syzkaller login: [  493.266908][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  493.353867][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  493.417637][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  493.459407][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:58540' (ECDSA) to the list of known hosts.
1970/01/01 00:09:17 fuzzer started
1970/01/01 00:09:29 dialing manager at localhost:41167
[  575.515082][ T2026] cgroup: Unknown subsys name 'net'
[  576.556741][ T2026] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:09:36 syscalls: 2918
1970/01/01 00:09:36 code coverage: enabled
1970/01/01 00:09:36 comparison tracing: ioctl(KCOV_DISABLE) failed: invalid argument
1970/01/01 00:09:36 extra coverage: enabled
1970/01/01 00:09:36 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:09:36 setuid sandbox: enabled
1970/01/01 00:09:36 namespace sandbox: enabled
1970/01/01 00:09:36 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:09:36 fault injection: enabled
1970/01/01 00:09:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:09:36 net packet injection: enabled
1970/01/01 00:09:36 net device setup: enabled
1970/01/01 00:09:36 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:09:36 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:09:36 NIC VF setup: PCI device 0000:00:11.0 is not available
1970/01/01 00:09:36 USB emulation: enabled
1970/01/01 00:09:36 hci packet injection: /dev/vhci does not exist
1970/01/01 00:09:36 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:09:36 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:09:36 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:09:41 fetching corpus: 50, signal 29364/32816 (executing program)
1970/01/01 00:09:45 fetching corpus: 100, signal 39255/44193 (executing program)
1970/01/01 00:09:49 fetching corpus: 150, signal 48675/54933 (executing program)
1970/01/01 00:09:53 fetching corpus: 200, signal 59280/66676 (executing program)
1970/01/01 00:09:56 fetching corpus: 250, signal 66329/74853 (executing program)
1970/01/01 00:09:59 fetching corpus: 300, signal 69965/79691 (executing program)
1970/01/01 00:10:01 fetching corpus: 350, signal 74632/85455 (executing program)
1970/01/01 00:10:04 fetching corpus: 400, signal 77491/89406 (executing program)
1970/01/01 00:10:06 fetching corpus: 450, signal 84117/96779 (executing program)
1970/01/01 00:10:08 fetching corpus: 500, signal 87425/101043 (executing program)
1970/01/01 00:10:11 fetching corpus: 548, signal 90834/105379 (executing program)
1970/01/01 00:10:16 fetching corpus: 598, signal 94334/109659 (executing program)
1970/01/01 00:10:19 fetching corpus: 648, signal 96243/112501 (executing program)
1970/01/01 00:10:23 fetching corpus: 698, signal 98477/115589 (executing program)
1970/01/01 00:10:27 fetching corpus: 748, signal 101523/119395 (executing program)
1970/01/01 00:10:29 fetching corpus: 798, signal 104716/123223 (executing program)
1970/01/01 00:10:32 fetching corpus: 848, signal 107322/126516 (executing program)
1970/01/01 00:10:35 fetching corpus: 898, signal 109628/129533 (executing program)
1970/01/01 00:10:37 fetching corpus: 948, signal 111846/132428 (executing program)
1970/01/01 00:10:39 fetching corpus: 998, signal 114186/135383 (executing program)
1970/01/01 00:10:41 fetching corpus: 1048, signal 115783/137671 (executing program)
1970/01/01 00:10:44 fetching corpus: 1098, signal 117932/140400 (executing program)
1970/01/01 00:10:46 fetching corpus: 1148, signal 119832/142865 (executing program)
1970/01/01 00:10:48 fetching corpus: 1198, signal 121567/145206 (executing program)
1970/01/01 00:10:50 fetching corpus: 1248, signal 123199/147403 (executing program)
1970/01/01 00:10:52 fetching corpus: 1298, signal 124608/149378 (executing program)
1970/01/01 00:10:54 fetching corpus: 1348, signal 126594/151806 (executing program)
1970/01/01 00:10:57 fetching corpus: 1398, signal 128121/153788 (executing program)
1970/01/01 00:10:59 fetching corpus: 1448, signal 129707/155796 (executing program)
1970/01/01 00:11:02 fetching corpus: 1498, signal 131203/157710 (executing program)
1970/01/01 00:11:04 fetching corpus: 1548, signal 132827/159771 (executing program)
1970/01/01 00:11:07 fetching corpus: 1598, signal 134864/162096 (executing program)
1970/01/01 00:11:10 fetching corpus: 1647, signal 136543/164103 (executing program)
1970/01/01 00:11:13 fetching corpus: 1697, signal 137751/165770 (executing program)
1970/01/01 00:11:15 fetching corpus: 1747, signal 138939/167411 (executing program)
1970/01/01 00:11:17 fetching corpus: 1797, signal 140344/169228 (executing program)
1970/01/01 00:11:20 fetching corpus: 1847, signal 141848/171010 (executing program)
1970/01/01 00:11:23 fetching corpus: 1897, signal 144461/173496 (executing program)
1970/01/01 00:11:26 fetching corpus: 1947, signal 145751/175108 (executing program)
1970/01/01 00:11:29 fetching corpus: 1997, signal 147800/177185 (executing program)
1970/01/01 00:11:32 fetching corpus: 2046, signal 149137/178726 (executing program)
1970/01/01 00:11:35 fetching corpus: 2096, signal 150357/180183 (executing program)
1970/01/01 00:11:38 fetching corpus: 2146, signal 151696/181693 (executing program)
1970/01/01 00:11:40 fetching corpus: 2196, signal 152667/182946 (executing program)
1970/01/01 00:11:43 fetching corpus: 2246, signal 153811/184308 (executing program)
1970/01/01 00:11:45 fetching corpus: 2296, signal 155144/185755 (executing program)
1970/01/01 00:11:47 fetching corpus: 2346, signal 156369/187165 (executing program)
1970/01/01 00:11:50 fetching corpus: 2396, signal 157256/188317 (executing program)
1970/01/01 00:11:53 fetching corpus: 2446, signal 158576/189726 (executing program)
1970/01/01 00:11:57 fetching corpus: 2496, signal 159475/190877 (executing program)
1970/01/01 00:11:59 fetching corpus: 2545, signal 160485/192049 (executing program)
1970/01/01 00:12:02 fetching corpus: 2595, signal 161734/193395 (executing program)
1970/01/01 00:12:06 fetching corpus: 2645, signal 163222/194775 (executing program)
1970/01/01 00:12:08 fetching corpus: 2695, signal 164654/196099 (executing program)
1970/01/01 00:12:10 fetching corpus: 2745, signal 165279/196972 (executing program)
1970/01/01 00:12:13 fetching corpus: 2795, signal 166626/198223 (executing program)
1970/01/01 00:12:15 fetching corpus: 2845, signal 167513/199246 (executing program)
1970/01/01 00:12:18 fetching corpus: 2895, signal 168504/200268 (executing program)
1970/01/01 00:12:21 fetching corpus: 2945, signal 169485/201282 (executing program)
1970/01/01 00:12:23 fetching corpus: 2994, signal 170382/202264 (executing program)
1970/01/01 00:12:25 fetching corpus: 3044, signal 170919/203050 (executing program)
1970/01/01 00:12:27 fetching corpus: 3094, signal 171726/203928 (executing program)
1970/01/01 00:12:30 fetching corpus: 3144, signal 172953/204992 (executing program)
1970/01/01 00:12:32 fetching corpus: 3193, signal 173655/205783 (executing program)
1970/01/01 00:12:35 fetching corpus: 3243, signal 174612/206663 (executing program)
1970/01/01 00:12:38 fetching corpus: 3293, signal 175471/207520 (executing program)
1970/01/01 00:12:40 fetching corpus: 3343, signal 175990/208209 (executing program)
1970/01/01 00:12:42 fetching corpus: 3393, signal 176808/209002 (executing program)
1970/01/01 00:12:46 fetching corpus: 3443, signal 177420/209671 (executing program)
1970/01/01 00:12:48 fetching corpus: 3493, signal 178326/210474 (executing program)
1970/01/01 00:12:50 fetching corpus: 3543, signal 179225/211257 (executing program)
1970/01/01 00:12:53 fetching corpus: 3593, signal 179963/211963 (executing program)
1970/01/01 00:12:56 fetching corpus: 3643, signal 180837/212738 (executing program)
