last executing test programs: 40.781060761s ago: executing program 1 (id=397): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x9, 0x80800) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0, r2}) 38.710306686s ago: executing program 0 (id=398): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000ac0)={'filter\x00', 0x102, 0x4, 0x404, 0x0, 0x10c, 0x10c, 0x324, 0x324, 0x324, 0x4, 0x0, {[{{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local, @empty, @remote, @multicast1}}}, {{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}, @multicast2, @empty, 0x9, 0xffffffff}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {}, {@empty, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'batadv_slave_1\x00', 'ipvlan1\x00'}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@random="e9fb760d26c0", @multicast1, @broadcast}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x450) 34.230415516s ago: executing program 1 (id=399): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_emit_ethernet(0x3e, &(0x7f0000001500)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f9edff", 0x8, 0x3a, 0x0, @remote, @mcast2, {[], @echo_request={0x80, 0x0, 0x0, 0xfff, 0xfff8}}}}}}, 0x0) 28.026675631s ago: executing program 1 (id=400): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x66) 28.026541241s ago: executing program 0 (id=401): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x7, 0x0, 0x1000004}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) 23.290179954s ago: executing program 0 (id=402): r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0xffff, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000001b80)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000005c0)={0x1, {{0xa, 0x0, 0xfffffffc, @mcast1, 0x3}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x108) 18.196936998s ago: executing program 1 (id=403): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000100000000000000002095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000280)={r2, r1, 0x25, 0x0, @void}, 0x10) 18.195734368s ago: executing program 0 (id=404): r0 = semget$private(0x0, 0x6, 0x0) semtimedop(r0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0) semop(r0, &(0x7f00000000c0)=[{0x2}], 0x1) semctl$GETZCNT(r0, 0x2, 0xf, 0x0) 11.877394469s ago: executing program 1 (id=405): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x4, &(0x7f0000001fc0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x98, &(0x7f00000001c0)=""/152, 0x41000}, 0x94) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000200)=@mangle={'mangle\x00', 0x1f, 0x6, 0x6b8, 0x1d8, 0x1d8, 0x0, 0x1d8, 0xe8, 0x5e8, 0x5e8, 0x5e8, 0x5e8, 0x5e8, 0x6, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0x0, 0xff], [0xff0000ff, 0x4de325748c9179dc, 0xffffffff, 0xff000000], 'wlan1\x00', 'wlan0\x00', {}, {0xff}, 0x6, 0x0, 0x2, 0x4}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x5, 0x8, @ipv4=@dev={0xac, 0x14, 0x14, 0x15}, 0x4e21}}}, {{@ipv6={@remote, @local, [0xff, 0xffffff00], [0xffffff00, 0xffffff00, 0xff, 0xff], 'veth1_macvtap\x00', 'erspan0\x00', {0xff}, {}, 0x87, 0x7f, 0x4, 0x2}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@broadcast, @ipv6=@mcast1, 0x33, 0x23, 0x8}}}, {{@ipv6={@remote, @private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xffffff00, 0xffffff00], [0x0, 0xffffffff, 0xffffffff, 0xff], 'pimreg\x00', 'pimreg0\x00', {0xff}, {0xff}, 0x0, 0x49, 0x1, 0x54}, 0x0, 0x208, 0x248, 0x0, {}, [@common=@rt={{0x138}, {0x80000000, [0x64b3d7eb, 0x4], 0xd3, 0x21, 0x0, [@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @private2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @loopback, @empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, @mcast2, @private1, @mcast2, @private1, @private1, @private1={0xfc, 0x1, '\x00', 0x1}], 0x10}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x8, 0xffffffff, 0x7, 0x76be0f9b, 0x7, 0x8, 0x4, 0x733]}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}]}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x5c, 0xf7}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x1, 0x9, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x653afb6a7eb5282b) 9.626518375s