syzkaller login: [ 254.271874][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 254.375044][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 254.431191][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 264.011535][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:36445' (ECDSA) to the list of known hosts. 1970/01/01 00:05:39 fuzzer started 1970/01/01 00:05:52 dialing manager at localhost:34375 [ 358.281798][ T2025] cgroup: Unknown subsys name 'net' [ 359.283786][ T2025] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:59 syscalls: 2918 1970/01/01 00:05:59 code coverage: enabled 1970/01/01 00:05:59 comparison tracing: enabled 1970/01/01 00:05:59 extra coverage: enabled 1970/01/01 00:05:59 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:59 setuid sandbox: enabled 1970/01/01 00:05:59 namespace sandbox: enabled 1970/01/01 00:05:59 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:59 fault injection: enabled 1970/01/01 00:05:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:59 net packet injection: enabled 1970/01/01 00:05:59 net device setup: enabled 1970/01/01 00:05:59 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:59 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:59 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:05:59 USB emulation: enabled 1970/01/01 00:05:59 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:59 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:59 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:59 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:04 fetching corpus: 49, signal 33008/36402 (executing program) 1970/01/01 00:06:06 fetching corpus: 99, signal 46796/51498 (executing program) 1970/01/01 00:06:11 fetching corpus: 149, signal 59889/65675 (executing program) 1970/01/01 00:06:14 fetching corpus: 198, signal 65978/72926 (executing program) 1970/01/01 00:06:18 fetching corpus: 248, signal 73149/81088 (executing program) 1970/01/01 00:06:20 fetching corpus: 298, signal 78776/87712 (executing program) 1970/01/01 00:06:22 fetching corpus: 348, signal 82091/92079 (executing program) 1970/01/01 00:06:26 fetching corpus: 397, signal 85692/96648 (executing program) 1970/01/01 00:06:29 fetching corpus: 447, signal 89650/101464 (executing program) 1970/01/01 00:06:32 fetching corpus: 496, signal 94816/107332 (executing program) 1970/01/01 00:06:34 fetching corpus: 546, signal 97459/110820 (executing program) 1970/01/01 00:06:36 fetching corpus: 596, signal 99351/113580 (executing program) 1970/01/01 00:06:39 fetching corpus: 646, signal 102879/117729 (executing program) 1970/01/01 00:06:41 fetching corpus: 696, signal 105662/121169 (executing program) 1970/01/01 00:06:46 fetching corpus: 746, signal 107884/124101 (executing program) 1970/01/01 00:06:48 fetching corpus: 795, signal 109928/126850 (executing program) 1970/01/01 00:06:51 fetching corpus: 844, signal 112733/130175 (executing program) 1970/01/01 00:06:53 fetching corpus: 894, signal 115729/133636 (executing program) 1970/01/01 00:06:56 fetching corpus: 944, signal 117585/136066 (executing program) 1970/01/01 00:06:58 fetching corpus: 994, signal 119630/138612 (executing program) 1970/01/01 00:07:01 fetching corpus: 1044, signal 122399/141720 (executing program) 1970/01/01 00:07:03 fetching corpus: 1094, signal 124601/144307 (executing program) 1970/01/01 00:07:05 fetching corpus: 1144, signal 126358/146491 (executing program) 1970/01/01 00:07:07 fetching corpus: 1194, signal 127658/148315 (executing program) 1970/01/01 00:07:10 fetching corpus: 1244, signal 129634/150629 (executing program) 1970/01/01 00:07:12 fetching corpus: 1294, signal 130747/152282 (executing program) 1970/01/01 00:07:15 fetching corpus: 1344, signal 132847/154628 (executing program) 1970/01/01 00:07:17 fetching corpus: 1394, signal 135252/157147 (executing program) 1970/01/01 00:07:21 fetching corpus: 1444, signal 136965/159131 (executing program) 1970/01/01 00:07:23 fetching corpus: 1493, signal 138326/160831 (executing program) 1970/01/01 00:07:25 fetching corpus: 1542, signal 139782/162549 (executing program) 1970/01/01 00:07:27 fetching corpus: 1592, signal 140987/164142 (executing program) 1970/01/01 00:07:30 fetching corpus: 1642, signal 142441/165810 (executing