syzkaller login: [  478.543008][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  488.376157][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  488.428562][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  505.669667][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:46666' (ECDSA) to the list of known hosts.
1970/01/01 00:09:46 fuzzer started
1970/01/01 00:09:58 dialing manager at localhost:42307
[  606.006053][ T2032] cgroup: Unknown subsys name 'net'
[  607.034927][ T2032] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:10:06 syscalls: 2918
1970/01/01 00:10:06 code coverage: enabled
1970/01/01 00:10:06 comparison tracing: enabled
1970/01/01 00:10:06 extra coverage: enabled
1970/01/01 00:10:06 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:10:06 setuid sandbox: enabled
1970/01/01 00:10:06 namespace sandbox: enabled
1970/01/01 00:10:06 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:10:06 fault injection: enabled
1970/01/01 00:10:06 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:10:06 net packet injection: enabled
1970/01/01 00:10:06 net device setup: enabled
1970/01/01 00:10:06 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:10:06 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:10:06 NIC VF setup: PCI device 0000:00:11.0 is not available
1970/01/01 00:10:06 USB emulation: enabled
1970/01/01 00:10:06 hci packet injection: /dev/vhci does not exist
1970/01/01 00:10:06 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:10:06 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:10:07 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:10:11 fetching corpus: 50, signal 22996/26490 (executing program)
1970/01/01 00:10:15 fetching corpus: 98, signal 38134/42891 (executing program)
1970/01/01 00:10:19 fetching corpus: 147, signal 48868/54758 (executing program)
1970/01/01 00:10:23 fetching corpus: 197, signal 56603/63526 (executing program)
1970/01/01 00:10:25 fetching corpus: 246, signal 64845/72560 (executing program)
1970/01/01 00:10:29 fetching corpus: 296, signal 69785/78422 (executing program)
1970/01/01 00:10:30 fetching corpus: 346, signal 76835/86167 (executing program)
1970/01/01 00:10:34 fetching corpus: 395, signal 83054/92938 (executing program)
1970/01/01 00:10:37 fetching corpus: 442, signal 87781/98206 (executing program)
1970/01/01 00:10:40 fetching corpus: 490, signal 92511/103492 (executing program)
1970/01/01 00:10:43 fetching corpus: 540, signal 96485/107950 (executing program)
1970/01/01 00:10:46 fetching corpus: 590, signal 99572/111538 (executing program)
1970/01/01 00:10:49 fetching corpus: 640, signal 103085/115448 (executing program)
1970/01/01 00:10:53 fetching corpus: 690, signal 106057/118867 (executing program)
1970/01/01 00:10:57 fetching corpus: 739, signal 108246/121529 (executing program)
1970/01/01 00:10:59 fetching corpus: 787, signal 110686/124321 (executing program)
1970/01/01 00:11:02 fetching corpus: 836, signal 113132/127119 (executing program)
1970/01/01 00:11:05 fetching corpus: 886, signal 115471/129790 (executing program)
1970/01/01 00:11:07 fetching corpus: 936, signal 117263/131959 (executing program)
1970/01/01 00:11:08 fetching corpus: 986, signal 119705/134573 (executing program)
1970/01/01 00:11:11 fetching corpus: 1036, signal 120960/136229 (executing program)
1970/01/01 00:11:13 fetching corpus: 1085, signal 122529/138071 (executing program)
1970/01/01 00:11:16 fetching corpus: 1134, signal 124332/140070 (executing program)
1970/01/01 00:11:18 fetching corpus: 1181, signal 125394/141461 (executing program)
1970/01/01 00:11:22 fetching corpus: 1229, signal 128317/144153 (executing program)
1970/01/01 00:11:26 fetching corpus: 1278, signal 130041/145989 (executing program)
1970/01/01 00:11:30 fetching corpus: 1328, signal 131417/147529 (executing program)
1970/01/01 00:11:32 fetching corpus: 1378, signal 132873/149131 (executing program)
1970/01/01 00:11:36 fetching corpus: 1428, signal 133852/150321 (executing program)
1970/01/01 00:11:39 fetching corpus: 1476, signal 135361/151922 (executing program)
1970/01/01 00:11:42 fetching corpus: 1525, signal 136692/153300 (executing program)
1970/01/01 00:11:45 fetching corpus: 1573, signal 137815/154521 (executing program)
1970/01/01 00:11:47 fetching corpus: 1623, signal 139510/156106 (executing program)
1970/01/01 00:11:50 fetching corpus: 1673, signal 140888/157461 (executing program)
1970/01/01 00:11:52 fetching corpus: 1723, signal 142238/158756 (executing program)
1970/01/01 00:11:56 fetching corpus: 1773, signal 144254/160461 (executing program)
1970/01/01 00:11:59 fetching corpus: 1821, signal 145421/161648 (executing program)
1970/01/01 00:12:01 fetching corpus: 1870, signal 146612/162775 (executing program)
1970/01/01 00:12:04 fetching corpus: 1918, signal 147647/163796 (executing program)
