last executing test programs:

33.709900132s ago: executing program 0 (id=934):
pipe2$watch_queue(&(0x7f0000002240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
r1 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff)
prlimit64(0x0, 0x7, &(0x7f0000000300), 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0xe1)

27.112097891s ago: executing program 1 (id=935):
syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid_for_children\x00')
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='cmdline\x00')
readlinkat(r0, &(0x7f0000000100)='./mnt\x00', &(0x7f0000000840)=""/66, 0x42)

25.027340588s ago: executing program 0 (id=936):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x17, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x90)

18.92675308s ago: executing program 1 (id=937):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r1, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x3a}, 0x60)
bind$nfc_llcp(r0, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x3a}, 0x60)

16.43483442s ago: executing program 0 (id=938):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=@newtclass={0x24, 0x28, 0x4, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x9, 0x4}, {0x7, 0xb}, {0xb, 0xf}}}, 0x24}}, 0x80000)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x4c, 0x10, 0x401, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3903d}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_IFNAME={0x14, 0x3, 'nicvf0\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x408c1}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

13.326017464s ago: executing program 1 (id=939):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
r1 = eventfd2(0x5, 0x80801)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})

9.285527429s ago: executing program 0 (id=940):
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000004700))
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
syz_clone3(&(0x7f0000000080)={0x2d008400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000001200)=[0x0], 0x1}, 0x58)

7.081712843s ago: executing program 1 (id=941):
mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0)
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
close(r1)

5.17720959s ago: executing program 1 (id=942):
r0 = timerfd_create(0x0, 0x80800)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000001c0)={0x20000000})
ioctl$TFD_IOC_SET_TICKS(r0, 0x40085400, &(0x7f0000000280)=0xa)

2.801075173s ago: executing program 0 (id=943):
r0 = landlock_create_ruleset(&(0x7f0000000080)={0xc0d8, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x80080, 0x0)
ioctl$TUNSETQUEUE(r1, 0x80811501, 0x0)

482.978432ms ago: executing program 0 (id=944):
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x4200)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000100), r0)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)={0x1c, r1, 0x901, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x80c0)

0s ago: executing program 1 (id=945):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000540), r0)
sendmsg$NLBL_MGMT_C_LISTDEF(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000ac0)={0x14, r2, 0x1, 0x70bd28, 0x25dfdbfe}, 0x14}}, 0x40000)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:42469' (ED25519) to the list of known hosts.
syzkaller login: [  524.551768][ T3187] cgroup: Unknown subsys name 'net'
[  525.108365][ T3187] cgroup: Unknown subsys name 'cpuset'
[  525.235529][ T3187] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  613.477627][ T3187] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  729.452556][ T3196] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  730.379724][ T3196] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  730.495312][ T3194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  731.225338][ T3194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  747.102311][ T3194] hsr_slave_0: entered promiscuous mode
[  747.178011][ T3194] hsr_slave_1: entered promiscuous mode
[  747.437646][ T3196] hsr_slave_0: entered promiscuous mode
[  747.472015][ T3196] hsr_slave_1: entered promiscuous mode
[  747.493750][ T3196] debugfs: 'hsr0' already exists in 'hsr'
[  747.497274][ T3196] Cannot create hsr debugfs directory
[  761.583120][ T3194] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  761.765309][ T3194] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  762.134626][ T3194] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  762.877928][ T3194] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  764.752597][ T3196] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  765.056772][ T3196] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  765.254941][ T3196] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  765.722493][ T3196] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  782.756801][ T3194] 8021q: adding VLAN 0 to HW filter on device bond0
[  784.256936][ T3196] 8021q: adding VLAN 0 to HW filter on device bond0
[  832.835676][ T3194] veth0_vlan: entered promiscuous mode
[  833.216083][ T3194] veth1_vlan: entered promiscuous mode
[  835.177617][ T3196] veth0_vlan: entered promiscuous mode
[  835.743776][ T3196] veth1_vlan: entered promiscuous mode
[  836.058990][ T3194] veth0_macvtap: entered promiscuous mode
[  836.378050][ T3194] veth1_macvtap: entered promiscuous mode
[  838.673039][ T3196] veth0_macvtap: entered promiscuous mode
[  839.515836][ T3196] veth1_macvtap: entered promiscuous mode
[  839.998625][ T3294] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  840.145154][ T3294] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  840.148597][ T3294] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  840.235183][ T3294] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  844.461761][ T3263] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  844.468229][ T3263] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  844.581869][ T2274] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  844.643037][ T2274] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  847.599777][ T3194] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  939.134856][ T3873] UHID_CREATE from different security context by process 30 (syz.1.29), this is not allowed.
[  969.188827][ T3894] capability: warning: `syz.0.39' uses 32-bit capabilities (legacy support in use)
[  992.889057][ T3908] nbd: couldn't find device at index 1073741824
[ 1000.287264][   T31] audit: type=1326 audit(999.050:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3911 comm="syz.1.48" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff91b332c6 code=0x7fc00000
[ 1010.052961][ T3922] netlink: 44 bytes leftover after parsing attributes in process `syz.0.52'.
[ 1010.078311][ T3922] netlink: 'syz.0.52': attribute type 6 has an invalid length.
[ 1010.087173][ T3922] netlink: 'syz.0.52': attribute type 5 has an invalid length.
[ 1010.089295][ T3922] netlink: 'syz.0.52': attribute type 4 has an invalid length.
[ 1054.233466][ T3948] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.65'.
[ 1120.305391][ T3993] sch_tbf: peakrate 7 is lower than or equals to rate 7 !
[ 1149.597421][ T4016] Illegal XDP return value 339384960 on prog  (id 7) dev N/A, expect packet loss!
[ 1166.018508][ T4024] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 1174.142677][ T4028] netlink: 4 bytes leftover after parsing attributes in process `syz.1.103'.
[ 1180.254185][ T4033] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.105' resets device
[ 1189.779759][ T4042] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1196.878508][ T4045] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false
[ 1265.237475][ T4081] netlink: 4 bytes leftover after parsing attributes in process `syz.0.129'.
