last executing test programs:

1m0.740673335s ago: executing program 4 (id=5943):
r0 = openat$kvm(0xffffff9c, 0x0, 0x800, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
ptrace$poke(0x4, r1, &(0x7f0000000380), 0x917)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x2004000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00"/14, @ANYRES32=0x0, @ANYBLOB="00003b2b92af3fa0a8aadf8eba6493f75266", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_CMD(r4, 0x80506409, &(0x7f0000000180)={0x0, 0x1, 0x2, 0x6dd, 0x10, 0x200, 0x10, 0x3, 0x20, 0xffffffff, 0x20, 0x7, &(0x7f00000000c0)=[0x4], 0x1, 0x0})

54.048567365s ago: executing program 1 (id=6141):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000740)=@nat={'nat\x00', 0x8, 0x5, 0x6c8, 0x2a0, 0x390, 0xffffffff, 0xf0, 0xf0, 0x5f8, 0x5f8, 0xffffffff, 0x5f8, 0x5f8, 0x5, 0x0, {[{{@uncond, 0xb7030000, 0xa8, 0xf0}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x14, @ipv6=@mcast1, @ipv4=@rand_addr=0x64010101, @port=0x4e21, @port=0x4e22}}}, {{@ipv6={@local, @private0, [0xff000000, 0xff, 0xff, 0xffffff00], [0xffffffff, 0xffffffff, 0x0, 0xffffff00], 'rose0\x00', 'vlan0\x00', {}, {0xff}, 0x3c, 0x2, 0x0, 0x4e}, 0x0, 0x168, 0x1b0, 0x0, {}, [@common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@dev={0xac, 0x14, 0x14, 0x28}, [], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [], @ipv4=@private, [], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], 0x0, 0x10000}}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv6=@local, @icmp_id, @gre_key=0x4}}}, {{@ipv6={@mcast1, @local, [0x0, 0xff000000], [0x0, 0xff000000], 'wg1\x00', 'ip6erspan0\x00', {}, {}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x17, @ipv4, @ipv4=@empty, @icmp_id=0x64, @icmp_id}}}, {{@ipv6={@private0, @mcast2, [0x0, 0xffffff00, 0xff000000, 0xffffffff], [0x0, 0xff000000, 0xff, 0xff000000], 'veth1_to_team\x00', 'vlan0\x00', {}, {}, 0x62, 0x93, 0x0, 0x14}, 0x0, 0x220, 0x268, 0x0, {}, [@common=@inet=@sctp={{0x148}, {[], [], [0x0, 0x0, 0xba, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3043, 0x0, 0x0, 0x0, 0x0, 0xfffffeff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0xfffffffe], 0x0, [{0x1}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0xfc}]}}, @common=@frag={{0x30}, {[0x5, 0xffff3409], 0x40, 0x25}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x18, @ipv6=@private2, @ipv4=@broadcast, @icmp_id=0x64, @icmp_id=0x65}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x728)
ioctl$EXT4_IOC_GETFSUUID(r0, 0x8008662c, &(0x7f0000000080))
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r2, 0x1)
connect$bt_rfcomm(r2, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003600)=[{{&(0x7f00000000c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000240)=""/79, 0x4f}, {&(0x7f0000000300)=""/66, 0x42}], 0x2, &(0x7f0000000500)=""/222, 0xde}, 0x40}, {{0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000000600)=""/50, 0x32}, {&(0x7f0000000640)=""/225, 0xe1}, {&(0x7f0000000e80)=""/4096, 0x1000}, {&(0x7f0000001e80)=""/104, 0x68}], 0x4, &(0x7f0000001f40)=""/181, 0xb5}, 0x1}, {{0x0, 0x0, &(0x7f00000034c0)=[{&(0x7f0000002000)=""/147, 0x93}, {&(0x7f00000020c0)=""/194, 0xc2}, {&(0x7f00000021c0)=""/32, 0x20}, {&(0x7f0000002200)=""/89, 0x59}, {&(0x7f0000002280)=""/104, 0x68}, {&(0x7f0000002300)=""/145, 0x91}, {&(0x7f00000023c0)=""/100, 0x64}, {&(0x7f0000002440)=""/118, 0x76}, {&(0x7f00000024c0)=""/4096, 0x1000}], 0x9, &(0x7f0000003580)=""/97, 0x61}, 0x1684}], 0x3, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
dup3(r3, 0xffffffffffffffff, 0x0)

48.790528931s ago: executing program 4 (id=5943):
r0 = openat$kvm(0xffffff9c, 0x0, 0x800, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
ptrace$poke(0x4, r1, &(0x7f0000000380), 0x917)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x2004000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00"/14, @ANYRES32=0x0, @ANYBLOB="00003b2b92af3fa0a8aadf8eba6493f75266", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_CMD(r4, 0x80506409, &(0x7f0000000180)={0x0, 0x1, 0x2, 0x6dd, 0x10, 0x200, 0x10, 0x3, 0x20, 0xffffffff, 0x20, 0x7, &(0x7f00000000c0)=[0x4], 0x1, 0x0})

41.071927876s ago: executing program 1 (id=6141):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000740)=@nat={'nat\x00', 0x8, 0x5, 0x6c8, 0x2a0, 0x390, 0xffffffff, 0xf0, 0xf0, 0x5f8, 0x5f8, 0xffffffff, 0x5f8, 0x5f8, 0x5, 0x0, {[{{@uncond, 0xb7030000, 0xa8, 0xf0}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x14, @ipv6=@mcast1, @ipv4=@rand_addr=0x64010101, @port=0x4e21, @port=0x4e22}}}, {{@ipv6={@local, @private0, [0xff000000, 0xff, 0xff, 0xffffff00], [0xffffffff, 0xffffffff, 0x0, 0xffffff00], 'rose0\x00', 'vlan0\x00', {}, {0xff}, 0x3c, 0x2, 0x0, 0x4e}, 0x0, 0x168, 0x1b0, 0x0, {}, [@common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@dev={0xac, 0x14, 0x14, 0x28}, [], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [], @ipv4=@private, [], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], 0x0, 0x10000}}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv6=@local, @icmp_id, @gre_key=0x4}}}, {{@ipv6={@mcast1, @local, [0x0, 0xff000000], [0x0, 0xff000000], 'wg1\x00', 'ip6erspan0\x00', {}, {}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x17, @ipv4, @ipv4=@empty, @icmp_id=0x64, @icmp_id}}}, {{@ipv6={@private0, @mcast2, [0x0, 0xffffff00, 0xff000000, 0xffffffff], [0x0, 0xff000000, 0xff, 0xff000000], 'veth1_to_team\x00', 'vlan0\x00', {}, {}, 0x62, 0x93, 0x0, 0x14}, 0x0, 0x220, 0x268, 0x0, {}, [@common=@inet=@sctp={{0x148}, {[], [], [0x0, 0x0, 0xba, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3043, 0x0, 0x0, 0x0, 0x0, 0xfffffeff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0xfffffffe], 0x0, [{0x1}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0xfc}]}}, @common=@frag={{0x30}, {[0x5, 0xffff3409], 0x40, 0x25}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x18, @ipv6=@private2, @ipv4=@broadcast, @icmp_id=0x64, @icmp_id=0x65}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x728)
ioctl$EXT4_IOC_GETFSUUID(r0, 0x8008662c, &(0x7f0000000080))
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r2, 0x1)
connect$bt_rfcomm(r2, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003600)=[{{&(0x7f00000000c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000240)=""/79, 0x4f}, {&(0x7f0000000300)=""/66, 0x42}], 0x2, &(0x7f0000000500)=""/222, 0xde}, 0x40}, {{0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000000600)=""/50, 0x32}, {&(0x7f0000000640)=""/225, 0xe1}, {&(0x7f0000000e80)=""/4096, 0x1000}, {&(0x7f0000001e80)=""/104, 0x68}], 0x4, &(0x7f0000001f40)=""/181, 0xb5}, 0x1}, {{0x0, 0x0, &(0x7f00000034c0)=[{&(0x7f0000002000)=""/147, 0x93}, {&(0x7f00000020c0)=""/194, 0xc2}, {&(0x7f00000021c0)=""/32, 0x20}, {&(0x7f0000002200)=""/89, 0x59}, {&(0x7f0000002280)=""/104, 0x68}, {&(0x7f0000002300)=""/145, 0x91}, {&(0x7f00000023c0)=""/100, 0x64}, {&(0x7f0000002440)=""/118, 0x76}, {&(0x7f00000024c0)=""/4096, 0x1000}], 0x9, &(0x7f0000003580)=""/97, 0x61}, 0x1684}], 0x3, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
dup3(r3, 0xffffffffffffffff, 0x0)

37.122069634s ago: executing program 1 (id=6141):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000740)=@nat={'nat\x00', 0x8, 0x5, 0x6c8, 0x2a0, 0x390, 0xffffffff, 0xf0, 0xf0, 0x5f8, 0x5f8, 0xffffffff, 0x5f8, 0x5f8, 0x5, 0x0, {[{{@uncond, 0xb7030000, 0xa8, 0xf0}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x14, @ipv6=@mcast1, @ipv4=@rand_addr=0x64010101, @port=0x4e21, @port=0x4e22}}}, {{@ipv6={@local, @private0, [0xff000000, 0xff, 0xff, 0xffffff00], [0xffffffff, 0xffffffff, 0x0, 0xffffff00], 'rose0\x00', 'vlan0\x00', {}, {0xff}, 0x3c, 0x2, 0x0, 0x4e}, 0x0, 0x168, 0x1b0, 0x0, {}, [@common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@dev={0xac, 0x14, 0x14, 0x28}, [], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [], @ipv4=@private, [], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], 0x0, 0x10000}}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv6=@local, @icmp_id, @gre_key=0x4}}}, {{@ipv6={@mcast1, @local, [0x0, 0xff000000], [0x0, 0xff000000], 'wg1\x00', 'ip6erspan0\x00', {}, {}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x17, @ipv4, @ipv4=@empty, @icmp_id=0x64, @icmp_id}}}, {{@ipv6={@private0, @mcast2, [0x0, 0xffffff00, 0xff000000, 0xffffffff], [0x0, 0xff000000, 0xff, 0xff000000], 'veth1_to_team\x00', 'vlan0\x00', {}, {}, 0x62, 0x93, 0x0, 0x14}, 0x0, 0x220, 0x268, 0x0, {}, [@common=@inet=@sctp={{0x148}, {[], [], [0x0, 0x0, 0xba, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3043, 0x0, 0x0, 0x0, 0x0, 0xfffffeff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0xfffffffe], 0x0, [{0x1}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0xfc}]}}, @common=@frag={{0x30}, {[0x5, 0xffff3409], 0x40, 0x25}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x18, @ipv6=@private2, @ipv4=@broadcast, @icmp_id=0x64, @icmp_id=0x65}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x728)
ioctl$EXT4_IOC_GETFSUUID(r0, 0x8008662c, &(0x7f0000000080))
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r2, 0x1)
connect$bt_rfcomm(r2, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003600)=[{{&(0x7f00000000c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000240)=""/79, 0x4f}, {&(0x7f0000000300)=""/66, 0x42}], 0x2, &(0x7f0000000500)=""/222, 0xde}, 0x40}, {{0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000000600)=""/50, 0x32}, {&(0x7f0000000640)=""/225, 0xe1}, {&(0x7f0000000e80)=""/4096, 0x1000}, {&(0x7f0000001e80)=""/104, 0x68}], 0x4, &(0x7f0000001f40)=""/181, 0xb5}, 0x1}, {{0x0, 0x0, &(0x7f00000034c0)=[{&(0x7f0000002000)=""/147, 0x93}, {&(0x7f00000020c0)=""/194, 0xc2}, {&(0x7f00000021c0)=""/32, 0x20}, {&(0x7f0000002200)=""/89, 0x59}, {&(0x7f0000002280)=""/104, 0x68}, {&(0x7f0000002300)=""/145, 0x91}, {&(0x7f00000023c0)=""/100, 0x64}, {&(0x7f0000002440)=""/118, 0x76}, {&(0x7f00000024c0)=""/4096, 0x1000}], 0x9, &(0x7f0000003580)=""/97, 0x61}, 0x1684}], 0x3, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
dup3(r3, 0xffffffffffffffff, 0x0)

34.599892714s ago: executing program 4 (id=5943):
r0 = openat$kvm(0xffffff9c, 0x0, 0x800, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
ptrace$poke(0x4, r1, &(0x7f0000000380), 0x917)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x2004000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00"/14, @ANYRES32=0x0, @ANYBLOB="00003b2b92af3fa0a8aadf8eba6493f75266", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_CMD(r4, 0x80506409, &(0x7f0000000180)={0x0, 0x1, 0x2, 0x6dd, 0x10, 0x200, 0x10, 0x3, 0x20, 0xffffffff, 0x20, 0x7, &(0x7f00000000c0)=[0x4], 0x1, 0x0})

32.64867398s ago: executing program 4 (id=5943):
r0 = openat$kvm(0xffffff9c, 0x0, 0x800, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
ptrace$poke(0x4, r1, &(0x7f0000000380), 0x917)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x2004000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00"/14, @ANYRES32=0x0, @ANYBLOB="00003b2b92af3fa0a8aadf8eba6493f75266", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_CMD(r4, 0x80506409, &(0x7f0000000180)={0x0, 0x1, 0x2, 0x6dd, 0x10, 0x200, 0x10, 0x3, 0x20, 0xffffffff, 0x20, 0x7, &(0x7f00000000c0)=[0x4], 0x1, 0x0})

