syzkaller login: [ 276.032121][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 285.110793][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 285.183120][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 285.249492][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:44656' (ECDSA) to the list of known hosts. 1970/01/01 00:06:28 fuzzer started 1970/01/01 00:06:42 dialing manager at localhost:36497 [ 409.212017][ T2026] cgroup: Unknown subsys name 'net' [ 410.138124][ T2026] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:49 syscalls: 2918 1970/01/01 00:06:49 code coverage: enabled 1970/01/01 00:06:49 comparison tracing: enabled 1970/01/01 00:06:49 extra coverage: enabled 1970/01/01 00:06:49 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:49 setuid sandbox: enabled 1970/01/01 00:06:49 namespace sandbox: enabled 1970/01/01 00:06:49 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:49 fault injection: enabled 1970/01/01 00:06:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:49 net packet injection: enabled 1970/01/01 00:06:49 net device setup: enabled 1970/01/01 00:06:49 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:49 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:49 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:49 USB emulation: enabled 1970/01/01 00:06:49 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:49 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:49 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:49 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:54 fetching corpus: 50, signal 27504/31041 (executing program) 1970/01/01 00:06:56 fetching corpus: 99, signal 40685/45679 (executing program) 1970/01/01 00:06:59 fetching corpus: 149, signal 52091/58381 (executing program) 1970/01/01 00:07:03 fetching corpus: 198, signal 63060/70474 (executing program) 1970/01/01 00:07:06 fetching corpus: 247, signal 68509/77065 (executing program) 1970/01/01 00:07:08 fetching corpus: 297, signal 74291/83929 (executing program) 1970/01/01 00:07:10 fetching corpus: 347, signal 79282/89967 (executing program) 1970/01/01 00:07:12 fetching corpus: 397, signal 83259/94961 (executing program) 1970/01/01 00:07:15 fetching corpus: 447, signal 86486/99198 (executing program) 1970/01/01 00:07:18 fetching corpus: 497, signal 89529/103215 (executing program) 1970/01/01 00:07:21 fetching corpus: 547, signal 92489/107099 (executing program) 1970/01/01 00:07:23 fetching corpus: 597, signal 95006/110586 (executing program) 1970/01/01 00:07:26 fetching corpus: 647, signal 97651/114122 (executing program) 1970/01/01 00:07:27 fetching corpus: 696, signal 100159/117479 (executing program) 1970/01/01 00:07:30 fetching corpus: 745, signal 101858/120092 (executing program) 1970/01/01 00:07:34 fetching corpus: 795, signal 104899/123847 (executing program) 1970/01/01 00:07:40 fetching corpus: 845, signal 108513/128055 (executing program) 1970/01/01 00:07:42 fetching corpus: 895, signal 110090/130487 (executing program) 1970/01/01 00:07:46 fetching corpus: 945, signal 112957/133988 (executing program) 1970/01/01 00:07:49 fetching corpus: 995, signal 115872/137447 (executing program) 1970/01/01 00:07:52 fetching corpus: 1045, signal 117809/140058 (executing program) 1970/01/01 00:07:55 fetching corpus: 1095, signal 119916/142809 (executing program) 1970/01/01 00:07:59 fetching corpus: 1145, signal 121785/145302 (executing program) 1970/01/01 00:08:02 fetching corpus: 1195, signal 124095/148120 (executing program) 1970/01/01 00:08:04 fetching corpus: 1243, signal 125704/150249 (executing program) 1970/01/01 00:08:07 fetching corpus: 1292, signal 127668/152706 (executing program) 1970/01/01 00:08:09 fetching corpus: 1342, signal 129233/154845 (executing program) 1970/01/01 00:08:12 fetching corpus: 1392, signal 131014/157080 (executing program) 1970/01/01 00:08:15 fetching corpus: 1441, signal 132061/158758 (executing program) 1970/01/01 00:08:18 fetching corpus: 1490, signal 133943/161033 (executing program) 1970/01/01 00:08:22 fetching corpus: 1539, signal 135257/162895 (executing program) 1970/01/01 00:08:25 fetching corpus: 1589, signal 136951/165003 (executing program) 1970/01/01 00:08:27 fetching corpus: 1639, signal 138493/167005 (executing program) 1970/01/01 00:08:29 fetching corpus: 1689, signal 139827/168821 (executing program) 1970/01/01 00:08:31 fetching corpus: 1739, signal 140977/170428 (executing program) 1970/01/01 00:08:34 fetching corpus: 1789, signal 143126/172713 (executing program) 1970/01/01 00:08:37 fetching corpus: 1838, signal 144622/174571 (executing program) 1970/01/01 00:08:39 fetching corpus: 1888, signal 145924/176275 (executing program) 1970/01/01 00:08:42 fetching corpus: 1938, signal 147497/178105 (executing program) 1970/01/01 00:08:45 fetching corpus: 1988, signal 149147/179946 (executing program) 1970/01/01 00:08:47 fetching corpus: 2038, signal 150616/181641 (executing program) 1970/01/01 00:08:49 fetching corpus: 2088, signal 151671/183078 (executing program) 1970/01/01 00:08:52 fetching corpus: 2138, signal 152762/184516 (executing program) 1970/01/01 00:08:55 fetching corpus: 2188, signal 153830/185912 (executing program) 1970/01/01 00:08:56 fetching corpus: 2236, signal 154999/187324 (executing program) 1970/01/01 00:08:59 fetching corpus: 2286, signal 155863/188542 (executing program) 1970/01/01 00:09:02 fetching corpus: 2336, signal 157209/190068 (executing program) 1970/01/01 00:09:04 fetching corpus: 2386, signal 158033/191287 (executing program) 1970/01/01 00:09:07 fetching corpus: 2436, signal 159322/192704 (executing program) 1970/01/01 00:09:09 fetching corpus: 2486, signal 160533/194074 (executing program) 1970/01/01 00:09:11 fetching corpus: 2536, signal 