xc2/0x270 [ 4275.785073][ T6118] do_read_cache_folio+0x22e/0x518 [ 4275.786399][ T6118] read_cache_folio+0x4e/0x68 [ 4275.787675][ T6118] read_part_sector+0xbc/0x408 [ 4275.788858][ T6118] read_lba+0x1b6/0x32c [ 4275.789964][ T6118] find_valid_gpt.constprop.0+0x212/0x21ec [ 4275.791217][ T6118] efi_partition+0xfe/0x9e0 [ 4275.792333][ T6118] bdev_disk_changed+0x5a0/0x1180 [ 4275.793508][ T6118] blkdev_get_whole+0x168/0x25c [ 4275.794674][ T6118] bdev_open+0x288/0xcc4 [ 4275.795828][ T6118] blkdev_open+0x2ec/0x454 [ 4275.797038][ T6118] do_dentry_open+0x418/0x1170 [ 4275.798135][ T6118] vfs_open+0xba/0x3a8 [ 4275.799207][ T6118] path_openat+0x144e/0x2f28 [ 4275.800514][ T6118] do_file_open+0x1ae/0x398 [ 4275.801781][ T6118] do_sys_openat2+0xfe/0x1c0 [ 4275.802954][ T6118] __riscv_sys_openat+0x122/0x1e4 [ 4275.804164][ T6118] syscall_handler+0x92/0x114 [ 4275.805442][ T6118] do_trap_ecall_u+0x402/0x680 [ 4275.806651][ T6118] handle_exception+0x15e/0x16a [ 4275.807946][ T6118] [ 4275.807946][ T6118] -> #5 (&cmd->lock){+.+.}-{4:4}: [ 4275.809959][ T6118] lock_acquire+0x24a/0x504 [ 4275.811134][ T6118] __mutex_lock+0x164/0x1890 [ 4275.812413][ T6118] mutex_lock_nested+0x14/0x1c [ 4275.813777][ T6118] nbd_queue_rq+0xc4/0xe44 [ 4275.814935][ T6118] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 4275.816311][ T6118] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 4275.817838][ T6118] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 4275.819292][ T6118] blk_mq_run_hw_queue+0x274/0x6ec [ 4275.820514][ T6118] blk_mq_dispatch_list+0x53e/0x1430 [ 4275.821761][ T6118] blk_mq_flush_plug_list+0x114/0x55c [ 4275.823000][ T6118] __blk_flush_plug+0x270/0x464 [ 4275.824216][ T6118] __submit_bio+0x42e/0x504 [ 4275.825477][ T6118] submit_bio_noacct_nocheck+0x458/0xdf4 [ 4275.826786][ T6118] submit_bio_noacct+0x6fe/0x2170 [ 4275.827996][ T6118] submit_bio+0xb6/0x5b8 [ 4275.829128][ T6118] submit_bh_wbc+0x428/0x5c0 [ 4275.830341][ T6118] block_read_full_folio+0x396/0x788 [ 4275.831698][ T6118] blkdev_read_folio+0x26/0x30 [ 4275.832906][ T6118] filemap_read_folio+0xc2/0x270 [ 4275.834310][ T6118] do_read_cache_folio+0x22e/0x518 [ 4275.835803][ T6118] read_cache_folio+0x4e/0x68 [ 4275.837224][ T6118] read_part_sector+0xbc/0x408 [ 4275.838545][ T6118] read_lba+0x1b6/0x32c [ 4275.839800][ T6118] find_valid_gpt.constprop.0+0x212/0x21ec [ 4275.841172][ T6118] efi_partition+0xfe/0x9e0 [ 4275.842347][ T6118] bdev_disk_changed+0x5a0/0x1180 [ 4275.843649][ T6118] blkdev_get_whole+0x168/0x25c [ 4275.844967][ T6118] bdev_open+0x288/0xcc4 [ 4275.846075][ T6118] blkdev_open+0x2ec/0x454 [ 4275.847307][ T6118] do_dentry_open+0x418/0x1170 [ 4275.848414][ T6118] vfs_open+0xba/0x3a8 [ 4275.849575][ T6118] path_openat+0x144e/0x2f28 [ 4275.851078][ T6118] do_file_open+0x1ae/0x398 [ 4275.852759][ T6118] do_sys_openat2+0xfe/0x1c0 [ 4275.854037][ T6118] __riscv_sys_openat+0x122/0x1e4 [ 4275.855382][ T6118] syscall_handler+0x92/0x114 [ 4275.856755][ T6118] do_trap_ecall_u+0x402/0x680 [ 4275.858086][ T6118] handle_exception+0x15e/0x16a [ 4275.859371][ T6118] [ 4275.859371][ T6118] -> #4 (set->srcu){.+.