syzkaller login: [ 83.619639][ T2880] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 83.626254][ T2880] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 83.660629][ T2880] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:23261' (ECDSA) to the list of known hosts. 1970/01/01 00:01:57 fuzzer started 1970/01/01 00:02:01 dialing manager at localhost:36489 [ 137.814579][ T3039] cgroup: Unknown subsys name 'net' [ 138.252626][ T3039] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:02:17 syscalls: 3049 1970/01/01 00:02:17 code coverage: CONFIG_KCOV is not enabled 1970/01/01 00:02:17 comparison tracing: CONFIG_KCOV is not enabled 1970/01/01 00:02:17 extra coverage: CONFIG_KCOV is not enabled 1970/01/01 00:02:17 delay kcov mmap: CONFIG_KCOV is not enabled 1970/01/01 00:02:17 setuid sandbox: enabled 1970/01/01 00:02:17 namespace sandbox: enabled 1970/01/01 00:02:17 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:02:17 fault injection: enabled 1970/01/01 00:02:17 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:02:17 net packet injection: enabled 1970/01/01 00:02:17 net device setup: enabled 1970/01/01 00:02:17 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:02:17 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:02:17 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:02:17 USB emulation: enabled 1970/01/01 00:02:17 hci packet injection: /dev/vhci does not exist 1970/01/01 00:02:17 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:02:17 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:02:18 fetching corpus: 0, signal 0/0 (executing program) 1970/01/01 00:02:18 fetching corpus: 0, signal 0/0 (executing program) 1970/01/01 00:02:43 starting 2 fuzzer processes 00:02:43 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:02:43 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000b40)={0x14}, 0x14}}, 0x4) [ 170.981400][ T3043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 171.028986][ T3043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 171.685432][ T3045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 171.729224][ T3045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 173.834217][ T3043] device hsr_slave_0 entered promiscuous mode [ 173.902003][ T3043] device hsr_slave_1 entered promiscuous mode [ 175.145103][ T3045] device hsr_slave_0 entered promiscuous mode [ 175.191203][ T3045] device hsr_slave_1 entered promiscuous mode [ 175.248670][ T3045] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 175.250343][ T3045] Cannot create hsr debugfs directory [ 176.645315][ T3043] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 176.808060][ T3043] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 177.031546][ T3043] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 177.171805][ T3043] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 178.002533][ T3045] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 178.085671][ T3045] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 178.178962][ T3045] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 178.263550][ T3045] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 179.665079][ T3043] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.796644][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.806493][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.373816][ T3045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.487617][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.512521][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 181.193784][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.208935][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.282424][ T2812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.298020][ T2812] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.392687][ T2812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.463088][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.674688][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.704248][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.781219][ T2812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.794659][ T2812] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.864600][ T3043] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 182.033343][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.058467][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.134674][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.150021][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.269644][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.330502][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.511030][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 182.531379][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 182.625999][ T2812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 182.642116][ T2812] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 182.711732][ T3045] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 183.096397][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 183.100042][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 183.961700][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 183.965915][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 185.302257][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 185.313464][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 186.320104][ T2812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 186.331032][ T2812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 186.645850][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 186.671323][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 186.698924][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 186.716261][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 186.771586][ T3043] device veth0_vlan entered promiscuous mode [ 186.908643][ T3043] device