last executing test programs:

4.998233365s ago: executing program 0 (id=1371):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x80)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40086602, &(0x7f0000000000))
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040), 0x6)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r2}, 0x8)
ioctl$sock_bt_hci(r3, 0x800448d7, &(0x7f0000000140))
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r6 = socket$unix(0x1, 0x1, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r7 = socket$kcm(0x11, 0x3, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close(r8)
socket$tipc(0x1e, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
setsockopt$sock_attach_bpf(r7, 0x107, 0xf, &(0x7f0000000600), 0x56)
lgetxattr(&(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)=@known='system.posix_acl_default\x00', 0x0, 0x0)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000180)={0x7, 0x3, 0x6, 0x3})
sendmsg$kcm(r7, &(0x7f0000000280)={&(0x7f0000000440)=@xdp={0x2c, 0x0, r9, 0xb}, 0x80, &(0x7f0000000200)=[{&(0x7f00000001c0)="27030200000214000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f00000004c0)="f058050000007f8f", 0x8}], 0x2}, 0x4055)
r10 = socket$kcm(0x29, 0x5, 0x0)
write$cgroup_pressure(r10, &(0x7f0000000140)={'full'}, 0xfffffdef)

4.770697628s ago: executing program 2 (id=1373):
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000680)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x22}}, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x407, @local, 0xa}, 0x1c) (async)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x407, @local, 0xa}, 0x1c)
r1 = fcntl$dupfd(r0, 0x0, r0)
sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x800)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
sendmmsg$inet6(r1, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="cd", 0x1}], 0x1}}], 0x4000000000000ec, 0x8001) (async)
sendmmsg$inet6(r1, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="cd", 0x1}], 0x1}}], 0x4000000000000ec, 0x8001)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/165, 0xa5, 0x1, 0x0}, &(0x7f0000000180)=0x40) (async)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/165, 0xa5, 0x1, 0x0}, &(0x7f0000000180)=0x40)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
openat$hpet(0xffffff9c, &(0x7f0000000280), 0x200, 0x0) (async)
r2 = openat$hpet(0xffffff9c, &(0x7f0000000280), 0x200, 0x0)
ioctl$sock_SIOCINQ(r2, 0x541b, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3ff, 0x5, &(0x7f0000000000)=0x1) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3ff, 0x5, &(0x7f0000000000)=0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1100000004000000040000000200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000098000000000000000f10d00fbff7f00000000000000000000a2619cb7b574d2b1243c928621296becc5e76b43a7"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, [@call={0x85, 0x0, 0x0, 0x53}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xa}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41103, 0x30, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r4, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000040)=0x4c0, 0x4)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x2, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r6, 0x0)
write(r6, &(0x7f0000000240)="2cd889f03e14f3c4d5", 0x9)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0xff, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0xff, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r7, 0x0, 0x30, 0x0, @val=@tracing={0xffffffffffffffff, 0xf3ea}}, 0x1c)
syz_genetlink_get_family_id$batadv(&(0x7f0000000580), r1) (async)
r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000580), r1)
sendmsg$BATADV_CMD_GET_GATEWAYS(r2, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)=ANY=[@ANYBLOB="24000001", @ANYRES16=r9, @ANYBLOB="000126bd7000fcdbdf250a000000050038000100000005002a0000000000"], 0x24}, 0x1, 0x0, 0x0, 0xc0}, 0x4000810)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_VERDICT_BATCH(r10, &(0x7f0000000380)={&(0x7f0000000180), 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYRESHEX=r8], 0x20}, 0x1, 0x0, 0x0, 0x4040010}, 0x6c810)

4.536058031s ago: executing program 0 (id=1375):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_NESTED_STATE(r2, 0xc048aeca, &(0x7f0000000140)=@svm={0xa, 0x1, 0x1080, {0x4}, {"e39099761f25b433b13856760a7ec76508d33327cd3ada4c51082eac6de2fa2d7d1dcc8dfff22976e8672059274a02bae3ebf27b339e95deee6a4f9eb6ebce5531c0d1b29514572d68bc0755b1be1bd5a239e2518cfbdfe689827b4f12916b51b7d42de7417ee5e5375fb6ba5c0a3e45b926c0b0b4d04231523b7cd4088831c6ea7f98c46a8b4f997491a544ed86dbce7a68881aecbadfcc7f2b2466f16a066df3b31b041283e991068c80e7af73a922c99d5891fae0e4b30f374ad310c28f9b998a868ffd8494d4db3390309ff5d0ab06a6b357e2d1903a7ffb0ef12d187dc7f768cd9ae1e1fc0fedc4ee2a29a7c21da4a95d3ae0d8d0708a5d09e9b4e2ffe15f9517ed546e248485ea7a392ac40e385e1b08d6b6f3cbb0659c5d47b3a98b942b7a66b0d5b18b141af950ab7629d7dc7adee1e4e450977300e6c6778791ab81d840a012fdb9ba3bf6bb1c7de9a077d40ccfd04d2e69d826a26103ddd098d103b944f8268909af8162b503c881e4bfaabf2d2a9f15f1c08894c32a6b56e87b44f263c4dfeaa20927d026e222bc352eaea3139240dff727c8fafe32827005e22405a6aa5c4bf95d943d233a2aa46347db9bf3083c53298b377d5037d0c7ad006e50ebae7054ae6b7c74024d3d0000ac17b7b940c9514df48f97e6ac83e007433a93f0ca7dee180b3abceacee41e2f2e2856b29e023baee8763bbc71a6be90eabceaac2fde956a079f2b9fbb90cd6b241b89f074aee964a9eb9d4c00a85e51dc8abf2715c6c01c5e589576bf2801f5ed7ecab4c3b11de8d687f730c3a1e105cde16ff7515ec97bf92c9cf32d7594aa7dee4568d0e14953b116e0d0b09ad8cd4b174e97b2363d0c4d709bde2921a000b02727f25306267c0e62a72d3f6a4ce004e7772d5af9dcb203c861bf4945d3cae3a84e92351c62dbd9653a394f24f2350455d1ae1681300a1a86f91169fa885e741737fc0e613078e19e12220972895b1ea4e6d938c16213da3f08c0828a0b438108f781b199efec73d507c49cc1cea6459a9d9287ba32da67e04977b22caf056d34a59a5dbd310a1c1ebea67cd5719f17de9c00d468a09440e357207081de0964fa7f7947c9681bf90424c07396c35d9bc4105a9c7b559dbb8bbd2d877fa46d430aa33cee0c2e8eb740399286adedf01f16258dd168b07ce0d49d10db7d06e1ae2a1c50d021ce54d9031551d52d57f43f94db99d6f466ce3e2b4f0a94bfd237e853ee048a7ee7a2a9abb84f87b5b5cc7a16d7fda3df1b40755f0d1e561646c7bee5cb5c7df16cdd98c940e851f5c6ab0b83ba4c4cef575996f5e324dac7f9ff04d4a20017efa7d36b1d63c9a93bfd42a36c3ec006bde2932ee4679407c81c49884843fccaf949f7d704ab5f28fdcefea646e8e124bbc0c01255f7c3f9ca7072b9d8da7c8aaf832cd89a63ba7d9550b5abfff14ff6a8b78e9e5941f9d02138b87ab2d1a43c27912bcbbe348ff0372fde77b4e62ee99c78d3986e0671fe74967074527d5123edc8492d527269b16887e7a8d7fa6dbadd243ac9732b0876a4dd1c1876c8c4900d1699f31c900fb69a0ef19e98d74c2e658bd5f405a2d0e1a2987c10c9855047c0590fbadb784fb3f311afc2a87b03ca4b9a46fb3f22787889aaa24a45cb9aaec0c7f2c86c90d1bf381c14a82edd1cba476d660935bc6d5ee59f439a50ec8b2d9643096f76c693beb3944416536c553754fbf54406fb8deb4a3bad69ca5e92c72c39f0f5d612a6fe53a8203000769ef5a7ab4dbf39c4f4a4fbc8b2a7f5d81dfd869699254d8f47e8ebff74c88b86f1fdbbb99db3d2abcdb505f45a7c565c618c0a669e3b6b6bd47eb719fc7ab1e76f3697c7d989eba89f32a332cc1adc0a12e5050b55c7302976ca2596616df41c4d72572aece740588819a8dee843f4fab5769d2c30a1567d4b3c009194a372eb1e121f15968185d918c61666a5003440202421cb9d5e149b7709ffcf576055b965e46910f8d9518635d1a8256579cab970d29c025f3da7c6667c6b4ec51aca3fc57eae3d899b476a1e86929ab5d9dfd775eac38093648235bf815b5391eb7d980457f6d31ef7a4a0fc558342a016b5c440c70171e26daf5003f468bc451a6706fc5df48f62854417002115ea6aa7d3366141240d55e02c8f09716a0ee1ea04496a8c9de0a58f24bb169c5508b24797310ba402bd93b94f7c9446831387a3059fa05e5603af9512701633a7b4e8fa21f7d0505a5387999c41a0632b6da23fd4b4e58e70b48f82a0ca8d3147bae71619f40d9d6800e17a869a9a81eac916a1bea6cc5ab2c4be5b6d14b1da2c38c0731b26d14cfbbc8d6919f3e089c48afd167587be71470e93e68b670de1bb68563e082cb3d29f463533a3c5b13e474d02829240823462aa18f831c4567633065db7b8631611ad13c95e8f4d0cef68353332e9a95cc63284d9a31f5dae0f344e6440ad25130722426e64f2e3c275cd0ded4360fb8fda76c238d4361be0d4b3a1d859c395e418173bfdc98e79d36d80fa8aae422322ed6fba515f50a3559c301da3260057b5c0c3f2dc9bd32bb7a4879f435fb161909d6b2ff784af258f3a45d6bca8d406153e54feaffc554b340ad7a37d9aa117d0ee4ee1e921bfe9d0e84c176d17075f3ad78c2b6e2c3572765ae64caface3fdf00c4e8f2179a73716e5ec44466dfe2032d6c051ff2ac6419269f328b2725b8a5c6913d4457912b82683bc91a5da21876dc37d9dd6c410023133771cd54b5b569e0bfd8c2e768b2bde591c3091f77c48b61f60934b6f767c005707c8aacfa3d676362744944e38a81323560d3668720acd7d91cfe2ee3e9767aedf8cafb9fa130a7d181b1cc0eb28b56b9b3386b7fcd0ce2cddd5ffe09a9c984c2379bba39888149256a1d74433ad00660836d46986b80de56e021fd3941025b0f0c10821be05aeac93e1ea813bd0813be628b5f923f129910f4e9ca6d4b21af7f68af123afd16309ceb683f314556d49f5424b50d00358f5fca3c216b0c85b3af72d02716172ebd8b832bb93e84c0ecb62999446ddefa1f2cae24971f63c7d99f974e84c0c9e7e89da6fe6129add74391ddb23d46a2cdbb7bc9a6de2bbb31c51f15fd1798e0716dd770c1f768f9d3478ed5e33ef4068f4070bdf06b41026acc92332d14f9d48a268e41eeeb98327562c8fc83cc6f5742271f2b4aeae411831d8ad5424acef307c158c25b56e564c78221636cbb8e6ade5aac34d4ebf859d66fcb89db519f77e0531d6f5ce30a4f112cc5280307407af99c1a61fff6791409d689b3c68be13e27e3f6948a63f31421f5aff5402b646d20dd1ef0246dc65fe464f48d46b15f4b3cc9f544823d3c2b587cd98cfe4b4b993ea7b45cc80126ce7c3ed447ff08d74f2f1c8b04d0212ba06658b589a5402c81632afca95cd8ebe9ff0966aa5f845a86d8d0d21c166f8978576c26fb51cbd5222ddd288896c3c5dcfe84cdd9a76c4eb3a1b2a98a6bb2dcc8b9c68695e76d9d9c8dea209e63954e805f71bc59c0a16ec307542962c59aeec260b980d6aa0cf70d01f62b9e349b5fb16904a55423a985152de3646382ec167679ced69532e45345df3fab263e9c570877ff03feb82260e85b8e336f2c3d9ea64f7822d49943261ae9e66c4226444ada4481a95fd50d34b7de5c0063b6d370fa563f376d2a4dac8e0600f0f4c36e4d698f0ffe6ae0efcc9514f25ec0bc232051a69e183ce8b68e6c2dfa9745428be6f5b01ab4753737d3ccd26401c1d10b4bf6c4ecc2418e9764582d85fcbd0219722dfb7554d61bb120877c3c690b416095f40dad7be1f9f1c36d1ff9c5bbe673babb17d6d4d61d9cc8eb52cac890c7c8191cb19dd8e28eb46c8443017cd5abc6cf527c693966bd0d84bc5a197d5c47922a1f7d05ab459e3e8068d223f25df9e50ea69c0050cf6b6ac6eef5afad2a0f6e3927050ae257816a4c52c0a9ad0b41ae97583b98e4c3bcdbc4c4a3a6b06d1d97863a5006d4e72dbc28e028cc4c23da7d400962d1bb5ff99327b03168285b3dce86c03d1d8e2d1c346486defd775b4e9af50407d11479a7e940b45f5ed34c4ba8c314ebb0635b167f5aaaffb13733aca48cf6b17217f39e783e7ebf3b69f4385cdaf8227542c78c87a2cd68fcc601b84a2f45dd5e9088cd6fc59c3c242a8710f52da4239b7aa501702e41548b2c9d7917c08a69023ab293593d0037154e57f912af0327f163c31159260783072780a1ee96855b95d5d7fb55f39b90ce065d06d76725ab31f2eea6e98ef7e746b2ca35338c2918d3b00ad9f8b56939b44008bd835d5602c30ba29b308cf4cc1e3833fdc54b37abc2d499c3d02dfe056a2408ce1e67511eb22edc314a7852aed44514026c27e5bc0c50a5989c7f2034523f01beb93fb0c2f3a8555cf09039a65d066ce68d7fffd4d271a1c6a149827a43510a4755017ed2ee76575dfb2f1ff3fa8501e8a2b14b03ffbf2b8d7757a639232053614b5acc7ee456b136b48318551b8d803873272f89cbc517c4b13f812979508ce53944758504bbcac679fddbad2d18edf55e5ebcb421f65b84de154343a35be8c099696728713f137921c56aface5a80d3d0185f2dec66aafaf526086b94c8f89bede56b721dd7646f6fae11119d7b0866890552ab00180eafd7610b245052043acb3789d694b5b9fc9d65c5630f70268c683e653ce7a9194f541befcf94bef00c06e1fcc584b5535e206460ff824fdfdf9d60e3ca4828ebd9b606d26c1c209ca62c7b94eb5741eed428f5515436a038f6bd6fdbb113c313c023ef85e9538715cb1fb474fab73a031c12f40a3c275e92a8dead3d07b7b2232322bfc2c6a467a2997eed0141e8e6dce7a66780727546fac0a144cdae2a3440446e64c4807d66bb4ecf33544d17e8e14c29481e7ea0d49f17da3d5c46998e63a4072e4d3a70796496c8634a7d177d1ccadf7905047ad6f89d4d902ae93064cd9bb79084a654b292ddbed83ad470a3e322adb29ef531968142bb33c2ba12a694d434fbea353c148bfd942d28fe15a5198ece28b59650eddb2bfb55908c01575903399d9cdaa15769392b7b666690aaba62656baee6e71550ee929c4d829b5ca0b941bbf53f05ef56b736c31c15bd36cfc568adee292ee665d0224594789b622bd799922f05943f6dbc541372aebcc65e444d18aba4118774eb06476037df50fde33a11097460301ca1003fcbff3683e36d9b856ea70bc86a0ec154991d928e8f6956c69be2b186f5b4005207b1567f8130d4981b2196da4d48bebf0836beb9bf9285bbb251cfab1bf41949103acce0ec6ec3272247bf7252074803773a2c42fa842285a22824de4843e81a0f0f3fe1ab822ecfe59023e4fb05f4de5206a98878a4523eec0845be8bba8720b8c775dd6d0ec20099175e2a09ea5c40d14af47139f794116c68e239ae6495627e01cb14c08ad8a4985b35223b49518aa942cd3ba5af986dd733afdfb13ed40e0e5b5a0fbc00676c996e1c3dbbd6a73673d23e7b33113107bc1c393e455eb94d6ef53e85bacbd5fab9405a47c605b2602ce8405311938bcd031ce4ed32af2e47ab109bc4300fba11f3fa1418126da9646df18ac7a87e968a663ff06f8162a86eb81ac292ea7db313dc132b846a3fa5106a716ea8aca56cfd33b9cf70c1d5d2969fe7d9a05243faa15650c7ece0140f2e85edd6af621bd2e459555010f92aa0ebb308176f1faef988b5b82933703609e6e3506306ef33ba300"}}) (fail_nth: 1)

4.267456181s ago: executing program 0 (id=1376):
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c082", 0x61}], 0x1}}], 0x1, 0x2090)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_ENUM_FREQ_BANDS(0xffffffffffffffff, 0xc0405665, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
capget(0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = syz_io_uring_setup(0x892, &(0x7f00000003c0)={0x0, 0x5ad3, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000380)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}})
io_uring_enter(r3, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0)

4.267173203s ago: executing program 2 (id=1378):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYRESHEX=r0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c000000ac14143f0000000000000000000000000000000000000000920100000000494d84ffbf0b990908a878476800000600000000000000ffff0000000000001c250800000000000200000000000400f8ffffffffffffff0000000000030000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff000000002abd700004350000020001fd1f000000480003006465666c61746500"/236], 0x138}, 0x1, 0x0, 0x0, 0x8881}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$ax25_int(0xffffffffffffffff, 0x101, 0xa, &(0x7f0000000080), &(0x7f0000000100)=0x4)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x18, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r2, &(0x7f0000002dc0)={&(0x7f0000001640)=@l2tp6={0xa, 0x0, 0x7fff, @local, 0x8}, 0x80, &(0x7f0000000340)=[{&(0x7f00000003c0)='`', 0x1}], 0x1}, 0x41)
setsockopt$sock_attach_bpf(r2, 0x84, 0x1e, &(0x7f0000000000), 0x4)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {}, {}, {}, {}]}, @func, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x96}, 0x20)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x14}, 0x8f)
r4 = socket(0x11, 0x3, 0x0)
setsockopt(r4, 0x107, 0xf, &(0x7f0000000100)="00008634", 0x4)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r6=>0x0})
sendmsg(r4, &(0x7f0000000100)={&(0x7f0000000040)=@xdp={0x2c, 0x8, r6, 0x3}, 0x80, &(0x7f0000000600)=[{&(0x7f00000001c0)="0003022df0ff000000002d3922ff65b4355e953d23d27c69e074889fa8e7ee962184588e5fd8c5ee00a7472916f510027afb3654f0", 0x18}, {&(0x7f00000003c0)="60a75dc565ef116aa412580445034943beea59637ecdd8a174caf38d7adc18f6b256e8be", 0xffe8}, {&(0x7f0000000140)="55f0e46e5a", 0x5}, {&(0x7f0000000540)="d6cbcbd01a9287bce454d54ecea0f66b7367fbf6880d06443c29d1e06a5aa68da2a864699d98950e5555ab", 0x2b}], 0x4}, 0x40011)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848360000005e140602000000000e000a00100000000a8000001294", 0x2e}], 0x1}, 0x0)

4.197235886s ago: executing program 0 (id=1379):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r1, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x30, r1, 0x100, 0x70bd29, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x1c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x8}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private=0xa010101}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x50}, 0x8000)
r2 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$bt_hci(r2, 0x0, 0x1, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000280)='nv', 0x2)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNDETACHFILTER(r4, 0x401054d6, 0x0)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r3, &(0x7f00000002c0)="000000080000000000000000000000000000009f00000000000000000000000000000000005b3d5b7fc2dea7ad8753c766fe0f07d8fa14c7873c886de6c4c9fcff58d46b36eaf356bf7e87d5c73b143ec2671bca2d9e3827198fb32e4f0e63fbfe50fbf94c3b8f1bc76c8fc293a8be940661be7507d19f67d710ffce7b3637312671fcf4eba674bfb2054b0e0617b2d78138f713fe6a7217fd4e4abed5e1acbbdfe4d0d5a7ebaed817f644262d34c4aafe287ece1c1e4d4c12b64412eb5fc5146e9b675af77076b99ab122b2ac1bfdadcfa46fd8aa4d083d5fbd3bba3a7058cc90bb16cd3121f3ed9454883ffebb38b0596f07392aca992c7e2b8161da194d246a232c23bcae12d643e2f37c1479f8cebd7a6ea903aa398ebac1c63b293fd8e4d3ae909164", 0x125, 0x20008080, 0x0, 0x0)

