last executing test programs: 20m28.569482924s ago: executing program 0 (id=206): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000080)={0x8, 0x8169, 0x6, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7}) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00464b4, &(0x7f0000000400)={r5}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000002c0)={0x8, 0xd7, 0x8}) close_range(r0, 0xffffffffffffffff, 0x0) 20m19.719347409s ago: executing program 0 (id=207): r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000023892) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) 20m14.824623918s ago: executing program 0 (id=208): bind$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000500)=ANY=[@ANYBLOB], 0x11) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_ADD(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="08150000000511040000000000000000010000"], 0x1508}}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000900)="928e", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) writev(r1, &(0x7f0000000040), 0x2) 20m9.660496231s ago: executing program 0 (id=210): r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x40, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f00000001c0)={{0x1, 0x1, 0x18}, './file1\x00'}) 20m2.979544307s ago: executing program 0 (id=212): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000200)={'lo\x00', &(0x7f0000000640)=@ethtool_drvinfo={0x3, "59df9bafbcfdb56315f245396a297796990e82b4ae58f23aceb70576cbc23bcf", "2b536027a7994037f51fcc3a0ec483e3792474f83462ba98870aa688d1b5cdb0", "918ccf48820000000000cd231f8ff94845fe17b702610000000000429200", "34f231ce71b6afd5f9585a8787eb6a402f9c0012781f716b2a5ccab61835cc21", "bb500649861d98c16388c83d37d69c38e4bef90c3cb04c56b47c7dc408fa5f7c", "5958dd3d80c1542523c508e5", 0x882c, 0x0, 0xbc, 0x201}}) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) setfsgid(0xee00) syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') syz_open_procfs(0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc00000000000000", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) syz_clone(0x41200100, 0x0, 0x0, 0x0, 0x0, 0x0) 19m37.56973707s ago: executing program 0 (id=214): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfc409000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0) mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) sendto$inet(r3, 0x0, 0x0, 0x8004881, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, 0x0, 0x0) 18m46.343433419s ago: executing program 32 (id=214): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfc409000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0) mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) sendto$inet(r3, 0x0, 0x0, 0x8004881, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, 0x0, 0x0) 8m31.881027481s ago: executing program 1 (id=267): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x4e24, 0x3ff, @private1}}, 0x0, 0x0, 0x3, 0x0, "7987a115002fb1dceda99fd0ec5c593d9cd4524ef93dda4846006565c674b756598f22eea3934281d1f653ef0bc30c03ca13cc89c013836bebbcdd2387e97441ddf060dae7d33bf1fbb4fc2b9bc712d9"}, 0xd8) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b32, &(0x7f0000000080)={'virt_wifi0\x00', @random="308e4dac00c7"}) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f00000000c0)=@ccm_128={{0x304}, "0e00", "0f8f96dd3b58dfcbb67f0000006f5f9e", "3da6f8da", "4e4881e263200c9f"}, 0x28) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x3, 0x0, @loopback, 0xffff}, 0x1c) 8m27.591329186s ago: executing program 1 (id=268): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x4, 0x87, 0x7fff0004}]}) r0 = syz_io_uring_setup(0x4ed, &(0x7f0000000300)={0x0, 0xfec9, 0x0, 0xff7ffffc, 0x274}, 0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0xdb4, 0xd070, 0x0, 0x0, 0x0) 8m24.535592363s ago: executing program 1 (id=269): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) migrate_pages(0x0, 0x5, 0x0, &(0x7f0000000040)=0x272) ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000040)=""/185) add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0x0) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x1) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) openat$cgroup_int(r2, &(0x7f0000000040)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0) open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x2) r3 = open(&(0x7f0000000080)='./bus\x00', 0x145542, 0x0) ftruncate(r3, 0x2007ffd) 7m58.290073403s ago: executing program 1 (id=272): socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffc}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@call={0x85, 0x0, 0x0, 0xa0}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r2, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newrule={0x24, 0x18, 0x409, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x1e, 