[ 1295.559173][ T4099] capability: warning: `syz.0.136' uses deprecated v2 capabilities in a way that may be insecure
[ 1320.388943][ T4112] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1338.696926][ T4118] netlink: 'syz.0.144': attribute type 1 has an invalid length.
[ 1396.458191][ T4151] netlink: 60 bytes leftover after parsing attributes in process `syz.1.159'.
[ 1451.938645][ T4182] netlink: 277 bytes leftover after parsing attributes in process `syz.1.173'.
[ 1481.067170][ T4203] netlink: 'syz.0.180': attribute type 16 has an invalid length.
[ 1481.086901][ T4203] netlink: 152 bytes leftover after parsing attributes in process `syz.0.180'.
[ 1553.614848][ T4247] netlink: 12 bytes leftover after parsing attributes in process `syz.0.197'.
[ 1584.126705][ T4260] process 'syz.0.203' launched './file2' with NULL argv: empty string added
[ 1612.297214][ T4275] netlink: 4 bytes leftover after parsing attributes in process `syz.0.210'.
[ 1612.608344][ T4275] veth1_macvtap: left promiscuous mode
[ 1843.385055][ T4402] pimreg: entered allmulticast mode
[ 1843.554577][ T4405] pimreg: left allmulticast mode
[ 1858.886353][ T4419] netlink: 28 bytes leftover after parsing attributes in process `syz.0.267'.
[ 1866.948995][ T4424] netlink: 4 bytes leftover after parsing attributes in process `syz.1.268'.
[ 1878.057965][ T4432] input: syz1 as /devices/virtual/input/input1
[ 1901.256598][ T3813] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 1901.576557][ T3813] usb 1-1: Using ep0 maxpacket: 8
[ 1901.698314][ T3813] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1901.717423][ T3813] usb 1-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[ 1901.719672][ T3813] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1902.134022][ T3813] usb 1-1: config 0 descriptor??
[ 1906.264225][ T3813] kye 0003:0458:0138.0001: unknown main item tag 0x3
[ 1906.267478][ T3813] kye 0003:0458:0138.0001: unknown global tag 0xe
[ 1906.269437][ T3813] kye 0003:0458:0138.0001: item 0 1 1 14 parsing failed
[ 1906.318204][ T3813] kye 0003:0458:0138.0001: parse failed
[ 1906.347429][ T3813] kye 0003:0458:0138.0001: probe with driver kye failed with error -22
[ 1907.171443][ T3813] usb 1-1: USB disconnect, device number 2
[ 1930.657791][ T4484] vxcan1: tx address claim with dlc 0
[ 1936.315247][ T4486] netlink: 100 bytes leftover after parsing attributes in process `syz.1.281'.
[ 2000.507537][ T4514] netlink: 4 bytes leftover after parsing attributes in process `syz.0.297'.
[ 2064.796475][ T4556] af_packet: tpacket_rcv: packet too big, clamped from 122 to 4294967286. macoff=82
[ 2296.254840][ T4698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.361'.
[ 2296.476628][ T4698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.361'.
[ 2322.104929][ T4713] batadv_slave_1: entered promiscuous mode
[ 2322.242462][ T4713] batadv_slave_1: left promiscuous mode
[ 2354.694951][ T4729] netlink: 'syz.1.376': attribute type 8 has an invalid length.
[ 2354.707830][ T4729] sch_fq: defrate 0 ignored.
[ 2369.636367][ T4735] netlink: 8 bytes leftover after parsing attributes in process `syz.0.379'.
[ 2369.639365][ T4735] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[ 2369.834473][ T4735] netlink: 44 bytes leftover after parsing attributes in process `syz.0.379'.
[ 2369.837336][ T4735] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 2428.356066][   T31] audit: type=1326 audit(2427.140:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4763 comm="syz.1.392" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0x7fff91b332c6 code=0x0
[ 2442.969469][ T4772] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 2597.516640][ T4841] faux_driver vgem: [drm] Unknown color mode 3; guessing buffer size.
[ 2601.864630][ T4844] binder: 4843:4844 ioctl c0306201 200000000100 returned -14
[ 2637.003717][ T4860] bpf: Bad value for 'uid'
[ 2679.397944][ T4879] netlink: 87 bytes leftover after parsing attributes in process `syz.0.438'.
[ 2777.823453][ T4918] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method
[ 2812.294061][ T4933] vcan0: tx drop: invalid sa for name 0x0000000000000001
[ 2814.867544][ T4935] input: syz0 as /devices/virtual/input/input2
[ 2818.144105][ T4941] netlink: 64 bytes leftover after parsing attributes in process `syz.1.464'.
[ 2952.263836][ T5023] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2954.928913][ T5023] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2957.568183][ T5023] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2960.685222][ T5023] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2967.328901][ T4655] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2968.471327][   T40] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2969.349010][   T40] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2970.432475][   T40] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2989.194540][ T5062] netlink: 8 bytes leftover after parsing attributes in process `syz.1.507'.
[ 3021.806012][ T3708] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 3022.193616][ T3708] usb 1-1: Using ep0 maxpacket: 32
[ 3022.954556][ T3708] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[ 3022.957476][ T3708] usb 1-1: config 0 has no interface number 0
[ 3023.555454][ T3708] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 3023.558112][ T3708] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3023.601842][ T3708] usb 1-1: Product: syz
[ 3023.604385][ T3708] usb 1-1: Manufacturer: syz
[ 3023.606127][ T3708] usb 1-1: SerialNumber: syz
[ 3024.067042][ T3708] usb 1-1: config 0 descriptor??
[ 3024.445664][ T3708] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 3026.563975][ T3708] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 3027.019028][ T3708] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 3027.064951][    C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 3027.376786][ T3708] usb 1-1: USB disconnect, device number 3
[ 3028.474074][ T3708] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 3029.226455][ T3708] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 3029.467598][ T3708] quatech2 1-1:0.51: device disconnected
[ 3064.494216][ T5125] binder: BC_ATTEMPT_ACQUIRE not supported
[ 3064.495662][ T5125] binder: 5124:5125 ioctl c0306201 2000000001c0 returned -22
[ 3117.134081][ T4736] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 3117.383406][ T4736] usb 2-1: Using ep0 maxpacket: 16
[ 3117.878707][ T4736] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3117.896857][ T4736] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3117.905618][ T4736] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 3117.908680][ T4736] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 3117.926370][ T4736] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3118.249019][ T4736] usb 2-1: config 0 descriptor??
