last executing test programs: 1h5m44.359308372s ago: executing program 0 (id=211): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x0, 0x0, 0xfffffffd}, 0x3548, 0xfffffffe, 0x0, 0x9, 0x2, 0x0, 0xc, 0x0, 0x4}}}]}, 0x78}}, 0x0) 1h5m39.101079218s ago: executing program 0 (id=212): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb010018030000000000007c0000007c00000002000000000000000000000e0000000000000000000000000600000d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c00000000000000000000000900000000000000000000000900000000000000000000000a02"], 0x0, 0x96}, 0x28) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, &(0x7f0000000040)=""/247, 0x26, 0xf7, 0x1}, 0x28) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000"], &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r1, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10) 1h5m32.535801439s ago: executing program 0 (id=214): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = inotify_init1(0x800) inotify_add_watch(r0, &(0x7f0000000240)='.\x00', 0x60000526) setxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='system.posix_acl_default\x00', 0x0, 0x0, 0x2) 1h5m25.06791826s ago: executing program 0 (id=216): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) ptrace(0x10, r0) waitid(0x1, r0, 0x0, 0x2, &(0x7f0000000100)) 1h5m15.234867476s ago: executing program 0 (id=218): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xf0, 0x32, 0x205, 0x70bd2d, 0x25dfdbfc, {}, [{0xc9}]}, 0xf0}, 0x1, 0x0, 0x0, 0x85}, 0x8000) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) 1h5m14.278276469s ago: executing program 1 (id=219): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) gettid() sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x2c, 0x10, 0x1, 0x3, 0x0, {0x0, 0x0, 0x0, r1, 0x40000}, [@IFLA_ADDRESS={0xa, 0x1, @random="9de30f9977b3"}]}, 0x2c}}, 0x0) 1h5m8.578636031s ago: executing program 0 (id=220): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000080)={0x1, 0x10, 0xfa00, {0x0, r2}}, 0x18) 1h5m7.758650227s ago: executing program 1 (id=221): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000003b40)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000b40)=@newqdisc={0x58, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x20}}, @TCA_RATE={0x6, 0x5, {0x7, 0x9}}]}, 0xfcf1}}, 0xc014) 1h5m1.905234468s ago: executing program 1 (id=222): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1400"], 0x7c}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a70000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc340011800a0001006c696d6974000000240002800c000140fffffffffffffffc0c0002400000000100000000080003"], 0x98}, 0x1, 0x0, 0x0, 0x4000850}, 0x4040) 1h4m57.687959386s ago: executing program 1 (id=223): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) 1h4m48.693065043s ago: executing program 1 (id=224): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xf0, 0x32, 0x205, 0x70bd2d, 0x25dfdbfc, {}, [{0xc9}]}, 0xf0}, 0x1, 0x0, 0x0, 0x85}, 0x8000) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) 1h4m43.365107464s ago: executing program 1 (id=225): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000027c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x2d, 0x20040040) recvmsg$unix(r0, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x40002022) 1h4m18.327865737s ago: executing program 32 (id=220): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000080)={0x1, 0x10, 0xfa00, {0x0, r2}}, 0x18) 1h3m51.368405879s ago: executing program 33 (id=225): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000027c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x2d, 0x20040040) recvmsg$unix(r0, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x40002022) 56.196154364s ago: executing program 2 (id=812): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty=0xe0, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0) 47.999153982s ago: executing program 3 (id=813): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000008c0), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x28, r2, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x3b}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x8094) 46.504748063s ago: executing program 2 (id=814): timerfd_create(0x0, 0x0) r0 = syz_io_uring_setup(0xf02, &(0x7f0000002100)={0x0, 0x191e}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0, &(0x7f00000020c0)=0x0) syz_io_uring_submit(r1, r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x541}, 0x1}) io_uring_enter(r0, 0xf, 0x7929, 0x1, 0x0, 0x0) 41.016599432s ago: executing program 3 (id=815): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x24, r1, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x24}}, 0x0) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x1c}}, 0x4) 36.555790546s ago: executing program 2 (id=816): r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) timer_create(0x7, &(0x7f0000000080)={0x0, 0x11, 0x2}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) writev(r0, &(0x7f0000000400)=[{&(0x7f00000000c0)="94c038e7f1cea4da1011ed3d127fd6d9d4aa1522298de8261e06b208b9e1024987a42de8", 0x24}, {0x0}], 0x2) 30.031849422s ago: executing program 3 (id=817): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x40, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x5}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8}}]}, 0x40}, 0x1, 0x0, 0x0, 0x2400c0c0}, 0x4044080) 18.809833404s ago: executing program 3 (id=818): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x100, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff038}, {0x50, 0x1, 0x7}, {0x6, 0x80, 0xfd}]}, 0x10) syz_emit_ethernet(0x7a, &(0x7f00000001c0)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, '\x00', 0x44, 0x2f, 0x0, @remote, @mcast1, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x880b, 0x0, 0xfffd}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x57}, {}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0x9}}}}}}}}}, 0x0) 18.809517474s ago: executing program 2 (id=819): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_WASH={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40011}, 0x0) 10.81589435s ago: executing program 3 (id=820): mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='ns\x00') lseek(r0, 0x4, 0x2) getdents64(r0, 0xffffffffffffffff, 0x43) 8.964852471s ago: executing program 2 (id=821): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000780)={0x28, 0x15, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x2000c840}, 0x24040808) 1.235522343s ago: executing program 2 (id=822): syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x4200) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000100), r0) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)={0x1c, r1, 0x901, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x80c0) 0s ago: executing program 3 (id=823): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x9}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r0, &(0x7f0000000200)={&(0x7f00000001c0)={0xa, 0x4e22, 0x80000, @dev={0xfe, 0x80, '\x00', 0x3d}, 0xfffffffd}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=[@dontfrag={{0x14, 0x29, 0x3e, 0x9}}], 0x18}, 0xc4) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:11963' (ED25519) to the list of known hosts. syzkaller login: [ 526.081574][ T3188] cgroup: Unknown subsys name 'net' [ 526.896251][ T3188] cgroup: Unknown subsys name 'cpuset' [ 527.094337][ T3188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 615.844769][ T3188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 762.787271][ T3201] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 762.931076][ T3201] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 766.200630][ T3202] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 766.355963][ T3202] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 776.764222][ T3201] hsr_slave_0: entered promiscuous mode [ 776.812300][ T3201] hsr_slave_1: entered promiscuous mode [ 781.354786][ T3202] hsr_slave_0: entered promiscuous mode [ 781.402623][ T3202] hsr_slave_1: entered promiscuous mode [ 781.430228][ T3202] debugfs: 'hsr0' already exists in 'hsr' [ 781.433788][ T3202] Cannot create hsr debugfs directory [ 793.324116][ T3201] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 793.800521][ T3201] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 794.055570][ T3201] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 794.642334][ T3201] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 798.295218][ T3202] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 798.684258][ T3202] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 799.032461][ T3202] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 800.025419][ T3202] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 818.861309][ T3202] 8021q: adding VLAN 0 to HW filter on device bond0 [ 819.903379][ T3201] 8021q: adding VLAN 0 to HW filter on device bond0 [ 891.012089][ T3202] veth0_vlan: entered promiscuous mode [ 891.941882][ T3202] veth1_vlan: entered promiscuous mode [ 894.190741][ T3201] veth0_vlan: entered promiscuous mode [ 895.253910][ T3201] veth1_vlan: entered promiscuous mode [ 896.184523][ T3202] veth0_macvtap: entered promiscuous mode [ 897.314006][ T3202] veth1_macvtap: entered promiscuous mode [ 899.782055][ T3201] veth0_macvtap: entered promiscuous mode [ 900.839829][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 900.855437][ T3201] veth1_macvtap: entered promiscuous mode [ 900.984886][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 901.064067][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 901.095732][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 904.699722][ T55] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 904.872395][ T3207] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.145932][ T3207] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.264644][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 910.199361][ T3202] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 935.724966][ T3824] process 'syz.0.4' launched './file2' with NULL argv: empty string added [ 1008.639936][ T3880] capability: warning: `syz.0.25' uses deprecated v2 capabilities in a way that may be insecure [ 1037.915974][ T3893] Driver unsupported XDP return value 0 on prog (id 7) dev N/A, expect packet loss! [ 1045.385139][ T3897] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 1055.930243][ T3905] Zero length message leads to an empty skb [ 1075.575937][ T3919] netlink: 