1970/01/01 00:12:09 fetching corpus: 1968, signal 148693/164761 (executing program)
1970/01/01 00:12:11 fetching corpus: 2015, signal 150021/165928 (executing program)
1970/01/01 00:12:12 fetching corpus: 2064, signal 150890/166751 (executing program)
1970/01/01 00:12:15 fetching corpus: 2114, signal 151624/167498 (executing program)
1970/01/01 00:12:17 fetching corpus: 2162, signal 152524/168320 (executing program)
1970/01/01 00:12:19 fetching corpus: 2211, signal 153925/169443 (executing program)
1970/01/01 00:12:22 fetching corpus: 2260, signal 155133/170338 (executing program)
1970/01/01 00:12:25 fetching corpus: 2308, signal 156240/171208 (executing program)
1970/01/01 00:12:28 fetching corpus: 2358, signal 157038/171854 (executing program)
1970/01/01 00:12:31 fetching corpus: 2407, signal 157869/172564 (executing program)
1970/01/01 00:12:33 fetching corpus: 2456, signal 158836/173291 (executing program)
1970/01/01 00:12:36 fetching corpus: 2506, signal 161135/174567 (executing program)
1970/01/01 00:12:39 fetching corpus: 2556, signal 162038/175230 (executing program)
1970/01/01 00:12:42 fetching corpus: 2606, signal 162880/175856 (executing program)
1970/01/01 00:12:44 fetching corpus: 2656, signal 163721/176451 (executing program)
1970/01/01 00:12:47 fetching corpus: 2706, signal 164692/177077 (executing program)
1970/01/01 00:12:50 fetching corpus: 2756, signal 165633/177719 (executing program)
1970/01/01 00:12:55 fetching corpus: 2806, signal 166690/178316 (executing program)
1970/01/01 00:12:58 fetching corpus: 2856, signal 167438/178810 (executing program)
1970/01/01 00:13:01 fetching corpus: 2906, signal 168251/179311 (executing program)
1970/01/01 00:13:04 fetching corpus: 2956, signal 169161/179834 (executing program)
1970/01/01 00:13:07 fetching corpus: 3006, signal 169938/180277 (executing program)
1970/01/01 00:13:10 fetching corpus: 3053, signal 170572/180686 (executing program)
1970/01/01 00:13:13 fetching corpus: 3103, signal 171580/181166 (executing program)
1970/01/01 00:13:16 fetching corpus: 3152, signal 172785/181675 (executing program)
1970/01/01 00:13:18 fetching corpus: 3202, signal 173615/182033 (executing program)
1970/01/01 00:13:21 fetching corpus: 3252, signal 174337/182391 (executing program)
1970/01/01 00:13:25 fetching corpus: 3302, signal 175108/182733 (executing program)
1970/01/01 00:13:28 fetching corpus: 3351, signal 176019/183098 (executing program)
1970/01/01 00:13:31 fetching corpus: 3401, signal 177095/183470 (executing program)
1970/01/01 00:13:34 fetching corpus: 3451, signal 178150/183857 (executing program)
1970/01/01 00:13:36 fetching corpus: 3499, signal 179025/184140 (executing program)
1970/01/01 00:13:39 fetching corpus: 3549, signal 179682/184370 (executing program)
1970/01/01 00:13:43 fetching corpus: 3597, signal 180224/184554 (executing program)
1970/01/01 00:13:46 fetching corpus: 3646, signal 180903/184724 (executing program)
1970/01/01 00:13:50 fetching corpus: 3696, signal 181498/184890 (executing program)
1970/01/01 00:13:53 fetching corpus: 3743, signal 182565/185143 (executing program)
1970/01/01 00:13:54 fetching corpus: 3769, signal 183049/185277 (executing program)
1970/01/01 00:13:54 fetching corpus: 3769, signal 183049/185304 (executing program)
1970/01/01 00:13:55 fetching corpus: 3769, signal 183049/185343 (executing program)
1970/01/01 00:13:55 fetching corpus: 3769, signal 183049/185384 (executing program)
1970/01/01 00:13:55 fetching corpus: 3769, signal 183049/185413 (executing program)
1970/01/01 00:13:55 fetching corpus: 3769, signal 183049/185452 (executing program)
1970/01/01 00:13:55 fetching corpus: 3769, signal 183049/185479 (executing program)
1970/01/01 00:13:56 fetching corpus: 3769, signal 183049/185518 (executing program)
1970/01/01 00:13:56 fetching corpus: 3769, signal 183049/185550 (executing program)
1970/01/01 00:13:56 fetching corpus: 3769, signal 183049/185584 (executing program)
1970/01/01 00:13:56 fetching corpus: 3769, signal 183049/185618 (executing program)
1970/01/01 00:13:56 fetching corpus: 3769, signal 183049/185658 (executing program)
1970/01/01 00:13:56 fetching corpus: 3769, signal 183049/185704 (executing program)
1970/01/01 00:13:56 fetching corpus: 3769, signal 183049/185735 (executing program)
1970/01/01 00:13:56 fetching corpus: 3769, signal 183049/185778 (executing program)
1970/01/01 00:13:57 fetching corpus: 3769, signal 183049/185817 (executing program)
1970/01/01 00:13:57 fetching corpus: 3769, signal 183049/185817 (executing program)
1970/01/01 00:16:11 starting 2 fuzzer processes
00:16:11 executing program 0:
r0 = add_key$fscrypt_provisioning(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)={0x1, 0x0, @a}, 0x48, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x0)
keyctl$read(0x11, r0, 0x0, 0x0)