[ 3121.655354][ T4736] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0002/input/input3
[ 3122.217273][ T4736] microsoft 0003:045E:07DA.0002: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[ 3122.492722][ T4736] usb 2-1: USB disconnect, device number 2
[ 3200.195105][ T5216] netpci0: tun_chr_ioctl cmd 1074025677
[ 3200.217785][ T5216] netpci0: linktype set to 6
[ 3216.408107][ T5228] netlink: 36 bytes leftover after parsing attributes in process `syz.1.555'.
[ 3241.037585][ T3813] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[ 3241.932567][ T3813] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 3241.934528][ T3813] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 3241.936235][ T3813] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 3241.937345][ T3813] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3242.280414][ T5243] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 3242.645308][ T3813] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 3247.045605][ T3813] usb 2-1: USB disconnect, device number 3
[ 3261.675521][   T31] audit: type=1326 audit(3260.440:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5282 comm="syz.1.563" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff91b332c6 code=0x7ffc0000
[ 3261.861593][   T31] audit: type=1326 audit(3260.600:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5282 comm="syz.1.563" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff91b332c6 code=0x7ffc0000
[ 3262.473455][   T31] audit: type=1326 audit(3261.270:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5282 comm="syz.1.563" exe="/syz-executor" sig=0 arch=c00000f3 syscall=277 compat=0 ip=0x7fff91b332c6 code=0x7ffc0000
[ 3262.976860][   T31] audit: type=1326 audit(3261.770:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5282 comm="syz.1.563" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fff91b332c6 code=0x0
[ 3290.836542][ T5298] mmap: syz.0.568 (5298) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 3330.399014][ T5324] x_tables: ip6_tables: mh match: only valid for protocol 135
[ 3335.228435][ T5326] block nbd0: shutting down sockets
[ 3365.252581][ T5021] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[ 3365.464220][ T5021] usb 2-1: Using ep0 maxpacket: 16
[ 3365.576402][ T5021] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3365.579321][ T5021] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 3365.589278][ T5021] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 3365.597865][ T5021] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 3365.612487][ T5021] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 3365.696808][ T5021] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 3365.698466][ T5021] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 3365.699537][ T5021] usb 2-1: Manufacturer: syz
[ 3365.894137][ T5021] usb 2-1: config 0 descriptor??
[ 3375.059397][ T5021] rc_core: IR keymap rc-hauppauge not found
[ 3375.066428][ T5021] Registered IR keymap rc-empty
[ 3375.276911][ T5021] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3375.304218][ T5021] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3375.458810][ T5021] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 3375.569800][ T5021] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input4
[ 3375.908550][ T5021] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3375.983648][ T5021] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3376.033458][ T5021] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3376.087548][ T5021] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3376.429453][ T5021] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3376.472280][ T5021] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3376.516463][ T5021] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3376.545648][ T5021] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3376.563075][ T5021] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3376.613188][ T5021] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3376.946951][ T5021] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[ 3376.981711][ T5021] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 3377.517930][ T5021] usb 2-1: USB disconnect, device number 4
[ 3383.448012][ T5384] =======================================================
[ 3383.448012][ T5384] WARNING: The mand mount option has been deprecated and
[ 3383.448012][ T5384]          and is ignored by this kernel. Remove the mand
[ 3383.448012][ T5384]          option from the mount to silence this warning.
[ 3383.448012][ T5384] =======================================================
[ 3393.196125][ T5391] netlink: 4 bytes leftover after parsing attributes in process `syz.1.601'.
[ 3428.359536][ T5422] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[ 3428.359536][ T5422] The task syz.0.611 (5422) triggered the difference, watch for misbehavior.
[ 3463.155827][ T5445] syz.1.622 uses obsolete (PF_INET,SOCK_PACKET)
[ 3471.723059][ T5453] netlink: 8 bytes leftover after parsing attributes in process `syz.0.625'.
[ 3471.733356][ T5453] netlink: 12 bytes leftover after parsing attributes in process `syz.0.625'.
[ 3531.431767][ T5491] netlink: 8 bytes leftover after parsing attributes in process `syz.0.642'.
[ 3538.919388][ T5496] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[ 3543.208073][ T5500] Zero length message leads to an empty skb
[ 3552.416752][ T5506] netlink: 60 bytes leftover after parsing attributes in process `syz.0.649'.
[ 3552.658922][ T5506] netlink: 60 bytes leftover after parsing attributes in process `syz.0.649'.
[ 3552.862750][ T5506] netlink: 60 bytes leftover after parsing attributes in process `syz.0.649'.
[ 3628.243678][ T5021] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 3628.676897][ T5021] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 3628.685152][ T5021] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 3628.688282][ T5021] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 3628.715262][ T5021] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3629.456363][ T5554] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 3629.975889][ T5021] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 3634.438064][ T5021] usb 1-1: USB disconnect, device number 4
[ 3700.268338][ T5627] netlink: 4 bytes leftover after parsing attributes in process `syz.0.688'.
[ 3710.607569][ T5635] netlink: 8 bytes leftover after parsing attributes in process `syz.0.692'.
[ 3710.976707][ T5635] bond0: entered promiscuous mode
[ 3710.978221][ T5635] bond_slave_0: entered promiscuous mode
[ 3711.006926][ T5635] bond_slave_1: entered promiscuous mode
[ 3711.104541][ T5635] bond0: left promiscuous mode
[ 3711.106278][ T5635] bond_slave_0: left promiscuous mode
[ 3711.115605][ T5635] bond_slave_1: left promiscuous mode
[ 3757.975085][ T3189] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 3758.565318][ T3189] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 3758.568927][ T3189] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3758.915805][ T3189] usb 1-1: config 0 descriptor??
[ 3759.179601][ T3189] cp210x 1-1:0.0: cp210x converter detected
[ 3759.597396][ T5676] netlink: 64 bytes leftover after parsing attributes in process `syz.1.708'.
[ 3759.636532][ T5676] netlink: 64 bytes leftover after parsing attributes in process `syz.1.708'.