161593/195369 (executing program) 1970/01/01 00:09:14 fetching corpus: 2586, signal 162706/196569 (executing program) 1970/01/01 00:09:17 fetching corpus: 2636, signal 163859/197830 (executing program) 1970/01/01 00:09:19 fetching corpus: 2686, signal 164732/198895 (executing program) 1970/01/01 00:09:22 fetching corpus: 2736, signal 165787/200106 (executing program) 1970/01/01 00:09:25 fetching corpus: 2786, signal 166517/201075 (executing program) 1970/01/01 00:09:27 fetching corpus: 2836, signal 167368/202129 (executing program) 1970/01/01 00:09:29 fetching corpus: 2886, signal 168079/203088 (executing program) 1970/01/01 00:09:31 fetching corpus: 2936, signal 168973/204159 (executing program) 1970/01/01 00:09:34 fetching corpus: 2986, signal 169869/205210 (executing program) 1970/01/01 00:09:38 fetching corpus: 3036, signal 170649/206131 (executing program) 1970/01/01 00:09:41 fetching corpus: 3086, signal 171492/207134 (executing program) 1970/01/01 00:09:45 fetching corpus: 3136, signal 172516/208171 (executing program) 1970/01/01 00:09:48 fetching corpus: 3186, signal 173527/209168 (executing program) 1970/01/01 00:09:50 fetching corpus: 3236, signal 174314/210072 (executing program) 1970/01/01 00:09:53 fetching corpus: 3286, signal 175088/210947 (executing program) 1970/01/01 00:09:56 fetching corpus: 3336, signal 176038/211911 (executing program) 1970/01/01 00:09:58 fetching corpus: 3386, signal 176674/212703 (executing program) 1970/01/01 00:10:03 fetching corpus: 3435, signal 177365/213532 (executing program) 1970/01/01 00:10:05 fetching corpus: 3483, signal 178148/214363 (executing program) 1970/01/01 00:10:09 fetching corpus: 3533, signal 178630/215055 (executing program) 1970/01/01 00:10:13 fetching corpus: 3583, signal 179545/215930 (executing program) 1970/01/01 00:10:17 fetching corpus: 3632, signal 180208/216654 (executing program) 1970/01/01 00:10:20 fetching corpus: 3682, signal 180796/217400 (executing program) 1970/01/01 00:10:23 fetching corpus: 3732, signal 181808/218243 (executing program) 1970/01/01 00:10:25 fetching corpus: 3782, signal 182556/218986 (executing program) 1970/01/01 00:10:28 fetching corpus: 3830, signal 183176/219665 (executing program) 1970/01/01 00:10:32 fetching corpus: 3880, signal 183896/220394 (executing program) 1970/01/01 00:10:34 fetching corpus: 3930, signal 184690/221135 (executing program) 1970/01/01 00:10:36 fetching corpus: 3979, signal 185419/221819 (executing program) 1970/01/01 00:10:38 fetching corpus: 4029, signal 186244/222523 (executing program) 1970/01/01 00:10:42 fetching corpus: 4079, signal 186977/223172 (executing program) 1970/01/01 00:10:44 fetching corpus: 4128, signal 187843/223897 (executing program) 1970/01/01 00:10:47 fetching corpus: 4178, signal 188531/224504 (executing program) 1970/01/01 00:10:49 fetching corpus: 4228, signal 189019/225058 (executing program) 1970/01/01 00:10:52 fetching corpus: 4278, signal 189926/225719 (executing program) 1970/01/01 00:10:55 fetching corpus: 4328, signal 190542/226301 (executing program) 1970/01/01 00:10:57 fetching corpus: 4377, signal 191215/226900 (executing program) 1970/01/01 00:10:59 fetching corpus: 4426, signal 191821/227474 (executing program) 1970/01/01 00:11:01 fetching corpus: 4476, signal 192260/227933 (executing program) 1970/01/01 00:11:04 fetching corpus: 4526, signal 192974/228445 (executing program) 1970/01/01 00:11:07 fetching corpus: 4576, signal 193614/228982 (executing program) 1970/01/01 00:11:10 fetching corpus: 4625, signal 194269/229485 (executing program) 1970/01/01 00:11:12 fetching corpus: 4675, signal 195017/230009 (executing program) 1970/01/01 00:11:14 fetching corpus: 4725, signal 195872/230526 (executing program) 1970/01/01 00:11:18 fetching corpus: 4774, signal 196537/231013 (executing program) 1970/01/01 00:11:21 fetching corpus: 4823, signal 197472/231544 (executing program) 1970/01/01 00:11:24 fetching corpus: 4873, signal 198605/232129 (executing program) 1970/01/01 00:11:26 fetching corpus: 4923, signal 199082/232515 (executing program) 1970/01/01 00:11:28 fetching corpus: 4973, signal 199669/232958 (executing program) 1970/01/01 00:11:32 fetching corpus: 5023, signal 200250/233370 (executing program) 1970/01/01 00:11:34 fetching corpus: 5073, signal 200842/233747 (executing program) 1970/01/01 00:11:37 fetching corpus: 5123, signal 201531/234133 (executing program) 1970/01/01 00:11:40 fetching corpus: 5173, signal 202108/234535 (executing program) 1970/01/01 00:11:42 fetching corpus: 5223, signal 202587/234908 (executing program) 1970/01/01 00:11:44 fetching corpus: 5271, signal 203144/235294 (executing program) 1970/01/01 00:11:47 fetching corpus: 5321, signal 203677/235648 (executing program) 1970/01/01 00:11:49 fetching corpus: 5371, signal 204208/235990 (executing program) 1970/01/01 00:11:51 fetching corpus: 5421, signal 204648/236299 (executing program) 1970/01/01 00:11:54 fetching corpus: 5471, signal 205886/236705 (executing program) 1970/01/01 00:11:57 fetching corpus: 5521, signal 206329/237032 (executing program) 1970/01/01 00:11:59 fetching corpus: 5571, signal 206905/237328 (executing program) 1970/01/01 00:12:02 fetching corpus: 5621, signal 207360/237612 (executing program) 1970/01/01 00:12:04 fetching corpus: 5671, signal 207817/237875 (executing program) 1970/01/01 00:12:06 fetching corpus: 5721, signal 208300/238154 (executing program) 1970/01/01 00:12:10 fetching corpus: 5771, signal 209035/238422 (executing program) 1970/01/01 00:12:14 fetching corpus: 5821, signal 209633/238708 (executing program) 1970/01/01 00:12:18 fetching corpus: 5871, signal 210298/238993 (executing program) 1970/01/01 00:12:21 fetching corpus: 5920, signal 210815/239179 (executing program) 1970/01/01 