00:16:11 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
read$nci(r0, &(0x7f0000000200)=""/100, 0x64)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r0, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r0, &(0x7f0000000380)=""/100, 0x64)
write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r0, &(0x7f0000000500)=""/100, 0x64)
write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f0000000680)=""/100, 0x64)
write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r0, &(0x7f0000000840)=""/100, 0x64)
write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)

[ 1003.129211][ T2040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1003.263583][ T2040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1005.425650][ T2041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1005.525743][ T2041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1015.998709][ T2040] device hsr_slave_0 entered promiscuous mode
[ 1016.039032][ T2040] device hsr_slave_1 entered promiscuous mode
[ 1020.887715][ T2041] device hsr_slave_0 entered promiscuous mode
[ 1020.946458][ T2041] device hsr_slave_1 entered promiscuous mode
[ 1020.983665][ T2041] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1020.988207][ T2041] Cannot create hsr debugfs directory
[ 1030.851631][ T2040] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1031.197468][ T2040] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1032.037093][ T2040] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1032.514404][ T2040] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1034.258427][ T2041] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1034.576757][ T2041] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1034.733749][ T2041] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1035.339593][ T2041] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1053.507710][ T2040] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1053.739741][ T2041] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1055.082349][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1055.199165][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1055.272604][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1055.329598][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1062.247292][ T2655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1062.294757][ T2655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1062.499596][ T2036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1062.538228][ T2036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1063.824509][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1063.878807][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1063.916489][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1063.957993][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1063.998826][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1064.037497][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1064.086792][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1064.324957][ T2068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1065.549040][ T2068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1065.626849][ T2068] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1065.659864][ T2068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1065.707533][ T2068] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1065.915541][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1066.048260][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1066.066032][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1066.662667][ T2068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1066.737153][ T2068] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1066.968339][ T2041] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1072.367402][ T2655] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1072.394990][ T2655] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1073.597914][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1073.605020][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1088.104969][ T2655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1088.169303][ T2655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1091.354871][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1091.425326][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1098.408989][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1098.516427][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1098.670049][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1098.794741][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1099.187199][ T2040] device veth0_vlan entered promiscuous mode
[ 1099.790030][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1099.875924][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1100.046770][ T2036] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1100.156938][ T2036] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1100.356455][ T2040] device veth1_vlan entered promiscuous mode
[ 1100.484032][ T2041] device veth0_vlan entered promiscuous mode
[ 1101.186023][ T2041] device veth1_vlan entered promiscuous mode
[ 1102.336494][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1102.392182][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1102.688374][ T2040] device veth0_macvtap entered promiscuous mode
[ 1103.186877][ T2040] device veth1_macvtap entered promiscuous mode
[ 1103.334465][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1103.404972][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1103.434959][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1103.621748][ T2041] device veth0_macvtap entered promiscuous mode
[ 1103.737997][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1104.172947][ T2041] device veth1_macvtap entered promiscuous mode
[ 1104.979103][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1105.059667][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1105.433819][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1105.496114][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1105.798044][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1105.827558][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1106.017607][ T2040] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.046215][ T2040] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.047795][ T2040] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.049276][ T2040] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.489888][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1106.528525][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1106.993849][ T2041] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.995188][ T2041] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.996267][ T2041] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.997323][ T2041] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
00:18:35 executing program 0:
r0 = add_key$fscrypt_provisioning(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)={0x1, 0x0, @a}, 0x48, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x0)
keyctl$read(0x11, r0, 0x0, 0x0)