[ 3762.229262][ T3189] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71
[ 3762.247071][ T3189] cp210x 1-1:0.0: GPIO initialisation failed: -71
[ 3762.476099][ T3189] usb 1-1: cp210x converter now attached to ttyUSB0
[ 3762.718549][ T3189] usb 1-1: USB disconnect, device number 5
[ 3763.326108][ T3189] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 3763.404848][ T3189] cp210x 1-1:0.0: device disconnected
[ 3916.948651][ T5793] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[ 3939.644906][ T5810] netlink: 36 bytes leftover after parsing attributes in process `syz.0.756'.
[ 3985.309384][ T5842] ptrace attach of "/syz-executor exec"[3196] was attempted by "
        Ðÿ      ð¥      Àÿ      Àÿ      Ðÿ      àÿ              ðÿ      °ÿ      Àÿ                 ÿÿÿÿ                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        
                                                                     ÿÿÿÿ                                 ÿÿÿÿ                                                                                                                                                                                                                                                                          
[ 4009.152883][ T4214] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[ 4009.524637][ T4214] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 4009.526994][ T4214] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 4009.775574][ T4214] usb 1-1: config 0 descriptor??
[ 4011.013641][ T4214] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor
[ 4011.737897][ T4214] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2
[ 4011.742682][ T4214] [drm] Initialized udl on minor 2
[ 4011.806194][ T4214] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffe0
[ 4011.842852][ T4214] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[ 4012.034764][ T4214] usb 1-1: USB disconnect, device number 6
[ 4012.045498][ T3812] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 4012.099243][ T3812] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[ 4041.585105][ T5902] ubi31: attaching mtd0
[ 4076.618413][ T5926] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 4076.623381][ T5926] IPv6: NLM_F_CREATE should be set when creating new route
[ 4092.849086][  T865] block nbd0: Receive control failed (result -32)
[ 4092.872198][  T865] block nbd0: Receive control failed (result -32)
[ 4092.883504][  T865] block nbd0: Receive control failed (result -32)
[ 4092.964414][ T5934] nbd0: detected capacity change from 0 to 127
[ 4118.748872][ T5965] block nbd1: shutting down sockets
[ 4133.183963][ T4214] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[ 4133.433092][ T4214] usb 1-1: Using ep0 maxpacket: 32
[ 4133.537114][ T4214] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[ 4133.539340][ T4214] usb 1-1: config 0 has no interface number 0
[ 4133.723366][ T4214] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 4133.725760][ T4214] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 4133.727628][ T4214] usb 1-1: Product: syz
[ 4133.729298][ T4214] usb 1-1: Manufacturer: syz
[ 4133.791721][ T4214] usb 1-1: SerialNumber: syz
[ 4134.034497][ T4214] usb 1-1: config 0 descriptor??
[ 4134.464394][ T4214] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 4135.574127][ T5983] skbuff: bad partial csum: csum=65506/2 headroom=144 headlen=65526
[ 4136.174527][ T4214] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 4136.531107][    C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 4136.547553][ T4214] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 4136.659942][ T4214] usb 1-1: USB disconnect, device number 7
[ 4137.513921][ T4214] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 4138.178133][ T4214] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 4138.268854][ T4214] quatech2 1-1:0.51: device disconnected
[ 4169.223760][ T6022] netlink: 40 bytes leftover after parsing attributes in process `syz.0.820'.
[ 4169.226409][ T6022] netlink: 32 bytes leftover after parsing attributes in process `syz.0.820'.
[ 4176.047030][ T6026] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[ 4198.042536][    C0] vcan0: j1939_tp_rxtimer: 0xffffaf8020256000: rx timeout, send abort
[ 4198.549303][    C0] vcan0: j1939_tp_rxtimer: 0xffffaf8020256000: abort rx timeout. Force session deactivation
[ 4231.288077][ T6066] erspan0: entered promiscuous mode
[ 4307.897112][ T6133] bond0: option packets_per_slave: invalid value (18446744072268814746)
[ 4307.932596][ T6133] bond0: option packets_per_slave: allowed values 0 - 65535
[ 4327.424196][ T5938] block nbd1: Receive control failed (result -32)
[ 4327.497068][ T5938] block nbd1: Receive control failed (result -32)
[ 4327.512381][ T5938] block nbd1: Receive control failed (result -32)
[ 4327.643720][ T6147] nbd1: detected capacity change from 0 to 127
[ 4335.252957][ T6155] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 4335.259080][ T6155] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 4369.283867][ T3812] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[ 4369.964154][ T3812] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9865, setting to 1024
[ 4369.967801][ T3812] usb 1-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[ 4369.982423][ T3812] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 4370.349537][ T3812] usb 1-1: config 0 descriptor??
[ 4370.482802][ T6179] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 4371.936565][ T3812] logitech-djreceiver 0003:046D:C71F.0003: unknown main item tag 0x0
[ 4371.938296][ T3812] logitech-djreceiver 0003:046D:C71F.0003: unknown main item tag 0x0
[ 4371.943087][ T3812] logitech-djreceiver 0003:046D:C71F.0003: unknown main item tag 0x0
[ 4371.944777][ T3812] logitech-djreceiver 0003:046D:C71F.0003: unknown main item tag 0x0
[ 4371.946156][ T3812] logitech-djreceiver 0003:046D:C71F.0003: unknown main item tag 0x0
[ 4371.947441][ T3812] logitech-djreceiver 0003:046D:C71F.0003: unknown main item tag 0x0
[ 4371.949574][ T3812] logitech-djreceiver 0003:046D:C71F.0003: unknown main item tag 0x0
[ 4371.955710][ T3812] logitech-djreceiver 0003:046D:C71F.0003: unknown main item tag 0x0
[ 4371.957495][ T3812] logitech-djreceiver 0003:046D:C71F.0003: unknown main item tag 0x0
[ 4371.958619][ T3812] logitech-djreceiver 0003:046D:C71F.0003: unknown main item tag 0x0
[ 4372.179601][ T3812] logitech-djreceiver 0003:046D:C71F.0003: unbalanced collection at end of report description
[ 4372.307714][ T3812] logitech-djreceiver 0003:046D:C71F.0003: logi_dj_probe: parse failed
[ 4372.335036][ T3812] logitech-djreceiver 0003:046D:C71F.0003: probe with driver logitech-djreceiver failed with error -22
[ 4372.719268][ T3812] usb 1-1: USB disconnect, device number 8
[ 4392.848834][ T6208] kernel profiling enabled (shift: 18)
[ 4402.717598][ T6214] netlink: 12 bytes leftover after parsing attributes in process `syz.1.885'.