4.178200903s ago: executing program 1 (id=1380):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB="44000000210001002cbd7000fddbdf250a100004ff00000106000200140001000000004a8ca046127a29beffac1414bb0c00140092"], 0x44}, 0x1, 0x0, 0x0, 0x44048801}, 0x40)
r1 = socket$inet(0x2, 0x80001, 0x84)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="270e28bd70000000000004"], 0x14}, 0x1, 0x40030000000000}, 0x4000)
syz_emit_ethernet(0x46, &(0x7f00000000c0)={@link_local={0x3}, @link_local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x7, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @initdev={0xac, 0x1e, 0x0, 0x0}}, "0700655881fff500"}}}}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'vlan1\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00', @ANYRES16, @ANYBLOB="01002dbd70000000000010000000180001801400020076657468315f746f5f626f6e6400000005000e"], 0x34}, 0x1, 0x0, 0x0, 0x20040804}, 0x4044890)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r9=>0x0})
r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r8)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r8, &(0x7f0000000280)={0x0, 0xf000, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r10, 0x83625fc5352ba305, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}]}, 0x1c}}, 0x2000040)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'gre0\x00', &(0x7f00000000c0)={'erspan0\x00', 0x0, 0x7, 0x700, 0x5, 0x4, {{0x11, 0x4, 0x2, 0x4, 0x44, 0x64, 0x0, 0x2, 0x4, 0x0, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@end, @rr={0x7, 0xb, 0x17, [@private=0xa010102, @private=0xa010101]}, @cipso={0x86, 0x23, 0x1, [{0x5, 0x5, "cf9c90"}, {0x1, 0x6, "88208270"}, {0x6, 0x12, "fa959fe72b843091d89e77cd8e48b84f"}]}]}}}}})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={0xffffffffffffffff, 0x58, &(0x7f00000001c0)}, 0x10)
r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', <r12=>0x0})
r13 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_PROTECT={0x5, 0x8, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r12}]}, 0x44}}, 0x0)
sendmsg$nl_generic(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x18, 0x38, 0x1, 0x7fffc, 0x2, {0x18}, [@nested={0x4, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x404c850}, 0x4008094)
sendto$packet(r2, &(0x7f0000000040)="02030e00d3fc02000000ab5d71b9edd7c9560385dcb188a8", 0x18, 0x2004c8a1, &(0x7f0000000080)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @broadcast}, 0x14)

4.051089842s ago: executing program 0 (id=1381):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x80)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40086602, &(0x7f0000000000))
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040), 0x6)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r2}, 0x8)
ioctl$sock_bt_hci(r3, 0x800448d7, &(0x7f0000000140))
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xa, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000000000de980000000000005608000000efffff8400000005000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close(r8)
socket$tipc(0x1e, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000600), 0x56)
lgetxattr(&(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)=@known='system.posix_acl_default\x00', 0x0, 0x0)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000180)={0x7, 0x3, 0x6, 0x3})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000440)=@xdp={0x2c, 0x0, r9, 0xb}, 0x80, &(0x7f0000000200)=[{&(0x7f00000001c0)="27030200000214000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f00000004c0)="f058050000007f8f", 0x8}], 0x2}, 0x4055)
r10 = socket$kcm(0x29, 0x5, 0x0)
write$cgroup_pressure(r10, &(0x7f0000000140)={'full'}, 0xfffffdef)

4.050863757s ago: executing program 2 (id=1382):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
readv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000a40)=""/4096, 0x1000}], 0x1)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'erspan0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000300012800b00010065727370616e000020000280040012000500160002000000060018"], 0x50}}, 0x4080)
io_setup(0x3, &(0x7f0000000080)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x2, r0, 0x0, 0x0, 0x3}])
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
userfaultfd(0x80001)
r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7ffffcb9}]})
ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000180)=0x6f)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000140)='source', &(0x7f0000000180)='#:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
write$dsp(r6, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000000c0)={0xf0f041})

3.924829702s ago: executing program 1 (id=1383):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000140)=@framed={{0x18, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r2, 0xfffff000, 0xe, 0x0, &(0x7f0000000300)="882f1242a03c3f98722780b605a7", 0x0, 0x990d, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000300)={0x1, 0x0, [{0x40000021, 0x0, 0x1af}]})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

3.755328048s ago: executing program 1 (id=1384):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x80)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40086602, &(0x7f0000000000))
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040), 0x6)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r2}, 0x8)
ioctl$sock_bt_hci(r3, 0x800448d7, &(0x7f0000000140))
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r6 = socket$unix(0x1, 0x1, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r7 = socket$kcm(0x11, 0x3, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close(r8)
socket$tipc(0x1e, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
setsockopt$sock_attach_bpf(r7, 0x107, 0xf, &(0x7f0000000600), 0x56)
lgetxattr(&(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)=@known='system.posix_acl_default\x00', 0x0, 0x0)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000180)={0x7, 0x3, 0x6, 0x3})
sendmsg$kcm(r7, &(0x7f0000000280)={&(0x7f0000000440)=@xdp={0x2c, 0x0, r9, 0xb}, 0x80, &(0x7f0000000200)=[{&(0x7f00000001c0)="27030200000214000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f00000004c0)="f058050000007f8f", 0x8}], 0x2}, 0x4055)
r10 = socket$kcm(0x29, 0x5, 0x0)
write$cgroup_pressure(r10, &(0x7f0000000140)={'full'}, 0xfffffdef)

3.552371429s ago: executing program 1 (id=1385):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
readv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000a40)=""/4096, 0x1000}], 0x1)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'erspan0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000300012800b00010065727370616e000020000280040012000500160002000000060018"], 0x50}}, 0x4080)
io_setup(0x3, &(0x7f0000000080)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x2, r0, 0x0, 0x0, 0x3}])
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
userfaultfd(0x80001)
r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7ffffcb9}]})
ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000180)=0x6f)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000140)='source', &(0x7f0000000180)='#:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
write$dsp(r6, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000000c0)={0xf0f041})

2.536912376s ago: executing program 2 (id=1386):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
r2 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r2, &(0x7f0000000240)={0x11, 0xf5, 0x0, 0x1, 0x3, 0x6, @multicast}, 0x14)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)=ANY=[], 0xfdef) (fail_nth: 1)

2.509834621s ago: executing program 3 (id=1387):
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c082", 0x61}], 0x1}}], 0x1, 0x2090)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_ENUM_FREQ_BANDS(0xffffffffffffffff, 0xc0405665, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
capget(0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = syz_io_uring_setup(0x892, &(0x7f00000003c0)={0x0, 0x5ad3, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000380)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}})
io_uring_enter(r3, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0)

2.340297046s ago: executing program 0 (id=1388):
r0 = socket(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
connect$netlink(r0, &(0x7f0000000040)=@unspec, 0xc)
setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000b4bffc)=0x8, 0x4)
write(r0, &(0x7f0000000000)='\"', 0x1)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

2.264358373s ago: executing program 2 (id=1389):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
readv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000a40)=""/4096, 0x1000}], 0x1)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'erspan0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000300012800b00010065727370616e000020000280040012000500160002000000060018"], 0x50}}, 0x4080)
io_setup(0x3, &(0x7f0000000080)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x2, r0, 0x0, 0x0, 0x3}])
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
userfaultfd(0x80001)
r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7ffffcb9}]})
ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000180)=0x6f)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
fsopen(&(0x7f0000000340)='afs\x00', 0x0)
write$dsp(r6, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000000c0)={0xf0f041})

2.263768862s ago: executing program 3 (id=1390):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b0000000200000009000100"], 0x7c}}, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a20000000000a03000000000000000000070000000900010073797a300000000060000000090a010400000000000000000700000208000a40000080000900020073797a31000000000900010073797a3000000000080005400000002124001180090001006d6574610000000014000280080001400000000b080002400000000d14000000100001000000"], 0xa8}, 0x1, 0x0, 0x0, 0x4040054}, 0x0)
r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ioctl$UDMABUF_CREATE_LIST(r3, 0x40087543, &(0x7f0000000080)={0x0, 0x300})

2.212198738s ago: executing program 1 (id=1391):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x800, 0x5, 0xc000, 0xe, "0062ba7d8200000016001b000200f705096604"})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x3, 0x2, 0x3, 0x0, 0x0, {0x1, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x10)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$TIOCL_SELLOADLUT(r0, 0x541c, &(0x7f00000004c0)={0x5, 0x3000000000000, 0x6, 0x4, 0x3})
ioctl$LOOP_SET_STATUS64(r2, 0x80041284, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0xfffffffffffff7f3, 0x2, 0x0, 0x5, 0x10, 0x4, "995e4c8b0ba6f8ed413b1ee5f3a7c862bbf64092868fd6943a428277be3c0fd8c867f86e662e0c2dd39186b32ee0690c16eb180e81ed3e5e2ebe64446497c2fc", "a6fafe5554ac900cc641df63c82e3d2347ef4230f37485c698954b3d8be9b663e59116e54ef137506743aa54d43eeef70999ee41524cf2aef5653e90d68d5ac5", "0286bcec3e402f381e7bdad53f9018befdba9800b9e9fd123eafd0d13d4c50ed", [0x0, 0x9]})
dup3(0xffffffffffffffff, r0, 0x0)
syz_io_uring_setup(0xb9, &(0x7f0000000300)={0x0, 0x24bf, 0x2, 0x40003, 0x310}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000280))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000008c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x20, r5, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0xc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_MASK={0x4}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x24044000}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r6, 0x29, 0x21, &(0x7f0000000000)=0xfffffff7, 0x54)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000240)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="000976000000763085262928f95d38909e1db88ee37c172c0486fef0616d6ca79e3318622dff9bd97dfdf1a4122a53a4da136943ccd9a0e9db587161d4337d3ae09989088bf40e428a634cf8083245459c1cebfbf3cc8193892d6e21742dcd4b2f1a4a63c8489cad1c191f93"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r3, 0x114, &(0x7f0000000140), 0x0, 0x4)
pipe(&(0x7f00000000c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100000100000000000200fffc0900010073797a30000000000800024000000001cc000000030a01020000000000000000020019000900010073797a3000000000aa000300"], 0x1e4}}, 0x0)
write$binfmt_misc(r8, &(0x7f0000000000), 0xfffffecc)
splice(r7, 0x0, r9, 0x0, 0x7fff, 0x0)

1.206572448s ago: executing program 3 (id=1392):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x2, 0x0)
close(r1)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4e9})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
close(r1)

1.130416084s ago: executing program 3 (id=1393):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x80)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40086602, &(0x7f0000000000))
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040), 0x6)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r2}, 0x8)
ioctl$sock_bt_hci(r3, 0x800448d7, &(0x7f0000000140))
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r6 = socket$unix(0x1, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xa, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000000000de980000000000005608000000efffff8400000005000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r7 = socket$kcm(0x11, 0x3, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close(r8)
socket$tipc(0x1e, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
setsockopt$sock_attach_bpf(r7, 0x107, 0xf, &(0x7f0000000600), 0x56)
lgetxattr(&(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)=@known='system.posix_acl_default\x00', 0x0, 0x0)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000180)={0x7, 0x3, 0x6, 0x3})
sendmsg$kcm(r7, &(0x7f0000000280)={&(0x7f0000000440)=@xdp={0x2c, 0x0, r9, 0xb}, 0x80, &(0x7f0000000200)=[{&(0x7f00000001c0)="27030200000214000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f00000004c0)="f058050000007f8f", 0x8}], 0x2}, 0x4055)
r10 = socket$kcm(0x29, 0x5, 0x0)
write$cgroup_pressure(r10, &(0x7f0000000140)={'full'}, 0xfffffdef)

1.045796201s ago: executing program 2 (id=1394):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
readv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000a40)=""/4096, 0x1000}], 0x1)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'erspan0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000300012800b00010065727370616e000020000280040012000500160002000000060018"], 0x50}}, 0x4080)
io_setup(0x3, &(0x7f0000000080)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x2, r0, 0x0, 0x0, 0x3}])
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
userfaultfd(0x80001)
r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7ffffcb9}]})
ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000180)=0x6f)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000140)='source', &(0x7f0000000180)='#:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
write$dsp(r6, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000000c0)={0xf0f041})

917.305919ms ago: executing program 3 (id=1395):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
unshare(0x8000000)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x40, &(0x7f0000000080)=0x8, 0x4)
sendmsg$BATADV_CMD_GET_MESH(r4, 0x0, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newqdisc={0x44, 0x24, 0xe0b, 0xfefffffc, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_WASH={0x8, 0xd, 0x1}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}]}}]}, 0x44}}, 0x0)
sendto$packet(r2, &(0x7f00000002c0)="44c394f305916c4516999da288a8", 0xe, 0x0, &(0x7f0000000080)={0x11, 0x17, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
semget$private(0x0, 0x4000, 0x0)
setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, &(0x7f00000001c0)={0xa, {{0xa, 0x4e20, 0x6, @local}}}, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1)
r7 = msgget(0x2, 0x624)
msgctl$IPC_RMID(r7, 0x0)
msgctl$IPC_RMID(r7, 0x0)

396.270322ms ago: executing program 1 (id=1396):
r0 = socket$inet6(0xa, 0x80002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xfffffffffffffe11, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
openat$vcs(0xffffff9c, &(0x7f00000001c0), 0x1250c0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
ioctl$COMEDI_CMDTEST(r5, 0x8040640a, &(0x7f00000000c0)={0x1, 0x30000, 0xffffffff, 0x3, 0x10, 0x6, 0x40, 0x6, 0x80, 0x1, 0x100, 0x0, 0x0, 0x0, 0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="40010000", @ANYRES16=r7, @ANYBLOB="01000000000004000000010000002400030000000007000000000000000000000000000000000000000000000000000000001400020077673100000000000000000000000000f4000880"], 0x140}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x3e, 0x229, 0x0, 0xfffffffd, {0xa}}, 0x14}, 0x1, 0x6000000}, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x6d93, 0x4)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = dup(r8)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x1503}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_FLAGS={0x6}, @IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}]}}}, @IFLA_LINK={0x8, 0x5, r10}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
sendmsg$sock(r0, &(0x7f0000000780)={&(0x7f0000000300)=@in6={0xa, 0x4e21, 0x41d, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x34}}, 0x2}, 0x81, 0x0, 0x0, &(0x7f0000000040)=[@mark={{0x10, 0x1, 0x24, 0x800}}, @mark={{0x10, 0x1, 0x51, 0x8}}], 0x20}, 0x80)

0s ago: executing program 3 (id=1397):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x2, 0x0)
close(r1)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4e9})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
close(r1) (fail_nth: 1)

kernel console output (not intermixed with test programs):