00:18:39 executing program 0:
r0 = add_key$fscrypt_provisioning(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)={0x1, 0x0, @a}, 0x48, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x0)
keyctl$read(0x11, r0, 0x0, 0x0)

00:18:40 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
read$nci(r0, &(0x7f0000000200)=""/100, 0x64)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r0, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r0, &(0x7f0000000380)=""/100, 0x64)
write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r0, &(0x7f0000000500)=""/100, 0x64)
write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f0000000680)=""/100, 0x64)
write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r0, &(0x7f0000000840)=""/100, 0x64)
write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)

00:18:43 executing program 0:
r0 = add_key$fscrypt_provisioning(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)={0x1, 0x0, @a}, 0x48, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x0)
keyctl$read(0x11, r0, 0x0, 0x0)

00:18:47 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
read$nci(r0, &(0x7f0000000200)=""/100, 0x64)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r0, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r0, &(0x7f0000000380)=""/100, 0x64)
write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r0, &(0x7f0000000500)=""/100, 0x64)
write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f0000000680)=""/100, 0x64)
write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r0, &(0x7f0000000840)=""/100, 0x64)
write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)

[ 1132.184267][ T2755] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0
[ 1132.190175][ T2755] 
[ 1132.191127][ T2755] ======================================================
[ 1132.192004][ T2755] WARNING: possible circular locking dependency detected
[ 1132.193051][ T2755] 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Not tainted
[ 1132.194581][ T2755] ------------------------------------------------------
[ 1132.196355][ T2755] syz-executor.1/2755 is trying to acquire lock:
[ 1132.197378][ T2755] ffffffff84fc0408 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x28/0x58
[ 1132.200113][ T2755] 
[ 1132.200113][ T2755] but task is already holding lock:
[ 1132.202116][ T2755] ffffaf8022f60350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de
[ 1132.204456][ T2755] 
[ 1132.204456][ T2755] which lock already depends on the new lock.
[ 1132.204456][ T2755] 
[ 1132.205673][ T2755] 
[ 1132.205673][ T2755] the existing dependency chain (in reverse order) is:
[ 1132.206761][ T2755] 
[ 1132.206761][ T2755] -> #3 (&ndev->req_lock){+.+.}-{3:3}:
[ 1132.208500][ T2755]        lock_acquire.part.0+0x1d0/0x424
[ 1132.209764][ T2755]        lock_acquire+0x54/0x6a
[ 1132.211199][ T2755]        __mutex_lock+0x114/0xade
[ 1132.212510][ T2755]        mutex_lock_nested+0x14/0x1c
[ 1132.213747][ T2755]        nci_start_poll+0x4de/0x6b8
[ 1132.214821][ T2755]        nfc_start_poll+0x10c/0x1e8
[ 1132.215939][ T2755]        nfc_genl_start_poll+0xfe/0x252
[ 1132.217126][ T2755]        genl_family_rcv_msg_doit+0x19a/0x23c
