syzkaller login: [ 469.255602][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 469.337208][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 469.381105][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 478.371077][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:10341' (ECDSA) to the list of known hosts. 1970/01/01 00:09:07 fuzzer started 1970/01/01 00:09:21 dialing manager at localhost:37477 [ 566.218811][ T2029] cgroup: Unknown subsys name 'net' [ 567.148175][ T2029] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:09:27 syscalls: 2918 1970/01/01 00:09:27 code coverage: enabled 1970/01/01 00:09:27 comparison tracing: enabled 1970/01/01 00:09:27 extra coverage: enabled 1970/01/01 00:09:27 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:09:27 setuid sandbox: enabled 1970/01/01 00:09:27 namespace sandbox: enabled 1970/01/01 00:09:27 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:09:27 fault injection: enabled 1970/01/01 00:09:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:09:27 net packet injection: enabled 1970/01/01 00:09:27 net device setup: enabled 1970/01/01 00:09:27 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:09:27 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:09:27 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:09:27 USB emulation: enabled 1970/01/01 00:09:27 hci packet injection: /dev/vhci does not exist 1970/01/01 00:09:27 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:09:27 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:09:27 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:09:32 fetching corpus: 50, signal 34985/38130 (executing program) 1970/01/01 00:09:35 fetching corpus: 100, signal 45400/49717 (executing program) 1970/01/01 00:09:39 fetching corpus: 150, signal 55121/60405 (executing program) 1970/01/01 00:09:41 fetching corpus: 199, signal 61381/67589 (executing program) 1970/01/01 00:09:45 fetching corpus: 249, signal 66076/73144 (executing program) 1970/01/01 00:09:50 fetching corpus: 299, signal 72496/80139 (executing program) 1970/01/01 00:09:53 fetching corpus: 348, signal 76890/85173 (executing program) 1970/01/01 00:09:57 fetching corpus: 398, signal 84887/93266 (executing program) 1970/01/01 00:09:59 fetching corpus: 448, signal 87376/96419 (executing program) 1970/01/01 00:10:03 fetching corpus: 498, signal 91962/101311 (executing program) 1970/01/01 00:10:05 fetching corpus: 547, signal 95548/105248 (executing program) 1970/01/01 00:10:10 fetching corpus: 596, signal 99212/109109 (executing program) 1970/01/01 00:10:13 fetching corpus: 645, signal 102670/112714 (executing program) 1970/01/01 00:10:15 fetching corpus: 695, signal 105716/115953 (executing program) 1970/01/01 00:10:20 fetching corpus: 745, signal 107223/117833 (executing program) 1970/01/01 00:10:22 fetching corpus: 795, signal 109220/120048 (executing program) 1970/01/01 00:10:25 fetching corpus: 845, signal 111494/122420 (executing program) 1970/01/01 00:10:29 fetching corpus: 895, signal 114051/124969 (executing program) 1970/01/01 00:10:31 fetching corpus: 945, signal 115615/126717 (executing program) 1970/01/01 00:10:34 fetching corpus: 995, signal 117449/128586 (executing program) 1970/01/01 00:10:36 fetching corpus: 1045, signal 118997/130168 (executing program) 1970/01/01 00:10:39 fetching corpus: 1093, signal 120853/131989 (executing program) 1970/01/01 00:10:41 fetching corpus: 1142, signal 122287/133493 (executing program) 1970/01/01 00:10:43 fetching corpus: 1192, signal 124167/135245 (executing program) 1970/01/01 00:10:45 fetching corpus: 1242, signal 125550/136650 (executing program) 1970/01/01 00:10:49 fetching corpus: 1292, signal 127276/138200 (executing program) 1970/01/01 00:10:52 fetching corpus: 1341, signal 128606/139427 (executing program) 1970/01/01 00:10:54 fetching corpus: 1389, signal 130033/140762 (executing program) 1970/01/01 00:10:58 fetching corpus: 1439, signal 132207/142451 (executing program) 1970/01/01 00:11:00 fetching corpus: 1488, signal 133906/143871 (executing program) 1970/01/01 00:11:03 fetching corpus: 1537, signal 135104/144889 (executing program) 1970/01/01 00:11:05 fetching corpus: 1587, signal 136336/145914 (executing program) 1970/01/01 00:11:08 fetching corpus: 1636, signal 138079/147187 (executing program) 1970/01/01 00:11:10 fetching corpus: 1684, signal 139292/148140 (executing program) 1970/01/01 00:11:13 fetching corpus: 1734, signal 140797/149233 (executing program) 1970/01/01 00:11:16 fetching corpus: 1783, signal 142509/150370 (executing program) 1970/01/01 00:11:18 fetching corpus: 1832, signal 143459/151078 (executing program) 1970/01/01 00:11:22 fetching corpus: 1882, signal 144887/152026 (executing program) 1970/01/01 00:11:26 fetching corpus: 1931, signal 146289/152934 (executing program) 1970/01/01 00:11:30 