ago: executing program 0 (id=406): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@newtaction={0x60, 0x30, 0x1, 0x7ffffd, 0x0, {}, [{0x4c, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xfffffc00, 0x10000, 0x4, 0x3, 0x5}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4004}, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) 2.370079289s ago: executing program 1 (id=407): r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x3) r1 = getpid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x20000000, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, r1, 0x0, 0x0, 'syz1\x00', 0x0}) 0s ago: executing program 0 (id=408): r0 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_SET_SOCK(r0, 0xab08, r1) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:47457' (ED25519) to the list of known hosts. syzkaller login: [ 555.120281][ T3187] cgroup: Unknown subsys name 'net' [ 555.808093][ T3187] cgroup: Unknown subsys name 'cpuset' [ 556.150014][ T3187] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 643.961694][ T3187] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 827.138223][ T3199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 827.853849][ T3199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 828.777046][ T3202] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 829.518561][ T3202] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 841.751276][ T3202] hsr_slave_0: entered promiscuous mode [ 841.801001][ T3202] hsr_slave_1: entered promiscuous mode [ 844.001123][ T3199] hsr_slave_0: entered promiscuous mode [ 844.041606][ T3199] hsr_slave_1: entered promiscuous mode [ 844.107330][ T3199] debugfs: 'hsr0' already exists in 'hsr' [ 844.110889][ T3199] Cannot create hsr debugfs directory [ 858.488988][ T3202] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 858.797647][ T3202] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 859.129890][ T3202] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 859.899666][ T3202] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 862.330059][ T3199] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 862.678346][ T3199] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 863.214150][ T3199] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 863.454191][ T3199] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 881.391299][ T3202] 8021q: adding VLAN 0 to HW filter on device bond0 [ 887.646680][ T3199] 8021q: adding VLAN 0 to HW filter on device bond0 [ 954.437241][ T3202] veth0_vlan: entered promiscuous mode [ 955.118583][ T3202] veth1_vlan: entered promiscuous mode [ 958.158543][ T3199] veth0_vlan: entered promiscuous mode [ 959.448610][ T3202] veth0_macvtap: entered promiscuous mode [ 959.780578][ T3199] veth1_vlan: entered promiscuous mode [ 960.629450][ T3202] veth1_macvtap: entered promiscuous mode [ 964.101140][ T3199] veth0_macvtap: entered promiscuous mode [ 964.645832][ T58] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 964.897181][ T58] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 964.901480][ T58] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 964.979875][ T3199] veth1_macvtap: entered promiscuous mode [ 965.149748][ T58] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 970.389888][ T58] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 970.440732][ T58] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 970.734440][ T58] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 970.739788][ T58] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 974.228590][ T3202] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 995.667642][ T3817] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 996.705711][ T3817] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 996.709243][ T3817] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 996.855404][ T3817] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 996.857866][ T3817] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 996.859870][ T3817] usb 1-1: Manufacturer: syz [ 997.111186][ T3817] usb 1-1: config 0 descriptor?? [ 999.024553][ T3817] usb 1-1: can't set config #0, error -71 [ 999.255392][ T3817] usb 1-1: USB disconnect, device number 2 [ 1070.003927][ T3879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.22'. [ 1070.038821][ T3879] Zero length message leads to an empty skb [ 1136.440484][ T9] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0 [ 1136.454912][ T9] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0 [ 1136.457143][ T9] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0 [ 1136.458956][ T9] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0 [ 1136.460730][ T9] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0 [ 1136.495729][ T9] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0 [ 1136.498152][ T9] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0 [ 1136.500264][ T9] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0 [ 1136.533600][ T9] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0 [ 1136.536122][ T9] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0 [ 1136.767910][ T9] hid-generic 0000:0000:0004.0001: hidraw0: HID v0.03 Device [syz1] on syz1 [ 1164.998970][ T3935] capability: warning: `syz.1.46' uses deprecated v2 capabilities in a way that may be insecure [ 1172.120476][ T3936] [U] r5¡Jcò°~v6“˜|‡7§¤á…kxvzzËg—RùÔ [ 1201.930351][ T3962] netlink: 20 bytes leftover after parsing attributes in process `syz.0.55'. [ 1211.151024][ T3772] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1211.561356][ T3772] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1211.584314][ T3772] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1211.586069][ T3772] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1211.588202][ T3772] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1211.589581][ T3772] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1211.919592][ T3772] usb 1-1: config 0 descriptor?? [ 1217.299347][ T3772] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1217.625679][ T3772] usb 1-1: USB disconnect, device number 3 [ 1231.200122][ T3992] netlink: 'syz.1.59': attribute type 2 has an invalid length. [ 1242.972060][ T3817] hid_parser_main: 78 callbacks suppressed [ 1242.978659][ T3817] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1242.980713][ T3817] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1242.986842][ T3817] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1242.988370][ T3817] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1242.990128][ T3817] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1242.991676][ T3817] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1243.014841][ T3817] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1243.016929][ T3817] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1243.018645][ T3817] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1243.019986][ T3817] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1243.119852][ T3817] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1262.946086][ T4018] netlink: 36 bytes leftover after parsing attributes in process `syz.1.69'. [ 1262.949651][ T4018] netlink: 16 bytes leftover after parsing attributes in process `syz.1.69'. [ 1263.029930][ T4018] netlink: 36 bytes leftover after parsing attributes in process `syz.1.69'. [ 1263.119777][ T4018] netlink: 36 bytes leftover after parsing attributes in process `syz.1.69'. [ 1321.168019][ T4051] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1342.063672][ T4061] netlink: 12 bytes leftover after parsing attributes in process `syz.0.89'. [ 1342.066681][ T4061] netlink: 12 bytes leftover after parsing attributes in process `syz.0.89'. [ 1342.081730][ T4063] netlink: 8 bytes leftover after parsing attributes in process `syz.1.88'. [ 1362.341403][ T4070] netlink: 504 bytes leftover after parsing attributes in process `syz.1.92'. [ 1398.430759][ T4090] capability: warning: `syz.1.101' uses 32-bit capabilities (legacy support in use) [ 1452.369519][ T4120] veth0_to_team: entered promiscuous mode [ 1466.179361][ T4126] sock: sock_set_timeout: `syz.0.117' (pid 4126) tries to set negative timeout [ 1469.926490][ T4128] netlink: 256 bytes leftover after parsing attributes in process `syz.1.118'. [ 1469.931952][ T4128] netlink: 16 bytes leftover after parsing