27.567747739s ago: executing program 1 (id=6141):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000740)=@nat={'nat\x00', 0x8, 0x5, 0x6c8, 0x2a0, 0x390, 0xffffffff, 0xf0, 0xf0, 0x5f8, 0x5f8, 0xffffffff, 0x5f8, 0x5f8, 0x5, 0x0, {[{{@uncond, 0xb7030000, 0xa8, 0xf0}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x14, @ipv6=@mcast1, @ipv4=@rand_addr=0x64010101, @port=0x4e21, @port=0x4e22}}}, {{@ipv6={@local, @private0, [0xff000000, 0xff, 0xff, 0xffffff00], [0xffffffff, 0xffffffff, 0x0, 0xffffff00], 'rose0\x00', 'vlan0\x00', {}, {0xff}, 0x3c, 0x2, 0x0, 0x4e}, 0x0, 0x168, 0x1b0, 0x0, {}, [@common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@dev={0xac, 0x14, 0x14, 0x28}, [], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [], @ipv4=@private, [], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], 0x0, 0x10000}}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv6=@local, @icmp_id, @gre_key=0x4}}}, {{@ipv6={@mcast1, @local, [0x0, 0xff000000], [0x0, 0xff000000], 'wg1\x00', 'ip6erspan0\x00', {}, {}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x17, @ipv4, @ipv4=@empty, @icmp_id=0x64, @icmp_id}}}, {{@ipv6={@private0, @mcast2, [0x0, 0xffffff00, 0xff000000, 0xffffffff], [0x0, 0xff000000, 0xff, 0xff000000], 'veth1_to_team\x00', 'vlan0\x00', {}, {}, 0x62, 0x93, 0x0, 0x14}, 0x0, 0x220, 0x268, 0x0, {}, [@common=@inet=@sctp={{0x148}, {[], [], [0x0, 0x0, 0xba, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3043, 0x0, 0x0, 0x0, 0x0, 0xfffffeff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0xfffffffe], 0x0, [{0x1}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0xfc}]}}, @common=@frag={{0x30}, {[0x5, 0xffff3409], 0x40, 0x25}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x18, @ipv6=@private2, @ipv4=@broadcast, @icmp_id=0x64, @icmp_id=0x65}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x728)
ioctl$EXT4_IOC_GETFSUUID(r0, 0x8008662c, &(0x7f0000000080))
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r2, 0x1)
connect$bt_rfcomm(r2, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003600)=[{{&(0x7f00000000c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000240)=""/79, 0x4f}, {&(0x7f0000000300)=""/66, 0x42}], 0x2, &(0x7f0000000500)=""/222, 0xde}, 0x40}, {{0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000000600)=""/50, 0x32}, {&(0x7f0000000640)=""/225, 0xe1}, {&(0x7f0000000e80)=""/4096, 0x1000}, {&(0x7f0000001e80)=""/104, 0x68}], 0x4, &(0x7f0000001f40)=""/181, 0xb5}, 0x1}, {{0x0, 0x0, &(0x7f00000034c0)=[{&(0x7f0000002000)=""/147, 0x93}, {&(0x7f00000020c0)=""/194, 0xc2}, {&(0x7f00000021c0)=""/32, 0x20}, {&(0x7f0000002200)=""/89, 0x59}, {&(0x7f0000002280)=""/104, 0x68}, {&(0x7f0000002300)=""/145, 0x91}, {&(0x7f00000023c0)=""/100, 0x64}, {&(0x7f0000002440)=""/118, 0x76}, {&(0x7f00000024c0)=""/4096, 0x1000}], 0x9, &(0x7f0000003580)=""/97, 0x61}, 0x1684}], 0x3, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
dup3(r3, 0xffffffffffffffff, 0x0)

25.952334132s ago: executing program 1 (id=6141):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000740)=@nat={'nat\x00', 0x8, 0x5, 0x6c8, 0x2a0, 0x390, 0xffffffff, 0xf0, 0xf0, 0x5f8, 0x5f8, 0xffffffff, 0x5f8, 0x5f8, 0x5, 0x0, {[{{@uncond, 0xb7030000, 0xa8, 0xf0}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x14, @ipv6=@mcast1, @ipv4=@rand_addr=0x64010101, @port=0x4e21, @port=0x4e22}}}, {{@ipv6={@local, @private0, [0xff000000, 0xff, 0xff, 0xffffff00], [0xffffffff, 0xffffffff, 0x0, 0xffffff00], 'rose0\x00', 'vlan0\x00', {}, {0xff}, 0x3c, 0x2, 0x0, 0x4e}, 0x0, 0x168, 0x1b0, 0x0, {}, [@common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@dev={0xac, 0x14, 0x14, 0x28}, [], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [], @ipv4=@private, [], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], 0x0, 0x10000}}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv6=@local, @icmp_id, @gre_key=0x4}}}, {{@ipv6={@mcast1, @local, [0x0, 0xff000000], [0x0, 0xff000000], 'wg1\x00', 'ip6erspan0\x00', {}, {}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x17, @ipv4, @ipv4=@empty, @icmp_id=0x64, @icmp_id}}}, {{@ipv6={@private0, @mcast2, [0x0, 0xffffff00, 0xff000000, 0xffffffff], [0x0, 0xff000000, 0xff, 0xff000000], 'veth1_to_team\x00', 'vlan0\x00', {}, {}, 0x62, 0x93, 0x0, 0x14}, 0x0, 0x220, 0x268, 0x0, {}, [@common=@inet=@sctp={{0x148}, {[], [], [0x0, 0x0, 0xba, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3043, 0x0, 0x0, 0x0, 0x0, 0xfffffeff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0xfffffffe], 0x0, [{0x1}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0xfc}]}}, @common=@frag={{0x30}, {[0x5, 0xffff3409], 0x40, 0x25}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x18, @ipv6=@private2, @ipv4=@broadcast, @icmp_id=0x64, @icmp_id=0x65}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x728)
ioctl$EXT4_IOC_GETFSUUID(r0, 0x8008662c, &(0x7f0000000080))
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r2, 0x1)
connect$bt_rfcomm(r2, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003600)=[{{&(0x7f00000000c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000240)=""/79, 0x4f}, {&(0x7f0000000300)=""/66, 0x42}], 0x2, &(0x7f0000000500)=""/222, 0xde}, 0x40}, {{0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000000600)=""/50, 0x32}, {&(0x7f0000000640)=""/225, 0xe1}, {&(0x7f0000000e80)=""/4096, 0x1000}, {&(0x7f0000001e80)=""/104, 0x68}], 0x4, &(0x7f0000001f40)=""/181, 0xb5}, 0x1}, {{0x0, 0x0, &(0x7f00000034c0)=[{&(0x7f0000002000)=""/147, 0x93}, {&(0x7f00000020c0)=""/194, 0xc2}, {&(0x7f00000021c0)=""/32, 0x20}, {&(0x7f0000002200)=""/89, 0x59}, {&(0x7f0000002280)=""/104, 0x68}, {&(0x7f0000002300)=""/145, 0x91}, {&(0x7f00000023c0)=""/100, 0x64}, {&(0x7f0000002440)=""/118, 0x76}, {&(0x7f00000024c0)=""/4096, 0x1000}], 0x9, &(0x7f0000003580)=""/97, 0x61}, 0x1684}], 0x3, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
dup3(r3, 0xffffffffffffffff, 0x0)

18.248750445s ago: executing program 4 (id=5943):
r0 = openat$kvm(0xffffff9c, 0x0, 0x800, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
ptrace$poke(0x4, r1, &(0x7f0000000380), 0x917)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x2004000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00"/14, @ANYRES32=0x0, @ANYBLOB="00003b2b92af3fa0a8aadf8eba6493f75266", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_CMD(r4, 0x80506409, &(0x7f0000000180)={0x0, 0x1, 0x2, 0x6dd, 0x10, 0x200, 0x10, 0x3, 0x20, 0xffffffff, 0x20, 0x7, &(0x7f00000000c0)=[0x4], 0x1, 0x0})

13.484478547s ago: executing program 1 (id=6141):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000740)=@nat={'nat\x00', 0x8, 0x5, 0x6c8, 0x2a0, 0x390, 0xffffffff, 0xf0, 0xf0, 0x5f8, 0x5f8, 0xffffffff, 0x5f8, 0x5f8, 0x5, 0x0, {[{{@uncond, 0xb7030000, 0xa8, 0xf0}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x14, @ipv6=@mcast1, @ipv4=@rand_addr=0x64010101, @port=0x4e21, @port=0x4e22}}}, {{@ipv6={@local, @private0, [0xff000000, 0xff, 0xff, 0xffffff00], [0xffffffff, 0xffffffff, 0x0, 0xffffff00], 'rose0\x00', 'vlan0\x00', {}, {0xff}, 0x3c, 0x2, 0x0, 0x4e}, 0x0, 0x168, 0x1b0, 0x0, {}, [@common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@dev={0xac, 0x14, 0x14, 0x28}, [], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [], @ipv4=@private, [], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], 0x0, 0x10000}}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv6=@local, @icmp_id, @gre_key=0x4}}}, {{@ipv6={@mcast1, @local, [0x0, 0xff000000], [0x0, 0xff000000], 'wg1\x00', 'ip6erspan0\x00', {}, {}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x17, @ipv4, @ipv4=@empty, @icmp_id=0x64, @icmp_id}}}, {{@ipv6={@private0, @mcast2, [0x0, 0xffffff00, 0xff000000, 0xffffffff], [0x0, 0xff000000, 0xff, 0xff000000], 'veth1_to_team\x00', 'vlan0\x00', {}, {}, 0x62, 0x93, 0x0, 0x14}, 0x0, 0x220, 0x268, 0x0, {}, [@common=@inet=@sctp={{0x148}, {[], [], [0x0, 0x0, 0xba, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3043, 0x0, 0x0, 0x0, 0x0, 0xfffffeff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0xfffffffe], 0x0, [{0x1}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0xfc}]}}, @common=@frag={{0x30}, {[0x5, 0xffff3409], 0x40, 0x25}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x18, @ipv6=@private2, @ipv4=@broadcast, @icmp_id=0x64, @icmp_id=0x65}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x728)
ioctl$EXT4_IOC_GETFSUUID(r0, 0x8008662c, &(0x7f0000000080))
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r2, 0x1)
connect$bt_rfcomm(r2, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003600)=[{{&(0x7f00000000c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000240)=""/79, 0x4f}, {&(0x7f0000000300)=""/66, 0x42}], 0x2, &(0x7f0000000500)=""/222, 0xde}, 0x40}, {{0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000000600)=""/50, 0x32}, {&(0x7f0000000640)=""/225, 0xe1}, {&(0x7f0000000e80)=""/4096, 0x1000}, {&(0x7f0000001e80)=""/104, 0x68}], 0x4, &(0x7f0000001f40)=""/181, 0xb5}, 0x1}, {{0x0, 0x0, &(0x7f00000034c0)=[{&(0x7f0000002000)=""/147, 0x93}, {&(0x7f00000020c0)=""/194, 0xc2}, {&(0x7f00000021c0)=""/32, 0x20}, {&(0x7f0000002200)=""/89, 0x59}, {&(0x7f0000002280)=""/104, 0x68}, {&(0x7f0000002300)=""/145, 0x91}, {&(0x7f00000023c0)=""/100, 0x64}, {&(0x7f0000002440)=""/118, 0x76}, {&(0x7f00000024c0)=""/4096, 0x1000}], 0x9, &(0x7f0000003580)=""/97, 0x61}, 0x1684}], 0x3, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
dup3(r3, 0xffffffffffffffff, 0x0)

9.258204651s ago: executing program 0 (id=6261):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000080)={'syz1\x00', {0x8000, 0x2, 0xa, 0xb0}, 0x26, [0xf0d, 0xc, 0x5, 0x10001, 0x4, 0x84cc, 0x3, 0x6, 0xa, 0x7, 0x2, 0xc, 0x81, 0x6, 0xd, 0x6, 0x23f17a65, 0x800, 0x7, 0x1, 0x7, 0x0, 0x3, 0x7, 0x40, 0x7, 0xfffffffc, 0x7, 0x6, 0x7, 0xe0000, 0x4, 0xffff, 0x1ff, 0xffffff01, 0x7, 0x0, 0x3, 0x627, 0x0, 0x6, 0x800, 0x2, 0x8000, 0x16f1, 0x6, 0x9c89, 0xff, 0x9, 0x24, 0xffffffff, 0x85, 0x6, 0x2, 0xfffffff2, 0x3, 0x8, 0x8, 0x8, 0x3, 0xffffffff, 0x6, 0xb, 0x3d], [0xa8, 0x0, 0xfffffff2, 0x7ff, 0x5, 0x2, 0x7f8, 0x5938, 0x8, 0x1, 0x9, 0x3, 0x8, 0x2, 0x1, 0xf, 0x0, 0x3, 0x9, 0x7, 0x8, 0x0, 0x9, 0xfffffffd, 0x4, 0x24b00000, 0x8, 0x5, 0x3, 0x0, 0xb014, 0x7, 0x4, 0x4, 0x80000001, 0x8, 0x208, 0x7, 0xa1, 0xffff, 0x6, 0x3, 0x5, 0x9, 0x5, 0x4, 0x8000, 0x2, 0x6, 0x8, 0x8, 0x80000001, 0x40, 0x59, 0x5, 0x10, 0x3, 0xe60, 0xd, 0x6, 0x8, 0x3, 0x10, 0x4], [0x100, 0x2000000, 0x6, 0xc, 0x7fff, 0x3, 0x918, 0x80, 0x4, 0xb1a, 0x4, 0x7, 0xc, 0x6a, 0x1, 0x2, 0x8, 0x7, 0x2, 0x9, 0xfff, 0x6, 0xffffffff, 0x1, 0x8, 0xcba8, 0xc, 0x5, 0xfffffffa, 0xc0, 0x7fffffff, 0x6ff, 0x4, 0x3c, 0x7, 0xfc, 0x5, 0x3, 0x0, 0x6, 0x9, 0x5, 0x5, 0x9, 0x80000000, 0x8, 0x2, 0xa5, 0x9, 0x1, 0x39, 0x6c6, 0x8000, 0x8, 0x9, 0x5, 0xba14, 0x9b8e, 0xa8, 0xe4, 0x0, 0xc7, 0x710, 0x5], [0x5, 0xb8000, 0x4, 0x7, 0x1, 0x0, 0x200, 0x3, 0x2, 0x80000000, 0x4, 0x8c48, 0xfffffff8, 0xf, 0xc, 0x0, 0x6, 0x4873, 0x1fa4e05b, 0x1, 0x4, 0x9, 0x8, 0x10, 0x6, 0x7ff, 0x10, 0x28, 0x8, 0x9, 0x80, 0x3bc, 0x9394, 0xe, 0x0, 0xffffffff, 0x2, 0xaf1, 0x17, 0x5, 0x4, 0x9, 0xfffffffe, 0xd, 0x5, 0x18f2210a, 0x7ff, 0x0, 0x3, 0x3, 0x9, 0x0, 0x4, 0x2, 0x9, 0xdaa, 0x2, 0x1, 0x49, 0x7, 0xa, 0x3, 0x3, 0x2b]}, 0x45c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
fsopen(&(0x7f0000000140)='ext3\x00', 0x0)
r2 = socket(0x2d, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f0000000080)={&(0x7f0000000000)={0x2d, 0x0, 0x20, 0x400000}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0xc0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
pipe(&(0x7f0000000080))
pipe2$9p(&(0x7f0000000140), 0x800)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r3, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x106, 0x8}}, 0x20)
writev(r3, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