+}-{0:0}: [ 4275.861489][ T6118] lock_sync+0xea/0x1cc [ 4275.862783][ T6118] __synchronize_srcu+0xd4/0x24c [ 4275.864335][ T6118] synchronize_srcu+0x14c/0x3fc [ 4275.865814][ T6118] blk_mq_quiesce_queue+0x124/0x194 [ 4275.867114][ T6118] elevator_switch+0x16a/0x4e4 [ 4275.868447][ T6118] elevator_change+0x2f4/0x4ac [ 4275.869783][ T6118] elevator_set_default+0x280/0x370 [ 4275.871220][ T6118] blk_register_queue+0x3a8/0x50c [ 4275.872496][ T6118] __add_disk+0x69a/0xda4 [ 4275.873723][ T6118] add_disk_fwnode+0xe8/0x48c [ 4275.874949][ T6118] device_add_disk+0x28/0x38 [ 4275.876060][ T6118] nbd_dev_add+0x692/0xaec [ 4275.877570][ T6118] nbd_init+0x3d4/0x3f8 [ 4275.878817][ T6118] do_one_initcall+0x18c/0xcdc [ 4275.880056][ T6118] kernel_init_freeable+0x6ca/0x7b4 [ 4275.881340][ T6118] kernel_init+0x28/0x240 [ 4275.882568][ T6118] ret_from_fork_kernel+0x94/0xef8 [ 4275.883949][ T6118] ret_from_fork_kernel_asm+0x16/0x18 [ 4275.885389][ T6118] [ 4275.885389][ T6118] -> #3 (&q->elevator_lock){+.+.}-{4:4}: [ 4275.887560][ T6118] lock_acquire+0x24a/0x504 [ 4275.888892][ T6118] __mutex_lock+0x164/0x1890 [ 4275.890342][ T6118] mutex_lock_nested+0x14/0x1c [ 4275.891661][ T6118] elevator_change+0x192/0x4ac [ 4275.893074][ T6118] elevator_set_none+0xa8/0x120 [ 4275.894837][ T6118] blk_mq_update_nr_hw_queues+0x43a/0x13a0 [ 4275.896296][ T6118] nbd_start_device+0x156/0xb74 [ 4275.897460][ T6118] nbd_genl_connect+0xe74/0x1a4c [ 4275.898628][ T6118] genl_family_rcv_msg_doit+0x1f6/0x2d8 [ 4275.900086][ T6118] genl_rcv_msg+0x4b2/0x73c [ 4275.901167][ T6118] netlink_rcv_skb+0x1e8/0x394 [ 4275.902471][ T6118] genl_rcv+0x32/0x4c [ 4275.904150][ T6118] netlink_unicast+0x50c/0x7d8 [ 4275.905670][ T6118] netlink_sendmsg+0x7e0/0xd64 [ 4275.907295][ T6118] __sock_sendmsg+0xca/0x160 [ 4275.908814][ T6118] ____sys_sendmsg+0x636/0x794 [ 4275.910296][ T6118] ___sys_sendmsg+0x1a4/0x1e8 [ 4275.911697][ T6118] __sys_sendmsg+0x18e/0x234 [ 4275.912852][ T6118] __riscv_sys_sendmsg+0x70/0xa4 [ 4275.914175][ T6118] syscall_handler+0x92/0x114 [ 4275.915654][ T6118] do_trap_ecall_u+0x402/0x680 [ 4275.917090][ T6118] handle_exception+0x15e/0x16a [ 4275.918470][ T6118] [ 4275.918470][ T6118] -> #2 (&q->q_usage_counter(io)#19){++++}-{0:0}: [ 4275.921580][ T6118] lock_acquire+0x24a/0x504 [ 4275.922902][ T6118] blk_alloc_queue+0x5b4/0x6f4 [ 4275.924162][ T6118] blk_mq_alloc_queue+0x15e/0x250 [ 4275.925572][ T6118] __blk_mq_alloc_disk+0x2a/0xd8 [ 4275.926927][ T6118] nbd_dev_add+0x426/0xaec [ 4275.928355][ T6118] nbd_init+0x3d4/0x3f8 [ 4275.929604][ T6118] do_one_initcall+0x18c/0xcdc [ 4275.930733][ T6118] kernel_init_freeable+0x6ca/0x7b4 [ 4275.932000][ T6118] kernel_init+0x28/0x240 [ 4275.933285][ T6118] ret_from_fork_kernel+0x94/0xef8 [ 4275.934817][ T6118] ret_from_fork_kernel_asm+0x16/0x18 [ 4275.936120][ T6118] [ 4275.936120][ T6118] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 4275.938164][ T6118] lock_acquire+0x24a/0x504 [ 4275.939373][ T6118] fs_reclaim_acquire+0xc6/0x100 [ 4275.940798][ T6118] kmem_cache_alloc_node_noprof+0x40/0x6e8 [ 4275.941995][ T6118] __alloc_skb+0x17c/0x778 [ 4275.943134][ T6118] tcp_stream_alloc_skb+0x2e/0x4d8 [ 4275.944528][ T6118] tcp_sendmsg_locked+0xe16/0x408c [ 4275.945950][ T6118] tcp_sendmsg+0x32/0x50 [ 4275.947182][ T6118] inet_sendmsg+0x9a/0xd8 [ 4275.948247][ T6118] __sock_sendmsg+0xca/0x160 [ 4275.949725][ T6118] sock_write_iter+0x298/0x3e8 [ 4275.951097][ T6118] vfs_write+0x648/0xd08 [ 4275.952258][ T6118] ksys_write+0x1f4/0x244 [ 4275.953471][ T6118] __riscv_sys_write+0x6e/0xa0 [ 4275.954875][ T6118] syscall_handler+0x92/0x114 [ 4275.956111][ T6118] do_trap_ecall_u+0x402/0x680 [ 4275.957291][ T6118] handle_exception+0x15e/0x16a [ 4275.958441][ T6118] [ 4275.958441][ T6118] -> #0 (sk_lock-AF_INET){+.