fetching corpus: 1980, signal 147759/153855 (executing program) 1970/01/01 00:11:32 fetching corpus: 2030, signal 148800/154498 (executing program) 1970/01/01 00:11:34 fetching corpus: 2079, signal 149679/155052 (executing program) 1970/01/01 00:11:37 fetching corpus: 2127, signal 151081/155808 (executing program) 1970/01/01 00:11:40 fetching corpus: 2177, signal 151817/156257 (executing program) 1970/01/01 00:11:42 fetching corpus: 2227, signal 153151/156919 (executing program) 1970/01/01 00:11:44 fetching corpus: 2277, signal 154108/157414 (executing program) 1970/01/01 00:11:48 fetching corpus: 2326, signal 155753/158166 (executing program) 1970/01/01 00:11:51 fetching corpus: 2372, signal 157124/158739 (executing program) 1970/01/01 00:11:51 fetching corpus: 2372, signal 157124/158766 (executing program) 1970/01/01 00:11:51 fetching corpus: 2372, signal 157124/158804 (executing program) 1970/01/01 00:11:51 fetching corpus: 2372, signal 157124/158840 (executing program) 1970/01/01 00:11:51 fetching corpus: 2372, signal 157124/158880 (executing program) 1970/01/01 00:11:52 fetching corpus: 2372, signal 157124/158914 (executing program) 1970/01/01 00:11:52 fetching corpus: 2372, signal 157124/158949 (executing program) 1970/01/01 00:11:52 fetching corpus: 2372, signal 157124/158986 (executing program) 1970/01/01 00:11:52 fetching corpus: 2372, signal 157124/159011 (executing program) 1970/01/01 00:11:52 fetching corpus: 2372, signal 157124/159046 (executing program) 1970/01/01 00:11:52 fetching corpus: 2372, signal 157124/159087 (executing program) 1970/01/01 00:11:53 fetching corpus: 2372, signal 157124/159121 (executing program) 1970/01/01 00:11:53 fetching corpus: 2372, signal 157124/159148 (executing program) 1970/01/01 00:11:53 fetching corpus: 2372, signal 157124/159184 (executing program) 1970/01/01 00:11:53 fetching corpus: 2372, signal 157124/159212 (executing program) 1970/01/01 00:11:53 fetching corpus: 2372, signal 157124/159254 (executing program) 1970/01/01 00:11:53 fetching corpus: 2372, signal 157124/159298 (executing program) 1970/01/01 00:11:53 fetching corpus: 2372, signal 157124/159338 (executing program) 1970/01/01 00:11:54 fetching corpus: 2372, signal 157124/159364 (executing program) 1970/01/01 00:11:54 fetching corpus: 2372, signal 157124/159401 (executing program) 1970/01/01 00:11:54 fetching corpus: 2372, signal 157124/159440 (executing program) 1970/01/01 00:11:54 fetching corpus: 2372, signal 157124/159478 (executing program) 1970/01/01 00:11:54 fetching corpus: 2372, signal 157124/159510 (executing program) 1970/01/01 00:11:54 fetching corpus: 2372, signal 157124/159536 (executing program) 1970/01/01 00:11:55 fetching corpus: 2372, signal 157124/159571 (executing program) 1970/01/01 00:11:55 fetching corpus: 2372, signal 157124/159598 (executing program) 1970/01/01 00:11:55 fetching corpus: 2372, signal 157124/159632 (executing program) 1970/01/01 00:11:55 fetching corpus: 2372, signal 157124/159670 (executing program) 1970/01/01 00:11:55 fetching corpus: 2372, signal 157124/159705 (executing program) 1970/01/01 00:11:55 fetching corpus: 2372, signal 157124/159749 (executing program) 1970/01/01 00:11:56 fetching corpus: 2372, signal 157124/159777 (executing program) 1970/01/01 00:11:56 fetching corpus: 2372, signal 157124/159810 (executing program) 1970/01/01 00:11:56 fetching corpus: 2372, signal 157124/159810 (executing program) 1970/01/01 00:13:38 starting 2 fuzzer processes 00:13:39 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write(r0, &(0x7f0000000180)="89a3bae0", 0x4) 00:13:39 executing program 1: r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000800), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x11) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 845.497207][ T2040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 845.580264][ T2040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 848.262241][ T2039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 848.362806][ T2039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 858.439261][ T2040] device hsr_slave_0 entered promiscuous mode [ 858.583581][ T2040] device hsr_slave_1 entered promiscuous mode [ 860.391165][ T2039] device hsr_slave_0 entered promiscuous mode [ 860.549354][ T2039] device hsr_slave_1 entered promiscuous mode [ 860.573705][ T2039] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 860.579224][ T2039] Cannot create hsr debugfs directory [ 866.681486][ T2040] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 866.819824][ T2040] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 866.906715][ T2040] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 866.995759][ T2040] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 868.370894][ T2039] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 868.530515][ T2039] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 868.709747][ T2039] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 868.809468][ T2039] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 878.353349][ T2039] 8021q: adding VLAN 0 to HW filter on device bond0 [ 878.810680][ T2040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 879.358738][ T2098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 879.468474][ T2098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 879.521884][ T2098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 879.609164][ T2098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 885.977304][ T2201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 886.058471][ T2201] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 886.309394][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 886.378319][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 886.569510][ T2646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 886.627341][ T2646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 887.215335][ T2098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 887.252000][ T2098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 887.278251][ T2098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 887.293492][ T2098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 887.417688][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 887.770015][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 888.067011][ T2201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 888.109763][ T2201] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 888.736116][ T2039] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 888.910635][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 888.952223][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 889.007697][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 889.047485][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 889.457777][ T2201] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 889.490627][ T2201] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 889.711034][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 895.452212][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 895.468275][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 895.471892][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 895.477970][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 906.922511][ T2646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 907.011565][ T2646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 907.328861][ T2098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 907.378062][ T2098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 913.358559][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 913.393066][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 913.471920][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 913.497678][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 913.606155][ T2039] device veth0_vlan entered promiscuous mode [ 914.000258][ T2039] device veth1_vlan entered promiscuous mode [ 914.512541][ T2646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 914.560611][ T2646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 914.669280][ T2646] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 914.731271][ T2646] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 914.873315][ T2040] device veth0_vlan entered promiscuous mode [ 915.543635][ T2726] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 915.609004][ T2726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 915.762929][ T2040] device veth1_vlan entered promiscuous mode [ 915.947999][ T2039] device veth0_macvtap entered promiscuous mode [ 916.360597][ T2039] device veth1_macvtap entered promiscuous mode [ 916.568567][ T2726] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 917.417169][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 917.461515][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 917.492648][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 917.520585][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 917.721588][ T2040] device veth0_macvtap entered promiscuous mode [ 918.135098][ T2040] device veth1_macvtap entered promiscuous mode [ 918.280997][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 918.319327][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 918.357407][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 918.392990][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 918.462190][ T2039] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 918.470510][ T2039] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 918.472263][ T2039] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 918.491805][ T2039] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 