8.980182434s ago: executing program 3 (id=6262):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000080)={'syz1\x00', {0x8000, 0x2, 0xa, 0xb0}, 0x26, [0xf0d, 0xc, 0x5, 0x10001, 0x4, 0x84cc, 0x3, 0x6, 0xa, 0x7, 0x2, 0xc, 0x81, 0x6, 0xd, 0x6, 0x23f17a65, 0x800, 0x7, 0x1, 0x7, 0x0, 0x3, 0x7, 0x40, 0x7, 0xfffffffc, 0x7, 0x6, 0x7, 0xe0000, 0x4, 0xffff, 0x1ff, 0xffffff01, 0x7, 0x0, 0x3, 0x627, 0x0, 0x6, 0x800, 0x2, 0x8000, 0x16f1, 0x6, 0x9c89, 0xff, 0x9, 0x24, 0xffffffff, 0x85, 0x6, 0x2, 0xfffffff2, 0x3, 0x8, 0x8, 0x8, 0x3, 0xffffffff, 0x6, 0xb, 0x3d], [0xa8, 0x0, 0xfffffff2, 0x7ff, 0x5, 0x2, 0x7f8, 0x5938, 0x8, 0x1, 0x9, 0x3, 0x8, 0x2, 0x1, 0xf, 0x0, 0x3, 0x9, 0x7, 0x8, 0x0, 0x9, 0xfffffffd, 0x4, 0x24b00000, 0x8, 0x5, 0x3, 0x0, 0xb014, 0x7, 0x4, 0x4, 0x80000001, 0x8, 0x208, 0x7, 0xa1, 0xffff, 0x6, 0x3, 0x5, 0x9, 0x5, 0x4, 0x8000, 0x2, 0x6, 0x8, 0x8, 0x80000001, 0x40, 0x59, 0x5, 0x10, 0x3, 0xe60, 0xd, 0x6, 0x8, 0x3, 0x10, 0x4], [0x100, 0x2000000, 0x6, 0xc, 0x7fff, 0x3, 0x918, 0x80, 0x4, 0xb1a, 0x4, 0x7, 0xc, 0x6a, 0x1, 0x2, 0x8, 0x7, 0x2, 0x9, 0xfff, 0x6, 0xffffffff, 0x1, 0x8, 0xcba8, 0xc, 0x5, 0xfffffffa, 0xc0, 0x7fffffff, 0x6ff, 0x4, 0x3c, 0x7, 0xfc, 0x5, 0x3, 0x0, 0x6, 0x9, 0x5, 0x5, 0x9, 0x80000000, 0x8, 0x2, 0xa5, 0x9, 0x1, 0x39, 0x6c6, 0x8000, 0x8, 0x9, 0x5, 0xba14, 0x9b8e, 0xa8, 0xe4, 0x0, 0xc7, 0x710, 0x5], [0x5, 0xb8000, 0x4, 0x7, 0x1, 0x0, 0x200, 0x3, 0x2, 0x80000000, 0x4, 0x8c48, 0xfffffff8, 0xf, 0xc, 0x0, 0x6, 0x4873, 0x1fa4e05b, 0x1, 0x4, 0x9, 0x8, 0x10, 0x6, 0x7ff, 0x10, 0x28, 0x8, 0x9, 0x80, 0x3bc, 0x9394, 0xe, 0x0, 0xffffffff, 0x2, 0xaf1, 0x17, 0x5, 0x4, 0x9, 0xfffffffe, 0xd, 0x5, 0x18f2210a, 0x7ff, 0x0, 0x3, 0x3, 0x9, 0x0, 0x4, 0x2, 0x9, 0xdaa, 0x2, 0x1, 0x49, 0x7, 0xa, 0x3, 0x3, 0x2b]}, 0x45c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
fsopen(&(0x7f0000000140)='ext3\x00', 0x0)
r2 = socket(0x2d, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f0000000080)={&(0x7f0000000000)={0x2d, 0x0, 0x20, 0x400000}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0xc0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
pipe(&(0x7f0000000080))
pipe2$9p(&(0x7f0000000140), 0x800)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r3, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x106, 0x8}}, 0x20)
writev(r3, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

8.109676484s ago: executing program 0 (id=6264):
socket$nl_route(0x10, 0x3, 0x0)
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x6})
ioctl(r1, 0x8b22, &(0x7f0000000040))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$swradio(&(0x7f0000000040), 0x1, 0x2)
pread64(r4, &(0x7f00000002c0)=""/75, 0x4b, 0x0)
ioctl$VIDIOC_EXPBUF(r4, 0xc0405610, &(0x7f0000000140)={0xf, 0x0, 0x2, 0x80})
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)
r6 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000004900010928bd700018dcdf250a001c00", @ANYRES32, @ANYBLOB="0000000014000100fe80000000000000000000000000001f14000100fe8000000000000000000000000000bb080002"], 0x54}}, 0x0)

8.069754634s ago: executing program 3 (id=6265):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000a4c000/0x11000)=nil, 0x11000, 0x0, 0x4000010, 0xffffffffffffffff, 0x4f805000)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000001200)=[{{&(0x7f0000000300)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f00000007c0)=[{&(0x7f0000000380)="09ad8b3d60df985dd22ecaedc08f100fa1911d9e694a4e859ef458429f04ac24d0b92ba36508e1587532922a943cc58002fd00ec33b9b094c2678d1158caebe8607e4563321a75988a641a4a23be589332d8cb5749f2147ee46c2509d4151493466921fef7f7ac628fd04203d4db7fe88e2fdef0008b533a1dee23bf676b504f7dfa952aed624fcfbc2351ca457c", 0x8e}, {&(0x7f0000000480)="d3a49971cf69df821dddace5b8784453a81f1b05dc524c1ae576942db4f35ac280c61219a7a7fd3330d93bed9bfca4394a32018ae487c6b60a70c4579c19d099aa88f497cb4da2fe647cb904305adaa5956f941408ca3142f3870425a580542cd5992c445a7b3cbdf7b22c65e4edbec4d6506a3bf148a3b12198533c2c13347c579358ad81a26afead3c66e1467d5938971eec3eb8ab555ae6e9606d35fe0e2a28f63412ada114dab2fad1aaa0cb0e61983d1a241b1f1ba26200f2f33fba6f7d6118b943abf639513e676547f0ce767c0d5627091c559420ff16494483fc9c86", 0xe0}, {&(0x7f00000006c0)="6218fce8839d720681939538b6eec4316fb120113d26278c922ba0b70bd3461222adfb4009e3411c63196b45b0147e7c94ed65791dce69dd37d3bbb5cdf6d3a9c796dcefdced64abb46c7642406eae648343473aa100b772e759f008a5d0995684c8d1d8009d5a498deba2e4dc9f618c949ff658a18f5616a256bce0e21d8bdbdc621f83b57f366a6f57f12eae9da20b391fa46c8944bf049ee6815785d061b7e5294593775428fb04f07b5c5d12a0886654d7329a9f31bfe8dea12d1c7a30b52650f7d51b4a0e6c9aba99167043a5f88e59f911048a9b", 0xd7}, {&(0x7f0000000580)="217ad92a0257c075012a89ee348497abcec31d089f7899dc08c9671b2c28f558006f089aabbf7158a1f4897942b54df1a7cc56b12c4de04470721a16c7064246149835b7dbf8ea1f46e379cb377f", 0x4e}, {&(0x7f0000000100)="01365137792d984686a4242d65dabbac9d1d7c", 0x13}], 0x5, &(0x7f0000001400)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=0x0, @ANYRESOCT=r2, @ANYBLOB="6b9cf330812b30bcf17041395333885a9535e80544b915ae67c2d9f452484b97588e654529583d559412d928121942f773ef1125a8d594c8aebfe393ae07a3b7a13881416421007163185f8b84cec25ed0f554bc8cfa6f7f72d834b00b043e8224244e1d359b9924d330b4c28ad525434b7c1712ec9a1549f537fa850e493d0ec94d552cae43f29a5effab3445c6446de782a40d1ac4a5e0b9c423aee019396288aca2555655fc90f711daa1a339bdbab36ede06cb27cc23d2e384ccb32b1f230440613539b33ff243f425ad5ee914c3ef6b144c02eee37d132f380b0d0fc59e2a42c48094", @ANYRES32=r6, @ANYRES32=r4, @ANYRES32=r6, @ANYBLOB="0000a1ac00006698219d0948ae1b231191ba7fda5c91e2cb7990ee59321ca775e4add16cc52456bcb45e09d424da27d01fdd53abef2cb897302a7196f1ebbbc16c1c171b9b9f813d893a5178d9e8954c900df6a804d4d99439c5dfb4"], 0x40, 0x24004884}}, {{&(0x7f0000000900)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000ac0)=[{&(0x7f0000000980)="ae39682c14631e63b2b4af75b0bbb2e01dd89d6380ac9f9b8bbba1b7d1ec9c6ceffb9de81980971dc01407e6063854", 0x2f}, {&(0x7f00000009c0)="97175935ef43b847c38b0f44bef0823ac8a34e33121a0fc6eb0970e9520a96b709b6b601fbc20de6512a943e480918b24c224170b1abe04b1bb0614cf93b460676a4810e6f72b138072686ea781daefbda73d9afeb4b00d2f54de53ffa81584a2514e872a70e55763073d100140a3be84679bd2bbf11ec91624e0b7a2424d197c40c897556a93229ab73a375e4c33d8c4afb8c1cc0efe8ec8b06c657e29e5c7c08322473cc1d6b0bf3364fcf6010e8bb8c4f5151497ef0b440494d1e35b415a0713d6fcab9318c859636fdcdc1c2769c48df5b740f", 0xd5}], 0x2, 0x0, 0x0, 0x8000}}, {{&(0x7f0000000b00)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000000b80)="34fffa1abed854d668068fa3318c3b0e56b46d44ef99f731a76c39019cb469729bd74b0c9865ed2dfb8cab249a644e67eca7de7437b9ff0dbe8b0349be648d14aa09f67720fcc8ba54e87d1992b6b2e17a678d9c9007741d45602c073e5dbb39c7a1d16de1a6a7636aec11a0ceb337dcac3a6ff2ca46e8df736a856170169a467499f4935cd5c12bbcc0c9882fa033ca92751534c5d67afe54d78dd5099902c7a4572ded39b3f1347fcd56193bc4563315ce85b7c7058cb1d90e68bc3e9eb854a79b53107693d03967b9e1b5a1c2ce2e3aefa7f46186c4cfa8", 0xd9}, {&(0x7f0000000c80)="260577c27bb67b3ab9c49fa24a8666ceaa0102fe6b762d0c5cdf201d4fbf758cef58fb264c762000dea9190560fb249a1610830dc90a7d5f43849773b4a0affca56c87c3c72b4cfb40420098f7ee40bcba1ded3ccf9856c48216a129fc1627bbad9c9edf201c5517dc64ce622c213db8f9331549c78a26ce14847c7559ef74", 0x7f}, {&(0x7f0000000d00)="889f7de75689397821f5b56321400f2464f38d7a98a704f8ffdd53ada458635ac27c9b9dbda9ba6d941cf18e7a4b4d7a8684987e2fab9c138bc3277ecdafda593571139b8dc881e718ea", 0x4a}, {&(0x7f0000000d80)="d9f0bafb4ec1df9e3363de34ffa3f27f8e20624a41ab327c81913adf3c9d250e3ab18b83f84e28f49e368b7b43e1750f57e51594ce43442a8f3adb44f08fb9bbeee27510f2e69f8813ffc54e14f8f3b9907a1ea478e32eb4b956586b3dde3ea76218f61f5309ebd29d0911ce8cd27d672f8d4c5f526ed9f338ec93d6e9bc3390633defbaa6f87c40ec6d7db1cb52297bc553f01abafd910ff30c6272153887e691c10a479f07b53ae03fa93c9632c1c72fdb560d4949c1a5", 0xb8}, {&(0x7f0000000e40)="5ae47be993a6c4f759df54eb2c462331a9c861ef65bdf47897ffcbd986310cf226fa69ffd13ebdb2c1af237911f563b97b53a7f5d838b0db8e318d8ff550a765cde0aba49860668d3bb0d9a1381dd0f6055e4adc08f636acf3c2f0924d7fd90b419febb5924e4158", 0x68}, {&(0x7f0000000280)="8596968e19110ab2f2d1f1c7c9f3d8d0f8447c5bdaac356f2a8ce521d6a993", 0x1f}, {&(0x7f0000000f80)="ae6f17585c0abb0b9c680ec539917a692df1ac62a74fa7b9ce0368fb019e439625153d9a62a4d7cd83b7a5fb6310fe16cfff977b32f69a758d2b364c037946a439f3e77d9dbfbddebee0b3f6cdf6d7d9024f2854443e610a3542d4c3572d55ff7ccedd9612e7d8ec7c9a02bfce0c39bab711c04e1fe42947335ba5c51a52e88c4f6334384a04454e3e8e80f79cd8ee0526d8218c2fff726ce170ee564505f34519338cf9cd03f55fc2e5e44f9ea927394c7e71e393885bb6d72422af8bc6e3d5ddc4125876e5b9995ab08660a3deaf928b7494bf6c85e4dc989e5582b892c8caf583acca32e0fbe478e76c614858235a6f2ac7def0bf0e89dcd2e836c8d0", 0xfe}], 0x7, &(0x7f00000012c0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r5, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r1, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=0x0, @ANYRESDEC=r0, @ANYBLOB="000000002c000000000000000100000001000000", @ANYRES32, @ANYRES32=r6, @ANYRES32=r7, @ANYRES32, @ANYRES32=r1, @ANYRES32=r4, @ANYRES32=r7, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r3, @ANYRES8=r3, @ANYRES32=0x0, @ANYBLOB="000000c96c010000000200000000000000000000fbd77e9e899880f67e808333fd94e847f0a0fbf09ec062dd2d579f11fdecc3eb77b69e1fa66b5ab0b22c57c998efe3fb32d5ad1d2baa550b181e872bbede6ca4073103a0f1377309962c79a798d5e588b6bf00", @ANYRES32=r4, @ANYRES32=r4, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES8=r2], 0xe0, 0x810}}], 0x3, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r5, @ANYRES8, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
unshare(0x24020400)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r8, &(0x7f0000000f40)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x1, 0x2, 0x2, 0x3, {0xa, 0x4e24, 0x8, @remote, 0x5}}}, 0x32)
getpeername(r8, 0x0, &(0x7f00000000c0))
socket$nl_generic(0x10, 0x3, 0x10)

7.016964071s ago: executing program 0 (id=6267):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, &(0x7f0000002d40)=[{{&(0x7f0000000140)=@nfc, 0xfffffd40, &(0x7f0000000000)=[{&(0x7f0000000200)=""/197, 0xc5}, {&(0x7f00000003c0)=""/186, 0xba}, {&(0x7f0000000300)=""/100, 0x64}, {&(0x7f0000000480)=""/175, 0xaf}], 0x28, &(0x7f00000005c0)=""/66, 0x42}, 0x8000}, {{&(0x7f0000000640)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000a80)=[{&(0x7f00000006c0)=""/115, 0x73}, {&(0x7f0000000540)=""/113, 0x67}, {&(0x7f00000007c0)=""/243, 0xf3}, {&(0x7f00000008c0)=""/40, 0x28}, {&(0x7f0000000900)=""/138, 0x8a}, {&(0x7f00000009c0)=""/3, 0x3}, {&(0x7f0000000a00)=""/70, 0x46}], 0x7, &(0x7f0000002e00)=""/4096, 0x1000}, 0xe}, {{&(0x7f0000001b00)=@nl=@proc, 0x80, &(0x7f0000001c00), 0x1, &(0x7f0000001c40)=""/4096, 0x1000}, 0x88}], 0x3, 0x20100, &(0x7f0000002d00)={0x77359400})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x105)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000001c0)=[{{&(0x7f0000000740)=@sco={0x1f, @none}, 0x80, &(0x7f0000000f80)=[{&(0x7f0000000b00)=""/73, 0x49}, {&(0x7f0000000b80)=""/95, 0x5f}, {&(0x7f0000000c00)=""/67, 0x43}, {&(0x7f0000000c80)=""/160, 0xa0}, {&(0x7f0000000d40)=""/208, 0xd0}, {&(0x7f0000000e40)=""/100, 0x64}, {&(0x7f0000000ec0)=""/164, 0xa4}], 0x7}, 0x2}], 0x1, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r7, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000340)={0x14, r6, 0x4196ccce67868bab}, 0x14}, 0x1, 0x0, 0x0, 0x20040090}, 0x8000)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
socket$unix(0x1, 0x1, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r8, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r8, 0x0)