32 bytes leftover after parsing attributes in process `syz.1.39'. [ 1081.316123][ T3923] block nbd0: server does not support multiple connections per device. [ 1081.361817][ T3923] block nbd0: shutting down sockets [ 1139.380691][ T3966] netlink: 8 bytes leftover after parsing attributes in process `syz.1.60'. [ 1139.383384][ T3966] netlink: 4 bytes leftover after parsing attributes in process `syz.1.60'. [ 1139.392943][ T3966] netlink: 'syz.1.60': attribute type 19 has an invalid length. [ 1139.395901][ T3966] netlink: 'syz.1.60': attribute type 20 has an invalid length. [ 1139.956384][ T3969] netlink: 8 bytes leftover after parsing attributes in process `syz.1.60'. [ 1139.966476][ T3969] netlink: 4 bytes leftover after parsing attributes in process `syz.1.60'. [ 1140.050441][ T3969] netlink: 'syz.1.60': attribute type 19 has an invalid length. [ 1140.085234][ T3969] netlink: 'syz.1.60': attribute type 20 has an invalid length. [ 1140.442784][ T55] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1140.480193][ T12] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1140.485396][ T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1140.535513][ T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1155.528362][ T31] audit: type=1326 audit(1153.470:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3976 comm="syz.1.64" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb57332c6 code=0x0 [ 1216.342800][ T4013] netlink: 16 bytes leftover after parsing attributes in process `syz.1.78'. [ 1298.985621][ T4059] input: syz0 as /devices/virtual/input/input0 [ 1329.235669][ T4088] netlink: 32 bytes leftover after parsing attributes in process `syz.0.108'. [ 1329.606110][ T4088] netlink: 32 bytes leftover after parsing attributes in process `syz.0.108'. [ 1348.883609][ T4101] ======================================================= [ 1348.883609][ T4101] WARNING: The mand mount option has been deprecated and [ 1348.883609][ T4101] and is ignored by this kernel. Remove the mand [ 1348.883609][ T4101] option from the mount to silence this warning. [ 1348.883609][ T4101] ======================================================= [ 1420.704107][ T4171] input: syz0 as /devices/virtual/input/input1 [ 1424.016136][ T4177] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1429.002856][ T4183] netlink: 'syz.0.136': attribute type 8 has an invalid length. [ 1503.444463][ T50] block nbd0: Receive control failed (result -32) [ 1503.461979][ T50] block nbd0: Receive control failed (result -32) [ 1503.465175][ T50] block nbd0: Receive control failed (result -32) [ 1503.492522][ T4232] nbd0: detected capacity change from 0 to 127 [ 1548.223739][ T4264] netem: change failed [ 1562.211377][ T4277] netlink: 'syz.0.175': attribute type 3 has an invalid length. [ 1592.180255][ T50] block nbd1: Receive control failed (result -32) [ 1592.184516][ T4237] block nbd1: Receive control failed (result -32) [ 1592.185841][ T50] block nbd1: Receive control failed (result -32) [ 1592.323315][ T4291] nbd1: detected capacity change from 0 to 127 [ 1676.845580][ T4361] loop0: Can't mount, would change RO state [ 1682.586278][ T4370] netlink: 36 bytes leftover after parsing attributes in process `syz.1.210'. [ 1691.105522][ T4377] netlink: 20 bytes leftover after parsing attributes in process `syz.1.213'. [ 1694.353286][ T4375] bond1: entered promiscuous mode [ 1719.596295][ T4425] netlink: 8 bytes leftover after parsing attributes in process `syz.1.221'. [ 1719.603320][ T4425] netlink: 'syz.1.221': attribute type 5 has an invalid length. [ 1847.108981][ T4435] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1847.328810][ T4435] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1861.954809][ T4459] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1862.155179][ T4459] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1867.263241][ T4435] hsr_slave_0: entered promiscuous mode [ 1867.333191][ T4435] hsr_slave_1: entered promiscuous mode [ 1867.373367][ T4435] debugfs: 'hsr0' already exists in 'hsr' [ 1867.374591][ T4435] Cannot create hsr debugfs directory [ 1884.045016][ T4435] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1884.190028][ T4435] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1884.402731][ T4435] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1884.726122][ T4435] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1891.444943][ T4459] hsr_slave_0: entered promiscuous mode [ 1891.505674][ T4459] hsr_slave_1: entered promiscuous mode [ 1891.579584][ T4459] debugfs: 'hsr0' already exists in 'hsr' [ 1891.580972][ T4459] Cannot create hsr debugfs directory [ 1904.344840][ T4459] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1904.532292][ T4459] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1904.839480][ T4459] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1905.036305][ T4459] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1909.118879][ T4435] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1925.090218][ T4459] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1994.159755][ T4435] veth0_vlan: entered promiscuous mode [ 1995.410679][ T4435] veth1_vlan: entered promiscuous mode [ 2001.175792][ T4435] veth0_macvtap: entered