920.128813][ T2646] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 920.185488][ T2646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 920.558666][ T2726] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 920.575640][ T2726] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 921.100309][ T2040] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 921.102279][ T2040] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 921.103811][ T2040] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 921.107390][ T2040] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:15:26 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write(r0, &(0x7f0000000180)="89a3bae0", 0x4) 00:15:28 executing program 1: r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000800), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x11) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 00:15:29 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write(r0, &(0x7f0000000180)="89a3bae0", 0x4) 00:15:32 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write(r0, &(0x7f0000000180)="89a3bae0", 0x4) 00:15:34 executing program 1: r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000800), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x11) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 00:15:38 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write(r0, &(0x7f0000000180)="89a3bae0", 0x4) 00:15:41 executing program 1: r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000800), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x11) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 00:15:44 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write(r0, &(0x7f0000000180)="89a3bae0", 0x4) 00:15:52 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write(r0, &(0x7f0000000180)="89a3bae0", 0x4) 00:15:54 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 00:15:59 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 00:16:01 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 00:16:06 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 00:16:06 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 00:16:09 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 00:16:11 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 00:16:14 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 00:16:16 executing program 1: sendmsg$NL80211_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, 0x0}, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x10, &(0x7f00000001c0)={r2}, &(0x7f0000000200)=0x8) [ 979.505253][ T2797] sctp: [Deprecated]: syz-executor.1 (pid 2797) Use of struct sctp_assoc_value in delayed_ack socket option. [ 979.505253][ T2797] Use struct sctp_sack_info instead 00:16:19 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 00:16:19 executing program 1: sendmsg$NL80211_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, 0x0}, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x10, &(0x7f00000001c0)={r2}, &(0x7f0000000200)=0x8) [ 982.941067][ T2801] sctp: [Deprecated]: syz-executor.1 (pid 2801) Use of struct sctp_assoc_value in delayed_ack socket option. [ 982.941067][ T2801] Use struct sctp_sack_info instead 00:16:23 executing program 1: sendmsg$NL80211_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, 0x0}, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x10, &(0x7f00000001c0)={r2}, &(0x7f0000000200)=0x8) 00:16:23 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) [ 986.202488][ T2804] sctp: [Deprecated]: syz-executor.1 (pid 2804) Use of struct sctp_assoc_value in delayed_ack socket option. [ 986.202488][ T2804] Use struct sctp_sack_info instead 00:16:26 executing program 1: sendmsg$NL80211_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, 0x0}, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x10, &(0x7f00000001c0)={r2}, &(0x7f0000000200)=0x8) [ 990.667818][ T2807] sctp: [Deprecated]: syz-executor.1 (pid 2807) Use of struct sctp_assoc_value in delayed_ack socket option. [ 990.667818][ T2807] Use struct sctp_sack_info instead 00:16:30 executing program 0: r0 = landlock_create_ruleset(&(0x7f00000001c0)={0x408}, 0x8, 0x0) read(r0, 0x0, 0x0) 00:16:32 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:16:33 executing program 0: r0 = landlock_create_ruleset(&(0x7f00000001c0)={0x408}, 0x8, 0x0) read(r0, 0x0, 0x0) 00:16:36 executing program 0: r0 = landlock_create_ruleset(&(0x7f00000001c0)={0x408}, 0x8, 0x0) read(r0, 0x0, 0x0) 00:16:37 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:16:38 executing program 0: r0 = landlock_create_ruleset(&(0x7f00000001c0)={0x408}, 0x8, 0x0) read(r0, 0x0, 0x0) [ 1003.364538][ C0] hrtimer: interrupt took 1708700 ns 00:16:43 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:16:43 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:16:48 