1970/01/01 00:12:59 fetching corpus: 3692, signal 181846/213534 (executing program)
1970/01/01 00:13:02 fetching corpus: 3742, signal 182914/214340 (executing program)
1970/01/01 00:13:05 fetching corpus: 3792, signal 183552/214958 (executing program)
1970/01/01 00:13:07 fetching corpus: 3842, signal 184392/215632 (executing program)
1970/01/01 00:13:09 fetching corpus: 3892, signal 185200/216277 (executing program)
1970/01/01 00:13:13 fetching corpus: 3942, signal 185908/216916 (executing program)
1970/01/01 00:13:15 fetching corpus: 3992, signal 186499/217490 (executing program)
1970/01/01 00:13:17 fetching corpus: 4042, signal 187127/218023 (executing program)
1970/01/01 00:13:19 fetching corpus: 4091, signal 187652/218567 (executing program)
1970/01/01 00:13:22 fetching corpus: 4141, signal 188275/219122 (executing program)
1970/01/01 00:13:25 fetching corpus: 4191, signal 188917/219689 (executing program)
1970/01/01 00:13:28 fetching corpus: 4240, signal 189694/220227 (executing program)
1970/01/01 00:13:30 fetching corpus: 4290, signal 190449/220761 (executing program)
1970/01/01 00:13:34 fetching corpus: 4340, signal 191003/221238 (executing program)
1970/01/01 00:13:38 fetching corpus: 4390, signal 191582/221722 (executing program)
1970/01/01 00:13:42 fetching corpus: 4440, signal 192143/222158 (executing program)
1970/01/01 00:13:45 fetching corpus: 4490, signal 192766/222636 (executing program)
1970/01/01 00:13:47 fetching corpus: 4540, signal 193470/223092 (executing program)
1970/01/01 00:13:50 fetching corpus: 4590, signal 194209/223566 (executing program)
1970/01/01 00:13:52 fetching corpus: 4640, signal 194949/224031 (executing program)
1970/01/01 00:13:54 fetching corpus: 4690, signal 195574/224437 (executing program)
1970/01/01 00:13:57 fetching corpus: 4740, signal 196104/224818 (executing program)
1970/01/01 00:13:59 fetching corpus: 4790, signal 196663/225174 (executing program)
1970/01/01 00:14:02 fetching corpus: 4840, signal 197121/225505 (executing program)
1970/01/01 00:14:05 fetching corpus: 4890, signal 197637/225877 (executing program)
1970/01/01 00:14:08 fetching corpus: 4940, signal 198462/226266 (executing program)
1970/01/01 00:14:10 fetching corpus: 4990, signal 199174/226628 (executing program)
1970/01/01 00:14:12 fetching corpus: 5040, signal 199543/226926 (executing program)
1970/01/01 00:14:15 fetching corpus: 5090, signal 200032/227253 (executing program)
1970/01/01 00:14:18 fetching corpus: 5140, signal 200556/227547 (executing program)
1970/01/01 00:14:20 fetching corpus: 5190, signal 201466/227852 (executing program)
1970/01/01 00:14:22 fetching corpus: 5240, signal 202028/228136 (executing program)
1970/01/01 00:14:24 fetching corpus: 5290, signal 202735/228446 (executing program)
1970/01/01 00:14:27 fetching corpus: 5340, signal 203162/228738 (executing program)
1970/01/01 00:14:30 fetching corpus: 5390, signal 203540/228959 (executing program)
1970/01/01 00:14:32 fetching corpus: 5440, signal 204162/229202 (executing program)
1970/01/01 00:14:34 fetching corpus: 5490, signal 204598/229458 (executing program)
1970/01/01 00:14:36 fetching corpus: 5540, signal 205113/229706 (executing program)
1970/01/01 00:14:40 fetching corpus: 5590, signal 205664/229950 (executing program)
1970/01/01 00:14:43 fetching corpus: 5640, signal 206223/230183 (executing program)
1970/01/01 00:14:46 fetching corpus: 5690, signal 206825/230408 (executing program)
1970/01/01 00:14:48 fetching corpus: 5740, signal 207427/230463 (executing program)
1970/01/01 00:14:50 fetching corpus: 5790, signal 207941/230463 (executing program)
1970/01/01 00:14:53 fetching corpus: 5840, signal 208395/230463 (executing program)
1970/01/01 00:14:56 fetching corpus: 5890, signal 208915/230466 (executing program)
1970/01/01 00:14:59 fetching corpus: 5940, signal 209483/230466 (executing program)
1970/01/01 00:15:02 fetching corpus: 5990, signal 209950/230466 (executing program)
1970/01/01 00:15:04 fetching corpus: 6040, signal 210400/230466 (executing program)
1970/01/01 00:15:06 fetching corpus: 6090, signal 210707/230466 (executing program)
1970/01/01 00:15:09 fetching corpus: 6139, signal 211147/230466 (executing program)
1970/01/01 00:15:11 fetching corpus: 6189, signal 211639/230466 (executing program)
1970/01/01 00:15:13 fetching corpus: 6239, signal 212249/230466 (executing program)
1970/01/01 00:15:16 fetching corpus: 6289, signal 212578/230466 (executing program)
1970/01/01 00:15:18 fetching corpus: 6339, signal 213065/230466 (executing program)
1970/01/01 00:15:23 fetching corpus: 6389, signal 213684/230466 (executing program)
1970/01/01 00:15:25 fetching corpus: 6438, signal 214075/230466 (executing program)
1970/01/01 00:15:27 fetching corpus: 6488, signal 214827/230466 (executing program)
1970/01/01 00:15:30 fetching corpus: 6538, signal 215585/230466 (executing program)
1970/01/01 00:15:33 fetching corpus: 6588, signal 216218/230477 (executing program)
1970/01/01 00:15:35 fetching corpus: 6638, signal 216650/230477 (executing program)
1970/01/01 00:15:39 fetching corpus: 6687, signal 217040/230477 (executing program)
1970/01/01 00:15:43 fetching corpus: 6736, signal 217568/230477 (executing program)
1970/01/01 00:15:46 fetching corpus: 6786, signal 218107/230477 (executing program)
1970/01/01 00:15:48 fetching corpus: 6836, signal 218628/230477 (executing program)
1970/01/01 00:15:51 fetching corpus: 6886, signal 219193/230477 (executing program)
1970/01/01 00:15:53 fetching corpus: 6936, signal 219762/230477 (executing program)
1970/01/01 00:15:56 fetching corpus: 6986, signal 220285/230524 (executing program)
1970/01/01 00:16:01 fetching corpus: 7036, signal 220695/230524 (executing program)
1970/01/01 00:16:05 fetching corpus: 7086, signal 221049/230524 (executing program)
1970/01/01 00:16:08 fetching corpus: 7136, signal 221438/230535 (executing program)
1970/01/01 00:16:11 fetching corpus: 7186, signal 221939/230535 (executing program)
1970/01/01 00:16:13 fetching corpus: 7236, signal 222379/230535 (executing program)
1970/01/01 00:16:16 fetching corpus: 7286, signal 222807/230535 (executing program)
1970/01/01 00:16:18 fetching corpus: 7336, signal 223109/230535 (executing program)
1970/01/01 00:16:22 fetching corpus: 7386, signal 223610/230535 (executing program)
1970/01/01 00:16:24 fetching corpus: 7436, signal 224009/230535 (executing program)
1970/01/01 00:16:27 fetching corpus: 7486, signal 224536/230535 (executing program)
1970/01/01 00:16:29 fetching corpus: 7535, signal 224968/230535 (executing program)
1970/01/01 00:16:31 fetching corpus: 7585, signal 225484/230535 (executing program)
1970/01/01 00:16:33 fetching corpus: 7635, signal 225910/230535 (executing program)
1970/01/01 00:16:36 fetching corpus: 7685, signal 226258/230557 (executing program)
1970/01/01 00:16:39 fetching corpus: 7735, signal 226633/230557 (executing program)
1970/01/01 00:16:42 fetching corpus: 7783, signal 227010/230557 (executing program)
1970/01/01 00:16:44 fetching corpus: 7833, signal 227284/230557 (executing program)
1970/01/01 00:16:46 fetching corpus: 7883, signal 227575/230557 (executing program)
1970/01/01 00:16:48 fetching corpus: 7933, signal 227969/230557 (executing program)
1970/01/01 00:16:51 fetching corpus: 7983, signal 228373/230557 (executing program)
1970/01/01 00:16:52 fetching corpus: 8000, signal 228500/230557 (executing program)
1970/01/01 00:16:53 fetching corpus: 8000, signal 228500/230557 (executing program)
1970/01/01 00:18:39 starting 2 fuzzer processes
00:18:39 executing program 0:
openat2(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000080)={0x4040, 0x0, 0x1}, 0x18)