[ 1132.218467][ T2755]        genl_rcv_msg+0x236/0x3ba
[ 1132.219481][ T2755]        netlink_rcv_skb+0xf8/0x2be
[ 1132.220882][ T2755]        genl_rcv+0x36/0x4c
[ 1132.221870][ T2755]        netlink_unicast+0x40e/0x5fe
[ 1132.223119][ T2755]        netlink_sendmsg+0x4e0/0x994
[ 1132.224356][ T2755]        sock_sendmsg+0xa0/0xc4
[ 1132.225409][ T2755]        ____sys_sendmsg+0x46e/0x484
[ 1132.226598][ T2755]        ___sys_sendmsg+0x16c/0x1f6
[ 1132.227932][ T2755]        __sys_sendmsg+0xba/0x150
[ 1132.229012][ T2755]        sys_sendmsg+0x2c/0x3a
[ 1132.230075][ T2755]        ret_from_syscall+0x0/0x2
[ 1132.231595][ T2755] 
[ 1132.231595][ T2755] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}:
[ 1132.233334][ T2755]        lock_acquire.part.0+0x1d0/0x424
[ 1132.235722][ T2755]        lock_acquire+0x54/0x6a
[ 1132.237919][ T2755]        __mutex_lock+0x114/0xade
[ 1132.239390][ T2755]        mutex_lock_nested+0x14/0x1c
[ 1132.241258][ T2755]        nfc_urelease_event_work+0x126/0x218
[ 1132.242422][ T2755]        process_one_work+0x654/0xffe
[ 1132.243426][ T2755]        worker_thread+0x360/0x8fa
[ 1132.244397][ T2755]        kthread+0x19e/0x1fa
[ 1132.245479][ T2755]        ret_from_exception+0x0/0x10
[ 1132.246584][ T2755] 
[ 1132.246584][ T2755] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}:
[ 1132.248272][ T2755]        lock_acquire.part.0+0x1d0/0x424
[ 1132.249931][ T2755]        lock_acquire+0x54/0x6a
[ 1132.251566][ T2755]        __mutex_lock+0x114/0xade
[ 1132.252832][ T2755]        mutex_lock_nested+0x14/0x1c
[ 1132.253886][ T2755]        nfc_register_device+0x44/0x29e
[ 1132.254951][ T2755]        nci_register_device+0x538/0x612
[ 1132.255878][ T2755]        virtual_ncidev_open+0x82/0x12c
[ 1132.256824][ T2755]        misc_open+0x272/0x2c8
[ 1132.258966][ T2755]        chrdev_open+0x1d4/0x478
[ 1132.259949][ T2755]        do_dentry_open+0x2a4/0x7d4
[ 1132.261118][ T2755]        vfs_open+0x52/0x5e
[ 1132.261936][ T2755]        path_openat+0x12b6/0x189e
[ 1132.262848][ T2755]        do_filp_open+0x10e/0x22a
[ 1132.263745][ T2755]        do_sys_openat2+0x174/0x31e
[ 1132.264759][ T2755]        sys_openat+0xdc/0x164
[ 1132.265707][ T2755]        ret_from_syscall+0x0/0x2
[ 1132.266677][ T2755] 
[ 1132.266677][ T2755] -> #0 (nci_mutex){+.+.}-{3:3}:
[ 1132.269949][ T2755]        check_noncircular+0x1de/0x1fe
[ 1132.271503][ T2755]        __lock_acquire+0x19a4/0x333e
[ 1132.272818][ T2755]        lock_acquire.part.0+0x1d0/0x424
[ 1132.273886][ T2755]        lock_acquire+0x54/0x6a
[ 1132.274691][ T2755]        __mutex_lock+0x114/0xade
[ 1132.275500][ T2755]        mutex_lock_nested+0x14/0x1c
[ 1132.276385][ T2755]        virtual_nci_close+0x28/0x58
[ 1132.277278][ T2755]        nci_close_device+0x12e/0x1de
[ 1132.278115][ T2755]        nci_unregister_device+0x34/0x182
[ 1132.278958][ T2755]        virtual_ncidev_close+0x9c/0xbc
[ 1132.279787][ T2755]        __fput+0x164/0x502
[ 1132.281540][ T2755]        ____fput+0x1a/0x24
[ 1132.282658][ T2755]        task_work_run+0xdc/0x154
[ 1132.283526][ T2755]        do_notify_resume+0x894/0xa56
[ 1132.284450][ T2755]        ret_from_exception+0x0/0x10
[ 1132.285370][ T2755] 