 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  218.557526][ T9138] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  218.557539][ T9138]  </TASK>
[  218.620495][   T10] hid-generic 0003:0627:0001.0010: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  219.190103][ T9149] loop9: detected capacity change from 0 to 7
[  219.193652][ T5941] Dev loop9: unable to read RDB block 7
[  219.195716][ T5941]  loop9: unable to read partition table
[  219.198006][ T5941] loop9: partition table beyond EOD, truncated
[  219.202876][ T9149] Dev loop9: unable to read RDB block 7
[  219.205425][ T9149]  loop9: unable to read partition table
[  219.207800][ T9149] loop9: partition table beyond EOD, truncated
[  219.211610][ T9149] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  219.618838][ T9160] netlink: 72 bytes leftover after parsing attributes in process `syz.2.899'.
[  219.636522][ T9160] netlink: 'syz.2.899': attribute type 10 has an invalid length.
[  219.640577][ T9160] veth0_vlan: left promiscuous mode
[  219.644008][ T9160] veth0_vlan: entered promiscuous mode
[  219.648651][ T9160] team0: Device veth0_vlan failed to register rx_handler
[  220.324554][ T9169] netlink: 'syz.3.901': attribute type 11 has an invalid length.
[  220.372642][ T9175] netlink: 8 bytes leftover after parsing attributes in process `syz.1.902'.
[  221.126595][ T9179] netlink: 'syz.2.904': attribute type 10 has an invalid length.
[  221.130369][ T9179] veth0_vlan: left promiscuous mode
[  221.133583][ T9179] veth0_vlan: entered promiscuous mode
[  221.138127][ T9179] team0: Device veth0_vlan failed to register rx_handler
[  221.211156][ T9183] CUSE: info not properly terminated
[  221.234176][ T9183] netlink: 72 bytes leftover after parsing attributes in process `syz.3.903'.
[  221.298535][ T9189] netlink: 72 bytes leftover after parsing attributes in process `syz.0.908'.
[  221.315923][ T9189] netlink: 'syz.0.908': attribute type 10 has an invalid length.
[  221.318093][ T9190] vivid-004: disconnect
[  221.320366][ T9189] veth0_vlan: left promiscuous mode
[  221.324334][ T9189] veth0_vlan: entered promiscuous mode
[  221.329646][ T9189] team0: Device veth0_vlan failed to register rx_handler
[  221.402700][ T9194] FAULT_INJECTION: forcing a failure.
[  221.402700][ T9194] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  221.411100][ T9194] CPU: 3 UID: 0 PID: 9194 Comm: syz.0.910 Not tainted syzkaller #0 PREEMPT(full) 
[  221.411124][ T9194] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  221.411134][ T9194] Call Trace:
[  221.411139][ T9194]  <TASK>
[  221.411147][ T9194]  dump_stack_lvl+0x100/0x190
[  221.411178][ T9194]  should_fail_ex.cold+0x5/0xa
[  221.411199][ T9194]  _copy_from_user+0x2e/0xd0
[  221.411249][ T9194]  packet_setsockopt+0x1d41/0x2380
[  221.411275][ T9194]  ? __lock_acquire+0x4a5/0x2630
[  221.411296][ T9194]  ? __pfx_packet_setsockopt+0x10/0x10
[  221.411318][ T9194]  ? aa_sk_perm+0x309/0xaa0
[  221.411342][ T9194]  ? ksys_write+0x190/0x250
[  221.411371][ T9194]  ? find_held_lock+0x2b/0x80
[  221.411387][ T9194]  ? aa_sock_opt_perm+0xfe/0x1b0
[  221.411408][ T9194]  ? __pfx_packet_setsockopt+0x10/0x10
[  221.411431][ T9194]  do_sock_setsockopt+0xf3/0x1d0
[  221.411456][ T9194]  __sys_setsockopt+0x119/0x190
[  221.411477][ T9194]  __ia32_sys_setsockopt+0xbc/0x160
[  221.411493][ T9194]  ? __do_fast_syscall_32+0x94/0x8c0
[  221.411513][ T9194]  ? lockdep_hardirqs_on+0x78/0x100
[  221.411530][ T9194]  __do_fast_syscall_32+0xe3/0x8c0
[  221.411551][ T9194]  do_fast_syscall_32+0x32/0x70
[  221.411570][ T9194]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  221.411590][ T9194] RIP: 0023:0xf70cef6c
[  221.411603][ T9194] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  221.411618][ T9194] RSP: 002b:00000000f54bd50c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  221.411635][ T9194] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000107
[  221.411644][ T9194] RDX: 000000000000000d RSI: 00000000800002c0 RDI: 000000000000001c
[  221.411654][ T9194] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  221.411662][ T9194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  221.411671][ T9194] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  221.411691][ T9194]  </TASK>
[  221.508745][   T10] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  221.542914][ T9198] syz_tun: entered allmulticast mode
[  221.559641][ T9196] block nbd1: shutting down sockets
[  221.601302][ T9200] 9p: Bad value for 'dfltuid'
[  221.603107][ T9200] 9p: Bad value for 'dfltuid'
[  221.692457][   T10] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  221.696718][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.700316][   T10] usb 8-1: Product: syz
[  221.702257][   T10] usb 8-1: Manufacturer: syz
[  221.704195][   T10] usb 8-1: SerialNumber: syz
[  221.720222][   T10] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  221.744087][   T10] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  222.029604][    T9] usb 8-1: USB disconnect, device number 18
[  222.066731][ T9185] vivid-004: reconnect
[  222.192619][ T9212] netlink: 8 bytes leftover after parsing attributes in process `syz.2.915'.
[  222.479983][ T9214] netlink: 'syz.1.916': attribute type 10 has an invalid length.
[  222.483199][ T9214] veth0_vlan: left promiscuous mode
[  222.485702][ T9214] veth0_vlan: entered promiscuous mode
[  222.490344][ T9214] team0: Device veth0_vlan failed to register rx_handler
[  222.536060][ T9216] netlink: 8 bytes leftover after parsing attributes in process `syz.1.917'.
[  222.604900][ T9217] kAFS: unable to lookup cell ''
[  222.717184][ T9219] vivid-003: disconnect
[  222.788877][   T10] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  222.793541][   T10] ath9k_htc: Failed to initialize the device
[  222.797640][    T9] usb 8-1: ath9k_htc: USB layer deinitialized
[  223.201136][ T9226] FAULT_INJECTION: forcing a failure.
[  223.201136][ T9226] name failslab, interval 1, probability 0, space 0, times 0
[  223.231111][ T9226] CPU: 0 UID: 0 PID: 9226 Comm: syz.0.919 Not tainted syzkaller #0 PREEMPT(full) 
[  223.231137][ T9226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  223.231147][ T9226] Call Trace:
[  223.231156][ T9226]  <TASK>
[  223.231163][ T9226]  dump_stack_lvl+0x100/0x190
[  223.231304][ T9226]  should_fail_ex.cold+0x5/0xa
[  223.231323][ T9226]  ? tomoyo_realpath_from_path+0xb6/0x690
[  223.231341][ T9226]  should_failslab+0xc2/0x120
[  223.231358][ T9226]  __kmalloc_noprof+0xe0/0x850
[  223.231385][ T9226]  tomoyo_realpath_from_path+0xb6/0x690
[  223.231409][ T9226]  tomoyo_path_number_perm+0x23c/0x580
[  223.231432][ T9226]  ? tomoyo_path_number_perm+0x22e/0x580
[  223.231456][ T9226]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  223.231502][ T9226]  ? find_held_lock+0x2b/0x80
[  223.231518][ T9226]  ? hook_file_ioctl_common+0x146/0x410
[  223.231542][ T9226]  ? __fget_files+0x215/0x3d0
[  223.231569][ T9226]  ? __fget_files+0x21f/0x3d0
[  223.231596][ T9226]  security_file_ioctl_compat+0xd3/0x230
[  223.231623][ T9226]  __ia32_compat_sys_ioctl+0xc2/0x360
[  223.231646][ T9226]  __do_fast_syscall_32+0xe3/0x8c0
[  223.231670][ T9226]  do_fast_syscall_32+0x32/0x70
[  223.231689][ T9226]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  223.231710][ T9226] RIP: 0023:0xf70cef6c
[  223.231723][ T9226] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  223.231738][ T9226] RSP: 002b:00000000f549c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  223.231755][ T9226] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 000000004048aec9
[  223.231765][ T9226] RDX: 0000000080000980 RSI: 0000000000000000 RDI: 0000000000000000
[  223.231774][ T9226] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  223.231783][ T9226] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  223.231792][ T9226] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  223.231813][ T9226]  </TASK>
[  223.231820][ T9226] ERROR: Out of memory at tomoyo_realpath_from_path.
[  223.446220][ T9215] vivid-003: reconnect
[  223.769815][ T9231] block nbd1: shutting down sockets
[  223.868178][ T9234] vivid-002: disconnect
[  224.152935][ T9243] CUSE: info not properly terminated
[  224.167205][ T9243] netlink: 72 bytes leftover after parsing attributes in process `syz.0.923'.
[  224.283175][ T9247] CUSE: info not properly terminated
[  224.294159][ T9247] netlink: 72 bytes leftover after parsing attributes in process `syz.2.924'.
[  224.429072][   T54] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  224.469370][ T9246] /dev/sr0: Can't open blockdev
[  224.578731][   T10] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  224.609161][   T54] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  224.613493][   T54] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.617048][   T54] usb 5-1: Product: syz
[  224.623701][   T54] usb 5-1: Manufacturer: syz
[  224.625976][   T54] usb 5-1: SerialNumber: syz
[  224.635110][   T54] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  224.647164][ T9233] vivid-002: reconnect
[  224.696033][ T9253] netlink: 8 bytes leftover after parsing attributes in process `syz.3.927'.
[  224.710013][   T54] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  224.716485][ T9255] FAULT_INJECTION: forcing a failure.
[  224.716485][ T9255] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  224.729286][ T9255] CPU: 0 UID: 0 PID: 9255 Comm: syz.1.928 Not tainted syzkaller #0 PREEMPT(full) 
[  224.729312][ T9255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  224.729324][ T9255] Call Trace:
[  224.729330][ T9255]  <TASK>
[  224.729336][ T9255]  dump_stack_lvl+0x100/0x190
[  224.729368][ T9255]  should_fail_ex.cold+0x5/0xa
[  224.729387][ T9255]  strncpy_from_user+0x3b/0x2d0
[  224.729412][ T9255]  ? proc_fail_nth_write+0x9f/0x220
[  224.729435][ T9255]  path_getxattrat+0x102/0x430
[  224.729456][ T9255]  ? __pfx_path_getxattrat+0x10/0x10
[  224.729473][ T9255]  ? find_held_lock+0x2b/0x80
[  224.729491][ T9255]  ? ksys_write+0x190/0x250
[  224.729542][ T9255]  ? ksys_write+0x1ac/0x250
[  224.729568][ T9255]  ? __pfx_ksys_write+0x10/0x10
[  224.729599][ T9255]  __do_fast_syscall_32+0xe3/0x8c0
[  224.729625][ T9255]  do_fast_syscall_32+0x32/0x70
[  224.729649][ T9255]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  224.729672][ T9255] RIP: 0023:0xf705ef6c
[  224.729688][ T9255] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  224.729704][ T9255] RSP: 002b:00000000f544d50c EFLAGS: 00000292 ORIG_RAX: 00000000000000e6
[  224.729721][ T9255] RAX: ffffffffffffffda RBX: 0000000080000380 RCX: 0000000080000440
[  224.729732][ T9255] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  224.729741][ T9255] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  224.729749][ T9255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  224.729759][ T9255] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  224.729783][ T9255]  </TASK>
[  224.818157][   T10] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  224.822196][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.825746][   T10] usb 7-1: Product: syz
[  224.826383][ T9257] netlink: 72 bytes leftover after parsing attributes in process `syz.1.929'.
[  224.827674][   T10] usb 7-1: Manufacturer: syz
[  224.827692][   T10] usb 7-1: SerialNumber: syz
[  224.841111][   T10] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  224.861597][ T9257] netlink: 'syz.1.929': attribute type 10 has an invalid length.
[  224.865018][ T9257] veth0_vlan: left promiscuous mode
[  224.868000][ T9257] veth0_vlan: entered promiscuous mode
[  224.872194][ T9257] team0: Device veth0_vlan failed to register rx_handler
[  224.894530][   T10] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  224.964752][    T9] usb 5-1: USB disconnect, device number 17
[  225.000644][ T9259] block nbd1: shutting down sockets
[  225.140542][  T842] usb 7-1: USB disconnect, device number 20
[  225.748946][   T54] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  225.752467][   T54] ath9k_htc: Failed to initialize the device
[  225.755946][    T9] usb 5-1: ath9k_htc: USB layer deinitialized
[  225.909495][   T10] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  225.912028][   T10] ath9k_htc: Failed to initialize the device
[  225.915224][  T842] usb 7-1: ath9k_htc: USB layer deinitialized
[  260.311795][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  260.314403][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  260.411872][ T9273] netlink: 8 bytes leftover after parsing attributes in process `syz.1.932'.
[  260.418342][ T9277] netlink: 8 bytes leftover after parsing attributes in process `syz.3.934'.
[  260.514683][ T9283] kAFS: unable to lookup cell ''
[  260.619245][ T9290] vivid-002: disconnect
[  260.783879][ T9293] netlink: 220 bytes leftover after parsing attributes in process `syz.1.937'.
[  260.828148][ T9295] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  260.830323][ T9295] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  261.235732][ T9295] vhci_hcd vhci_hcd.0: Device attached
[  261.678766][   T10] usb 37-1: new low-speed USB device number 3 using vhci_hcd
[  262.485481][ T9311] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  262.487993][ T9311] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  262.495786][ T9311] vhci_hcd vhci_hcd.0: Device attached
[  262.744217][ T9274] vivid-002: reconnect
[  262.769374][  T842] usb 41-1: new low-speed USB device number 2 using vhci_hcd
[  262.771429][ T9317] netlink: 8 bytes leftover after parsing attributes in process `syz.1.940'.
[  262.863781][ T9318] kAFS: unable to lookup cell ''
[  262.922824][ T9321] vivid-003: disconnect
[  262.932301][ T9320] loop6: detected capacity change from 0 to 2560
[  262.942145][ T9320] buffer_io_error: 20 callbacks suppressed
[  262.942272][ T9320] Buffer I/O error on dev loop6, logical block 0, async page read
[  262.949767][ T9320] Buffer I/O error on dev loop6, logical block 0, async page read
[  262.953818][ T9320] Buffer I/O error on dev loop6, logical block 0, async page read
[  262.957500][ T9320] Buffer I/O error on dev loop6, logical block 0, async page read
[  262.967696][ T9320] Buffer I/O error on dev loop6, logical block 0, async page read
[  262.972256][ T9320] Buffer I/O error on dev loop6, logical block 0, async page read
[  262.977989][ T9320] Buffer I/O error on dev loop6, logical block 0, async page read
[  262.985779][ T9320] Buffer I/O error on dev loop6, logical block 0, async page read
[  262.988827][ T9320] ldm_validate_partition_table(): Disk read failed.
[  262.992999][ T9320] Buffer I/O error on dev loop6, logical block 0, async page read
[  262.997333][ T9320] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.005775][ T9320] Dev loop6: unable to read RDB block 0
[  263.010051][ T9320]  loop6: unable to read partition table
[  263.014124][ T9320] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  263.102240][ T9296] vhci_hcd: connection reset by peer
[  263.108797][ T1250] vhci_hcd vhci_hcd.0: stop threads
[  263.110652][ T1250] vhci_hcd vhci_hcd.0: release socket
[  263.118836][ T1250] vhci_hcd vhci_hcd.0: disconnect device
[  263.249683][ T9312] vhci_hcd: connection reset by peer
[  263.251847][   T13] vhci_hcd vhci_hcd.2: stop threads
[  263.253838][   T13] vhci_hcd vhci_hcd.2: release socket
[  263.260002][   T13] vhci_hcd vhci_hcd.2: disconnect device
[  263.444560][ T9324] netlink: 72 bytes leftover after parsing attributes in process `syz.3.942'.
[  263.496066][ T9324] netlink: 'syz.3.942': attribute type 10 has an invalid length.
[  263.500988][ T9324] veth0_vlan: left promiscuous mode
[  263.508072][ T9324] veth0_vlan: entered promiscuous mode
[  263.525837][ T9324] team0: Device veth0_vlan failed to register rx_handler
[  263.708019][ T9316] vivid-003: reconnect
[  263.991909][ T9331] netlink: 8 bytes leftover after parsing attributes in process `syz.1.944'.
[  264.070052][ T9333] kAFS: unable to lookup cell ''
[  264.085234][ T9332] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  264.124513][ T9334] vivid-003: disconnect
[  264.912481][ T9330] vivid-003: reconnect
[  265.692866][ T9339] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  265.695657][ T9339] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  265.704056][ T9339] vhci_hcd vhci_hcd.0: Device attached
[  265.743861][ T9343] netlink: 8 bytes leftover after parsing attributes in process `syz.0.947'.
[  265.760832][ T9345] netlink: 8 bytes leftover after parsing attributes in process `syz.2.948'.
[  265.826052][ T9347] kAFS: unable to lookup cell ''
[  265.890041][ T9350] netlink: 8 bytes leftover after parsing attributes in process `syz.3.946'.
[  265.975838][ T9351] kAFS: unable to lookup cell ''
[  265.979020][ T1331] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  266.164112][ T9354] kAFS: unable to lookup cell ''
[  266.226157][ T9355] vivid-000: disconnect
[  266.754598][ T9340] vhci_hcd: connection closed
[  266.796894][  T762] vhci_hcd vhci_hcd.1: stop threads
[  266.807841][  T762] vhci_hcd vhci_hcd.1: release socket
[  266.815573][  T762] vhci_hcd vhci_hcd.1: disconnect device
[  266.842699][ T9344] vivid-000: reconnect
[  266.846876][ T1331] usb 39-1: enqueue for inactive port 0
[  266.988882][ T1331] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  267.119727][   T10] vhci_hcd vhci_hcd.0: vhci_device speed not set
[  267.179806][ T9360] syzkaller0: entered promiscuous mode
[  267.182505][ T9360] syzkaller0: entered allmulticast mode
[  267.584840][ T9369] netlink: 8 bytes leftover after parsing attributes in process `syz.1.952'.
[  267.686792][ T9370] kAFS: unable to lookup cell ''
[  267.955844][  T842] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  267.956102][ T9375] bridge0: port 3(erspan0) entered blocking state
[  267.960705][ T9375] bridge0: port 3(erspan0) entered disabled state
[  267.965470][ T9375] erspan0: entered allmulticast mode
[  267.974684][ T9375] erspan0: entered promiscuous mode
[  267.977597][ T9375] bridge0: port 3(erspan0) entered blocking state
[  267.980292][ T9375] bridge0: port 3(erspan0) entered forwarding state
[  268.154210][ T9379] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  268.156350][ T9379] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  268.175104][ T9379] vhci_hcd vhci_hcd.0: Device attached
[  268.894955][ T9380] vhci_hcd: connection closed
[  268.895243][ T1250] vhci_hcd vhci_hcd.0: stop threads
[  268.899117][ T1250] vhci_hcd vhci_hcd.0: release socket
[  268.901042][ T1250] vhci_hcd vhci_hcd.0: disconnect device
[  269.502091][ T9398] Cannot find del_set index 0 as target
[  269.512642][ T9398] netlink: 'syz.0.957': attribute type 1 has an invalid length.
[  269.567238][ T9402] netlink: 72 bytes leftover after parsing attributes in process `syz.0.959'.
[  269.594863][ T9402] netlink: 'syz.0.959': attribute type 10 has an invalid length.
[  269.597822][ T9402] veth0_vlan: left promiscuous mode
[  269.602870][ T9402] veth0_vlan: entered promiscuous mode
[  269.606425][ T9402] team0: Device veth0_vlan failed to register rx_handler
[  269.680022][ T9406] netlink: 12 bytes leftover after parsing attributes in process `syz.1.958'.
[  270.988256][ T9425] netlink: 8 bytes leftover after parsing attributes in process `syz.1.964'.
[  271.046387][ T9427] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.965' sets config #0
[  271.050969][ T9427] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.965' sets config #1
[  271.105826][ T9430] binder: 9429:9430 ioctl 5412 80000200 returned -22
[  271.426392][ T9436] usb 1-1: USB disconnect, device number 4
[  272.399989][ T9448] netlink: 12 bytes leftover after parsing attributes in process `syz.1.969'.
[  272.627042][ T9455] comedi comedi2: dt2814: I/O port conflict (0xfffffffffffffff9,2)
[  273.214281][ T9461] netlink: 12 bytes leftover after parsing attributes in process `syz.1.972'.
[  273.639097][ T9473] netlink: 12 bytes leftover after parsing attributes in process `syz.0.975'.
[  274.249755][ T9480] hub 1-0:1.0: USB hub found
[  274.256384][ T9480] hub 1-0:1.0: 6 ports detected
[  274.438753][  T842] usb 1-1: new high-speed USB device number 5 using ehci-pci
[  274.492704][ T9486] Cannot find del_set index 0 as target
[  274.643932][  T842] usb 1-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  274.674906][  T842] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  274.677577][  T842] usb 1-1: Product: QEMU USB Tablet
[  274.681981][  T842] usb 1-1: Manufacturer: QEMU
[  274.683717][  T842] usb 1-1: SerialNumber: 28754-0000:00:1d.7-1
[  274.774202][  T842] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb1/1-1/1-1:1.0/0003:0627:0001.0011/input/input11
[  274.843794][  T842] hid-generic 0003:0627:0001.0011: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  275.354169][ T9503] comedi comedi2: dt2814: I/O port conflict (0xfffffffffffffff9,2)
[  276.362286][ T9523] usb 1-1: USB disconnect, device number 5
[  276.414053][ T9523] hub 1-0:1.0: USB hub found
[  276.416740][ T9523] hub 1-0:1.0: 6 ports detected
[  276.598828][ T1331] usb 1-1: new high-speed USB device number 6 using ehci-pci
[  276.635697][ T9529] block nbd2: shutting down sockets
[  276.793907][ T1331] usb 1-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  276.797024][ T1331] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  276.800256][ T1331] usb 1-1: Product: QEMU USB Tablet