00:18:39 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000012c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
read$alg(r1, &(0x7f0000000000)=""/38, 0x26)

[ 1150.216931][ T2045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1150.772595][ T2045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1151.001887][ T2047] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1151.552769][ T2047] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1162.568211][ T2045] device hsr_slave_0 entered promiscuous mode
[ 1162.618017][ T2045] device hsr_slave_1 entered promiscuous mode
[ 1165.371683][ T2047] device hsr_slave_0 entered promiscuous mode
[ 1165.400455][ T2047] device hsr_slave_1 entered promiscuous mode
[ 1165.431774][ T2047] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1165.438957][ T2047] Cannot create hsr debugfs directory
[ 1171.142138][ T2045] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1171.629973][ T2045] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1171.941397][ T2045] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1172.168724][ T2045] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1173.957037][ T2047] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1174.072034][ T2047] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1174.512028][ T2047] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1174.697389][ T2047] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1185.992442][ T2045] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1186.816465][ T2047] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1186.988709][  T948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1187.102754][  T948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1188.001328][  T948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1188.080301][  T948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1195.737342][   T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1195.828956][   T82] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1196.111114][ T2655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1196.198158][ T2655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1196.796853][ T2655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1196.841695][ T2655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1196.910400][ T2655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1197.461160][  T948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1197.511170][  T948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1197.567076][  T948] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1197.970467][ T2256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1198.221399][ T2323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1199.425715][ T2045] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1199.427302][ T2045] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1199.734985][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1199.780298][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1199.840694][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1199.907855][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1199.990053][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1200.038446][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1200.205721][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1200.697909][ T2256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1200.782595][ T2256] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1209.698648][ T2256] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1209.725254][ T2256] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1210.535002][ T2256] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1210.539217][ T2256] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1228.905911][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1228.957439][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1229.518415][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1229.558518][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1238.194977][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1238.290911][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1238.481366][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1238.510567][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1238.534642][ T2045] device veth0_vlan entered promiscuous mode
[ 1239.252298][ T2045] device veth1_vlan entered promiscuous mode
[ 1241.375823][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1241.507946][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1241.887200][ T2045] device veth0_macvtap entered promiscuous mode
[ 1242.515959][ T2045] device veth1_macvtap entered promiscuous mode
[ 1242.980168][ T2047] device veth0_vlan entered promiscuous mode
[ 1243.108807][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1243.202938][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1243.240882][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1243.470558][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1243.549285][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1244.236357][ T2047] device veth1_vlan entered promiscuous mode
[ 1244.802721][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1244.900462][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1245.476710][ T2256] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1245.541964][ T2256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1245.958571][ T2045] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1245.962340][ T2045] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1246.029250][ T2045] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1246.030886][ T2045] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1246.760848][ T2256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1246.852385][ T2256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1247.481136][ T2047] device veth0_macvtap entered promiscuous mode
[ 1248.147452][ T2256] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1248.319122][ T2047] device veth1_macvtap entered promiscuous mode
[ 1251.878628][  T948] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1251.929620][  T948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1251.970012][  T948] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1252.091786][  T948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1252.541059][ T2047] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1252.569043][ T2047] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1252.570818][ T2047] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1252.572506][ T2047] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
00:20:59 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000012c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
read$alg(r1, &(0x7f0000000000)=""/38, 0x26)