program) 1970/01/01 00:07:32 fetching corpus: 1692, signal 143535/167267 (executing program) 1970/01/01 00:07:35 fetching corpus: 1742, signal 145297/169108 (executing program) 1970/01/01 00:07:37 fetching corpus: 1790, signal 146723/170659 (executing program) 1970/01/01 00:07:39 fetching corpus: 1840, signal 147751/171992 (executing program) 1970/01/01 00:07:41 fetching corpus: 1890, signal 148846/173337 (executing program) 1970/01/01 00:07:44 fetching corpus: 1940, signal 149904/174612 (executing program) 1970/01/01 00:07:47 fetching corpus: 1989, signal 151124/176037 (executing program) 1970/01/01 00:07:49 fetching corpus: 2039, signal 152056/177220 (executing program) 1970/01/01 00:07:52 fetching corpus: 2089, signal 153069/178445 (executing program) 1970/01/01 00:07:55 fetching corpus: 2139, signal 153689/179416 (executing program) 1970/01/01 00:07:57 fetching corpus: 2189, signal 154657/180599 (executing program) 1970/01/01 00:07:59 fetching corpus: 2239, signal 155779/181833 (executing program) 1970/01/01 00:08:02 fetching corpus: 2289, signal 156810/182993 (executing program) 1970/01/01 00:08:04 fetching corpus: 2338, signal 157736/184076 (executing program) 1970/01/01 00:08:07 fetching corpus: 2388, signal 159031/185343 (executing program) 1970/01/01 00:08:09 fetching corpus: 2438, signal 160716/186756 (executing program) 1970/01/01 00:08:11 fetching corpus: 2487, signal 161536/187715 (executing program) 1970/01/01 00:08:15 fetching corpus: 2537, signal 162529/188725 (executing program) 1970/01/01 00:08:17 fetching corpus: 2587, signal 163379/189662 (executing program) 1970/01/01 00:08:21 fetching corpus: 2637, signal 164846/190875 (executing program) 1970/01/01 00:08:24 fetching corpus: 2686, signal 165745/191810 (executing program) 1970/01/01 00:08:26 fetching corpus: 2736, signal 166941/192874 (executing program) 1970/01/01 00:08:29 fetching corpus: 2786, signal 167817/193768 (executing program) 1970/01/01 00:08:31 fetching corpus: 2836, signal 168509/194536 (executing program) 1970/01/01 00:08:34 fetching corpus: 2886, signal 169267/195327 (executing program) 1970/01/01 00:08:37 fetching corpus: 2936, signal 170302/196227 (executing program) 1970/01/01 00:08:39 fetching corpus: 2986, signal 171351/197149 (executing program) 1970/01/01 00:08:41 fetching corpus: 3036, signal 172395/197993 (executing program) 1970/01/01 00:08:43 fetching corpus: 3086, signal 173144/198703 (executing program) 1970/01/01 00:08:47 fetching corpus: 3136, signal 173864/199387 (executing program) 1970/01/01 00:08:50 fetching corpus: 3186, signal 174757/200147 (executing program) 1970/01/01 00:08:53 fetching corpus: 3236, signal 175460/200790 (executing program) 1970/01/01 00:08:57 fetching corpus: 3286, signal 176396/201489 (executing program) 1970/01/01 00:08:59 fetching corpus: 3334, signal 176906/202065 (executing program) 1970/01/01 00:09:00 fetching corpus: 3384, signal 177788/202734 (executing program) 1970/01/01 00:09:03 fetching corpus: 3434, signal 178564/203336 (executing program) 1970/01/01 00:09:06 fetching corpus: 3484, signal 179550/204015 (executing program) 1970/01/01 00:09:08 fetching corpus: 3534, signal 180757/204739 (executing program) 1970/01/01 00:09:11 fetching corpus: 3584, signal 181648/205395 (executing program) 1970/01/01 00:09:14 fetching corpus: 3633, signal 182370/205974 (executing program) 1970/01/01 00:09:16 fetching corpus: 3683, signal 183353/206601 (executing program) 1970/01/01 00:09:19 fetching corpus: 3732, signal 184100/207116 (executing program) 1970/01/01 00:09:23 fetching corpus: 3782, signal 185253/207756 (executing program) 1970/01/01 00:09:25 fetching corpus: 3832, signal 185842/208214 (executing program) 1970/01/01 00:09:27 fetching corpus: 3882, signal 186565/208695 (executing program) 1970/01/01 00:09:29 fetching corpus: 3932, signal 187366/209195 (executing program) 1970/01/01 00:09:32 fetching corpus: 3982, signal 188433/209746 (executing program) 1970/01/01 00:09:35 fetching corpus: 4032, signal 189286/210218 (executing program) 1970/01/01 00:09:37 fetching corpus: 4082, signal 189920/210615 (executing program) 1970/01/01 00:09:40 fetching corpus: 4132, signal 190551/211024 (executing program) 1970/01/01 00:09:43 fetching corpus: 4182, signal 