last executing test programs: 41.865893906s ago: executing program 1 (id=1424): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x2) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x1, @private1, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x16149d21ea575b32, 0x0, 0x0, 0xfffe}}}}}}}, 0x0) 41.568896733s ago: executing program 0 (id=1425): socket$vsock_stream(0x28, 0x1, 0x0) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f00000065c0)={0x0, 0x0, &(0x7f0000006580)={&(0x7f0000000300)=ANY=[@ANYBLOB="2800000014001102000000000000000028001100fa"], 0x28}}, 0x0) recvmsg(r0, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x10020) 35.165871406s ago: executing program 0 (id=1426): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmsg$inet_nvme(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x142) 34.163748843s ago: executing program 1 (id=1427): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x4, 0x8}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0x5}]}}]}, 0x40}}, 0x20008800) 25.846010515s ago: executing program 1 (id=1428): r0 = memfd_secret(0x80000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0x27}, 0x1c) 25.845716625s ago: executing program 0 (id=1429): gettid() timer_create(0x0, 0x0, &(0x7f0000000200)=0x0) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000080)) 18.915894408s ago: executing program 0 (id=1430): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg$inet(r0, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="e6", 0x1}], 0x1}}], 0x1, 0x24040890) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4) 18.915342168s ago: executing program 1 (id=1431): ioprio_set$uid(0x3, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x200}, 0x0) r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000180)=' ', 0x1) 8.629300691s ago: executing program 0 (id=1432): r0 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r1, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000340)={r2, 0x0, 0x0, 0x0, 0x1, [], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]}) 8.628989951s ago: executing program 1 (id=1433): r0 = add_key$keyring(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r0, 0xee01, 0xee01) keyctl$setperm(0x5, r0, 0x14210927) keyctl$describe(0x6, r0, 0x0, 0x0) 2.483003929s ago: executing program 1 (id=1434): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newtfilter={0x44, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xb, 0xfff3}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x1}, @TCA_FLOW_XOR={0x8, 0x7, 0x4000000}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0) 0s ago: executing program 0 (id=1435): syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x4200) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000100), r0) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)={0x1c, r1, 0x901, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x80c0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:13839' (ED25519) to the list of known hosts. syzkaller login: [ 568.521386][ T3218] cgroup: Unknown subsys name 'net' [ 569.383361][ T3218] cgroup: Unknown subsys name 'cpuset' [ 569.593179][ T3218] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 665.996877][ T3218] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 835.211719][ T3226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 835.352981][ T3226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 838.178943][ T3225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 838.372374][ T3225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 853.081877][ T3226] hsr_slave_0: entered promiscuous mode [ 853.169746][ T3226] hsr_slave_1: entered promiscuous mode [ 855.872802][ T3225] hsr_slave_0: entered promiscuous mode [ 855.953553][ T3225] hsr_slave_1: entered promiscuous mode [ 855.992693][ T3225] debugfs: 'hsr0' already exists in 'hsr' [ 856.000921][ T3225] Cannot create hsr debugfs directory [ 867.434661][ T3226] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 867.824717][ T3226] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 868.144913][ T3226] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 868.640678][ T3226] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 870.799820][ T3225] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 870.889451][ T3225] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 870.987749][ T3225] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 871.123119][ T3225] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 890.431341][ T3226] 8021q: adding VLAN 0 to HW filter on device bond0 [ 891.011874][ T3225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 955.880028][ T3226] veth0_vlan: entered promiscuous mode [ 957.367593][ T3226] veth1_vlan: entered promiscuous mode [ 958.079017][ T3225] veth0_vlan: entered promiscuous mode [ 959.052227][ T3225] veth1_vlan: entered promiscuous mode [ 962.293016][ T3226] veth0_macvtap: entered promiscuous mode [ 962.493802][ T3225] veth0_macvtap: entered promiscuous mode [ 962.844713][ T3226] veth1_macvtap: entered promiscuous mode [ 963.079679][ T3225] veth1_macvtap: entered promiscuous mode [ 966.849603][ T2673] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 966.934856][ T2673] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.033562][ T2673] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.046612][ T2673] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.098332][ T3304] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.101439][ T3304] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.104202][ T3304] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 967.248447][ T3304] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 973.123221][ T3226] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 991.234665][ T3848] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3'. [ 992.933238][ T3850] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1012.543618][ T3840] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 1012.552579][ T3840] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 1012.554460][ T3840] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 1012.560939][ T3840] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 1012.562715][ T3840] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 1012.564239][ T3840] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 1012.582258][ T3840] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 1012.584200][ T3840] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 1012.619118][ T3840] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 1012.621067][ T3840] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0 [ 1012.809208][ T3840] hid-generic 0006:0004:0009.0001: hidraw0: VIRTUAL HID v0.8e Device [syz1] on syz0 [ 1027.713494][ T3884] capability: warning: `syz.0.17' uses 32-bit capabilities (legacy support in use) [ 1080.236310][ T3908] netlink: 332 bytes leftover after parsing attributes in process `syz.0.28'. [ 1097.837824][ T3921] batadv_slave_0: entered allmulticast mode [ 1154.533531][ T3955] mmap: syz.1.47 (3955) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 1159.434199][ T3959] capability: warning: `syz.1.49' uses deprecated v2 capabilities in a way that may be insecure [ 1224.897751][ T4003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.69'. [ 1262.795015][ T4028] smc: net device bond0 applied user defined pnetid SYZ0 [ 1282.323483][ T31] audit: type=1326 audit(1280.860:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4037 comm="syz.0.86" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff9d7332c6 code=0x7fc00000 [ 1299.339823][ T4055] ======================================================= [ 1299.339823][ T4055] WARNING: The mand mount option has been deprecated and [ 1299.339823][ T4055] and is ignored by this kernel. Remove the mand [ 1299.339823][ T4055] option from the mount to silence this warning. [ 1299.339823][ T4055] ======================================================= [ 1305.020748][ T4057] devtmpfs: Cannot disable swap on remount [ 1377.894138][ T4101] Driver unsupported XDP return value 0 on prog (id 13) dev N/A, expect packet loss! [ 1416.230223][ T4117] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1420.272563][ T20] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1420.298971][ T20] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1420.301022][ T20] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1420.303113][ T20] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1420.311034][ T4119] Zero length message leads to an empty skb [ 1495.924852][ T9] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 1496.370525][ T9] usb 2-1: config index 0 descriptor too short (expected 6427, got 27) [ 1496.373636][ T9] usb 2-1: config 0 has an invalid interface number: 21 but max is 0 [ 1496.381560][ T9] usb 2-1: config 0 has no interface number 0 [ 1496.384274][ T9] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 1496.388736][ T9] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1496.392033][ T9] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 1496.394054][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1496.664220][ T9] usb 2-1: config 0 descriptor?? [ 1500.840536][ T9] usb 2-1: USB disconnect, device number 2 [ 1515.074811][ T4185] process 'syz.1.144' launched '/dev/fd/3' with NULL argv: empty string added [ 1555.244023][ T4210] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1558.940585][ T4212] binder: 4211:4212 ioctl c00c620f 200000000980 returned -22 [ 1592.625675][ C1] hrtimer: interrupt took 10801100 ns [ 1610.450946][ T31] audit: type=1326 audit(1608.990:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4246 comm=297D5922 exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffbab332c6 code=0x7ffc0000 [ 1610.548829][ T31] audit: type=1326 audit(1609.140:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4246 comm=297D5922 exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffbab332c6 code=0x7ffc0000 [ 1610.592706][ T31] audit: type=1326 audit(1609.200:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4246 