last executing test programs: 1m55.290745489s ago: executing program 1 (id=607): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x530, 0x1d8, 0xffffffff, 0xffffffff, 0x1d8, 0xffffffff, 0x460, 0xffffffff, 0xffffffff, 0x460, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x1b0, 0x1d8, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'amanda\x00'}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@private1, [0xff000000, 0xffffffff, 0xff, 0xffffffff], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xff, 0xffffffff, 0xffffffff], @ipv6=@empty, [0xff000000, 0xff, 0xff, 0xff], @ipv6=@local, [0xffffffff, 0xff000000, 0xff000000, 0xffffff00], 0x80, 0x54, 0x3b, 0x4e20, 0x4e23, 0x4e21, 0x4e23, 0x446, 0x39a}, 0x100, 0x20}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0xe, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x590) syz_emit_ethernet(0x4a, &(0x7f0000000300)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, '\x00', 0x14, 0x6, 0xff, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x10, 0x7, 0x0, 0x3}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, "8b0f00", 0x14, 0x6, 0xff, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x0, 0x1, 0x0, 0xffd}}}}}}}, 0x0) 1m43.757168739s ago: executing program 0 (id=608): r0 = semget$private(0x0, 0x6, 0x0) semtimedop(r0, &(0x7f00000003c0)=[{0x0, 0x1}], 0x1, 0x0) semop(r0, &(0x7f0000001240)=[{}], 0x1) semop(r0, &(0x7f00000000c0)=[{0x0, 0xffff, 0x1000}], 0x1) 1m28.426984971s ago: executing program 0 (id=609): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'macvtap0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=@gettclass={0x24, 0x2a, 0x103, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0xe, 0xe}, {0x2, 0x2}, {0xc, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x81}, 0x80) 1m21.462398234s ago: executing program 1 (id=610): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0xb, 0x6, 0xff}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x10007f, 0x20000006, 0x4d, 0x6, 0x3, 0x9, 0x2, 0xffff2d34, 0xffffff01, 0x6, 0x3, 0xfffffffc, 0x5, 0x4, 0x2, 0x7, 0x3c5b, 0x80000001, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x0, 0x3, 0xe, 0x8, 0x8000806e, 0x7, 0x8000017, 0x1, 0x7, 0x200, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xc, 0x7, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x7, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f2f, 0xd, 0x4df, 0x2, 0x4, 0xb, 0x1, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8020, 0xffffffff, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x43, 0x103], [0x7, 0xa, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0x0, 0x6, 0x5, 0x1, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x2, 0x6d03, 0x6, 0x38, 0x7, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xc2, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x1000000a, 0x0, 0x5, 0x101c, 0x120000, 0xffffffff, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x80000000, 0xb, 0x5, 0x93a, 0x5, 0x1000006, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0x10000, 0x7f, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x96, 0xffffffff, 0x80000000, 0x0, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10080, 0x3, 0x7e, 0x100, 0x1000, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x1, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x6, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="58010000100013070000000000000000ac1414aa000000000000000000000000fe8000000000000000000000000000bb00"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ffffffff0000000000000000000000000000000032000000ac141400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000960000000000000048000200656362286369706865725f6e756c6c290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000efffffffff1f001700"], 0x158}}, 0x0) 1m15.255179403s ago: executing program 0 (id=611): syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) epoll_create1(0x80000) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x900, 0x0, 0x0, &(0x7f0000000240)={0x1f}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 55.51318172s ago: executing program 1 (id=612): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=@ipv6_newroute={0x38, 0x18, 0x1, 0x70bd2c, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x2, 0xff}, [@RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP_FLAGS={0x6, 0x6, 0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4901}, 0x0) 34.332020854s ago: executing program 1 (id=613): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000001480)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000002040)=ANY=[@ANYBLOB='@\r\x00\x00', @ANYRES16=r1, @ANYBLOB="05000000000000000000010000000600060000000000c40c0880e400008024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b24000100000000000000000000000000000000000000000000000000000000000000000024000200fcbefe9641719404cc5c9ab2766dd4793e367b0ea55e65e2e3416ac9d4e68841240002001171ee8da334a5099295af229a5d237a7f4102f01f28b34347d6cbbe135d83ec24000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c0800030000000000240002005da952055e5857d673cddd36909746c80efa3ff95c317de1063db32bc80a0b3e0003008024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0600050000000000d002098058000080060001000200000008000200ac1e00010500030000000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200ffffffff05000300000000007c000080060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200ac1414bb0500030000000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200000000000500030000000000dc000080060001000a0000001400020000000000000000000000ffffac1414aa05000300000000000600010002000000080002000000000005000300000000000600010002000000080002007f0000010500030000000000060001000200000008000200000000000500030000000000060001000200000008000200e00000010500030000000000060001000a00000014000200fc0100000000000000000000000000000500030000000000060001000200000008000200000000000500030000000000060001000200000008000200ac1e0001050003000000000094000080060001000a00000014000200fc0200000000000000000000000000000500030000000000060001000a00000014000200ff0100000000000000000000000000010500030000000000060001000200000008000200e00000010500030000000000060001000200000008000200ac1414bb0500030000000000060001000200000008000200ffffffff050003000000000088000080060001000a00000014000200fe8000000000000000000000000000aa0500030000000000060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fe8800000000000000000000000000010500030000000000060001000a00000014000200ff020000000000000000000000000001050003000000000064000080080003000000000008000a000100000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000000000024000200379aa288b2244a5b504ba04bea45625d328fb93b62e607a1b2e4da2f7f76a5499400008024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c080003000000000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b1400040002000000000000000000000000000000d807008000030980f4000080060001000a00000014000200000000000000000000000000000000000500030000000000060001000a00000014000200fc0000000000000000000000000000000500030000000000060001000200000008000200ffffffff0500030000000000060001000200000008000200ac1e00010500030000000000060001000200000008000200e000000105000300000000000600010002000000080002007f0000010500030000000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000a00000014000200fc01000000000000000000000000000005000300000000004c000080060001000200000008000200ac1414bb0500030000000000060001000200000008000200000000000500030000000000060001000200000008000200ac1414bb05000300000000000c010080060001000a00000014000200200100000000000000000000000000010500030000000000060001000200000008000200e000000205000300000000000600010002000000080002000000000005000300000000000600010002000000080002007f0000010500030000000000060001000a00000014000200fe8800000000000000000000000000010500030000000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ffffffff0500030000000000060001000200000008000200e00000010500030000000000060001000a00000014000200fc0100000000000000000000000000000500030000000000940000800600010002000000080002000000000005000300000000000600010002000000080002000000000005000300000000000600010002000000080002007f0000010500030000000000060001000200000008000200e00000020500030000000000060001000200000008000200ac1414000500030000000000060001000200000008000200ac14140005000300000000001c000080060001000200000008000200ffffffff0500030000000000080003000000000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39221d0004000a0000000000000000000000000000000000ffffac1e0001000000001c04098094000080060001000a0000001400020000000000000000000000ffffac1414bb0500030000000000060001000a00000014000200fe8800000000000000000000000000010500030000000000060001000a00000014000200ff0100000000000000000000000000010500030000000000060001000a00000014000200fe880000000000000000000000000001050003000000000064000080060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414bb0500030000000000060001000a0000001400020000000000000000000000ffffe00000020500030000000000ac000080060001000200000008000200000000000500030000000000060001000a00000014000200fe80000000000000000000000000000005000300000000000600010002000000080002007f0000010500030000000000060001000200000008000200ac1414bb0500030000000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200e0000001050003000000000064000080060001000a00000014000200fc0100000000000000000000000000000500030000000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414000500030000000000f4000080060001000200000008000200000000000500030000000000060001000a00000014000200200100000000000000000000000000000500030000000000060001000a00000014000200fc0200000000000000000000000000000500030000000000060001000a00000014000200fe8000000000000000000000000000aa0500030000000000060001000200000008000200ac1414aa0500030000000000060001000200000008000200000000000