00:21:01 executing program 0:
openat2(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000080)={0x4040, 0x0, 0x1}, 0x18)

00:21:03 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000012c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
read$alg(r1, &(0x7f0000000000)=""/38, 0x26)

00:21:05 executing program 0:
openat2(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000080)={0x4040, 0x0, 0x1}, 0x18)

00:21:07 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000012c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
read$alg(r1, &(0x7f0000000000)=""/38, 0x26)

00:21:08 executing program 0:
openat2(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000080)={0x4040, 0x0, 0x1}, 0x18)

00:21:11 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000012c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
read$alg(r1, &(0x7f0000000000)=""/38, 0x26)

00:21:13 executing program 0:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002)
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)={0x2, 0x13, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, [@sadb_ident={0x2, 0xb, 0xfbb, 0x0, 0x200}, @sadb_x_nat_t_type={0x1, 0x14, 0x7}]}, 0x28}}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x6a1b, 0x0, 0x0, 0x0, 0x0)

00:21:14 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000012c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
read$alg(r1, &(0x7f0000000000)=""/38, 0x26)

00:21:16 executing program 0:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002)
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)={0x2, 0x13, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, [@sadb_ident={0x2, 0xb, 0xfbb, 0x0, 0x200}, @sadb_x_nat_t_type={0x1, 0x14, 0x7}]}, 0x28}}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x6a1b, 0x0, 0x0, 0x0, 0x0)

00:21:18 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000012c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
read$alg(r1, &(0x7f0000000000)=""/38, 0x26)

00:21:19 executing program 0:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002)
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)={0x2, 0x13, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, [@sadb_ident={0x2, 0xb, 0xfbb, 0x0, 0x200}, @sadb_x_nat_t_type={0x1, 0x14, 0x7}]}, 0x28}}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x6a1b, 0x0, 0x0, 0x0, 0x0)

00:21:22 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
r2 = dup(r1)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000005940)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1})
close_range(r0, 0xffffffffffffffff, 0x0)