191043/211358 (executing program) 1970/01/01 00:09:44 fetching corpus: 4231, signal 191564/211717 (executing program) 1970/01/01 00:09:47 fetching corpus: 4281, signal 192191/212079 (executing program) 1970/01/01 00:09:50 fetching corpus: 4331, signal 192883/212472 (executing program) 1970/01/01 00:09:53 fetching corpus: 4381, signal 193561/212792 (executing program) 1970/01/01 00:09:57 fetching corpus: 4430, signal 194376/213168 (executing program) 1970/01/01 00:10:01 fetching corpus: 4480, signal 195056/213488 (executing program) 1970/01/01 00:10:06 fetching corpus: 4529, signal 195677/213751 (executing program) 1970/01/01 00:10:09 fetching corpus: 4579, signal 196235/214020 (executing program) 1970/01/01 00:10:12 fetching corpus: 4629, signal 196909/214315 (executing program) 1970/01/01 00:10:16 fetching corpus: 4677, signal 197435/214560 (executing program) 1970/01/01 00:10:18 fetching corpus: 4727, signal 197961/214784 (executing program) 1970/01/01 00:10:20 fetching corpus: 4777, signal 198504/215036 (executing program) 1970/01/01 00:10:22 fetching corpus: 4827, signal 199154/215296 (executing program) 1970/01/01 00:10:25 fetching corpus: 4877, signal 199669/215502 (executing program) 1970/01/01 00:10:27 fetching corpus: 4927, signal 200165/215708 (executing program) 1970/01/01 00:10:29 fetching corpus: 4977, signal 200694/215902 (executing program) 1970/01/01 00:10:31 fetching corpus: 5027, signal 201435/216100 (executing program) 1970/01/01 00:10:33 fetching corpus: 5077, signal 201903/216252 (executing program) 1970/01/01 00:10:36 fetching corpus: 5127, signal 202438/216397 (executing program) 1970/01/01 00:10:39 fetching corpus: 5177, signal 203118/216562 (executing program) 1970/01/01 00:10:41 fetching corpus: 5227, signal 203615/216682 (executing program) 1970/01/01 00:10:43 fetching corpus: 5277, signal 204261/216819 (executing program) 1970/01/01 00:10:45 fetching corpus: 5327, signal 204921/216965 (executing program) 1970/01/01 00:10:49 fetching corpus: 5377, signal 205553/217021 (executing program) 1970/01/01 00:10:51 fetching corpus: 5427, signal 206286/217021 (executing program) 1970/01/01 00:10:54 fetching corpus: 5477, signal 206870/217021 (executing program) 1970/01/01 00:10:56 fetching corpus: 5527, signal 207356/217021 (executing program) 1970/01/01 00:10:58 fetching corpus: 5577, signal 208048/217021 (executing program) 1970/01/01 00:11:00 fetching corpus: 5627, signal 208482/217021 (executing program) 1970/01/01 00:11:03 fetching corpus: 5676, signal 209135/217021 (executing program) 1970/01/01 00:11:06 fetching corpus: 5726, signal 209743/217021 (executing program) 1970/01/01 00:11:08 fetching corpus: 5776, signal 210230/217078 (executing program) 1970/01/01 00:11:10 fetching corpus: 5826, signal 210760/217078 (executing program) 1970/01/01 00:11:13 fetching corpus: 5876, signal 211110/217078 (executing program) 1970/01/01 00:11:16 fetching corpus: 5925, signal 211663/217078 (executing program) 1970/01/01 00:11:20 fetching corpus: 5975, signal 212129/217078 (executing program) 1970/01/01 00:11:23 fetching corpus: 6025, signal 212611/217078 (executing program) 1970/01/01 00:11:25 fetching corpus: 6075, signal 213058/217081 (executing program) 1970/01/01 00:11:28 fetching corpus: 6125, signal 213539/217081 (executing program) 1970/01/01 00:11:32 fetching corpus: 6175, signal 214952/217081 (executing program) 1970/01/01 00:11:33 fetching corpus: 6195, signal 215153/217081 (executing program) 1970/01/01 00:11:33 fetching corpus: 6195, signal 215153/217081 (executing program) 1970/01/01 00:13:27 starting 2 fuzzer processes 00:13:28 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x4a, 0x0, 0x0) 00:13:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0xc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x401, 0x0, 0x0, {0xc}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x801, 0x0, 0x0, {0xa}, [@NFTA_TABLE_HANDLE={0xc}]}], {0x14}}, 0xb4}}, 0x0) [ 840.053926][ T2045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 840.174076][ T2045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 842.672893][ T2046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 842.899333][ T2046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 853.112963][ T2045] device