promiscuous mode [ 2002.605568][ T4435] veth1_macvtap: entered promiscuous mode [ 2007.106220][ T3207] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2007.123730][ T3207] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2007.125290][ T3207] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2007.519930][ T3207] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2019.577328][ T4459] veth0_vlan: entered promiscuous mode [ 2021.297954][ T4459] veth1_vlan: entered promiscuous mode [ 2025.820111][ T4459] veth0_macvtap: entered promiscuous mode [ 2026.592683][ T4459] veth1_macvtap: entered promiscuous mode [ 2031.583470][ T3757] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2031.663012][ T3757] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2031.666144][ T3757] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2031.815196][ T3757] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2077.833251][ T5077] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2078.055070][ T5077] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2131.433980][ T5097] netlink: 8 bytes leftover after parsing attributes in process `syz.2.243'. [ 2164.565554][ T5112] netlink: 132 bytes leftover after parsing attributes in process `syz.2.249'. [ 2196.245320][ T5124] lo: entered promiscuous mode [ 2196.284351][ T5124] lo: entered allmulticast mode [ 2213.250165][ T5130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2213.414692][ T5130] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2215.871992][ T5130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2216.041119][ T5130] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2229.193758][ T5139] netlink: 28 bytes leftover after parsing attributes in process `syz.3.258'. [ 2229.261236][ T5139] netlink: 12 bytes leftover after parsing attributes in process `syz.3.258'. [ 2230.080500][ T5140] netlink: 36 bytes leftover after parsing attributes in process `syz.2.257'. [ 2253.146305][ T5148] CUSE: info not properly terminated [ 2303.023773][ T5172] mmap: syz.2.271 (5172) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 2310.183897][ T5174] block nbd3: NBD_DISCONNECT [ 2310.213640][ T5174] block nbd3: Send disconnect failed -32 [ 2310.611365][ T5173] block nbd3: Disconnected due to user request. [ 2310.669267][ T5173] block nbd3: shutting down sockets [ 2345.243572][ T5193] block nbd2: server does not support multiple connections per device. [ 2345.252768][ T5193] block nbd2: shutting down sockets [ 2425.089541][ T5224] faux_driver vgem: [drm] Unknown color mode 3; guessing buffer size. [ 2537.781418][ T5267] netlink: 36 bytes leftover after parsing attributes in process `syz.3.313'. [ 2647.802416][ T31] audit: type=1326 audit(2901.762:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5315 comm="syz.3.332" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb8d332c6 code=0x7ffc0000 [ 2647.970389][ T31] audit: type=1326 audit(2901.952:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5315 comm="syz.3.332" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb8d332c6 code=0x7ffc0000 [ 2648.821725][ T31] audit: type=1326 audit(2902.812:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5315 comm="syz.3.332" exe="/syz-executor" sig=0 arch=c00000f3 syscall=277 compat=0 ip=0x7fffb8d332c6 code=0x7ffc0000 [ 2648.920232][ T31] audit: type=1326 audit(2902.892:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5315 comm="syz.3.332" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb8d332c6 code=0x0 [ 2702.529583][ T5339] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 2742.560779][ T5355] netlink: 422 bytes leftover after parsing attributes in process `syz.3.347'. [ 2835.913761][ T5398] misc userio: No port type given on /dev/userio [ 3016.595003][ T5485] netlink: 28 bytes leftover after parsing attributes in process `syz.3.397'. [ 3016.651871][ T5485] netlink: 28 bytes leftover after parsing attributes in process `syz.3.397'. [ 3016.983013][ T5485] netlink: 28 bytes leftover after parsing attributes in process `syz.3.397'. [ 3016.985612][ T5485] netlink: 28 bytes leftover after parsing attributes in process `syz.3.397'. [ 3044.503807][ T5489] block nbd2: Unsupported socket: should be TCP or UNIX. [ 3062.590825][ T5500] netlink: 20 bytes leftover after parsing attributes in process `syz.3.403'. [ 3063.504305][ T5501] netlink: 20 bytes leftover after parsing attributes in process `syz.3.403'. [ 3142.594765][ T5529] input: syz1 as /devices/virtual/input/input2 [ 3216.625468][ T5565] netlink: 32 bytes leftover after parsing attributes in process `syz.2.428'. [ 3244.039446][ T5576] netlink: 'syz.3.433': attribute type 3 has an invalid length. [ 3310.295155][ T5603] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3310.456728][ T5603] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3337.923147][ T5616] input: syz1 as /devices/virtual/input/input3 [ 3402.753033][ T5647] input: syz1 as /devices/virtual/input/input4 [ 3510.418034][ T5693] netpci0: tun_chr_ioctl cmd 1074025672 [ 3510.463294][ T5693] netpci0: ignored: set checksum enabled [ 3561.689962][ T5720] netlink: 8 bytes leftover after parsing attributes in process `syz.2.489'. [ 3607.815847][ T5739] netlink: 8 bytes leftover after parsing