0x1}]}, 0x24}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x6c, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x4c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x38, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_GRE_REMOTE={0x14, 0x7, @private2}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_LINK={0x8, 0x1, r5}]}}}]}, 0x6c}}, 0x0) 7m44.193234186s ago: executing program 1 (id=273): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x4, 0x87, 0x7fff0004}]}) r0 = syz_io_uring_setup(0x4ed, &(0x7f0000000300)={0x0, 0xfec9, 0x0, 0xff7ffffc, 0x274}, 0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0xdb4, 0xd070, 0x0, 0x0, 0x0) 7m31.17244044s ago: executing program 1 (id=275): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) madvise(&(0x7f0000000000/0x600000)=nil, 0xffffffffffffffff, 0x16) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(r3, 0x891b, &(0x7f0000000000)={'lo\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xa}}}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2182, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00ed6a", 0x14, 0x2c, 0x0, @local, @local, {[], {{0x2c00, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0xd, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xff000000}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x6, 0x0, 0xb}, {0x65}}, [@printk={@lld, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xc, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x4}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 6m43.310004734s ago: executing program 33 (id=275): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) madvise(&(0x7f0000000000/0x600000)=nil, 0xffffffffffffffff, 0x16) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(r3, 0x891b, &(0x7f0000000000)={'lo\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xa}}}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2182, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00ed6a", 0x14, 0x2c, 0x0, @local, @local, {[], {{0x2c00, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0xd, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xff000000}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x6, 0x0, 0xb}, {0x65}}, [@printk={@lld, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xc, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x4}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1m58.787090392s ago: executing program 2 (id=294): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=@newtaction={0x64, 0x30, 0x9e54f29ff072a93b, 0x0, 0x25dfdbfc, {}, [{0x50, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x4}, 0x2d}}]}, {0x5d}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x8010) 1m45.907658373s ago: executing program 2 (id=295): bpf$MAP_CREATE(0x0, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = msgget$private(0x0, 0x193) msgsnd(r3, &(0x7f0000000080)=ANY=[], 0x8, 0x0) msgctl$IPC_STAT(r3, 0x2, &(0x7f0000000300)=""/168) read$FUSE(0xffffffffffffffff, &(0x7f00000041c0)={0x2020}, 0x2070) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(aes)\x00'}, 0x58) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/11], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r4}, 0xc) syz_open_dev$vcsa(&(0x7f0000000300), 0x2, 0x40000) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40041, 0x141) lsetxattr$security_ima(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200), &(0x7f00000002c0)=@sha1={0x1, "a578d827ce98b56572f6f669bbe24cb9a2b2033f"}, 0x15, 0x0) 1m7.173758951s ago: executing program 2 (id=296): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0xffffffffffffffff}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) semget$private(0x0, 0x6, 0x0) semop(0x0, &(0x7f00000000c0)=[{0x2, 0x0, 0x2000}, {0x3, 0x1, 0x1800}], 0x2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r1, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x4004c010) bind$inet(r3, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) fcntl$setstatus(r3, 0x4, 0x42000) setsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f0000000180)=0x4, 0x4) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ftruncate(r4, 0x2000009) sendfile(r3, r4, 0x0, 0x7ffff004) 24.960823632s ago: executing program 2 (id=297): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x80000dc3, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045520, 0x0) 13.819255197s ago: executing program 2 (id=298): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f00000000c0)) 0s ago: executing program 2 (id=299): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100ffffffff00000000010000000c0005006c010000000000000c000200ff7f000000000000400007800c00018008000100", @ANYRES32=r2, @ANYBLOB="0c00018008000100", @ANYRES32=r2, @ANYBLOB="0c00018008000100", @ANYRES32=r2], 0x6c}}, 