veth1_vlan entered promiscuous mode [ 187.163812][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 187.173573][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 187.199218][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 187.210411][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 187.259181][ T3043] device veth0_macvtap entered promiscuous mode [ 187.330050][ T3043] device veth1_macvtap entered promiscuous mode [ 187.357908][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 187.372543][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 187.594182][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 187.608865][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 187.679864][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 187.696229][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 187.762800][ T3043] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.764833][ T3043] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.766443][ T3043] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.772708][ T3043] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.105862][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 188.121312][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 188.144346][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 188.154145][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 188.193087][ T3045] device veth0_vlan entered promiscuous mode [ 188.410012][ T3045] device veth1_vlan entered promiscuous mode [ 188.741706][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 188.769810][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 188.830641][ T3045] device veth0_macvtap entered promiscuous mode [ 188.906172][ T3045] device veth1_macvtap entered promiscuous mode [ 189.134961][ T3679] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 189.158596][ T3679] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 189.175691][ T3679] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 189.191448][ T3679] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 189.301620][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 189.322939][ T3040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 189.396223][ T3045] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.399945][ T3045] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.401667][ T3045] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.403395][ T3045] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:03:09 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000b40)={0x14}, 0x14}}, 0x4) 00:03:09 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000b40)={0x14}, 0x14}}, 0x4) 00:03:10 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000b40)={0x14}, 0x14}}, 0x4) 00:03:10 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:03:10 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:03:10 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:03:10 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:03:10 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:03:11 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:03:11 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:03:11 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:03:11 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:03:12 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:03:12 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:03:12 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:03:12 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:03:13 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000b40)={0x14}, 0x14}}, 0x4) 00:03:13 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:03:13 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000b40)={0x14}, 0x14}}, 0x4) 00:03:13 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname(r0, &(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x80) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 00:03:13 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000b40)={0x14}, 0x14}}, 0x4) 00:03:14 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:03:14 executing program 1: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c80)) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:03:14 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:03:14 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:03:14 executing program 1: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c80)) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:03:15 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:03:15 executing program 1: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c80)) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:03:15 executing program 0: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c80)) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:03:15 executing program 1: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c80)) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:03:16 executing program 0: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c80)) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:03:16 executing program 1: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c80)) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:03:16 executing program 0: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c80)) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:03:16 executing program 1: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c80)) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:03:16 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:03:17 executing program 1: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c80)) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:03:17 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:03:17 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:03:17 