comm="syz.1.172" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffbab332c6 code=0x7ffc0000 [ 1610.693170][ T31] audit: type=1326 audit(1609.300:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4246 comm="syz.1.172" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffbab332c6 code=0x7ffc0000 [ 1610.722059][ T31] audit: type=1326 audit(1609.230:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4246 comm=297D5922 exe="/syz-executor" sig=0 arch=c00000f3 syscall=178 compat=0 ip=0x7fffbab332c6 code=0x7ffc0000 [ 1610.753513][ T31] audit: type=1326 audit(1609.330:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4246 comm=297D5922 exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffbab332c6 code=0x7ffc0000 [ 1610.820805][ T31] audit: type=1326 audit(1609.380:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4246 comm=297D5922 exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffbab332c6 code=0x7ffc0000 [ 1611.002160][ T31] audit: type=1326 audit(1609.450:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4246 comm="syz.1.172" exe="/syz-executor" sig=0 arch=c00000f3 syscall=436 compat=0 ip=0x7fffbab332c6 code=0x7ffc0000 [ 1611.021344][ T31] audit: type=1326 audit(1609.610:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4246 comm="syz.1.172" exe="/syz-executor" sig=0 arch=c00000f3 syscall=94 compat=0 ip=0x7fffbab332c6 code=0x7ffc0000 [ 1616.429795][ T4249] gretap0: entered promiscuous mode [ 1651.803167][ T4274] ۜ}JX: renamed from lo (while UP) [ 1745.223604][ T4348] sch_tbf: burst 0 is lower than device macvtap0 mtu (1514) ! [ 1751.048184][ T4353] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.211'. [ 1760.595013][ T4360] netlink: 48 bytes leftover after parsing attributes in process `syz.1.215'. [ 1770.043880][ T4368] netlink: 1084 bytes leftover after parsing attributes in process `syz.0.218'. [ 1796.490690][ T4386] netlink: 16 bytes leftover after parsing attributes in process `syz.1.225'. [ 1883.982195][ T4447] random: crng reseeded on system resumption [ 1892.760082][ T4452] netlink: 8 bytes leftover after parsing attributes in process `syz.0.254'. [ 1909.030249][ T4464] netlink: 19 bytes leftover after parsing attributes in process `syz.0.260'. [ 1921.279614][ T4474] netlink: 36 bytes leftover after parsing attributes in process `syz.1.264'. [ 1931.468951][ T4481] netlink: 8 bytes leftover after parsing attributes in process `syz.1.268'. [ 1932.141214][ T4481] netlink: 8 bytes leftover after parsing attributes in process `syz.1.268'. [ 1951.680772][ T4496] netlink: 8 bytes leftover after parsing attributes in process `syz.0.273'. [ 1970.633934][ T4506] netlink: 8 bytes leftover after parsing attributes in process `syz.0.278'. [ 2008.291776][ T4528] netlink: 56 bytes leftover after parsing attributes in process `syz.1.289'. [ 2008.294252][ T4528] netlink: 96 bytes leftover after parsing attributes in process `syz.1.289'. [ 2076.425137][ T4573] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 2096.293765][ T4589] netlink: 28 bytes leftover after parsing attributes in process `syz.1.318'. [ 2105.543240][ T4597] netlink: 4 bytes leftover after parsing attributes in process `syz.1.322'. [ 2110.143907][ T4601] random: crng reseeded on system resumption [ 2120.533751][ T4608] netlink: 'syz.1.327': attribute type 4 has an invalid length. [ 2121.224997][ T4609] netlink: 'syz.1.327': attribute type 4 has an invalid length. [ 2145.352904][ T4626] netlink: 'syz.0.334': attribute type 4 has an invalid length. [ 2146.339737][ T4627] netlink: 'syz.0.334': attribute type 4 has an invalid length. [ 2234.684721][ T4694] loop1: detected capacity change from 0 to 7 [ 2235.142683][ C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2235.151532][ C1] Buffer I/O error on dev loop1, logical block 0, async page read [ 2235.256950][ C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 2235.262488][ C1] Buffer I/O error on dev loop1, logical block 0, async page read [ 2235.338324][ T4694] loop1: unable to read partition table [ 2235.392202][ T4694] loop_reread_partitions: partition scan of loop1 (Cj̖P=ý?}X %֐ȵ4FLQk݊5) failed (rc=-5) [ 2295.002333][ T4733] netlink: 'syz.1.377': attribute type 22 has an invalid length. [ 2323.624239][ T4751] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? [ 2441.437500][ T4827] netlink: 16 bytes leftover after parsing attributes in process `syz.1.420'. [ 2482.460235][ T4854] netlink: 32 bytes leftover after parsing attributes in process `syz.1.434'. [ 2518.780424][ T4877] netlink: 36 bytes leftover after parsing attributes in process `syz.0.445'. [ 2521.391582][ T4879] faux_driver vgem: [drm] Unknown color mode 9; guessing buffer size. [ 2535.073362][ T4889] netlink: 40 bytes leftover after parsing attributes in process `syz.0.451'. [ 2558.830416][ T4901] netlink: 8 bytes leftover after parsing attributes in process `syz.1.457'. [ 2595.217506][ T4924] hugetlbfs: Bad value '' for mount option 'size' [ 2595.217506][ T4924] [ 2639.037405][ T4954] syz.1.478 (4954): /proc/4953/oom_adj is deprecated, please use /proc/4953/oom_score_adj instead. [ 2681.610299][ T4983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.489'. [ 2681.612387][ T4983] netlink: 12 bytes leftover after parsing attributes in process `syz.1.489'. [ 2683.468047][ T4952] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 2683.471792][ T4952] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 2683.516871][ T4952] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 2683.519772][ T4952] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 2727.060555][ T3225] block device autoloading is deprecated and will be removed. [ 2945.734297][ T5172] netlink: 16 bytes leftover after parsing attributes in process `syz.0.566'. [ 2977.030802][ T5191] random: crng reseeded on system resumption [ 3024.130800][ T5224] comedi: No check for data length of config insn id 6 is implemented [ 3024.133000][ T5224] comedi: Add a check to check_insn_config_length in drivers/comedi/comedi_fops.c [ 3024.134845][ T5224] comedi: Assuming n=419 is correct [ 3057.697575][ T5248] netlink: 4 bytes leftover after parsing attributes in process `syz.0.601'. [ 3101.304837][ T5280] netlink: 24 bytes leftover after parsing attributes in process `syz.0.614'. [ 3105.784871][ T5283] xt_hashlimit: size too large, truncated to 1048576 [ 3180.794468][ T5327] netlink: 12 bytes leftover after parsing attributes in process `syz.1.634'. [ 3183.874832][ T3225] block device autoloading is deprecated and will be removed. [ 3196.973011][ T5334] [U] R5JCҰ~V6|7KXVZZGR [ 3202.170701][ T31] audit: type=1326 audit(3200.710:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5338 comm="syz.1.640" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fffbab332c6 code=0x0 [ 3270.843385][ T5395] netlink: 72 bytes leftover after parsing attributes in process `syz.1.659'. [ 3447.061827][ T5515] netlink: 8 bytes leftover after parsing attributes in process `syz.0.710'. [ 3479.331504][ T5529] netlink: 12 bytes leftover after parsing attributes in process `syz.1.717'. [ 3528.299689][ T5550] sch_tbf: burst 0 is lower than device veth1 mtu (1514) ! [ 3607.611895][ T5596] random: crng reseeded on system resumption [ 3691.118304][ T5643] netlink: 'syz.0.768': attribute type 1 has an invalid length. [ 3817.859533][ T5704] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 3817.862705][ T5704] IPv6: NLM_F_CREATE should be set when creating new route [ 3870.370983][ T5739] netlink: 32 bytes leftover after parsing attributes in process `syz.0.810'. [ 3876.927477][ T5743] bond0: option all_slaves_active: invalid value (7) [ 3928.191376][ T5776] binder: 5774:5776 ioctl c018620b 2000000000c0 returned -14 [ 3940.303044][ T5785] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 3951.713881][ T5796] input: syz1 as /devices/virtual/input/input1 [ 3964.113248][ T5809] input: syz0 as /devices/virtual/input/input2 [ 3977.764230][ T5823] macvlan1: entered promiscuous mode [ 3977.766719][ T5823] macvlan1: entered allmulticast mode [ 3979.141171][ T5823] veth1_vlan: entered allmulticast mode [ 4012.189938][ T5841] netlink: 16 bytes leftover after parsing attributes in process `syz.0.848'. [ 4030.230659][ T5856] netlink: 8 bytes leftover after parsing attributes in process `syz.1.855'. [ 4102.270756][ T5902] input: syz1 as /devices/virtual/input/input3 [ 4119.740895][ T31] audit: type=1326 audit(4118.260:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.1.877" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffbab332c6 code=0x7ffc0000 [ 4119.871433][ T31] audit: type=1326 audit(4118.410:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.1.877" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffbab332c6 code=0x7ffc0000 [ 4120.702045][ T31] audit: type=1326 audit(4119.300:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.1.877" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0x7fffbab332c6 code=0x7ffc0000 [ 4120.814848][ T31] audit: type=1326 audit(4119.420:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.1.877" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffbab332c6 code=0x7ffc0000 [ 4120.978312][ T31] audit: type=1326 audit(4119.480:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.1.877" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffbab332c6 code=0x7ffc0000 [ 4121.076801][ T31] audit: type=1326 audit(4119.670:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.1.877" exe="/syz-executor" sig=0 arch=c00000f3 syscall=277 compat=0 ip=0x7fffbab332c6 code=0x7ffc0000 [ 4121.163799][ T31] audit: type=1326 audit(4119.770:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.1.877" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffbab332c6 code=0x50000 [ 4121.218124][ T31] audit: type=1326 audit(4119.790:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.1.877" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffbab332c6 code=0x50000 [ 4121.267551][ T31] audit: type=1326 audit(4119.850:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.1.877" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffbab332c6 code=0x50000 [ 4121.299582][ T31] audit: type=1326 