0x20000000) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:59318' (ED25519) to the list of known hosts. syzkaller login: [ 514.877121][ T3197] cgroup: Unknown subsys name 'net' [ 515.680154][ T3197] cgroup: Unknown subsys name 'cpuset' [ 515.806437][ T3197] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 597.076660][ T3197] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 777.159196][ T3205] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 777.315035][ T3205] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 783.782427][ T3207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 783.853212][ T3207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 796.301812][ T3205] hsr_slave_0: entered promiscuous mode [ 796.390097][ T3205] hsr_slave_1: entered promiscuous mode [ 802.832587][ T3207] hsr_slave_0: entered promiscuous mode [ 802.854802][ T3207] hsr_slave_1: entered promiscuous mode [ 802.873690][ T3207] debugfs: 'hsr0' already exists in 'hsr' [ 802.878948][ T3207] Cannot create hsr debugfs directory [ 808.614132][ T3205] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 809.252076][ T3205] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 809.364510][ T3205] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 809.601534][ T3205] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 815.208670][ T3207] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 815.911791][ T3207] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 816.430361][ T3207] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 816.590827][ T3207] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 826.412806][ T3205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 832.069135][ T3207] 8021q: adding VLAN 0 to HW filter on device bond0 [ 894.172283][ T3205] veth0_vlan: entered promiscuous mode [ 895.279804][ T3205] veth1_vlan: entered promiscuous mode [ 898.262083][ T3205] veth0_macvtap: entered promiscuous mode [ 898.771997][ T3205] veth1_macvtap: entered promiscuous mode [ 903.448066][ T3207] veth0_vlan: entered promiscuous mode [ 904.078807][ T3211] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 904.308373][ T3211] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 904.311869][ T3211] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 904.314596][ T3211] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.852656][ T3207] veth1_vlan: entered promiscuous mode [ 910.129788][ T3207] veth0_macvtap: entered promiscuous mode [ 911.042232][ T3207] veth1_macvtap: entered promiscuous mode [ 912.590216][ T3205] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 914.707015][ T114] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 914.708842][ T114] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 914.710361][ T114] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 914.711974][ T114] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 940.891321][ T3733] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 941.619603][ T3733] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 941.623025][ T3733] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 941.647854][ T3733] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 941.650238][ T3733] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 942.049618][ T3733] usb 1-1: config 0 descriptor?? [ 943.344796][ T3844] syz.1.5 uses obsolete (PF_INET,SOCK_PACKET) [ 943.812893][ T3844] syzkaller1: entered promiscuous mode [ 943.832840][ T3844] syzkaller1: entered allmulticast mode [ 945.512868][ T3733] hid-led 0003:27B8:01ED.0001: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.0-1/input0 [ 946.244287][ T3733] hid-led 0003:27B8:01ED.0001: ThingM blink(1) v1 initialized [ 946.548856][ T3733] usb 1-1: USB disconnect, device number 2 [ 959.561390][ T3873] faux_driver vgem: [drm] Unknown color mode 181; guessing buffer size. [ 961.851292][ T3824] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 963.235188][ T3824] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 963.251243][ T3824] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 963.253431][ T3824] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 963.271458][ T3824] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 963.274785][ T3824] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 964.083616][ T3824] usb 2-1: config 0 descriptor?? [ 967.212392][ T3824] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x4 [ 967.679199][ T3824] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 968.262183][ T3824] usb 2-1: USB disconnect, device number 2 [ 1010.649200][ T3932] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1078.562157][ T3825] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1079.373686][ T3825] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 1079.394454][ T3825] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1079.400197][ T3825] usb 1-1: Product: syz [ 1079.401323][ T3825] usb 1-1: Manufacturer: syz [ 1079.402321][ T3825] usb 1-1: SerialNumber: syz [ 1080.219159][ T3825] usb 1-1: config 0 descriptor?? [ 1080.655391][ T3825] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 003 [ 1083.040312][ T3825] i2c i2c-0: failure reading functionality [ 1083.283920][ T3825] i2c i2c-0: connected i2c-tiny-usb device [ 1083.422959][ T3825] usb 1-1: USB disconnect, device number 3 [ 1097.063309][ T4015] Zero length message leads to an empty skb [ 1110.174057][ T3733] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 1110.450790][ T3733] usb 2-1: Using ep0 maxpacket: 16 [ 1110.534509][ T3733] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1110.538085][ T3733] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1110.542786][ T3733] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1110.544963][ T3733] usb 2-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 1110.548987][ T3733] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1110.725122][ T3733] usb 2-1: config 0 descriptor?? [ 1113.978808][ T3733] hid-picolcd 0003:04D8:F002.0003: unknown main item tag 0x0 [ 1113.981034][ T3733] hid-picolcd 0003:04D8:F002.0003: unknown main item tag 0x0 [ 1113.982916][ T3733] hid-picolcd 0003:04D8:F002.0003: unknown main item tag 0x0 [ 1113.991098][ T3733] hid-picolcd 0003:04D8:F002.0003: unknown main item tag 0x0 [ 1113.993279][ T3733] hid-picolcd 0003:04D8:F002.0003: unknown main item tag 0x0 [ 1114.182540][ T3733] hid-picolcd 0003:04D8:F002.0003: No report with id 0xf3 found [ 1114.184774][ T3733] hid-picolcd 0003:04D8:F002.0003: No report with id 0xf4 found [ 1114.433544][ T3733] usb 2-1: USB disconnect, device number 3 [ 1153.337643][ T3211] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1153.342275][ T3211] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1153.344706][ T3211] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1153.374478][ T3211] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1177.131302][ T3824] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 1177.885262][ T3824] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1177.889361][ T3824] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1177.891329][ T3824] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1178.230732][ T3824] usb 1-1: config 0 descriptor?? [ 1191.238440][ T3824] usb 1-1: USB disconnect, device number 4 [ 1225.531978][ T4121] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 64993 [ 1281.291436][ T4153] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.83'. [ 1281.334747][ T4153] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.83'. [ 1341.040381][ T55] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 1341.391259][ T55] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 1341.393722][ T55] usb 1-1: config 0 has no interface number 0 [ 1341.427994][ T55] usb 1-1: config 0 interface 41 has no altsetting 0 [ 1341.569998][ T55] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 1341.571785][ T55] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1341.572956][ T55] usb 1-1: Product: syz [ 1341.573959][ T55] usb 1-1: Manufacturer: syz [ 1341.574949][ T55] usb 1-1: SerialNumber: syz [ 1341.754545][ T55] usb 1-1: config 0 descriptor?? [ 1344.352841][ T55] CoreChips 1-1:0.41: probe with driver CoreChips failed with error -71 [ 1344.980857][ T55] usb 1-1: USB disconnect, device number 5 [ 1441.817171][ T4258] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.109' sets config #2 [ 1487.349038][ T3825] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 1489.210699][ T3825] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 1489.237537][ T3825] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1489.494744][ T3825] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1489.539513][ T3825] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1489.544424][ T3825] usb 2-1: Manufacturer: syz [ 1490.013417][ T3825] usb 2-1: config 0 descriptor?? [ 1495.171025][ T3825] rc_core: IR keymap rc-hauppauge not found [ 1495.173011][ T3825] Registered IR keymap rc-empty [ 1495.459940][ T3825] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 1495.664572][ T3825] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input0 [ 1500.091935][ T4284] rc rc0: two consecutive events of type space [ 1503.839287][ T3824] usb 2-1: USB disconnect, device number 4 [ 1508.377787][ T3733] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 1509.408675][ T3733] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1509.410417][ T3733] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1509.411718][ T3733] usb 2-1: Product: syz [ 1509.412692][ T3733] usb 2-1: Manufacturer: syz [ 1509.413728][ T3733] usb 2-1: SerialNumber: syz [ 1522.903235][ T3764] usb 2-1: USB disconnect, device number 5 [ 1528.460083][ T4319] netlink: 64 bytes leftover after parsing attributes in process `syz.0.118'. [ 1580.081356][ T3824] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 1580.328369][ T3824] usb 1-1: Using ep0 maxpacket: 8 [ 1580.719181][ T3824] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 1580.723190][ T3824] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1580.725204][ T3824] usb 1-1: Product: syz [ 1580.730889][ T3824] usb 1-1: Manufacturer: syz [ 1580.733212][ T3824] usb 1-1: SerialNumber: syz [ 1580.984232][ T3824] usb 1-1: config 0 descriptor?? [ 1594.213187][ T3825] usb 1-1: USB disconnect, device number 6 [ 1702.989669][ T4431] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1722.669761][ T4446] syzkaller0: entered promiscuous mode [ 1722.671046][ T4446] syzkaller0: entered allmulticast mode [ 1734.929270][ T3824] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 1735.490279][ T3824] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1735.492826][ T3824] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1735.719264][ T3824] usb 1-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 1735.722077][ T3824] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1735.723984][ T3824] usb 1-1: Product: syz [ 1735.744485][ T3824] usb 1-1: Manufacturer: syz [ 1735.757942][ T3824] usb 1-1: SerialNumber: syz [ 1735.951379][ T3824] usb 1-1: config 0 descriptor?? [ 1748.827762][ T4273] usb 1-1: USB disconnect, device number 7 [ 1775.879515][ T4273] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 1776.568864][ T4273] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1776.571513][ T4273] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1776.573659][ T4273] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 1776.601374][ T4273] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1776.604342][ T4273] usb 2-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 1776.623326][ T4273] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1776.969298][ T4273] usb 2-1: config 0 descriptor?? [ 1778.171255][ T3201] usb 2-1: USB disconnect, device number 6 [ 1845.472709][ T4541] netlink: 5364 bytes leftover after parsing attributes in process `syz.1.189'. [ 1845.728616][ T4541] netlink: 5364 bytes leftover after parsing attributes in process `syz.1.189'. [ 1855.099301][ T3825] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 1855.350738][ T3825] usb 1-1: Using ep0 maxpacket: 16 [ 1855.474869][ T3825] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1855.488910][ T3825] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1855.491700][ T3825] usb 1-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 1855.493775][ T3825] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1855.727402][ T3825] usb 1-1: config 0 descriptor?? [ 1856.992359][ T3201] usb 1-1: USB disconnect, device number 8 [ 1868.019394][ T4574] netlink: 5364 bytes leftover after parsing attributes in process `syz.0.195'. [ 1868.103123][ T4574] netlink: 5364 bytes leftover after parsing attributes in process `syz.0.195'. [ 1877.084152][ T4583] netlink: 36 bytes leftover after parsing attributes in process `syz.1.200'. [ 1881.893648][ T4588] netlink: 5364 bytes leftover after parsing attributes in process `syz.0.202'. [ 1882.003034][ T4588] netlink: 5364 bytes leftover after parsing attributes in process `syz.0.202'. [ 1919.909120][ T4604] netlink: 5364 bytes leftover after parsing attributes in process `syz.0.208'. [ 1919.963408][ T4604] netlink: 5364 bytes leftover after parsing attributes in process `syz.0.208'. [ 2045.094716][ T3713] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2047.674711][ T3713] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2049.784755][ T3713] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2053.315253][ T3713] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2074.223496][ T3713] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2074.552077][ T3713] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2074.752348][ T3713] bond0 (unregistering): Released all slaves [ 2077.938879][ T3713] hsr_slave_0: left promiscuous mode [ 2078.086888][ T3713] hsr_slave_1: left promiscuous mode [ 2079.038717][ T3713] veth1_macvtap: left promiscuous mode [ 2079.043506][ T3713] veth0_macvtap: left promiscuous mode [ 2079.072978][ T3713] veth1_vlan: left promiscuous mode [ 2079.141289][ T3713] veth0_vlan: left promiscuous mode [ 2088.404475][ T4699] netlink: 'syz.1.221': attribute type 10 has an invalid length. [ 2088.409346][ T4699] netlink: 40 bytes leftover after parsing attributes in process `syz.1.221'. [ 2122.999200][ T4699] veth1: entered promiscuous mode [ 2123.001490][ T4699] veth1: entered allmulticast mode [ 2123.010285][ T4699] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 2161.640939][ T4655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2161.904228][ T4655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2190.264589][ T4655] hsr_slave_0: entered promiscuous mode [ 2190.386804][ T4655] hsr_slave_1: entered promiscuous mode [ 2190.464321][ T4655] debugfs: 'hsr0' already exists in 'hsr' [ 2190.477149][ T4655] Cannot create hsr debugfs directory [ 2215.343063][ T4655] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 2215.609126][ T4655] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 2215.902484][ T4655] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 2216.132796][ T4655] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 2249.971339][ T4655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2270.884283][ T5032] syzkaller0: entered promiscuous mode [ 2270.896765][ T5032] syzkaller0: entered allmulticast mode [ 2320.448819][ T4273] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 2321.510974][ T4273] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 2321.514632][ T4273] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2321.533839][ T4273] usb 2-1: Product: syz [ 2321.547237][ T4273] usb 2-1: Manufacturer: syz [ 2321.549134][ T4273] usb 2-1: SerialNumber: syz [ 2321.938954][ T4273] usb 2-1: config 0 descriptor?? [ 2326.891571][ T4273] usb 2-1: USB disconnect, device number 7 [ 2380.351818][ T4655] veth0_vlan: entered promiscuous mode [ 2380.923992][ T4655] veth1_vlan: entered promiscuous mode [ 2386.669532][ T4655] veth0_macvtap: entered promiscuous mode [ 2387.270656][ T4655] veth1_macvtap: entered promiscuous mode [ 2395.913635][ T3211] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2395.980427][ T3211] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2395.983465][ T3211] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2396.319287][ T3211] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2429.169201][ T5145] syz.1.248 (5145): attempted to duplicate a private mapping with mremap. This is not supported. [ 2550.724380][ T5186] fuse: Bad value for 'group_id' [ 2550.731434][ T5186] fuse: Bad value for 'group_id' [ 2561.959241][ T5152] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 2562.892528][ T5152] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 2562.895062][ T5152] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2563.262097][ T5152] usb 2-1: config 0 descriptor?? [ 2564.209317][ T5152] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 2564.551453][ T5152] [drm:udl_init] *ERROR* Selecting channel failed [ 2565.334375][ T5152] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 2565.352242][ T5152] [drm] Initialized udl on minor 2 [ 2565.681163][ T5152] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 2565.713709][ T5152] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 2565.820325][ T5205] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.261'. [ 2565.920301][ T5152] usb 2-1: USB disconnect, device number 8 [ 2566.073592][ T5205] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.261'. [ 2567.792094][ T4272] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 2631.675942][ C0] hrtimer: interrupt took 1140700 ns [ 2631.832141][ T5132] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 2632.580104][ T5132] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 2632.582828][ T5132] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2632.759756][ T5132] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 2632.762186][ T5132] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 2632.764083][ T5132] usb 2-1: Manufacturer: syz [ 2633.509814][ T5132] usb 2-1: config 0 descriptor?? [ 2636.528353][ T5132] rc_core: IR keymap rc-hauppauge not found [ 2636.531057][ T5132] Registered IR keymap rc-empty [ 2636.593440][ T5132] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 2636.671543][ T5132] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input1 [ 2636.861270][ C0] igorplugusb 2-1:0.0: Error: urb status = -32 [ 2640.887364][ T4652] usb 2-1: USB disconnect, device number 9 [ 2682.123510][ T5280] netlink: 'syz.2.274': attribute type 10 has an invalid length. [ 2682.126637][ T5280] netlink: 40 bytes leftover after parsing attributes in process `syz.2.274'. [ 2682.131030][ T5280] veth1: entered promiscuous mode [ 2682.133199][ T5280] veth1: entered allmulticast mode [ 2682.197643][ T5280] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 2720.257133][ T5288] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.276'. [ 2769.319600][ T5327] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.281'. [ 2774.730204][ T4665] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2774.912889][ T4665] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2774.998673][ T4665] bond0 (unregistering): Released all slaves [ 2778.009341][ T4665] hsr_slave_0: left promiscuous mode [ 2778.119832][ T4665] hsr_slave_1: left promiscuous mode [ 2817.969812][ T5351] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.285'. [ 2891.691114][ T5296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2891.943774][ T5296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2897.673225][ T5515] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.289'. [ 2908.658398][ T5524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2908.813661][ T5524] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2953.754992][ T5296] hsr_slave_0: entered promiscuous mode [ 2953.935311][ T5296] hsr_slave_1: entered promiscuous mode [ 2997.069967][ T5296] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2998.150399][ T5296] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2999.003881][ T5296] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2999.962504][ T5296] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 3020.330270][ T5685] netlink: 28 bytes leftover after parsing attributes in process `syz.2.294'. [ 3020.332846][ T5685] netlink: 28 bytes leftover after parsing attributes in process `syz.2.294'. [ 3057.022599][ T5296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3143.345483][ T5727] [ 3143.346348][ T5727] ====================================================== [ 3143.346921][ T5727] WARNING: possible circular locking dependency detected [ 3143.347888][ T5727] syzkaller #0 Not tainted [ 3143.349124][ T5727] ------------------------------------------------------ [ 3143.350186][ T5727] syz.2.299/5727 is trying to acquire lock: [ 3143.351310][ T5727] ffffffff88780f08 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x20a/0x2204 [ 3143.354712][ T5727] [ 3143.354712][ T5727] but task is already holding lock: [ 3143.355395][ T5727] ffffaf801aa9d5e0 (&q->q_usage_counter(io)#19){++++}-{0:0}, at: blk_mq_update_nr_hw_queues+0x7c0/0x11e4 [ 3143.357220][ T5727] [ 3143.357220][ T5727] which lock already depends on the new lock. [ 3143.357220][ T5727] [ 3143.358160][ T5727] [ 3143.358160][ T5727] the existing dependency chain (in reverse order) is: [ 3143.358842][ T5727] [ 3143.358842][ T5727] -> #2 (&q->q_usage_counter(io)#19){++++}-{0:0}: [ 3143.360324][ T5727] lock_acquire+0x1d2/0x44c [ 3143.361188][ T5727] blk_alloc_queue+0x5b4/0x6c0 [ 3143.362311][ T5727] blk_mq_alloc_queue+0x15e/0x250 [ 3143.363056][ T5727] __blk_mq_alloc_disk+0x2a/0xd8 [ 3143.363778][ T5727] nbd_dev_add+0x426/0xaec [ 3143.364446][ T5727] nbd_init+0x3d4/0x3f8 [ 3143.365160][ T5727] do_one_initcall+0x194/0xaa0 [ 3143.366035][ T5727] kernel_init_freeable+0x6ca/0x78c [ 3143.366891][ T5727] kernel_init+0x28/0x240 [ 3143.367650][ T5727] ret_from_fork_kernel+0x2a/0xbbc [ 3143.368499][ T5727] ret_from_fork_kernel_asm+0x16/0x18 [ 3143.369523][ T5727] [ 3143.369523][ T5727] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 3143.370948][ T5727] lock_acquire+0x1d2/0x44c [ 3143.371768][ T5727] fs_reclaim_acquire+0xc6/0x100 [ 3143.372629][ T5727] prepare_alloc_pages+0x146/0x51c [ 3143.373554][ T5727] __alloc_frozen_pages_noprof+0x158/0x20c8 [ 3143.377430][ T5727] __alloc_pages_noprof+0xe/0x138 [ 3143.379069][ T5727] pcpu_populate_chunk+0x16c/0xd00 [ 3143.380485][ T5727] pcpu_alloc_noprof+0x50e/0x2204 [ 3143.381804][ T5727] xt_percpu_counter_alloc+0x138/0x194 [ 3143.383194][ T5727] find_check_entry.isra.0+0xe8/0x880 [ 3143.384395][ T5727] translate_table+0xb0c/0x142c [ 3143.385751][ T5727] ip6t_register_table+0x11a/0x3f8 [ 3143.386974][ T5727] ip6table_security_table_init+0x46/0x70 [ 3143.388287][ T5727] xt_find_table_lock+0x294/0x4c0 [ 3143.389548][ T5727] xt_request_find_table_lock+0x28/0xfc [ 3143.391050][ T5727] get_info+0x164/0x52c [ 3143.392164][ T5727] do_ip6t_get_ctl+0x16a/0x900 [ 3143.393241][ T5727] nf_getsockopt+0x6e/0xd4 [ 3143.394504][ T5727] ipv6_getsockopt+0x412/0x954 [ 3143.395861][ T5727] tcp_getsockopt+0x84/0xd8 [ 3143.397018][ T5727] sock_common_getsockopt+0x86/0xb8 [ 3143.398250][ T5727] do_sock_getsockopt+0x34e/0x5d4 [ 3143.399514][ T5727] __sys_getsockopt+0xd6/0x170 [ 3143.400798][ T5727] __riscv_sys_getsockopt+0xa6/0x114 [ 3143.402195][ T5727] syscall_handler+0x92/0x114 [ 3143.403373][ T5727] do_trap_ecall_u+0x3d2/0x58c [ 3143.404658][ T5727] handle_exception+0x15e/0x16a [ 3143.406276][ T5727] [ 3143.406276][ T5727] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 3143.408384][ T5727] check_noncircular+0x138/0x14c [ 3143.409480][ T5727] __lock_acquire+0xe9c/0x25ac [ 3143.410599][ T5727] lock_acquire+0x1d2/0x44c [ 3143.411647][ T5727] __mutex_lock+0x164/0x1890 [ 3143.412777][ T5727] _mutex_lock_killable+0x16/0x20 [ 3143.413993][ T5727] pcpu_alloc_noprof+0x20a/0x2204 [ 3143.415271][ T5727] sbitmap_init_node+0x298/0x748 [ 3143.416436][ T5727] sbitmap_queue_init_node+0x3a/0x3fc [ 3143.417614][ T5727] blk_mq_init_tags+0x15a/0x2d8 [ 3143.418949][ T5727] blk_mq_alloc_map_and_rqs+0x1d2/0xda8 [ 3143.420235][ T5727] blk_mq_update_nr_hw_queues+0xa4a/0x11e4 [ 3143.421509][ T5727] nbd_start_device+0x156/0xb74 [ 3143.422715][ T5727] nbd_genl_connect+0xe74/0x1a4c [ 3143.423876][ T5727] genl_family_rcv_msg_doit+0x1f6/0x2d8 [ 3143.425245][ T5727] genl_rcv_msg+0x4b2/0x73c [ 3143.426494][ T5727] netlink_rcv_skb+0x1e8/0x394 [ 3143.427748][ T5727] genl_rcv+0x32/0x4c [ 3143.428936][ T5727] netlink_unicast+0x50c/0x7d8 [ 3143.430240][ T5727] netlink_sendmsg+0x7e0/0xd64 [ 3143.431445][ T5727] __sock_sendmsg+0xca/0x160 [ 3143.432640][ T5727] ____sys_sendmsg+0x636/0x794 [ 3143.433911][ T5727] ___sys_sendmsg+0x1a4/0x1e8 [ 3143.435135][ T5727] __sys_sendmsg+0x18e/0x234 [ 3143.436436][ T5727] __riscv_sys_sendmsg+0x70/0xa4 [ 3143.437794][ T5727] syscall_handler+0x92/0x114 [ 3143.439060][ T5727] do_trap_ecall_u+0x3d2/0x58c [ 3143.440358][ T5727] handle_exception+0x15e/0x16a [ 3143.441798][ T5727] [ 3143.441798][ T5727] other info that might help us debug this: [ 3143.441798][ T5727] [ 3143.442945][ T5727] Chain exists of: [ 3143.442945][ T5727] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#19 [ 3143.442945][ T5727] [ 3143.446466][ T5727] Possible unsafe locking scenario: [ 3143.446466][ T5727] [ 3143.447360][ T5727] CPU0 CPU1 [ 3143.448235][ T5727] ---- ---- [ 3143.449022][ T5727] lock(&q->q_usage_counter(io)#19); [ 3143.450547][ T5727] lock(fs_reclaim); [ 3143.451827][ T5727] lock(&q->q_usage_counter(io)#19); [ 3143.453471][ T5727] lock(pcpu_alloc_mutex); [ 3143.454670][ T5727] [ 3143.454670][ T5727] *** DEADLOCK *** [ 3143.454670][ T5727] [ 3143.455912][ T5727] 6 locks held by syz.2.299/5727: [ 3143.456876][ T5727] #0: ffffffff89c01ed0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x24/0x4c [ 3143.459861][ T5727] #1: ffffffff89c01dc8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x4d2/0x73c [ 3143.462734][ T5727] #2: ffffaf801a7e29d0 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x9e/0x11e4 [ 3143.465598][ T5727] #3: ffffaf801a7e28d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xb2/0x11e4 [ 3143.468508][ T5727] #4: ffffaf801aa9d5e0 (&q->q_usage_counter(io)#19){++++}-{0:0}, at: blk_mq_update_nr_hw_queues+0x7c0/0x11e4 [ 3143.471592][ T5727] #5: ffffaf801aa9d618 (&q->q_usage_counter(queue)#3){+.+.}-{0:0}, at: blk_mq_update_nr_hw_queues+0x7c0/0x11e4 [ 3143.475029][ T5727] [ 3143.475029][ T5727] stack backtrace: [ 3143.476591][ T5727] CPU: 1 UID: 0 PID: 5727 Comm: syz.2.299 Not tainted syzkaller #0 PREEMPT [ 3143.477294][ T5727] Hardware name: riscv-virtio,qemu (DT) [ 3143.477953][ T5727] Call Trace: [ 3143.478333][ T5727] [] dump_backtrace+0x2e/0x3c [ 3143.479032][ T5727] [] show_stack+0x30/0x3c [ 3143.479547][ T5727] [] dump_stack_lvl+0x114/0x1ac [ 3143.480308][ T5727] [] dump_stack+0x1c/0x28 [ 3143.481029][ T5727] [] print_circular_bug+0x250/0x29c [ 3143.481554][ T5727] [] check_noncircular+0x138/0x14c [ 3143.482103][ T5727] [] __lock_acquire+0xe9c/0x25ac [ 3143.482628][ T5727] [] lock_acquire+0x1d2/0x44c [ 3143.483160][ T5727] [] __mutex_lock+0x164/0x1890 [ 3143.483851][ T5727] [] _mutex_lock_killable+0x16/0x20 [ 3143.484480][ T5727] [] pcpu_alloc_noprof+0x20a/0x2204 [ 3143.485222][ T5727] [] sbitmap_init_node+0x298/0x748 [ 3143.485890][ T5727] [] sbitmap_queue_init_node+0x3a/0x3fc [ 3143.486497][ T5727] [] blk_mq_init_tags+0x15a/0x2d8 [ 3143.487181][ T5727] [] blk_mq_alloc_map_and_rqs+0x1d2/0xda8 [ 3143.487867][ T5727] [] blk_mq_update_nr_hw_queues+0xa4a/0x11e4 [ 3143.488580][ T5727] [] nbd_start_device+0x156/0xb74 [ 3143.489347][ T5727] [] nbd_genl_connect+0xe74/0x1a4c [ 3143.490034][ T5727] [] genl_family_rcv_msg_doit+0x1f6/0x2d8 [ 3143.490793][ T5727] [] genl_rcv_msg+0x4b2/0x73c [ 3143.491538][ T5727] [] netlink_rcv_skb+0x1e8/0x394 [ 3143.492260][ T5727] [] genl_rcv+0x32/0x4c [ 3143.492934][ T5727] [] netlink_unicast+0x50c/0x7d8 [ 3143.493631][ T5727] [] netlink_sendmsg+0x7e0/0xd64 [ 3143.494678][ T5727] [] __sock_sendmsg+0xca/0x160 [ 3143.495415][ T5727] [] ____sys_sendmsg+0x636/0x794 [ 3143.496108][ T5727] [] ___sys_sendmsg+0x1a4/0x1e8 [ 3143.496812][ T5727] [] __sys_sendmsg+0x18e/0x234 [ 3143.497567][ T5727] [] __riscv_sys_sendmsg+0x70/0xa4 [ 3143.498425][ T5727] [] syscall_handler+0x92/0x114 [ 3143.499057][ T5727] [] do_trap_ecall_u+0x3d2/0x58c [ 3143.499807][ T5727] [] handle_exception+0x15e/0x16a SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 3145.826668][ T51] block nbd0: Receive control failed (result -32) [ 3145.872042][ T5732] block nbd0: Receive control failed (result -32) [ 3145.880406][ T5732] block nbd0: Receive control failed (result -32) [ 3145.948729][ T5727] nbd0: detected capacity change from 0 to 63