attributes in process `syz.2.495'. [ 3608.436393][ T5742] netlink: 8 bytes leftover after parsing attributes in process `syz.2.495'. [ 3697.805096][ T5777] netlink: 48 bytes leftover after parsing attributes in process `syz.3.508'. [ 3727.465345][ T5028] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3730.334829][ T5028] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3732.746341][ T5028] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3735.291021][ T5028] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3767.322299][ T5028] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3767.941414][ T5028] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3768.360039][ T5028] bond0 (unregistering): Released all slaves [ 3771.713930][ T5028] hsr_slave_0: left promiscuous mode [ 3771.961456][ T5028] hsr_slave_1: left promiscuous mode [ 3773.105638][ T5028] veth1_macvtap: left promiscuous mode [ 3773.121301][ T5028] veth0_macvtap: left promiscuous mode [ 3773.177391][ T5028] veth1_vlan: left promiscuous mode [ 3773.241814][ T5028] veth0_vlan: left promiscuous mode [ 3920.632618][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3921.335781][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3966.879330][ C0] vcan0: j1939_tp_rxtimer: 0xffffaf801c357400: rx timeout, send abort [ 3967.385738][ C0] vcan0: j1939_tp_rxtimer: 0xffffaf801c357400: abort rx timeout. Force session deactivation [ 3972.736443][ T5816] hsr_slave_0: entered promiscuous mode [ 3972.847751][ T5816] hsr_slave_1: entered promiscuous mode [ 3972.880398][ T5816] debugfs: 'hsr0' already exists in 'hsr' [ 3972.881674][ T5816] Cannot create hsr debugfs directory [ 3993.455030][ T5277] hid-generic 0040:0010:7FFFFFFF.0001: item fetching failed at offset 0/2 [ 3993.545933][ T5277] hid-generic 0040:0010:7FFFFFFF.0001: probe with driver hid-generic failed with error -22 [ 4022.326401][ T5816] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 4023.155458][ T5816] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 4023.864215][ T5816] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 4025.156064][ T5816] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 4034.251129][ T6185] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 4034.410225][ T6185] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 4061.236175][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4193.131136][ T5816] veth0_vlan: entered promiscuous mode [ 4194.075003][ T5816] veth1_vlan: entered promiscuous mode [ 4201.233222][ T5816] veth0_macvtap: entered promiscuous mode [ 4203.201177][ T5816] veth1_macvtap: entered promiscuous mode [ 4210.250041][ T4439] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4210.353104][ T3207] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4210.401075][ T3207] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4210.404518][ T3207] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4298.182980][ T6334] block nbd2: shutting down sockets [ 4347.514423][ T6359] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 4352.190855][ T31] audit: type=1326 audit(4862.047:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6360 comm="syz.2.567" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff831332c6 code=0x7fc00000 [ 4492.821915][ T6434] wireguard: wg1: Could not create IPv4 socket [ 4567.383469][ T6469] netlink: 12 bytes leftover after parsing attributes in process `syz.3.608'. [ 4604.011423][ T6484] netlink: 12 bytes leftover after parsing attributes in process `syz.2.615'. [ 4710.453305][ T4236] block nbd2: Receive control failed (result -32) [ 4710.520455][ T4236] block nbd2: Receive control failed (result -32) [ 4710.592522][ T6533] nbd2: detected capacity change from 0 to 63 [ 4770.947869][ T6560] netlink: 52 bytes leftover after parsing attributes in process `syz.2.646'. [ 4799.221878][ T6575] input: syz1 as /devices/virtual/input/input5 [ 4846.731568][ T6603] netlink: 'syz.3.661': attribute type 11 has an invalid length. [ 4846.733287][ T6603] netlink: 56 bytes leftover after parsing attributes in process `syz.3.661'. [ 4852.968168][ T6607] block nbd3: shutting down sockets [ 4897.879519][ T6631] IPv6: NLM_F_CREATE should be specified when creating new route [ 4924.213522][ T6648] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 5022.883939][ T6702] input: syz0 as /devices/virtual/input/input6 [ 5034.976329][ T31] audit: type=1326 audit(5544.977:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6712 comm="syz.2.701" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0x7fff831332c6 code=0x0 [ 5050.642842][ T6722] syz.2.704 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 5124.494629][ T6756] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 5166.055812][ T6776] netlink: 4 bytes leftover after parsing attributes in process `syz.2.726'. [ 5217.400228][ T6800] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 5296.788404][ T6840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 5296.880058][ T6840] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 5316.521066][ T6850] vxcan1: tx address claim with dest, not broadcast [ 5481.206348][ T6943] netlink: 12 bytes leftover after parsing attributes in process `syz.2.791'. [ 5481.862310][ T6945] netlink: 