[ 1132.285370][ T2755] other info that might help us debug this:
[ 1132.285370][ T2755] 
[ 1132.286410][ T2755] Chain exists of:
[ 1132.286410][ T2755]   nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock
[ 1132.286410][ T2755] 
[ 1132.288348][ T2755]  Possible unsafe locking scenario:
[ 1132.288348][ T2755] 
[ 1132.289109][ T2755]        CPU0                    CPU1
[ 1132.289735][ T2755]        ----                    ----
[ 1132.290567][ T2755]   lock(&ndev->req_lock);
[ 1132.291696][ T2755]                                lock(&genl_data->genl_data_mutex);
[ 1132.292754][ T2755]                                lock(&ndev->req_lock);
[ 1132.293778][ T2755]   lock(nci_mutex);
[ 1132.294536][ T2755] 
[ 1132.294536][ T2755]  *** DEADLOCK ***
[ 1132.294536][ T2755] 
[ 1132.295383][ T2755] 1 lock held by syz-executor.1/2755:
[ 1132.296130][ T2755]  #0: ffffaf8022f60350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de
[ 1132.298170][ T2755] 
[ 1132.298170][ T2755] stack backtrace:
[ 1132.299110][ T2755] CPU: 0 PID: 2755 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[ 1132.300390][ T2755] Hardware name: riscv-virtio,qemu (DT)
[ 1132.301269][ T2755] Call Trace:
[ 1132.301858][ T2755] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[ 1132.302779][ T2755] [<ffffffff831668cc>] show_stack+0x34/0x40
[ 1132.303603][ T2755] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[ 1132.304862][ T2755] [<ffffffff83175742>] dump_stack+0x1c/0x24
[ 1132.305809][ T2755] [<ffffffff8010f7b8>] print_circular_bug+0x34e/0x3d8
[ 1132.307392][ T2755] [<ffffffff8010fa20>] check_noncircular+0x1de/0x1fe
[ 1132.308384][ T2755] [<ffffffff80113c26>] __lock_acquire+0x19a4/0x333e
[ 1132.309370][ T2755] [<ffffffff80116582>] lock_acquire.part.0+0x1d0/0x424
[ 1132.310509][ T2755] [<ffffffff8011682a>] lock_acquire+0x54/0x6a
[ 1132.311950][ T2755] [<ffffffff831a8ea4>] __mutex_lock+0x114/0xade
[ 1132.312988][ T2755] [<ffffffff831a9882>] mutex_lock_nested+0x14/0x1c
[ 1132.314020][ T2755] [<ffffffff8148d766>] virtual_nci_close+0x28/0x58
[ 1132.315038][ T2755] [<ffffffff830cf612>] nci_close_device+0x12e/0x1de
[ 1132.316150][ T2755] [<ffffffff830d0372>] nci_unregister_device+0x34/0x182
[ 1132.317217][ T2755] [<ffffffff8148d508>] virtual_ncidev_close+0x9c/0xbc
[ 1132.318700][ T2755] [<ffffffff804cb3c0>] __fput+0x164/0x502
[ 1132.321245][ T2755] [<ffffffff804cb7d2>] ____fput+0x1a/0x24
[ 1132.322560][ T2755] [<ffffffff800a0530>] task_work_run+0xdc/0x154
[ 1132.323875][ T2755] [<ffffffff80008c12>] do_notify_resume+0x894/0xa56
[ 1132.325261][ T2755] [<ffffffff80005724>] ret_from_exception+0x0/0x10
00:18:51 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
read$nci(r0, &(0x7f0000000200)=""/100, 0x64)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r0, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r0, &(0x7f0000000380)=""/100, 0x64)
write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r0, &(0x7f0000000500)=""/100, 0x64)
write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f0000000680)=""/100, 0x64)
write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r0, &(0x7f0000000840)=""/100, 0x64)
write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)