[  276.802227][ T1331] usb 1-1: Manufacturer: QEMU
[  276.804024][ T1331] usb 1-1: SerialNumber: 28754-0000:00:1d.7-1
[  276.832113][ T1331] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb1/1-1/1-1:1.0/0003:0627:0001.0012/input/input12
[  276.892179][ T1331] hid-generic 0003:0627:0001.0012: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  276.933944][ T9538] usb 1-1: USB disconnect, device number 6
[  277.306504][ T9544] netlink: 8 bytes leftover after parsing attributes in process `syz.3.993'.
[  277.443982][ T9535] fido_id[9535]: Failed to open report descriptor at '/sys/devices/pci0000:00/0000:00:1d.7/usb1/report_descriptor': No such file or directory
[  277.816739][ T9548] hub 1-0:1.0: USB hub found
[  277.818964][ T9548] hub 1-0:1.0: 6 ports detected
[  278.108718][  T829] usb 1-1: new high-speed USB device number 7 using ehci-pci
[  278.467359][  T829] usb 1-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  278.472076][  T829] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  278.476063][  T829] usb 1-1: Product: QEMU USB Tablet
[  278.478530][  T829] usb 1-1: Manufacturer: QEMU
[  278.488149][  T829] usb 1-1: SerialNumber: 28754-0000:00:1d.7-1
[  278.494473][ T9560] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  278.497322][ T9560] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  278.502954][ T9560] vhci_hcd vhci_hcd.0: Device attached
[  278.554105][  T829] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb1/1-1/1-1:1.0/0003:0627:0001.0013/input/input13
[  278.655588][  T829] hid-generic 0003:0627:0001.0013: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  278.739332][ T5810] usb 41-1: new low-speed USB device number 3 using vhci_hcd
[  278.775006][ T9567] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1001'.
[  278.775614][ T9569] usb 1-1: USB disconnect, device number 7
[  278.803662][ T9566] fido_id[9566]: Failed to open report descriptor at '/sys/devices/pci0000:00/0000:00:1d.7/usb1/1-1/report_descriptor': No such file or directory
[  278.834735][ T9570] block nbd1: shutting down sockets
[  278.913790][ T9572] kAFS: unable to lookup cell ''
[  278.939206][ T9569] hub 1-0:1.0: USB hub found
[  278.942545][ T9569] hub 1-0:1.0: 6 ports detected
[  278.976738][ T9575] vivid-002: disconnect
[  279.031433][ T9578] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1004'.
[  279.114051][ T9580] kAFS: unable to lookup cell ''
[  279.168267][ T9581] vivid-001: disconnect
[  279.254477][   T34] usb 1-1: new high-speed USB device number 8 using ehci-pci
[  279.291309][ T9561] vhci_hcd: connection reset by peer
[  279.294940][  T196] vhci_hcd vhci_hcd.2: stop threads
[  279.380850][  T196] vhci_hcd vhci_hcd.2: release socket
[  279.403636][  T196] vhci_hcd vhci_hcd.2: disconnect device
[  279.784754][ T9565] vivid-002: reconnect
[  279.839799][ T9585] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1005'.
[  280.145894][ T9576] vivid-001: reconnect
[  280.351188][   T34] usb 1-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  280.361028][   T34] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  280.364135][   T34] usb 1-1: Product: QEMU USB Tablet
[  280.369983][   T34] usb 1-1: Manufacturer: QEMU
[  280.373831][   T34] usb 1-1: SerialNumber: 28754-0000:00:1d.7-1
[  280.397905][ T9602] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1008'.
[  280.546539][   T34] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb1/1-1/1-1:1.0/0003:0627:0001.0014/input/input14
[  280.570904][ T9590] /dev/sr0: Can't open blockdev
[  280.653219][ T9607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1011'.
[  280.665714][ T9605] block nbd0: shutting down sockets
[  280.671524][   T34] hid-generic 0003:0627:0001.0014: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  281.274016][ T9623] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1017'.
[  281.298202][ T9626] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9)
[  281.301043][ T9626] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  281.305345][ T9626] vhci_hcd vhci_hcd.0: Device attached
[  281.324549][ T9626] random: crng reseeded on system resumption
[  281.385681][ T9626] EXT4-fs (sr0): VFS: Can't find ext4 filesystem
[  281.435776][ T9630] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1018'.
[  281.555426][ T9631] kAFS: unable to lookup cell ''
[  281.621424][ T9632] vivid-002: disconnect
[  282.051096][ T9627] vhci_hcd: connection closed
[  282.051423][ T1250] vhci_hcd vhci_hcd.2: stop threads
[  282.056317][ T1250] vhci_hcd vhci_hcd.2: release socket
[  282.061214][ T1250] vhci_hcd vhci_hcd.2: disconnect device
[  282.075109][ T9629] vivid-002: reconnect
[  282.099536][ T9634] /dev/sr0: Can't open blockdev
[  282.273265][ T9642] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1022'.
[  282.415194][ T9644] block nbd3: shutting down sockets
[  282.418244][ T9650] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1023'.
[  282.442518][ T9639] /dev/sr0: Can't open blockdev
[  282.481042][ T9652] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1024'.
[  282.643696][ T9657] vivid-003: disconnect
[  282.702655][ T9660] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1026'.
[  282.779473][ T9661] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1025'.
[  282.897008][ T9662] kAFS: unable to lookup cell ''
[  283.023427][ T9664] vivid-000: disconnect
[  283.253804][ T9666] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1027'.
[  283.318516][ T9666] netlink: 'syz.0.1027': attribute type 10 has an invalid length.
[  283.328340][ T9666] veth0_vlan: left promiscuous mode
[  283.338327][ T9666] veth0_vlan: entered promiscuous mode
[  283.355962][ T9666] team0: Device veth0_vlan failed to register rx_handler
[  283.426288][ T9649] vivid-003: reconnect
[  283.481184][ T9668] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1028'.
[  283.560513][ T9669] kAFS: unable to lookup cell ''
[  283.693293][ T9671] vivid-001: disconnect
[  283.725629][ T9659] vivid-000: reconnect
[  283.818970][ T5810] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  283.822077][ T9675] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1030'.
[  283.847135][ T9675] netlink: 'syz.3.1030': attribute type 10 has an invalid length.
[  283.850770][ T9675] veth0_vlan: left promiscuous mode
[  283.857572][ T9675] veth0_vlan: entered promiscuous mode
[  283.868717][ T9675] team0: Device veth0_vlan failed to register rx_handler
[  283.924149][ T9679] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1031'.
[  284.090067][ T9681] block nbd3: shutting down sockets
[  284.166341][ T9686] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1033'.
[  284.224800][ T9673] /dev/sr0: Can't open blockdev
[  284.403339][ T9693] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1036'.
[  284.455591][ T9667] vivid-001: reconnect
[  284.524773][ T9693] netlink: 'syz.1.1036': attribute type 10 has an invalid length.
[  284.530467][ T9688] /dev/sr0: Can't open blockdev
[  284.540741][ T9696] kAFS: unable to lookup cell ''
[  284.555120][ T9693] veth0_vlan: left promiscuous mode
[  284.599931][ T9693] veth0_vlan: entered promiscuous mode
[  284.607548][ T9697] vivid-000: disconnect
[  284.626455][ T9693] team0: Device veth0_vlan failed to register rx_handler
[  284.667914][ T9701] netlink: 'syz.0.1037': attribute type 10 has an invalid length.
[  284.710701][ T9701] veth0_vlan: left promiscuous mode
[  284.714535][ T9701] veth0_vlan: entered promiscuous mode
[  284.720813][ T9701] team0: Device veth0_vlan failed to register rx_handler
[  285.219814][   T24] usb usb42-port1: attempt power cycle
[  285.242624][ T9716] netlink: 'syz.1.1043': attribute type 10 has an invalid length.
[  285.246503][ T9716] veth0_vlan: left promiscuous mode
[  285.253175][ T9716] veth0_vlan: entered promiscuous mode
[  285.258056][ T9716] team0: Device veth0_vlan failed to register rx_handler
[  285.401633][ T9722] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  285.403725][ T9722] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  285.407251][ T9722] vhci_hcd vhci_hcd.0: Device attached
[  285.441028][ T9694] vivid-000: reconnect
[  285.679718][ T6381] usb 37-1: new low-speed USB device number 4 using vhci_hcd
[  285.780784][   T24] usb usb42-port1: unable to enumerate USB device
[  285.828075][ T9723] vhci_hcd: connection reset by peer
[  285.832525][  T105] vhci_hcd vhci_hcd.0: stop threads
[  285.834517][  T105] vhci_hcd vhci_hcd.0: release socket
[  285.849842][  T105] vhci_hcd vhci_hcd.0: disconnect device
[  285.966648][ T9735] netlink: 'syz.2.1048': attribute type 10 has an invalid length.
[  285.970474][ T9735] veth0_vlan: left promiscuous mode
[  285.973145][ T9735] veth0_vlan: entered promiscuous mode
[  285.976699][ T9735] team0: Device veth0_vlan failed to register rx_handler
[  286.080256][ T9739] syzkaller0: entered promiscuous mode
[  286.083308][ T9739] syzkaller0: entered allmulticast mode
[  286.611096][ T9750] netlink: 'syz.3.1053': attribute type 10 has an invalid length.
[  286.619199][ T9750] veth0_vlan: left promiscuous mode
[  286.619705][ T9750] veth0_vlan: entered promiscuous mode
[  286.629354][ T9750] team0: Device veth0_vlan failed to register rx_handler
[  286.842959][ T9752] /dev/sr0: Can't open blockdev
[  286.940197][ T9755] /dev/sr0: Can't open blockdev
[  287.315280][ T9781] CUSE: info not properly terminated
[  287.448995][ T9781] __nla_validate_parse: 11 callbacks suppressed
[  287.449017][ T9781] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1059'.
[  287.450646][ T9784] vivid-000: disconnect
[  287.465467][ T9781] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1059'.
[  287.839198][   T54] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  288.020820][   T54] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  288.029115][   T54] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.032744][   T54] usb 6-1: Product: syz
[  288.034683][   T54] usb 6-1: Manufacturer: syz
[  288.043961][   T54] usb 6-1: SerialNumber: syz
[  288.127279][   T54] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  288.188770][  T829] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  288.293089][ T9776] vivid-000: reconnect
[  288.424606][   T54] usb 6-1: USB disconnect, device number 18
[  288.472637][ T9791] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1062'.
[  288.495923][ T9791] netlink: 'syz.2.1062': attribute type 10 has an invalid length.
[  288.499717][ T9791] veth0_vlan: left promiscuous mode
[  288.501986][ T9791] veth0_vlan: entered promiscuous mode
[  288.504851][ T9791] team0: Device veth0_vlan failed to register rx_handler
[  288.661259][ T9798] block nbd2: shutting down sockets
[  288.669917][ T9786] /dev/sr0: Can't open blockdev
[  288.822916][ T9802] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1065'.
[  288.909919][ T9806] kAFS: unable to lookup cell ''
[  289.278836][  T829] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  289.281415][  T829] ath9k_htc: Failed to initialize the device
[  289.284371][   T54] usb 6-1: ath9k_htc: USB layer deinitialized
[  290.186118][ T9810] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1068'.
[  290.710623][ T9819] /dev/sr0: Can't open blockdev
[  290.779126][ T6381] vhci_hcd vhci_hcd.0: vhci_device speed not set
[  290.971347][ T9828] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1073'.
[  291.092782][ T9829] kAFS: unable to lookup cell ''
[  291.209912][ T9831] block nbd0: shutting down sockets
[  291.259348][ T9834] vivid-000: disconnect
[  291.303725][ T9838] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1076'.
[  291.394071][ T9840] kAFS: unable to lookup cell ''
[  291.531180][ T9844] vivid-003: disconnect
[  291.781122][ T9839] /dev/sr0: Can't open blockdev
[  292.051857][ T9827] vivid-000: reconnect
[  292.590711][ T9852] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1077'.
[  292.793312][ T9853] kAFS: unable to lookup cell ''
[  292.998975][ T9855] vivid-001: disconnect
[  293.062018][ T9837] vivid-003: reconnect
[  293.328468][ T9856] bridge0: port 3(erspan0) entered blocking state
[  293.334456][ T9856] bridge0: port 3(erspan0) entered disabled state
[  293.352269][ T9856] erspan0: entered allmulticast mode
[  293.388331][ T9856] erspan0: entered promiscuous mode
[  293.584702][ T9861] CUSE: info not properly terminated
[  293.597174][ T9861] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1079'.
[  293.603430][ T9861] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1079'.
[  293.648712][ T9856] bridge0: port 3(erspan0) entered blocking state
[  293.651953][ T9856] bridge0: port 3(erspan0) entered forwarding state
[  293.687911][ T9851] vivid-001: reconnect
[  293.989517][ T2131] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  294.057553][ T9872] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1081'.
[  294.231019][ T2131] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  294.234673][ T2131] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.259154][ T2131] usb 6-1: Product: syz
[  294.260607][ T2131] usb 6-1: Manufacturer: syz
[  294.262364][ T2131] usb 6-1: SerialNumber: syz
[  294.343532][ T2131] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  294.436053][ T5810] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  294.672880][ T5951] usb 6-1: USB disconnect, device number 19
[  295.018734][ T9879] /dev/sr0: Can't open blockdev
[  295.084118][ T9885] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1085'.
[  295.164830][ T9886] kAFS: unable to lookup cell ''
[  295.222311][ T9887] vivid-001: disconnect
[  295.387594][ T9889] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1086'.
[  295.459087][ T9890] kAFS: unable to lookup cell ''
[  295.509215][ T5810] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  295.511830][ T5810] ath9k_htc: Failed to initialize the device
[  295.515075][ T5951] usb 6-1: ath9k_htc: USB layer deinitialized
[  295.573804][ T9892] vivid-000: disconnect
[  296.090817][ T9884] vivid-001: reconnect
[  296.155800][ T9894] netlink: 'syz.3.1087': attribute type 10 has an invalid length.
[  296.161834][ T9894] veth0_vlan: left promiscuous mode
[  296.166930][ T9894] veth0_vlan: entered promiscuous mode
[  296.174711][ T9894] team0: Device veth0_vlan failed to register rx_handler
[  296.535868][ T9888] vivid-000: reconnect
[  296.659458][ T9903] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1090'.
[  296.733799][ T9906] kAFS: unable to lookup cell ''
[  296.807963][ T9908] CUSE: info not properly terminated
[  296.815233][ T9908] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1091'.
[  296.820705][ T9908] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1091'.
[  297.068918][  T829] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  297.235064][  T829] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  297.249154][  T829] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  297.256555][  T829] usb 7-1: Product: syz
[  297.258169][  T829] usb 7-1: Manufacturer: syz
[  297.271362][  T829] usb 7-1: SerialNumber: syz
[  297.288157][  T829] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  297.361724][ T6381] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  297.566722][  T842] usb 7-1: USB disconnect, device number 21
[  298.303116][ T9913] bridge0: port 1(erspan0) entered blocking state
[  298.306983][ T9913] bridge0: port 1(erspan0) entered disabled state
[  298.310436][ T9913] erspan0: entered allmulticast mode
[  298.322722][ T9913] erspan0: entered promiscuous mode
[  298.330190][ T9913] bridge0: port 1(erspan0) entered blocking state
[  298.333245][ T9913] bridge0: port 1(erspan0) entered forwarding state
[  298.388938][ T6381] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  298.392380][ T6381] ath9k_htc: Failed to initialize the device
[  298.395495][  T842] usb 7-1: ath9k_htc: USB layer deinitialized
[  298.440310][ T9916] block nbd0: shutting down sockets
[  298.520791][ T9918] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1094'.
[  298.542191][ T9918] netlink: 'syz.0.1094': attribute type 10 has an invalid length.
[  298.545314][ T9918] veth0_vlan: left promiscuous mode
[  298.547763][ T9918] veth0_vlan: entered promiscuous mode
[  298.552226][ T9918] team0: Device veth0_vlan failed to register rx_handler
[  298.789763][ T9921] /dev/sr0: Can't open blockdev
[  298.938067][ T9926] FAULT_INJECTION: forcing a failure.
[  298.938067][ T9926] name fail_futex, interval 1, probability 0, space 0, times 1
[  298.944196][ T9926] CPU: 2 UID: 0 PID: 9926 Comm: syz.0.1096 Not tainted syzkaller #0 PREEMPT(full) 
[  298.944213][ T9926] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  298.944233][ T9926] Call Trace:
[  298.944238][ T9926]  <TASK>
[  298.944242][ T9926]  dump_stack_lvl+0x100/0x190
[  298.944265][ T9926]  should_fail_ex.cold+0x5/0xa
[  298.944278][ T9926]  get_futex_key+0x1d2/0x1620
[  298.944295][ T9926]  ? __pfx_get_futex_key+0x10/0x10
[  298.944318][ T9926]  futex_wait_setup+0x81/0x500
[  298.944354][ T9926]  __futex_wait+0x19f/0x300
[  298.944380][ T9926]  ? __pfx___futex_wait+0x10/0x10
[  298.944408][ T9926]  ? __pfx_futex_wake_mark+0x10/0x10
[  298.944432][ T9926]  ? _raw_spin_unlock_irq+0x23/0x50
[  298.944448][ T9926]  ? task_work_run+0x1e1/0x240
[  298.944472][ T9926]  futex_wait+0xed/0x380
[  298.944492][ T9926]  ? __pfx_futex_wait+0x10/0x10
[  298.944536][ T9926]  ? find_held_lock+0x2b/0x80
[  298.944552][ T9926]  ? ksys_write+0x190/0x250
[  298.944576][ T9926]  ? ksys_write+0x190/0x250
[  298.944602][ T9926]  do_futex+0x1ef/0x350
[  298.944623][ T9926]  ? __pfx_do_futex+0x10/0x10
[  298.944645][ T9926]  ? arch_do_signal_or_restart+0x1f9/0x770
[  298.944666][ T9926]  __ia32_sys_futex_time32+0x2f4/0x470
[  298.944693][ T9926]  ? __pfx___ia32_sys_futex_time32+0x10/0x10
[  298.944727][ T9926]  __do_fast_syscall_32+0xe3/0x8c0
[  298.944750][ T9926]  do_fast_syscall_32+0x32/0x70
[  298.944764][ T9926]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  298.944779][ T9926] RIP: 0023:0xf70cef6c
[  298.944789][ T9926] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  298.944799][ T9926] RSP: 002b:00000000f549c50c EFLAGS: 00000292 ORIG_RAX: 00000000000000f0
[  298.944810][ T9926] RAX: ffffffffffffffda RBX: 000000008000cffc RCX: 0000000000000000
[  298.944817][ T9926] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  298.944824][ T9926] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  298.944830][ T9926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  298.944836][ T9926] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  298.944851][ T9926]  </TASK>
[  299.069886][ T9929] netlink: 'syz.1.1097': attribute type 10 has an invalid length.
[  299.073803][ T9929] veth0_vlan: left promiscuous mode
[  299.077092][ T9929] veth0_vlan: entered promiscuous mode
[  299.085685][ T9929] team0: Device veth0_vlan failed to register rx_handler
[  299.166505][ T9933] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1098'.
[  299.282604][ T9937] kAFS: unable to lookup cell ''
[  299.291905][ T9938] CUSE: info not properly terminated
[  299.302830][ T9938] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1099'.
[  299.309648][ T9938] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1099'.
[  299.354348][ T9939] vivid-003: disconnect
[  299.549778][ T5810] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  299.702268][ T5810] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  299.706458][ T5810] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.710657][ T5810] usb 5-1: Product: syz
[  299.712771][ T5810] usb 5-1: Manufacturer: syz
[  299.715053][ T5810] usb 5-1: SerialNumber: syz
[  299.730188][ T5810] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  299.764199][ T5810] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  299.926258][ T9945] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1101'.
[  299.980706][ T9941] /dev/sr0: Can't open blockdev
[  300.131109][ T9932] vivid-003: reconnect
[  300.187456][ T5951] usb 5-1: USB disconnect, device number 18
[  300.435128][ T9950] FAULT_INJECTION: forcing a failure.
[  300.435128][ T9950] name failslab, interval 1, probability 0, space 0, times 0
[  300.441609][ T9950] CPU: 3 UID: 0 PID: 9950 Comm: syz.1.1103 Not tainted syzkaller #0 PREEMPT(full) 
[  300.441635][ T9950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  300.441645][ T9950] Call Trace:
[  300.441651][ T9950]  <TASK>
[  300.441658][ T9950]  dump_stack_lvl+0x100/0x190
[  300.441690][ T9950]  should_fail_ex.cold+0x5/0xa
[  300.441711][ T9950]  ? tomoyo_realpath_from_path+0xb6/0x690
[  300.441732][ T9950]  should_failslab+0xc2/0x120
[  300.441757][ T9950]  __kmalloc_noprof+0xe0/0x850
[  300.441790][ T9950]  tomoyo_realpath_from_path+0xb6/0x690
[  300.441816][ T9950]  tomoyo_path_number_perm+0x23c/0x580
[  300.441842][ T9950]  ? tomoyo_path_number_perm+0x22e/0x580
[  300.441871][ T9950]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  300.441925][ T9950]  ? find_held_lock+0x2b/0x80
[  300.441941][ T9950]  ? hook_file_ioctl_common+0x146/0x410
[  300.441969][ T9950]  ? __fget_files+0x215/0x3d0
[  300.442001][ T9950]  ? __fget_files+0x21f/0x3d0
[  300.442033][ T9950]  security_file_ioctl_compat+0xd3/0x230
[  300.442063][ T9950]  __ia32_compat_sys_ioctl+0xc2/0x360
[  300.442092][ T9950]  __do_fast_syscall_32+0xe3/0x8c0