00:12:23 fetching corpus: 5970, signal 211478/239185 (executing program) 1970/01/01 00:12:26 fetching corpus: 6020, signal 211946/239185 (executing program) 1970/01/01 00:12:31 fetching corpus: 6070, signal 212448/239185 (executing program) 1970/01/01 00:12:34 fetching corpus: 6120, signal 212973/239187 (executing program) 1970/01/01 00:12:38 fetching corpus: 6169, signal 213402/239187 (executing program) 1970/01/01 00:12:42 fetching corpus: 6219, signal 213808/239197 (executing program) 1970/01/01 00:12:46 fetching corpus: 6269, signal 214304/239197 (executing program) 1970/01/01 00:12:48 fetching corpus: 6319, signal 214657/239229 (executing program) 1970/01/01 00:12:49 fetching corpus: 6369, signal 215228/239246 (executing program) 1970/01/01 00:12:51 fetching corpus: 6419, signal 215637/239246 (executing program) 1970/01/01 00:12:53 fetching corpus: 6469, signal 216097/239246 (executing program) 1970/01/01 00:12:56 fetching corpus: 6519, signal 216755/239246 (executing program) 1970/01/01 00:12:59 fetching corpus: 6569, signal 217237/239256 (executing program) 1970/01/01 00:13:02 fetching corpus: 6619, signal 217600/239256 (executing program) 1970/01/01 00:13:05 fetching corpus: 6669, signal 218038/239256 (executing program) 1970/01/01 00:13:07 fetching corpus: 6719, signal 218506/239258 (executing program) 1970/01/01 00:13:10 fetching corpus: 6769, signal 219056/239263 (executing program) 1970/01/01 00:13:12 fetching corpus: 6819, signal 219477/239263 (executing program) 1970/01/01 00:13:15 fetching corpus: 6869, signal 219983/239263 (executing program) 1970/01/01 00:13:18 fetching corpus: 6919, signal 220384/239266 (executing program) 1970/01/01 00:13:21 fetching corpus: 6967, signal 221070/239266 (executing program) 1970/01/01 00:13:23 fetching corpus: 7016, signal 221379/239266 (executing program) 1970/01/01 00:13:24 fetching corpus: 7066, signal 221760/239275 (executing program) 1970/01/01 00:13:27 fetching corpus: 7116, signal 222264/239275 (executing program) 1970/01/01 00:13:29 fetching corpus: 7166, signal 222614/239275 (executing program) 1970/01/01 00:13:32 fetching corpus: 7216, signal 223025/239276 (executing program) 1970/01/01 00:13:35 fetching corpus: 7265, signal 223411/239276 (executing program) 1970/01/01 00:13:38 fetching corpus: 7314, signal 223873/239276 (executing program) 1970/01/01 00:13:40 fetching corpus: 7364, signal 224302/239285 (executing program) 1970/01/01 00:13:42 fetching corpus: 7414, signal 224707/239291 (executing program) 1970/01/01 00:13:44 fetching corpus: 7464, signal 225158/239295 (executing program) 1970/01/01 00:13:45 fetching corpus: 7514, signal 225422/239295 (executing program) 1970/01/01 00:13:48 fetching corpus: 7564, signal 225861/239295 (executing program) 1970/01/01 00:13:50 fetching corpus: 7614, signal 226276/239295 (executing program) 1970/01/01 00:13:53 fetching corpus: 7664, signal 226641/239313 (executing program) 1970/01/01 00:13:55 fetching corpus: 7712, signal 227146/239313 (executing program) 1970/01/01 00:13:56 fetching corpus: 7762, signal 227571/239313 (executing program) 1970/01/01 00:13:58 fetching corpus: 7812, signal 227861/239313 (executing program) 1970/01/01 00:14:01 fetching corpus: 7861, signal 228331/239314 (executing program) 1970/01/01 00:14:03 fetching corpus: 7911, signal 228701/239319 (executing program) 1970/01/01 00:14:07 fetching corpus: 7961, signal 229211/239319 (executing program) 1970/01/01 00:14:10 fetching corpus: 8011, signal 229599/239333 (executing program) 1970/01/01 00:14:13 fetching corpus: 8060, signal 229935/239333 (executing program) 1970/01/01 00:14:15 fetching corpus: 8110, signal 230314/239333 (executing program) 1970/01/01 00:14:17 fetching corpus: 8160, signal 230659/239344 (executing program) 1970/01/01 00:14:19 fetching corpus: 8210, signal 231110/239353 (executing program) 1970/01/01 00:14:22 fetching corpus: 8260, signal 231513/239353 (executing program) 1970/01/01 00:14:26 fetching corpus: 8310, signal 232020/239353 (executing program) 1970/01/01 00:14:29 fetching corpus: 8360, signal 232372/239356 (executing program) 1970/01/01 00:14:31 fetching corpus: 8410, signal 232732/239356 (executing program) 1970/01/01 00:14:34 fetching corpus: 8460, signal 233094/239356 (executing program) 1970/01/01 00:14:36 fetching corpus: 8509, signal 233481/239365 (executing program) 1970/01/01 00:14:38 fetching corpus: 8559, signal 233980/239371 (executing program) 1970/01/01 00:14:42 fetching corpus: 8609, signal 234341/239371 (executing program) 1970/01/01 00:14:44 fetching corpus: 8659, signal 234744/239373 (executing program) 1970/01/01 00:14:50 fetching corpus: 8709, signal 235129/239373 (executing program) 1970/01/01 00:14:53 fetching corpus: 8759, signal 235480/239379 (executing program) 1970/01/01 00:14:55 fetching corpus: 8809, signal 235855/239391 (executing program) 1970/01/01 00:14:58 fetching corpus: 8859, signal 236259/239391 (executing program) 1970/01/01 00:14:59 fetching corpus: 8909, signal 236550/239391 (executing program) 1970/01/01 00:15:02 fetching corpus: 8959, signal 236866/239399 (executing program) 1970/01/01 00:15:04 fetching corpus: 9009, signal 237330/239400 (executing program) 1970/01/01 00:15:06 fetching corpus: 9041, signal 237487/239400 (executing program) 1970/01/01 00:15:06 fetching corpus: 9041, signal 237487/239400 (executing program) 1970/01/01 00:16:51 starting 2 fuzzer processes 00:16:51 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:16:51 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) write$binfmt_aout(r0, 0x0, 0x0) [ 1043.789063][ T2047] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1043.950584][ T2047] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1047.313133][ T2045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1047.470516][ T2045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1058.009553][ T2047] device hsr_slave_0 entered promiscuous mode [ 1058.080488][ T2047] device hsr_slave_1 entered promiscuous mode [ 1062.911786][ T2045] device hsr_slave_0 entered promiscuous mode [ 1062.978189][ T2045] device hsr_slave_1 entered promiscuous mode [ 1062.996798][ T2045] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1063.001389][ T2045] Cannot create hsr debugfs directory [ 1067.608025][ T2047] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1068.270235][ T2047] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1068.598261][ T2047] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1068.838083][ T2047] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1071.230895][ T2045] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1071.392936][ T2045] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1071.528784][ T2045] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1071.690048][ T2045] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1082.081440][ T2047] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1083.360061][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1083.453031][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1084.088083][ T2045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1085.676445][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1085.701740][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1092.913432][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1092.982284][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1093.007859][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1093.031819][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1093.200033][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1093.241261][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1094.083458][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1094.142027][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1094.711640][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1094.741415][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1094.782823][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1094.828699][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1095.052280][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1095.230748][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1095.293563][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1095.662848][ T2047] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1095.862501][ T2112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1096.941443][ T2395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1097.002206][ T2395] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1097.453632][ T2112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1097.497245][ T2112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1097.957493][ T2045] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1102.920603][ T2395] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1102.951143][ T2395] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1104.483707][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1104.509677][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1117.733851][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1117.821705][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1120.146225][ T2112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1120.240318][ T2112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1127.843143][ T2047] device veth0_vlan entered promiscuous mode [ 1128.677941][ T2047] device veth1_vlan entered promiscuous mode [ 1128.779160][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1128.879246][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1128.970694][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1129.156765][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1129.256553][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1131.398138][ T2395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1131.493529][ T2395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1131.850242][ T2047] device veth0_macvtap entered promiscuous mode [ 1132.333468][ T2047] device veth1_macvtap entered promiscuous mode [ 1132.560822][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1134.661590][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1134.741590][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1135.731023][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1135.840629][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1136.270351][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1136.363821][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1136.432461][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1136.499615][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1136.790205][ T2047] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1136.812082][ T2047] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1136.815581][ T2047] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1136.818285][ T2047] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1137.163525][ T2045] device veth0_vlan entered promiscuous mode [ 1138.515324][ T2045] device veth1_vlan entered promiscuous mode [ 1141.462991][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1141.566996][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1141.966590][ T2045] device veth0_macvtap entered promiscuous mode [ 1142.453709][ T2045] device veth1_macvtap entered promiscuous mode [ 1143.453013][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1144.269119][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1144.320277][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1145.005490][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1145.093599][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1145.379899][ T2045] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1145.381682][ T2045] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1145.383185][ T2045] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1145.397427][ T2045] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:19:18 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) write$binfmt_aout(r0, 0x0, 0x0) 00:19:19 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:25 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) write$binfmt_aout(r0, 0x0, 0x0) 00:19:30 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) write$binfmt_aout(r0, 0x0, 0x0) 00:19:30 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:34 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:39 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:41 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:48 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:51 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:52 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:19:59 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) [ 1204.324639][ T2808] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 1204.343313][ T2808] [ 1204.344388][ T2808] ====================================================== [ 1204.345864][ T2808] WARNING: possible circular locking dependency detected [ 1204.346895][ T2808] 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Not tainted [ 1204.348154][ T2808] ------------------------------------------------------ [ 1204.349984][ T2808] syz-executor.1/2808 is trying to acquire lock: [ 1204.351135][ T2808] ffffffff84fc0408 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x28/0x58 [ 1204.354093][ T2808] [ 1204.354093][ T2808] but task is already holding lock: [ 1204.355148][ T2808] ffffaf8010fd5350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de [ 1204.357233][ T2808] [ 1204.357233][ T2808] which lock already depends on the new lock. [ 1204.357233][ T2808] [ 1204.358316][ T2808] [ 1204.358316][ T2808] the existing dependency chain (in reverse order) is: [ 1204.359367][ T2808] [ 1204.359367][ T2808] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 1204.361103][ T2808] lock_acquire.part.0+0x1d0/0x424 [ 1204.362307][ T2808] lock_acquire+0x54/0x6a [ 1204.363303][ T2808] __mutex_lock+0x114/0xade [ 1204.364765][ T2808] mutex_lock_nested+0x14/0x1c [ 1204.365931][ T2808] nci_start_poll+0x4de/0x6b8 [ 1204.366987][ T2808] nfc_start_poll+0x10c/0x1e8 [ 1204.368391][ T2808] nfc_genl_start_poll+0xfe/0x252 [ 1204.369640][ T2808] genl_family_rcv_msg_doit+0x19a/0x23c [ 1204.370971][ T2808] genl_rcv_msg+0x236/0x3ba [ 1204.372023][ T2808] netlink_rcv_skb+0xf8/0x2be [ 1204.372948][ T2808] genl_rcv+0x36/0x4c [ 1204.374144][ T2808] netlink_unicast+0x40e/0x5fe [ 1204.375140][ T2808] netlink_sendmsg+0x4e0/0x994 [ 1204.376130][ T2808] sock_sendmsg+0xa0/0xc4 [ 1204.377397][ T2808] ____sys_sendmsg+0x46e/0x484 [ 1204.378518][ T2808] ___sys_sendmsg+0x16c/0x1f6 [ 1204.379486][ T2808] __sys_sendmsg+0xba/0x150 [ 1204.380877][ T2808] sys_sendmsg+0x2c/0x3a [ 1204.382045][ T2808] ret_from_syscall+0x0/0x2 [ 1204.383485][ T2808] [ 1204.383485][ T2808] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 1204.385372][ T2808] lock_acquire.part.0+0x1d0/0x424 [ 1204.386883][ T2808] lock_acquire+0x54/0x6a [ 1204.388003][ T2808] __mutex_lock+0x114/0xade [ 1204.388996][ T2808] mutex_lock_nested+0x14/0x1c [ 1204.390069][ T2808] nfc_urelease_event_work+0x126/0x218 [ 1204.391174][ T2808] process_one_work+0x654/0xffe [ 1204.392128][ T2808] worker_thread+0x360/0x8fa [ 1204.393062][ T2808] kthread+0x19e/0x1fa [ 1204.395701][ T2808] ret_from_exception+0x0/0x10 [ 1204.398363][ T2808] [ 1204.398363][ T2808] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 1204.400841][ T2808] lock_acquire.part.0+0x1d0/0x424 [ 1204.401884][ T2808] lock_acquire+0x54/0x6a [ 1204.402796][ T2808] __mutex_lock+0x114/0xade [ 1204.403773][ T2808] mutex_lock_nested+0x14/0x1c [ 1204.404938][ T2808] nfc_register_device+0x44/0x29e [ 1204.405898][ T2808] nci_register_device+0x538/0x612 [ 1204.406876][ T2808] virtual_ncidev_open+0x82/0x12c [ 1204.407852][ T2808] misc_open+0x272/0x2c8 [ 1204.408785][ T2808] chrdev_open+0x1d4/0x478 [ 1204.409652][ T2808] do_dentry_open+0x2a4/0x7d4 [ 1204.410615][ T2808] vfs_open+0x52/0x5e [ 1204.412346][ T2808] path_openat+0x12b6/0x189e [ 1204.413228][ T2808] do_filp_open+0x10e/0x22a [ 1204.414478][ T2808] do_sys_openat2+0x174/0x31e [ 1204.415507][ T2808] sys_openat+0xdc/0x164 [ 1204.417218][ T2808] ret_from_syscall+0x0/0x2 [ 1204.419392][ T2808] [ 1204.419392][ T2808] -> #0 (nci_mutex){+.+.}-{3:3}: [ 1204.422266][ T2808] check_noncircular+0x1de/0x1fe [ 1204.423828][ T2808] __lock_acquire+0x19a4/0x333e [ 1204.426380][ T2808] lock_acquire.part.0+0x1d0/0x424 [ 1204.429034][ T2808] lock_acquire+0x54/0x6a [ 1204.430582][ T2808] __mutex_lock+0x114/0xade [ 1204.431388][ T2808] mutex_lock_nested+0x14/0x1c [ 1204.432376][ T2808] virtual_nci_close+0x28/0x58 [ 1204.433147][ T2808] nci_close_device+0x12e/0x1de [ 1204.433868][ T2808] nci_unregister_device+0x34/0x182 [ 1204.435161][ T2808] virtual_ncidev_close+0x9c/0xbc [ 1204.436188][ T2808] __fput+0x164/0x502 [ 1204.437061][ T2808] ____fput+0x1a/0x24 [ 1204.438289][ T2808] task_work_run+0xdc/0x154 [ 1204.439220][ T2808] do_notify_resume+0x894/0xa56 [ 1204.440167][ T2808] ret_from_exception+0x0/0x10 [ 1204.443534][ T2808] [ 1204.443534][ T2808] other info that might help us debug this: [ 1204.443534][ T2808] [ 1204.444687][ T2808] Chain exists of: [ 1204.444687][ T2808] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 