6.002445082s ago: executing program 3 (id=6270):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000060a01040000000000000000020000000900020073797a32007d131c91deef0d0000000900010073797a30000000000c00034000000000000000021400000011000100000000000096e546469455ce91b0a2fbb8bb6155fab8eb1288be3725244962e2cc99d22225d0c6a32656d35aa9e63cb8cd5164ac3e909656ac6b817950ad2c3264b89bd1da087ce8d1cbf503e9633a403ad7bdbaae23ae0f87f8a25f698f9b1dc4a84e56860183b99010bcf84b159690ab1c"], 0x60}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
r1 = openat$yama_ptrace_scope(0xffffffffffffff9c, 0x0, 0x2, 0x0)
lseek(r1, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = openat$sequencer2(0xffffff9c, &(0x7f00000011c0), 0x143240, 0x0)
ioctl$SNDCTL_SEQ_NRMIDIS(r2, 0xc0045103, &(0x7f0000000040))
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
clock_nanosleep(0xb, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, 0x0)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
epoll_create1(0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
unshare(0x20000400)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x20000023892)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r5, 0x541c, &(0x7f00000003c0))
r6 = socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14)
sendmsg$nl_route_sched(r6, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0xfffffffe, 0x8}}]}}]}, 0x48}}, 0x0)

5.810109096s ago: executing program 0 (id=6271):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
utimensat(0xffffffffffffff9c, 0x0, 0x0, 0x2)
listen(r0, 0xfffffffc)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
getrlimit(0x9, 0x0)
r2 = getpid()
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r3, 0x0, 0xd4, &(0x7f0000000040), 0x4)
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000780)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4f21}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x4)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000426bd7000fcdbdf250100000014000180060005004e22000008000700", @ANYRES32=0x0, @ANYBLOB="0500db97c5cd00004400068014000400ff02000000000000000000000000000108000700", @ANYRES32=0x0, @ANYBLOB="05000200cf00000008000300ac1414bb14000400fe80000000000000000000000000000b"], 0x74}}, 0x20000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
socket$inet6_mptcp(0xa, 0x1, 0x106)
mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0e00000004000000040000001200000000", @ANYBLOB='\x00\x00\x00'], 0x50)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000001000)={r6, &(0x7f0000000fc0)}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)={0xe000001a})
io_uring_setup(0x7d1, &(0x7f0000000580)={0x0, 0xddf9, 0x1, 0xfffffffe, 0x34d})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2)

5.799250942s ago: executing program 2 (id=6272):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40ffffff07000000400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x40090}, 0x20008040)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="40000000210a018800000000000000000a0000010900020073797a31000000000900010073797a31000000001400038010000080"], 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) (fail_nth: 1)

5.052379347s ago: executing program 2 (id=6273):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
bind$can_raw(r0, &(0x7f00000001c0)={0x1d, r1}, 0x10)
readv(r0, &(0x7f0000000fc0)=[{&(0x7f0000003880)=""/4102, 0x1006}], 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000200)=0xd, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
syz_open_dev$media(&(0x7f0000000040), 0xb2e2, 0x20000)
fcntl$dupfd(r2, 0x0, r2)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffe, 0x0, 0x0, 0x3, 0x2000000000000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0)

5.006669607s ago: executing program 3 (id=6274):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000080)={'syz1\x00', {0x8000, 0x2, 0xa, 0xb0}, 0x26, [0xf0d, 0xc, 0x5, 0x10001, 0x4, 0x84cc, 0x3, 0x6, 0xa, 0x7, 0x2, 0xc, 0x81, 0x6, 0xd, 0x6, 0x23f17a65, 0x800, 0x7, 0x1, 0x7, 0x0, 0x3, 0x7, 0x40, 0x7, 0xfffffffc, 0x7, 0x6, 0x7, 0xe0000, 0x4, 0xffff, 0x1ff, 0xffffff01, 0x7, 0x0, 0x3, 0x627, 0x0, 0x6, 0x800, 0x2, 0x8000, 0x16f1, 0x6, 0x9c89, 0xff, 0x9, 0x24, 0xffffffff, 0x85, 0x6, 0x2, 0xfffffff2, 0x3, 0x8, 0x8, 0x8, 0x3, 0xffffffff, 0x6, 0xb, 0x3d], [0xa8, 0x0, 0xfffffff2, 0x7ff, 0x5, 0x2, 0x7f8, 0x5938, 0x8, 0x1, 0x9, 0x3, 0x8, 0x2, 0x1, 0xf, 0x0, 0x3, 0x9, 0x7, 0x8, 0x0, 0x9, 0xfffffffd, 0x4, 0x24b00000, 0x8, 0x5, 0x3, 0x0, 0xb014, 0x7, 0x4, 0x4, 0x80000001, 0x8, 0x208, 0x7, 0xa1, 0xffff, 0x6, 0x3, 0x5, 0x9, 0x5, 0x4, 0x8000, 0x2, 0x6, 0x8, 0x8, 0x80000001, 0x40, 0x59, 0x5, 0x10, 0x3, 0xe60, 0xd, 0x6, 0x8, 0x3, 0x10, 0x4], [0x100, 0x2000000, 0x6, 0xc, 0x7fff, 0x3, 0x918, 0x80, 0x4, 0xb1a, 0x4, 0x7, 0xc, 0x6a, 0x1, 0x2, 0x8, 0x7, 0x2, 0x9, 0xfff, 0x6, 0xffffffff, 0x1, 0x8, 0xcba8, 0xc, 0x5, 0xfffffffa, 0xc0, 0x7fffffff, 0x6ff, 0x4, 0x3c, 0x7, 0xfc, 0x5, 0x3, 0x0, 0x6, 0x9, 0x5, 0x5, 0x9, 0x80000000, 0x8, 0x2, 0xa5, 0x9, 0x1, 0x39, 0x6c6, 0x8000, 0x8, 0x9, 0x5, 0xba14, 0x9b8e, 0xa8, 0xe4, 0x0, 0xc7, 0x710, 0x5], [0x5, 0xb8000, 0x4, 0x7, 0x1, 0x0, 0x200, 0x3, 0x2, 0x80000000, 0x4, 0x8c48, 0xfffffff8, 0xf, 0xc, 0x0, 0x6, 0x4873, 0x1fa4e05b, 0x1, 0x4, 0x9, 0x8, 0x10, 0x6, 0x7ff, 0x10, 0x28, 0x8, 0x9, 0x80, 0x3bc, 0x9394, 0xe, 0x0, 0xffffffff, 0x2, 0xaf1, 0x17, 0x5, 0x4, 0x9, 0xfffffffe, 0xd, 0x5, 0x18f2210a, 0x7ff, 0x0, 0x3, 0x3, 0x9, 0x0, 0x4, 0x2, 0x9, 0xdaa, 0x2, 0x1, 0x49, 0x7, 0xa, 0x3, 0x3, 0x2b]}, 0x45c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
fsopen(&(0x7f0000000140)='ext3\x00', 0x0)
r2 = socket(0x2d, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f0000000080)={&(0x7f0000000000)={0x2d, 0x0, 0x20, 0x400000}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0xc0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
pipe(&(0x7f0000000080))
pipe2$9p(&(0x7f0000000140), 0x800)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r3, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x106, 0x8}}, 0x20)
writev(r3, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

4.869501671s ago: executing program 0 (id=6275):
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
connect$netlink(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
pipe2$watch_queue(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r0, 0x1d)
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100024286bd10b00d815522f90102030109021200019ddb"], 0x0)
syz_open_dev$I2C(0x0, 0x1, 0x2603)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_emit_ethernet(0x5e, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0xe9, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x15, 0x0, 0x0)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bind$802154_raw(0xffffffffffffffff, 0x0, 0x0)
getpid()
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300697036746e6c300000000000000000001c0012800b000100697036746e6c00000c00028006000f0000000002486f2b02045d975e5e27bf49e5d34c62dd6149220bd56fcb53119cc34d81c388c4c1abc3ce09d4ac8bdd0376f98fe2b6e3ed5b63ee15ae524d96bd2a303f9f09a10bb8418deb360b761b8bb749daa4cfc7c453f035ea6f9a320b80a1243395fdecd2a8a3ce455005ef2c2563eb7ba1d09d46045b0489a1cb4235ed6116e0d603e647b62c59c482f87460fa53e63e6742e5b0f0da3d486064acd48d4a8d"], 0x50}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)

4.487489884s ago: executing program 4 (id=5943):
r0 = openat$kvm(0xffffff9c, 0x0, 0x800, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
ptrace$poke(0x4, r1, &(0x7f0000000380), 0x917)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x2004000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00"/14, @ANYRES32=0x0, @ANYBLOB="00003b2b92af3fa0a8aadf8eba6493f75266", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_CMD(r4, 0x80506409, &(0x7f0000000180)={0x0, 0x1, 0x2, 0x6dd, 0x10, 0x200, 0x10, 0x3, 0x20, 0xffffffff, 0x20, 0x7, &(0x7f00000000c0)=[0x4], 0x1, 0x0})

2.954211802s ago: executing program 2 (id=6276):
socket$nl_route(0x10, 0x3, 0x0)
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x6})
ioctl(r1, 0x8b22, &(0x7f0000000040))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$swradio(&(0x7f0000000040), 0x1, 0x2)
pread64(r4, &(0x7f00000002c0)=""/75, 0x4b, 0x0)
ioctl$VIDIOC_EXPBUF(r4, 0xc0405610, &(0x7f0000000140)={0xf, 0x0, 0x2, 0x80})
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.953539335s ago: executing program 3 (id=6277):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000060a01040000000000000000020000000900020073797a32007d131c91deef0d0000000900010073797a30000000000c00034000000000000000021400000011000100000000000096e546469455ce91b0a2fbb8bb6155fab8eb1288be3725244962e2cc99d22225d0c6a32656d35aa9e63cb8cd5164ac3e909656ac6b817950ad2c3264b89bd1da087ce8d1cbf503e9633a403ad7bdbaae23ae0f87f8a25f698f9b1dc4a84e56860183b99010bcf84b159690ab1c"], 0x60}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
r1 = openat$yama_ptrace_scope(0xffffffffffffff9c, 0x0, 0x2, 0x0)
lseek(r1, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = openat$sequencer2(0xffffff9c, &(0x7f00000011c0), 0x143240, 0x0)
ioctl$SNDCTL_SEQ_NRMIDIS(r2, 0xc0045103, &(0x7f0000000040))
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
clock_nanosleep(0xb, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, 0x0)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
epoll_create1(0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
unshare(0x20000400)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x20000023892)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r5, 0x541c, &(0x7f00000003c0))
socket(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)

1.743679287s ago: executing program 2 (id=6278):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xffffff9e, 0x0, 0x0, 0x41100, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$6lowpan_control(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(r5, &(0x7f0000000380)='disconnect aa:aa:aa:aa:aa:11 1', 0x1e)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'ip6gretap0\x00'})
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
io_uring_setup(0xf08, &(0x7f00000003c0)={0x0, 0xbb0c, 0x2, 0x0, 0xf0})
socket$nl_netfilter(0x10, 0x3, 0xc)
getresgid(&(0x7f0000000040), &(0x7f0000000180), &(0x7f0000000240))
socket$netlink(0x10, 0x3, 0x8000000004)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001780)={{{@in=@local, @in=@remote}}, {{@in6=@empty}, 0x0, @in=@local}}, &(0x7f0000001880)=0xe8)
statx(0xffffffffffffff9c, &(0x7f0000001a00)='./file0\x00', 0x6000, 0x7ff, &(0x7f0000001a40))
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x503}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8, 0x2, 0x80}, @IFLA_BR_MAX_AGE={0x8, 0x3, 0xa}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

1.537112117s ago: executing program 3 (id=6279):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(r0, 0x5, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0)
capset(0x0, 0x0)
syslog(0x0, 0x0, 0x0)
openat$comedi(0xffffffffffffff9c, 0x0, 0x0, 0x0)
process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0)
ioctl$USBDEVFS_RESET(r3, 0x5514)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setgroups(0x0, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)

448.022118ms ago: executing program 0 (id=6280):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000000f14010027bd7000fcdbdf250b00450075766572627376"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc4000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x30, r3, 0x239, 0x70bd27, 0x0, {}, [@TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x101}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffffffffffff}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000802}, 0x20008810)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_freezer_state(r4, &(0x7f0000000140), 0x2, 0x0)
write$cgroup_freezer_state(r5, 0x0, 0x0)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
recvmsg$can_raw(r6, &(0x7f0000001580)={&(0x7f0000000040)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @remote}}, 0x80, &(0x7f0000001680)=[{&(0x7f0000000300)=""/66, 0x42}, {0x0}, {&(0x7f0000000140)=""/82, 0x52}, {&(0x7f00000013c0)=""/168, 0xa8}, {&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f0000001700)=""/197, 0xc5}, {&(0x7f00000000c0)=""/24, 0x18}, {&(0x7f00000015c0)=""/165, 0xa5}], 0x8, &(0x7f0000001500)=""/123, 0x7b}, 0x2106)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f00000003c0)={0x1, 0x0, [{0x40000002}]})
r10 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r10, 0x84, 0x81, &(0x7f0000000280)="1a0000000212a277", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r10, 0x84, 0x17, &(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="06"], 0x9)

358.748565ms ago: executing program 2 (id=6281):
socket$netlink(0x10, 0x3, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xbf5ce000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r4=>0x0}, &(0x7f0000000100)=0x86)
setresuid(0x0, r4, 0x0)
add_key(&(0x7f00000003c0)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f0000000380)="6999", 0x2, 0xfffffffffffffffe)
add_key(&(0x7f00000000c0)='trusted\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f0000000480)="1d6819b0062e2db411b3010c9cb396bbb5dec5baa9387b2a8806cc118d9c080e4fff98880ac7daef6c0f00a4a63c585c5e5a66061b040000002067f7b89c8b5dafd0f1d47ab12cfe7652cc84b3005f7cd73d2ddb4d36b4d164681a488d26844510cc3f", 0x63, 0xfffffffffffffffd)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f00000001c0)={{@local, 0x10001}, @my=0x0, 0xe, 0xb, 0x3, 0x0, 0x2, 0x5, 0x3f9})
r5 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_S_FREQUENCY(r5, 0x402c5639, &(0x7f0000000380)={0x6, 0x2, 0x5})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_io_uring_setup(0x18d6, 0x0, 0x0, 0x0)
socket$inet(0x2, 0x3, 0xd)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x64)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chroot(&(0x7f0000000a40)='./file0\x00')
syz_open_dev$tty20(0xc, 0x4, 0x1)
syz_open_dev$tty20(0xc, 0x4, 0x1)
socket(0x10, 0x803, 0x0)