attributes in process `syz.1.118'. [ 1489.155129][ T4140] netlink: 16 bytes leftover after parsing attributes in process `syz.0.123'. [ 1580.560916][ T4184] veth0_to_team: entered promiscuous mode [ 1619.780729][ T4203] netlink: 4 bytes leftover after parsing attributes in process `syz.0.149'. [ 1649.561831][ T4214] netlink: 64 bytes leftover after parsing attributes in process `syz.1.154'. [ 1798.071325][ T4290] process 'syz.1.187' launched './file1' with NULL argv: empty string added [ 1829.570924][ T4303] Illegal XDP return value 4294967274 on prog (id 20) dev N/A, expect packet loss! [ 1881.177443][ T50] block nbd0: Receive control failed (result -32) [ 1881.207178][ T866] block nbd0: Receive control failed (result -32) [ 1881.381768][ T4325] nbd0: detected capacity change from 0 to 63 [ 1909.399478][ T4338] Invalid ELF header magic: != ELF [ 1911.012215][ T4342] input: syz0 as /devices/virtual/input/input1 [ 1918.539418][ T4350] netlink: 28 bytes leftover after parsing attributes in process `syz.1.210'. [ 1918.557176][ T4350] netlink: 28 bytes leftover after parsing attributes in process `syz.1.210'. [ 1919.455404][ T4350] netlink: 28 bytes leftover after parsing attributes in process `syz.1.210'. [ 1919.457319][ T4350] netlink: 28 bytes leftover after parsing attributes in process `syz.1.210'. [ 1994.748780][ T4387] blkio.reset_stats is deprecated [ 2034.585145][ T4414] netlink: 16 bytes leftover after parsing attributes in process `syz.0.237'. [ 2078.311238][ T4444] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 2086.728922][ T4449] netlink: 12 bytes leftover after parsing attributes in process `syz.0.253'. [ 2086.760394][ T4449] netlink: 12 bytes leftover after parsing attributes in process `syz.0.253'. [ 2162.986060][ T4498] faux_driver vgem: [drm] Unknown color mode 11173; guessing buffer size. [ 2168.396725][ T4502] netlink: 56 bytes leftover after parsing attributes in process `syz.1.276'. [ 2172.410947][ T4504] netlink: 16 bytes leftover after parsing attributes in process `syz.0.277'. [ 2189.479017][ T4512] input: syz1 as /devices/virtual/input/input2 [ 2196.884492][ T4521] ubi31: attaching mtd0 [ 2208.029035][ T31] audit: type=1326 audit(2206.440:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4528 comm="syz.1.287" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb87332c6 code=0x0 [ 2230.268793][ T4548] netlink: 'syz.1.293': attribute type 4 has an invalid length. [ 2259.995173][ T3818] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 2260.988876][ T3818] usb 2-1: config 1 has an invalid interface number: 7 but max is 0 [ 2260.995200][ T3818] usb 2-1: config 1 has no interface number 0 [ 2260.998860][ T3818] usb 2-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 2261.026710][ T3818] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1023 [ 2261.031857][ T3818] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2261.297892][ T3818] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 2261.302083][ T3818] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2261.345862][ T3818] usb 2-1: Product: syz [ 2261.347432][ T3818] usb 2-1: Manufacturer: syz [ 2261.348829][ T3818] usb 2-1: SerialNumber: syz [ 2261.901094][ T4565] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2265.618541][ T4573] netlink: 4 bytes leftover after parsing attributes in process `syz.0.302'. [ 2267.167425][ T3818] usb 2-1: Error in usbnet_get_endpoints (-71) [ 2268.281157][ T3818] usb 2-1: USB disconnect, device number 2 [ 2272.326099][ T4583] input: syz0 as /devices/virtual/input/input3 [ 2286.671873][ T4594] netlink: 8 bytes leftover after parsing attributes in process `syz.1.306'. [ 2286.675679][ T4594] netlink: 'syz.1.306': attribute type 29 has an invalid length. [ 2286.678496][ T4594] netlink: 4 bytes leftover after parsing attributes in process `syz.1.306'. [ 2312.041936][ T4609] binder: BC_ACQUIRE_RESULT not supported [ 2312.104930][ T4609] binder: 4607:4609 ioctl c0306201 2000000003c0 returned -22 [ 2332.171859][ T4622] netlink: 100 bytes leftover after parsing attributes in process `syz.1.317'. [ 2446.399371][ T4697] block nbd1: NBD_DISCONNECT [ 2446.410766][ T4697] block nbd1: Send disconnect failed -32 [ 2446.517708][ T4696] block nbd1: Disconnected due to user request. [ 2446.520217][ T4696] block nbd1: shutting down sockets [ 2548.512028][ T4756] netlink: 332 bytes leftover after parsing attributes in process `syz.1.375'. [ 2548.561815][ T4756] netlink: 196 bytes leftover after parsing attributes in process `syz.1.375'. [ 2559.809099][ T4763] netlink: 8 bytes leftover after parsing attributes in process `syz.0.379'. [ 2560.368549][ T4763] netlink: 'syz.0.379': attribute type 2 has an invalid length. [ 2622.549132][ T4800] TCP: TCP_TX_DELAY enabled [ 2670.941405][ T4833] [ 2670.943141][ T4833] ====================================================== [ 2670.944445][ T4833] WARNING: possible circular locking dependency detected [ 2670.948296][ T4833] syzkaller #0 Tainted: G L [ 2670.950679][ T4833] ------------------------------------------------------ [ 2670.952935][ T4833] syz.0.408/4833 is trying to acquire lock: [ 2670.955195][ T4833] ffffaf801fcf8270 (&nsock->tx_lock){+.+.}-{4:4}, at: nbd_queue_rq+0x372/0xe44 [ 2670.960327][ T4833] [ 2670.960327][ T4833] but task is already holding lock: [ 2670.962863][ T4833] ffffaf8034040180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 2670.966399][ T4833] [ 2670.966399][ T4833] which lock already depends on the new lock. [ 2670.966399][ T4833] [ 2670.968211][ T4833] [ 2670.968211][ T4833] the existing dependency chain (in reverse order) is: [ 2670.969631][ T4833] [ 2670.969631][ T4833] -> #6 (&cmd->lock){+.+.}-{4:4}: [ 2670.973027][ T4833] lock_acquire+0x24a/0x504 [ 2670.975084][ T4833] __mutex_lock+0x164/0x1890 [ 2670.977329][ T4833] mutex_lock_nested+0x14/0x1c [ 2670.979169][ T4833] nbd_queue_rq+0xc4/0xe44 [ 2670.980303][ T4833] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 2670.982279][ T4833] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 2670.984700][ T4833] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 2670.986537][ T4833] blk_mq_run_hw_queue+0x274/0x6ec [ 2670.987934][ T4833] blk_mq_dispatch_list+0x53e/0x1430 [ 2670.989468][ T4833] blk_mq_flush_plug_list+0x114/0x55c [ 2670.991562][ T4833] __blk_flush_plug+0x270/0x464 [ 2670.993914][ T4833] __submit_bio+0x42e/0x504 [ 2670.995949][ T4833] submit_bio_noacct_nocheck+0x458/0xdf4 [ 2670.997951][ T4833] submit_bio_noacct+0x6fe/0x2170 [ 2671.000311][ T4833] submit_bio+0xb6/0x5b8 [ 2671.002152][ T4833] submit_bh_wbc+0x428/0x5c0 [ 2671.004187][ T4833] block_read_full_folio+0x396/0x788 [ 2671.006583][ T4833] blkdev_read_folio+0x26/0x30 [ 2671.008253][ T4833] filemap_read_folio+0xc2/0x270 [ 2671.010436][ T4833] do_read_cache_folio+0x22e/0x518 [ 2671.012833][ T4833] read_cache_folio+0x4e/0x68 [ 2671.015112][ T4833] read_part_sector+0xbc/0x408 [ 2671.016899][ T4833] read_lba+0x1b6/0x32c [ 2671.018757][ T4833] find_valid_gpt.constprop.0+0x212/0x21ec [ 2671.020754][ T4833] efi_partition+0xfe/0x9e0 [ 2671.022923][ T4833] bdev_disk_changed+0x5a0/0x1180 [ 2671.024718][ T4833] blkdev_get_whole+0x168/0x25c [ 2671.025860][ T4833] bdev_open+0x288/0xcc4 [ 2671.027585][ T4833] blkdev_open+0x2ec/0x454 [ 2671.029750][ T4833] do_dentry_open+0x418/0x1170 [ 2671.031757][ T4833] vfs_open+0xba/0x3a8 [ 2671.033557][ T4833] path_openat+0x144e/0x2f28 [ 2671.035540][ T4833] do_file_open+0x1ae/0x398 [ 2671.037487][ T4833] do_sys_openat2+0xfe/0x1c0 [ 2671.039585][ T4833] __riscv_sys_openat+0x122/0x1e4 [ 2671.041544][ T4833] syscall_handler+0x92/0x114 [ 2671.043600][ T4833] do_trap_ecall_u+0x402/0x680 [ 2671.045021][ T4833] handle_exception+0x15e/0x16a [ 2671.047241][ T4833] [ 2671.047241][ T4833] -> #5 (set->srcu){.+.+}-{0:0}: [ 2671.050586][ T4833] lock_sync+0xea/0x1cc [ 2671.053088][ T4833] __synchronize_srcu+0xd4/0x24c [ 2671.055105][ T4833] synchronize_srcu+0x14c/0x3fc [ 2671.057115][ T4833] blk_mq_quiesce_queue+0x124/0x194 [ 2671.059202][ T4833] elevator_switch+0x16a/0x4e4 [ 2671.060983][ T4833] elevator_change+0x2f4/0x4ac [ 2671.064117][ T4833] elevator_set_default+0x280/0x370 [ 2671.066321][ T4833] blk_register_queue+0x3a8/0x50c [ 2671.068407][ T4833] __add_disk+0x69a/0xda4 [ 2671.070379][ T4833] add_disk_fwnode+0xe8/0x48c [ 2671.072705][ T4833] device_add_disk+0x28/0x38 [ 2671.074696][ T4833] nbd_dev_add+0x692/0xaec [ 2671.076759][ T4833] nbd_init+0x3d4/0x3f8 [ 2671.078688][ T4833] do_one_initcall+0x18c/0xcdc [ 2671.080546][ T4833] kernel_init_freeable+0x6ca/0x7b4 [ 2671.082734][ T4833] kernel_init+0x28/0x240 [ 2671.084661][ T4833] ret_from_fork_kernel+0x94/0xef8 [ 2671.086940][ T4833] ret_from_fork_kernel_asm+0x16/0x18 [ 2671.089520][ T4833] [ 2671.089520][ T4833] -> #4 (&q->elevator_lock){+.