audit(4119.900:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.1.877" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffbab332c6 code=0x50000 [ 4157.192513][ T5935] netlink: 8 bytes leftover after parsing attributes in process `syz.1.885'. [ 4157.232260][ T5935] netlink: 4 bytes leftover after parsing attributes in process `syz.1.885'. [ 4157.238990][ T5935] netlink: 'syz.1.885': attribute type 19 has an invalid length. [ 4157.259570][ T5935] netlink: 'syz.1.885': attribute type 20 has an invalid length. [ 4157.611940][ T5935] netlink: 8 bytes leftover after parsing attributes in process `syz.1.885'. [ 4157.624218][ T5935] netlink: 4 bytes leftover after parsing attributes in process `syz.1.885'. [ 4157.638880][ T5935] netlink: 'syz.1.885': attribute type 19 has an invalid length. [ 4157.639944][ T5935] netlink: 'syz.1.885': attribute type 20 has an invalid length. [ 4257.442019][ T6005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.914'. [ 4272.072600][ T6016] veth0: entered promiscuous mode [ 4272.104892][ T6016] veth0: left promiscuous mode [ 4294.624443][ T6035] block nbd0: Unsupported socket: should be TCP or UNIX. [ 4314.343202][ T6057] block nbd0: NBD_DISCONNECT [ 4314.400165][ T6057] block nbd0: Send disconnect failed -32 [ 4314.614628][ T6056] block nbd0: Disconnected due to user request. [ 4314.629767][ T6056] block nbd0: shutting down sockets [ 4353.719579][ T6083] block nbd0: server does not support multiple connections per device. [ 4353.753744][ T6083] block nbd0: shutting down sockets [ 4527.524785][ T6198] netlink: 'syz.1.982': attribute type 14 has an invalid length. [ 4536.478543][ T6205] batadv_slave_1: entered promiscuous mode [ 4536.599572][ T6205] batadv_slave_1: left promiscuous mode [ 4568.560391][ T6225] pimreg: entered allmulticast mode [ 4606.481303][ T6253] input: syz1 as /devices/virtual/input/input4 [ 4628.664026][ T6275] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 4628.664026][ T6275] The task syz.0.1010 (6275) triggered the difference, watch for misbehavior. [ 4633.051702][ T6277] netlink: 27 bytes leftover after parsing attributes in process `syz.1.1012'. [ 4655.613612][ T6292] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1019'. [ 4655.641298][ T6292] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1019'. [ 4669.098993][ T6299] input: syz0 as /devices/virtual/input/input5 [ 4692.608147][ T6314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1027'. [ 4699.259852][ T6318] netlink: 'syz.0.1029': attribute type 9 has an invalid length. [ 4768.332818][ T6358] A link change request failed with some changes committed already. Interface veth0_to_bridge may have been left with an inconsistent configuration, please check. [ 4777.840637][ T6365] erspan0: entered promiscuous mode [ 4781.822959][ T6368] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 4917.560142][ T6461] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 4949.192591][ T6486] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1097'. [ 5009.815126][ T6520] binder: 6519:6520 ioctl c018620c 200000000000 returned -1 [ 5215.863132][ T6632] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1157'. [ 5215.958073][ T6632] veth1_macvtap: left promiscuous mode [ 5244.721062][ T6648] input: syz0 as /devices/virtual/input/input6 [ 5349.873318][ T6722] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1179'. [ 5366.101258][ T6731] ubi31: attaching mtd0 [ 5370.731496][ T6733] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1184'. [ 5372.323452][ T6735] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1185'. [ 5386.899021][ T6746] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1189'. [ 5386.901841][ T6746] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1189'. [ 5403.337814][ T6754] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1193'. [ 5403.721370][ T6754] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1193'. [ 5743.560217][ T6977] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1289'. [ 5754.803625][ T6987] netlink: 71 bytes leftover after parsing attributes in process `syz.1.1292'. [ 5779.264729][ T7002] input: syz0 as /devices/virtual/input/input7 [ 5801.919303][ T7024] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1308'. [ 5850.448130][ T7065] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1324'. [ 5904.551737][ T7099] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1337'. [ 5917.172836][ T7110] syz.1.1342 uses obsolete (PF_INET,SOCK_PACKET) [ 5971.612572][ T7145] loop0: Can't mount, would change RO state [ 5978.568104][ T7151] ptrace attach of "/syz-executor exec"[3226] was attempted by "/syz-executor exec"[7151] [ 5985.289931][ T7153] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1359'. [ 5988.534626][ T7153] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1359'. [ 5994.534148][ T7153] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1359'. [ 5995.449478][ T7161] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1361'. [ 5995.471776][ T7161] netlink: 'syz.1.1361': attribute type 29 has an invalid length. [ 5995.473539][ T7161] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1361'. [ 6022.288930][ T864] block nbd0: Receive control failed (result -32) [ 6022.311547][ T864] block nbd0: Receive control failed (result -32) [ 6022.330676][ T7172] nbd0: detected capacity change from 0 to 63 [ 6316.470734][ T7340] [ 6316.471917][ T7340] ====================================================== [ 6316.472819][ T7340] WARNING: possible circular locking dependency detected [ 6316.474977][ T7340] syzkaller #0 Tainted: G L [ 6316.475992][ T7340] ------------------------------------------------------ [ 6316.476846][ T7340] syz.0.1435/7340 is trying to acquire lock: [ 6316.477782][ T7340] ffffaf80201ba070 (&nsock->tx_lock){+.