0s ago: executing program 2 (id=6282):
open(0x0, 0x240b40, 0xa2)
fanotify_mark(0xffffffffffffffff, 0x161, 0x40000867, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x1e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x8d2, 0x0, &(0x7f00000002c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_io_uring_submit(r2, r3, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2})
ioctl$vim2m_VIDIOC_QBUF(r4, 0xc058560f, &(0x7f0000000240)=@mmap={0x1, 0x2, 0x4, 0x100000, 0x9, {}, {0x1, 0x0, 0x4, 0xc0, 0x0, 0xf0, "18a6fc23"}, 0x1, 0x1, {}, 0x1})
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000040)=0x1)
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000080)=0x2)
ioctl$vim2m_VIDIOC_QBUF(r4, 0xc058560f, &(0x7f0000000180)=@mmap={0x1, 0x1, 0xfffffffffffffe05, 0x8, 0x81, {}, {0x4, 0x8, 0x8, 0x5, 0x29, 0x9, "0adb3fb8"}, 0x5})
ioctl$vim2m_VIDIOC_DQBUF(r4, 0xc0585611, 0x0)

kernel console output (not intermixed with test programs):

err -2)
[ 1973.597422][   T35] bridge_slave_1: left allmulticast mode
[ 1973.669630][   T35] bridge_slave_1: left promiscuous mode
[ 1973.696819][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1973.717349][   T35] bridge_slave_0: left allmulticast mode
[ 1973.731257][   T35] bridge_slave_0: left promiscuous mode
[ 1973.740986][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1973.892805][T25351] Bluetooth: hci0: command tx timeout
[ 1975.023226][T19938] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[ 1975.185965][T28154] __nla_validate_parse: 337 callbacks suppressed
[ 1975.185982][T28154] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5964'.
[ 1975.209125][T19938] usb 3-1: Using ep0 maxpacket: 16
[ 1975.353074][T19938] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1975.388340][T19938] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1975.433213][T19938] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1975.462954][T19938] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1975.498900][T19938] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1975.512132][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1975.518417][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1975.531771][ T1297] lec:lec_start_xmit: lec0:No lecd attached
[ 1975.543713][T19938] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1975.557525][T19938] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1975.571303][T19938] usb 3-1: Manufacturer: syz
[ 1975.571586][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1975.586819][T19938] usb 3-1: config 0 descriptor??
[ 1975.604309][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1975.625180][   T35] bond0 (unregistering): Released all slaves
[ 1975.952859][T19938] rc_core: IR keymap rc-hauppauge not found
[ 1975.959430][T19938] Registered IR keymap rc-empty
[ 1975.985524][T19938] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1976.008850][T25351] Bluetooth: hci0: command tx timeout
[ 1976.162496][T19938] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1976.262779][   T35] tipc: Left network mode
[ 1976.283533][T19938] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[ 1976.324375][T19938] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input165
[ 1976.478634][T19938] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1976.542792][T19938] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1976.618116][T19938] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1976.625389][  T792] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[ 1976.645454][T19938] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1976.689492][T19938] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1976.790777][T19938] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1976.810595][  T792] usb 4-1: config 0 has no interfaces?
[ 1976.824585][T19938] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1976.827020][  T792] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1976.847440][  T792] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1976.853357][T19938] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1976.973438][T19938] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1976.988297][  T792] usb 4-1: SerialNumber: syz
[ 1977.002834][T19938] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1977.008249][  T792] usb 4-1: config 0 descriptor??
[ 1977.487285][T19938] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 1977.549430][T19938] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1977.629661][T19938] usb 3-1: USB disconnect, device number 4
[ 1978.249047][  T792] usb 4-1: USB disconnect, device number 126
[ 1978.472310][   T35] hsr_slave_0: left promiscuous mode
[ 1978.479851][   T35] hsr_slave_1: left promiscuous mode
[ 1978.490326][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1978.499479][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1978.508991][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1978.521631][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1978.567562][   T35] batman_adv: batadv0: Removing interface: dummy0
[ 1978.591276][T28192] Bluetooth: MGMT ver 1.23
[ 1978.631708][   T35] veth1_macvtap: left promiscuous mode
[ 1978.650267][   T35] veth0_macvtap: left promiscuous mode
[ 1978.670509][   T35] veth1_vlan: left promiscuous mode
[ 1978.677909][   T35] veth0_vlan: left promiscuous mode
[ 1979.715206][T28208] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5981'.
[ 1979.780585][T28212] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5983'.
[ 1979.872291][T28218] fuse: Bad value for 'fd'
[ 1979.949345][T28221] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5983'.
[ 1980.084403][T28225] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5983'.
[ 1980.113784][   T35] team0 (unregistering): Port device team_slave_1 removed
[ 1980.314126][   T35] team0 (unregistering): Port device team_slave_0 removed
[ 1980.552748][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5020 ms
[ 1980.560777][    C0] lec:lec_tx_timeout: lec0
[ 1981.608405][T28023] netdevsim netdevsim4 netdevsim0: renamed from eth1
[ 1981.656222][ T5809] usb 1-1: new high-speed USB device number 122 using dummy_hcd
[ 1981.674470][T28023] netdevsim netdevsim4 netdevsim1: renamed from eth2
[ 1981.702431][T28023] netdevsim netdevsim4 netdevsim2: renamed from eth3
[ 1981.790037][ T9096] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[ 1981.816659][T28023] netdevsim netdevsim4 netdevsim3: renamed from eth4
[ 1981.884206][ T5809] usb 1-1: config 0 has no interfaces?
[ 1981.901897][ T5809] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1981.916589][ T5809] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1981.925340][ T5809] usb 1-1: SerialNumber: syz
[ 1981.953792][ T9096] usb 3-1: no configurations
[ 1981.993376][T28247] FAULT_INJECTION: forcing a failure.
[ 1981.993376][T28247] name failslab, interval 1, probability 0, space 0, times 0
[ 1982.002789][ T9096] usb 3-1: can't read configurations, error -22
[ 1982.006095][T28247] CPU: 0 UID: 0 PID: 28247 Comm: syz.1.5992 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1982.006119][T28247] Tainted: [L]=SOFTLOCKUP
[ 1982.006125][T28247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1982.006134][T28247] Call Trace:
[ 1982.006140][T28247]  <TASK>
[ 1982.006147][T28247]  dump_stack_lvl+0x100/0x190
[ 1982.006171][T28247]  should_fail_ex.cold+0x5/0xa
[ 1982.006198][T28247]  should_failslab+0xc2/0x120
[ 1982.006218][T28247]  __kvmalloc_node_noprof+0x101/0xac0
[ 1982.006238][T28247]  ? seq_read_iter+0x819/0x1270
[ 1982.006260][T28247]  ? seq_read_iter+0x819/0x1270
[ 1982.006276][T28247]  seq_read_iter+0x819/0x1270
[ 1982.006302][T28247]  seq_read+0x33b/0x4c0
[ 1982.006319][T28247]  ? __pfx_seq_read+0x10/0x10
[ 1982.006339][T28247]  ? lock_acquire+0x17c/0x330
[ 1982.006359][T28247]  ? selinux_file_permission+0x8f/0x6d0
[ 1982.006380][T28247]  ? __pfx_seq_read+0x10/0x10
[ 1982.006397][T28247]  proc_reg_read+0x240/0x330
[ 1982.006412][T28247]  ? __pfx_proc_reg_read+0x10/0x10
[ 1982.006428][T28247]  vfs_read+0x1e4/0xb30
[ 1982.006448][T28247]  ? __pfx_vfs_read+0x10/0x10
[ 1982.006462][T28247]  ? find_held_lock+0x2b/0x80
[ 1982.006483][T28247]  ? __fget_files+0x215/0x3d0
[ 1982.006504][T28247]  ? __fget_files+0x21f/0x3d0
[ 1982.006529][T28247]  ksys_read+0x12a/0x250
[ 1982.006545][T28247]  ? __pfx_ksys_read+0x10/0x10
[ 1982.006567][T28247]  do_syscall_64+0xc9/0xf80
[ 1982.006587][T28247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1982.006603][T28247] RIP: 0033:0x7fd8e499aeb9
[ 1982.006616][T28247] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1982.006630][T28247] RSP: 002b:00007fd8e2bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1982.006646][T28247] RAX: ffffffffffffffda RBX: 00007fd8e4c16090 RCX: 00007fd8e499aeb9
[ 1982.006656][T28247] RDX: 000000005ecfb203 RSI: 0000200000002780 RDI: 0000000000000004
[ 1982.006666][T28247] RBP: 00007fd8e2bf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1982.006675][T28247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1982.006684][T28247] R13: 00007fd8e4c16128 R14: 00007fd8e4c16090 R15: 00007ffc3e462de8
[ 1982.006707][T28247]  </TASK>
[ 1982.527295][ T5809] usb 1-1: config 0 descriptor??
[ 1982.672845][ T9096] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[ 1982.757677][ T5925] usb 1-1: USB disconnect, device number 122
[ 1982.839160][ T9096] usb 3-1: no configurations
[ 1982.846165][ T9096] usb 3-1: can't read configurations, error -22
[ 1982.864131][ T9096] usb usb3-port1: attempt power cycle
[ 1982.972663][T28023] 8021q: adding VLAN 0 to HW filter on device team0
[ 1983.003653][T11704] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1983.010740][T11704] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1983.118640][T11704] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1983.125717][T11704] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1983.749427][ T9096] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[ 1983.774243][ T9096] usb 3-1: no configurations
[ 1983.778845][ T9096] usb 3-1: can't read configurations, error -22
[ 1983.932890][ T9096] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[ 1983.975656][ T9096] usb 3-1: no configurations
[ 1983.993046][ T9096] usb 3-1: can't read configurations, error -22
[ 1984.032812][ T9096] usb usb3-port1: unable to enumerate USB device
[ 1984.122923][ T5809] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[ 1984.304949][ T5809] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1984.340986][ T5809] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1984.379651][ T5809] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1984.388660][T28023] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1984.426875][ T5809] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1984.453477][ T5809] usb 4-1: SerialNumber: syz
[ 1984.998237][T28283] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5998'.
[ 1985.215723][ T5809] usb 4-1: 0:2 : does not exist
[ 1985.220658][ T5809] usb 4-1: unit 5 not found!
[ 1985.281832][   T30] audit: type=1400 audit(1769441768.456:5039): avc:  denied  { mount } for  pid=28268 comm="syz.0.5997" name="/" dev="rpc_pipefs" ino=120708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[ 1985.458938][ T5809] usb 4-1: USB disconnect, device number 127
[ 1985.532820][T27896] udevd[27896]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1985.649415][T28289] FAULT_INJECTION: forcing a failure.
[ 1985.649415][T28289] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1985.866375][T28289] CPU: 0 UID: 0 PID: 28289 Comm: syz.1.5999 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1985.866393][T28289] Tainted: [L]=SOFTLOCKUP
[ 1985.866397][T28289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1985.866404][T28289] Call Trace:
[ 1985.866411][T28289]  <TASK>
[ 1985.866416][T28289]  dump_stack_lvl+0x100/0x190
[ 1985.866435][T28289]  should_fail_ex.cold+0x5/0xa
[ 1985.866454][T28289]  _copy_from_user+0x2e/0xd0
[ 1985.866470][T28289]  copy_msghdr_from_user+0x9f/0x4f0
[ 1985.866483][T28289]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1985.866501][T28289]  ___sys_sendmsg+0x106/0x1e0
[ 1985.866513][T28289]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1985.866531][T28289]  ? find_held_lock+0x2b/0x80
[ 1985.866554][T28289]  __sys_sendmsg+0x170/0x220
[ 1985.866568][T28289]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1985.866592][T28289]  do_syscall_64+0xc9/0xf80
[ 1985.866605][T28289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1985.866616][T28289] RIP: 0033:0x7fd8e499aeb9
[ 1985.866626][T28289] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1985.866636][T28289] RSP: 002b:00007fd8e5780028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1985.866647][T28289] RAX: ffffffffffffffda RBX: 00007fd8e4c15fa0 RCX: 00007fd8e499aeb9
[ 1985.866655][T28289] RDX: 0000000020000014 RSI: 0000200000000200 RDI: 0000000000000003
[ 1985.866661][T28289] RBP: 00007fd8e5780090 R08: 0000000000000000 R09: 0000000000000000
[ 1985.866668][T28289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1985.866674][T28289] R13: 00007fd8e4c16038 R14: 00007fd8e4c15fa0 R15: 00007ffc3e462de8
[ 1985.866688][T28289]  </TASK>
[ 1986.247362][T28295] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6001'.
[ 1986.423212][T28299] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6001'.
[ 1986.450586][T28023] veth0_vlan: entered promiscuous mode
[ 1986.492272][T28023] veth1_vlan: entered promiscuous mode
[ 1986.524178][T28295] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6001'.
[ 1986.692191][T28023] veth0_macvtap: entered promiscuous mode
[ 1986.740760][T28023] veth1_macvtap: entered promiscuous mode
[ 1986.907050][T28023] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1986.956405][T28023] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1986.986208][T28023] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1987.024756][T28023] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1987.056452][T28023] wireguard: wg0: Could not create IPv4 socket
[ 1987.094630][T28023] wireguard: wg1: Could not create IPv4 socket
[ 1987.101933][T28023] wireguard: wg2: Could not create IPv4 socket
[ 1988.383516][T20492] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[ 1988.864444][T28316] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6008'.
[ 1988.873517][T28316] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6008'.
[ 1988.882890][T28316] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6008'.
[ 1988.891737][T28316] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6008'.
[ 1988.900896][T28316] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6008'.
[ 1988.909733][T28316] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6008'.
[ 1988.937748][T28317] Failed to initialize the IGMP autojoin socket (err -2)
[ 1988.962511][T20492] usb 3-1: config 0 has no interfaces?
[ 1988.983788][T20492] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1989.016787][T20492] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1989.119881][T20492] usb 3-1: SerialNumber: syz
[ 1989.132853][T20492] usb 3-1: config 0 descriptor??
[ 1989.485628][ T5809] usb 3-1: USB disconnect, device number 9
[ 1989.788534][   T30] audit: type=1400 audit(1769441772.976:5040): avc:  denied  { append } for  pid=28331 comm="syz.3.6004" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1989.846397][   T30] audit: type=1400 audit(1769441773.036:5041): avc:  denied  { append } for  pid=28331 comm="syz.3.6004" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1989.881060][T28329] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1990.199014][T28345] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1991.146922][T20764] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1991.157390][T20764] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1991.192844][T20764] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1991.200661][T20764] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1991.208912][T20764] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1991.238100][T28361] Failed to initialize the IGMP autojoin socket (err -2)
[ 1992.077109][T28374] __nla_validate_parse: 166 callbacks suppressed
[ 1992.077128][T28374] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6017'.