+.}-{4:4}: [ 2671.093145][ T4833] lock_acquire+0x24a/0x504 [ 2671.095036][ T4833] __mutex_lock+0x164/0x1890 [ 2671.096463][ T4833] mutex_lock_nested+0x14/0x1c [ 2671.097825][ T4833] elevator_change+0x192/0x4ac [ 2671.099270][ T4833] elevator_set_none+0xa8/0x120 [ 2671.100612][ T4833] blk_mq_update_nr_hw_queues+0x43a/0x13a0 [ 2671.102132][ T4833] nbd_start_device+0x156/0xb74 [ 2671.103491][ T4833] nbd_genl_connect+0xe74/0x1a4c [ 2671.104771][ T4833] genl_family_rcv_msg_doit+0x1f6/0x2d8 [ 2671.106389][ T4833] genl_rcv_msg+0x4b2/0x73c [ 2671.107481][ T4833] netlink_rcv_skb+0x1e8/0x394 [ 2671.108936][ T4833] genl_rcv+0x32/0x4c [ 2671.110419][ T4833] netlink_unicast+0x50c/0x7d8 [ 2671.111974][ T4833] netlink_sendmsg+0x7e0/0xd64 [ 2671.113539][ T4833] __sock_sendmsg+0xca/0x160 [ 2671.115007][ T4833] ____sys_sendmsg+0x636/0x794 [ 2671.116490][ T4833] ___sys_sendmsg+0x1a4/0x1e8 [ 2671.117865][ T4833] __sys_sendmsg+0x18e/0x234 [ 2671.119119][ T4833] __riscv_sys_sendmsg+0x70/0xa4 [ 2671.120409][ T4833] syscall_handler+0x92/0x114 [ 2671.121840][ T4833] do_trap_ecall_u+0x402/0x680 [ 2671.123300][ T4833] handle_exception+0x15e/0x16a [ 2671.124533][ T4833] [ 2671.124533][ T4833] -> #3 (&q->q_usage_counter(io)#19){++++}-{0:0}: [ 2671.127023][ T4833] lock_acquire+0x24a/0x504 [ 2671.128565][ T4833] blk_alloc_queue+0x5b4/0x6f4 [ 2671.130230][ T4833] blk_mq_alloc_queue+0x15e/0x250 [ 2671.131947][ T4833] __blk_mq_alloc_disk+0x2a/0xd8 [ 2671.133519][ T4833] nbd_dev_add+0x426/0xaec [ 2671.134995][ T4833] nbd_init+0x3d4/0x3f8 [ 2671.136041][ T4833] do_one_initcall+0x18c/0xcdc [ 2671.137097][ T4833] kernel_init_freeable+0x6ca/0x7b4 [ 2671.138374][ T4833] kernel_init+0x28/0x240 [ 2671.139677][ T4833] ret_from_fork_kernel+0x94/0xef8 [ 2671.140852][ T4833] ret_from_fork_kernel_asm+0x16/0x18 [ 2671.142064][ T4833] [ 2671.142064][ T4833] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 2671.143936][ T4833] lock_acquire+0x24a/0x504 [ 2671.145116][ T4833] fs_reclaim_acquire+0xc6/0x100 [ 2671.146448][ T4833] kmem_cache_alloc_node_noprof+0x40/0x6e8 [ 2671.147635][ T4833] __alloc_skb+0x17c/0x778 [ 2671.148759][ T4833] tcp_stream_alloc_skb+0x2e/0x4d8 [ 2671.150125][ T4833] tcp_sendmsg_locked+0xe16/0x408c [ 2671.151625][ T4833] tcp_sendmsg+0x32/0x50 [ 2671.152871][ T4833] inet_sendmsg+0x9a/0xd8 [ 2671.153897][ T4833] __sock_sendmsg+0xca/0x160 [ 2671.155220][ T4833] sock_write_iter+0x298/0x3e8 [ 2671.156617][ T4833] vfs_write+0x648/0xd08 [ 2671.157706][ T4833] ksys_write+0x1f4/0x244 [ 2671.159751][ T4833] __riscv_sys_write+0x6e/0xa0 [ 2671.161847][ T4833] syscall_handler+0x92/0x114 [ 2671.163762][ T4833] do_trap_ecall_u+0x402/0x680 [ 2671.165511][ T4833] handle_exception+0x15e/0x16a [ 2671.167214][ T4833] [ 2671.167214][ T4833] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 2671.169414][ T4833] lock_acquire+0x24a/0x504 [ 2671.170775][ T4833] lock_sock_nested+0x38/0xf8 [ 2671.172200][ T4833] tcp_sendmsg+0x28/0x50 [ 2671.173547][ T4833] inet_sendmsg+0x9a/0xd8 [ 2671.174851][ T4833] sock_sendmsg+0x206/0x2d4 [ 2671.176341][ T4833] __sock_xmit+0x244/0x578 [ 2671.177753][ T4833] nbd_disconnect.isra.0+0x312/0x3e8 [ 2671.179157][ T4833] nbd_ioctl+0xbc8/0xbd4 [ 2671.180269][ T4833] blkdev_ioctl+0x4cc/0x12e4 [ 2671.181684][ T4833] __riscv_sys_ioctl+0x17c/0x1e4 [ 2671.183047][ T4833] syscall_handler+0x92/0x114 [ 2671.184370][ T4833] do_trap_ecall_u+0x402/0x680 [ 2671.185692][ T4833] handle_exception+0x15e/0x16a [ 2671.187024][ T4833] [ 2671.187024][ T4833] -> #0 (&nsock->tx_lock){+.+.