[  300.442119][ T9950]  do_fast_syscall_32+0x32/0x70
[  300.442142][ T9950]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  300.442164][ T9950] RIP: 0023:0xf705ef6c
[  300.442179][ T9950] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  300.442196][ T9950] RSP: 002b:00000000f544d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  300.442213][ T9950] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0306201
[  300.442224][ T9950] RDX: 0000000080004a40 RSI: 0000000000000000 RDI: 0000000000000000
[  300.442234][ T9950] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  300.442244][ T9950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  300.442254][ T9950] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  300.442279][ T9950]  </TASK>
[  300.442287][ T9950] ERROR: Out of memory at tomoyo_realpath_from_path.
[  300.789064][ T5810] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  300.792824][ T5810] ath9k_htc: Failed to initialize the device
[  300.797611][ T5951] usb 5-1: ath9k_htc: USB layer deinitialized
[  300.989635][ T9958] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  300.993404][ T9958] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  300.997744][ T9958] vhci_hcd vhci_hcd.0: Device attached
[  301.052075][ T9962] syzkaller0: entered promiscuous mode
[  301.054221][ T9962] syzkaller0: entered allmulticast mode
[  301.111559][ T5944] block nbd2: Receive control failed (result -32)
[  301.112045][ T9951] block nbd2: shutting down sockets
[  301.247327][ T9964] syzkaller0: entered promiscuous mode
[  301.251041][ T9964] syzkaller0: entered allmulticast mode
[  301.259125][ T6381] usb 39-1: new low-speed USB device number 3 using vhci_hcd
[  301.392581][ T9970] CUSE: info not properly terminated
[  301.407747][ T9970] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1108'.
[  301.413004][ T9970] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1108'.
[  301.629512][ T9959] vhci_hcd: connection reset by peer
[  301.631684][  T196] vhci_hcd vhci_hcd.1: stop threads
[  301.634149][  T196] vhci_hcd vhci_hcd.1: release socket
[  301.636928][  T196] vhci_hcd vhci_hcd.1: disconnect device
[  301.661491][ T9972] veth1_macvtap: left promiscuous mode
[  301.671669][  T842] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  301.725375][ T9973] netlink: 'syz.2.1109': attribute type 1 has an invalid length.
[  301.832950][  T842] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  301.836923][  T842] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.840977][  T842] usb 8-1: Product: syz
[  301.842885][  T842] usb 8-1: Manufacturer: syz
[  301.844906][  T842] usb 8-1: SerialNumber: syz
[  301.855559][  T842] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  301.877389][ T9338] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  301.889459][ T9975] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1110'.
[  301.895276][ T9975] faux_driver vgem: [drm] Unknown color mode 65545; guessing buffer size.
[  302.058124][ T9978] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1111'.
[  302.175340][ T5810] usb 8-1: USB disconnect, device number 19
[  303.622429][ T9338] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  303.624922][ T9338] ath9k_htc: Failed to initialize the device
[  303.627385][ T5810] usb 8-1: ath9k_htc: USB layer deinitialized
[  303.864811][ T9994] syzkaller0: entered promiscuous mode
[  303.871801][ T9994] syzkaller0: entered allmulticast mode
[  304.060384][ T5944] block nbd0: Receive control failed (result -32)
[  304.060745][ T9991] block nbd0: shutting down sockets
[  304.332866][ T9999] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1118'.
[  304.413115][T10002] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1119'.
[  304.536235][T10002] netlink: 'syz.1.1119': attribute type 10 has an invalid length.
[  304.547943][T10002] veth0_vlan: left promiscuous mode
[  304.556708][T10002] veth0_vlan: entered promiscuous mode
[  304.563012][T10002] team0: Device veth0_vlan failed to register rx_handler
[  305.602898][T10018] CUSE: info not properly terminated
[  305.688511][T10019] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1121'.
[  305.694158][T10019] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1121'.
[  305.939191][ T2131] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  305.953883][T10024] syzkaller0: entered promiscuous mode
[  305.956608][T10024] syzkaller0: entered allmulticast mode
[  306.092101][ T2131] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  306.095177][ T2131] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  306.098094][ T2131] usb 7-1: Product: syz
[  306.100840][ T2131] usb 7-1: Manufacturer: syz
[  306.102811][ T2131] usb 7-1: SerialNumber: syz
[  306.107798][ T2131] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  306.117578][ T5810] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  306.379114][ T6381] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  306.463075][T10030] CUSE: info not properly terminated
[  306.471513][T10030] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1126'.
[  306.477228][T10030] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1126'.
[  306.480934][ T5951] usb 7-1: USB disconnect, device number 22
[  306.758721][  T842] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  307.008736][  T842] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  307.011992][  T842] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.014651][  T842] usb 8-1: Product: syz
[  307.016016][  T842] usb 8-1: Manufacturer: syz
[  307.017581][  T842] usb 8-1: SerialNumber: syz
[  307.561040][  T842] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  307.760476][ T9338] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  307.974941][   T54] usb 8-1: USB disconnect, device number 20
[  307.986589][ T5810] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  307.990487][ T5810] ath9k_htc: Failed to initialize the device
[  307.993915][ T5951] usb 7-1: ath9k_htc: USB layer deinitialized
[  308.788848][ T9338] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  308.792940][ T9338] ath9k_htc: Failed to initialize the device
[  308.796984][   T54] usb 8-1: ath9k_htc: USB layer deinitialized
[  309.078150][T10043] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1130'.
[  309.169320][T10044] kAFS: unable to lookup cell ''
[  309.230594][T10045] vivid-001: disconnect
[  309.353069][ T5944] block nbd1: Receive control failed (result -32)
[  309.359491][T10036] block nbd1: shutting down sockets
[  309.760682][T10053] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1133'.
[  310.004702][T10057] syzkaller0: entered promiscuous mode
[  310.006921][T10057] syzkaller0: entered allmulticast mode
[  310.182934][T10042] vivid-001: reconnect
[  311.055266][T10073] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1138'.
[  311.088381][T10073] netlink: 'syz.3.1138': attribute type 10 has an invalid length.
[  311.092240][T10073] veth0_vlan: left promiscuous mode
[  311.095716][T10073] veth0_vlan: entered promiscuous mode
[  311.100297][T10073] team0: Device veth0_vlan failed to register rx_handler
[  311.170838][T10074] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  311.173818][T10074] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  311.193876][T10074] vhci_hcd vhci_hcd.0: Device attached
[  311.230084][T10078] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1139'.
[  311.448820][   T34] usb 41-1: new low-speed USB device number 4 using vhci_hcd
[  311.930484][T10075] vhci_hcd: connection reset by peer
[  311.933820][   T13] vhci_hcd vhci_hcd.2: stop threads
[  311.937709][   T13] vhci_hcd vhci_hcd.2: release socket
[  311.941311][   T13] vhci_hcd vhci_hcd.2: disconnect device
[  312.565017][T10092] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1143'.
[  312.612037][T10092] netlink: 'syz.3.1143': attribute type 10 has an invalid length.
[  312.616248][T10092] veth0_vlan: left promiscuous mode
[  312.620055][T10092] veth0_vlan: entered promiscuous mode
[  312.624456][T10092] team0: Device veth0_vlan failed to register rx_handler
[  312.655029][T10090] syzkaller0: entered promiscuous mode
[  312.657570][T10090] syzkaller0: entered allmulticast mode
[  312.686908][T10094] syzkaller0: entered promiscuous mode
[  312.689568][T10094] syzkaller0: entered allmulticast mode
[  312.778884][T10096] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1145'.
[  313.974632][T10108] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  313.976842][T10108] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  313.980124][T10108] vhci_hcd vhci_hcd.0: Device attached
[  314.003941][T10113] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1149'.
[  314.218857][   T54] usb 39-1: new low-speed USB device number 4 using vhci_hcd
[  314.242238][T10114] /dev/sr0: Can't open blockdev
[  314.490150][T10121] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1150'.
[  314.570571][T10122] kAFS: unable to lookup cell ''
[  314.686582][T10124] vivid-000: disconnect
[  314.778494][T10109] vhci_hcd: connection reset by peer
[  314.782032][  T762] vhci_hcd vhci_hcd.1: stop threads
[  314.784350][  T762] vhci_hcd vhci_hcd.1: release socket
[  314.786358][  T762] vhci_hcd vhci_hcd.1: disconnect device
[  315.378142][T10120] vivid-000: reconnect
[  315.412580][T10128] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1152'.
[  315.444806][T10126] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1151'.
[  315.513819][T10129] kAFS: unable to lookup cell ''
[  315.577753][T10131] vivid-001: disconnect
[  316.415158][T10144] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1155'.
[  316.474651][T10127] vivid-001: reconnect
[  316.549087][   T34] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  317.600253][T10157] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  317.602721][T10157] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  317.629110][T10157] vhci_hcd vhci_hcd.0: Device attached
[  317.889231][ T5810] usb 37-1: new low-speed USB device number 5 using vhci_hcd
[  318.350259][T10170] /dev/sr0: Can't open blockdev
[  319.275707][T10182] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1161'.
[  319.346451][   T54] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  319.402228][T10158] vhci_hcd: connection reset by peer
[  319.405914][   T12] vhci_hcd vhci_hcd.0: stop threads
[  319.409796][   T12] vhci_hcd vhci_hcd.0: release socket
[  319.412662][   T12] vhci_hcd vhci_hcd.0: disconnect device
[  319.810833][T10186] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1163'.
[  319.937743][T10188] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  319.939938][T10188] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  319.973416][T10188] vhci_hcd vhci_hcd.0: Device attached
[  320.229443][  T829] usb 43-1: new low-speed USB device number 2 using vhci_hcd
[  320.410946][T10189] vhci_hcd: connection reset by peer
[  320.414131][ T1149] vhci_hcd vhci_hcd.3: stop threads
[  320.416425][ T1149] vhci_hcd vhci_hcd.3: release socket
[  320.422116][ T1149] vhci_hcd vhci_hcd.3: disconnect device
[  320.824302][T10194] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1172'.
[  320.838802][T10194] netlink: 'syz.0.1172': attribute type 10 has an invalid length.
[  320.842558][T10194] veth0_vlan: left promiscuous mode
[  320.845686][T10194] veth0_vlan: entered promiscuous mode
[  320.849930][T10194] team0: Device veth0_vlan failed to register rx_handler
[  320.865034][T10196] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1164'.
[  320.910130][T10198] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1165'.
[  320.959773][T10201] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1166'.
[  321.029272][T10199] kAFS: unable to lookup cell ''
[  321.083517][T10203] vivid-000: disconnect
[  321.201122][T10205] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1167'.
[  321.811402][T10206] kAFS: unable to lookup cell ''
[  321.813904][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  321.816167][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  321.914659][T10195] vivid-000: reconnect
[  321.934924][T10208] vivid-003: disconnect
[  322.359880][T10204] vivid-003: reconnect
[  322.421718][T10214] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  322.423820][T10214] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  322.430470][T10214] vhci_hcd vhci_hcd.0: Device attached
[  322.746457][   T54] usb 41-1: new low-speed USB device number 5 using vhci_hcd
[  322.910075][T10225] /dev/sr0: Can't open blockdev
[  322.970483][T10231] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  322.972842][T10231] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  322.986299][T10231] vhci_hcd vhci_hcd.0: Device attached
[  323.029132][ T5810] vhci_hcd vhci_hcd.0: vhci_device speed not set
[  323.168864][T10235] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1174'.
[  323.219079][   T34] usb 39-1: new low-speed USB device number 5 using vhci_hcd
[  323.457479][T10216] vhci_hcd: connection reset by peer
[  323.459980][   T13] vhci_hcd vhci_hcd.2: stop threads
[  323.462098][   T13] vhci_hcd vhci_hcd.2: release socket
[  323.464153][   T13] vhci_hcd vhci_hcd.2: disconnect device
[  323.590494][T10232] vhci_hcd: connection reset by peer
[  323.593304][ T1250] vhci_hcd vhci_hcd.1: stop threads
[  323.595012][ T1250] vhci_hcd vhci_hcd.1: release socket
[  323.596815][ T1250] vhci_hcd vhci_hcd.1: disconnect device
[  323.693144][T10240] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1175'.
[  323.711589][T10240] netlink: 'syz.0.1175': attribute type 10 has an invalid length.
[  323.715478][T10240] veth0_vlan: left promiscuous mode
[  323.719013][T10240] veth0_vlan: entered promiscuous mode
[  323.723559][T10240] team0: Device veth0_vlan failed to register rx_handler
[  324.192327][T10242] block nbd0: shutting down sockets
[  324.342052][T10251] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  324.345005][T10251] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  324.356260][T10248] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1178'.
[  324.542334][T10251] vhci_hcd vhci_hcd.0: Device attached
[  324.661413][T10248] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1178'.
[  325.174400][T10252] vhci_hcd: connection closed
[  325.174660][  T762] vhci_hcd vhci_hcd.2: stop threads
[  325.180482][  T762] vhci_hcd vhci_hcd.2: release socket
[  325.182971][  T762] vhci_hcd vhci_hcd.2: disconnect device
[  325.338973][  T829] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  325.488034][T10270] CUSE: info not properly terminated
[  325.501628][T10270] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1182'.
[  325.778901][ T5951] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  325.803743][T10279] netlink: 'syz.2.1184': attribute type 10 has an invalid length.
[  325.806873][T10279] veth0_vlan: left promiscuous mode
[  325.810191][T10279] veth0_vlan: entered promiscuous mode
[  325.813049][T10279] team0: Device veth0_vlan failed to register rx_handler
[  325.824566][T10281] FAULT_INJECTION: forcing a failure.
[  325.824566][T10281] name failslab, interval 1, probability 0, space 0, times 0
[  325.830245][T10281] CPU: 1 UID: 0 PID: 10281 Comm: syz.1.1185 Not tainted syzkaller #0 PREEMPT(full) 
[  325.830271][T10281] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  325.830281][T10281] Call Trace:
[  325.830289][T10281]  <TASK>
[  325.830296][T10281]  dump_stack_lvl+0x100/0x190
[  325.830328][T10281]  should_fail_ex.cold+0x5/0xa
[  325.830348][T10281]  ? do_ip_setsockopt+0x1770/0x3200
[  325.830371][T10281]  should_failslab+0xc2/0x120
[  325.830392][T10281]  __kmalloc_noprof+0xe0/0x850
[  325.830415][T10281]  ? __local_bh_enable_ip+0x9e/0x120
[  325.830432][T10281]  ? lockdep_hardirqs_on+0x78/0x100
[  325.830447][T10281]  do_ip_setsockopt+0x1770/0x3200
[  325.830467][T10281]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  325.830485][T10281]  ? aa_sk_perm+0x309/0xaa0
[  325.830503][T10281]  ? ksys_write+0x190/0x250
[  325.830522][T10281]  ? __pfx_aa_sk_perm+0x10/0x10
[  325.830544][T10281]  ip_setsockopt+0x5a/0xf0
[  325.830562][T10281]  raw_setsockopt+0x60/0x1b0
[  325.830578][T10281]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  325.830597][T10281]  do_sock_setsockopt+0xf3/0x1d0
[  325.830614][T10281]  __sys_setsockopt+0x119/0x190
[  325.830630][T10281]  __ia32_sys_setsockopt+0xbc/0x160
[  325.830642][T10281]  ? __do_fast_syscall_32+0x94/0x8c0
[  325.830657][T10281]  ? lockdep_hardirqs_on+0x78/0x100
[  325.830669][T10281]  __do_fast_syscall_32+0xe3/0x8c0
[  325.830685][T10281]  do_fast_syscall_32+0x32/0x70
[  325.830700][T10281]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  325.830715][T10281] RIP: 0023:0xf705ef6c
[  325.830725][T10281] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  325.830736][T10281] RSP: 002b:00000000f544d50c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  325.830747][T10281] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  325.830754][T10281] RDX: 0000000000000030 RSI: 0000000080016680 RDI: 000000000000008c
[  325.830761][T10281] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  325.830767][T10281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  325.830774][T10281] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  325.830788][T10281]  </TASK>
[  325.939657][T10277] /dev/sr0: Can't open blockdev
[  325.965942][ T5951] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  325.969769][ T5951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  325.973018][ T5951] usb 5-1: Product: syz
[  325.974939][ T5951] usb 5-1: Manufacturer: syz
[  325.976858][ T5951] usb 5-1: SerialNumber: syz
[  325.990153][ T5951] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  326.017480][   T39] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  326.248847][T10290] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  326.251038][T10290] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  326.254195][T10290] vhci_hcd vhci_hcd.0: Device attached
[  326.307021][ T2131] usb 5-1: USB disconnect, device number 19
[  326.328661][T10293] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  326.330813][T10293] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  326.337567][T10293] vhci_hcd vhci_hcd.0: Device attached
[  326.653660][T10302] block nbd3: shutting down sockets
[  327.149395][   T39] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  327.151901][   T39] ath9k_htc: Failed to initialize the device
[  327.154951][T10307] __nla_validate_parse: 2 callbacks suppressed
[  327.154967][T10307] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1189'.
[  327.187810][ T2131] usb 5-1: ath9k_htc: USB layer deinitialized
[  327.211217][T10291] vhci_hcd: connection closed
[  327.211468][ T1250] vhci_hcd vhci_hcd.2: stop threads
[  327.214825][ T1250] vhci_hcd vhci_hcd.2: release socket
[  327.218159][ T1250] vhci_hcd vhci_hcd.2: disconnect device
[  327.269886][T10294] vhci_hcd: connection closed
[  327.271301][  T762] vhci_hcd vhci_hcd.1: stop threads
[  327.276082][  T762] vhci_hcd vhci_hcd.1: release socket
[  327.279059][  T762] vhci_hcd vhci_hcd.1: disconnect device
[  327.902699][T10312] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1190'.
[  328.001034][   T54] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  328.101750][T10316] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1192'.
[  328.172872][T10317] kAFS: unable to lookup cell ''
[  328.264192][T10319] vivid-003: disconnect
[  328.298854][   T34] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  329.111925][T10323] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  329.114100][T10323] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  329.124412][T10323] vhci_hcd vhci_hcd.0: Device attached
[  329.369335][   T24] usb 37-1: new low-speed USB device number 6 using vhci_hcd
[  329.677214][T10315] vivid-003: reconnect
[  329.750059][T10324] vhci_hcd: connection reset by peer
[  329.752549][   T13] vhci_hcd vhci_hcd.0: stop threads
[  329.754436][   T13] vhci_hcd vhci_hcd.0: release socket
[  329.756297][   T13] vhci_hcd vhci_hcd.0: disconnect device
[  330.056414][T10337] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1197'.
[  330.090735][T10335] syz.2.1196 (10335): /proc/10333/oom_adj is deprecated, please use /proc/10333/oom_score_adj instead.
[  330.131291][T10341] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1198'.
[  330.261772][T10335] e1000e 0000:00:02.0 eth1: NIC Link is Down
[  330.275945][T10341] kAFS: unable to lookup cell ''
[  330.333898][T10347] vivid-003: disconnect
[  330.406367][T10349] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1199'.
[  330.452695][T10349] netlink: 'syz.3.1199': attribute type 10 has an invalid length.
[  330.452804][T10351] FAULT_INJECTION: forcing a failure.
[  330.452804][T10351] name failslab, interval 1, probability 0, space 0, times 0
[  330.457222][T10349] veth0_vlan: left promiscuous mode
[  330.461497][T10351] CPU: 0 UID: 0 PID: 10351 Comm: syz.0.1200 Not tainted syzkaller #0 PREEMPT(full) 
[  330.461521][T10351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  330.461538][T10351] Call Trace:
[  330.461545][T10351]  <TASK>
[  330.461551][T10351]  dump_stack_lvl+0x100/0x190
[  330.461582][T10351]  should_fail_ex.cold+0x5/0xa
[  330.461602][T10351]  ? tomoyo_realpath_from_path+0xb6/0x690