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:03:17 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:03:18 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:03:18 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) [ 198.790293][ T3043] ------------[ cut here ]------------ [ 198.798051][ T3043] WARNING: CPU: 0 PID: 3043 at mm/kfence/core.c:1059 __kfence_free+0x80/0xb4 [ 198.801429][ T3043] Modules linked in: [ 198.803770][ T3043] CPU: 0 PID: 3043 Comm: syz-executor.1 Not tainted 6.2.0-rc2-syzkaller-00010-g69b41ac87e4a #0 [ 198.807258][ T3043] Hardware name: linux,dummy-virt (DT) [ 198.808553][ T3043] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 198.810287][ T3043] pc : __kfence_free+0x80/0xb4 [ 198.811427][ T3043] lr : __slab_free+0x358/0x55c [ 198.812465][ T3043] sp : ffff80000aaeba20 [ 198.813380][ T3043] x29: ffff80000aaeba20 x28: ffff00007b580c00 x27: ffff80000a383398 [ 198.815712][ T3043] x26: f3ff000002c02a00 x25: ffff00007b580c00 x24: ffff00007b580c00 [ 198.817706][ T3043] x23: ffff00007b580c00 x22: f9ff000005431f00 x21: ffff8000082328dc [ 198.819434][ T3043] x20: f3ff000002c02a00 x19: fffffc0001ed6000 x18: 0000000000000002 [ 198.821432][ T3043] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 198.823115][ T3043] x14: 0000000000000001 x13: 000000000006ad0a x12: fdff000005cb9b24 [ 198.824947][ T3043] x11: fdff000005cb9b00 x10: 0000000000000000 x9 : 0000000000000000 [ 198.827584][ T3043] x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffff80000a380000 [ 198.829824][ T3043] x5 : ffff8000082328dc x4 : ffff80000a6311f8 x3 : ffff80000a380340 [ 198.831546][ T3043] x2 : fdff000005cf7c00 x1 : ffff80000a642f70 x0 : ffff00007b580c00 [ 198.833711][ T3043] Call trace: [ 198.834604][ T3043] __kfence_free+0x80/0xb4 [ 198.835767][ T3043] __slab_free+0x358/0x55c [ 198.836822][ T3043] __kmem_cache_free+0x2d0/0x2f0 [ 198.838244][ T3043] kfree+0x60/0xb0 [ 198.839151][ T3043] kvfree+0x3c/0x50 [ 198.840100][ T3043] xt_free_table_info+0x78/0x90 [ 198.841282][ T3043] __do_replace+0x260/0x330 [ 198.842212][ T3043] do_ip6t_set_ctl+0x36c/0x4b4 [ 198.843144][ T3043] nf_setsockopt+0x68/0x94 [ 198.844121][ T3043] ipv6_setsockopt+0x98/0xe4 [ 198.845142][ T3043] tcp_setsockopt+0x20/0x3c [ 198.846196][ T3043] sock_common_setsockopt+0x1c/0x2c [ 198.847374][ T3043] __sys_setsockopt+0xd4/0x1a0 [ 198.848496][ T3043] __arm64_sys_setsockopt+0x28/0x40 [ 198.849813][ T3043] invoke_syscall+0x48/0x114 [ 198.850954][ T3043] el0_svc_common.constprop.0+0x44/0xec [ 198.852206][ T3043] do_el0_svc+0x38/0xc0 [ 198.853200][ T3043] el0_svc+0x2c/0xb0 [ 198.854190][ T3043] el0t_64_sync_handler+0xb8/0xc0 [ 198.855153][ T3043] el0t_64_sync+0x19c/0x1a0 [ 198.856514][ T3043] ---[ end trace 0000000000000000 ]--- 00:03:18 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:03:18 executing program 1: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd/3\x00') ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)) 00:03:18 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:03:19 executing program 1: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd/3\x00') ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)) 00:03:19 executing program 0: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd/3\x00') ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)) 00:03:19 executing program 0: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd/3\x00') ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)) 00:03:19 executing program 1: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd/3\x00') ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)) 00:03:20 executing program 0: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd/3\x00') ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)) 00:03:20 executing program 1: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd/3\x00') ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)) 00:03:20 executing program 0: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd/3\x00') ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)) 00:03:21 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000000)) 00:03:21 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000000)) 00:03:21 executing program 0: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd/3\x00') ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)) 00:03:21 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000000)) 00:03:21 executing program 0: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd/3\x00') ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)) 00:03:22 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000000)) 00:03:22 executing program 0: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000000)) 00:03:22 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'}) 00:03:22 executing program 0: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000000)) 00:03:22 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'}) 00:03:23 executing program 0: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000000)) 00:03:23 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'}) 00:03:23 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'}) 00:03:23 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'}) 00:03:23 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'}) 00:03:23 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'}) 00:03:24 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'}) 00:03:24 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'}) 00:03:24 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'}) 00:03:24 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) 00:03:24 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) 00:03:24 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) 00:03:25 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) 00:03:25 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) 00:03:25 