[ 4402.793574][ T6214] netlink: 8 bytes leftover after parsing attributes in process `syz.1.885'.
[ 4434.715599][ T6235] block nbd2: Unsupported socket: should be TCP or UNIX.
[ 4444.383349][ T6244] netlink: 12 bytes leftover after parsing attributes in process `syz.0.899'.
[ 4565.658103][ T6329] netlink: 64 bytes leftover after parsing attributes in process `syz.0.931'.
[ 4617.237597][ T6388] 
[ 4617.238740][ T6388] ======================================================
[ 4617.239664][ T6388] WARNING: possible circular locking dependency detected
[ 4617.241948][ T6388] syzkaller #0 Tainted: G             L     
[ 4617.242987][ T6388] ------------------------------------------------------
[ 4617.243776][ T6388] syz.0.944/6388 is trying to acquire lock:
[ 4617.244701][ T6388] ffffaf8031885a70 (&nsock->tx_lock){+.+.}-{4:4}, at: nbd_queue_rq+0x372/0xe44
[ 4617.248004][ T6388] 
[ 4617.248004][ T6388] but task is already holding lock:
[ 4617.248965][ T6388] ffffaf8034e48180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44
[ 4617.250876][ T6388] 
[ 4617.250876][ T6388] which lock already depends on the new lock.
[ 4617.250876][ T6388] 
[ 4617.251849][ T6388] 
[ 4617.251849][ T6388] the existing dependency chain (in reverse order) is:
[ 4617.252893][ T6388] 
[ 4617.252893][ T6388] -> #6 (&cmd->lock){+.+.}-{4:4}:
[ 4617.254570][ T6388]        lock_acquire+0x24a/0x504
[ 4617.255607][ T6388]        __mutex_lock+0x164/0x1890
[ 4617.256663][ T6388]        mutex_lock_nested+0x14/0x1c
[ 4617.257598][ T6388]        nbd_queue_rq+0xc4/0xe44
[ 4617.258415][ T6388]        blk_mq_dispatch_rq_list+0x3cc/0x1ac0
[ 4617.259340][ T6388]        __blk_mq_sched_dispatch_requests+0xe12/0x13cc
[ 4617.260486][ T6388]        blk_mq_sched_dispatch_requests+0xb2/0x174
[ 4617.261530][ T6388]        blk_mq_run_hw_queue+0x274/0x6ec
[ 4617.262423][ T6388]        blk_mq_dispatch_list+0x53e/0x1430
[ 4617.263576][ T6388]        blk_mq_flush_plug_list+0x114/0x55c
[ 4617.264599][ T6388]        __blk_flush_plug+0x270/0x464
[ 4617.265538][ T6388]        __submit_bio+0x42e/0x504
[ 4617.266412][ T6388]        submit_bio_noacct_nocheck+0x458/0xdf4
[ 4617.267400][ T6388]        submit_bio_noacct+0x6fe/0x2170
[ 4617.268519][ T6388]        submit_bio+0xb6/0x5b8
[ 4617.269390][ T6388]        submit_bh_wbc+0x428/0x5c0
[ 4617.270436][ T6388]        block_read_full_folio+0x396/0x788
[ 4617.271478][ T6388]        blkdev_read_folio+0x26/0x30
[ 4617.272628][ T6388]        filemap_read_folio+0xc2/0x270
[ 4617.273647][ T6388]        do_read_cache_folio+0x22e/0x518
[ 4617.274714][ T6388]        read_cache_folio+0x4e/0x68
[ 4617.275846][ T6388]        read_part_sector+0xbc/0x408
[ 4617.276814][ T6388]        read_lba+0x1b6/0x32c
[ 4617.277691][ T6388]        find_valid_gpt.constprop.0+0x212/0x21ec
[ 4617.278627][ T6388]        efi_partition+0xfe/0x9e0
[ 4617.279484][ T6388]        bdev_disk_changed+0x5a0/0x1180
[ 4617.280476][ T6388]        blkdev_get_whole+0x168/0x25c
[ 4617.281291][ T6388]        bdev_open+0x288/0xcc4
[ 4617.282349][ T6388]        blkdev_open+0x2ec/0x454
[ 4617.283130][ T6388]        do_dentry_open+0x418/0x1170
[ 4617.283931][ T6388]        vfs_open+0xba/0x3a8
[ 4617.285076][ T6388]        path_openat+0x144e/0x2f28
[ 4617.286430][ T6388]        do_file_open+0x1ae/0x398
[ 4617.287813][ T6388]        do_sys_openat2+0xfe/0x1c0
[ 4617.289006][ T6388]        __riscv_sys_openat+0x122/0x1e4
[ 4617.290287][ T6388]        syscall_handler+0x92/0x114
[ 4617.291584][ T6388]        do_trap_ecall_u+0x402/0x680
[ 4617.293062][ T6388]        handle_exception+0x15e/0x16a
[ 4617.294485][ T6388] 
[ 4617.294485][ T6388] -> #5 (set->srcu){.+.+}-{0:0}:
[ 4617.296693][ T6388]        lock_sync+0xea/0x1cc
[ 4617.297913][ T6388]        __synchronize_srcu+0xd4/0x24c
[ 4617.299266][ T6388]        synchronize_srcu+0x14c/0x3fc
[ 4617.300690][ T6388]        blk_mq_quiesce_queue+0x124/0x194
[ 4617.301906][ T6388]        elevator_switch+0x16a/0x4e4
[ 4617.303215][ T6388]        elevator_change+0x2f4/0x4ac
[ 4617.304597][ T6388]        elevator_set_default+0x280/0x370
[ 4617.305977][ T6388]        blk_register_queue+0x3a8/0x50c
[ 4617.306904][ T6388]        __add_disk+0x69a/0xda4
[ 4617.307705][ T6388]        add_disk_fwnode+0xe8/0x48c
[ 4617.308568][ T6388]        device_add_disk+0x28/0x38