hsr_slave_0 entered promiscuous mode [ 853.192444][ T2045] device hsr_slave_1 entered promiscuous mode [ 856.581371][ T2046] device hsr_slave_0 entered promiscuous mode [ 856.639208][ T2046] device hsr_slave_1 entered promiscuous mode [ 856.662190][ T2046] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 856.668931][ T2046] Cannot create hsr debugfs directory [ 863.468065][ T2045] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 863.729486][ T2045] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 863.919750][ T2045] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 864.304426][ T2045] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 865.569982][ T2046] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 865.774129][ T2046] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 866.113790][ T2046] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 866.339741][ T2046] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 877.124635][ T2045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 878.093945][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 878.189547][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 880.029841][ T2046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 880.878026][ T830] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 880.923685][ T830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 886.062111][ T830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 886.095079][ T830] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 886.278890][ T2188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 886.393634][ T2188] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 886.635171][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 886.961337][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 887.443498][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 887.483129][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 887.674127][ T2188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 887.693454][ T2188] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 887.820461][ T2045] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 889.949077][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 890.001919][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 890.603202][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 890.634178][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 890.707900][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 890.933123][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 891.669754][ T830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 891.719456][ T830] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 891.984040][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 892.031607][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 892.267985][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 893.731841][ T2188] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 893.735121][ T2188] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 897.398595][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 897.402243][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 906.478387][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 906.524683][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 911.690097][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 911.723343][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 914.732919][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 914.808642][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 914.984207][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 915.013223][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 915.065059][ T2045] device veth0_vlan entered promiscuous mode [ 915.618438][ T2045] device veth1_vlan entered promiscuous mode [ 916.803866][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 916.868853][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 917.121003][ T2045] device veth0_macvtap entered promiscuous mode [ 917.513513][ T2045] device veth1_macvtap entered promiscuous mode [ 918.148276][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 918.181349][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 918.574403][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 