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) 00:03:25 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) 00:03:25 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) 00:03:26 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) 00:03:26 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) 00:03:26 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) 00:03:26 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) 00:03:26 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) 00:03:26 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close(r0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f00000000c0)) 00:03:27 executing program 0: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000280), 0x24, 0x0) 00:03:27 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close(r0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f00000000c0)) 00:03:27 executing program 0: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000280), 0x24, 0x0) 00:03:27 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close(r0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f00000000c0)) 00:03:27 executing program 0: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000280), 0x24, 0x0) 00:03:28 executing program 0: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000280), 0x24, 0x0) 00:03:28 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close(r0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f00000000c0)) 00:03:28 executing program 0: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000280), 0x24, 0x0) 00:03:28 executing program 1: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000280), 0x24, 0x0) 00:03:29 executing program 0: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000280), 0x24, 0x0) 00:03:29 executing program 1: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000280), 0x24, 0x0) 00:03:29 executing program 1: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000280), 0x24, 0x0) 00:03:29 executing program 0: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000280), 0x24, 0x0) 00:03:29 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close(r0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f00000000c0)) 00:03:29 executing program 0: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close(r0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f00000000c0)) 00:03:30 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close(r0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f00000000c0)) 00:03:30 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close(r0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f00000000c0)) 00:03:30 executing program 0: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close(r0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f00000000c0)) 00:03:30 executing program 1: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) read$sequencer(r0, 0x0, 0x0) 00:03:30 executing program 0: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close(r0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f00000000c0)) 00:03:31 executing program 1: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) read$sequencer(r0, 0x0, 0x0) 00:03:31 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) read$sequencer(r0, 0x0, 0x0) 00:03:31 executing program 1: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) read$sequencer(r0, 0x0, 0x0) 00:03:31 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) read$sequencer(r0, 0x0, 0x0) 00:03:31 executing program 1: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) read$sequencer(r0, 0x0, 0x0) 00:03:31 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) read$sequencer(r0, 0x0, 0x0) 00:03:32 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4) sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), 0xffffffffffffffff) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000000c0), r6) sendmsg$NLBL_CIPSOV4_C_ADD(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="04"], 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x14, r1, 0x1}, 0x14}}, 0x0) 00:03:32 executing program 0: syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r1 = socket(0x1d, 0x2, 0x6) socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000440), 0x18) sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)={0x48, 0x0, 0x0, 0x0, 0x0, {}, [@ETHTOOL_A_WOL_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x20004011) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000002c0)={'vcan0\x00', 0x0}) ioctl$NBD_SET_FLAGS(0xffffffffffffffff, 0xab0a, 0x0) bind$can_j1939(r1, &(0x7f0000000000)={0x1d, r2, 0x2}, 0x18) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYRESOCT, @ANYRES16, @ANYRESOCT], 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[], 0x50}}, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000140), 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r1, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 00:03:34 executing program 0: syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r1 = socket(0x1d, 0x2, 0x6) socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000440), 0x18) sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)={0x48, 0x0, 0x0, 0x0, 0x0, {}, [@ETHTOOL_A_WOL_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x20004011) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000002c0)={'vcan0\x00', 0x0}) ioctl$NBD_SET_FLAGS(0xffffffffffffffff, 0xab0a, 0x0) bind$can_j1939(r1, &(0x7f0000000000)={0x1d, r2, 0x2}, 0x18) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYRESOCT, @ANYRES16, @ANYRESOCT], 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[], 0x50}}, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000140), 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r1, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 00:03:37 executing program 0: syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r1 = socket(0x1d, 