12 bytes leftover after parsing attributes in process `syz.2.791'. [ 5532.895684][ T6978] netlink: 8 bytes leftover after parsing attributes in process `syz.3.803'. [ 5533.260461][ T6978] bond0: entered promiscuous mode [ 5533.261921][ T6978] bond_slave_0: entered promiscuous mode [ 5533.272808][ T6978] bond_slave_1: entered promiscuous mode [ 5533.555973][ T6978] bond0: left promiscuous mode [ 5533.578893][ T6978] bond_slave_0: left promiscuous mode [ 5533.584615][ T6978] bond_slave_1: left promiscuous mode [ 5618.984502][ T7018] netlink: 4 bytes leftover after parsing attributes in process `syz.2.821'. [ 5627.111885][ T7022] [ 5627.113769][ T7022] ====================================================== [ 5627.116008][ T7022] WARNING: possible circular locking dependency detected [ 5627.118660][ T7022] syzkaller #0 Tainted: G L [ 5627.119804][ T7022] ------------------------------------------------------ [ 5627.120778][ T7022] syz.2.822/7022 is trying to acquire lock: [ 5627.121913][ T7022] ffffaf8019908670 (&nsock->tx_lock){+.+.}-{4:4}, at: nbd_queue_rq+0x372/0xe44 [ 5627.125479][ T7022] [ 5627.125479][ T7022] but task is already holding lock: [ 5627.126544][ T7022] ffffaf802eed0180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 5627.128978][ T7022] [ 5627.128978][ T7022] which lock already depends on the new lock. [ 5627.128978][ T7022] [ 5627.130179][ T7022] [ 5627.130179][ T7022] the existing dependency chain (in reverse order) is: [ 5627.131245][ T7022] [ 5627.131245][ T7022] -> #6 (&cmd->lock){+.+.}-{4:4}: [ 5627.133500][ T7022] lock_acquire+0x24a/0x504 [ 5627.134850][ T7022] __mutex_lock+0x164/0x1890 [ 5627.136196][ T7022] mutex_lock_nested+0x14/0x1c [ 5627.137727][ T7022] nbd_queue_rq+0xc4/0xe44 [ 5627.138853][ T7022] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 5627.140205][ T7022] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 5627.141748][ T7022] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 5627.143202][ T7022] blk_mq_run_hw_queue+0x274/0x6ec [ 5627.144393][ T7022] blk_mq_dispatch_list+0x53e/0x1430 [ 5627.145932][ T7022] blk_mq_flush_plug_list+0x114/0x55c [ 5627.147211][ T7022] __blk_flush_plug+0x270/0x464 [ 5627.148422][ T7022] __submit_bio+0x42e/0x504 [ 5627.149632][ T7022] submit_bio_noacct_nocheck+0x458/0xdf4 [ 5627.150901][ T7022] submit_bio_noacct+0x6fe/0x2170 [ 5627.152134][ T7022] submit_bio+0xb6/0x5b8 [ 5627.153311][ T7022] submit_bh_wbc+0x428/0x5c0 [ 5627.155507][ T7022] block_read_full_folio+0x396/0x788 [ 5627.157216][ T7022] blkdev_read_folio+0x26/0x30 [ 5627.158445][ T7022] filemap_read_folio+0xc2/0x270 [ 5627.159741][ T7022] do_read_cache_folio+0x22e/0x518 [ 5627.161101][ T7022] read_cache_folio+0x4e/0x68 [ 5627.162436][ T7022] read_part_sector+0xbc/0x408 [ 5627.163662][ T7022] read_lba+0x1b6/0x32c [ 5627.164905][ T7022] find_valid_gpt.constprop.0+0x212/0x21ec [ 5627.166254][ T7022] efi_partition+0xfe/0x9e0 [ 5627.167436][ T7022] bdev_disk_changed+0x5a0/0x1180 [ 5627.168686][ T7022] blkdev_get_whole+0x168/0x25c [ 5627.169936][ T7022] bdev_open+0x288/0xcc4 [ 5627.171180][ T7022] blkdev_open+0x2ec/0x454 [ 5627.172468][ T7022] do_dentry_open+0x418/0x1170 [ 5627.173694][ T7022] vfs_open+0xba/0x3a8 [ 5627.174819][ T7022] path_openat+0x144e/0x2f28 [ 5627.176258][ T7022] do_file_open+0x1ae/0x398 [ 5627.177575][ T7022] do_sys_openat2+0xfe/0x1c0 [ 5627.178755][ T7022] __riscv_sys_openat+0x122/0x1e4 [ 5627.179989][ T7022] syscall_handler+0x92/0x114 [ 5627.181280][ T7022] do_trap_ecall_u+0x402/0x680 [ 5627.182463][ T7022] handle_exception+0x15e/0x16a [ 5627.183903][ T7022] [ 5627.183903][ T7022] -> #5 (set->srcu){.+.+}-{0:0}: [ 5627.185912][ T7022] lock_sync+0xea/0x1cc [ 5627.187097][ T7022] __synchronize_srcu+0xd4/0x24c [ 5627.188445][ T7022] synchronize_srcu+0x14c/0x3fc [ 5627.189886][ T7022] blk_mq_quiesce_queue+0x124/0x194 [ 5627.191078][ T7022] elevator_switch+0x16a/0x4e4 [ 5627.192395][ T7022] elevator_change+0x2f4/0x4ac [ 5627.193750][ T7022] elevator_set_default+0x280/0x370 [ 5627.195197][ T7022] blk_register_queue+0x3a8/0x50c [ 5627.196638][ T7022] __add_disk+0x69a/0xda4 [ 5627.197822][ T7022] add_disk_fwnode+0xe8/0x48c [ 5627.198937][ T7022] device_add_disk+0x28/0x38 [ 5627.200037][ T7022] nbd_dev_add+0x692/0xaec [ 5627.201457][ T7022] nbd_init+0x3d4/0x3f8 [ 5627.202591][ T7022] do_one_initcall+0x18c/0xcdc [ 5627.203711][ T7022] kernel_init_freeable+0x6ca/0x7b4 [ 5627.204991][ T7022] kernel_init+0x28/0x240 [ 5627.206218][ T7022] ret_from_fork_kernel+0x94/0xef8 [ 5627.207479][ T7022] ret_from_fork_kernel_asm+0x16/0x18 [ 5627.208903][ T7022] [ 5627.208903][ T7022] -> #4 (&q->elevator_lock){+.+.