[ 1992.132832][T28374] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6017'.
[ 1992.427963][T28390] comedi comedi0: comedi_config --init_data is deprecated
[ 1992.479489][T28394] fuse: Unknown parameter '0x0000000000000003'
[ 1992.578588][T28391] netlink: 100 bytes leftover after parsing attributes in process `syz.3.6020'.
[ 1992.664556][T28397] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1992.683141][T28395] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6019'.
[ 1992.692440][T28395] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6019'.
[ 1992.701627][T28395] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6019'.
[ 1992.710484][T28395] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6019'.
[ 1992.719789][T28395] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6019'.
[ 1992.729013][T28395] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6019'.
[ 1992.738157][T28395] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6019'.
[ 1992.761698][T28401] Failed to initialize the IGMP autojoin socket (err -2)
[ 1993.373233][T25351] Bluetooth: hci0: command tx timeout
[ 1993.583792][T28419] 9p: Bad value for 'rfdno'
[ 1993.789629][ T9096] usb 2-1: new high-speed USB device number 105 using dummy_hcd
[ 1994.022801][ T9096] usb 2-1: Using ep0 maxpacket: 32
[ 1994.034198][ T9096] usb 2-1: config 0 has an invalid interface number: 126 but max is 0
[ 1994.048529][ T9096] usb 2-1: config 0 has no interface number 0
[ 1994.064335][ T9096] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[ 1994.070912][T28361] netdevsim netdevsim4 netdevsim0: renamed from eth1
[ 1994.075969][ T9096] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[ 1994.142229][ T9096] usb 2-1: config 0 interface 126 has no altsetting 0
[ 1994.594788][   T30] audit: type=1400 audit(1769441777.536:5042): avc:  denied  { bind } for  pid=28428 comm="syz.2.6027" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[ 1994.625268][ T9096] usb 2-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[ 1994.653648][ T9096] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1994.662725][ T9096] usb 2-1: Product: syz
[ 1994.667955][ T9096] usb 2-1: Manufacturer: syz
[ 1994.672555][ T9096] usb 2-1: SerialNumber: syz
[ 1994.686494][ T9096] usb 2-1: config 0 descriptor??
[ 1994.686695][T28361] netdevsim netdevsim4 netdevsim1: renamed from eth2
[ 1994.781271][T28416] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1994.804862][T28416] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1995.413466][T25351] Bluetooth: hci0: command tx timeout
[ 1995.945503][T28447] Failed to initialize the IGMP autojoin socket (err -2)
[ 1995.961323][T28361] netdevsim netdevsim4 netdevsim2: renamed from eth3
[ 1996.143615][T28361] netdevsim netdevsim4 netdevsim3: renamed from eth4
[ 1996.700242][   T30] audit: type=1326 audit(1769441779.886:5043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28451 comm="syz.2.6030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0dd719aeb9 code=0x7ffc0000
[ 1996.811486][   T30] audit: type=1326 audit(1769441779.886:5044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28451 comm="syz.2.6030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=106 compat=0 ip=0x7f0dd719aeb9 code=0x7ffc0000
[ 1996.894083][   T30] audit: type=1326 audit(1769441779.886:5045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28451 comm="syz.2.6030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0dd719aeb9 code=0x7ffc0000
[ 1996.994082][   T30] audit: type=1326 audit(1769441779.886:5046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28451 comm="syz.2.6030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f0dd719aeb9 code=0x7ffc0000
[ 1997.031671][   T30] audit: type=1326 audit(1769441779.886:5047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28451 comm="syz.2.6030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0dd719aeb9 code=0x7ffc0000
[ 1997.057048][ T9096] ir_usb 2-1:0.126: IR Dongle converter detected
[ 1997.079755][   T30] audit: type=1326 audit(1769441779.886:5048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28451 comm="syz.2.6030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0dd719aeb9 code=0x7ffc0000
[ 1997.353719][ T9096] usb 2-1: IRDA class descriptor not found, device not bound
[ 1997.370229][ T9096] usb 2-1: USB disconnect, device number 105
[ 1997.499640][T25351] Bluetooth: hci0: command tx timeout
[ 1998.102061][T28495] __nla_validate_parse: 322 callbacks suppressed
[ 1998.102092][T28495] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6033'.
[ 1998.194504][T28497] fuse: Unknown parameter '0x0000000000000003'
[ 1998.223257][T28361] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 1998.440642][T28361] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 1998.493591][T28501] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6035'.
[ 1998.502476][T28501] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6035'.
[ 1998.511949][T28501] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6035'.
[ 1998.520846][T28501] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6035'.
[ 1998.530224][T28501] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6035'.
[ 1998.539476][T28501] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6035'.
[ 1998.548641][T28501] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6035'.
[ 1998.557512][T28501] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6035'.
[ 1998.566762][T28501] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6035'.
[ 1998.593118][T28504] Failed to initialize the IGMP autojoin socket (err -2)
[ 1998.626746][T28361] wireguard: wg0: Could not create IPv4 socket
[ 1998.645004][T28361] wireguard: wg1: Could not create IPv4 socket
[ 1998.653494][T28361] wireguard: wg2: Could not create IPv4 socket
[ 2001.448679][T28533] Failed to initialize the IGMP autojoin socket (err -2)
[ 2001.675881][T28551] fuse: Unknown parameter '0x0000000000000003'
[ 2002.092611][T28557] input: syz0 as /devices/virtual/input/input166
[ 2002.709666][T28563] FAULT_INJECTION: forcing a failure.
[ 2002.709666][T28563] name failslab, interval 1, probability 0, space 0, times 0
[ 2002.722647][T28563] CPU: 0 UID: 0 PID: 28563 Comm: syz.3.6046 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2002.722671][T28563] Tainted: [L]=SOFTLOCKUP
[ 2002.722675][T28563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2002.722682][T28563] Call Trace:
[ 2002.722686][T28563]  <TASK>
[ 2002.722691][T28563]  dump_stack_lvl+0x100/0x190
[ 2002.722721][T28563]  should_fail_ex.cold+0x5/0xa
[ 2002.722750][T28563]  should_failslab+0xc2/0x120
[ 2002.722767][T28563]  __kvmalloc_node_noprof+0x101/0xac0
[ 2002.722781][T28563]  ? __pfx__mutex_trylock_nest_lock+0x10/0x10
[ 2002.722794][T28563]  ? irqentry_exit+0x180/0x670
[ 2002.722806][T28563]  ? file_tty_write.isra.0+0x64e/0x890
[ 2002.722827][T28563]  ? file_tty_write.isra.0+0x64e/0x890
[ 2002.722841][T28563]  file_tty_write.isra.0+0x64e/0x890
[ 2002.722857][T28563]  ? vfs_write+0xbe9/0x1070
[ 2002.722871][T28563]  vfs_write+0x6ac/0x1070
[ 2002.722883][T28563]  ? __pfx_tty_write+0x10/0x10
[ 2002.722898][T28563]  ? __pfx_vfs_write+0x10/0x10
[ 2002.722909][T28563]  ? find_held_lock+0x2b/0x80
[ 2002.722933][T28563]  ksys_write+0x12a/0x250
[ 2002.722944][T28563]  ? __pfx_ksys_write+0x10/0x10
[ 2002.722961][T28563]  do_syscall_64+0xc9/0xf80
[ 2002.722974][T28563]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2002.722985][T28563] RIP: 0033:0x7fa14e19aeb9
[ 2002.722994][T28563] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2002.723005][T28563] RSP: 002b:00007fa14c3d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2002.723016][T28563] RAX: ffffffffffffffda RBX: 00007fa14e416090 RCX: 00007fa14e19aeb9
[ 2002.723024][T28563] RDX: 0000000000001006 RSI: 0000200000002080 RDI: 0000000000000004
[ 2002.723030][T28563] RBP: 00007fa14c3d5090 R08: 0000000000000000 R09: 0000000000000000
[ 2002.723037][T28563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2002.723043][T28563] R13: 00007fa14e416128 R14: 00007fa14e416090 R15: 00007ffdc38911b8
[ 2002.723058][T28563]  </TASK>
[ 2003.492941][T20764] Bluetooth: hci4: command 0x0406 tx timeout
[ 2004.217165][T28573] __nla_validate_parse: 316 callbacks suppressed
[ 2004.217182][T28573] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6050'.
[ 2004.232440][T28573] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6050'.
[ 2004.241774][T28573] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6050'.
[ 2004.250655][T28573] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6050'.
[ 2004.259969][T28573] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6050'.
[ 2004.268854][T28573] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6050'.
[ 2004.278191][T28573] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6050'.
[ 2004.287066][T28573] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6050'.
[ 2004.296361][T28573] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6050'.
[ 2004.305236][T28573] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6050'.
[ 2004.329929][T28575] Failed to initialize the IGMP autojoin socket (err -2)
[ 2005.822880][  T792] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[ 2006.884070][  T792] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2006.893550][  T792] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 2006.913878][  T792] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2006.923064][  T792] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[ 2006.947802][  T792] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[ 2006.974255][  T792] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2007.002741][  T792] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2007.032762][  T792] usb 3-1: Product: syz
[ 2007.036930][  T792] usb 3-1: Manufacturer: syz
[ 2007.074434][  T792] cdc_wdm 3-1:1.0: skipping garbage
[ 2007.083033][  T792] cdc_wdm 3-1:1.0: skipping garbage
[ 2007.095405][  T792] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[ 2007.107607][  T792] cdc_wdm 3-1:1.0: Unknown control protocol
[ 2007.298921][ T5925] usb 3-1: USB disconnect, device number 10
[ 2007.671568][T28630] sp0: Synchronizing with TNC
[ 2007.816146][T28630] Failed to initialize the IGMP autojoin socket (err -2)
[ 2009.675233][T28650] fuse: Unknown parameter '0x0000000000000003'
[ 2009.827958][T20764] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2009.839342][T20764] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2009.847212][T20764] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2009.854916][T20764] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2009.862422][T20764] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2009.880081][T28656] __nla_validate_parse: 319 callbacks suppressed
[ 2009.880094][T28656] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6061'.
[ 2009.887176][T28648] Failed to initialize the IGMP autojoin socket (err -2)
[ 2010.332963][T19938] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[ 2011.018446][T28668] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6062'.
[ 2011.027355][T28668] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6062'.
[ 2011.036691][T28668] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6062'.
[ 2011.046462][T28668] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6062'.
[ 2011.056211][T28668] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6062'.
[ 2011.065094][T28668] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6062'.
[ 2011.074447][T28668] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6062'.
[ 2011.083351][T28668] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6062'.
[ 2011.092569][T28668] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6062'.
[ 2011.124220][T28669] Failed to initialize the IGMP autojoin socket (err -2)
[ 2011.145245][T19938] usb 4-1: config 0 has an invalid interface number: 50 but max is 0
[ 2011.183339][T19938] usb 4-1: config 0 has no interface number 0
[ 2011.334268][T19938] usb 4-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=a2.ec
[ 2011.353347][T19938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2011.361336][T19938] usb 4-1: Product: syz
[ 2011.378658][T19938] usb 4-1: Manufacturer: syz
[ 2011.392341][T19938] usb 4-1: SerialNumber: syz
[ 2011.616359][T19938] usb 4-1: config 0 descriptor??
[ 2011.659954][T19938] redrat3 4-1:0.50: Couldn't find all endpoints
[ 2011.736282][   T30] audit: type=1400 audit(1769441794.916:5049): avc:  denied  { mount } for  pid=28674 comm="syz.2.6066" name="/" dev="hugetlbfs" ino=123969 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[ 2011.845763][T28667] FAULT_INJECTION: forcing a failure.
[ 2011.845763][T28667] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2011.891650][T28667] CPU: 1 UID: 0 PID: 28667 Comm: syz.3.6064 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2011.891677][T28667] Tainted: [L]=SOFTLOCKUP
[ 2011.891684][T28667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2011.891695][T28667] Call Trace:
[ 2011.891701][T28667]  <TASK>
[ 2011.891709][T28667]  dump_stack_lvl+0x100/0x190
[ 2011.891737][T28667]  should_fail_ex.cold+0x5/0xa
[ 2011.891768][T28667]  _copy_to_user+0x32/0xd0
[ 2011.891795][T28667]  simple_read_from_buffer+0xcb/0x170
[ 2011.891818][T28667]  proc_fail_nth_read+0x1af/0x230
[ 2011.891845][T28667]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2011.891870][T28667]  ? rw_verify_area+0xce/0x6d0
[ 2011.891887][T28667]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2011.891911][T28667]  vfs_read+0x1e4/0xb30
[ 2011.891934][T28667]  ? __pfx_vfs_read+0x10/0x10
[ 2011.891951][T28667]  ? find_held_lock+0x2b/0x80
[ 2011.891975][T28667]  ? __fget_files+0x215/0x3d0
[ 2011.892001][T28667]  ? __fget_files+0x21f/0x3d0
[ 2011.892029][T28667]  ksys_read+0x12a/0x250
[ 2011.892048][T28667]  ? __pfx_ksys_read+0x10/0x10
[ 2011.892076][T28667]  do_syscall_64+0xc9/0xf80
[ 2011.892099][T28667]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2011.892117][T28667] RIP: 0033:0x7fa14e15b78e
[ 2011.892132][T28667] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2011.892148][T28667] RSP: 002b:00007fa14c3f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2011.892165][T28667] RAX: ffffffffffffffda RBX: 00007fa14c3f66c0 RCX: 00007fa14e15b78e
[ 2011.892177][T28667] RDX: 000000000000000f RSI: 00007fa14c3f60a0 RDI: 0000000000000004
[ 2011.892187][T28667] RBP: 00007fa14c3f6090 R08: 0000000000000000 R09: 0000000000000000
[ 2011.892198][T28667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2011.892209][T28667] R13: 00007fa14e416038 R14: 00007fa14e415fa0 R15: 00007ffdc38911b8
[ 2011.892239][T28667]  </TASK>
[ 2011.892935][T20764] Bluetooth: hci0: command tx timeout
[ 2011.920905][T19938] usb 4-1: USB disconnect, device number 2
[ 2012.122772][T15013] usb 2-1: new high-speed USB device number 106 using dummy_hcd
[ 2012.312749][T15013] usb 2-1: Using ep0 maxpacket: 16
[ 2012.331192][T15013] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2012.342974][T15013] usb 2-1: config 0 interface 0 has no altsetting 0
[ 2012.349632][T15013] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 2012.369212][T15013] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2012.398970][T15013] usb 2-1: config 0 descriptor??
[ 2012.769150][T28699] overlayfs: failed to resolve './file1': -2
[ 2012.911692][T28648] netdevsim netdevsim4 netdevsim0: renamed from eth1
[ 2012.955306][T28648] netdevsim netdevsim4 netdevsim1: renamed from eth2
[ 2012.988311][T28648] netdevsim netdevsim4 netdevsim2: renamed from eth3
[ 2012.998092][T15013] nzxt-smart2 0003:1E71:2009.0041: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.1-1/input0
[ 2013.072274][T28648] netdevsim netdevsim4 netdevsim3: renamed from eth4
[ 2014.019008][T20764] Bluetooth: hci0: command tx timeout
[ 2014.755139][   T30] audit: type=1400 audit(1769441797.946:5050): avc:  denied  { unmount } for  pid=17016 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[ 2014.775522][  T792] usb 2-1: USB disconnect, device number 106
[ 2015.038840][T28733] sp0: Synchronizing with TNC
[ 2015.053846][T28733] __nla_validate_parse: 158 callbacks suppressed
[ 2015.053875][T28733] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6071'.
[ 2015.069098][T28733] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6071'.