918.643557][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 919.101047][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 919.153717][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 919.340428][ T2045] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 919.344423][ T2045] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 919.427151][ T2045] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 919.429273][ T2045] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 920.272096][ T2188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 920.343675][ T2188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 920.782281][ T830] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 920.808800][ T830] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 920.865079][ T2046] device veth0_vlan entered promiscuous mode [ 922.182502][ T2046] device veth1_vlan entered promiscuous mode [ 923.895168][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 923.954848][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 924.303380][ T2046] device veth0_macvtap entered promiscuous mode [ 924.673642][ T2046] device veth1_macvtap entered promiscuous mode [ 925.414195][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 925.701703][ T2734] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 925.800424][ T2734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 926.522250][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 926.610174][ T2731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 927.021830][ T2046] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 927.023195][ T2046] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 927.024284][ T2046] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 927.087870][ T2046] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:15:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0xc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x401, 0x0, 0x0, {0xc}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x801, 0x0, 0x0, {0xa}, [@NFTA_TABLE_HANDLE={0xc}]}], {0x14}}, 0xb4}}, 0x0) 00:15:35 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x4a, 0x0, 0x0) 00:15:36 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0xc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x401, 0x0, 0x0, {0xc}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x801, 0x0, 0x0, {0xa}, [@NFTA_TABLE_HANDLE={0xc}]}], {0x14}}, 0xb4}}, 0x0) 00:15:41 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x4a, 0x0, 0x0) 00:15:42 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0xc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x401, 0x0, 0x0, {0xc}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x801, 0x0, 0x0, {0xa}, [@NFTA_TABLE_HANDLE={0xc}]}], {0x14}}, 0xb4}}, 0x0) 00:15:46 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x4a, 0x0, 0x0) 00:15:50 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:15:52 executing program 0: r0 = add_key$keyring(&(0x7f0000001700), &(0x7f0000001740)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$unlink(0x9, 0x0, r0) 00:15:57 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:15:59 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000001240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='configfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x10d100, 0x0) 00:16:02 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000001240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='configfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x10d100, 0x0) 00:16:05 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000001240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='configfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x10d100, 0x0) [ 969.190461][ T2766] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 969.198648][ T2766] [ 969.199310][ T2766] ====================================================== [ 969.200036][ T2766] WARNING: possible circular locking dependency detected [ 969.200900][ T2766] 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Not tainted [ 969.201876][ T2766] ------------------------------------------------------ [ 969.203719][ T2766] syz-executor.1/2766 is trying to acquire lock: [ 969.204765][ T2766] ffffffff84fc0408 