}-{4:4}: [ 5627.211069][ T7022] lock_acquire+0x24a/0x504 [ 5627.212231][ T7022] __mutex_lock+0x164/0x1890 [ 5627.213595][ T7022] mutex_lock_nested+0x14/0x1c [ 5627.214969][ T7022] elevator_change+0x192/0x4ac [ 5627.216343][ T7022] elevator_set_none+0xa8/0x120 [ 5627.217766][ T7022] blk_mq_update_nr_hw_queues+0x43a/0x13a0 [ 5627.219197][ T7022] nbd_start_device+0x156/0xb74 [ 5627.220319][ T7022] nbd_genl_connect+0xe74/0x1a4c [ 5627.221540][ T7022] genl_family_rcv_msg_doit+0x1f6/0x2d8 [ 5627.223010][ T7022] genl_rcv_msg+0x4b2/0x73c [ 5627.224119][ T7022] netlink_rcv_skb+0x1e8/0x394 [ 5627.225602][ T7022] genl_rcv+0x32/0x4c [ 5627.228340][ T7022] netlink_unicast+0x50c/0x7d8 [ 5627.230771][ T7022] netlink_sendmsg+0x7e0/0xd64 [ 5627.231984][ T7022] __sock_sendmsg+0xca/0x160 [ 5627.233004][ T7022] ____sys_sendmsg+0x636/0x794 [ 5627.234160][ T7022] ___sys_sendmsg+0x1a4/0x1e8 [ 5627.235139][ T7022] __sys_sendmsg+0x18e/0x234 [ 5627.235899][ T7022] __riscv_sys_sendmsg+0x70/0xa4 [ 5627.236801][ T7022] syscall_handler+0x92/0x114 [ 5627.237783][ T7022] do_trap_ecall_u+0x402/0x680 [ 5627.238536][ T7022] handle_exception+0x15e/0x16a [ 5627.239409][ T7022] [ 5627.239409][ T7022] -> #3 (&q->q_usage_counter(io)#19){++++}-{0:0}: [ 5627.241106][ T7022] lock_acquire+0x24a/0x504 [ 5627.242051][ T7022] blk_alloc_queue+0x5b4/0x6f4 [ 5627.242950][ T7022] blk_mq_alloc_queue+0x15e/0x250 [ 5627.243854][ T7022] __blk_mq_alloc_disk+0x2a/0xd8 [ 5627.244961][ T7022] nbd_dev_add+0x426/0xaec [ 5627.246162][ T7022] nbd_init+0x3d4/0x3f8 [ 5627.247131][ T7022] do_one_initcall+0x18c/0xcdc [ 5627.247957][ T7022] kernel_init_freeable+0x6ca/0x7b4 [ 5627.248883][ T7022] kernel_init+0x28/0x240 [ 5627.249885][ T7022] ret_from_fork_kernel+0x94/0xef8 [ 5627.250882][ T7022] ret_from_fork_kernel_asm+0x16/0x18 [ 5627.251951][ T7022] [ 5627.251951][ T7022] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 5627.253327][ T7022] lock_acquire+0x24a/0x504 [ 5627.254235][ T7022] fs_reclaim_acquire+0xc6/0x100 [ 5627.255400][ T7022] kmem_cache_alloc_node_noprof+0x40/0x6e8 [ 5627.256427][ T7022] __alloc_skb+0x17c/0x778 [ 5627.257578][ T7022] tcp_stream_alloc_skb+0x2e/0x4d8 [ 5627.258514][ T7022] tcp_sendmsg_locked+0xe16/0x408c [ 5627.259467][ T7022] tcp_sendmsg+0x32/0x50 [ 5627.260384][ T7022] inet_sendmsg+0x9a/0xd8 [ 5627.261325][ T7022] __sock_sendmsg+0xca/0x160 [ 5627.262420][ T7022] sock_write_iter+0x298/0x3e8 [ 5627.263614][ T7022] vfs_write+0x648/0xd08 [ 5627.264549][ T7022] ksys_write+0x1f4/0x244 [ 5627.265625][ T7022] __riscv_sys_write+0x6e/0xa0 [ 5627.266736][ T7022] syscall_handler+0x92/0x114 [ 5627.267739][ T7022] do_trap_ecall_u+0x402/0x680 [ 5627.268776][ T7022] handle_exception+0x15e/0x16a [ 5627.269747][ T7022] [ 5627.269747][ T7022] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 5627.271231][ T7022] lock_acquire+0x24a/0x504 [ 5627.272171][ T7022] lock_sock_nested+0x38/0xf8 [ 5627.273147][ T7022] tcp_sendmsg+0x28/0x50 [ 5627.274077][ T7022] inet_sendmsg+0x9a/0xd8 [ 5627.274958][ T7022] sock_sendmsg+0x206/0x2d4 [ 5627.275962][ T7022] __sock_xmit+0x244/0x578 [ 5627.277089][ T7022] nbd_disconnect.isra.0+0x312/0x3e8 [ 5627.277951][ T7022] nbd_ioctl+0xbc8/0xbd4 [ 5627.278580][ T7022] blkdev_ioctl+0x4cc/0x12e4 [ 5627.279347][ T7022] __riscv_sys_ioctl+0x17c/0x1e4 [ 5627.280053][ T7022] syscall_handler+0x92/0x114 [ 5627.280776][ T7022] do_trap_ecall_u+0x402/0x680 [ 5627.281792][ T7022] handle_exception+0x15e/0x16a [ 5627.283044][ T7022] [ 5627.283044][ T7022] -> #0 (&nsock->tx_lock){+.+.}-{4:4}: [ 5627.285062][ T7022] check_noncircular+0x138/0x14c [ 5627.286239][ T7022] __lock_acquire+0xe9c/0x25ac [ 5627.287487][ T7022] lock_acquire+0x24a/0x504 [ 5627.288647][ T7022] __mutex_lock+0x164/0x1890 [ 5627.290012][ T7022] mutex_lock_nested+0x14/0x1c [ 5627.291301][ T7022] nbd_queue_rq+0x372/0xe44 [ 5627.292094][ T7022] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 5627.292839][ T7022] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 5627.293754][ T7022] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 5627.294568][ T7022] blk_mq_run_hw_queue+0x274/0x6ec [ 5627.295258][ T7022] blk_mq_dispatch_list+0x53e/0x1430 [ 5627.295953][ T7022] blk_mq_flush_plug_list+0x114/0x55c [ 5627.296724][ T7022] __blk_flush_plug+0x270/0x464 [ 5627.297448][ T7022] __submit_bio+0x42e/0x504 [ 5627.298138][ T7022] submit_bio_noacct_nocheck+0x458/0xdf4 [ 5627.298934][ T7022] submit_bio_noacct+0x6fe/0x2170 [ 5627.299602][ T7022] submit_bio+0xb6/0x5b8 [ 5627.300235][ T7022] submit_bh_wbc+0x428/0x5c0 [ 5627.300930][ T7022] block_read_full_folio+0x396/0x788 [ 5627.301811][ T7022] blkdev_read_folio+0x26/0x30 [ 5627.302632][ T7022] filemap_read_folio+0xc2/0x270 [ 5627.303348][ T7022] do_read_cache_folio+0x22e/0x518 [ 5627.304084][ T7022] read_cache_folio+0x4e/0x68 [ 5627.304788][ T7022] read_part_sector+0xbc/0x408 [ 5627.305445][ T7022] read_lba+0x1b6/0x32c [ 5627.306054][ T7022] find_valid_gpt.constprop.0+0x212/0x21ec [ 5627.306981][ T7022] efi_partition+0xfe/0x9e0 [ 5627.307802][ T7022] bdev_disk_changed+0x5a0/0x1180 [ 5627.308603][ T7022] blkdev_get_whole+0x168/0x25c [ 5627.309590][ T7022] bdev_open+0x288/0xcc4 [ 5627.310513][ T7022] blkdev_open+0x2ec/0x454 [ 5627.311413][ T7022] do_dentry_open+0x418/0x1170 [ 5627.312238][ T7022] vfs_open+0xba/0x3a8 [ 5627.313100][ T7022] path_openat+0x144e/0x2f28 [ 5627.314032][ T7022] do_file_open+0x1ae/0x398 [ 5627.314987][ T7022] do_sys_openat2+0xfe/0x1c0 [ 5627.316017][ T7022] __riscv_sys_openat+0x122/0x1e4 [ 5627.317037][ T7022] syscall_handler+0x92/0x114 [ 5627.317943][ T7022] do_trap_ecall_u+0x402/0x680 [ 5627.318823][ T7022] handle_exception+0x15e/0x16a [ 5627.319856][ T7022] [ 5627.319856][ T7022] other info that might help us debug this: [ 5627.319856][ T7022] [ 5627.320901][ T7022] Chain exists of: [ 5627.320901][ T7022] &nsock->tx_lock --> set->srcu --> &cmd->lock [ 