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:16:50 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:16:54 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:16:56 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:17:02 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:17:02 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:17:08 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:17:09 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:17:15 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:17:16 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:17:22 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:17:22 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:17:28 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:17:28 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:17:34 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x40086602, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 00:17:38 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f00000000c0)=0x73df19f5, 0x4) 00:17:42 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f00000000c0)=0x73df19f5, 0x4) 00:17:47 executing program 0: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f00000000c0)=0x73df19f5, 0x4) 00:17:48 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f00000000c0)=0x73df19f5, 0x4) 00:17:50 executing program 0: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f00000000c0)=0x73df19f5, 0x4) 00:17:52 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f00000000c0)=0x73df19f5, 0x4) 00:17:53 executing program 0: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f00000000c0)=0x73df19f5, 0x4) 00:17:55 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x200d8) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) 00:17:57 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x46, &(0x7f00000000c0)=0x55b8, 0x4) 00:17:58 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x200d8) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) 00:17:59 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x46, &(0x7f00000000c0)=0x55b8, 0x4) 00:18:01 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x200d8) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) 00:18:01 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x46, &(0x7f00000000c0)=0x55b8, 0x4) 00:18:04 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x200d8) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) 00:18:04 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x46, &(0x7f00000000c0)=0x55b8, 0x4) 00:18:07 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x200d8) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) 00:18:08 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x200d8) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) 00:18:10 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x200d8) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) 00:18:11 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x200d8) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) 00:18:13 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x200d8) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) 00:18:14 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x200d8) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) 00:18:17 executing program 0: r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x453, 0x0, 0x0, 0x0, "e3"}, 0x14}}, 0x0) 00:18:18 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) [ 1100.203115][ T26] audit: type=1107 audit(1099.240:2): pid=2953 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='ã' 00:18:20 executing program 0: r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x453, 0x0, 0x0, 0x0, "e3"}, 0x14}}, 0x0) [ 1102.321591][ T26] audit: type=1107 audit(1101.360:3): pid=2962 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='ã' 00:18:22 executing program 0: r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x453, 0x0, 0x0, 0x0, "e3"}, 0x14}}, 0x0) [ 1105.093722][ T26] audit: type=1107 audit(1104.130:4): pid=2965 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='ã' 00:18:25 executing program 0: r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x453, 0x0, 0x0, 0x0, "e3"}, 0x14}}, 0x0) [ 1107.811641][ T26] audit: type=1107 audit(1106.850:5): pid=2967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='ã' [ 1109.123787][ T2955] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 1109.142387][ T2955] [ 1109.143372][ T2955] ====================================================== [ 1109.144752][ T2955] WARNING: possible circular locking dependency detected [ 1109.146026][ T2955] 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Not tainted [ 1109.146832][ T2955] ------------------------------------------------------ [ 1109.147539][ T2955] syz-executor.1/2955 is trying to acquire lock: [ 1109.148904][ T2955] ffffffff84fc0408 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x28/0x58 [ 1109.151402][ T2955] [ 1109.151402][ T2955] but task is already holding lock: [ 1109.152115][ T2955] ffffaf801152f350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de [ 1109.153959][ T2955] [ 1109.153959][ T2955] which lock already depends on the new lock. [ 1109.153959][ T2955] [ 1109.155535][ T2955] [ 1109.155535][ T2955] the existing dependency chain (in reverse order) is: [ 1109.156330][ T2955] [ 1109.156330][ T2955] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 1109.157797][ T2955] lock_acquire.part.0+0x1d0/0x424 [ 1109.158849][ T2955] lock_acquire+0x54/0x6a [ 1109.159689][ T2955] __mutex_lock+0x114/0xade [ 1109.160623][ T2955] mutex_lock_nested+0x14/0x1c [ 1109.162439][ T2955] nci_start_poll+0x4de/0x6b8 [ 1109.163320][ T2955] nfc_start_poll+0x10c/0x1e8 [ 1109.164701][ T2955] nfc_genl_start_poll+0xfe/0x252 [ 1109.165671][ T2955] genl_family_rcv_msg_doit+0x19a/0x23c [ 1109.166609][ T2955] genl_rcv_msg+0x236/0x3ba [ 1109.167395][ T2955] netlink_rcv_skb+0xf8/0x2be [ 1109.168236][ T2955] genl_rcv+0x36/0x4c [ 1109.169042][ T2955] netlink_unicast+0x40e/0x5fe [ 1109.169904][ T2955] netlink_sendmsg+0x4e0/0x994 [ 1109.170747][ T2955] sock_sendmsg+0xa0/0xc4 [ 1109.171665][ T2955] ____sys_sendmsg+0x46e/0x484 [ 1109.172602][ T2955] ___sys_sendmsg+0x16c/0x1f6 [ 1109.173474][ T2955] __sys_sendmsg+0xba/0x150 [ 1109.174689][ T2955] sys_sendmsg+0x2c/0x3a [ 1109.175565][ T2955] ret_from_syscall+0x0/0x2 [ 1109.176477][ T2955] [ 1109.176477][ T2955] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 1109.177966][ T2955] lock_acquire.part.0+0x1d0/0x424 [ 1109.178918][ T2955] lock_acquire+0x54/0x6a [ 1109.179755][ T2955] __mutex_lock+0x114/0xade [ 1109.180610][ T2955] mutex_lock_nested+0x14/0x1c [ 1109.181328][ T2955] nfc_urelease_event_work+0x126/0x218 [ 1109.181989][ T2955] process_one_work+0x654/0xffe [ 1109.182571][ T2955] worker_thread+0x360/0x8fa [ 1109.183179][ T2955] kthread+0x19e/0x1fa [ 1109.183868][ T2955] ret_from_exception+0x0/0x10 [ 1109.185173][ T2955] [ 1109.185173][ T2955] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 1109.186740][ T2955] lock_acquire.part.0+0x1d0/0x424 [ 1109.187744][ T2955] lock_acquire+0x54/0x6a [ 1109.188602][ T2955] __mutex_lock+0x114/0xade [ 1109.189506][ T2955] mutex_lock_nested+0x14/0x1c [ 1109.190863][ T2955] nfc_register_device+0x44/0x29e [ 1109.191762][ T2955] nci_register_device+0x538/0x612 [ 1109.192645][ T2955] virtual_ncidev_open+0x82/0x12c [ 1109.194051][ T2955] misc_open+0x272/0x2c8 [ 1109.194949][ T2955] chrdev_open+0x1d4/0x478 [ 1109.195799][ T2955] do_dentry_open+0x2a4/0x7d4 [ 1109.197163][ T2955] vfs_open+0x52/0x5e [ 1109.198099][ T2955] path_openat+0x12b6/0x189e [ 1109.198886][ T2955] do_filp_open+0x10e/0x22a [ 1109.199857][ T2955] do_sys_openat2+0x174/0x31e [ 1109.200773][ T2955] sys_openat+0xdc/0x164 [ 1109.202129][ T2955] ret_from_syscall+0x0/0x2 [ 1109.202990][ T2955] [ 1109.202990][ T2955] -> #0 (nci_mutex){+.+.}-{3:3}: [ 1109.204476][ T2955] check_noncircular+0x1de/0x1fe [ 1109.205552][ T2955] __lock_acquire+0x19a4/0x333e [ 1109.206467][ T2955] lock_acquire.part.0+0x1d0/0x424 [ 1109.207893][ T2955] lock_acquire+0x54/0x6a [ 1109.208920][ T2955] __mutex_lock+0x114/0xade [ 1109.209808][ T2955] mutex_lock_nested+0x14/0x1c [ 1109.210761][ T2955] virtual_nci_close+0x28/0x58 [ 1109.211730][ T2955] nci_close_device+0x12e/0x1de [ 1109.212770][ T2955] nci_unregister_device+0x34/0x182 [ 1109.213777][ T2955] virtual_ncidev_close+0x9c/0xbc [ 1109.214721][ T2955] __fput+0x164/0x502 [ 1109.215462][ T2955] ____fput+0x1a/0x24 [ 1109.216364][ T2955] task_work_run+0xdc/0x154 [ 1109.217259][ T2955] do_notify_resume+0x894/0xa56 [ 1109.218610][ T2955] ret_from_exception+0x0/0x10 [ 1109.219479][ T2955] [ 1109.219479][ T2955] other info that might help us debug this: [ 1109.219479][ T2955] [ 1109.220406][ T2955] Chain exists of: [ 1109.220406][ T2955] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 1109.220406][ T2955] [ 1109.222491][ T2955] Possible unsafe locking scenario: [ 1109.222491][ T2955] [ 1109.223791][ T2955] CPU0 CPU1 [ 1109.224382][ T2955] ---- ---- [ 1109.224998][ T2955] lock(&ndev->req_lock); [ 1109.225822][ T2955] lock(&genl_data->genl_data_mutex); [ 1109.226870][ T2955] lock(&ndev->req_lock); [ 1109.227821][ T2955] lock(nci_mutex); [ 1109.228608][ T2955] [ 1109.228608][ T2955] *** DEADLOCK *** [ 1109.228608][ T2955] [ 1109.229589][ T2955] 1 lock held by syz-executor.1/2955: [ 1109.230586][ T2955] #0: ffffaf801152f350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de [ 1109.233078][ T2955] [ 1109.233078][ T2955] stack backtrace: [ 1109.234205][ T2955] CPU: 0 PID: 2955 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1109.235388][ T2955] Hardware name: riscv-virtio,qemu (DT) [ 1109.236379][ T2955] Call Trace: [ 1109.237190][ T2955] [] dump_backtrace+0x2e/0x3c [ 1109.238269][ T2955] [] show_stack+0x34/0x40 [ 1109.239236][ T2955] [] dump_stack_lvl+0xe4/0x150 [ 1109.240269][ T2955] [] dump_stack+0x1c/0x24 [ 1109.241782][ T2955] [] print_circular_bug+0x34e/0x3d8 [ 1109.242827][ T2955] [] check_noncircular+0x1de/0x1fe [ 1109.243910][ T2955] [] __lock_acquire+0x19a4/0x333e [ 1109.244943][ T2955] [] lock_acquire.part.0+0x1d0/0x424 [ 1109.246033][ T2955] [] lock_acquire+0x54/0x6a [ 1109.247130][ T2955] [] __mutex_lock+0x114/0xade [ 1109.248264][ T2955] [] mutex_lock_nested+0x14/0x1c [ 1109.249303][ T2955] [] virtual_nci_close+0x28/0x58 [ 1109.250326][ T2955] [] nci_close_device+0x12e/0x1de [ 1109.251434][ T2955] [] nci_unregister_device+0x34/0x182 [ 1109.252496][ T2955] [] virtual_ncidev_close+0x9c/0xbc [ 1109.253578][ T2955] [] __fput+0x164/0x502 [ 1109.254925][ T2955] [] ____fput+0x1a/0x24 [ 1109.255882][ T2955] [] task_work_run+0xdc/0x154 [ 1109.256964][ T2955] [] do_notify_resume+0x894/0xa56 [ 1109.258007][ T2955] [] ret_from_exception+0x0/0x10 00:18:29 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) 00:18:29 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:18:30 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) 00:18:31 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) 00:18:31 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) [ 1117.841867][ T2973] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 00:18:37 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) 00:18:37 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:18:37 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) 00:18:38 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) 00:18:39 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) [ 1125.755898][ T2991] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 00:18:45 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:18:45 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) 00:18:46 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) 00:18:48 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) [ 1134.476970][ T3008] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 00:18:53 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) 00:18:54 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) 00:18:54 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) 00:18:54 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) 00:18:55 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) 00:18:56 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) 00:18:57 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:18:57 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00') r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) r2 = socket$nl_crypto(0x10, 0x3, 0x15) fcntl$setstatus(r2, 0x4, 0x2400) dup3(r0, r2, 0x0) VM DIAGNOSIS: 13:39:19 Registers: info registers vcpu 0 pc ffffffff8012268c mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475986 sepc ffffffff80121626 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80122684 x2/sp ffffaf800b323300 x3/gp ffffffff85863ac0 x4/tp ffffaf800bf0b080 x5/t0 ffffffff86bdaee0 x6/t1 fffff5ef0166461c x7/t2 0000000000000000 x8/s0 ffffaf800b323330 x9/s1 0000000000000000 x10/a0 0000000000000000 x11/a1 00000000000f0000 x12/a2 0000000000000002 x13/a3 ffffffff80122684 x14/a4 ffffaf800bf0c080 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffaf800b3230e7 x18/s2 ffffffff86c1a620 x19/s3 0000000000000000 x20/s4 ffffffff80121ba4 x21/s5 ffffffff8362aa20 x22/s6 ffffffff80121ba4 x23/s7 0000000000000000 x24/s8 0000000000000000 x25/s9 ffffffff85f74c18 x26/s10 ffffffff85899680 x27/s11 ffffaf800bf0b080 x28/t3 000000000000003a x29/t4 fffff5ef0166461c x30/t5 fffff5ef0166461d x31/t6 ffffffff86bdaf11 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff800bac86 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff80119af8 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8176b8f4 x2/sp ffffaf800743fb90 x3/gp ffffffff85863ac0 x4/tp ffffaf8007460000 x5/t0 ffffaf800ef03530 x6/t1 35f86fcf8003fd00 x7/t2 ffffffffffffffff x8/s0 ffffaf800743fbe0 x9/s1 ffffffff850d46c0 x10/a0 ffffffff850d46d0 x11/a1 0000000000000003 x12/a2 0000000000000000 x13/a3 ffffffff8176bb0c x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 ffffffff8176b8f4 x17/a7 ffffffff8176b8f4 x18/s2 ffffaf805a9e4848 x19/s3 000000003b9aca00 x20/s4 ffffffff83bd3680 x21/s5 00000101df1fd380 x22/s6 0000000000000000 x23/s7 0000000000000122 x24/s8 0000000000001c3e x25/s9 1ffff5f000e87f5c x26/s10 ffffffff850d46c0 x27/s11 ffffffff8588a420 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f000e87f2c x31/t6 0000000000040000 f0/ft0 0000000000000000 f1/ft1 4058c6ee24b177ca f2/ft2 4105898000000000 f3/ft3 43e0000000000000 f4/ft4 3ffe000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000