00:18:52 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
read$nci(r0, &(0x7f0000000200)=""/100, 0x64)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r0, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r0, &(0x7f0000000380)=""/100, 0x64)
write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r0, &(0x7f0000000500)=""/100, 0x64)
write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f0000000680)=""/100, 0x64)
write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r0, &(0x7f0000000840)=""/100, 0x64)
write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)

00:18:54 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
read$nci(r0, &(0x7f0000000200)=""/100, 0x64)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r0, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r0, &(0x7f0000000380)=""/100, 0x64)
write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r0, &(0x7f0000000500)=""/100, 0x64)
write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f0000000680)=""/100, 0x64)
write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r0, &(0x7f0000000840)=""/100, 0x64)
write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)

00:18:55 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
read$nci(r0, &(0x7f0000000200)=""/100, 0x64)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r0, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r0, &(0x7f0000000380)=""/100, 0x64)
write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r0, &(0x7f0000000500)=""/100, 0x64)
write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f0000000680)=""/100, 0x64)
write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r0, &(0x7f0000000840)=""/100, 0x64)
write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)

[ 1140.825902][ T2770] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0
00:19:00 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
read$nci(r0, &(0x7f0000000200)=""/100, 0x64)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r0, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r0, &(0x7f0000000380)=""/100, 0x64)
write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r0, &(0x7f0000000500)=""/100, 0x64)
write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f0000000680)=""/100, 0x64)
write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r0, &(0x7f0000000840)=""/100, 0x64)
write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)

00:19:00 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
read$nci(r0, &(0x7f0000000200)=""/100, 0x64)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r0, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r0, &(0x7f0000000380)=""/100, 0x64)
write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r0, &(0x7f0000000500)=""/100, 0x64)
write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f0000000680)=""/100, 0x64)
write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r0, &(0x7f0000000840)=""/100, 0x64)
write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)

00:19:03 executing program 0:
r0 = add_key$fscrypt_provisioning(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)={0x1, 0x0, @a}, 0x48, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x0)
keyctl$read(0x11, r0, 0x0, 0x0)

00:19:04 executing program 0:
r0 = add_key$fscrypt_provisioning(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)={0x1, 0x0, @a}, 0x48, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x0)
keyctl$read(0x11, r0, 0x0, 0x0)

00:19:05 executing program 0:
r0 = add_key$fscrypt_provisioning(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)={0x1, 0x0, @a}, 0x48, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x0)
keyctl$read(0x11, r0, 0x0, 0x0)

[ 1149.302676][ T2787] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0
00:19:08 executing program 0:
r0 = add_key$fscrypt_provisioning(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)={0x1, 0x0, @a}, 0x48, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x0)
keyctl$read(0x11, r0, 0x0, 0x0)

00:19:08 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
read$nci(r0, &(0x7f0000000200)=""/100, 0x64)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r0, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r0, &(0x7f0000000380)=""/100, 0x64)
write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r0, &(0x7f0000000500)=""/100, 0x64)
write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r0, &(0x7f0000000680)=""/100, 0x64)
write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r0, &(0x7f0000000840)=""/100, 0x64)
write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)

00:19:09 executing program 0:
r0 = add_key$fscrypt_provisioning(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)={0x1, 0x0, @a}, 0x48, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x0)
keyctl$read(0x11, r0, 0x0, 0x0)

00:19:10 executing program 0:
r0 = add_key$fscrypt_provisioning(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)={0x1, 0x0, @a}, 0x48, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x0)
keyctl$read(0x11, r0, 0x0, 0x0)

00:19:12 executing program 0:
syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000c88000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0)
r3 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
r5 = openat(r4, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r5, 0x0)
syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0)

[ 1153.808268][   T26] audit: type=1800 audit(1152.650:2): pid=2821 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=644 res=0 errno=0
[ 1157.382488][ T2807] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0
00:19:16 executing program 0:
syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000c88000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0)
r3 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
r5 = openat(r4, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r5, 0x0)
syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0)