500030000000000060001000200000008000200ac1414000500030000000000060001000a00000014000200200100000000000000000000000000020500030000000000a0000080060001000a00000014000200fc0000000000000000000000000000000500030000000000060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fe8800000000000000000000000000010500030000000000060001000a00000014000200fe8000000000000000000000000000aa0500030000000000060001000200000008000200ac14140005000300000000007c000080060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fe8000000000000000000000000000000500030000000000060001000200000008000200e00000010500030000000000060001000a00000014000200fe8000000000000000000000000000bb050003000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b2400020055fbc2635cc801d67c589cc98f3cf65074dffe0886750dec83be49fbf628e1dc240002000f1b8b82264208ab1a2dce776c03b9f348f500ef8e7606466943f5ba2ae2881e0c0000800800030000000000060006000000000008000100", @ANYRES32=r2, @ANYBLOB="24000300000000000000000000000000000000000000000000000000000000000000000024000300a05ca84f6c9c8e3853e2fd7a7cae0fb20fa152600cb00845174f08076f8d7843080007"], 0xd40}}, 0x0) 34.00595056s ago: executing program 0 (id=617): openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x2202, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0xff, 0x2, 0x7ffffdbd}]}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x7e6b, 0x0, 0x100000}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x800, 0x0, 0x0, 0x0, 0x6a9}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 23.334644634s ago: executing program 0 (id=614): io_setup(0x8, &(0x7f0000000680)=0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0xff, 0x0, 0x7fc00100}]}) io_getevents(0x0, 0xfffe, 0x0, 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 15.272639278s ago: executing program 1 (id=615): openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x4380, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f00000000c0)="5bffd08307d80c79b1cb7b5f0c5b4d719c69c8513f748fbe425a7bc388c9019bef114779f7a10dc03a883d6e16a0a704f74297f381ff1db75098a9b38bb67206a7ff22e6ca46dc760bdad8a79d5951988c55a368dd1132ba7f129c2e65441eaa27492c069488df0881f123ca01ae873f5b36eb0fddb8f07420f5484d81cabde167c87ffbab6a94b24b5537bb1a08d56469f516fd4b7c66e2ac50d5ff4e52c628d0a89e53d0e78582a5ab2a2c714f66", 0xfe7c}], 0x1) ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000240)={0x2000, 0x1000000}) 178.559896ms ago: executing program 1 (id=616): r0 = socket(0x2, 0x1, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab04) 0s ago: executing program 0 (id=621): r0 = io_uring_setup(0x2f82, &(0x7f0000000200)={0x0, 0x446c5, 0x0, 0xfffffffc}) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) close(r0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:33561' (ED25519) to the list of known hosts. syzkaller login: [ 701.479628][ T3230] cgroup: Unknown subsys name 'net' [ 702.386123][ T3230] cgroup: Unknown subsys name 'cpuset' [ 702.635810][ T3230] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 804.346844][ T3230] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 995.891023][ T3239] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 996.114199][ T3239] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1003.127655][ T3237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1003.537792][ T3237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1021.592010][ T3239] hsr_slave_0: entered promiscuous mode [ 1021.836209][ T3239] hsr_slave_1: entered promiscuous mode [ 1030.442812][ T3237] hsr_slave_0: entered promiscuous mode [ 1030.504218][ T3237] hsr_slave_1: entered promiscuous mode [ 1030.536717][ T3237] debugfs: 'hsr0' already exists in 'hsr' [ 1030.551898][ T3237] Cannot create hsr debugfs directory [ 1040.435132][ T3239] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1040.833953][ T3239] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1041.414755][ T3239] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1041.629093][ T3239] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1042.351570][ T3239] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1042.545834][ T3239] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1042.944564][ T3239] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1043.107125][ T3239] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1050.564670][ T3237] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1050.707261][ T3237] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1050.806558][ T3237] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1051.060362][ T3237] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1051.227993][ T3237] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1051.446724][ T3237] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1051.697158][ T3237] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1051.902152][ T3237] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1081.812863][ T3239] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1083.896439][ T3237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1182.116613][ T3239] veth0_vlan: entered promiscuous mode [ 1184.671282][ T3239] veth1_vlan: entered promiscuous mode [ 1190.021604][ T3239] veth0_macvtap: entered promiscuous mode [ 1191.254788][ T3239] veth1_macvtap: entered promiscuous mode [ 1195.072270][ T3237] veth0_vlan: entered promiscuous mode [ 1197.311410][ T3237] veth1_vlan: entered promiscuous mode [ 1199.017008][ T57] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1199.297252][ T57] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1199.554927][ T57] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1199.586122][ T57] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1203.865414][ T3237] veth0_macvtap: entered promiscuous mode [ 1206.279132][ T3237] veth1_macvtap: entered promiscuous mode [ 1215.108837][ T3318] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1215.117758][ T3318] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1215.707968][ T3318] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1215.918090][ T3318] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1217.421245][ T3239] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1320.467260][ C1] af_packet: tpacket_rcv: packet too big, clamped from 70 to 4294967286. macoff=82 [ 1535.440168][ T31] audit: type=1800 audit(1533.790:2): pid=3960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.36" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=4118 res=0 errno=0 [ 1608.786069][ T3982] process 'syz.1.44' launched '/dev/fd/3' with NULL argv: empty string added [ 1676.215918][ T4006] mmap: syz.1.53 (4006) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 1725.518080][ T4021] dummy0: entered allmulticast mode [ 1805.109950][ T4044] netlink: 16 bytes leftover after parsing attributes in process `syz.1.67'. [ 1829.133646][ T4051] netlink: 104 bytes leftover after parsing attributes in process `syz.1.71'. [ 1887.299561][ T4067] netlink: 'syz.0.78': attribute type 12 has an invalid length. [ 2073.989954][ T4137] syz.0.100 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 2079.934952][ T3857] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 2080.422026][ T3857] usb 2-1: Using ep0 maxpacket: 32 [ 2082.954720][ T3857] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 2082.974506][ T3857] usb 2-1: config 0 has no interface number 0 [ 2083.872961][ T3857] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 2083.875766][ T3857] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2083.877968][ T3857] usb 2-1: Product: syz [ 2083.903521][ T3857] usb 2-1: Manufacturer: syz [ 2083.905467][ T3857] usb 2-1: SerialNumber: syz [ 2084.774420][ T3857] usb 2-1: config 0 descriptor?? [ 2086.027562][ T3857] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 2091.316984][ T3857] usb 2-1: qt2_attach - failed to power on unit: -110 [ 2091.345298][ T3857] quatech2 2-1:0.51: probe with driver quatech2 failed with error -110 [ 2093.580351][ T4120] usb 2-1: USB disconnect, device number 2 [ 2220.107478][ T4195] trusted_key: encrypted_key: keylen parameter is missing [ 2371.072666][ T4250] input: syz0 as /devices/virtual/input/input0 [ 2398.265565][ T4266] netlink: 'syz.1.142': attribute type 1 has an invalid length. [ 2402.820209][ T4268] input: syz0 as /devices/virtual/input/input1 [ 2513.097246][ T4306] Zero length message leads to an empty skb [ 2673.982409][ T4358] input: syz1 as /devices/virtual/input/input2 [ 2717.992022][ T4380] input: syz1 as /devices/virtual/input/input3 [ 2727.184757][ T31] audit: type=1326 audit(2981.463:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4384 comm="syz.1.186" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff96b33992 code=0x7fc00000 [ 2886.416239][ T4441] netlink: 4 bytes leftover after parsing attributes in process `syz.1.206'. [ 2938.004839][ T4456] capability: warning: `syz.0.212' uses deprecated v2 capabilities in a way that may be insecure [ 3254.310025][ T4567] netlink: 16 bytes leftover after parsing attributes in process `syz.0.252'. [ 3261.807552][ T4569] faux_driver vgem: [drm] Unknown color mode 265; guessing buffer size. [ 3308.797868][ T4583] netlink: 44 bytes leftover after parsing attributes in process `syz.0.259'. [ 3324.413006][ T4587] input: syz1 as /devices/virtual/input/input4 [ 3857.567390][ T4787] netlink: 'syz.1.336': attribute type 29 has an invalid length. [ 3858.056291][ T4789] netlink: 'syz.1.336': attribute type 29 has an invalid length. [ 3859.773171][ T4787] netlink: 'syz.1.336': attribute type 29 has an invalid length. [ 3893.742577][ T4798] netlink: 11 bytes leftover after parsing attributes in process `syz.0.340'. [ 3893.745265][ T4798] netlink: 24 bytes leftover after parsing attributes