+.}-{4:4}, at: nbd_queue_rq+0x372/0xe44 [ 6316.481094][ T7340] [ 6316.481094][ T7340] but task is already holding lock: [ 6316.481979][ T7340] ffffaf803c980180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 6316.484290][ T7340] [ 6316.484290][ T7340] which lock already depends on the new lock. [ 6316.484290][ T7340] [ 6316.485565][ T7340] [ 6316.485565][ T7340] the existing dependency chain (in reverse order) is: [ 6316.486744][ T7340] [ 6316.486744][ T7340] -> #6 (&cmd->lock){+.+.}-{4:4}: [ 6316.488649][ T7340] lock_acquire+0x24a/0x504 [ 6316.489854][ T7340] __mutex_lock+0x164/0x1890 [ 6316.491311][ T7340] mutex_lock_nested+0x14/0x1c [ 6316.492739][ T7340] nbd_queue_rq+0xc4/0xe44 [ 6316.493739][ T7340] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 6316.496014][ T7340] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 6316.497823][ T7340] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 6316.499233][ T7340] blk_mq_run_hw_queue+0x274/0x6ec [ 6316.500391][ T7340] blk_mq_dispatch_list+0x53e/0x1430 [ 6316.501635][ T7340] blk_mq_flush_plug_list+0x114/0x55c [ 6316.503089][ T7340] __blk_flush_plug+0x270/0x464 [ 6316.504281][ T7340] __submit_bio+0x42e/0x504 [ 6316.505460][ T7340] submit_bio_noacct_nocheck+0x458/0xdf4 [ 6316.506653][ T7340] submit_bio_noacct+0x6fe/0x2170 [ 6316.507779][ T7340] submit_bio+0xb6/0x5b8 [ 6316.508866][ T7340] submit_bh_wbc+0x428/0x5c0 [ 6316.509982][ T7340] block_read_full_folio+0x396/0x788 [ 6316.511339][ T7340] blkdev_read_folio+0x26/0x30 [ 6316.512420][ T7340] filemap_read_folio+0xc2/0x270 [ 6316.513907][ T7340] do_read_cache_folio+0x22e/0x518 [ 6316.515151][ T7340] read_cache_folio+0x4e/0x68 [ 6316.516367][ T7340] read_part_sector+0xbc/0x408 [ 6316.517447][ T7340] read_lba+0x1b6/0x32c [ 6316.518526][ T7340] find_valid_gpt.constprop.0+0x212/0x21ec [ 6316.519715][ T7340] efi_partition+0xfe/0x9e0 [ 6316.520871][ T7340] bdev_disk_changed+0x5a0/0x1180 [ 6316.521990][ T7340] blkdev_get_whole+0x168/0x25c [ 6316.523122][ T7340] bdev_open+0x288/0xcc4 [ 6316.524467][ T7340] blkdev_open+0x2ec/0x454 [ 6316.525673][ T7340] do_dentry_open+0x418/0x1170 [ 6316.526780][ T7340] vfs_open+0xba/0x3a8 [ 6316.527754][ T7340] path_openat+0x144e/0x2f28 [ 6316.529091][ T7340] do_file_open+0x1ae/0x398 [ 6316.530443][ T7340] do_sys_openat2+0xfe/0x1c0 [ 6316.531560][ T7340] __riscv_sys_openat+0x122/0x1e4 [ 6316.532631][ T7340] syscall_handler+0x92/0x114 [ 6316.533742][ T7340] do_trap_ecall_u+0x402/0x680 [ 6316.535122][ T7340] handle_exception+0x15e/0x16a [ 6316.536566][ T7340] [ 6316.536566][ T7340] -> #5 (set->srcu){.+.+}-{0:0}: [ 6316.538797][ T7340] lock_sync+0xea/0x1cc [ 6316.540040][ T7340] __synchronize_srcu+0xd4/0x24c [ 6316.541385][ T7340] synchronize_srcu+0x14c/0x3fc [ 6316.542949][ T7340] blk_mq_quiesce_queue+0x124/0x194 [ 6316.544178][ T7340] elevator_switch+0x16a/0x4e4 [ 6316.545805][ T7340] elevator_change+0x2f4/0x4ac [ 6316.547300][ T7340] elevator_set_default+0x280/0x370 [ 6316.548672][ T7340] blk_register_queue+0x3a8/0x50c [ 6316.549894][ T7340] __add_disk+0x69a/0xda4 [ 6316.551099][ T7340] add_disk_fwnode+0xe8/0x48c [ 6316.552119][ T7340] device_add_disk+0x28/0x38 [ 6316.553118][ T7340] nbd_dev_add+0x692/0xaec [ 6316.554539][ T7340] nbd_init+0x3d4/0x3f8 [ 6316.555839][ T7340] do_one_initcall+0x18c/0xcdc [ 6316.556993][ T7340] kernel_init_freeable+0x6ca/0x7b4 [ 6316.558609][ T7340] kernel_init+0x28/0x240 [ 6316.559819][ T7340] ret_from_fork_kernel+0x94/0xef8 [ 6316.561082][ T7340] ret_from_fork_kernel_asm+0x16/0x18 [ 6316.563560][ T7340] [ 6316.563560][ T7340] -> #4 (&q->elevator_lock){+.+.}-{4:4}: [ 6316.565644][ T7340] lock_acquire+0x24a/0x504 [ 6316.566798][ T7340] __mutex_lock+0x164/0x1890 [ 6316.568213][ T7340] mutex_lock_nested+0x14/0x1c [ 6316.569546][ T7340] elevator_change+0x192/0x4ac [ 6316.570964][ T7340] elevator_set_none+0xa8/0x120 [ 6316.572267][ T7340] blk_mq_update_nr_hw_queues+0x43a/0x13a0 [ 6316.574025][ T7340] nbd_start_device+0x156/0xb74 [ 6316.575152][ T7340] nbd_genl_connect+0xe74/0x1a4c [ 6316.576320][ T7340] genl_family_rcv_msg_doit+0x1f6/0x2d8 [ 6316.577690][ T7340] genl_rcv_msg+0x4b2/0x73c [ 6316.578918][ T7340] netlink_rcv_skb+0x1e8/0x394 [ 6316.580453][ T7340] genl_rcv+0x32/0x4c [ 6316.581920][ T7340] netlink_unicast+0x50c/0x7d8 [ 6316.583475][ T7340] netlink_sendmsg+0x7e0/0xd64 [ 6316.585903][ T7340] __sock_sendmsg+0xca/0x160 [ 6316.588814][ T7340] ____sys_sendmsg+0x636/0x794 [ 6316.590431][ T7340] ___sys_sendmsg+0x1a4/0x1e8 [ 6316.591914][ T7340] __sys_sendmsg+0x18e/0x234 [ 6316.593188][ T7340] __riscv_sys_sendmsg+0x70/0xa4 [ 6316.594941][ T7340] syscall_handler+0x92/0x114 [ 6316.596403][ T7340] do_trap_ecall_u+0x402/0x680 [ 6316.597756][ T7340] handle_exception+0x15e/0x16a [ 6316.599142][ T7340] [ 6316.599142][ T7340] -> #3 (&q->q_usage_counter(io)#19){++++}-{0:0}: [ 6316.601660][ T7340] lock_acquire+0x24a/0x504 [ 6316.603183][ T7340] blk_alloc_queue+0x5b4/0x6f4 [ 6316.604499][ T7340] blk_mq_alloc_queue+0x15e/0x250 [ 6316.605996][ T7340] __blk_mq_alloc_disk+0x2a/0xd8 [ 6316.607423][ T7340] nbd_dev_add+0x426/0xaec [ 6316.608775][ T7340] nbd_init+0x3d4/0x3f8 [ 6316.609831][ T7340] do_one_initcall+0x18c/0xcdc [ 6316.611160][ T7340] kernel_init_freeable+0x6ca/0x7b4 [ 6316.612313][ T7340] kernel_init+0x28/0x240 [ 6316.613626][ T7340] ret_from_fork_kernel+0x94/0xef8 [ 6316.614792][ T7340] ret_from_fork_kernel_asm+0x16/0x18 [ 6316.616032][ T7340] [ 6316.616032][ T7340] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 6316.617729][ T7340] lock_acquire+0x24a/0x504 [ 6316.618930][ T7340] fs_reclaim_acquire+0xc6/0x100 [ 6316.620394][ T7340] kmem_cache_alloc_node_noprof+0x40/0x6e8 [ 6316.621791][ T7340] __alloc_skb+0x17c/0x778 [ 6316.623049][ T7340] tcp_stream_alloc_skb+0x2e/0x4d8 [ 6316.624541][ T7340] tcp_sendmsg_locked+0xe16/0x408c [ 6316.626019][ T7340] tcp_sendmsg+0x32/0x50 [ 6316.627383][ T7340] inet_sendmsg+0x9a/0xd8 [ 6316.628754][ T7340] __sock_sendmsg+0xca/0x160 [ 6316.630139][ T7340] sock_write_iter+0x298/0x3e8 [ 6316.631516][ T7340] vfs_write+0x648/0xd08 [ 6316.632581][ T7340] ksys_write+0x1f4/0x244 [ 6316.634162][ T7340] __riscv_sys_write+0x6e/0xa0 [ 6316.635485][ T7340] syscall_handler+0x92/0x114 [ 6316.636687][ T7340] do_trap_ecall_u+0x402/0x680 [ 6316.637815][ T7340] handle_exception+0x15e/0x16a [ 6316.638956][ T7340] [ 6316.638956][ T7340] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 6316.640793][ T7340] lock_acquire+0x24a/0x504 [ 6316.642343][ T7340] lock_sock_nested+0x38/0xf8 [ 6316.643753][ T7340] tcp_sendmsg+0x28/0x50 [ 6316.645105][ T7340] inet_sendmsg+0x9a/0xd8 [ 6316.646365][ T7340] sock_sendmsg+0x206/0x2d4 [ 6316.648045][ T7340] __sock_xmit+0x244/0x578 [ 6316.649525][ T7340] nbd_disconnect.isra.0+0x312/0x3e8 [ 6316.650943][ T7340] nbd_ioctl+0xbc8/0xbd4 [ 6316.651995][ T7340] blkdev_ioctl+0x4cc/0x12e4 [ 6316.653307][ T7340] __riscv_sys_ioctl+0x17c/0x1e4 [ 6316.654548][ T7340] syscall_handler+0x92/0x114 [ 6316.655735][ T7340] do_trap_ecall_u+0x402/0x680 [ 6316.656896][ T7340] handle_exception+0x15e/0x16a [ 6316.657980][ T7340] [ 6316.657980][ T7340] -> #0 (&nsock->tx_lock){+.+.}-{4:4}: [ 6316.659820][ T7340] check_noncircular+0x138/0x14c [ 6316.661044][ T7340] __lock_acquire+0xe9c/0x25ac [ 6316.662288][ T7340] lock_acquire+0x24a/0x504 [ 6316.663522][ T7340] __mutex_lock+0x164/0x1890 [ 6316.664970][ T7340] mutex_lock_nested+0x14/0x1c [ 6316.666572][ T7340] nbd_queue_rq+0x372/0xe44 [ 6316.667961][ T7340] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 6316.669493][ T7340] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 6316.671189][ T7340] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 6316.672686][ T7340] blk_mq_run_hw_queue+0x274/0x6ec [ 6316.674463][ T7340] blk_mq_dispatch_list+0x53e/0x1430 [ 6316.675645][ T7340] blk_mq_flush_plug_list+0x114/0x55c [ 6316.676825][ T7340] __blk_flush_plug+0x270/0x464 [ 6316.677903][ T7340] __submit_bio+0x42e/0x504 [ 6316.678973][ T7340] submit_bio_noacct_nocheck+0x458/0xdf4 [ 6316.680113][ T7340] submit_bio_noacct+0x6fe/0x2170 [ 6316.681304][ T7340] submit_bio+0xb6/0x5b8 [ 6316.682543][ T7340] submit_bh_wbc+0x428/0x5c0 [ 6316.683902][ T7340] block_read_full_folio+0x396/0x788 [ 6316.685508][ T7340] blkdev_read_folio+0x26/0x30 [ 6316.686932][ T7340] filemap_read_folio+0xc2/0x270 [ 6316.688416][ T7340] do_read_cache_folio+0x22e/0x518 [ 6316.689842][ T7340] read_cache_folio+0x4e/0x68 [ 6316.691205][ T7340] read_part_sector+0xbc/0x408 [ 6316.692355][ T7340] read_lba+0x1b6/0x32c [ 6316.693387][ T7340] find_valid_gpt.constprop.0+0x212/0x21ec [ 6316.694574][ T7340] efi_partition+0xfe/0x9e0 [ 6316.695645][ T7340] bdev_disk_changed+0x5a0/0x1180 [ 6316.696652][ T7340] blkdev_get_whole+0x168/0x25c [ 6316.697645][ T7340] bdev_open+0x288/0xcc4 [ 6316.698731][ T7340] blkdev_open+0x2ec/0x454 [ 6316.699737][ T7340] do_dentry_open+0x418/0x1170 [ 6316.700738][ T7340] vfs_open+0xba/0x3a8 [ 6316.702855][ T7340] path_openat+0x144e/0x2f28 [ 6316.704420][ T7340] do_file_open+0x1ae/0x398 [ 6316.705840][ T7340] do_sys_openat2+0xfe/0x1c0 [ 6316.707066][ T7340] __riscv_sys_openat+0x122/0x1e4 [ 6316.708333][ T7340] syscall_handler+0x92/0x114 [ 6316.709667][ T7340] do_trap_ecall_u+0x402/0x680 [ 6316.710935][ T7340] handle_exception+0x15e/0x16a [ 6316.712217][ T7340] [ 6316.712217][ T7340] other info that might help us debug this: [ 6316.712217][ T7340] [ 6316.713530][ T7340] Chain exists of: [ 6316.713530][ T7340] &nsock->tx_lock --> set->srcu --> &cmd->lock [ 6316.713530][ T7340] [ 6316.716353][ T7340] Possible unsafe locking scenario: [ 6316.716353][ T7340] [ 6316.717322][ T7340] CPU0 CPU1 [ 6316.718072][ T7340] ---- ---- [ 6316.718820][ T7340] lock(&cmd->lock); [ 6316.719879][ T7340] lock(set->srcu); [ 6316.721192][ T7340] lock(&cmd->lock); [ 6316.722575][ T7340] lock(&nsock->tx_lock); [ 6316.723859][ T7340] [ 6316.723859][ T7340] *** DEADLOCK *** [ 6316.723859][ T7340] [ 6316.724856][ T7340] 3 locks held by syz.0.1435/7340: [ 6316.725796][ T7340] #0: ffffaf801a9ad358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x3c4/0xcc4 [ 6316.728285][ T7340] #1: ffffaf801a5b3f18 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x22c/0x6ec [ 6316.731068][ T7340] #2: ffffaf803c980180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44 [ 6316.734089][ T7340] [ 6316.734089][ T7340] stack backtrace: [ 6316.736014][ T7340] CPU: 1 UID: 0 PID: 7340 Comm: syz.0.1435 Tainted: G L syzkaller #0 PREEMPT [ 6316.736852][ T7340] Tainted: [L]=SOFTLOCKUP [ 6316.737078][ T7340] Hardware name: riscv-virtio,qemu (DT) [ 6316.737679][ T7340] Call Trace: [ 6316.737940][ T7340] [] dump_backtrace+0x2e/0x3c [ 6316.738700][ T7340] [] show_stack+0x30/0x3c [ 6316.739182][ T7340] [] dump_stack_lvl+0x114/0x1ac [ 6316.739919][ T7340] [] dump_stack+0x1c/0x28 [ 6316.740633][ T7340] [] print_circular_bug+0x250/0x29c [ 6316.741168][ T7340] [] check_noncircular+0x138/0x14c [ 6316.741676][ T7340] [] __lock_acquire+0xe9c/0x25ac [ 6316.742261][ T7340] [] lock_acquire+0x24a/0x504 [ 6316.742851][ T7340] [] __mutex_lock+0x164/0x1890 [ 6316.743601][ T7340] [] mutex_lock_nested+0x14/0x1c [ 6316.744369][ T7340] [] nbd_queue_rq+0x372/0xe44 [ 6316.744910][ T7340] [] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 6316.745656][ T7340] [] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 6316.746517][ T7340] [] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 6316.747336][ T7340] [] blk_mq_run_hw_queue+0x274/0x6ec [ 6316.747945][ T7340] [] blk_mq_dispatch_list+0x53e/0x1430 [ 6316.748580][ T7340] [] blk_mq_flush_plug_list+0x114/0x55c [ 6316.749202][ T7340] [] __blk_flush_plug+0x270/0x464 [ 6316.749772][ T7340] [] __submit_bio+0x42e/0x504 [ 6316.750351][ T7340] [] submit_bio_noacct_nocheck+0x458/0xdf4 [ 6316.751025][ T7340] [] submit_bio_noacct+0x6fe/0x2170 [ 6316.751629][ T7340] [] submit_bio+0xb6/0x5b8 [ 6316.752168][ T7340] [] submit_bh_wbc+0x428/0x5c0 [ 6316.752758][ T7340] [] block_read_full_folio+0x396/0x788 [ 6316.753414][ T7340] [] blkdev_read_folio+0x26/0x30 [ 6316.753963][ T7340] [] filemap_read_folio+0xc2/0x270 [ 6316.754631][ T7340] [] do_read_cache_folio+0x22e/0x518 [ 6316.755268][ T7340] [] read_cache_folio+0x4e/0x68 [ 6316.755903][ T7340] [] read_part_sector+0xbc/0x408 [ 6316.756410][ T7340] [] read_lba+0x1b6/0x32c [ 6316.756938][ T7340] [] find_valid_gpt.constprop.0+0x212/0x21ec [ 6316.757547][ T7340] [] efi_partition+0xfe/0x9e0 [ 6316.758130][ T7340] [] bdev_disk_changed+0x5a0/0x1180 [ 6316.758752][ T7340] [] blkdev_get_whole+0x168/0x25c [ 6316.759270][ T7340] [] bdev_open+0x288/0xcc4 [ 6316.759779][ T7340] [] blkdev_open+0x2ec/0x454 [ 6316.760353][ T7340] [] do_dentry_open+0x418/0x1170 [ 6316.760876][ T7340] [] vfs_open+0xba/0x3a8 [ 6316.761364][ T7340] [] path_openat+0x144e/0x2f28 [ 6316.762068][ T7340] [] do_file_open+0x1ae/0x398 [ 6316.762824][ T7340] [] do_sys_openat2+0xfe/0x1c0 [ 6316.763371][ T7340] [] __riscv_sys_openat+0x122/0x1e4 [ 6316.763994][ T7340] [] syscall_handler+0x92/0x114 [ 6316.764721][ T7340] [] do_trap_ecall_u+0x402/0x680 [ 6316.765338][ T7340] [] handle_exception+0x15e/0x16a [ 6316.886895][ T7340] block nbd0: Dead connection, failed to find a fallback [ 6316.888554][ T7340] block nbd0: shutting down sockets [ 6316.889639][ T7340] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 6316.890907][ T7340] Buffer I/O error on dev nbd0, logical block 0, async page read [ 6316.893640][ T7340] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 6316.966550][ T7340] Buffer I/O error on dev nbd0, logical block 1, async page read [ 6317.029185][ T7340] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 6317.031657][ T7340] Buffer I/O error on dev nbd0, logical block 2, async page read [ 6317.034683][ T7340] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 6317.103462][ T7340] Buffer I/O error on dev nbd0, logical block 3, async page read [ 6317.141156][ T7340] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 6317.143352][ T7340] Buffer I/O error on dev nbd0, logical block 0, async page read [ 6317.260299][ T7340] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 6317.262148][ T7340] Buffer I/O error on dev nbd0, logical block 1, async page read [ 6317.264574][ T7340] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 6317.321384][ T7340] Buffer I/O error on dev nbd0, logical block 2, async page read [ 6317.377873][ T7340] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 6317.410683][ T7340] Buffer I/O error on dev nbd0, logical block 3, async page read [ 6317.412172][ T7340] nbd0: unable to read partition table