[ 2015.079407][T28733] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6071'.
[ 2015.088333][T28733] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6071'.
[ 2015.098665][T28733] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6071'.
[ 2015.107623][T28733] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6071'.
[ 2015.117645][T28733] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6071'.
[ 2015.126555][T28733] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6071'.
[ 2015.136575][T28733] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6071'.
[ 2015.168871][T28733] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6071'.
[ 2015.305688][T28733] Failed to initialize the IGMP autojoin socket (err -2)
[ 2015.922529][T28735] FAULT_INJECTION: forcing a failure.
[ 2015.922529][T28735] name failslab, interval 1, probability 0, space 0, times 0
[ 2016.070171][T20764] Bluetooth: hci0: command tx timeout
[ 2016.804448][T28737] fuse: Unknown parameter 'fd0x0000000000000003'
[ 2016.806157][T28735] CPU: 1 UID: 0 PID: 28735 Comm: syz.1.6072 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2016.806182][T28735] Tainted: [L]=SOFTLOCKUP
[ 2016.806188][T28735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2016.806197][T28735] Call Trace:
[ 2016.806204][T28735]  <TASK>
[ 2016.806210][T28735]  dump_stack_lvl+0x100/0x190
[ 2016.806235][T28735]  should_fail_ex.cold+0x5/0xa
[ 2016.806261][T28735]  should_failslab+0xc2/0x120
[ 2016.806282][T28735]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 2016.806300][T28735]  __kmalloc_noprof+0xf6/0x9c0
[ 2016.806322][T28735]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 2016.806338][T28735]  tomoyo_realpath_from_path+0xb6/0x690
[ 2016.806360][T28735]  tomoyo_path_number_perm+0x23c/0x580
[ 2016.806383][T28735]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2016.806407][T28735]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2016.806453][T28735]  ? find_held_lock+0x2b/0x80
[ 2016.806473][T28735]  ? hook_file_ioctl_common+0x146/0x410
[ 2016.806492][T28735]  ? __fget_files+0x215/0x3d0
[ 2016.806514][T28735]  ? __fget_files+0x21f/0x3d0
[ 2016.806536][T28735]  security_file_ioctl+0xd3/0x230
[ 2016.806555][T28735]  __x64_sys_ioctl+0xb7/0x210
[ 2016.806572][T28735]  do_syscall_64+0xc9/0xf80
[ 2016.806592][T28735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2016.806608][T28735] RIP: 0033:0x7fd8e499aeb9
[ 2016.806620][T28735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2016.806634][T28735] RSP: 002b:00007fd8e2bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2016.806649][T28735] RAX: ffffffffffffffda RBX: 00007fd8e4c16090 RCX: 00007fd8e499aeb9
[ 2016.806660][T28735] RDX: 0000200000000040 RSI: 0000000000004b67 RDI: 0000000000000004
[ 2016.806670][T28735] RBP: 00007fd8e2bf6090 R08: 0000000000000000 R09: 0000000000000000
[ 2016.806679][T28735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2016.806689][T28735] R13: 00007fd8e4c16128 R14: 00007fd8e4c16090 R15: 00007ffc3e462de8
[ 2016.806711][T28735]  </TASK>
[ 2016.806717][T28735] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2017.252088][   T30] audit: type=1400 audit(1769441800.416:5051): avc:  denied  { mount } for  pid=28746 comm="syz.0.6074" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[ 2017.304699][T28748] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 2017.357929][   T30] audit: type=1400 audit(1769441800.436:5052): avc:  denied  { getattr } for  pid=28746 comm="syz.0.6074" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=123847 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 2017.384875][T28748] FAULT_INJECTION: forcing a failure.
[ 2017.384875][T28748] name failslab, interval 1, probability 0, space 0, times 0
[ 2017.411019][T28748] CPU: 0 UID: 0 PID: 28748 Comm: syz.1.6076 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2017.411047][T28748] Tainted: [L]=SOFTLOCKUP
[ 2017.411054][T28748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2017.411064][T28748] Call Trace:
[ 2017.411071][T28748]  <TASK>
[ 2017.411078][T28748]  dump_stack_lvl+0x100/0x190
[ 2017.411106][T28748]  should_fail_ex.cold+0x5/0xa
[ 2017.411136][T28748]  should_failslab+0xc2/0x120
[ 2017.411159][T28748]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 2017.411179][T28748]  __kmalloc_noprof+0xf6/0x9c0
[ 2017.411205][T28748]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 2017.411223][T28748]  tomoyo_realpath_from_path+0xb6/0x690
[ 2017.411249][T28748]  tomoyo_path_number_perm+0x23c/0x580
[ 2017.411276][T28748]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2017.411304][T28748]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2017.411356][T28748]  ? find_held_lock+0x2b/0x80
[ 2017.411381][T28748]  ? hook_file_ioctl_common+0x146/0x410
[ 2017.411404][T28748]  ? __fget_files+0x215/0x3d0
[ 2017.411429][T28748]  ? __fget_files+0x21f/0x3d0
[ 2017.411455][T28748]  security_file_ioctl+0xd3/0x230
[ 2017.411476][T28748]  __x64_sys_ioctl+0xb7/0x210
[ 2017.411497][T28748]  do_syscall_64+0xc9/0xf80
[ 2017.411520][T28748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2017.411538][T28748] RIP: 0033:0x7fd8e499aeb9
[ 2017.411553][T28748] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2017.411570][T28748] RSP: 002b:00007fd8e5780028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2017.411588][T28748] RAX: ffffffffffffffda RBX: 00007fd8e4c15fa0 RCX: 00007fd8e499aeb9
[ 2017.411600][T28748] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[ 2017.411612][T28748] RBP: 00007fd8e5780090 R08: 0000000000000000 R09: 0000000000000000
[ 2017.411623][T28748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2017.411634][T28748] R13: 00007fd8e4c16038 R14: 00007fd8e4c15fa0 R15: 00007ffc3e462de8
[ 2017.411660][T28748]  </TASK>
[ 2017.411668][T28748] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2017.651734][T28748] kvm: pic: non byte read
[ 2017.676241][T28748] kvm: pic: non byte read
[ 2017.687732][T28748] kvm: pic: non byte read
[ 2017.699434][T28748] kvm: pic: non byte read
[ 2017.717847][T28748] kvm: pic: non byte read
[ 2017.729134][T28748] kvm: pic: non byte read
[ 2017.758931][T28748] kvm: pic: level sensitive irq not supported
[ 2017.759454][T28748] kvm: pic: non byte read
[ 2018.046255][T28769] Failed to initialize the IGMP autojoin socket (err -2)
[ 2018.644544][T20764] Bluetooth: hci0: command tx timeout
[ 2019.081439][T28648] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2019.616952][T28648] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2019.866680][T28788] Bluetooth: MGMT ver 1.23
[ 2020.025561][T28648] wireguard: wg0: Could not create IPv4 socket
[ 2020.094739][T28648] wireguard: wg1: Could not create IPv4 socket
[ 2020.122213][T28648] wireguard: wg2: Could not create IPv4 socket
[ 2020.144810][T28791] FAULT_INJECTION: forcing a failure.
[ 2020.144810][T28791] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2020.209501][T28791] CPU: 0 UID: 0 PID: 28791 Comm: syz.0.6083 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2020.209528][T28791] Tainted: [L]=SOFTLOCKUP
[ 2020.209535][T28791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2020.209545][T28791] Call Trace:
[ 2020.209551][T28791]  <TASK>
[ 2020.209559][T28791]  dump_stack_lvl+0x100/0x190
[ 2020.209585][T28791]  should_fail_ex.cold+0x5/0xa
[ 2020.209616][T28791]  _copy_from_user+0x2e/0xd0
[ 2020.209641][T28791]  __sys_bpf+0x243/0x5050
[ 2020.209665][T28791]  ? __pfx___sys_bpf+0x10/0x10
[ 2020.209682][T28791]  ? proc_fail_nth_write+0x9f/0x220
[ 2020.209707][T28791]  ? find_held_lock+0x2b/0x80
[ 2020.209736][T28791]  ? find_held_lock+0x2b/0x80
[ 2020.209757][T28791]  ? ksys_write+0x190/0x250
[ 2020.209782][T28791]  ? __mutex_unlock_slowpath+0x15c/0x790
[ 2020.209817][T28791]  ? fput+0x79/0x100
[ 2020.209847][T28791]  ? ksys_write+0x1ac/0x250
[ 2020.209866][T28791]  ? __pfx_ksys_write+0x10/0x10
[ 2020.209889][T28791]  __x64_sys_bpf+0x7b/0xc0
[ 2020.209908][T28791]  ? lockdep_hardirqs_on+0x78/0x100
[ 2020.209926][T28791]  do_syscall_64+0xc9/0xf80
[ 2020.209948][T28791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2020.209965][T28791] RIP: 0033:0x7fdd15b9aeb9
[ 2020.209980][T28791] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2020.209996][T28791] RSP: 002b:00007fdd16a64028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2020.210014][T28791] RAX: ffffffffffffffda RBX: 00007fdd15e15fa0 RCX: 00007fdd15b9aeb9
[ 2020.210026][T28791] RDX: 0000000000000038 RSI: 0000200000000080 RDI: 000000000000001a
[ 2020.210041][T28791] RBP: 00007fdd16a64090 R08: 0000000000000000 R09: 0000000000000000
[ 2020.210051][T28791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2020.210062][T28791] R13: 00007fdd15e16038 R14: 00007fdd15e15fa0 R15: 00007ffe96537218
[ 2020.210085][T28791]  </TASK>
[ 2020.228297][T28794] fuse: Unknown parameter 'fd0x0000000000000003'
[ 2020.448842][T28799] FAULT_INJECTION: forcing a failure.
[ 2020.448842][T28799] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2020.478367][T28799] CPU: 1 UID: 0 PID: 28799 Comm: syz.0.6085 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2020.478395][T28799] Tainted: [L]=SOFTLOCKUP
[ 2020.478401][T28799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2020.478412][T28799] Call Trace:
[ 2020.478418][T28799]  <TASK>
[ 2020.478425][T28799]  dump_stack_lvl+0x100/0x190
[ 2020.478455][T28799]  should_fail_ex.cold+0x5/0xa
[ 2020.478487][T28799]  _copy_from_user+0x2e/0xd0
[ 2020.478512][T28799]  do_sys_poll+0x345/0xeb0
[ 2020.478533][T28799]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 2020.478560][T28799]  ? is_bpf_text_address+0x94/0x1a0
[ 2020.478590][T28799]  ? __kernel_text_address+0xd/0x30
[ 2020.478614][T28799]  ? __pfx_do_sys_poll+0x10/0x10
[ 2020.478716][T28799]  ? __mutex_unlock_slowpath+0x15c/0x790
[ 2020.478739][T28799]  ? set_user_sigmask+0x1e1/0x270
[ 2020.478758][T28799]  ? __fget_files+0x215/0x3d0
[ 2020.478780][T28799]  ? __pfx_set_user_sigmask+0x10/0x10
[ 2020.478804][T28799]  ? __fget_files+0x21f/0x3d0
[ 2020.478827][T28799]  __x64_sys_ppoll+0x2b5/0x350
[ 2020.478849][T28799]  ? __pfx___x64_sys_ppoll+0x10/0x10
[ 2020.478868][T28799]  ? ksys_write+0x1ac/0x250
[ 2020.478885][T28799]  ? __pfx_ksys_write+0x10/0x10
[ 2020.478909][T28799]  do_syscall_64+0xc9/0xf80
[ 2020.478929][T28799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2020.478948][T28799] RIP: 0033:0x7fdd15b9aeb9
[ 2020.478962][T28799] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2020.478979][T28799] RSP: 002b:00007fdd16a64028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[ 2020.478996][T28799] RAX: ffffffffffffffda RBX: 00007fdd15e15fa0 RCX: 00007fdd15b9aeb9
[ 2020.479008][T28799] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[ 2020.479020][T28799] RBP: 00007fdd16a64090 R08: 0000000000000000 R09: 0000000000000000
[ 2020.479031][T28799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2020.479042][T28799] R13: 00007fdd15e16038 R14: 00007fdd15e15fa0 R15: 00007ffe96537218
[ 2020.479064][T28799]  </TASK>
[ 2021.507661][T28808] __nla_validate_parse: 318 callbacks suppressed
[ 2021.507673][T28808] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6088'.
[ 2021.860910][T28839] Failed to initialize the IGMP autojoin socket (err -2)
[ 2022.992330][T28842] FAULT_INJECTION: forcing a failure.
[ 2022.992330][T28842] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2023.112989][T28842] CPU: 0 UID: 0 PID: 28842 Comm: syz.3.6094 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2023.113009][T28842] Tainted: [L]=SOFTLOCKUP
[ 2023.113013][T28842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2023.113021][T28842] Call Trace:
[ 2023.113026][T28842]  <TASK>
[ 2023.113030][T28842]  dump_stack_lvl+0x100/0x190
[ 2023.113052][T28842]  should_fail_ex.cold+0x5/0xa
[ 2023.113072][T28842]  _copy_to_user+0x32/0xd0
[ 2023.113088][T28842]  simple_read_from_buffer+0xcb/0x170
[ 2023.113102][T28842]  proc_fail_nth_read+0x1af/0x230
[ 2023.113119][T28842]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2023.113134][T28842]  ? rw_verify_area+0xce/0x6d0
[ 2023.113145][T28842]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2023.113160][T28842]  vfs_read+0x1e4/0xb30
[ 2023.113173][T28842]  ? __pfx_vfs_read+0x10/0x10
[ 2023.113184][T28842]  ? find_held_lock+0x2b/0x80
[ 2023.113199][T28842]  ? __fget_files+0x215/0x3d0
[ 2023.113214][T28842]  ? __fget_files+0x21f/0x3d0
[ 2023.113231][T28842]  ksys_read+0x12a/0x250
[ 2023.113243][T28842]  ? __pfx_ksys_read+0x10/0x10
[ 2023.113259][T28842]  do_syscall_64+0xc9/0xf80
[ 2023.113272][T28842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2023.113284][T28842] RIP: 0033:0x7fa14e15b78e
[ 2023.113293][T28842] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2023.113304][T28842] RSP: 002b:00007fa14c3f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2023.113315][T28842] RAX: ffffffffffffffda RBX: 00007fa14c3f66c0 RCX: 00007fa14e15b78e
[ 2023.113322][T28842] RDX: 000000000000000f RSI: 00007fa14c3f60a0 RDI: 0000000000000003
[ 2023.113329][T28842] RBP: 00007fa14c3f6090 R08: 0000000000000000 R09: 0000000000000000
[ 2023.113336][T28842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2023.113343][T28842] R13: 00007fa14e416038 R14: 00007fa14e415fa0 R15: 00007ffdc38911b8
[ 2023.113357][T28842]  </TASK>
[ 2023.929721][T28861] fuse: Unknown parameter 'fd0x0000000000000003'
[ 2024.072993][ T5925] usb 1-1: new high-speed USB device number 123 using dummy_hcd
[ 2024.240708][ T5925] usb 1-1: config 0 has an invalid interface number: 117 but max is 0
[ 2024.248946][T15013] usb 2-1: new high-speed USB device number 107 using dummy_hcd
[ 2024.262735][ T5925] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2024.301647][ T5925] usb 1-1: config 0 has no interface number 0
[ 2024.317254][ T5925] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 2024.342755][ T5925] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2024.378700][ T5925] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[ 2024.388215][ T5925] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2024.399362][ T5925] usb 1-1: Product: syz
[ 2024.408036][ T5925] usb 1-1: Manufacturer: syz
[ 2024.420803][ T5925] usb 1-1: SerialNumber: syz
[ 2024.479069][T15013] usb 2-1: config 0 has an invalid interface number: 117 but max is 0
[ 2024.492935][ T5925] usb 1-1: config 0 descriptor??
[ 2024.513656][T15013] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2024.566951][T15013] usb 2-1: config 0 has no interface number 0
[ 2024.590188][T15013] usb 2-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 2024.691271][T15013] usb 2-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2024.887742][T15013] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[ 2026.196616][T15013] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2026.689807][T15013] usb 2-1: Product: syz
[ 2026.694161][T15013] usb 2-1: Manufacturer: syz
[ 2026.698766][T15013] usb 2-1: SerialNumber: syz
[ 2026.707574][T15013] usb 2-1: config 0 descriptor??
[ 2026.751703][T25351] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2026.762964][T25351] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2026.773333][T20492] usb 1-1: USB disconnect, device number 123
[ 2026.793927][T25351] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2026.812825][T25351] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2026.823702][T25351] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2026.892676][T28893] Failed to initialize the IGMP autojoin socket (err -2)
[ 2027.061276][T15013] usbtouchscreen 2-1:0.117: probe with driver usbtouchscreen failed with error -71
[ 2027.087056][T15013] usb 2-1: USB disconnect, device number 107
[ 2027.317892][T28908] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6103'.
[ 2027.667163][T28904] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6104'.
[ 2028.312754][ T9096] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[ 2028.587718][T28938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6107'.
[ 2028.698308][ T9096] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 959
[ 2028.711358][ T9096] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 2028.853918][T20764] Bluetooth: hci0: command tx timeout
[ 2029.146989][ T9096] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 2029.179374][ T9096] usb 1-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38