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x28/0x58 [ 969.207349][ T2766] [ 969.207349][ T2766] but task is already holding lock: [ 969.208167][ T2766] ffffaf800b675350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de [ 969.209913][ T2766] [ 969.209913][ T2766] which lock already depends on the new lock. [ 969.209913][ T2766] [ 969.210787][ T2766] [ 969.210787][ T2766] the existing dependency chain (in reverse order) is: [ 969.211687][ T2766] [ 969.211687][ T2766] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 969.213127][ T2766] lock_acquire.part.0+0x1d0/0x424 [ 969.214177][ T2766] lock_acquire+0x54/0x6a [ 969.215034][ T2766] __mutex_lock+0x114/0xade [ 969.215957][ T2766] mutex_lock_nested+0x14/0x1c [ 969.216857][ T2766] nci_start_poll+0x4de/0x6b8 [ 969.217716][ T2766] nfc_start_poll+0x10c/0x1e8 [ 969.218614][ T2766] nfc_genl_start_poll+0xfe/0x252 [ 969.219558][ T2766] genl_family_rcv_msg_doit+0x19a/0x23c [ 969.220442][ T2766] genl_rcv_msg+0x236/0x3ba [ 969.221248][ T2766] netlink_rcv_skb+0xf8/0x2be [ 969.222049][ T2766] genl_rcv+0x36/0x4c [ 969.222854][ T2766] netlink_unicast+0x40e/0x5fe [ 969.223702][ T2766] netlink_sendmsg+0x4e0/0x994 [ 969.224560][ T2766] sock_sendmsg+0xa0/0xc4 [ 969.225876][ T2766] ____sys_sendmsg+0x46e/0x484 [ 969.226830][ T2766] ___sys_sendmsg+0x16c/0x1f6 [ 969.227665][ T2766] __sys_sendmsg+0xba/0x150 [ 969.228486][ T2766] sys_sendmsg+0x2c/0x3a [ 969.229950][ T2766] ret_from_syscall+0x0/0x2 [ 969.230938][ T2766] [ 969.230938][ T2766] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 969.233101][ T2766] lock_acquire.part.0+0x1d0/0x424 [ 969.234066][ T2766] lock_acquire+0x54/0x6a [ 969.234964][ T2766] __mutex_lock+0x114/0xade [ 969.236375][ T2766] mutex_lock_nested+0x14/0x1c [ 969.237320][ T2766] nfc_urelease_event_work+0x126/0x218 [ 969.238332][ T2766] process_one_work+0x654/0xffe [ 969.239379][ T2766] worker_thread+0x360/0x8fa [ 969.240241][ T2766] kthread+0x19e/0x1fa [ 969.241568][ T2766] ret_from_exception+0x0/0x10 [ 969.242551][ T2766] [ 969.242551][ T2766] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 969.244713][ T2766] lock_acquire.part.0+0x1d0/0x424 [ 969.246433][ T2766] lock_acquire+0x54/0x6a [ 969.247317][ T2766] __mutex_lock+0x114/0xade [ 969.248328][ T2766] mutex_lock_nested+0x14/0x1c [ 969.249843][ T2766] nfc_register_device+0x44/0x29e [ 969.250885][ T2766] nci_register_device+0x538/0x612 [ 969.251914][ T2766] virtual_ncidev_open+0x82/0x12c [ 969.252971][ T2766] misc_open+0x272/0x2c8 [ 969.253880][ T2766] chrdev_open+0x1d4/0x478 [ 969.255213][ T2766] do_dentry_open+0x2a4/0x7d4 [ 969.256119][ T2766] vfs_open+0x52/0x5e [ 969.256947][ T2766] path_openat+0x12b6/0x189e [ 969.258263][ T2766] do_filp_open+0x10e/0x22a [ 969.259201][ T2766] do_sys_openat2+0x174/0x31e [ 969.260105][ T2766] sys_openat+0xdc/0x164 [ 969.261482][ T2766] ret_from_syscall+0x0/0x2 [ 969.262351][ T2766] [ 969.262351][ T2766] -> #0 (nci_mutex){+.+.}-{3:3}: [ 969.264290][ T2766] check_noncircular+0x1de/0x1fe [ 969.265859][ T2766] __lock_acquire+0x19a4/0x333e [ 969.266831][ T2766] lock_acquire.part.0+0x1d0/0x424 [ 969.267752][ T2766] lock_acquire+0x54/0x6a [ 969.268689][ T2766] __mutex_lock+0x114/0xade [ 969.269590][ T2766] mutex_lock_nested+0x14/0x1c [ 969.270958][ T2766] virtual_nci_close+0x28/0x58 [ 969.271918][ T2766] nci_close_device+0x12e/0x1de [ 969.272874][ T2766] nci_unregister_device+0x34/0x182 [ 969.274381][ T2766] virtual_ncidev_close+0x9c/0xbc [ 969.275661][ T2766] __fput+0x164/0x502 [ 969.276907][ T2766] ____fput+0x1a/0x24 [ 969.277671][ T2766] task_work_run+0xdc/0x154 [ 969.278637][ T2766] do_notify_resume+0x894/0xa56 [ 969.279570][ T2766] ret_from_exception+0x0/0x10 [ 969.280464][ T2766] [ 969.280464][ T2766] other info that might help us debug this: [ 969.280464][ T2766] [ 969.282060][ T2766] Chain exists of: [ 969.282060][ T2766] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 969.282060][ T2766] [ 969.284241][ T2766] Possible unsafe locking scenario: [ 969.284241][ T2766] [ 969.285625][ T2766] CPU0 CPU1 [ 969.286441][ T2766] ---- ---- [ 969.287077][ T2766] lock(&ndev->req_lock); [ 969.287922][ T2766] lock(&genl_data->genl_data_mutex); [ 969.288968][ T2766] lock(&ndev->req_lock); [ 969.290045][ T2766] lock(nci_mutex); [ 969.290985][ T2766] [ 