[ 4617.309368][ T6388]        nbd_dev_add+0x692/0xaec
[ 4617.310360][ T6388]        nbd_init+0x3d4/0x3f8
[ 4617.311169][ T6388]        do_one_initcall+0x18c/0xcdc
[ 4617.311988][ T6388]        kernel_init_freeable+0x6ca/0x7b4
[ 4617.312963][ T6388]        kernel_init+0x28/0x240
[ 4617.313725][ T6388]        ret_from_fork_kernel+0x94/0xef8
[ 4617.314548][ T6388]        ret_from_fork_kernel_asm+0x16/0x18
[ 4617.315399][ T6388] 
[ 4617.315399][ T6388] -> #4 (&q->elevator_lock){+.+.}-{4:4}:
[ 4617.316780][ T6388]        lock_acquire+0x24a/0x504
[ 4617.317572][ T6388]        __mutex_lock+0x164/0x1890
[ 4617.318396][ T6388]        mutex_lock_nested+0x14/0x1c
[ 4617.319265][ T6388]        elevator_change+0x192/0x4ac
[ 4617.320111][ T6388]        elevator_set_none+0xa8/0x120
[ 4617.320981][ T6388]        blk_mq_update_nr_hw_queues+0x43a/0x13a0
[ 4617.321891][ T6388]        nbd_start_device+0x156/0xb74
[ 4617.322553][ T6388]        nbd_genl_connect+0xe74/0x1a4c
[ 4617.323208][ T6388]        genl_family_rcv_msg_doit+0x1f6/0x2d8
[ 4617.324125][ T6388]        genl_rcv_msg+0x4b2/0x73c
[ 4617.324882][ T6388]        netlink_rcv_skb+0x1e8/0x394
[ 4617.325836][ T6388]        genl_rcv+0x32/0x4c
[ 4617.326715][ T6388]        netlink_unicast+0x50c/0x7d8
[ 4617.327776][ T6388]        netlink_sendmsg+0x7e0/0xd64
[ 4617.328761][ T6388]        __sock_sendmsg+0xca/0x160
[ 4617.329709][ T6388]        ____sys_sendmsg+0x636/0x794
[ 4617.330663][ T6388]        ___sys_sendmsg+0x1a4/0x1e8
[ 4617.331601][ T6388]        __sys_sendmsg+0x18e/0x234
[ 4617.332419][ T6388]        __riscv_sys_sendmsg+0x70/0xa4
[ 4617.333263][ T6388]        syscall_handler+0x92/0x114
[ 4617.334106][ T6388]        do_trap_ecall_u+0x402/0x680
[ 4617.334948][ T6388]        handle_exception+0x15e/0x16a
[ 4617.335795][ T6388] 
[ 4617.335795][ T6388] -> #3 (&q->q_usage_counter(io)#19){++++}-{0:0}:
[ 4617.337393][ T6388]        lock_acquire+0x24a/0x504
[ 4617.338148][ T6388]        blk_alloc_queue+0x5b4/0x6f4
[ 4617.338923][ T6388]        blk_mq_alloc_queue+0x15e/0x250
[ 4617.339902][ T6388]        __blk_mq_alloc_disk+0x2a/0xd8
[ 4617.340806][ T6388]        nbd_dev_add+0x426/0xaec
[ 4617.341732][ T6388]        nbd_init+0x3d4/0x3f8
[ 4617.342500][ T6388]        do_one_initcall+0x18c/0xcdc
[ 4617.343236][ T6388]        kernel_init_freeable+0x6ca/0x7b4
[ 4617.344103][ T6388]        kernel_init+0x28/0x240
[ 4617.344865][ T6388]        ret_from_fork_kernel+0x94/0xef8
[ 4617.345659][ T6388]        ret_from_fork_kernel_asm+0x16/0x18
[ 4617.346541][ T6388] 
[ 4617.346541][ T6388] -> #2 (fs_reclaim){+.+.}-{0:0}:
[ 4617.347815][ T6388]        lock_acquire+0x24a/0x504
[ 4617.348656][ T6388]        fs_reclaim_acquire+0xc6/0x100
[ 4617.349602][ T6388]        kmem_cache_alloc_node_noprof+0x40/0x6e8
[ 4617.350404][ T6388]        __alloc_skb+0x17c/0x778
[ 4617.351128][ T6388]        tcp_stream_alloc_skb+0x2e/0x4d8
[ 4617.351977][ T6388]        tcp_sendmsg_locked+0xe16/0x408c
[ 4617.352856][ T6388]        tcp_sendmsg+0x32/0x50
[ 4617.353613][ T6388]        inet_sendmsg+0x9a/0xd8
[ 4617.354317][ T6388]        __sock_sendmsg+0xca/0x160
[ 4617.355177][ T6388]        sock_write_iter+0x298/0x3e8
[ 4617.356097][ T6388]        vfs_write+0x648/0xd08
[ 4617.356886][ T6388]        ksys_write+0x1f4/0x244
[ 4617.357679][ T6388]        __riscv_sys_write+0x6e/0xa0
[ 4617.358458][ T6388]        syscall_handler+0x92/0x114
[ 4617.359273][ T6388]        do_trap_ecall_u+0x402/0x680
[ 4617.360227][ T6388]        handle_exception+0x15e/0x16a
[ 4617.361058][ T6388] 
[ 4617.361058][ T6388] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}:
[ 4617.362631][ T6388]        lock_acquire+0x24a/0x504
[ 4617.363485][ T6388]        lock_sock_nested+0x38/0xf8
[ 4617.364769][ T6388]        inet_shutdown+0x68/0x3c0
[ 4617.366115][ T6388]        kernel_sock_shutdown+0x58/0x7c
[ 4617.367434][ T6388]        nbd_mark_nsock_dead+0xaa/0x510
[ 4617.368878][ T6388]        sock_shutdown+0x144/0x238
[ 4617.370211][ T6388]        nbd_ioctl+0x22c/0xbd4
[ 4617.371243][ T6388]        blkdev_ioctl+0x4cc/0x12e4
[ 4617.372596][ T6388]        __riscv_sys_ioctl+0x17c/0x1e4
[ 4617.373730][ T6388]        syscall_handler+0x92/0x114
[ 4617.374943][ T6388]        do_trap_ecall_u+0x402/0x680
[ 4617.376135][ T6388]        handle_exception+0x15e/0x16a
[ 4617.377293][ T6388] 