[  330.461621][T10351]  should_failslab+0xc2/0x120
[  330.461639][T10351]  __kmalloc_noprof+0xe0/0x850
[  330.461668][T10351]  tomoyo_realpath_from_path+0xb6/0x690
[  330.461685][T10351]  tomoyo_path_number_perm+0x23c/0x580
[  330.461703][T10351]  ? tomoyo_path_number_perm+0x22e/0x580
[  330.461723][T10351]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  330.461756][T10351]  ? find_held_lock+0x2b/0x80
[  330.461768][T10351]  ? hook_file_ioctl_common+0x146/0x410
[  330.461787][T10351]  ? __fget_files+0x215/0x3d0
[  330.461809][T10351]  ? __fget_files+0x21f/0x3d0
[  330.461829][T10351]  security_file_ioctl_compat+0xd3/0x230
[  330.461850][T10351]  __ia32_compat_sys_ioctl+0xc2/0x360
[  330.461869][T10351]  __do_fast_syscall_32+0xe3/0x8c0
[  330.461893][T10351]  do_fast_syscall_32+0x32/0x70
[  330.461914][T10351]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  330.461936][T10351] RIP: 0023:0xf70cef6c
[  330.461949][T10351] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  330.461960][T10351] RSP: 002b:00000000f54bd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  330.461972][T10351] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c048aeca
[  330.461979][T10351] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[  330.461986][T10351] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  330.461993][T10351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  330.461999][T10351] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  330.462019][T10351]  </TASK>
[  330.462026][T10351] ERROR: Out of memory at tomoyo_realpath_from_path.
[  330.547333][T10349] veth0_vlan: entered promiscuous mode
[  330.564392][T10349] team0: Device veth0_vlan failed to register rx_handler
[  331.101752][T10364] CUSE: info not properly terminated
[  331.143804][T10364] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1202'.
[  331.161274][T10364] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1202'.
[  331.270085][T10368] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1203'.
[  331.290177][T10340] vivid-003: reconnect
[  331.399132][T10370] kAFS: unable to lookup cell ''
[  331.522387][T10372] vivid-000: disconnect
[  331.548686][ T9338] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  331.733357][ T9338] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  331.736705][ T9338] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.740950][ T9338] usb 8-1: Product: syz
[  331.742446][ T9338] usb 8-1: Manufacturer: syz
[  331.744440][ T9338] usb 8-1: SerialNumber: syz
[  331.751675][ T9338] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  331.769769][ T9338] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  331.896600][T10375] CUSE: info not properly terminated
[  331.925458][T10375] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1204'.
[  332.067710][   T10] usb 8-1: USB disconnect, device number 21
[  332.225211][   T54] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  332.263877][T10367] vivid-000: reconnect
[  332.563557][   T54] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  332.568414][   T54] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.572401][   T54] usb 6-1: Product: syz
[  332.574811][   T54] usb 6-1: Manufacturer: syz
[  332.577313][   T54] usb 6-1: SerialNumber: syz
[  332.601586][   T54] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  332.622869][ T7378] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  332.798760][ T9338] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  332.801352][ T9338] ath9k_htc: Failed to initialize the device
[  332.803629][   T10] usb 8-1: ath9k_htc: USB layer deinitialized
[  332.897657][   T54] usb 6-1: USB disconnect, device number 20
[  333.209762][T10400] __nla_validate_parse: 1 callbacks suppressed
[  333.209782][T10400] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1207'.
[  333.668775][ T7378] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  333.673115][ T7378] ath9k_htc: Failed to initialize the device
[  333.677914][   T54] usb 6-1: ath9k_htc: USB layer deinitialized
[  333.762083][T10410] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  333.764239][T10410] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  333.767240][T10410] vhci_hcd vhci_hcd.0: Device attached
[  334.009451][ T5810] usb 41-1: new low-speed USB device number 6 using vhci_hcd
[  334.082835][T10417] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1210'.
[  334.095809][T10417] netlink: 'syz.3.1210': attribute type 10 has an invalid length.
[  334.099653][T10417] veth0_vlan: left promiscuous mode
[  334.103343][T10417] veth0_vlan: entered promiscuous mode
[  334.111797][T10417] team0: Device veth0_vlan failed to register rx_handler
[  334.182243][T10420] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1211'.
[  334.211192][T10420] netlink: 'syz.3.1211': attribute type 10 has an invalid length.
[  334.214552][T10420] veth0_vlan: left promiscuous mode
[  334.217528][T10420] veth0_vlan: entered promiscuous mode
[  334.221322][T10420] team0: Device veth0_vlan failed to register rx_handler
[  334.295547][T10423] FAULT_INJECTION: forcing a failure.
[  334.295547][T10423] name failslab, interval 1, probability 0, space 0, times 0
[  334.303370][T10423] CPU: 3 UID: 0 PID: 10423 Comm: syz.3.1212 Not tainted syzkaller #0 PREEMPT(full) 
[  334.303396][T10423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  334.303408][T10423] Call Trace:
[  334.303414][T10423]  <TASK>
[  334.303421][T10423]  dump_stack_lvl+0x100/0x190
[  334.303460][T10423]  should_fail_ex.cold+0x5/0xa
[  334.303481][T10423]  ? tomoyo_realpath_from_path+0xb6/0x690
[  334.303502][T10423]  should_failslab+0xc2/0x120
[  334.303522][T10423]  __kmalloc_noprof+0xe0/0x850
[  334.303552][T10423]  tomoyo_realpath_from_path+0xb6/0x690
[  334.303579][T10423]  tomoyo_path_number_perm+0x23c/0x580
[  334.303603][T10423]  ? tomoyo_path_number_perm+0x22e/0x580
[  334.303631][T10423]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  334.303678][T10423]  ? find_held_lock+0x2b/0x80
[  334.303694][T10423]  ? hook_file_ioctl_common+0x146/0x410
[  334.303721][T10423]  ? __fget_files+0x215/0x3d0
[  334.303753][T10423]  ? __fget_files+0x21f/0x3d0
[  334.303784][T10423]  security_file_ioctl_compat+0xd3/0x230
[  334.303814][T10423]  __ia32_compat_sys_ioctl+0xc2/0x360
[  334.303842][T10423]  __do_fast_syscall_32+0xe3/0x8c0
[  334.303869][T10423]  do_fast_syscall_32+0x32/0x70
[  334.303892][T10423]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  334.303915][T10423] RIP: 0023:0xf7fd8f6c
[  334.303929][T10423] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  334.303946][T10423] RSP: 002b:00000000f549650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  334.303963][T10423] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201
[  334.303972][T10423] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000
[  334.303997][T10423] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  334.304008][T10423] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  334.304018][T10423] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  334.304043][T10423]  </TASK>
[  334.305296][T10423] ERROR: Out of memory at tomoyo_realpath_from_path.
[  334.399106][T10423] binder: 10422:10423 ioctl c0306201 800001c0 returned -22
[  334.443395][T10411] vhci_hcd: connection reset by peer
[  334.445812][  T105] vhci_hcd vhci_hcd.2: stop threads
[  334.448052][  T105] vhci_hcd vhci_hcd.2: release socket
[  334.450613][  T105] vhci_hcd vhci_hcd.2: disconnect device
[  334.459138][   T24] vhci_hcd vhci_hcd.0: vhci_device speed not set
[  334.560400][T10426] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1213'.
[  334.850986][T10429] kAFS: unable to lookup cell ''
[  335.153602][T10435] vivid-001: disconnect
[  335.310708][T10436] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  335.313286][T10436] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  335.317277][T10436] vhci_hcd vhci_hcd.0: Device attached
[  335.476738][T10440] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1216'.
[  335.521742][T10424] vivid-001: reconnect
[  335.578837][   T10] usb 39-1: new low-speed USB device number 6 using vhci_hcd
[  335.981878][T10437] vhci_hcd: connection reset by peer
[  335.988665][   T13] vhci_hcd vhci_hcd.1: stop threads
[  335.992203][   T13] vhci_hcd vhci_hcd.1: release socket
[  335.994498][   T13] vhci_hcd vhci_hcd.1: disconnect device
[  336.019252][T10448] block nbd0: shutting down sockets
[  336.033395][T10449] CUSE: info not properly terminated
[  336.047336][T10449] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1217'.
[  336.057201][T10449] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1217'.
[  336.499945][   T54] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  336.845300][   T54] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  336.849359][   T54] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  336.853206][   T54] usb 7-1: Product: syz
[  336.854708][   T54] usb 7-1: Manufacturer: syz
[  336.856638][   T54] usb 7-1: SerialNumber: syz
[  336.926078][   T54] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  336.978271][   T54] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  337.279146][ T6025] usb 7-1: USB disconnect, device number 23
[  337.440646][   T40] kauditd_printk_skb: 28 callbacks suppressed
[  337.440657][   T40] audit: type=1326 audit(1772472359.173:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.1.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000
[  337.450300][   T40] audit: type=1326 audit(1772472359.183:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.1.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000
[  337.457919][   T40] audit: type=1326 audit(1772472359.183:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.1.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=399 compat=1 ip=0xf705ef6c code=0x7ffc0000
[  337.467106][   T40] audit: type=1326 audit(1772472359.193:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.1.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000
[  337.474050][   T40] audit: type=1326 audit(1772472359.193:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.1.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000
[  337.481843][   T40] audit: type=1326 audit(1772472359.193:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.1.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf705ef6c code=0x7ffc0000
[  337.490134][   T40] audit: type=1326 audit(1772472359.193:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.1.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000
[  337.498975][   T40] audit: type=1326 audit(1772472359.193:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.1.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf705ef6c code=0x7ffc0000
[  337.506144][   T40] audit: type=1326 audit(1772472359.193:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.1.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000
[  337.513819][   T40] audit: type=1326 audit(1772472359.193:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.1.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf705ef6c code=0x7ffc0000
[  337.961882][T10473] CUSE: info not properly terminated
[  337.972142][T10473] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1223'.
[  337.981910][T10473] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1223'.
[  338.079348][   T54] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  338.082824][   T54] ath9k_htc: Failed to initialize the device
[  338.086046][ T6025] usb 7-1: ath9k_htc: USB layer deinitialized
[  338.218794][   T24] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  338.582289][   T24] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  338.586505][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  338.590928][   T24] usb 5-1: Product: syz
[  338.593044][   T24] usb 5-1: Manufacturer: syz
[  338.595258][   T24] usb 5-1: SerialNumber: syz
[  338.617665][   T24] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  338.673536][ T2131] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  338.727781][T10480] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1225'.
[  338.918748][ T6025] usb 5-1: USB disconnect, device number 20
[  339.046166][T10488] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1226'.
[  339.148864][ T5810] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  339.270241][T10489] /dev/sr0: Can't open blockdev
[  339.368519][T10492] block nbd3: shutting down sockets
[  339.436853][T10495] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1229'.
[  339.505145][T10499] kAFS: unable to lookup cell ''
[  339.631863][T10503] vivid-002: disconnect
[  339.679878][T10497] /dev/sr0: Can't open blockdev
[  339.749384][ T2131] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  339.752533][ T2131] ath9k_htc: Failed to initialize the device
[  339.769174][T10505] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1230'.
[  339.909683][T10507] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1231'.
[  339.937183][T10507] netlink: 'syz.1.1231': attribute type 10 has an invalid length.
[  339.942826][T10507] veth0_vlan: left promiscuous mode
[  339.945732][T10507] veth0_vlan: entered promiscuous mode
[  339.950569][T10507] team0: Device veth0_vlan failed to register rx_handler
[  340.037627][T10508] kAFS: unable to lookup cell ''
[  340.264664][T10514] vivid-000: disconnect
[  340.361062][ T6025] usb 5-1: ath9k_htc: USB layer deinitialized
[  340.585655][T10494] vivid-002: reconnect
[  340.829135][   T10] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  341.258055][T10504] vivid-000: reconnect
[  341.264603][T10520] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1234'.
[  341.500113][T10524] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1235'.
[  341.975800][T10531] CUSE: info not properly terminated
[  341.998749][T10531] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1236'.
[  342.006242][T10531] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1236'.
[  342.142339][T10535] block nbd1: shutting down sockets
[  342.260261][ T5810] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  342.461725][ T5810] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  342.473012][ T5810] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  342.475669][ T5810] usb 8-1: Product: syz
[  342.477053][ T5810] usb 8-1: Manufacturer: syz
[  342.480705][ T5810] usb 8-1: SerialNumber: syz
[  342.490438][ T5810] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  342.510747][ T5810] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  342.774671][   T10] usb 8-1: USB disconnect, device number 22
[  342.821178][T10538] /dev/sr0: Can't open blockdev
[  342.944648][   T40] kauditd_printk_skb: 2 callbacks suppressed
[  342.944669][   T40] audit: type=1326 audit(1772472364.673:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10542 comm="syz.2.1241" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f93f6c code=0x0
[  343.047139][T10551] CUSE: info not properly terminated
[  343.073475][T10551] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1242'.
[  343.196738][T10556] netlink: 'syz.2.1244': attribute type 10 has an invalid length.
[  343.200410][T10556] veth0_vlan: left promiscuous mode
[  343.202861][T10556] veth0_vlan: entered promiscuous mode
[  343.206917][T10556] team0: Device veth0_vlan failed to register rx_handler
[  343.338716][ T9338] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  343.507812][ T9338] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  343.523972][ T9338] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.531056][ T9338] usb 6-1: Product: syz
[  343.535248][ T9338] usb 6-1: Manufacturer: syz
[  343.539148][ T9338] usb 6-1: SerialNumber: syz
[  343.591951][ T5810] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  343.597667][ T5810] ath9k_htc: Failed to initialize the device
[  343.699076][   T10] usb 8-1: ath9k_htc: USB layer deinitialized
[  343.735552][ T9338] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  343.825822][ T9338] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  344.084772][ T7378] usb 6-1: USB disconnect, device number 21
[  344.708366][T10570] __nla_validate_parse: 3 callbacks suppressed
[  344.708382][T10570] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1246'.
[  344.817635][T10572] kAFS: unable to lookup cell ''
[  344.969855][T10574] vivid-002: disconnect
[  345.397116][ T9338] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  345.864737][T10569] vivid-002: reconnect
[  345.866855][ T9338] ath9k_htc: Failed to initialize the device
[  345.871862][ T7378] usb 6-1: ath9k_htc: USB layer deinitialized
[  345.897486][T10576] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1247'.
[  346.001170][T10577] kAFS: unable to lookup cell ''
[  346.009769][T10579] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1248'.
[  346.046399][T10579] netlink: 'syz.1.1248': attribute type 10 has an invalid length.
[  346.051670][T10579] veth0_vlan: left promiscuous mode
[  346.054148][T10579] veth0_vlan: entered promiscuous mode
[  346.057374][T10579] team0: Device veth0_vlan failed to register rx_handler
[  346.102339][T10582] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1258'.
[  346.131389][T10583] vivid-001: disconnect
[  347.040705][T10575] vivid-001: reconnect
[  347.210044][T10591] /dev/sr0: Can't open blockdev
[  347.451691][   T40] audit: type=1326 audit(1772472369.183:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10596 comm="syz.0.1251" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x0
[  347.460676][T10604] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1254'.
[  347.474349][T10604] netlink: 'syz.2.1254': attribute type 10 has an invalid length.
[  347.477276][T10604] veth0_vlan: left promiscuous mode
[  347.481328][T10604] veth0_vlan: entered promiscuous mode
[  347.484780][T10604] team0: Device veth0_vlan failed to register rx_handler
[  347.506267][T10606] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1256'.
[  347.671100][T10610] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1259'.
[  347.685578][T10610] kAFS: unable to lookup cell ''
[  347.707340][T10608] kAFS: unable to lookup cell ''
[  347.791907][T10614] vivid-003: disconnect
[  348.170790][T10616] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1260'.
[  348.251521][T10619] kAFS: unable to lookup cell ''
[  348.370053][T10622] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1261'.
[  348.406906][T10623] vivid-001: disconnect
[  348.784536][T10609] vivid-003: reconnect
[  349.036954][T10625] random: crng reseeded on system resumption
[  349.331367][T10636] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1265'.
[  349.366698][T10615] vivid-001: reconnect
[  349.401981][T10634] capability: warning: `syz.3.1263' uses 32-bit capabilities (legacy support in use)
[  349.489376][T10638] kAFS: unable to lookup cell ''
[  349.491405][T10638] vivid-000: disconnect
[  349.581318][T10632] /dev/sr0: Can't open blockdev
[  349.918905][T10645] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1267'.
[  350.027818][T10646] kAFS: unable to lookup cell ''
[  350.032398][T10646] vivid-003: disconnect
[  350.395721][T10633] vivid-000: reconnect
[  350.668471][T10656] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1271'.
[  350.723840][T10656] kAFS: unable to lookup cell ''
[  350.797988][T10658] Invalid/unusable pipe
[  350.829396][T10663] vivid-002: disconnect
[  350.908060][T10665] random: crng reseeded on system resumption
[  351.016754][T10644] vivid-003: reconnect
[  351.291657][T10673] FAULT_INJECTION: forcing a failure.
[  351.291657][T10673] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  351.298160][T10673] CPU: 3 UID: 0 PID: 10673 Comm: syz.1.1274 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  351.298206][T10673] Tainted: [L]=SOFTLOCKUP
[  351.298212][T10673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  351.298223][T10673] Call Trace:
[  351.298234][T10673]  <TASK>
[  351.298242][T10673]  dump_stack_lvl+0x100/0x190
[  351.298277][T10673]  should_fail_ex.cold+0x5/0xa
[  351.298301][T10673]  _copy_from_user+0x2e/0xd0
[  351.298334][T10673]  do_ip_vs_set_ctl+0x526/0x10c0
[  351.298370][T10673]  ? __pfx_do_ip_vs_set_ctl+0x10/0x10
[  351.298397][T10673]  ? trace_contention_end+0x140/0x180
[  351.298425][T10673]  ? __mutex_lock+0x26a/0x1b90
[  351.298451][T10673]  ? nf_sockopt_find.isra.0+0x222/0x290
[  351.298477][T10673]  ? nf_sockopt_find.isra.0+0x222/0x290
[  351.298508][T10673]  ? __mutex_unlock_slowpath+0x15c/0x790
[  351.298554][T10673]  ? nf_setsockopt+0x8d/0xf0
[  351.298598][T10673]  nf_setsockopt+0x8d/0xf0
[  351.298626][T10673]  ip_setsockopt+0xcb/0xf0
[  351.298656][T10673]  tcp_setsockopt+0xa7/0x100
[  351.298679][T10673]  smc_setsockopt+0x1b6/0xa10
[  351.298706][T10673]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  351.298736][T10673]  ? __pfx_smc_setsockopt+0x10/0x10
[  351.298766][T10673]  ? aa_sock_opt_perm+0xfe/0x1b0
[  351.298792][T10673]  ? __pfx_smc_setsockopt+0x10/0x10
[  351.298821][T10673]  do_sock_setsockopt+0xf3/0x1d0
[  351.298850][T10673]  __sys_setsockopt+0x119/0x190
[  351.298876][T10673]  __ia32_sys_setsockopt+0xbc/0x160
[  351.298897][T10673]  ? __do_fast_syscall_32+0x94/0x8c0
[  351.298920][T10673]  ? lockdep_hardirqs_on+0x78/0x100