in process `syz.0.340'. [ 3893.747426][ T4798] netlink: 24 bytes leftover after parsing attributes in process `syz.0.340'. [ 3907.251217][ T31] audit: type=1326 audit(4161.633:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4802 comm="syz.1.343" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fff96b33992 code=0x0 [ 3909.582720][ T4814] netlink: 20 bytes leftover after parsing attributes in process `syz.0.344'. [ 3917.663740][ T4805] bond1: entered promiscuous mode [ 4077.377300][ T4894] block nbd0: not configured, cannot reconfigure [ 4113.768047][ T4906] input: syz0 as /devices/virtual/input/input6 [ 4184.177957][ T4938] loop0: Can't mount, would change RO state [ 4245.952883][ T4958] netlink: 'syz.1.386': attribute type 3 has an invalid length. [ 4378.982865][ T5004] netlink: 4 bytes leftover after parsing attributes in process `syz.0.400'. [ 4456.783828][ T31] audit: type=1326 audit(4711.173:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5032 comm="syz.1.412" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fff96b33992 code=0x0 [ 4516.752460][ T5053] netlink: 16 bytes leftover after parsing attributes in process `syz.1.418'. [ 4596.240380][ T5081] netlink: 'syz.1.429': attribute type 3 has an invalid length. [ 4633.934182][ T5093] netlink: 8 bytes leftover after parsing attributes in process `syz.1.434'. [ 4633.984089][ T5093] netlink: 40 bytes leftover after parsing attributes in process `syz.1.434'. [ 4831.624353][ T5156] binder: 5154:5156 ioctl 4018620d 0 returned -22 [ 4889.385097][ T3857] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 4890.004538][ T3857] usb 2-1: Using ep0 maxpacket: 16 [ 4891.636645][ T3857] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 4891.651547][ T3857] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 4891.670325][ T3857] usb 2-1: config 0 interface 0 has no altsetting 0 [ 4891.674171][ T3857] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 4891.676481][ T3857] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 4892.856443][ T3857] usb 2-1: config 0 descriptor?? [ 4897.510596][ T3857] hid (null): unknown global tag 0xd [ 4900.536369][ T3857] usb 2-1: USB disconnect, device number 3 [ 4915.793519][ T5193] block nbd0: NBD_DISCONNECT [ 4916.510499][ T5191] block nbd0: Disconnected due to user request. [ 4916.543644][ T5191] block nbd0: shutting down sockets [ 4937.563480][ T5199] ªªªªªª: renamed from vlan0 (while UP) [ 4957.097438][ T31] audit: type=1326 audit(5211.483:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5204 comm="syz.0.472" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb2b33992 code=0x7ffc0000 [ 4958.561113][ T31] audit: type=1326 audit(5211.543:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5204 comm="syz.0.472" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb2b33992 code=0x7ffc0000 [ 4958.596772][ T31] audit: type=1326 audit(5212.953:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5204 comm="syz.0.472" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0x7fffb2b33992 code=0x7ffc0000 [ 4959.464625][ T31] audit: type=1326 audit(5213.653:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5204 comm="syz.0.472" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb2b33992 code=0x7ffc0000 [ 4959.556033][ T31] audit: type=1326 audit(5213.893:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5204 comm="syz.0.472" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb2b33992 code=0x7ffc0000 [ 4959.917875][ T31] audit: type=1326 audit(5214.313:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5204 comm="syz.0.472" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb2b33992 code=0x50000 [ 4959.984315][ T31] audit: type=1326 audit(5214.343:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5204 comm="syz.0.472" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb2b33992 code=0x50000 [ 4960.062743][ T31] audit: type=1326 audit(5214.413:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5204 comm="syz.0.472" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb2b33992 code=0x50000 [ 4960.200546][ T31] audit: type=1326 audit(5214.473:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5204 comm="syz.0.472" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb2b33992 code=0x50000 [ 4960.230544][ T31] audit: type=1326 audit(5214.593:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5204 comm="syz.0.472" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb2b33992 code=0x50000 [ 4962.284222][ T31] kauditd_printk_skb: 11 callbacks suppressed [ 4962.293062][ T31] audit: type=1326 audit(5216.043:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5204 comm="syz.0.472" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb2b33992 code=0x50000 [ 5157.094380][ T876] block nbd0: Receive control failed (result -32) [ 5157.113268][ T49] block nbd0: Receive control