[ 4617.377293][ T6388] -> #0 (&nsock->tx_lock){+.+.}-{4:4}:
[ 4617.379247][ T6388]        check_noncircular+0x138/0x14c
[ 4617.380562][ T6388]        __lock_acquire+0xe9c/0x25ac
[ 4617.381801][ T6388]        lock_acquire+0x24a/0x504
[ 4617.382920][ T6388]        __mutex_lock+0x164/0x1890
[ 4617.384238][ T6388]        mutex_lock_nested+0x14/0x1c
[ 4617.385563][ T6388]        nbd_queue_rq+0x372/0xe44
[ 4617.386646][ T6388]        blk_mq_dispatch_rq_list+0x3cc/0x1ac0
[ 4617.387937][ T6388]        __blk_mq_sched_dispatch_requests+0xe12/0x13cc
[ 4617.389379][ T6388]        blk_mq_sched_dispatch_requests+0xb2/0x174
[ 4617.390839][ T6388]        blk_mq_run_hw_queue+0x274/0x6ec
[ 4617.392010][ T6388]        blk_mq_dispatch_list+0x53e/0x1430
[ 4617.393258][ T6388]        blk_mq_flush_plug_list+0x114/0x55c
[ 4617.394550][ T6388]        __blk_flush_plug+0x270/0x464
[ 4617.395689][ T6388]        __submit_bio+0x42e/0x504
[ 4617.396839][ T6388]        submit_bio_noacct_nocheck+0x458/0xdf4
[ 4617.398069][ T6388]        submit_bio_noacct+0x6fe/0x2170
[ 4617.399226][ T6388]        submit_bio+0xb6/0x5b8
[ 4617.400365][ T6388]        submit_bh_wbc+0x428/0x5c0
[ 4617.401537][ T6388]        block_read_full_folio+0x396/0x788
[ 4617.402807][ T6388]        blkdev_read_folio+0x26/0x30
[ 4617.403986][ T6388]        filemap_read_folio+0xc2/0x270
[ 4617.405272][ T6388]        do_read_cache_folio+0x22e/0x518
[ 4617.406540][ T6388]        read_cache_folio+0x4e/0x68
[ 4617.407767][ T6388]        read_part_sector+0xbc/0x408
[ 4617.408919][ T6388]        read_lba+0x1b6/0x32c
[ 4617.410357][ T6388]        find_valid_gpt.constprop.0+0x212/0x21ec
[ 4617.411844][ T6388]        efi_partition+0xfe/0x9e0
[ 4617.413053][ T6388]        bdev_disk_changed+0x5a0/0x1180
[ 4617.414184][ T6388]        blkdev_get_whole+0x168/0x25c
[ 4617.415300][ T6388]        bdev_open+0x288/0xcc4
[ 4617.416410][ T6388]        blkdev_open+0x2ec/0x454
[ 4617.417552][ T6388]        do_dentry_open+0x418/0x1170
[ 4617.418609][ T6388]        vfs_open+0xba/0x3a8
[ 4617.419644][ T6388]        path_openat+0x144e/0x2f28
[ 4617.420960][ T6388]        do_file_open+0x1ae/0x398
[ 4617.422182][ T6388]        do_sys_openat2+0xfe/0x1c0
[ 4617.423292][ T6388]        __riscv_sys_openat+0x122/0x1e4
[ 4617.424474][ T6388]        syscall_handler+0x92/0x114
[ 4617.425709][ T6388]        do_trap_ecall_u+0x402/0x680
[ 4617.426851][ T6388]        handle_exception+0x15e/0x16a
[ 4617.428068][ T6388] 
[ 4617.428068][ T6388] other info that might help us debug this:
[ 4617.428068][ T6388] 
[ 4617.429267][ T6388] Chain exists of:
[ 4617.429267][ T6388]   &nsock->tx_lock --> set->srcu --> &cmd->lock
[ 4617.429267][ T6388] 
[ 4617.431905][ T6388]  Possible unsafe locking scenario:
[ 4617.431905][ T6388] 
[ 4617.432835][ T6388]        CPU0                    CPU1
[ 4617.433602][ T6388]        ----                    ----
[ 4617.434406][ T6388]   lock(&cmd->lock);
[ 4617.435611][ T6388]                                lock(set->srcu);
[ 4617.437066][ T6388]                                lock(&cmd->lock);
[ 4617.438451][ T6388]   lock(&nsock->tx_lock);
[ 4617.439666][ T6388] 
[ 4617.439666][ T6388]  *** DEADLOCK ***
[ 4617.439666][ T6388] 
[ 4617.440803][ T6388] 3 locks held by syz.0.944/6388:
[ 4617.441735][ T6388]  #0: ffffaf801ad30358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x3c4/0xcc4
[ 4617.444453][ T6388]  #1: ffffaf801938d818 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x22c/0x6ec
[ 4617.447155][ T6388]  #2: ffffaf8034e48180 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc4/0xe44
[ 4617.450084][ T6388] 
[ 4617.450084][ T6388] stack backtrace:
[ 4617.451902][ T6388] CPU: 0 UID: 0 PID: 6388 Comm: syz.0.944 Tainted: G             L      syzkaller #0 PREEMPT 
[ 4617.452765][ T6388] Tainted: [L]=SOFTLOCKUP
[ 4617.453006][ T6388] Hardware name: riscv-virtio,qemu (DT)
[ 4617.453584][ T6388] Call Trace:
[ 4617.453926][ T6388] [<ffffffff8007b2a2>] dump_backtrace+0x2e/0x3c
[ 4617.454662][ T6388] [<ffffffff80003384>] show_stack+0x30/0x3c
[ 4617.455172][ T6388] [<ffffffff800601cc>] dump_stack_lvl+0x114/0x1ac
[ 4617.455928][ T6388] [<ffffffff80060280>] dump_stack+0x1c/0x28
[ 4617.456672][ T6388] [<ffffffff802e8c44>] print_circular_bug+0x250/0x29c
[ 4617.457220][ T6388] [<ffffffff802e8dc8>] check_noncircular+0x138/0x14c