[  351.298942][T10673]  __do_fast_syscall_32+0xe3/0x8c0
[  351.298973][T10673]  do_fast_syscall_32+0x32/0x70
[  351.298997][T10673]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  351.299021][T10673] RIP: 0023:0xf705ef6c
[  351.299037][T10673] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  351.299055][T10673] RSP: 002b:00000000f542c50c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  351.299073][T10673] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 0000000000000000
[  351.299085][T10673] RDX: 000000000000048c RSI: 0000000080000180 RDI: 0000000000000018
[  351.299095][T10673] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  351.299106][T10673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  351.299116][T10673] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  351.299140][T10673]  </TASK>
[  351.513418][T10655] vivid-002: reconnect
[  351.666062][T10681] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1276'.
[  351.730444][T10676] /dev/sr0: Can't open blockdev
[  352.754191][T10694] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1280'.
[  352.824924][T10695] kAFS: unable to lookup cell ''
[  352.945760][T10698] vivid-000: disconnect
[  353.258830][T10706] CUSE: info not properly terminated
[  353.265286][T10706] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1282'.
[  353.307816][T10706] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1282'.
[  353.569417][   T24] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  353.693755][T10693] vivid-000: reconnect
[  353.732616][   T24] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  353.751881][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  353.755196][   T24] usb 8-1: Product: syz
[  353.759484][T10709] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1284'.
[  353.765820][   T24] usb 8-1: Manufacturer: syz
[  353.767812][   T24] usb 8-1: SerialNumber: syz
[  353.806295][   T24] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  353.883859][ T5810] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  353.977898][T10718] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1287'.
[  354.107102][   T24] usb 8-1: USB disconnect, device number 23
[  354.220027][T10713] /dev/sr0: Can't open blockdev
[  354.403231][T10730] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1290'.
[  354.417178][T10725] bridge0: port 3(erspan0) entered blocking state
[  354.420890][T10725] bridge0: port 3(erspan0) entered disabled state
[  354.424089][T10725] erspan0: entered allmulticast mode
[  354.433379][T10725] erspan0: entered promiscuous mode
[  354.436443][T10725] bridge0: port 3(erspan0) entered blocking state
[  354.438980][T10725] bridge0: port 3(erspan0) entered forwarding state
[  354.521700][T10731] kAFS: unable to lookup cell ''
[  354.949283][ T5810] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  354.951940][ T5810] ath9k_htc: Failed to initialize the device
[  355.119359][   T24] usb 8-1: ath9k_htc: USB layer deinitialized
[  355.298312][T10733] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1291'.
[  355.317444][T10735] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1292'.
[  355.407682][T10737] kAFS: unable to lookup cell ''
[  355.421585][T10737] vivid-003: disconnect
[  356.454147][T10734] vivid-003: reconnect
[  356.503118][T10745] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1294'.
[  356.661098][T10751] FAULT_INJECTION: forcing a failure.
[  356.661098][T10751] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  356.665703][T10751] CPU: 1 UID: 0 PID: 10751 Comm: syz.1.1295 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  356.665722][T10751] Tainted: [L]=SOFTLOCKUP
[  356.665726][T10751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  356.665733][T10751] Call Trace:
[  356.665738][T10751]  <TASK>
[  356.665742][T10751]  dump_stack_lvl+0x100/0x190
[  356.665764][T10751]  should_fail_ex.cold+0x5/0xa
[  356.665778][T10751]  _copy_from_user+0x2e/0xd0
[  356.665797][T10751]  get_compat_msghdr+0xb3/0x4b0
[  356.665811][T10751]  ? __pfx_get_compat_msghdr+0x10/0x10
[  356.665828][T10751]  ___sys_sendmsg+0x1b6/0x1e0
[  356.665847][T10751]  ? __pfx____sys_sendmsg+0x10/0x10
[  356.665879][T10751]  __sys_sendmsg+0x170/0x220
[  356.665893][T10751]  ? __pfx___sys_sendmsg+0x10/0x10
[  356.665910][T10751]  ? __pfx_ksys_write+0x10/0x10
[  356.665931][T10751]  __do_fast_syscall_32+0xe3/0x8c0
[  356.665948][T10751]  do_fast_syscall_32+0x32/0x70
[  356.665962][T10751]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  356.665977][T10751] RIP: 0023:0xf705ef6c
[  356.665987][T10751] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  356.665997][T10751] RSP: 002b:00000000f544d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  356.666008][T10751] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000540
[  356.666015][T10751] RDX: 0000000000044000 RSI: 0000000000000000 RDI: 0000000000000000
[  356.666021][T10751] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  356.666028][T10751] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  356.666034][T10751] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  356.666047][T10751]  </TASK>
[  356.878118][T10749] binder_alloc: binder_alloc_mmap_handler: 10747 80ffc000-81000000 already mapped failed -16
[  356.903456][T10757] FAULT_INJECTION: forcing a failure.
[  356.903456][T10757] name failslab, interval 1, probability 0, space 0, times 0
[  356.908134][T10757] CPU: 2 UID: 0 PID: 10757 Comm: syz.1.1298 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  356.908154][T10757] Tainted: [L]=SOFTLOCKUP
[  356.908159][T10757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  356.908167][T10757] Call Trace:
[  356.908173][T10757]  <TASK>
[  356.908178][T10757]  dump_stack_lvl+0x100/0x190
[  356.908203][T10757]  should_fail_ex.cold+0x5/0xa
[  356.908218][T10757]  ? tomoyo_realpath_from_path+0xb6/0x690
[  356.908235][T10757]  should_failslab+0xc2/0x120
[  356.908254][T10757]  __kmalloc_noprof+0xe0/0x850
[  356.908281][T10757]  tomoyo_realpath_from_path+0xb6/0x690
[  356.908301][T10757]  tomoyo_path_number_perm+0x23c/0x580
[  356.908322][T10757]  ? tomoyo_path_number_perm+0x22e/0x580
[  356.908347][T10757]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  356.908395][T10757]  ? find_held_lock+0x2b/0x80
[  356.908410][T10757]  ? hook_file_ioctl_common+0x146/0x410
[  356.908427][T10757]  ? __fget_files+0x215/0x3d0
[  356.908450][T10757]  ? __fget_files+0x21f/0x3d0
[  356.908470][T10757]  security_file_ioctl_compat+0xd3/0x230
[  356.908491][T10757]  __ia32_compat_sys_ioctl+0xc2/0x360
[  356.908509][T10757]  __do_fast_syscall_32+0xe3/0x8c0
[  356.908527][T10757]  do_fast_syscall_32+0x32/0x70
[  356.908542][T10757]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  356.908558][T10757] RIP: 0023:0xf705ef6c
[  356.908590][T10757] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  356.908607][T10757] RSP: 002b:00000000f544d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  356.908624][T10757] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c008561c
[  356.908631][T10757] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  356.908638][T10757] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  356.908644][T10757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  356.908651][T10757] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  356.908665][T10757]  </TASK>
[  356.995233][T10749] binder: 10747:10749 ioctl 8008f513 80000000 returned -22
[  357.006607][T10757] ERROR: Out of memory at tomoyo_realpath_from_path.
[  357.121925][T10761] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1299'.
[  357.162401][T10761] netlink: 'syz.1.1299': attribute type 10 has an invalid length.
[  357.166081][T10761] veth0_vlan: left promiscuous mode
[  357.169585][T10761] veth0_vlan: entered promiscuous mode
[  357.174541][T10761] team0: Device veth0_vlan failed to register rx_handler
[  357.680609][T10775] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  357.683601][T10775] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  357.690497][T10775] vhci_hcd vhci_hcd.0: Device attached
[  357.701522][T10778] CUSE: info not properly terminated
[  357.724935][T10778] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1303'.
[  357.734154][T10778] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1303'.
[  357.929412][   T10] usb 43-1: new low-speed USB device number 3 using vhci_hcd
[  357.998745][ T9338] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  358.181739][ T9338] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  358.185204][ T9338] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.187932][ T9338] usb 7-1: Product: syz
[  358.194751][ T9338] usb 7-1: Manufacturer: syz
[  358.196310][ T9338] usb 7-1: SerialNumber: syz
[  358.213065][ T9338] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  358.259794][ T9338] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  358.392744][T10776] vhci_hcd: connection reset by peer
[  358.395937][  T196] vhci_hcd vhci_hcd.3: stop threads
[  358.400217][  T196] vhci_hcd vhci_hcd.3: release socket
[  358.405828][  T196] vhci_hcd vhci_hcd.3: disconnect device
[  358.473400][   T34] usb 7-1: USB disconnect, device number 24
[  359.057814][T10785] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1305'.
[  359.268743][ T9338] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  359.272311][ T9338] ath9k_htc: Failed to initialize the device
[  359.275658][   T34] usb 7-1: ath9k_htc: USB layer deinitialized
[  359.964320][T10794] CUSE: info not properly terminated
[  359.976275][T10794] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1307'.
[  359.993074][T10794] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1307'.
[  360.359223][   T24] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  360.512422][   T24] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  360.515581][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.519427][   T24] usb 5-1: Product: syz
[  360.521247][   T24] usb 5-1: Manufacturer: syz
[  360.523026][   T24] usb 5-1: SerialNumber: syz
[  360.532152][   T24] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  360.554346][   T24] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  360.859810][ T5951] usb 5-1: USB disconnect, device number 21
[  361.599424][   T24] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  361.606239][   T24] ath9k_htc: Failed to initialize the device
[  361.620341][ T5951] usb 5-1: ath9k_htc: USB layer deinitialized
[  361.722820][T10808] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1311'.
[  361.737823][T10808] netlink: 'syz.1.1311': attribute type 10 has an invalid length.
[  361.741194][T10808] veth0_vlan: left promiscuous mode
[  361.744175][T10808] veth0_vlan: entered promiscuous mode
[  361.748935][T10808] team0: Device veth0_vlan failed to register rx_handler
[  361.857890][T10812] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1313'.
[  361.933753][T10817] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1314'.
[  362.012843][T10818] kAFS: unable to lookup cell ''
[  362.125543][T10820] vivid-000: disconnect
[  362.189523][T10821] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1312'.
[  363.069491][   T10] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  363.079568][T10815] vivid-000: reconnect
[  363.444764][T10830] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1318'.
[  363.563102][T10835] CUSE: info not properly terminated
[  363.570708][T10835] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1317'.
[  363.588287][T10835] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1317'.
[  363.675176][T10830] netlink: 'syz.2.1318': attribute type 10 has an invalid length.
[  363.679069][T10830] veth0_vlan: left promiscuous mode
[  363.683895][T10830] veth0_vlan: entered promiscuous mode
[  363.688467][T10830] team0: Device veth0_vlan failed to register rx_handler
[  363.829987][ T9338] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  364.882084][ T9338] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  364.885982][ T9338] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.898702][ T9338] usb 6-1: Product: syz
[  364.900549][ T9338] usb 6-1: Manufacturer: syz
[  364.902482][ T9338] usb 6-1: SerialNumber: syz
[  364.912748][ T9338] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  364.944993][ T9338] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  365.034686][T10843] usb usb9: usbfs: process 10843 (syz.3.1321) did not claim interface 0 before use
[  365.093592][T10845] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1322'.
[  365.106356][T10845] netlink: 'syz.3.1322': attribute type 10 has an invalid length.
[  365.110213][T10845] veth0_vlan: left promiscuous mode
[  365.113371][T10845] veth0_vlan: entered promiscuous mode
[  365.116659][T10845] team0: Device veth0_vlan failed to register rx_handler
[  365.155698][   T24] usb 6-1: USB disconnect, device number 22
[  365.518538][T10853] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  365.520869][T10853] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  365.537919][T10853] vhci_hcd vhci_hcd.0: Device attached
[  365.779094][   T39] usb 41-1: new low-speed USB device number 7 using vhci_hcd
[  365.796231][T10861] CUSE: info not properly terminated
[  365.920285][T10863] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1325'.
[  365.930235][T10863] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1325'.
[  365.989460][ T9338] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  365.991922][ T9338] ath9k_htc: Failed to initialize the device
[  365.994457][   T24] usb 6-1: ath9k_htc: USB layer deinitialized
[  366.179051][ T5810] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  366.259890][T10854] vhci_hcd: connection reset by peer
[  366.262751][  T105] vhci_hcd vhci_hcd.2: stop threads
[  366.264716][  T105] vhci_hcd vhci_hcd.2: release socket
[  366.266925][  T105] vhci_hcd vhci_hcd.2: disconnect device
[  366.417171][ T5810] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  366.421162][ T5810] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.424087][ T5810] usb 8-1: Product: syz
[  366.425653][ T5810] usb 8-1: Manufacturer: syz
[  366.427260][ T5810] usb 8-1: SerialNumber: syz
[  366.433816][ T5810] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  366.467016][   T24] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  366.592969][T10866] netlink: 'syz.1.1327': attribute type 10 has an invalid length.
[  366.597067][T10866] veth0_vlan: left promiscuous mode
[  366.601460][T10866] veth0_vlan: entered promiscuous mode
[  366.606018][T10866] team0: Device veth0_vlan failed to register rx_handler
[  366.658012][T10870] kAFS: unable to lookup cell ''
[  366.660733][T10870] vivid-001: disconnect
[  367.009428][T10873] /dev/sr0: Can't open blockdev
[  367.179898][   T50] usb 8-1: USB disconnect, device number 24
[  367.301726][T10883] __nla_validate_parse: 2 callbacks suppressed
[  367.301739][T10883] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1331'.
[  367.317976][T10883] netlink: 'syz.2.1331': attribute type 10 has an invalid length.
[  367.323001][T10883] veth0_vlan: left promiscuous mode
[  367.325286][T10883] veth0_vlan: entered promiscuous mode
[  367.328068][T10883] team0: Device veth0_vlan failed to register rx_handler
[  367.382241][T10867] vivid-001: reconnect
[  367.509147][   T24] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  367.511795][   T24] ath9k_htc: Failed to initialize the device
[  367.514262][   T50] usb 8-1: ath9k_htc: USB layer deinitialized
[  367.920716][T10898] CUSE: info not properly terminated
[  367.927407][T10898] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1335'.
[  367.933513][T10898] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1335'.
[  368.178981][ T5951] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  368.350898][ T5951] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  368.354045][ T5951] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.356617][ T5951] usb 7-1: Product: syz
[  368.358018][ T5951] usb 7-1: Manufacturer: syz
[  368.360375][ T5951] usb 7-1: SerialNumber: syz
[  368.397152][ T5951] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  368.428203][ T5951] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  368.644094][   T24] usb 7-1: USB disconnect, device number 25
[  368.878110][T10907] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1339'.
[  368.925010][T10907] kAFS: unable to lookup cell ''
[  369.032947][T10914] vivid-002: disconnect
[  369.518984][ T5951] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  369.522413][ T5951] ath9k_htc: Failed to initialize the device
[  369.525746][   T24] usb 7-1: ath9k_htc: USB layer deinitialized
[  369.702646][T10916] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1341'.
[  369.715416][T10918] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1340'.
[  369.719403][T10916] netlink: 'syz.1.1341': attribute type 10 has an invalid length.
[  369.723298][T10916] veth0_vlan: left promiscuous mode
[  369.726796][T10916] veth0_vlan: entered promiscuous mode
[  369.734309][T10916] team0: Device veth0_vlan failed to register rx_handler
[  369.738061][T10906] vivid-002: reconnect
[  369.764366][T10918] netlink: 'syz.0.1340': attribute type 10 has an invalid length.
[  369.768085][T10918] veth0_vlan: left promiscuous mode
[  369.771883][T10918] veth0_vlan: entered promiscuous mode
[  369.776787][T10918] team0: Device veth0_vlan failed to register rx_handler
[  369.887305][T10924] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1343'.
[  369.950935][T10924] kAFS: unable to lookup cell ''
[  370.175012][T10930] block nbd1: shutting down sockets
[  370.233490][T10934] vivid-002: disconnect
[  370.478879][   T10] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  370.549693][T10939] /dev/sr0: Can't open blockdev
[  370.628796][   T10] usb 5-1: Using ep0 maxpacket: 8
[  370.632442][   T10] usb 5-1: config index 0 descriptor too short (expected 74, got 45)
[  370.635268][   T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  370.638817][   T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  370.641958][   T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  370.646705][   T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  370.654404][   T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  370.661163][   T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  370.665935][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.691610][T10943] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1350'.
[  370.732241][T10923] vivid-002: reconnect
[  370.879004][   T39] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  370.974643][   T10] usb 5-1: usb_control_msg returned -32
[  370.976854][   T10] usbtmc 5-1:16.0: can't read capabilities
[  371.249745][T10950] FAULT_INJECTION: forcing a failure.
[  371.249745][T10950] name failslab, interval 1, probability 0, space 0, times 0
[  371.256708][T10950] CPU: 3 UID: 0 PID: 10950 Comm: syz.0.1346 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  371.256761][T10950] Tainted: [L]=SOFTLOCKUP
[  371.256768][T10950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  371.256777][T10950] Call Trace:
[  371.256786][T10950]  <TASK>
[  371.256794][T10950]  dump_stack_lvl+0x100/0x190
[  371.256827][T10950]  should_fail_ex.cold+0x5/0xa
[  371.256847][T10950]  ? usb_alloc_urb+0x66/0xa0
[  371.256870][T10950]  should_failslab+0xc2/0x120
[  371.256888][T10950]  __kmalloc_noprof+0xe0/0x850
[  371.256918][T10950]  usb_alloc_urb+0x66/0xa0
[  371.256941][T10950]  usbtmc_create_urb+0x13/0x150
[  371.256965][T10950]  usbtmc_write+0x23f/0xcc0
[  371.256990][T10950]  ? __pfx_usbtmc_write+0x10/0x10
[  371.257007][T10950]  ? bpf_lsm_file_permission+0x9/0x10
[  371.257030][T10950]  ? security_file_permission+0x76/0x210
[  371.257047][T10950]  ? rw_verify_area+0xce/0x6d0
[  371.257072][T10950]  vfs_write+0x2aa/0x1070
[  371.257099][T10950]  ? __pfx_usbtmc_write+0x10/0x10
[  371.257129][T10950]  ? __pfx_vfs_write+0x10/0x10
[  371.257153][T10950]  ? find_held_lock+0x2b/0x80
[  371.257169][T10950]  ? __fget_files+0x215/0x3d0
[  371.257194][T10950]  ? __fget_files+0x215/0x3d0
[  371.257225][T10950]  ? __fget_files+0x21f/0x3d0
[  371.257287][T10950]  ksys_write+0x12a/0x250
[  371.257313][T10950]  ? __pfx_ksys_write+0x10/0x10
[  371.257339][T10950]  ? __pfx_ksys_write+0x10/0x10
[  371.257370][T10950]  __do_fast_syscall_32+0xe3/0x8c0
[  371.257396][T10950]  do_fast_syscall_32+0x32/0x70
[  371.257419][T10950]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  371.257441][T10950] RIP: 0023:0xf70cef6c
[  371.257456][T10950] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  371.257472][T10950] RSP: 002b:00000000f549c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  371.257489][T10950] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080002680
[  371.257500][T10950] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  371.257509][T10950] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  371.257518][T10950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  371.257528][T10950] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  371.257552][T10950]  </TASK>
[  371.386710][T10953] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1352'.
[  371.400633][T10953] netlink: 'syz.3.1352': attribute type 10 has an invalid length.