1204.444687][ T2808] [ 1204.446773][ T2808] Possible unsafe locking scenario: [ 1204.446773][ T2808] [ 1204.447552][ T2808] CPU0 CPU1 [ 1204.448203][ T2808] ---- ---- [ 1204.448865][ T2808] lock(&ndev->req_lock); [ 1204.449791][ T2808] lock(&genl_data->genl_data_mutex); [ 1204.450920][ T2808] lock(&ndev->req_lock); [ 1204.452002][ T2808] lock(nci_mutex); [ 1204.452877][ T2808] [ 1204.452877][ T2808] *** DEADLOCK *** [ 1204.452877][ T2808] [ 1204.453768][ T2808] 1 lock held by syz-executor.1/2808: [ 1204.454579][ T2808] #0: ffffaf8010fd5350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de [ 1204.456743][ T2808] [ 1204.456743][ T2808] stack backtrace: [ 1204.457744][ T2808] CPU: 1 PID: 2808 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1204.468397][ T2808] Hardware name: riscv-virtio,qemu (DT) [ 1204.469830][ T2808] Call Trace: [ 1204.470589][ T2808] [] dump_backtrace+0x2e/0x3c [ 1204.471860][ T2808] [] show_stack+0x34/0x40 [ 1204.472857][ T2808] [] dump_stack_lvl+0xe4/0x150 [ 1204.474366][ T2808] [] dump_stack+0x1c/0x24 [ 1204.475609][ T2808] [] print_circular_bug+0x34e/0x3d8 [ 1204.477468][ T2808] [] check_noncircular+0x1de/0x1fe [ 1204.478586][ T2808] [] __lock_acquire+0x19a4/0x333e [ 1204.479687][ T2808] [] lock_acquire.part.0+0x1d0/0x424 [ 1204.480866][ T2808] [] lock_acquire+0x54/0x6a [ 1204.481918][ T2808] [] __mutex_lock+0x114/0xade [ 1204.483106][ T2808] [] mutex_lock_nested+0x14/0x1c [ 1204.484906][ T2808] [] virtual_nci_close+0x28/0x58 [ 1204.486030][ T2808] [] nci_close_device+0x12e/0x1de [ 1204.487135][ T2808] [] nci_unregister_device+0x34/0x182 [ 1204.488824][ T2808] [] virtual_ncidev_close+0x9c/0xbc [ 1204.490117][ T2808] [] __fput+0x164/0x502 [ 1204.491554][ T2808] [] ____fput+0x1a/0x24 [ 1204.492589][ T2808] [] task_work_run+0xdc/0x154 [ 1204.493661][ T2808] [] do_notify_resume+0x894/0xa56 [ 1204.495294][ T2808] [] ret_from_exception+0x0/0x10 00:20:03 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) write$binfmt_aout(r0, 0x0, 0x0) 00:20:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000000c0)={0x54, 0x12, 0x101, 0x0, 0x0, {}, [@INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0x4}]}, 0x54}}, 0x0) 00:20:05 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) write$binfmt_aout(r0, 0x0, 0x0) 00:20:05 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000000c0)={0x54, 0x12, 0x101, 0x0, 0x0, {}, [@INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0x4}]}, 0x54}}, 0x0) 00:20:06 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) write$binfmt_aout(r0, 0x0, 0x0) 00:20:07 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000000c0)={0x54, 0x12, 0x101, 0x0, 0x0, {}, [@INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0x4}]}, 0x54}}, 0x0) 00:20:07 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000000c0)={0x54, 0x12, 0x101, 0x0, 0x0, {}, [@INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0x4}]}, 0x54}}, 0x0) 00:20:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000000c0)={0x54, 0x12, 0x101, 0x0, 0x0, {}, [@INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0x4}]}, 0x54}}, 0x0) 00:20:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000000c0)={0x54, 0x12, 0x101, 0x0, 0x0, {}, [@INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0x4}]}, 0x54}}, 0x0) 00:20:09 executing program 1: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) 00:20:10 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000000c0)={0x54, 0x12, 0x101, 0x0, 0x0, {}, [@INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0x4}]}, 0x54}}, 0x0) [ 1211.972995][ T2842] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. 00:20:11 executing program 1: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) 00:20:12 executing program 0: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) [ 1213.743294][ T2846] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. 00:20:12 executing program 1: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) [ 1214.171460][ T2848] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'. 00:20:13 executing program 0: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) [ 1214.940735][ T2850] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. 00:20:13 executing program 1: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) [ 1215.186454][ T2852] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'. 00:20:14 executing program 0: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) [ 1216.073724][ T2854] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1216.111560][ T2856] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'. 00:20:15 executing program 0: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) 00:20:16 executing program 1: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) [ 1217.510886][ T2858] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1217.610475][ T2860] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. 00:20:16 executing program 1: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) 00:20:16 executing program 0: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) [ 1218.597971][ T2862] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1219.009467][ T2864] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'. 00:20:17 executing program 1: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) 00:20:18 executing program 0: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) [ 1219.938592][ T2867] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1220.441193][ T2868] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'. 00:20:19 executing program 1: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) [ 1221.053323][ T2870] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. 