0x2, 0x6) socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000440), 0x18) sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)={0x48, 0x0, 0x0, 0x0, 0x0, {}, [@ETHTOOL_A_WOL_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x20004011) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000002c0)={'vcan0\x00', 0x0}) ioctl$NBD_SET_FLAGS(0xffffffffffffffff, 0xab0a, 0x0) bind$can_j1939(r1, &(0x7f0000000000)={0x1d, r2, 0x2}, 0x18) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYRESOCT, @ANYRES16, @ANYRESOCT], 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[], 0x50}}, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000140), 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r1, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 218.198635][ T3953] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 00:03:37 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4) sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), 0xffffffffffffffff) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000000c0), r6) sendmsg$NLBL_CIPSOV4_C_ADD(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="04"], 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x14, r1, 0x1}, 0x14}}, 0x0) 00:03:39 executing program 0: syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r1 = socket(0x1d, 0x2, 0x6) socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000440), 0x18) sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)={0x48, 0x0, 0x0, 0x0, 0x0, {}, [@ETHTOOL_A_WOL_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x20004011) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000002c0)={'vcan0\x00', 0x0}) ioctl$NBD_SET_FLAGS(0xffffffffffffffff, 0xab0a, 0x0) bind$can_j1939(r1, &(0x7f0000000000)={0x1d, r2, 0x2}, 0x18) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYRESOCT, @ANYRES16, @ANYRESOCT], 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[], 0x50}}, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000140), 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r1, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 00:03:41 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4) sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), 0xffffffffffffffff) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000000c0), r6) sendmsg$NLBL_CIPSOV4_C_ADD(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="04"], 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x14, r1, 0x1}, 0x14}}, 0x0) [ 223.798009][ T3978] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 00:03:43 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4) sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), 0xffffffffffffffff) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000000c0), r6) sendmsg$NLBL_CIPSOV4_C_ADD(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="04"], 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x14, r1, 0x1}, 0x14}}, 0x0) 00:03:43 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4) sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), 0xffffffffffffffff) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000000c0), r6) sendmsg$NLBL_CIPSOV4_C_ADD(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="04"], 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), 0xffffffffffffffff) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x14, r1, 0x1}, 0x14}}, 0x0) VM DIAGNOSIS: 22:22:20 Registers: info registers vcpu 0 PC=ffff8000087bb728 X00=0000000000000030 X01=0000000000000002 X02=0000000000000000 X03=ffff80000a77d000 X04=ffff80000a4d0440 X05=0000000000000030 X06=382e38393120205b X07=205b5d3037373330 X08=73203a6d6d6f4320 X09=75636578652d7a79 X10=656c6c616b7a7973 X11=2d30313030302d72 X12=5b5d303737333038 X13=205d333430335420 X14=6f4e20312e726f74 X15=65746e6961742074 X16=2d302e322e362064 X17=6b7a79732d326372 X18=00000000fffffffb X19=ffff80000a5d8ccd X20=ffff8000087bb700 X21=fbff000002d13c80 X22=ffff80000a5d8d34 X23=0000000000000f01 X24=0000000000000074 X25=ffff80000a5d90e0 X26=0000000000000000 X27=00000000000003c0 X28=0000000000000074 X29=ffff80000aaeb260 X30=fb848000087bb73c SP=ffff80000aaeb260 PSTATE=824003c9 N--- EL2h BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=00000074616d726f:66207972616e6962 Z02=000000756c6c2570:6f6f6c2f7665642f Z03=ffffff0000000000:0000000000000000 Z04=ffffff0000000000:0000000000000000 Z05=4010040000000000:0000000000000000 Z06=4010040000000400:0000000000000000 Z07=4010040140100401:4010040140100401 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=5404000054000000:5404000054000000 Z17=000000ff00ff00ff:000000ff00ff00ff Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000 info registers vcpu 1 PC=ffff80000803ab38 X00=000000004243a000 X01=ffff7fffc7e00000 X02=0000000000000000 X03=0000002e4998ccd0 X04=0000000000000001 X05=0000000000000001 X06=0000000000000190 X07=0000000000000004 X08=ffff80000a383398 X09=0000002e49bb6bf0 X10=0000000000000001 X11=0000000000000001 X12=ffff80000a37fef8 X13=ffff800009f91988 X14=00000000000000e3 X15=0000b663965cdb74 X16=0000000000000000 X17=0000000000000000 X18=0000000000000000 X19=f6ff00000547be00 X20=0000000000000001 X21=fdff000006b90000 X22=f1ff0000050c8f80 X23=45a68000098884e0 X24=f1ff0000050c95f8 X25=0000000000000000 X26=0000000000000000 X27=0000000000000000 X28=f1ff0000050c8f80 X29=ffff80000aafbc00 X30=e7d3800009887f3c SP=ffff80000aafbc00 PSTATE=804000c9 N--- EL2h BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=00000074616d726f:66207972616e6962 Z02=000000756c6c2570:6f6f6c2f7665642f Z03=ffffff0000000000:0000000000000000 Z04=ffffff0000000000:0000000000000000 Z05=4010040000000000:0000000000000000 Z06=4010040000000400:0000000000000000 Z07=4010040140100401:4010040140100401 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=5404000054000000:5404000054000000 Z17=000000ff00ff00ff:000000ff00ff00ff Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000