[  371.401883][T10943] kAFS: unable to lookup cell ''
[  371.403721][T10953] veth0_vlan: left promiscuous mode
[  371.407347][T10953] veth0_vlan: entered promiscuous mode
[  371.411860][T10953] team0: Device veth0_vlan failed to register rx_handler
[  371.472500][T10955] syzkaller0: entered promiscuous mode
[  371.475075][T10955] syzkaller0: entered allmulticast mode
[  371.507708][T10951] vivid-003: disconnect
[  371.691167][T10942] vivid-003: reconnect
[  371.779204][T10961] CUSE: info not properly terminated
[  371.794018][T10961] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1354'.
[  371.799490][T10960] syzkaller0: entered promiscuous mode
[  371.801516][T10960] syzkaller0: entered allmulticast mode
[  372.052281][ T2131] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  372.191130][T10970] block nbd2: shutting down sockets
[  372.250768][ T2131] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  372.258483][ T2131] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.269665][ T2131] usb 8-1: Product: syz
[  372.272380][ T2131] usb 8-1: Manufacturer: syz
[  372.277031][ T2131] usb 8-1: SerialNumber: syz
[  372.310206][ T2131] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  372.452890][   T50] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  372.585089][T10975] CUSE: info not properly terminated
[  372.589514][T10975] __nla_validate_parse: 1 callbacks suppressed
[  372.589526][T10975] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1359'.
[  372.595900][T10975] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1359'.
[  372.729697][   T34] usb 8-1: USB disconnect, device number 25
[  372.849516][  T829] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  373.002057][  T829] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  373.005390][  T829] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.008402][  T829] usb 7-1: Product: syz
[  373.010989][  T829] usb 7-1: Manufacturer: syz
[  373.013426][  T829] usb 7-1: SerialNumber: syz
[  373.028212][  T829] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  373.062868][  T829] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  373.232503][ T6381] usb 5-1: USB disconnect, device number 22
[  373.340435][ T7378] usb 7-1: USB disconnect, device number 26
[  373.509111][   T50] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  373.511668][   T50] ath9k_htc: Failed to initialize the device
[  373.514347][   T34] usb 8-1: ath9k_htc: USB layer deinitialized
[  373.969061][T10986] syzkaller0: entered promiscuous mode
[  373.971332][T10986] syzkaller0: entered allmulticast mode
[  374.148715][  T829] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  374.152063][  T829] ath9k_htc: Failed to initialize the device
[  374.154545][ T7378] usb 7-1: ath9k_htc: USB layer deinitialized
[  374.609582][T10995] /dev/sr0: Can't open blockdev
[  374.865375][T11003] block nbd1: shutting down sockets
[  374.877795][T11006] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1368'.
[  374.904247][T11006] netlink: 'syz.3.1368': attribute type 10 has an invalid length.
[  374.908155][T11006] veth0_vlan: left promiscuous mode
[  374.919564][T11006] veth0_vlan: entered promiscuous mode
[  374.923636][T11006] team0: Device veth0_vlan failed to register rx_handler
[  375.254809][T11010] /dev/sr0: Can't open blockdev
[  375.304529][T11018] syzkaller0: entered promiscuous mode
[  375.307299][T11018] syzkaller0: entered allmulticast mode
[  375.752562][T11030] FAULT_INJECTION: forcing a failure.
[  375.752562][T11030] name failslab, interval 1, probability 0, space 0, times 0
[  375.757525][T11030] CPU: 0 UID: 0 PID: 11030 Comm: syz.0.1375 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  375.757543][T11030] Tainted: [L]=SOFTLOCKUP
[  375.757547][T11030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  375.757554][T11030] Call Trace:
[  375.757558][T11030]  <TASK>
[  375.757563][T11030]  dump_stack_lvl+0x100/0x190
[  375.757584][T11030]  should_fail_ex.cold+0x5/0xa
[  375.757597][T11030]  ? tomoyo_realpath_from_path+0xb6/0x690
[  375.757610][T11030]  should_failslab+0xc2/0x120
[  375.757621][T11030]  __kmalloc_noprof+0xe0/0x850
[  375.757640][T11030]  tomoyo_realpath_from_path+0xb6/0x690
[  375.757656][T11030]  tomoyo_path_number_perm+0x23c/0x580
[  375.757674][T11030]  ? tomoyo_path_number_perm+0x22e/0x580
[  375.757692][T11030]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  375.757723][T11030]  ? find_held_lock+0x2b/0x80
[  375.757734][T11030]  ? hook_file_ioctl_common+0x146/0x410
[  375.757752][T11030]  ? __fget_files+0x215/0x3d0
[  375.757771][T11030]  ? __fget_files+0x21f/0x3d0
[  375.757791][T11030]  security_file_ioctl_compat+0xd3/0x230
[  375.757810][T11030]  __ia32_compat_sys_ioctl+0xc2/0x360
[  375.757828][T11030]  __do_fast_syscall_32+0xe3/0x8c0
[  375.757848][T11030]  do_fast_syscall_32+0x32/0x70
[  375.757863][T11030]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  375.757877][T11030] RIP: 0023:0xf70cef6c
[  375.757886][T11030] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  375.757897][T11030] RSP: 002b:00000000f54bd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  375.757908][T11030] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c048aeca
[  375.757915][T11030] RDX: 0000000080000140 RSI: 0000000000000000 RDI: 0000000000000000
[  375.757921][T11030] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  375.757927][T11030] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  375.757933][T11030] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  375.757947][T11030]  </TASK>
[  375.757952][T11030] ERROR: Out of memory at tomoyo_realpath_from_path.
[  375.899932][T11032] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  375.902253][T11032] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  375.905412][T11032] vhci_hcd vhci_hcd.0: Device attached
[  376.034043][T11032] bridge0: entered promiscuous mode
[  376.036273][T11032] macvlan2: entered promiscuous mode
[  376.042574][T11038] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1378'.
[  376.090307][T11038] netlink: 'syz.2.1378': attribute type 10 has an invalid length.
[  376.093626][T11038] veth0_vlan: left promiscuous mode
[  376.096648][T11038] veth0_vlan: entered promiscuous mode
[  376.102575][T11038] team0: Device veth0_vlan failed to register rx_handler
[  376.102643][T11040] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1380'.
[  376.233115][T11045] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1382'.
[  376.261351][  T829] usb 44-1: SetAddress Request (6) to port 0
[  376.263319][  T829] usb 44-1: new SuperSpeed USB device number 6 using vhci_hcd
[  376.391811][T11052] vivid-000: disconnect
[  376.424625][T11033] vhci_hcd: connection reset by peer
[  376.427470][ T1250] vhci_hcd vhci_hcd.3: stop threads
[  376.430228][ T1250] vhci_hcd vhci_hcd.3: release socket
[  376.432366][ T1250] vhci_hcd vhci_hcd.3: disconnect device
[  376.493648][T11054] syzkaller0: entered promiscuous mode
[  376.496017][T11054] syzkaller0: entered allmulticast mode
[  376.587929][T11047] syzkaller0: entered promiscuous mode
[  376.590782][T11047] syzkaller0: entered allmulticast mode
[  376.679014][T11056] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1385'.
[  376.827236][T11058] vivid-003: disconnect
[  377.169514][T11044] vivid-000: reconnect
[  377.671001][T11055] vivid-003: reconnect
[  377.752372][T11060] FAULT_INJECTION: forcing a failure.
[  377.752372][T11060] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  377.768754][T11060] CPU: 3 UID: 0 PID: 11060 Comm: syz.2.1386 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  377.768785][T11060] Tainted: [L]=SOFTLOCKUP
[  377.768792][T11060] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  377.768802][T11060] Call Trace:
[  377.768808][T11060]  <TASK>
[  377.768815][T11060]  dump_stack_lvl+0x100/0x190
[  377.768846][T11060]  should_fail_ex.cold+0x5/0xa
[  377.768867][T11060]  _copy_from_iter+0x1f4/0x1690
[  377.768895][T11060]  ? __lock_acquire+0x4a5/0x2630
[  377.768924][T11060]  ? __lock_acquire+0x4a5/0x2630
[  377.768943][T11060]  ? __pfx__copy_from_iter+0x10/0x10
[  377.768970][T11060]  ? _parse_integer_limit+0x17f/0x1d0
[  377.768999][T11060]  tun_get_user+0x265/0x3e10
[  377.769027][T11060]  ? aa_file_perm+0x7f3/0x14d0
[  377.769052][T11060]  ? __pfx_tun_get_user+0x10/0x10
[  377.769078][T11060]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  377.769105][T11060]  ? find_held_lock+0x2b/0x80
[  377.769120][T11060]  ? tun_get+0x191/0x370
[  377.769140][T11060]  ? tun_get+0x191/0x370
[  377.769168][T11060]  tun_chr_write_iter+0xdc/0x200
[  377.769195][T11060]  vfs_write+0x6ac/0x1070
[  377.769222][T11060]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  377.769249][T11060]  ? __pfx_vfs_write+0x10/0x10
[  377.769272][T11060]  ? find_held_lock+0x2b/0x80
[  377.769304][T11060]  ksys_write+0x12a/0x250
[  377.769330][T11060]  ? __pfx_ksys_write+0x10/0x10
[  377.769353][T11060]  ? __pfx_ksys_write+0x10/0x10
[  377.769385][T11060]  __do_fast_syscall_32+0xe3/0x8c0
[  377.769409][T11060]  do_fast_syscall_32+0x32/0x70
[  377.769430][T11060]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  377.769452][T11060] RIP: 0023:0xf7f93f6c
[  377.769466][T11060] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  377.769482][T11060] RSP: 002b:00000000f545650c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  377.769500][T11060] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  377.769510][T11060] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000000
[  377.769520][T11060] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  377.769529][T11060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  377.769539][T11060] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  377.769559][T11060]  </TASK>
[  377.979819][T11064] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1389'.
[  378.158961][T11071] vivid-000: disconnect
[  379.054612][T11063] vivid-000: reconnect
[  379.144957][T11081] syzkaller0: entered promiscuous mode
[  379.147199][T11081] syzkaller0: entered allmulticast mode
[  379.231620][T11083] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1394'.
[  379.408248][T11088] vivid-000: disconnect
[  380.200761][T11082] vivid-000: reconnect
[  380.307088][T11095] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  380.309465][T11095] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  380.320841][T11098] FAULT_INJECTION: forcing a failure.
[  380.320841][T11098] name failslab, interval 1, probability 0, space 0, times 0
[  380.328421][T11098] CPU: 3 UID: 0 PID: 11098 Comm: syz.3.1397 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  380.328442][T11098] Tainted: [L]=SOFTLOCKUP
[  380.328447][T11098] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  380.328453][T11098] Call Trace:
[  380.328464][T11098]  <TASK>
[  380.328470][T11098]  dump_stack_lvl+0x100/0x190
[  380.328492][T11098]  should_fail_ex.cold+0x5/0xa
[  380.328507][T11098]  should_failslab+0xc2/0x120
[  380.328520][T11098]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  380.328538][T11098]  ? anon_vma_clone+0x2bd/0xc70
[  380.328555][T11098]  anon_vma_clone+0x2bd/0xc70
[  380.328601][T11098]  dup_anon_vma+0x1c5/0x2f0
[  380.328654][T11098]  vma_modify+0x16fd/0x2250
[  380.328693][T11098]  ? __pfx_vma_modify+0x10/0x10
[  380.328721][T11098]  vma_modify_flags_uffd+0x287/0x390
[  380.328746][T11098]  ? __pfx_vma_modify_flags_uffd+0x10/0x10
[  380.328772][T11095] vhci_hcd vhci_hcd.0: Device attached
[  380.328792][T11098]  userfaultfd_clear_vma+0xd9/0x1d0
[  380.328816][T11098]  userfaultfd_release_all+0x2a6/0x4b0
[  380.328841][T11098]  ? __pfx_userfaultfd_release_all+0x10/0x10
[  380.328868][T11098]  ? find_held_lock+0x2b/0x80
[  380.328886][T11098]  userfaultfd_release+0xf3/0x1c0
[  380.328903][T11098]  ? __pfx_userfaultfd_release+0x10/0x10
[  380.328919][T11098]  ? __pfx___might_resched+0x10/0x10
[  380.328936][T11098]  ? evm_file_release+0x133/0x210
[  380.328954][T11098]  ? __pfx_userfaultfd_release+0x10/0x10
[  380.328972][T11098]  __fput+0x3ff/0xb40
[  380.328988][T11098]  fput_close_sync+0x118/0x250
[  380.329002][T11098]  ? __pfx_fput_close_sync+0x10/0x10
[  380.329020][T11098]  __ia32_sys_close+0x8b/0x120
[  380.329035][T11098]  __do_fast_syscall_32+0xe3/0x8c0
[  380.329051][T11098]  do_fast_syscall_32+0x32/0x70
[  380.329065][T11098]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  380.329080][T11098] RIP: 0023:0xf7fd8f6c
[  380.329090][T11098] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  380.329101][T11098] RSP: 002b:00000000f547550c EFLAGS: 00000292 ORIG_RAX: 0000000000000006
[  380.329112][T11098] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000
[  380.329119][T11098] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  380.329125][T11098] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  380.329131][T11098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  380.329137][T11098] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  380.329151][T11098]  </TASK>
[  380.350598][T11098] ------------[ cut here ]------------
[  380.430298][T11098] anon_vma->num_active_vmas
[  380.430308][T11098] WARNING: mm/rmap.c:528 at unlink_anon_vmas+0x64e/0x8e0, CPU#2: syz.3.1397/11098
[  380.435083][T11098] Modules linked in:
[  380.437590][T11098] CPU: 2 UID: 0 PID: 11098 Comm: syz.3.1397 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  380.442013][T11098] Tainted: [L]=SOFTLOCKUP
[  380.443785][T11098] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  380.448169][T11098] RIP: 0010:unlink_anon_vmas+0x64e/0x8e0
[  380.451453][T11098] Code: 8b 40 30 48 39 c3 0f 85 9c 00 00 00 e8 9b 1a a8 ff 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc e8 83 1a a8 ff 90 <0f> 0b 90 e9 2e ff ff ff e8 75 1a a8 ff 90 0f 0b 90 e9 e0 fe ff ff
[  380.460563][T11098] RSP: 0000:ffffc9000dc77748 EFLAGS: 00010293
[  380.463475][T11098] RAX: 0000000000000000 RBX: ffff888024579850 RCX: ffffffff825ff367
[  380.466593][T11098] RDX: ffff888028318000 RSI: ffffffff825ff43d RDI: ffff888028318000
[  380.470971][T11098] RBP: ffff888013444660 R08: 0000000000000007 R09: 0000000000000000
[  380.474648][T11098] R10: ffffffffffffffff R11: 0000000000000000 R12: dffffc0000000000
[  380.478156][T11098] R13: ffff8880291ccca0 R14: ffff888024579860 R15: ffff8880291cccb0
[  380.481785][T11098] FS:  0000000000000000(0000) GS:ffff88809734c000(0000) knlGS:0000000000000000
[  380.485462][T11098] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  380.488366][T11098] CR2: 00000000f74222f0 CR3: 000000004d7c0000 CR4: 0000000000352ef0
[  380.492591][T11098] Call Trace:
[  380.494214][T11098]  <TASK>
[  380.495561][T11098]  free_pgtables+0x2e7/0xd80
[  380.497636][T11098]  ? __pfx_free_pgtables+0x10/0x10
[  380.500583][T11098]  exit_mmap+0x44c/0xa30
[  380.502622][T11098]  ? __pfx_exit_mmap+0x10/0x10
[  380.504780][T11098]  ? trace_contention_end+0x140/0x180
[  380.507099][T11098]  ? uprobe_clear_state+0x5f/0x360
[  380.510171][T11098]  ? uprobe_clear_state+0x5f/0x360
[  380.512384][T11098]  ? __lock_acquire+0x4a5/0x2630
[  380.514615][T11098]  ? arch_uprobe_clear_state+0x107/0x150
[  380.517128][T11098]  __mmput+0x12a/0x410
[  380.519862][T11098]  mmput+0x67/0x80
[  380.521494][T11098]  do_exit+0x78a/0x2aa0
[  380.523307][T11098]  ? __pfx_do_exit+0x10/0x10
[  380.525365][T11098]  ? do_raw_spin_lock+0x128/0x260
[  380.527574][T11098]  ? find_held_lock+0x2b/0x80
[  380.530277][T11098]  ? get_signal+0x7e0/0x21e0
[  380.532432][T11098]  do_group_exit+0xd5/0x2a0
[  380.534562][T11098]  get_signal+0x1ec7/0x21e0
[  380.536566][T11098]  ? __pfx_get_signal+0x10/0x10
[  380.539429][T11098]  ? do_futex+0x192/0x350
[  380.541407][T11098]  arch_do_signal_or_restart+0x91/0x770
[  380.543828][T11098]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  380.546527][T11098]  ? __pfx___ia32_sys_futex_time32+0x10/0x10
[  380.549944][T11098]  ? fput_close_sync+0x11d/0x250
[  380.552295][T11098]  exit_to_user_mode_loop+0x86/0x4a0
[  380.554678][T11098]  __do_fast_syscall_32+0x578/0x8c0
[  380.556989][T11098]  do_fast_syscall_32+0x32/0x70
[  380.559757][T11098]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  380.562254][T11098] RIP: 0023:0xf7fd8f6c
[  380.563987][T11098] Code: Unable to access opcode bytes at 0xf7fd8f42.
[  380.566788][T11098] RSP: 002b:00000000f54755bc EFLAGS: 00000292 ORIG_RAX: 00000000000000f0
[  380.571071][T11098] RAX: fffffffffffffe00 RBX: 00000000f7495020 RCX: 0000000000000080
[  380.574463][T11098] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000f7495024
[  380.577302][T11098] RBP: 0000000000000081 R08: 0000000000000000 R09: 0000000000000000
[  380.580352][T11098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  380.583846][T11098] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  380.586585][T11098]  </TASK>
[  380.587650][T11098] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  380.590093][T11098] CPU: 2 UID: 0 PID: 11098 Comm: syz.3.1397 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  380.594098][T11098] Tainted: [L]=SOFTLOCKUP
[  380.595658][T11098] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  380.599050][T11098] Call Trace:
[  380.600237][T11098]  <TASK>
[  380.601283][T11098]  dump_stack_lvl+0x100/0x190
[  380.603001][T11098]  vpanic+0x552/0x970
[  380.604339][T11098]  ? __pfx_vpanic+0x10/0x10
[  380.606070][T11098]  panic+0xd1/0xe0
[  380.607485][T11098]  ? __pfx_panic+0x10/0x10
[  380.609017][T11098]  ? check_panic_on_warn+0x1f/0x90
[  380.610800][T11098]  check_panic_on_warn.cold+0x19/0x34
[  380.612650][T11098]  ? unlink_anon_vmas+0x64e/0x8e0
[  380.614649][T11098]  __warn.cold+0x191/0x348
[  380.616225][T11098]  __report_bug+0x296/0x3d0
[  380.617807][T11098]  ? unlink_anon_vmas+0x64e/0x8e0
[  380.619470][T11098]  ? __pfx___report_bug+0x10/0x10
[  380.621241][T11098]  ? __lock_acquire+0x4a5/0x2630
[  380.622951][T11098]  ? unlink_anon_vmas+0x64e/0x8e0
[  380.624676][T11098]  report_bug+0xb2/0x220
[  380.626082][T11098]  ? unlink_anon_vmas+0x64e/0x8e0
[  380.627777][T11098]  handle_bug+0x16a/0x2a0
[  380.629318][T11098]  exc_invalid_op+0x17/0x50
[  380.631155][T11098]  asm_exc_invalid_op+0x1a/0x20
[  380.633317][T11098] RIP: 0010:unlink_anon_vmas+0x64e/0x8e0
[  380.635796][T11098] Code: 8b 40 30 48 39 c3 0f 85 9c 00 00 00 e8 9b 1a a8 ff 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc e8 83 1a a8 ff 90 <0f> 0b 90 e9 2e ff ff ff e8 75 1a a8 ff 90 0f 0b 90 e9 e0 fe ff ff
[  380.643424][T11098] RSP: 0000:ffffc9000dc77748 EFLAGS: 00010293
[  380.645505][T11098] RAX: 0000000000000000 RBX: ffff888024579850 RCX: ffffffff825ff367
[  380.648083][T11098] RDX: ffff888028318000 RSI: ffffffff825ff43d RDI: ffff888028318000
[  380.650671][T11098] RBP: ffff888013444660 R08: 0000000000000007 R09: 0000000000000000
[  380.653483][T11098] R10: ffffffffffffffff R11: 0000000000000000 R12: dffffc0000000000
[  380.656208][T11098] R13: ffff8880291ccca0 R14: ffff888024579860 R15: ffff8880291cccb0
[  380.659911][T11098]  ? unlink_anon_vmas+0x577/0x8e0
[  380.662236][T11098]  ? unlink_anon_vmas+0x64d/0x8e0
[  380.664508][T11098]  ? unlink_anon_vmas+0x64d/0x8e0
[  380.666751][T11098]  free_pgtables+0x2e7/0xd80
[  380.668826][T11098]  ? __pfx_free_pgtables+0x10/0x10
[  380.671098][T11098]  exit_mmap+0x44c/0xa30
[  380.672995][T11098]  ? __pfx_exit_mmap+0x10/0x10
[  380.675186][T11098]  ? trace_contention_end+0x140/0x180
[  380.677887][T11098]  ? uprobe_clear_state+0x5f/0x360
[  380.680261][T11098]  ? uprobe_clear_state+0x5f/0x360
[  380.682715][T11098]  ? __lock_acquire+0x4a5/0x2630
[  380.684368][T11098]  ? arch_uprobe_clear_state+0x107/0x150
[  380.686252][T11098]  __mmput+0x12a/0x410
[  380.687664][T11098]  mmput+0x67/0x80
[  380.688988][T11098]  do_exit+0x78a/0x2aa0
[  380.690417][T11098]  ? __pfx_do_exit+0x10/0x10
[  380.692032][T11098]  ? do_raw_spin_lock+0x128/0x260
[  380.693744][T11098]  ? find_held_lock+0x2b/0x80
[  380.695299][T11098]  ? get_signal+0x7e0/0x21e0
[  380.696883][T11098]  do_group_exit+0xd5/0x2a0
[  380.698390][T11098]  get_signal+0x1ec7/0x21e0
[  380.699888][T11098]  ? __pfx_get_signal+0x10/0x10
[  380.701680][T11098]  ? do_futex+0x192/0x350
[  380.703140][T11098]  arch_do_signal_or_restart+0x91/0x770
[  380.704998][T11098]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  380.707080][T11098]  ? __pfx___ia32_sys_futex_time32+0x10/0x10
[  380.709136][T11098]  ? fput_close_sync+0x11d/0x250
[  380.710897][T11098]  exit_to_user_mode_loop+0x86/0x4a0
[  380.712746][T11098]  __do_fast_syscall_32+0x578/0x8c0
[  380.714522][T11098]  do_fast_syscall_32+0x32/0x70
[  380.716126][T11098]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  380.718252][T11098] RIP: 0023:0xf7fd8f6c
[  380.719607][T11098] Code: Unable to access opcode bytes at 0xf7fd8f42.
[  380.721793][T11098] RSP: 002b:00000000f54755bc EFLAGS: 00000292 ORIG_RAX: 00000000000000f0
[  380.724484][T11098] RAX: fffffffffffffe00 RBX: 00000000f7495020 RCX: 0000000000000080
[  380.727095][T11098] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000f7495024
[  380.729703][T11098] RBP: 0000000000000081 R08: 0000000000000000 R09: 0000000000000000
[  380.732932][T11098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  380.736501][T11098] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  380.740072][T11098]  </TASK>
[  380.742396][T11098] Kernel Offset: disabled
[  380.744262][T11098] Rebooting in 86400 seconds..