969.290985][ T2766] *** DEADLOCK *** [ 969.290985][ T2766] [ 969.291963][ T2766] 1 lock held by syz-executor.1/2766: [ 969.292907][ T2766] #0: ffffaf800b675350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de [ 969.295409][ T2766] [ 969.295409][ T2766] stack backtrace: [ 969.296915][ T2766] CPU: 1 PID: 2766 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 969.299013][ T2766] Hardware name: riscv-virtio,qemu (DT) [ 969.300099][ T2766] Call Trace: [ 969.300744][ T2766] [] dump_backtrace+0x2e/0x3c [ 969.302510][ T2766] [] show_stack+0x34/0x40 [ 969.303514][ T2766] [] dump_stack_lvl+0xe4/0x150 [ 969.304824][ T2766] [] dump_stack+0x1c/0x24 [ 969.306515][ T2766] [] print_circular_bug+0x34e/0x3d8 [ 969.308104][ T2766] [] check_noncircular+0x1de/0x1fe [ 969.309154][ T2766] [] __lock_acquire+0x19a4/0x333e [ 969.310162][ T2766] [] lock_acquire.part.0+0x1d0/0x424 [ 969.311234][ T2766] [] lock_acquire+0x54/0x6a [ 969.312205][ T2766] [] __mutex_lock+0x114/0xade [ 969.313227][ T2766] [] mutex_lock_nested+0x14/0x1c [ 969.314289][ T2766] [] virtual_nci_close+0x28/0x58 [ 969.315628][ T2766] [] nci_close_device+0x12e/0x1de [ 969.316814][ T2766] [] nci_unregister_device+0x34/0x182 [ 969.317880][ T2766] [] virtual_ncidev_close+0x9c/0xbc [ 969.319246][ T2766] [] __fput+0x164/0x502 [ 969.320610][ T2766] [] ____fput+0x1a/0x24 [ 969.321529][ T2766] [] task_work_run+0xdc/0x154 [ 969.322699][ T2766] [] do_notify_resume+0x894/0xa56 [ 969.323845][ T2766] [] ret_from_exception+0x0/0x10 00:16:09 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000001240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='configfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x10d100, 0x0) 00:16:09 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:16:10 executing program 0: r0 = socket$l2tp(0x2, 0x2, 0x73) connect$inet(r0, &(0x7f0000000100)={0x3, 0x0, @empty=0xe0000000}, 0x10) 00:16:10 executing program 0: r0 = socket$l2tp(0x2, 0x2, 0x73) connect$inet(r0, &(0x7f0000000100)={0x3, 0x0, @empty=0xe0000000}, 0x10) 00:16:11 executing program 0: r0 = socket$l2tp(0x2, 0x2, 0x73) connect$inet(r0, &(0x7f0000000100)={0x3, 0x0, @empty=0xe0000000}, 0x10) [ 978.048737][ T2784] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 00:16:17 executing program 0: r0 = socket$l2tp(0x2, 0x2, 0x73) connect$inet(r0, &(0x7f0000000100)={0x3, 0x0, @empty=0xe0000000}, 0x10) 00:16:17 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:16:18 executing program 0: r0 = socket$l2tp(0x2, 0x2, 0x73) connect$inet(r0, &(0x7f0000000100)={0x3, 0x0, @empty=0xe0000000}, 0x10) 00:16:19 executing program 0: r0 = socket$l2tp(0x2, 0x2, 0x73) connect$inet(r0, &(0x7f0000000100)={0x3, 0x0, @empty=0xe0000000}, 0x10) 00:16:19 executing program 0: r0 = socket$l2tp(0x2, 0x2, 0x73) connect$inet(r0, &(0x7f0000000100)={0x3, 0x0, @empty=0xe0000000}, 0x10) [ 985.721231][ T2801] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 00:16:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r0, 0x10e, 0x4, &(0x7f0000000300)=""/121, &(0x7f0000000380)=0x79) 00:16:25 executing program 1: r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000c00)=0xfffffffc, 0x4) sendmsg$unix(r1, &(0x7f00000014c0)={&(0x7f0000000080)=@abs, 0x6e, 0x0}, 0x0) 00:16:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r0, 0x10e, 0x4, &(0x7f0000000300)=""/121, &(0x7f0000000380)=0x79) 00:16:26 executing program 1: r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000c00)=0xfffffffc, 0x4) sendmsg$unix(r1, &(0x7f00000014c0)={&(0x7f0000000080)=@abs, 0x6e, 0x0}, 0x0) 00:16:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r0, 0x10e, 0x4, &(0x7f0000000300)=""/121, &(0x7f0000000380)=0x79) 00:16:27 executing program 1: r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000c00)=0xfffffffc, 0x4) sendmsg$unix(r1, &(0x7f00000014c0)={&(0x7f0000000080)=@abs, 0x6e, 0x0}, 0x0) 00:16:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r0, 0x10e, 0x4, &(0x7f0000000300)=""/121, &(0x7f0000000380)=0x79) 00:16:28 executing program 1: r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000c00)=0xfffffffc, 0x4) sendmsg$unix(r1, &(0x7f00000014c0)={&(0x7f0000000080)=@abs, 0x6e, 0x0}, 0x0) 00:16:29 executing program 0: r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000c00)=0xfffffffc, 