00:20:20 executing program 0: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) 00:20:20 executing program 1: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) [ 1221.746431][ T2872] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'. 00:20:21 executing program 0: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) [ 1222.283625][ T2874] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1222.364892][ C0] hrtimer: interrupt took 605400 ns 00:20:21 executing program 1: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) [ 1223.091206][ T2876] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1223.259115][ T2878] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'. 00:20:22 executing program 0: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0xa, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) 00:20:22 executing program 1: r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x8, 0x3, 0x340, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2a8, 0xffffffff, 0xffffffff, 0x2a8, 0xffffffff, 0x3, 0x0, {[{{@ip={@dev, @remote, 0x0, 0x0, '\x00', 'veth0_to_bridge\x00'}, 0x0, 0x1f0, 0x210, 0x0, {}, [@common=@inet=@policy={{0x158}, {[{@ipv6=@private2, [], @ipv4=@local}, {@ipv4=@multicast1, [], @ipv6=@rand_addr=' \x01\x00'}, {@ipv4, [], @ipv6=@private1}, {@ipv6=@mcast1, [], @ipv6=@local}], 0xe}}, @inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a0) [ 1224.280655][ T2881] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1224.371230][ T2882] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING 00:20:23 executing program 1: r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x8, 0x3, 0x340, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2a8, 0xffffffff, 0xffffffff, 0x2a8, 0xffffffff, 0x3, 0x0, {[{{@ip={@dev, @remote, 0x0, 0x0, '\x00', 'veth0_to_bridge\x00'}, 0x0, 0x1f0, 0x210, 0x0, {}, [@common=@inet=@policy={{0x158}, {[{@ipv6=@private2, [], @ipv4=@local}, {@ipv4=@multicast1, [], @ipv6=@rand_addr=' \x01\x00'}, {@ipv4, [], @ipv6=@private1}, {@ipv6=@mcast1, [], @ipv6=@local}], 0xe}}, @inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a0) 00:20:24 executing program 0: r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x8, 0x3, 0x340, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2a8, 0xffffffff, 0xffffffff, 0x2a8, 0xffffffff, 0x3, 0x0, {[{{@ip={@dev, @remote, 0x0, 0x0, '\x00', 'veth0_to_bridge\x00'}, 0x0, 0x1f0, 0x210, 0x0, {}, [@common=@inet=@policy={{0x158}, {[{@ipv6=@private2, [], @ipv4=@local}, {@ipv4=@multicast1, [], @ipv6=@rand_addr=' \x01\x00'}, {@ipv4, [], @ipv6=@private1}, {@ipv6=@mcast1, [], @ipv6=@local}], 0xe}}, @inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a0) [ 1225.356098][ T2884] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1225.756101][ T2886] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING 00:20:24 executing program 1: r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x8, 0x3, 0x340, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2a8, 0xffffffff, 0xffffffff, 0x2a8, 0xffffffff, 0x3, 0x0, {[{{@ip={@dev, @remote, 0x0, 0x0, '\x00', 'veth0_to_bridge\x00'}, 0x0, 0x1f0, 0x210, 0x0, {}, [@common=@inet=@policy={{0x158}, {[{@ipv6=@private2, [], @ipv4=@local}, {@ipv4=@multicast1, [], @ipv6=@rand_addr=' \x01\x00'}, {@ipv4, [], @ipv6=@private1}, {@ipv6=@mcast1, [], @ipv6=@local}], 0xe}}, @inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a0) 00:20:25 executing program 0: r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x8, 0x3, 0x340, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2a8, 0xffffffff, 0xffffffff, 0x2a8, 0xffffffff, 0x3, 0x0, {[{{@ip={@dev, @remote, 0x0, 0x0, '\x00', 'veth0_to_bridge\x00'}, 0x0, 0x1f0, 0x210, 0x0, {}, [@common=@inet=@policy={{0x158}, {[{@ipv6=@private2, [], @ipv4=@local}, {@ipv4=@multicast1, [], @ipv6=@rand_addr=' \x01\x00'}, {@ipv4, [], @ipv6=@private1}, {@ipv6=@mcast1, [], @ipv6=@local}], 0xe}}, @inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a0) [ 1226.388884][ T2888] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING 00:20:25 executing program 1: r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x8, 0x3, 0x340, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2a8, 0xffffffff, 0xffffffff, 0x2a8, 0xffffffff, 0x3, 0x0, {[{{@ip={@dev, @remote, 0x0, 0x0, '\x00', 'veth0_to_bridge\x00'}, 0x0, 0x1f0, 0x210, 0x0, {}, [@common=@inet=@policy={{0x158}, {[{@ipv6=@private2, [], @ipv4=@local}, {@ipv4=@multicast1, [], @ipv6=@rand_addr=' \x01\x00'}, {@ipv4, [], @ipv6=@private1}, {@ipv6=@mcast1, [], @ipv6=@local}], 0xe}}, @inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a0) [ 1226.927167][ T2890] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING 00:20:26 executing program 0: r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x8, 0x3, 0x340, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2a8, 0xffffffff, 0xffffffff, 0x2a8, 0xffffffff, 0x3, 0x0, {[{{@ip={@dev, @remote, 0x0, 0x0, '\x00', 'veth0_to_bridge\x00'}, 0x0, 0x1f0, 0x210, 0x0, {}, [@common=@inet=@policy={{0x158}, {[{@ipv6=@private2, [], @ipv4=@local}, {@ipv4=@multicast1, [], @ipv6=@rand_addr=' \x01\x00'}, {@ipv4, [], @ipv6=@private1}, {@ipv6=@mcast1, [], @ipv6=@local}], 0xe}}, @inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a0) [ 1227.392385][ T2892] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1228.345285][ T2894] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING 00:20:27 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000001c0)={{0x7, 0x4, 0xfff, 0x8000, 'syz0\x00', 0x2}, 0x1, 0x0, 0x1, r1, 0x1, 0x2, 'syz0\x00', &(0x7f0000000180)=[':\x00'], 0x2}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/tcp6\x00') ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r2, 