+.}-{0:0}: [ 4275.960494][ T6118] check_noncircular+0x138/0x14c [ 4275.961713][ T6118] __lock_acquire+0xe9c/0x25ac [ 4275.962861][ T6118] lock_acquire+0x24a/0x504 [ 4275.964064][ T6118] lock_sock_nested+0x38/0xf8 [ 4275.965394][ T6118] inet_shutdown+0x68/0x3c0 [ 4275.966795][ T6118] kernel_sock_shutdown+0x58/0x7c [ 4275.968195][ T6118] nbd_mark_nsock_dead+0xaa/0x510 [ 4275.969606][ T6118] sock_shutdown+0x144/0x238 [ 4275.970961][ T6118] nbd_ioctl+0x22c/0xbd4 [ 4275.971981][ T6118] blkdev_ioctl+0x4cc/0x12e4 [ 4275.973315][ T6118] __riscv_sys_ioctl+0x17c/0x1e4 [ 4275.974563][ T6118] syscall_handler+0x92/0x114 [ 4275.975796][ T6118] do_trap_ecall_u+0x402/0x680 [ 4275.977015][ T6118] handle_exception+0x15e/0x16a [ 4275.978286][ T6118] [ 4275.978286][ T6118] other info that might help us debug this: [ 4275.978286][ T6118] [ 4275.979565][ T6118] Chain exists of: [ 4275.979565][ T6118] sk_lock-AF_INET --> &cmd->lock --> &nsock->tx_lock [ 4275.979565][ T6118] [ 4275.982328][ T6118] Possible unsafe locking scenario: [ 4275.982328][ T6118] [ 4275.983345][ T6118] CPU0 CPU1 [ 4275.984237][ T6118] ---- ---- [ 4275.985142][ T6118] lock(&nsock->tx_lock); [ 4275.986401][ T6118] lock(&cmd->lock); [ 4275.987776][ T6118] lock(&nsock->tx_lock); [ 4275.989235][ T6118] lock(sk_lock-AF_INET); [ 4275.990914][ T6118] [ 4275.990914][ T6118] *** DEADLOCK *** [ 4275.990914][ T6118] [ 4275.991894][ T6118] 2 locks held by syz.1.881/6118: [ 4275.992921][ T6118] #0: ffffaf801ae34a78 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x14a/0xbd4 [ 4275.995718][ T6118] #1: ffffaf80156e6e70 (&nsock->tx_lock){+.+.}-{4:4}, at: sock_shutdown+0x13a/0x238 [ 4275.998715][ T6118] [ 4275.998715][ T6118] stack backtrace: [ 4275.999758][ T6118] CPU: 0 UID: 0 PID: 6118 Comm: syz.1.881 Tainted: G L syzkaller #0 PREEMPT [ 4276.000424][ T6118] Tainted: [L]=SOFTLOCKUP [ 4276.000640][ T6118] Hardware name: riscv-virtio,qemu (DT) [ 4276.000852][ T6118] Call Trace: [ 4276.001043][ T6118] [] dump_backtrace+0x2e/0x3c [ 4276.001716][ T6118] [] show_stack+0x30/0x3c [ 4276.002211][ T6118] [] dump_stack_lvl+0x114/0x1ac [ 4276.002949][ T6118] [] dump_stack+0x1c/0x28 [ 4276.003693][ T6118] [] print_circular_bug+0x250/0x29c [ 4276.004249][ T6118] [] check_noncircular+0x138/0x14c [ 4276.004858][ T6118] [] __lock_acquire+0xe9c/0x25ac [ 4276.005442][ T6118] [] lock_acquire+0x24a/0x504 [ 4276.006010][ T6118] [] lock_sock_nested+0x38/0xf8 [ 4276.006679][ T6118] [] inet_shutdown+0x68/0x3c0 [ 4276.007370][ T6118] [] kernel_sock_shutdown+0x58/0x7c [ 4276.008100][ T6118] [] nbd_mark_nsock_dead+0xaa/0x510 [ 4276.008931][ T6118] [] sock_shutdown+0x144/0x238 [ 4276.009699][ T6118] [] nbd_ioctl+0x22c/0xbd4 [ 4276.010176][ T6118] [] blkdev_ioctl+0x4cc/0x12e4 [ 4276.010921][ T6118] [] __riscv_sys_ioctl+0x17c/0x1e4 [ 4276.011408][ T6118] [] syscall_handler+0x92/0x114 [ 4276.012023][ T6118] [] do_trap_ecall_u+0x402/0x680 [ 4276.012654][ T6118] [] handle_exception+0x15e/0x16a [ 4276.129311][ T6118] block nbd1: shutting down sockets