00:21:23 executing program 0:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002)
mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)={0x2, 0x13, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, [@sadb_ident={0x2, 0xb, 0xfbb, 0x0, 0x200}, @sadb_x_nat_t_type={0x1, 0x14, 0x7}]}, 0x28}}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x6a1b, 0x0, 0x0, 0x0, 0x0)

00:21:25 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
r2 = dup(r1)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000005940)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1})
close_range(r0, 0xffffffffffffffff, 0x0)

[ 1287.693326][    C0] hrtimer: interrupt took 1388400 ns
00:21:28 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
r2 = dup(r1)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000005940)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1})
close_range(r0, 0xffffffffffffffff, 0x0)

00:21:29 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
r2 = dup(r1)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000005940)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1})
close_range(r0, 0xffffffffffffffff, 0x0)

00:21:31 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
r2 = dup(r1)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000005940)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1})
close_range(r0, 0xffffffffffffffff, 0x0)

00:21:33 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
r2 = dup(r1)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000005940)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1})
close_range(r0, 0xffffffffffffffff, 0x0)

00:21:35 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
r2 = dup(r1)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000005940)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1})
close_range(r0, 0xffffffffffffffff, 0x0)

00:21:38 executing program 1:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/snmp6\x00')
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000240)='x', 0x1}], 0x1)

00:21:40 executing program 0:
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = socket$kcm(0x29, 0x2, 0x0)
write(r1, &(0x7f0000000080), 0x400300)
syz_open_procfs(0xffffffffffffffff, 0x0)
readv(r0, &(0x7f0000000340)=[{&(0x7f0000000240)=""/249, 0xf9}], 0x1)
write(r0, &(0x7f0000000080), 0x400300)

00:21:41 executing program 1:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/snmp6\x00')
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000240)='x', 0x1}], 0x1)

00:21:45 executing program 1:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/snmp6\x00')
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000240)='x', 0x1}], 0x1)

00:21:47 executing program 0:
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = socket$kcm(0x29, 0x2, 0x0)
write(r1, &(0x7f0000000080), 0x400300)
syz_open_procfs(0xffffffffffffffff, 0x0)
readv(r0, &(0x7f0000000340)=[{&(0x7f0000000240)=""/249, 0xf9}], 0x1)
write(r0, &(0x7f0000000080), 0x400300)

00:21:49 executing program 1:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/snmp6\x00')
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000240)='x', 0x1}], 0x1)

00:21:53 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
read$nci(r0, &(0x7f0000000200)=""/100, 0x64)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r0, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r0, &(0x7f0000000380)=""/100, 0x64)
write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r0, &(0x7f0000000500)=""/100, 0x64)
write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f0000000680)=""/100, 0x64)
write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r0, &(0x7f0000000840)=""/100, 0x64)
write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)

00:21:55 executing program 0:
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = socket$kcm(0x29, 0x2, 0x0)
write(r1, &(0x7f0000000080), 0x400300)
syz_open_procfs(0xffffffffffffffff, 0x0)
readv(r0, &(0x7f0000000340)=[{&(0x7f0000000240)=""/249, 0xf9}], 0x1)
write(r0, &(0x7f0000000080), 0x400300)

00:22:02 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
read$nci(r0, &(0x7f0000000200)=""/100, 0x64)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r0, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r0, &(0x7f0000000380)=""/100, 0x64)
write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r0, &(0x7f0000000500)=""/100, 0x64)
write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f0000000680)=""/100, 0x64)
write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r0, &(0x7f0000000840)=""/100, 0x64)
write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)

00:22:04 executing program 0:
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = socket$kcm(0x29, 0x2, 0x0)
write(r1, &(0x7f0000000080), 0x400300)
syz_open_procfs(0xffffffffffffffff, 0x0)
readv(r0, &(0x7f0000000340)=[{&(0x7f0000000240)=""/249, 0xf9}], 0x1)
write(r0, &(0x7f0000000080), 0x400300)