}-{4:4}: [ 2671.189107][ T4833] check_noncircular+0x138/0x14c [ 2671.190392][ T4833] __lock_acquire+0xe9c/0x25ac [ 2671.191715][ T4833] lock_acquire+0x24a/0x504 [ 2671.192829][ T4833] __mutex_lock+0x164/0x1890 [ 2671.194089][ T4833] mutex_lock_nested+0x14/0x1c [ 2671.195685][ T4833] nbd_queue_rq+0x372/0xe44 [ 2671.196938][ T4833] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 2671.198408][ T4833] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 2671.199997][ T4833] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 2671.201548][ T4833] blk_mq_run_hw_queue+0x274/0x6ec [ 2671.202845][ T4833] blk_mq_dispatch_list+0x53e/0x1430 [ 2671.204178][ T4833] blk_mq_flush_plug_list+0x114/0x55c [ 2671.205588][ T4833] __blk_flush_plug+0x270/0x464 [ 2671.206821][ T4833] __submit_bio+0x42e/0x504 [ 2671.208427][ T4833] submit_bio_noacct_nocheck+0x458/0xdf4 [ 2671.209705][ T4833] submit_bio_noacct+0x6fe/0x2170 [ 2671.210890][ T4833] submit_bio+0xb6/0x5b8 [ 2671.211905][ T4833] submit_bh_wbc+0x428/0x5c0 [ 2671.213041][ T4833] block_read_full_folio+0x396/0x788 [ 2671.214210][ T4833] blkdev_read_folio+0x26/0x30 [ 2671.215500][ T4833] filemap_read_folio+0xc2/0x270 [ 2671.216847][ T4833] do_read_cache_folio+0x22e/0x518 [ 2671.218232][ T4833] read_cache_folio+0x4e/0x68 [ 2671.219621][ T4833] read_part_sector+0xbc/0x408 [ 2671.220846][ T4833] read_lba+0x1b6/0x32c [ 2671.221979][ T4833] find_valid_gpt.constprop.0+0x212/0x21ec [ 2671.223430][ T4833] efi_partition+0xfe/0x9e0 [ 2671.224628][ T4833] bdev_disk_changed+0x5a0/0x1180 [ 2671.225886][ T4833] blkdev_get_whole+0x168/0x25c [ 2671.227165][ T4833] bdev_open+0x288/0xcc4 [ 2671.228310][ T4833] blkdev_open+0x2ec/0x454 [ 2671.229540][ T4833] do_dentry_open+0x418/0x1170 [ 2671.230782][ T4833] vfs_open+0xba/0x3a8 [ 2671.231935][ T4833] path_openat+0x144e/0x2f28 [ 2671.233382][ T4833] do_file_open+0x1ae/0x398 [ 2671.234857][ T4833] do_sys_openat2+0xfe/0x1c0 [ 2671.236065][ T4833] __riscv_sys_openat+0x122/0x1e4 [ 2671.237299][ T4833] syscall_handler+0x92/0x114 [ 2671.238641][ T4833] do_trap_ecall_u+0x402/0x680 [ 2671.239866][ T4833] handle_exception+0x15e/0x16a [ 2671.241141][ T4833] [ 2671.241141][ T4833] other info that might help us debug this: [ 2671.241141][ T4833] [ 2671.242565][ T4833] Chain exists of: [ 2671.242565][ T4833] &nsock->tx_lock --> set->srcu --> &cmd->lock [ 2671.242565][ T4833] [ 2671.245469][ T4833] Possible unsafe locking scenario: [ 2671.245469][ T4833] [ 2671.246544][ T4833] CPU0 CPU1 [ 2671.247462][ T4833] ---- ---- [ 2671.248357][ T4833] lock(&cmd->lock); [ 2671.249580][ T4833] lock(set->srcu); [ 2671.251146][ T4833] lock(&cmd->lock); [ 2671.252748][ T4833] lock(&nsock->tx_lock); [ 2671.254032][ T4833] [ 2671.254032][ T4833] *** DEADLOCK *** [ 2671.254032][ T4833] [ 2671.255272][ T4833] 3 locks held by syz.0.408/4833: [ 2671.256281][ T4833] #0: ffffaf801ac50358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x3c4/0xcc4 [ 2671.259209][ T4833] #1: ffffaf801abbcc98 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x22c/0x6ec [ 2671.262073][ T4833] #2: ffffaf8034040180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 2671.264949][ T4833] [ 2671.264949][ T4833] stack backtrace: [ 2671.266977][ T4833] CPU: 1 UID: 0 PID: 4833 Comm: syz.0.408 Tainted: G L syzkaller #0 PREEMPT [ 2671.267806][ T4833] Tainted: [L]=SOFTLOCKUP [ 2671.268062][ T4833] Hardware name: riscv-virtio,qemu (DT) [ 2671.268675][ T4833] Call Trace: [ 2671.269156][ T4833] [] dump_backtrace+0x2e/0x3c [ 2671.269890][ T4833] [] show_stack+0x30/0x3c [ 2671.270447][ T4833] [] dump_stack_lvl+0x114/0x1ac [ 2671.271249][ T4833] [] dump_stack+0x1c/0x28 [ 2671.271965][ T4833] [] print_circular_bug+0x250/0x29c [ 2671.272555][ T4833] [] check_noncircular+0x138/0x14c [ 2671.273095][ T4833] [] __lock_acquire+0xe9c/0x25ac [ 2671.273640][ T4833] [] lock_acquire+0x24a/0x504 [ 2671.274177][ T4833] [] __mutex_lock+0x164/0x1890 [ 2671.274925][ T4833] [] mutex_lock_nested+0x14/0x1c [ 2671.275638][ T4833] [] nbd_queue_rq+0x372/0xe44 [ 2671.276131][ T4833] [] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 2671.276788][ T4833] [] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 2671.277576][ T4833] [] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 2671.278373][ T4833] [] blk_mq_run_hw_queue+0x274/0x6ec [ 2671.278957][ T4833] [] blk_mq_dispatch_list+0x53e/0x1430 [ 2671.279587][ T4833] [] blk_mq_flush_plug_list+0x114/0x55c [ 2671.280262][ T4833] [] __blk_flush_plug+0x270/0x464 [ 2671.280839][ T4833] [] __submit_bio+0x42e/0x504 [ 2671.281423][ T4833] [] submit_bio_noacct_nocheck+0x458/0xdf4 [ 2671.282060][ T4833] [] submit_bio_noacct+0x6fe/0x2170 [ 2671.282687][ T4833] [] submit_bio+0xb6/0x5b8 [ 2671.283259][ T4833] [] submit_bh_wbc+0x428/0x5c0 [ 2671.283887][ T4833] [] block_read_full_folio+0x396/0x788 [ 2671.284573][ T4833] [] blkdev_read_folio+0x26/0x30 [ 2671.285192][ T4833] [] filemap_read_folio+0xc2/0x270 [ 2671.285851][ T4833] [] do_read_cache_folio+0x22e/0x518 [ 2671.286598][ T4833] [] read_cache_folio+0x4e/0x68 [ 2671.287253][ T4833] [] read_part_sector+0xbc/0x408 [ 2671.287797][ T4833] [] read_lba+0x1b6/0x32c [ 2671.288348][ T4833] [] find_valid_gpt.constprop.0+0x212/0x21ec [ 2671.288963][ T4833] [] efi_partition+0xfe/0x9e0 [ 2671.289528][ T4833] [] bdev_disk_changed+0x5a0/0x1180 [ 2671.290109][ T4833] [] blkdev_get_whole+0x168/0x25c [ 2671.290745][ T4833] [] bdev_open+0x288/0xcc4 [ 2671.291308][ T4833] [] blkdev_open+0x2ec/0x454 [ 2671.291882][ T4833] [] do_dentry_open+0x418/0x1170 [ 2671.292391][ T4833] [] vfs_open+0xba/0x3a8 [ 2671.292893][ T4833] [] path_openat+0x144e/0x2f28 [ 2671.293617][ T4833] [] do_file_open+0x1ae/0x398 [ 2671.294398][ T4833] [] do_sys_openat2+0xfe/0x1c0 [ 2671.294925][ T4833] [] __riscv_sys_openat+0x122/0x1e4 [ 2671.295487][ T4833] [] syscall_handler+0x92/0x114 [ 2671.296108][ T4833] [] do_trap_ecall_u+0x402/0x680 [ 2671.296696][ T4833] [] handle_exception+0x15e/0x16a [ 2671.435741][ T4833] block nbd0: Dead connection, failed to find a fallback [ 2671.437760][ T4833] block nbd0: shutting down sockets [ 2671.440150][ T4833] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 2671.635834][ T4833] Buffer I/O error on dev nbd0, logical block 0, async page read [ 2671.639473][ T4833] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2671.641461][ T4833] Buffer I/O error on dev nbd0, logical block 1, async page read [ 2671.746063][ T4833] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2671.827313][ T4833] Buffer I/O error on dev nbd0, logical block 2, async page read [ 2671.832118][ T4833] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2671.966066][ T4833] Buffer I/O error on dev nbd0, logical block 3, async page read [ 2672.096492][ T4833] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2672.101085][ T4833] Buffer I/O error on dev nbd0, logical block 0, async page read [ 2672.187601][ T4833] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2672.190263][ T4833] Buffer I/O error on dev nbd0, logical block 1, async page read [ 2672.261302][ T4833] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2672.345935][ T4833] Buffer I/O error on dev nbd0, logical block 2, async page read [ 2672.349801][ T4833] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2672.420375][ T4833] Buffer I/O error on dev nbd0, logical block 3, async page read [ 2672.436209][ T4833] nbd0: unable to read partition table [ 2674.546870][ T4833] block nbd0: Cannot use ioctl interface on a netlink controlled device. [ 2674.721569][ T4833] block nbd0: NBD_DISCONNECT [ 2674.779904][ T4833] block nbd0: Send disconnect failed -32 [ 2674.837814][ T4833] block nbd0: Send disconnect failed -32 [ 2688.576455][ T3395] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2689.536720][ T3395] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2690.538613][ T3395] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2691.397635][ T3395] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2697.829658][ T3395] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2697.960456][ T3395] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2698.110016][ T3395] bond0 (unregistering): Released all slaves [ 2699.024201][ T3395] hsr_slave_0: left promiscuous mode [ 2699.109272][ T3395] hsr_slave_1: left promiscuous mode [ 2699.437745][ T3395] veth1_macvtap: left promiscuous mode [ 2699.441635][ T3395] veth0_macvtap: left promiscuous mode [ 2699.460733][ T3395] veth1_vlan: left promiscuous mode [ 2699.476325][ T3395] veth0_vlan: left promiscuous mode