[ 4617.457764][ T6388] [<ffffffff802ebbf4>] __lock_acquire+0xe9c/0x25ac
[ 4617.458308][ T6388] [<ffffffff802ed54e>] lock_acquire+0x24a/0x504
[ 4617.458850][ T6388] [<ffffffff864459c8>] __mutex_lock+0x164/0x1890
[ 4617.459552][ T6388] [<ffffffff86447108>] mutex_lock_nested+0x14/0x1c
[ 4617.460303][ T6388] [<ffffffff82cc65ba>] nbd_queue_rq+0x372/0xe44
[ 4617.460810][ T6388] [<ffffffff81695da4>] blk_mq_dispatch_rq_list+0x3cc/0x1ac0
[ 4617.461435][ T6388] [<ffffffff816b1072>] __blk_mq_sched_dispatch_requests+0xe12/0x13cc
[ 4617.462197][ T6388] [<ffffffff816b1722>] blk_mq_sched_dispatch_requests+0xb2/0x174
[ 4617.462950][ T6388] [<ffffffff8168ce7c>] blk_mq_run_hw_queue+0x274/0x6ec
[ 4617.463508][ T6388] [<ffffffff81693856>] blk_mq_dispatch_list+0x53e/0x1430
[ 4617.464167][ T6388] [<ffffffff816975ac>] blk_mq_flush_plug_list+0x114/0x55c
[ 4617.464812][ T6388] [<ffffffff81650240>] __blk_flush_plug+0x270/0x464
[ 4617.465380][ T6388] [<ffffffff8165117e>] __submit_bio+0x42e/0x504
[ 4617.465946][ T6388] [<ffffffff816516ac>] submit_bio_noacct_nocheck+0x458/0xdf4
[ 4617.466570][ T6388] [<ffffffff81652746>] submit_bio_noacct+0x6fe/0x2170
[ 4617.467145][ T6388] [<ffffffff8165426e>] submit_bio+0xb6/0x5b8
[ 4617.467691][ T6388] [<ffffffff80dda778>] submit_bh_wbc+0x428/0x5c0
[ 4617.468324][ T6388] [<ffffffff80de5ca6>] block_read_full_folio+0x396/0x788
[ 4617.469012][ T6388] [<ffffffff81628ee2>] blkdev_read_folio+0x26/0x30
[ 4617.469599][ T6388] [<ffffffff8089ad0e>] filemap_read_folio+0xc2/0x270
[ 4617.470253][ T6388] [<ffffffff808a8292>] do_read_cache_folio+0x22e/0x518
[ 4617.470947][ T6388] [<ffffffff808a85ca>] read_cache_folio+0x4e/0x68
[ 4617.471615][ T6388] [<ffffffff816cb220>] read_part_sector+0xbc/0x408
[ 4617.472192][ T6388] [<ffffffff816cda0e>] read_lba+0x1b6/0x32c
[ 4617.472730][ T6388] [<ffffffff816cf2ee>] find_valid_gpt.constprop.0+0x212/0x21ec
[ 4617.473324][ T6388] [<ffffffff816d13c6>] efi_partition+0xfe/0x9e0
[ 4617.473888][ T6388] [<ffffffff816ca284>] bdev_disk_changed+0x5a0/0x1180
[ 4617.474439][ T6388] [<ffffffff81625d58>] blkdev_get_whole+0x168/0x25c
[ 4617.475007][ T6388] [<ffffffff81626a94>] bdev_open+0x288/0xcc4
[ 4617.475564][ T6388] [<ffffffff8162d64c>] blkdev_open+0x2ec/0x454
[ 4617.476181][ T6388] [<ffffffff80c8fe40>] do_dentry_open+0x418/0x1170
[ 4617.476690][ T6388] [<ffffffff80c945be>] vfs_open+0xba/0x3a8
[ 4617.477201][ T6388] [<ffffffff80cebe12>] path_openat+0x144e/0x2f28
[ 4617.477903][ T6388] [<ffffffff80ceda9a>] do_file_open+0x1ae/0x398
[ 4617.478599][ T6388] [<ffffffff80c9538a>] do_sys_openat2+0xfe/0x1c0
[ 4617.479139][ T6388] [<ffffffff80c95caa>] __riscv_sys_openat+0x122/0x1e4
[ 4617.479698][ T6388] [<ffffffff80077f1e>] syscall_handler+0x92/0x114
[ 4617.480386][ T6388] [<ffffffff8642fdbe>] do_trap_ecall_u+0x402/0x680
[ 4617.481016][ T6388] [<ffffffff8645a152>] handle_exception+0x15e/0x16a
[ 4617.644239][ T6388] block nbd0: Dead connection, failed to find a fallback
[ 4617.648857][ T6388] block nbd0: shutting down sockets
[ 4617.657643][ T6388] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 4617.662326][ T6388] Buffer I/O error on dev nbd0, logical block 0, async page read
[ 4617.675539][ T6388] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 4617.697846][ T6388] Buffer I/O error on dev nbd0, logical block 1, async page read
[ 4617.703168][ T6388] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 4617.712708][ T6388] Buffer I/O error on dev nbd0, logical block 2, async page read
[ 4617.715163][ T6388] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 4617.716528][ T6388] Buffer I/O error on dev nbd0, logical block 3, async page read
[ 4617.789174][ T6388] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 4617.811915][ T6388] Buffer I/O error on dev nbd0, logical block 0, async page read
[ 4617.815463][ T6388] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 4617.817656][ T6388] Buffer I/O error on dev nbd0, logical block 1, async page read
[ 4617.882583][ T6388] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 4617.948177][ T6388] Buffer I/O error on dev nbd0, logical block 2, async page read
[ 4618.023017][ T6388] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 4618.054974][ T6388] Buffer I/O error on dev nbd0, logical block 3, async page read
[ 4618.066673][ T6388]  nbd0: unable to read partition table