IPVS: set_ctl: invalid protocol: 29 172.20.20.187:20002 INFO: task syz-executor.4:14237 blocked for more than 140 seconds. Not tainted 4.14.275-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28720 14237 7980 0x00000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724 do_wait_for_common kernel/sched/completion.c:91 [inline] __wait_for_common kernel/sched/completion.c:112 [inline] wait_for_common+0x272/0x430 kernel/sched/completion.c:123 usb_start_wait_urb+0x125/0x440 drivers/usb/core/message.c:61 usb_bulk_msg+0x1f6/0x500 drivers/usb/core/message.c:252 proc_bulk+0x331/0x6d0 drivers/usb/core/devio.c:1223 usbdev_do_ioctl+0x5b0/0x2b70 drivers/usb/core/devio.c:2449 usbdev_ioctl+0x21/0x30 drivers/usb/core/devio.c:2599 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7ff3bc938049 RSP: 002b:00007ff3bb2ad168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ff3bca4af60 RCX: 00007ff3bc938049 RDX: 0000000020000180 RSI: 00000000c0185502 RDI: 0000000000000003 RBP: 00007ff3bc99208d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff9bf3184f R14: 00007ff3bb2ad300 R15: 0000000000022000 Showing all locks held in the system: 1 lock held by khungtaskd/1529: #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1529 Comm: khungtaskd Not tainted 4.14.275-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline] watchdog+0x5b9/0xb40 kernel/hung_task.c:274 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 4612 Comm: systemd-journal Not tainted 4.14.275-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8880a185e540 task.stack: ffff8880a1860000 RIP: 0010:cache_free_alien mm/slab.c:828 [inline] RIP: 0010:___cache_free+0xdd/0x2c0 mm/slab.c:3518 RSP: 0018:ffff8880a1867ae0 EFLAGS: 00000002 RAX: 0000000000000001 RBX: ffff88809b95f948 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff87ccfc80 RDI: ffffffff87ccfcc0 RBP: ffff88823f830c40 R08: 0000000002769980 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88809b95f948 R13: ffff8880a1867b78 R14: ffffe8ffffd01b10 R15: 0000000000000286 FS: 00007f6d8204a8c0(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f6d7de29000 CR3: 00000000a1e99000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: qlink_free mm/kasan/quarantine.c:147 [inline] qlist_free_all+0x79/0x140 mm/kasan/quarantine.c:166 quarantine_reduce+0x185/0x200 mm/kasan/quarantine.c:259 kasan_kmalloc+0xa2/0x160 mm/kasan/kasan.c:536 slab_post_alloc_hook mm/slab.h:442 [inline] slab_alloc mm/slab.c:3390 [inline] kmem_cache_alloc+0x111/0x3c0 mm/slab.c:3550 getname_flags+0xc8/0x550 fs/namei.c:138 getname fs/namei.c:209 [inline] user_path_create fs/namei.c:3732 [inline] SYSC_mkdirat fs/namei.c:3864 [inline] SyS_mkdirat+0x83/0x270 fs/namei.c:3856 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f6d81305687 RSP: 002b:00007fff7d9ee0b8 EFLAGS: 00000293 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 00007fff7d9f1120 RCX: 00007f6d81305687 RDX: 0000000000000000 RSI: 00000000000001ed RDI: 000055599c59c8a0 RBP: 00007fff7d9ee0f0 R08: 000055599b7653e5 R09: 0000000000000018 R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000 R13: 0000000000000001 R14: 000055599c59c8a0 R15: 00007fff7d9ee730 Code: ff 83 e2 01 48 0f 44 c7 48 8b 00 a8 40 74 84 48 8b 37 48 83 c4 28 4c 89 e2 48 89 ef 5b 5d 41 5c 41 5d 41 5e 41 5f e9 03 07 00 00 <4c> 89 e7 e8 fb 52 a6 ff 48 ba 00 00 00 00 00 ea ff ff 48 c1 e8 ---------------- Code disassembly (best guess): 0: ff 83 e2 01 48 0f incl 0xf4801e2(%rbx) 6: 44 c7 rex.R (bad) 8: 48 8b 00 mov (%rax),%rax b: a8 40 test $0x40,%al d: 74 84 je 0xffffff93 f: 48 8b 37 mov (%rdi),%rsi 12: 48 83 c4 28 add $0x28,%rsp 16: 4c 89 e2 mov %r12,%rdx 19: 48 89 ef mov %rbp,%rdi 1c: 5b pop %rbx 1d: 5d pop %rbp 1e: 41 5c pop %r12 20: 41 5d pop %r13 22: 41 5e pop %r14 24: 41 5f pop %r15 26: e9 03 07 00 00 jmpq 0x72e * 2b: 4c 89 e7 mov %r12,%rdi <-- trapping instruction 2e: e8 fb 52 a6 ff callq 0xffa6532e 33: 48 ba 00 00 00 00 00 movabs $0xffffea0000000000,%rdx 3a: ea ff ff 3d: 48 rex.W 3e: c1 .byte 0xc1 3f: e8 .byte 0xe8