failed (result -32) [ 5157.403182][ T5263] nbd0: detected capacity change from 0 to 63 [ 5171.111996][ T5270] netlink: 'syz.0.499': attribute type 9 has an invalid length. [ 5243.977513][ T5296] block nbd0: Dead connection, failed to find a fallback [ 5243.996645][ T5296] block nbd0: shutting down sockets [ 5244.117521][ T5296] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 5244.145791][ T5296] Buffer I/O error on dev nbd0, logical block 0, async page read [ 5244.174619][ T5296] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 5244.186795][ T5296] Buffer I/O error on dev nbd0, logical block 1, async page read [ 5244.443059][ T11] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 5244.447652][ T11] Buffer I/O error on dev nbd0, logical block 2, async page read [ 5244.666623][ T5296] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 5244.762444][ T5296] Buffer I/O error on dev nbd0, logical block 3, async page read [ 5245.111612][ T5296] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 5245.115216][ T5296] Buffer I/O error on dev nbd0, logical block 0, async page read [ 5245.312114][ T5296] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 5245.356664][ T5296] Buffer I/O error on dev nbd0, logical block 1, async page read [ 5245.556690][ T5296] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 5245.615036][ T5296] Buffer I/O error on dev nbd0, logical block 2, async page read [ 5245.872130][ T5296] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 5245.926738][ T5296] Buffer I/O error on dev nbd0, logical block 3, async page read [ 5246.035930][ T5296] nbd0: unable to read partition table [ 5250.990463][ T5300] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 5347.145637][ T5336] input: syz1 as /devices/virtual/input/input7 [ 5472.563309][ T5389] bpf: Bad value for 'uid' [ 5763.665386][ T5482] Invalid ELF header magic: != ELF [ 5872.100243][ T5518] netlink: 16 bytes leftover after parsing attributes in process `syz.1.589'. [ 5872.484450][ T5518] netlink: 12 bytes leftover after parsing attributes in process `syz.1.589'. [ 5872.501843][ T5518] netlink: 12 bytes leftover after parsing attributes in process `syz.1.589'. [ 5887.385205][ T5523] input: syz1 as /devices/virtual/input/input8 [ 5990.048890][ T5566] xt_hashlimit: size too large, truncated to 1048576 [ 6056.491505][ T5587] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 6056.503155][ T5587] IPv6: NLM_F_CREATE should be set when creating new route [ 6086.924721][ T31] audit: type=1326 audit(6341.133:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5594 comm="syz.0.614" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb2b33992 code=0x7fc00000 [ 6104.338027][ T5602] [ 6104.338848][ T5602] ====================================================== [ 6104.339493][ T5602] WARNING: possible circular locking dependency detected [ 6104.340510][ T5602] syzkaller #0 Tainted: G W L [ 6104.341535][ T5602] ------------------------------------------------------ [ 6104.342345][ T5602] syz.1.616/5602 is trying to acquire lock: [ 6104.343048][ T5602] ffffaf8030600260 (sk_lock-AF_INET){+.+.}-{0:0}, at: inet_shutdown+0x68/0x3c0 [ 6104.345151][ T5602] [ 6104.345151][ T5602] but task is already holding lock: [ 6104.345918][ T5602] ffffaf801e304a68 (&nsock->tx_lock){+.+.}-{4:4}, at: sock_shutdown+0x13a/0x238 [ 6104.347751][ T5602] [ 6104.347751][ T5602] which lock already depends on the new lock. [ 6104.347751][ T5602] [ 6104.348562][ T5602] [ 6104.348562][ T5602] the existing dependency chain (in reverse order) is: [ 6104.349284][ T5602] [ 6104.349284][ T5602] -> #6 (&nsock->tx_lock){+.+.}-{4:4}: [ 6104.350625][ T5602] lock_acquire+0x246/0x500 [ 6104.351569][ T5602] __mutex_lock+0x164/0x18f4 [ 6104.352298][ T5602] mutex_lock_nested+0x14/0x1c [ 6104.353061][ T5602] nbd_queue_rq+0x372/0xe44 [ 6104.353906][ T5602] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 6104.354815][ T5602] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 6104.355627][ T5602] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 6104.356426][ T5602] blk_mq_run_hw_queue+0x274/0x6ec [ 6104.357391][ T5602] blk_mq_dispatch_list+0x53e/0x1430 [ 6104.358345][ T5602] blk_mq_flush_plug_list+0x114/0x55c [ 6104.359209][ T5602] __blk_flush_plug+0x270/0x464 [ 6104.360046][ T5602] __submit_bio+0x42e/0x504 [ 6104.360980][ T5602] submit_bio_noacct_nocheck+0x458/0xdec [ 6104.361920][ T5602] submit_bio_noacct+0x6fe/0x2168 [ 6104.362849][ T5602] submit_bio+0xb6/0x5b8 [ 6104.363745][ T5602] submit_bh_wbc+0x4d8/0x6bc [ 6104.364536][ T5602] block_read_full_folio+0x396/0x788 [ 6104.365370][ T5602] blkdev_read_folio+0x26/0x30 [ 6104.366162][ T5602] filemap_read_folio+0xc2/0x270 [ 6104.367036][ T5602] do_read_cache_folio+0x22e/0x518 [ 6104.367813][ T5602] read_cache_folio+0x4e/0x68 [ 6104.368623][ T5602] read_part_sector+0xbc/0x408 [ 