[ 1333.517217][ T2822] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0
[ 1333.568392][ T2822] 
[ 1333.569787][ T2822] ======================================================
[ 1333.572113][ T2822] WARNING: possible circular locking dependency detected
[ 1333.573515][ T2822] 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Not tainted
[ 1333.574641][ T2822] ------------------------------------------------------
[ 1333.576305][ T2822] syz-executor.1/2822 is trying to acquire lock:
[ 1333.578129][ T2822] ffffffff84fc0408 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x28/0x58
[ 1333.581065][ T2822] 
[ 1333.581065][ T2822] but task is already holding lock:
[ 1333.582040][ T2822] ffffaf8022267350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de
[ 1333.584354][ T2822] 
[ 1333.584354][ T2822] which lock already depends on the new lock.
[ 1333.584354][ T2822] 
[ 1333.585339][ T2822] 
[ 1333.585339][ T2822] the existing dependency chain (in reverse order) is:
[ 1333.586398][ T2822] 
[ 1333.586398][ T2822] -> #3 (&ndev->req_lock){+.+.}-{3:3}:
[ 1333.588081][ T2822]        lock_acquire.part.0+0x1d0/0x424
[ 1333.589260][ T2822]        lock_acquire+0x54/0x6a
[ 1333.590175][ T2822]        __mutex_lock+0x114/0xade
[ 1333.591226][ T2822]        mutex_lock_nested+0x14/0x1c
[ 1333.592286][ T2822]        nci_start_poll+0x4de/0x6b8
[ 1333.593856][ T2822]        nfc_start_poll+0x10c/0x1e8
[ 1333.594874][ T2822]        nfc_genl_start_poll+0xfe/0x252
[ 1333.595898][ T2822]        genl_family_rcv_msg_doit+0x19a/0x23c
[ 1333.596877][ T2822]        genl_rcv_msg+0x236/0x3ba
[ 1333.597754][ T2822]        netlink_rcv_skb+0xf8/0x2be
[ 1333.598691][ T2822]        genl_rcv+0x36/0x4c
[ 1333.599530][ T2822]        netlink_unicast+0x40e/0x5fe
[ 1333.600437][ T2822]        netlink_sendmsg+0x4e0/0x994
[ 1333.601390][ T2822]        sock_sendmsg+0xa0/0xc4
[ 1333.602442][ T2822]        ____sys_sendmsg+0x46e/0x484
[ 1333.603808][ T2822]        ___sys_sendmsg+0x16c/0x1f6
[ 1333.604672][ T2822]        __sys_sendmsg+0xba/0x150
[ 1333.605766][ T2822]        sys_sendmsg+0x2c/0x3a
[ 1333.607243][ T2822]        ret_from_syscall+0x0/0x2
[ 1333.608551][ T2822] 
[ 1333.608551][ T2822] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}:
[ 1333.610969][ T2822]        lock_acquire.part.0+0x1d0/0x424
[ 1333.612264][ T2822]        lock_acquire+0x54/0x6a
[ 1333.613925][ T2822]        __mutex_lock+0x114/0xade
[ 1333.615335][ T2822]        mutex_lock_nested+0x14/0x1c
[ 1333.616511][ T2822]        nfc_urelease_event_work+0x126/0x218
[ 1333.618149][ T2822]        process_one_work+0x654/0xffe
[ 1333.619224][ T2822]        worker_thread+0x360/0x8fa
[ 1333.620240][ T2822]        kthread+0x19e/0x1fa
[ 1333.621776][ T2822]        ret_from_exception+0x0/0x10
[ 1333.622909][ T2822] 
[ 1333.622909][ T2822] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}:
[ 1333.624501][ T2822]        lock_acquire.part.0+0x1d0/0x424
[ 1333.625533][ T2822]        lock_acquire+0x54/0x6a
[ 1333.626477][ T2822]        __mutex_lock+0x114/0xade
[ 1333.627496][ T2822]        mutex_lock_nested+0x14/0x1c
[ 1333.628638][ T2822]        nfc_register_device+0x44/0x29e
[ 1333.629725][ T2822]        nci_register_device+0x538/0x612
[ 1333.630819][ T2822]        virtual_ncidev_open+0x82/0x12c
[ 1333.631872][ T2822]        misc_open+0x272/0x2c8
[ 1333.633035][ T2822]        chrdev_open+0x1d4/0x478
[ 1333.634004][ T2822]        do_dentry_open+0x2a4/0x7d4
[ 1333.635013][ T2822]        vfs_open+0x52/0x5e
[ 1333.635976][ T2822]        path_openat+0x12b6/0x189e
[ 1333.636877][ T2822]        do_filp_open+0x10e/0x22a
[ 1333.637807][ T2822]        do_sys_openat2+0x174/0x31e
[ 1333.639406][ T2822]        sys_openat+0xdc/0x164
[ 1333.640659][ T2822]        ret_from_syscall+0x0/0x2
[ 1333.642157][ T2822] 
[ 1333.642157][ T2822] -> #0 (nci_mutex){+.+.}-{3:3}:
[ 1333.644276][ T2822]        check_noncircular+0x1de/0x1fe
[ 1333.645303][ T2822]        __lock_acquire+0x19a4/0x333e
[ 1333.646255][ T2822]        lock_acquire.part.0+0x1d0/0x424
[ 1333.647274][ T2822]        lock_acquire+0x54/0x6a
[ 1333.648202][ T2822]        __mutex_lock+0x114/0xade
[ 1333.649203][ T2822]        mutex_lock_nested+0x14/0x1c
[ 1333.650194][ T2822]        virtual_nci_close+0x28/0x58
[ 1333.651236][ T2822]        nci_close_device+0x12e/0x1de
[ 1333.652261][ T2822]        nci_unregister_device+0x34/0x182
[ 1333.653780][ T2822]        virtual_ncidev_close+0x9c/0xbc
[ 1333.654789][ T2822]        __fput+0x164/0x502
[ 1333.655622][ T2822]        ____fput+0x1a/0x24
[ 1333.656442][ T2822]        task_work_run+0xdc/0x154
[ 1333.657393][ T2822]        do_notify_resume+0x894/0xa56
[ 1333.658364][ T2822]        ret_from_exception+0x0/0x10
[ 1333.659342][ T2822] 
[ 1333.659342][ T2822] other info that might help us debug this:
[ 1333.659342][ T2822] 
[ 1333.660346][ T2822] Chain exists of:
[ 1333.660346][ T2822]   nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock
[ 1333.660346][ T2822] 
[ 1333.662342][ T2822]  Possible unsafe locking scenario:
[ 1333.662342][ T2822] 
[ 1333.663840][ T2822]        CPU0                    CPU1
[ 1333.665203][ T2822]        ----                    ----
[ 1333.665911][ T2822]   lock(&ndev->req_lock);
[ 1333.667024][ T2822]                                lock(&genl_data->genl_data_mutex);
[ 1333.669378][ T2822]                                lock(&ndev->req_lock);
[ 1333.670642][ T2822]   lock(nci_mutex);
[ 1333.671570][ T2822] 
[ 1333.671570][ T2822]  *** DEADLOCK ***
[ 1333.671570][ T2822] 
[ 1333.672510][ T2822] 1 lock held by syz-executor.1/2822:
[ 1333.674015][ T2822]  #0: ffffaf8022267350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de
[ 1333.676867][ T2822] 
[ 1333.676867][ T2822] stack backtrace:
[ 1333.678011][ T2822] CPU: 0 PID: 2822 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[ 1333.679376][ T2822] Hardware name: riscv-virtio,qemu (DT)
[ 1333.680393][ T2822] Call Trace:
[ 1333.681066][ T2822] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[ 1333.682174][ T2822] [<ffffffff831668cc>] show_stack+0x34/0x40
[ 1333.683884][ T2822] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[ 1333.684950][ T2822] [<ffffffff83175742>] dump_stack+0x1c/0x24
[ 1333.686009][ T2822] [<ffffffff8010f7b8>] print_circular_bug+0x34e/0x3d8
[ 1333.687133][ T2822] [<ffffffff8010fa20>] check_noncircular+0x1de/0x1fe
[ 1333.688252][ T2822] [<ffffffff80113c26>] __lock_acquire+0x19a4/0x333e
[ 1333.689355][ T2822] [<ffffffff80116582>] lock_acquire.part.0+0x1d0/0x424
[ 1333.690490][ T2822] [<ffffffff8011682a>] lock_acquire+0x54/0x6a
[ 1333.691591][ T2822] [<ffffffff831a8ea4>] __mutex_lock+0x114/0xade
[ 1333.692712][ T2822] [<ffffffff831a9882>] mutex_lock_nested+0x14/0x1c
[ 1333.693963][ T2822] [<ffffffff8148d766>] virtual_nci_close+0x28/0x58
[ 1333.695079][ T2822] [<ffffffff830cf612>] nci_close_device+0x12e/0x1de
[ 1333.696927][ T2822] [<ffffffff830d0372>] nci_unregister_device+0x34/0x182
[ 1333.698407][ T2822] [<ffffffff8148d508>] virtual_ncidev_close+0x9c/0xbc
[ 1333.700263][ T2822] [<ffffffff804cb3c0>] __fput+0x164/0x502
[ 1333.701326][ T2822] [<ffffffff804cb7d2>] ____fput+0x1a/0x24
[ 1333.702363][ T2822] [<ffffffff800a0530>] task_work_run+0xdc/0x154
[ 1333.703732][ T2822] [<ffffffff80008c12>] do_notify_resume+0x894/0xa56
[ 1333.704873][ T2822] [<ffffffff80005724>] ret_from_exception+0x0/0x10
00:22:13 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = fcntl$dupfd(r0, 0x0, r0)
sendmmsg$inet6(r1, &(0x7f0000000100)=[{{&(0x7f00000002c0)={0xa, 0x4e24, 0x0, @loopback={0xff00000000000300}}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @dev, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="14"], 0x18}}], 0x2, 0x0)