[ 1158.237960][   T26] audit: type=1800 audit(1157.080:3): pid=2825 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=640 res=0 errno=0
00:19:17 executing program 1:
syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000c88000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0)
r3 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
r5 = openat(r4, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r5, 0x0)
syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0)

00:19:18 executing program 0:
syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000c88000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0)
r3 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
r5 = openat(r4, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r5, 0x0)
syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0)

[ 1159.243680][   T26] audit: type=1800 audit(1158.090:4): pid=2827 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=636 res=0 errno=0
00:19:18 executing program 1:
syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000c88000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0)
r3 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
r5 = openat(r4, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r5, 0x0)
syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0)

[ 1160.089110][   T26] audit: type=1800 audit(1158.930:5): pid=2829 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=645 res=0 errno=0
[ 1160.832887][   T26] audit: type=1800 audit(1159.670:6): pid=2831 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="vda" ino=644 res=0 errno=0
00:19:19 executing program 0:
syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000c88000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0)
r3 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
r5 = openat(r4, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r5, 0x0)
syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0)

00:19:20 executing program 1:
syz_io_uring_setup(0x12a1, &(0x7f0000000080), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000c88000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0)
r3 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
r5 = openat(r4, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3, 0x12, r5, 0x0)
syz_io_uring_submit(r2, r0, &(0x7f0000000000)=@IORING_OP_CLOSE, 0x0)

[ 1161.548568][   T26] audit: type=1800 audit(1160.390:7): pid=2833 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="vda" ino=636 res=0 errno=0

VM DIAGNOSIS:
07:29:08  Registers:
info registers vcpu 0
 pc       ffffffff8011edb6
 mhartid  0000000000000000
 mstatus  00000000000000a0
 mip      00000000000000a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff804759c8
 sepc     ffffffff831afd22
 mcause   8000000000000007
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff8011eda6 x2/sp ffffaf801151f180 x3/gp ffffffff85863ac0
 x4/tp ffffaf800ac448c0 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0d796ca x7/t2 0000000000000000
 x8/s0 ffffaf801151f360 x9/s1 0000000000000000 x10/a0 000000000000004e x11/a1 00000000000f0000
 x12/a2 0000000000000002 x13/a3 ffffffff8011c8a6 x14/a4 7d5b052706e44600 x15/a5 0000000000000020
 x16/a6 ffffffff86bcb68e x17/a7 ffffffff86bcb656 x18/s2 000000000000004e x19/s3 000000000000000f
 x20/s4 ffffaf801151f2e0 x21/s5 ffffaf801151f200 x22/s6 ffffffff8588c1a0 x23/s7 ffffffff8588c3e0
 x24/s8 ffffffff8588c220 x25/s9 ffffffff84a88520 x26/s10 ffffffff858655c0 x27/s11 ffffaf801151f2e0
 x28/t3 000000000000002d x29/t4 fffffffef0d796c8 x30/t5 fffffffef0d796cb x31/t6 ffffffff86bcb657
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       000000000003a33e
 mhartid  0000000000000001
 mstatus  00000000000040a2
 mip      0000000000000000
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000f97e
 sepc     00000000000554b8
 mcause   0000000000000009
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra 000000000001d1e8 x2/sp 00007ffff149f3d0 x3/gp 0000000000109090
 x4/tp 00000000013e8710 x5/t0 00000002a7968728 x6/t1 0000000064000000 x7/t2 00007ffff149f1b7
 x8/s0 0000000000120000 x9/s1 000000000000000a x10/a0 ffffffffffffffff x11/a1 00007ffff149f45c
 x12/a2 0000000040000001 x13/a3 0000000000000000 x14/a4 0000000000000016 x15/a5 0000000000000000
 x16/a6 00007fffaa668010 x17/a7 0000000000000104 x18/s2 00007ffff149f45c x19/s3 0000000040000001
 x20/s4 0000000000002328 x21/s5 00007ffff149f4c0 x22/s6 00000000001136a3 x23/s7 0000000000000016
 x24/s8 00000000000f4240 x25/s9 00007ffff149f480 x26/s10 00000000000001f4 x27/s11 0000000000000004
 x28/t3 000000007fffffff x29/t4 000000000000046b x30/t5 0000000000000018 x31/t6 0002625a00000000
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000