6104.369501][ T5602] read_lba+0x1b6/0x32c [ 6104.370306][ T5602] find_valid_gpt.constprop.0+0x212/0x21ec [ 6104.371317][ T5602] efi_partition+0xfa/0xae0 [ 6104.372231][ T5602] bdev_disk_changed+0x5b8/0x11b4 [ 6104.373223][ T5602] blkdev_get_whole+0x168/0x25c [ 6104.374106][ T5602] bdev_open+0x288/0xcc4 [ 6104.375064][ T5602] blkdev_open+0x2ec/0x454 [ 6104.375943][ T5602] do_dentry_open+0x418/0x1170 [ 6104.376780][ T5602] vfs_open+0xba/0x3a8 [ 6104.377638][ T5602] path_openat+0x144e/0x2f28 [ 6104.378541][ T5602] do_file_open+0x1ae/0x398 [ 6104.379444][ T5602] do_sys_openat2+0xfe/0x1c0 [ 6104.380489][ T5602] __riscv_sys_openat+0x122/0x1e4 [ 6104.381575][ T5602] syscall_handler+0x92/0x114 [ 6104.382405][ T5602] do_trap_ecall_u+0x3dc/0x61c [ 6104.383225][ T5602] handle_exception+0x15e/0x16a [ 6104.384397][ T5602] [ 6104.384397][ T5602] -> #5 (&cmd->lock){+.+.}-{4:4}: [ 6104.385907][ T5602] lock_acquire+0x246/0x500 [ 6104.386774][ T5602] __mutex_lock+0x164/0x18f4 [ 6104.387626][ T5602] mutex_lock_nested+0x14/0x1c [ 6104.388448][ T5602] nbd_queue_rq+0xc4/0xe44 [ 6104.389377][ T5602] blk_mq_dispatch_rq_list+0x3cc/0x1ac0 [ 6104.390488][ T5602] __blk_mq_sched_dispatch_requests+0xe12/0x13cc [ 6104.391526][ T5602] blk_mq_sched_dispatch_requests+0xb2/0x174 [ 6104.392400][ T5602] blk_mq_run_hw_queue+0x274/0x6ec [ 6104.393340][ T5602] blk_mq_dispatch_list+0x53e/0x1430 [ 6104.394345][ T5602] blk_mq_flush_plug_list+0x114/0x55c [ 6104.395585][ T5602] __blk_flush_plug+0x270/0x464 [ 6104.396579][ T5602] __submit_bio+0x42e/0x504 [ 6104.397719][ T5602] submit_bio_noacct_nocheck+0x458/0xdec [ 6104.398820][ T5602] submit_bio_noacct+0x6fe/0x2168 [ 6104.399736][ T5602] submit_bio+0xb6/0x5b8 [ 6104.400676][ T5602] submit_bh_wbc+0x4d8/0x6bc [ 6104.401640][ T5602] block_read_full_folio+0x396/0x788 [ 6104.403010][ T5602] blkdev_read_folio+0x26/0x30 [ 6104.404558][ T5602] filemap_read_folio+0xc2/0x270 [ 6104.405803][ T5602] do_read_cache_folio+0x22e/0x518 [ 6104.406995][ T5602] read_cache_folio+0x4e/0x68 [ 6104.408212][ T5602] read_part_sector+0xbc/0x408 [ 6104.409569][ T5602] read_lba+0x1b6/0x32c [ 6104.410909][ T5602] find_valid_gpt.constprop.0+0x212/0x21ec [ 6104.412996][ T5602] efi_partition+0xfa/0xae0 [ 6104.414752][ T5602] bdev_disk_changed+0x5b8/0x11b4 [ 6104.416297][ T5602] blkdev_get_whole+0x168/0x25c [ 6104.417817][ T5602] bdev_open+0x288/0xcc4 [ 6104.419260][ T5602] blkdev_open+0x2ec/0x454 [ 6104.421256][ T5602] do_dentry_open+0x418/0x1170 [ 6104.422957][ T5602] vfs_open+0xba/0x3a8 [ 6104.424382][ T5602] path_openat+0x144e/0x2f28 [ 6104.425782][ T5602] do_file_open+0x1ae/0x398 [ 6104.427091][ T5602] do_sys_openat2+0xfe/0x1c0 [ 6104.428506][ T5602] __riscv_sys_openat+0x122/0x1e4 [ 6104.430045][ T5602] syscall_handler+0x92/0x114 [ 6104.431457][ T5602] do_trap_ecall_u+0x3dc/0x61c [ 6104.432883][ T5602] handle_exception+0x15e/0x16a [ 6104.434424][ T5602] [ 6104.434424][ T5602] -> #4 (set->srcu){.+.+}-{0:0}: [ 6104.436797][ T5602] lock_sync+0xea/0x1cc [ 6104.438125][ T5602] __synchronize_srcu+0xd4/0x2a8 [ 6104.439642][ T5602] synchronize_srcu+0x194/0x9e4 [ 6104.441239][ T5602] blk_mq_quiesce_queue+0x124/0x194 [ 6104.442692][ T5602] elevator_switch+0x16a/0x4e4 [ 6104.444033][ T5602] elevator_change+0x2f4/0x4ac [ 6104.445415][ T5602] elevator_set_default+0x280/0x370 [ 6104.446763][ T5602] blk_register_queue+0x40c/0x598 [ 6104.447905][ T5602] __add_disk+0x69a/0xda4 [ 6104.449245][ T5602] add_disk_fwnode+0xe8/0x48c [ 6104.450709][ T5602] device_add_disk+0x28/0x38 [ 6104.452060][ T5602] nbd_dev_add+0x692/0xaec [ 6104.453290][ T5602] nbd_init+0x3d4/0x3f8 [ 6104.454640][ T5602] do_one_initcall+0x18c/0xcc8 [ 6104.455880][ T5602] kernel_init_freeable+0x6d2/0x7bc [ 6104.457462][ T5602] kernel_init+0x28/0x240 [ 6104.458852][ T5602] ret_from_fork_kernel+0x94/0xef8 [ 6104.460179][ T5602] ret_from_fork_kernel_asm+0x16/0x18 [ 6104.461620][ T5602] [ 6104.461620][ T5602] -> #3 (&q->elevator_lock){+.+.}-{4:4}: [ 6104.463872][ T5602] lock_acquire+0x246/0x500 [ 6104.465146][ T5602] __mutex_lock+0x164/0x18f4 [ 6104.466260][ T5602] mutex_lock_nested+0x14/0x1c [ 6104.467383][ T5602] elevator_change+0x192/0x4ac [ 6104.468566][ T5602] elevator_set_none+0xa8/0x120 [ 6104.469851][ T5602] blk_mq_update_nr_hw_queues+0x43a/0x13a0 [ 6104.471471][ T5602] nbd_start_device+0x156/0xb74 [ 6104.472691][ T5602] nbd_genl_connect+0xe74/0x1a4c [ 6104.474011][ T5602] genl_family_rcv_msg_doit+0x1f6/0x2d8 [ 6104.475459][ T5602] genl_rcv_msg+0x4b2/0x73c [ 6104.476801][ T5602] netlink_rcv_skb+0x1e8/0x394 [ 6104.478078][ T5602] genl_rcv+0x32/0x4c [ 6104.479321][ T5602] netlink_unicast+0x4f6/0x7c0 [ 6104.480619][ T5602] netlink_sendmsg+0x7e0/0xd64 [ 6104.481984][ T5602] __sock_sendmsg+0xca/0x160 [ 6104.483176][ T5602] ____sys_sendmsg+0x636/0x794 [ 6104.484364][ T5602] ___sys_sendmsg+0x1a4/0x1e8 [ 6104.485640][ T5602] __sys_sendmsg+0x18e/0x234 [ 6104.487144][ T5602] __riscv_sys_sendmsg+0x70/0xa4 [ 6104.488605][ T5602] syscall_handler+0x92/0x114 [ 6104.489979][ T5602] do_trap_ecall_u+0x3dc/0x61c [ 6104.491432][ T5602] handle_exception+0x15e/0x16a [ 6104.492892][ T5602] [ 6104.492892][ T5602] -> #2 (&q->q_usage_counter(io)#19){++++}-{0:0}: [ 6104.495462][ T5602] lock_acquire+0x246/0x500 [ 6104.496832][ T5602] blk_alloc_queue+0x5b4/0x6f4 [ 6104.498278][ T5602] blk_mq_alloc_queue+0x15e/0x250 [ 6104.499420][ T5602] __blk_mq_alloc_disk+0x2a/0xd8 [ 6104.500557][ T5602] nbd_dev_add+0x426/0xaec [ 6104.501764][ T5602] nbd_init+0x3d4/0x3f8 [ 6104.503018][ T5602] do_one_initcall+0x18c/0xcc8 [ 6104.504248][ T5602] kernel_init_freeable+0x6d2/0x7bc [ 6104.505743][ T5602] kernel_init+0x28/0x240 [ 6104.507127][ T5602] ret_from_fork_kernel+0x94/0xef8 [ 6104.508404][ T5602] ret_from_fork_kernel_asm+0x16/0x18 [ 6104.509847][ T5602] [ 6104.509847][ T5602] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 6104.511977][ T5602] lock_acquire+0x246/0x500 [ 6104.513303][ T5602] fs_reclaim_acquire+0xc6/0x100 [ 6104.514570][ T5602] kmem_cache_alloc_node_noprof+0x40/0x6e8 [ 6104.516058][ T5602] __alloc_skb+0x17c/0x778 [ 6104.517290][ T5602] tcp_stream_alloc_skb+0x2e/0x4d8 [ 6104.518742][ T5602] tcp_sendmsg_locked+0xe1a/0x3f98 [ 6104.520192][ T5602] tcp_sendmsg+0x32/0x50 [ 6104.521625][ T5602] inet_sendmsg+0x9a/0xd8 [ 6104.522838][ T5602] __sock_sendmsg+0xca/0x160 [ 6104.524089][ T5602] sock_write_iter+0x298/0x3e8 [ 6104.525385][ T5602] vfs_write+0x648/0xc78 [ 6104.526891][ T5602] ksys_write+0x1f4/0x238 [ 6104.528055][ T5602] __riscv_sys_write+0x6e/0x94 [ 6104.529219][ T5602] syscall_handler+0x92/0x114 [ 6104.530620][ T5602] do_trap_ecall_u+0x3dc/0x61c [ 6104.531960][ T5602] handle_exception+0x15e/0x16a [ 6104.533330][ T5602] [ 6104.533330][ T5602] -> #0 (sk_lock-AF_INET){+.+.}-{0:0}: [ 6104.535338][ T5602] check_noncircular+0x138/0x14c [ 6104.536627][ T5602] __lock_acquire+0xe9c/0x25ac [ 6104.537920][ T5602] lock_acquire+0x246/0x500 [ 6104.539190][ T5602] lock_sock_nested+0x38/0xf8 [ 6104.540600][ T5602] inet_shutdown+0x68/0x3c0 [ 6104.541828][ T5602] kernel_sock_shutdown+0x58/0x7c [ 6104.543015][ T5602] nbd_mark_nsock_dead+0xaa/0x510 [ 6104.544480][ T5602] sock_shutdown+0x144/0x238 [ 6104.545992][ T5602] nbd_ioctl+0x22c/0xbd4 [ 6104.547106][ T5602] blkdev_ioctl+0x4cc/0x12e4 [ 6104.548431][ T5602] __riscv_sys_ioctl+0x17c/0x1e4 [ 6104.549839][ T5602] syscall_handler+0x92/0x114 [ 6104.551155][ T5602] do_trap_ecall_u+0x3dc/0x61c [ 6104.552469][ T5602] handle_exception+0x15e/0x16a [ 6104.553909][ T5602] [ 6104.553909][ T5602] other info that might help us debug this: [ 6104.553909][ T5602] [ 6104.555229][ T5602] Chain exists of: [ 6104.555229][ T5602] sk_lock-AF_INET --> &cmd->lock --> &nsock->tx_lock [ 6104.555229][ T5602] [ 6104.558140][ T5602] Possible unsafe locking scenario: [ 6104.558140][ T5602] [ 6104.559132][ T5602] CPU0 CPU1 [ 6104.559997][ T5602] ---- ---- [ 6104.561032][ T5602] lock(&nsock->tx_lock); [ 6104.562370][ T5602] lock(&cmd->lock); [ 6104.563891][ T5602] lock(&nsock->tx_lock); [ 6104.565500][ T5602] lock(sk_lock-AF_INET); [ 6104.566773][ T5602] [ 6104.566773][ T5602] *** DEADLOCK *** [ 6104.566773][ T5602] [ 6104.567882][ T5602] 2 locks held by syz.1.616/5602: [ 6104.568907][ T5602] #0: ffffaf801acbc260 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x14a/0xbd4 [ 6104.571975][ T5602] #1: ffffaf801e304a68 (&nsock->tx_lock){+.+.}-{4:4}, at: sock_shutdown+0x13a/0x238 [ 6104.575219][ T5602] [ 6104.575219][ T5602] stack backtrace: [ 6104.576729][ T5602] CPU: 1 UID: 0 PID: 5602 Comm: syz.1.616 Tainted: G W L syzkaller #0 PREEMPT [ 6104.577670][ T5602] Tainted: [W]=WARN, [L]=SOFTLOCKUP [ 6104.577914][ T5602] Hardware name: riscv-virtio,qemu (DT) [ 6104.578203][ T5602] Call Trace: [ 6104.578433][ T5602] [] dump_backtrace+0x2e/0x3c [ 6104.579229][ T5602] [] show_stack+0x30/0x3c [ 6104.579794][ T5602] [] dump_stack_lvl+0x114/0x1ac [ 6104.580643][ T5602] [] dump_stack+0x1c/0x28 [ 6104.581507][ T5602] [] print_circular_bug+0x250/0x29c [ 6104.582206][ T5602] [] check_noncircular+0x138/0x14c [ 6104.582873][ T5602] [] __lock_acquire+0xe9c/0x25ac [ 6104.583538][ T5602] [] lock_acquire+0x246/0x500 [ 6104.584196][ T5602] [] lock_sock_nested+0x38/0xf8 [ 6104.585011][ T5602] [] inet_shutdown+0x68/0x3c0 [ 6104.585625][ T5602] [] kernel_sock_shutdown+0x58/0x7c [ 6104.586190][ T5602] [] nbd_mark_nsock_dead+0xaa/0x510 [ 6104.587069][ T5602] [] sock_shutdown+0x144/0x238 [ 6104.587938][ T5602] [] nbd_ioctl+0x22c/0xbd4 [ 6104.588485][ T5602] [] blkdev_ioctl+0x4cc/0x12e4 [ 6104.589193][ T5602] [] __riscv_sys_ioctl+0x17c/0x1e4 [ 6104.589973][ T5602] [] syscall_handler+0x92/0x114 [ 6104.590650][ T5602] [] do_trap_ecall_u+0x3dc/0x61c [ 6104.591408][ T5602] [] handle_exception+0x15e/0x16a [ 6104.711089][ T5602] block nbd1: shutting down sockets