00:22:13 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
read$nci(r0, &(0x7f0000000200)=""/100, 0x64)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r0, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r0, &(0x7f0000000380)=""/100, 0x64)
write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r0, &(0x7f0000000500)=""/100, 0x64)
write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f0000000680)=""/100, 0x64)
write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r0, &(0x7f0000000840)=""/100, 0x64)
write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)

00:22:15 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = fcntl$dupfd(r0, 0x0, r0)
sendmmsg$inet6(r1, &(0x7f0000000100)=[{{&(0x7f00000002c0)={0xa, 0x4e24, 0x0, @loopback={0xff00000000000300}}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @dev, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="14"], 0x18}}], 0x2, 0x0)

00:22:16 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = fcntl$dupfd(r0, 0x0, r0)
sendmmsg$inet6(r1, &(0x7f0000000100)=[{{&(0x7f00000002c0)={0xa, 0x4e24, 0x0, @loopback={0xff00000000000300}}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @dev, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="14"], 0x18}}], 0x2, 0x0)

00:22:16 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = fcntl$dupfd(r0, 0x0, r0)
sendmmsg$inet6(r1, &(0x7f0000000100)=[{{&(0x7f00000002c0)={0xa, 0x4e24, 0x0, @loopback={0xff00000000000300}}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @dev, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="14"], 0x18}}], 0x2, 0x0)

[ 1342.636286][ T2837] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0
00:22:22 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = fcntl$dupfd(r0, 0x0, r0)
sendmmsg$inet6(r1, &(0x7f0000000100)=[{{&(0x7f00000002c0)={0xa, 0x4e24, 0x0, @loopback={0xff00000000000300}}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @dev, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="14"], 0x18}}], 0x2, 0x0)

00:22:22 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
read$nci(r0, &(0x7f0000000200)=""/100, 0x64)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r0, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r0, &(0x7f0000000380)=""/100, 0x64)
write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r0, &(0x7f0000000500)=""/100, 0x64)
write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f0000000680)=""/100, 0x64)
write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r0, &(0x7f0000000840)=""/100, 0x64)
write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)

00:22:23 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = fcntl$dupfd(r0, 0x0, r0)
sendmmsg$inet6(r1, &(0x7f0000000100)=[{{&(0x7f00000002c0)={0xa, 0x4e24, 0x0, @loopback={0xff00000000000300}}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @dev, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="14"], 0x18}}], 0x2, 0x0)

00:22:24 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = fcntl$dupfd(r0, 0x0, r0)
sendmmsg$inet6(r1, &(0x7f0000000100)=[{{&(0x7f00000002c0)={0xa, 0x4e24, 0x0, @loopback={0xff00000000000300}}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @dev, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="14"], 0x18}}], 0x2, 0x0)

00:22:25 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = fcntl$dupfd(r0, 0x0, r0)
sendmmsg$inet6(r1, &(0x7f0000000100)=[{{&(0x7f00000002c0)={0xa, 0x4e24, 0x0, @loopback={0xff00000000000300}}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @dev, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="14"], 0x18}}], 0x2, 0x0)