0x4) sendmsg$unix(r1, &(0x7f00000014c0)={&(0x7f0000000080)=@abs, 0x6e, 0x0}, 0x0) 00:16:30 executing program 0: r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000c00)=0xfffffffc, 0x4) sendmsg$unix(r1, &(0x7f00000014c0)={&(0x7f0000000080)=@abs, 0x6e, 0x0}, 0x0) 00:16:30 executing program 1: r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000c00)=0xfffffffc, 0x4) sendmsg$unix(r1, &(0x7f00000014c0)={&(0x7f0000000080)=@abs, 0x6e, 0x0}, 0x0) 00:16:31 executing program 1: r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000c00)=0xfffffffc, 0x4) sendmsg$unix(r1, &(0x7f00000014c0)={&(0x7f0000000080)=@abs, 0x6e, 0x0}, 0x0) 00:16:31 executing program 0: r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000c00)=0xfffffffc, 0x4) sendmsg$unix(r1, &(0x7f00000014c0)={&(0x7f0000000080)=@abs, 0x6e, 0x0}, 0x0) 00:16:32 executing program 0: r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000c00)=0xfffffffc, 0x4) sendmsg$unix(r1, &(0x7f00000014c0)={&(0x7f0000000080)=@abs, 0x6e, 0x0}, 0x0) 00:16:32 executing program 1: r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000c00)=0xfffffffc, 0x4) sendmsg$unix(r1, &(0x7f00000014c0)={&(0x7f0000000080)=@abs, 0x6e, 0x0}, 0x0) 00:16:33 executing program 0: r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000c00)=0xfffffffc, 0x4) sendmsg$unix(r1, &(0x7f00000014c0)={&(0x7f0000000080)=@abs, 0x6e, 0x0}, 0x0) 00:16:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r0, 0x10e, 0x4, &(0x7f0000000300)=""/121, &(0x7f0000000380)=0x79) 00:16:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r0, 0x10e, 0x4, &(0x7f0000000300)=""/121, &(0x7f0000000380)=0x79) 00:16:34 executing program 0: r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000c00)=0xfffffffc, 0x4) sendmsg$unix(r1, &(0x7f00000014c0)={&(0x7f0000000080)=@abs, 0x6e, 0x0}, 0x0) 00:16:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r0, 0x10e, 0x4, &(0x7f0000000300)=""/121, &(0x7f0000000380)=0x79) 00:16:35 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) dup3(r2, r0, 0x0) fchown(r2, 0xffffffffffffffff, 0x0) 00:16:36 executing program 1: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$sock_SIOCINQ(r0, 0x541b, 0x0) 00:16:37 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) dup3(r2, r0, 0x0) fchown(r2, 0xffffffffffffffff, 0x0) 00:16:37 executing program 1: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$sock_SIOCINQ(r0, 0x541b, 0x0) VM DIAGNOSIS: 21:37:24 Registers: info registers vcpu 0 pc ffffffff80dc337e mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8011324c sepc ffffffff831afd22 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc337e x2/sp ffffaf800c0c2fc0 x3/gp ffffffff85863ac0 x4/tp ffffaf800bd01840 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0d796ca x7/t2 0000000000000000 x8/s0 ffffaf800c0c2ff0 x9/s1 ffffffff86e58900 x10/a0 ffffffff86e58948 x11/a1 ffff8f800066c000 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff86bcb656 x18/s2 ffff8f800066c000 x19/s3 000000000000002d x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb68e x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000 x28/t3 000000000000002d x29/t4 fffffffef0d796c8 x30/t5 fffffffef0d796cb x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff8049360a mhartid 0000000000000001 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff80095f7e mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80c3ba26 x2/sp ffffaf800f7436b0 x3/gp ffffffff85863ac0 x4/tp ffffaf800bb49840 x5/t0 ffffaf800a117af0 x6/t1 fffff5ef0136f9f0 x7/t2 000000007c0b48bf x8/s0 ffffaf800f7436f0 x9/s1 ffffaf800f7437b0 x10/a0 ffffaf800f7437b8 x11/a1 ffffaf800bb4a840 x12/a2 0000000000000003 x13/a3 ffffffff80c3bb20 x14/a4 ffffaf800bb4a840 x15/a5 0000000000000000 x16/a6 ffffaf800abc7700 x17/a7 ffffaf8009b7cf83 x18/s2 ffffaf800abc7702 x19/s3 0000000000000002 x20/s4 ffffaf800f7437c8 x21/s5 0000000000000002 x22/s6 ffffaf800f7437c2 x23/s7 ffffaf800f7437c8 x24/s8 ffffaf800f7437b8 x25/s9 ffffffff857970b0 x26/s10 ffffaf800e212060 x27/s11 ffffffff838d8720 x28/t3 000000000000006c x29/t4 fffff5ef0136f9f0 x30/t5 fffff5ef0136f9f1 x31/t6 ffffaf801097e026 f0/ft0 3f8446534a54ab42 f1/ft1 3f847ae147ae147b f2/ft2 41aaf628785b6d1b f3/ft3 41416e1c00000000 f4/ft4 3ffe000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000