5627.320901][ T7022] [ 5627.322763][ T7022] Possible unsafe locking scenario: [ 5627.322763][ T7022] [ 5627.323611][ T7022] CPU0 CPU1 [ 5627.324121][ T7022] ---- ---- [ 5627.324828][ T7022] lock(&cmd->lock); [ 5627.325910][ T7022] lock(set->srcu); [ 5627.326856][ T7022] lock(&cmd->lock); [ 5627.327742][ T7022] lock(&nsock->tx_lock); [ 5627.328699][ T7022] [ 5627.328699][ T7022] *** DEADLOCK *** [ 5627.328699][ T7022] [ 5627.329598][ T7022] 3 locks held by syz.2.822/7022: [ 5627.330288][ T7022] #0: ffffaf801ad97358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x3c4/0xcc4 [ 5627.332629][ T7022] #1: ffffaf8019f91798 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x22c/0x6ec [ 5627.334670][ T7022] #2: ffffaf802eed0180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 5627.336761][ T7022] [ 5627.336761][ T7022] stack backtrace: [ 5627.338173][ T7022] CPU: 0 UID: 0 PID: 7022 Comm: syz.2.822 Tainted: G L syzkaller #0 PREEMPT [ 5627.338702][ T7022] Tainted: [L]=SOFTLOCKUP [ 5627.338879][ T7022] Hardware name: riscv-virtio,qemu (DT) [ 5627.339256][ T7022] Call Trace: [ 5627.339424][ T7022] [] dump_backtrace+0x2e/0x3c [ 5627.339859][ T7022] [] show_stack+0x30/0x3c [ 5627.340273][ T7022] [] dump_stack_lvl+0x114/0x1ac [ 5627.340778][ T7022] [] dump_stack+0x1c/0x28 [ 5627.341335][ T7022] [] print_circular_bug+0x250/0x29c [ 5627.341662][ T7022] [] check_noncircular+0x138/0x14c [ 5627.341972][ T7022] [] __lock_acquire+0xe9c/0x25ac [ 5627.342281][ T7022] [] lock_acquire+0x24a/0x504 [ 5627.342585][ T7022] [] __mutex_lock+0x164/0x1890 [ 5627.342985][ T7022] [] mutex_lock_nested+0x14/0x1c [ 5627.343380][ T7022] [] nbd_queue_rq+0x372/0xe44 [ 5627.343670][ T7022] [] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 5627.344025][ T7022] [] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 5627.344448][ T7022] [] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 5627.345076][ T7022] [] blk_mq_run_hw_queue+0x274/0x6ec [ 5627.345486][ T7022] [] blk_mq_dispatch_list+0x53e/0x1430 [ 5627.345840][ T7022] [] blk_mq_flush_plug_list+0x114/0x55c [ 5627.346186][ T7022] [] __blk_flush_plug+0x270/0x464 [ 5627.346550][ T7022] [] __submit_bio+0x42e/0x504 [ 5627.346872][ T7022] [] submit_bio_noacct_nocheck+0x458/0xdf4 [ 5627.347410][ T7022] [] submit_bio_noacct+0x6fe/0x2170 [ 5627.347784][ T7022] [] submit_bio+0xb6/0x5b8 [ 5627.348092][ T7022] [] submit_bh_wbc+0x428/0x5c0 [ 5627.348451][ T7022] [] block_read_full_folio+0x396/0x788 [ 5627.348857][ T7022] [] blkdev_read_folio+0x26/0x30 [ 5627.349241][ T7022] [] filemap_read_folio+0xc2/0x270 [ 5627.349618][ T7022] [] do_read_cache_folio+0x22e/0x518 [ 5627.349995][ T7022] [] read_cache_folio+0x4e/0x68 [ 5627.350363][ T7022] [] read_part_sector+0xbc/0x408 [ 5627.350814][ T7022] [] read_lba+0x1b6/0x32c [ 5627.351183][ T7022] [] find_valid_gpt.constprop.0+0x212/0x21ec [ 5627.351585][ T7022] [] efi_partition+0xfe/0x9e0 [ 5627.351945][ T7022] [] bdev_disk_changed+0x5a0/0x1180 [ 5627.352256][ T7022] [] blkdev_get_whole+0x168/0x25c [ 5627.352569][ T7022] [] bdev_open+0x288/0xcc4 [ 5627.352880][ T7022] [] blkdev_open+0x2ec/0x454 [ 5627.353246][ T7022] [] do_dentry_open+0x418/0x1170 [ 5627.353538][ T7022] [] vfs_open+0xba/0x3a8 [ 5627.353848][ T7022] [] path_openat+0x144e/0x2f28 [ 5627.354245][ T7022] [] do_file_open+0x1ae/0x398 [ 5627.354647][ T7022] [] do_sys_openat2+0xfe/0x1c0 [ 5627.354947][ T7022] [] __riscv_sys_openat+0x122/0x1e4 [ 5627.355257][ T7022] [] syscall_handler+0x92/0x114 [ 5627.355595][ T7022] [] do_trap_ecall_u+0x402/0x680 [ 5627.355926][ T7022] [] handle_exception+0x15e/0x16a [ 5627.419186][ T7022] block nbd2: Dead connection, failed to find a fallback [ 5627.420707][ T7022] block nbd2: shutting down sockets [ 5627.422447][ T7022] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5627.424257][ T7022] Buffer I/O error on dev nbd2, logical block 0, async page read SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 5627.619819][ T7022] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5627.679100][ T7022] Buffer I/O error on dev nbd2, logical block 1, async page read [ 5627.681313][ T7022] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5627.682765][ T7022] Buffer I/O error on dev nbd2, logical block 2, async page read [ 5627.684612][ T7022] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5627.685878][ T7022] Buffer I/O error on dev nbd2, logical block 3, async page read [ 5627.774371][ T7022] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5627.890602][ T7022] Buffer I/O error on dev nbd2, logical block 0, async page read [ 5627.894749][ T7022] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5628.009550][ T7022] Buffer I/O error on dev nbd2, logical block 1, async page read [ 5628.071491][ T7022] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5628.074901][ T7022] Buffer I/O error on dev nbd2, logical block 2, async page read [ 5628.151021][ T7022] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5628.191457][ T7022] Buffer I/O error on dev nbd2, logical block 3, async page read [ 5628.193868][ T7022] nbd2: unable to read partition table [ 5653.843905][ T6398] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5655.620140][ T6398] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0