0xc0045540, &(0x7f0000000080)=0xfffffffc) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f00000000c0)=ANY=[@ANYBLOB="00fbff00bfffffffff00004000000000"]) io_setup(0x5, &(0x7f0000001500)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) io_submit(r3, 0x2, &(0x7f0000000b00)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0}, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0xfffffffffffffffd}]) 00:20:28 executing program 0: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x800000000000, 0x0, 0x10, r0, 0x0) 00:20:28 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000001c0)={{0x7, 0x4, 0xfff, 0x8000, 'syz0\x00', 0x2}, 0x1, 0x0, 0x1, r1, 0x1, 0x2, 'syz0\x00', &(0x7f0000000180)=[':\x00'], 0x2}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/tcp6\x00') ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r2, 0xc0045540, &(0x7f0000000080)=0xfffffffc) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f00000000c0)=ANY=[@ANYBLOB="00fbff00bfffffffff00004000000000"]) io_setup(0x5, &(0x7f0000001500)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) io_submit(r3, 0x2, &(0x7f0000000b00)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0}, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0xfffffffffffffffd}]) 00:20:29 executing program 0: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x800000000000, 0x0, 0x10, r0, 0x0) 00:20:29 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000001c0)={{0x7, 0x4, 0xfff, 0x8000, 'syz0\x00', 0x2}, 0x1, 0x0, 0x1, r1, 0x1, 0x2, 'syz0\x00', &(0x7f0000000180)=[':\x00'], 0x2}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/tcp6\x00') ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r2, 0xc0045540, &(0x7f0000000080)=0xfffffffc) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f00000000c0)=ANY=[@ANYBLOB="00fbff00bfffffffff00004000000000"]) io_setup(0x5, &(0x7f0000001500)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) io_submit(r3, 0x2, &(0x7f0000000b00)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0}, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0xfffffffffffffffd}]) 00:20:30 executing program 0: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x800000000000, 0x0, 0x10, r0, 0x0) 00:20:31 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000001c0)={{0x7, 0x4, 0xfff, 0x8000, 'syz0\x00', 0x2}, 0x1, 0x0, 0x1, r1, 0x1, 0x2, 'syz0\x00', &(0x7f0000000180)=[':\x00'], 0x2}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/tcp6\x00') ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r2, 0xc0045540, &(0x7f0000000080)=0xfffffffc) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f00000000c0)=ANY=[@ANYBLOB="00fbff00bfffffffff00004000000000"]) io_setup(0x5, &(0x7f0000001500)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) io_submit(r3, 0x2, &(0x7f0000000b00)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0}, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0xfffffffffffffffd}]) 00:20:31 executing program 0: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x800000000000, 0x0, 0x10, r0, 0x0) 00:20:32 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x800000000000, 0x0, 0x10, r0, 0x0) 00:20:32 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000001c0)={{0x7, 0x4, 0xfff, 0x8000, 'syz0\x00', 0x2}, 0x1, 0x0, 0x1, r1, 0x1, 0x2, 'syz0\x00', &(0x7f0000000180)=[':\x00'], 0x2}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/tcp6\x00') ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r2, 0xc0045540, &(0x7f0000000080)=0xfffffffc) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f00000000c0)=ANY=[@ANYBLOB="00fbff00bfffffffff00004000000000"]) io_setup(0x5, &(0x7f0000001500)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) io_submit(r3, 0x2, &(0x7f0000000b00)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0}, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0xfffffffffffffffd}]) VM DIAGNOSIS: 20:11:35 Registers: info registers vcpu 0 pc ffffffff800c2e66 mhartid 0000000000000000 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff803d1ec8 sepc ffffffff803d1ec8 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff800c2e5c x2/sp ffffaf800ecb7250 x3/gp ffffffff85863ac0 x4/tp ffffaf800eda3080 x5/t0 0000000000046000 x6/t1 fffff5ef021fd828 x7/t2 00007fffc32701b7 x8/s0 ffffaf800ecb72a0 x9/s1 ffffaf800eda3080 x10/a0 ffffffff8586fd20 x11/a1 0000000000000003 x12/a2 1ffffffff0b0dfa4 x13/a3 ffffffff800c2e5c x14/a4 0000000000000004 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffaf8010fec147 x18/s2 ffffaf805a9d8c80 x19/s3 ffffaf805a9d9c80 x20/s4 ffffaf8009b99840 x21/s5 ffffaf805a9d9698 x22/s6 ffffffff8465b2d0 x23/s7 0000000000000000 x24/s8 0000000000000009 x25/s9 ffffaf805a9d8c98 x26/s10 ffffaf8009b99860 x27/s11 ffffffff86c1a620 x28/t3 000000007fffffff x29/t4 fffff5ef021fd828 x30/t5 fffff5ef021fd829 x31/t6 0000000000040000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff802010c8 mhartid 0000000000000001 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475986 sepc ffffffff831afd22 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80c2bfd0 x2/sp ffffaf8021f96b00 x3/gp ffffffff85863ac0 x4/tp ffffaf8009d23080 x5/t0 ffffffff86bdaa50 x6/t1 fffff5ef043f2d88 x7/t2 0000000000000000 x8/s0 ffffaf8021f96d40 x9/s1 ffffaf8009d23080 x10/a0 0000000000000000 x11/a1 0000000000000003 x12/a2 0000000000000002 x13/a3 ffffffff80c2c824 x14/a4 0000000000000003 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffaf8021f96c47 x18/s2 ffffffff8362ff85 x19/s3 ffffaf8021f96da0 x20/s4 ffffaf8021f96cc0 x21/s5 ffffffff8362ff85 x22/s6 ffffaf8021f96f28 x23/s7 1ffff5f0043f2d8c x24/s8 ffffffff85889780 x25/s9 0000000000000009 x26/s10 0000000000ffffff x27/s11 ffffaf8021f96da0 x28/t3 1ffff5f0043f2dd0 x29/t4 fffff5ef043f2db4 x30/t5 fffff5ef043f2db5 x31/t6 ffffaf8021f97097 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000