[ 1350.555930][ T2855] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0
00:22:30 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = fcntl$dupfd(r0, 0x0, r0)
sendmmsg$inet6(r1, &(0x7f0000000100)=[{{&(0x7f00000002c0)={0xa, 0x4e24, 0x0, @loopback={0xff00000000000300}}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @dev, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="14"], 0x18}}], 0x2, 0x0)

00:22:31 executing program 1:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x0, 0x5}]}]}}, &(0x7f0000000440)=""/199, 0x32, 0xc7, 0x1}, 0x20)

00:22:31 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = fcntl$dupfd(r0, 0x0, r0)
sendmmsg$inet6(r1, &(0x7f0000000100)=[{{&(0x7f00000002c0)={0xa, 0x4e24, 0x0, @loopback={0xff00000000000300}}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @dev, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="14"], 0x18}}], 0x2, 0x0)

00:22:31 executing program 1:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x0, 0x5}]}]}}, &(0x7f0000000440)=""/199, 0x32, 0xc7, 0x1}, 0x20)

00:22:32 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f00000000c0)={0x0, 0x0, 0x7})

00:22:32 executing program 1:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x0, 0x5}]}]}}, &(0x7f0000000440)=""/199, 0x32, 0xc7, 0x1}, 0x20)

[ 1353.979843][   T26] audit: type=1800 audit(1353.100:2): pid=2882 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=644 res=0 errno=0
00:22:33 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f00000000c0)={0x0, 0x0, 0x7})

00:22:33 executing program 1:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x0, 0x5}]}]}}, &(0x7f0000000440)=""/199, 0x32, 0xc7, 0x1}, 0x20)

[ 1354.938545][   T26] audit: type=1800 audit(1354.050:3): pid=2887 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=644 res=0 errno=0
00:22:34 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f00000000c0)={0x0, 0x0, 0x7})

00:22:34 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f00000000c0)={0x0, 0x0, 0x7})

[ 1356.119807][   T26] audit: type=1800 audit(1355.240:4): pid=2890 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=643 res=0 errno=0
[ 1356.221977][   T26] audit: type=1800 audit(1355.340:5): pid=2891 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=645 res=0 errno=0
00:22:35 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f00000000c0)={0x0, 0x0, 0x7})

00:22:35 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f00000000c0)={0x0, 0x0, 0x7})

[ 1357.426764][   T26] audit: type=1800 audit(1356.550:6): pid=2894 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=644 res=0 errno=0
[ 1357.637162][   T26] audit: type=1800 audit(1356.710:7): pid=2895 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=645 res=0 errno=0
00:22:37 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f00000000c0)={0x0, 0x0, 0x7})

00:22:37 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f0000002740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x700, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

[ 1359.302317][   T26] audit: type=1800 audit(1358.420:8): pid=2898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=642 res=0 errno=0
00:22:39 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f0000002740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x700, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

00:22:39 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f0000002740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x700, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

00:22:41 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f0000002740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x700, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

00:22:41 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f0000002740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x700, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)


VM DIAGNOSIS:
14:20:23  Registers:
info registers vcpu 0
 pc       ffffffff80dc337e
 mhartid  0000000000000000
 mstatus  00000000000000a0
 mip      00000000000000a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff804759c8
 sepc     ffffffff8148d73e
 mcause   8000000000000007
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff80dc337e x2/sp ffffaf800cc3efc0 x3/gp ffffffff85863ac0
 x4/tp ffffaf800bb99840 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0d796ca x7/t2 0000000000000000
 x8/s0 ffffaf800cc3eff0 x9/s1 ffffffff86e58900 x10/a0 ffffffff86e58948 x11/a1 ffff8f800066c000
 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948
 x16/a6 ffffffff86e589f1 x17/a7 ffffffff86bcb656 x18/s2 ffff8f800066c000 x19/s3 000000000000002d
 x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb68e
 x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000
 x28/t3 000000000000002d x29/t4 fffffffef0d796c8 x30/t5 fffffffef0d796cb x31/t6 ffffffff86bcb657
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff803d23d0
 mhartid  0000000000000001
 mstatus  00000000000000a2
 mip      0000000000000080
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000f97e
 sepc     00000000000554b4
 mcause   0000000000000009
 scause   0000000000000008
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff803d23d0 x2/sp ffffaf802310b610 x3/gp ffffffff85863ac0
 x4/tp ffffaf800bce9840 x5/t0 ffffaf802310b710 x6/t1 fffff5ef0f5f4fb1 x7/t2 00007fffd554e1b7
 x8/s0 ffffaf802310b7c0 x9/s1 ffffaf800c8e1950 x10/a0 0000000000000001 x11/a1 0000000000000004
 x12/a2 0000000000000000 x13/a3 ffffffff803d23d0 x14/a4 0000000000000000 x15/a5 fffff5ef0f5f4fb2
 x16/a6 ffffaf807afa7d88 x17/a7 ffffaf807afa7d8b x18/s2 00007fffa7d2b000 x19/s3 ffffaf807afa7d88
 x20/s4 00000000285c4c17 x21/s5 00007fffa7e00000 x22/s6 ffffaf807afa7d58 x23/s7 0000000000000000
 x24/s8 ffffaf802310b740 x25/s9 ffffaf802310b920 x26/s10 00007fffa7d2a000 x27/s11 ffffaf807afa7d60
 x28/t3 000000007fffffff x29/t4 fffff5ef0f5f4fb1 x30/t5 fffff5ef0f5f4fb2 x31/t6 0000000000040000
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000