[ 2029.188913][ T9096] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2029.197308][ T9096] usb 1-1: Product: syz
[ 2029.267063][ T9096] usb 1-1: Manufacturer: syz
[ 2029.273602][ T9096] usb 1-1: SerialNumber: syz
[ 2029.281965][ T9096] usb 1-1: config 0 descriptor??
[ 2029.287867][T28923] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 2029.679703][   T30] audit: type=1400 audit(1769441812.856:5053): avc:  denied  { bind } for  pid=28903 comm="syz.0.6104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 2029.819712][  T792] usb 1-1: USB disconnect, device number 124
[ 2029.864050][T28966] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6114'.
[ 2029.928254][T28893] netdevsim netdevsim4 netdevsim0: renamed from eth1
[ 2029.959739][T28893] netdevsim netdevsim4 netdevsim1: renamed from eth2
[ 2029.975920][T28966] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6114'.
[ 2029.988634][T28893] netdevsim netdevsim4 netdevsim2: renamed from eth3
[ 2030.011689][T28893] netdevsim netdevsim4 netdevsim3: renamed from eth4
[ 2030.380851][T28985] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[ 2030.565041][T28992] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6116'.
[ 2030.900349][T29003] FAULT_INJECTION: forcing a failure.
[ 2030.900349][T29003] name failslab, interval 1, probability 0, space 0, times 0
[ 2031.004007][T20764] Bluetooth: hci0: command tx timeout
[ 2031.124162][T29003] CPU: 0 UID: 0 PID: 29003 Comm: syz.0.6118 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2031.124191][T29003] Tainted: [L]=SOFTLOCKUP
[ 2031.124198][T29003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2031.124208][T29003] Call Trace:
[ 2031.124215][T29003]  <TASK>
[ 2031.124223][T29003]  dump_stack_lvl+0x100/0x190
[ 2031.124252][T29003]  should_fail_ex.cold+0x5/0xa
[ 2031.124283][T29003]  should_failslab+0xc2/0x120
[ 2031.124307][T29003]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 2031.124327][T29003]  __kmalloc_noprof+0xf6/0x9c0
[ 2031.124352][T29003]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 2031.124372][T29003]  tomoyo_realpath_from_path+0xb6/0x690
[ 2031.124398][T29003]  tomoyo_path_number_perm+0x23c/0x580
[ 2031.124425][T29003]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2031.124453][T29003]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2031.124506][T29003]  ? find_held_lock+0x2b/0x80
[ 2031.124529][T29003]  ? hook_file_ioctl_common+0x146/0x410
[ 2031.124552][T29003]  ? __fget_files+0x215/0x3d0
[ 2031.124578][T29003]  ? __fget_files+0x21f/0x3d0
[ 2031.124603][T29003]  security_file_ioctl+0xd3/0x230
[ 2031.124629][T29003]  __x64_sys_ioctl+0xb7/0x210
[ 2031.124649][T29003]  do_syscall_64+0xc9/0xf80
[ 2031.124672][T29003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2031.124691][T29003] RIP: 0033:0x7fdd15b9aeb9
[ 2031.124707][T29003] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2031.124724][T29003] RSP: 002b:00007fdd16a64028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2031.124743][T29003] RAX: ffffffffffffffda RBX: 00007fdd15e15fa0 RCX: 00007fdd15b9aeb9
[ 2031.124755][T29003] RDX: 0000000000000002 RSI: 000000000000540a RDI: 0000000000000003
[ 2031.124766][T29003] RBP: 00007fdd16a64090 R08: 0000000000000000 R09: 0000000000000000
[ 2031.124777][T29003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2031.124788][T29003] R13: 00007fdd15e16038 R14: 00007fdd15e15fa0 R15: 00007ffe96537218
[ 2031.124813][T29003]  </TASK>
[ 2031.124909][T29003] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2032.191759][T28893] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2033.129051][T20764] Bluetooth: hci0: command tx timeout
[ 2033.158630][T28893] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2033.193351][T29044] Bluetooth: MGMT ver 1.23
[ 2033.209247][T29044] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6125'.
[ 2033.233172][T29044] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6125'.
[ 2033.245663][T29037] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6121'.
[ 2033.254632][T29037] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6121'.
[ 2033.263996][T29037] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6121'.
[ 2033.272867][T29037] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6121'.
[ 2033.282095][T29037] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6121'.
[ 2033.290959][T29037] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6121'.
[ 2033.300157][T29037] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6121'.
[ 2033.309018][T29037] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6121'.
[ 2033.341466][T29038] Failed to initialize the IGMP autojoin socket (err -2)
[ 2033.403053][ T5925] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[ 2033.435153][T28893] wireguard: wg0: Could not create IPv4 socket
[ 2033.477556][T28893] wireguard: wg1: Could not create IPv4 socket
[ 2033.500348][T28893] wireguard: wg2: Could not create IPv4 socket
[ 2033.576826][ T5925] usb 1-1: Using ep0 maxpacket: 32
[ 2033.602063][T29048] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 2033.620983][ T5925] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 2033.652010][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2033.687194][ T5925] usb 1-1: config 0 descriptor??
[ 2033.906110][ T5925] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 2034.030869][ T5925] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 2034.100126][ T5925] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 2034.157854][ T5925] usb 1-1: media controller created
[ 2034.236185][ T5925] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 2034.292314][ T5925] az6027: usb out operation failed. (-71)
[ 2034.313027][ T5925] az6027: usb out operation failed. (-71)
[ 2034.318755][ T5925] stb0899_attach: Driver disabled by Kconfig
[ 2034.352750][ T5925] az6027: no front-end attached
[ 2034.352750][ T5925] 
[ 2034.360065][ T5925] az6027: usb out operation failed. (-71)
[ 2034.375946][ T5925] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 2034.393639][ T5925] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input169
[ 2034.432875][ T5925] dvb-usb: schedule remote query interval to 400 msecs.
[ 2034.449119][ T5925] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 2034.498981][ T5925] usb 1-1: USB disconnect, device number 125
[ 2034.578596][   T30] audit: type=1400 audit(1769441817.766:5054): avc:  denied  { accept } for  pid=29064 comm="syz.1.6128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[ 2035.030324][ T5925] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 2035.064502][T29067] vivid-005: kernel_thread() failed
[ 2035.453535][T12015] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[ 2035.524500][ T9096] usb 2-1: new high-speed USB device number 108 using dummy_hcd
[ 2035.576761][ T5925] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[ 2035.614029][T12015] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[ 2035.625129][T12015] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[ 2035.635034][T12015] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2035.646023][T12015] usb 3-1: config 0 descriptor??
[ 2035.652016][T29072] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 2035.694092][ T9096] usb 2-1: Using ep0 maxpacket: 16
[ 2035.700606][ T9096] usb 2-1: config 1 has an invalid interface number: 214 but max is 0
[ 2035.711388][ T9096] usb 2-1: config 1 has no interface number 0
[ 2035.717589][ T9096] usb 2-1: config 1 interface 214 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[ 2035.727780][ T9096] usb 2-1: config 1 interface 214 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 64
[ 2035.738142][ T9096] usb 2-1: config 1 interface 214 has no altsetting 0
[ 2035.754405][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2035.764634][ T9096] usb 2-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 1.02
[ 2035.773965][ T5925] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 2035.789068][ T9096] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2035.797187][ T5925] usb 1-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00
[ 2035.807735][ T9096] usb 2-1: Product: syz
[ 2035.811965][ T9096] usb 2-1: Manufacturer: syz
[ 2035.816659][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2035.824740][ T9096] usb 2-1: SerialNumber: syz
[ 2035.834183][T29083] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 2035.842740][ T5925] usb 1-1: config 0 descriptor??
[ 2035.848193][T29083] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 2035.860603][ T9096] ums-alauda 2-1:1.214: USB Mass Storage device detected
[ 2035.872521][ T9096] scsi host1: usb-storage 2-1:1.214
[ 2036.078117][T12015] elan 0003:04F3:0755.0042: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0
[ 2036.081427][T29083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2036.119649][T29083] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2036.173573][   T30] audit: type=1400 audit(1769441819.356:5055): avc:  denied  { kexec_image_load } for  pid=29119 comm="syz.3.6133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[ 2036.265636][ T5925] waterforce 0003:1044:7A4D.0043: item fetching failed at offset 0/1
[ 2036.277150][T29072] FAULT_INJECTION: forcing a failure.
[ 2036.277150][T29072] name failslab, interval 1, probability 0, space 0, times 0
[ 2036.301415][T29072] CPU: 0 UID: 0 PID: 29072 Comm: syz.2.6130 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2036.301446][T29072] Tainted: [L]=SOFTLOCKUP
[ 2036.301452][T29072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2036.301462][T29072] Call Trace:
[ 2036.301468][T29072]  <TASK>
[ 2036.301475][T29072]  dump_stack_lvl+0x100/0x190
[ 2036.301503][T29072]  should_fail_ex.cold+0x5/0xa
[ 2036.301540][T29072]  should_failslab+0xc2/0x120
[ 2036.301562][T29072]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 2036.301582][T29072]  __kmalloc_noprof+0xf6/0x9c0
[ 2036.301607][T29072]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 2036.301625][T29072]  tomoyo_realpath_from_path+0xb6/0x690
[ 2036.301651][T29072]  tomoyo_path_number_perm+0x23c/0x580
[ 2036.301677][T29072]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2036.301704][T29072]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2036.301755][T29072]  ? find_held_lock+0x2b/0x80
[ 2036.301776][T29072]  ? hook_file_ioctl_common+0x146/0x410
[ 2036.301798][T29072]  ? __fget_files+0x215/0x3d0
[ 2036.301821][T29072]  ? __fget_files+0x21f/0x3d0
[ 2036.301846][T29072]  security_file_ioctl+0xd3/0x230
[ 2036.301866][T29072]  __x64_sys_ioctl+0xb7/0x210
[ 2036.301885][T29072]  do_syscall_64+0xc9/0xf80
[ 2036.301907][T29072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2036.301925][T29072] RIP: 0033:0x7f0dd719aeb9
[ 2036.301940][T29072] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2036.301957][T29072] RSP: 002b:00007f0dd7fee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2036.301974][T29072] RAX: ffffffffffffffda RBX: 00007f0dd7415fa0 RCX: 00007f0dd719aeb9
[ 2036.301985][T29072] RDX: 0000200000000380 RSI: 0000000090044802 RDI: 0000000000000004
[ 2036.301996][T29072] RBP: 00007f0dd7fee090 R08: 0000000000000000 R09: 0000000000000000
[ 2036.302007][T29072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2036.302017][T29072] R13: 00007f0dd7416038 R14: 00007f0dd7415fa0 R15: 00007ffc16182158
[ 2036.302042][T29072]  </TASK>
[ 2036.302122][T29072] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2036.310416][ T5925] waterforce 0003:1044:7A4D.0043: hid parse failed with -22
[ 2036.327800][T29125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2036.358313][ T5925] waterforce 0003:1044:7A4D.0043: probe with driver waterforce failed with error -22
[ 2036.382895][T29125] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2036.392381][ T9096] usb 3-1: USB disconnect, device number 11
[ 2036.499249][T29081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2036.551879][ T5925] usb 2-1: USB disconnect, device number 108
[ 2036.587339][T29081] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2036.619169][T29081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2036.638994][T29081] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2036.657923][T19938] usb 1-1: USB disconnect, device number 126
[ 2036.940561][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 2036.946879][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 2036.955043][ T1297] lec:lec_start_xmit: lec0:No lecd attached
[ 2040.020671][T29164] __nla_validate_parse: 157 callbacks suppressed
[ 2040.020689][T29164] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6137'.
[ 2040.035994][T29164] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6137'.
[ 2040.045286][T29164] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6137'.
[ 2040.054182][T29164] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6137'.
[ 2040.063420][T29164] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6137'.
[ 2040.072405][T29164] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6137'.
[ 2040.081627][T29164] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6137'.
[ 2040.090472][T29164] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6137'.
[ 2040.099592][T29164] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6137'.
[ 2040.108476][T29164] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6137'.
[ 2040.136402][T29165] Failed to initialize the IGMP autojoin socket (err -2)
[ 2041.432777][T19938] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[ 2041.507741][T25351] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2041.528559][T25351] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2041.538889][T25351] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2041.546573][T25351] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2041.554119][T25351] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2041.619981][T29216] Failed to initialize the IGMP autojoin socket (err -2)
[ 2041.674477][T19938] usb 3-1: Using ep0 maxpacket: 8
[ 2041.690099][T19938] usb 3-1: config 0 interface 0 has no altsetting 0
[ 2041.711456][T19938] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 2041.745398][T19938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2041.771379][T19938] usb 3-1: config 0 descriptor??
[ 2041.915594][T29216] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2041.991963][T29216] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2042.230906][T19938] mcp2221 0003:04D8:00DD.0044: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[ 2042.372714][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5420 ms
[ 2042.380721][    C0] lec:lec_tx_timeout: lec0
[ 2042.503296][T29216] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2042.757573][T29203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2042.783915][T29203] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2042.818699][T20492] usb 3-1: USB disconnect, device number 12
[ 2043.010692][T25351] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2043.021407][T25351] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2043.033960][T25351] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2043.043190][T25351] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2043.050518][T25351] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2043.144534][T29216] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2043.275219][T29256] Failed to initialize the IGMP autojoin socket (err -2)
[ 2043.315080][   T30] audit: type=1400 audit(1769441826.506:5056): avc:  denied  { watch } for  pid=29259 comm="syz.3.6144" path="/proc/2086" dev="proc" ino=126977 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[ 2043.502904][   T35] bridge_slave_1: left allmulticast mode
[ 2043.508559][   T35] bridge_slave_1: left promiscuous mode
[ 2043.572896][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2043.611454][   T35] bridge_slave_0: left allmulticast mode
[ 2043.638124][   T35] bridge_slave_0: left promiscuous mode
[ 2043.650913][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2043.658477][T20764] Bluetooth: hci0: command tx timeout
[ 2044.444283][T29279] orangefs_mount: mount request failed with -4
[ 2044.944782][T29296] netlink: 'syz.0.6149': attribute type 2 has an invalid length.
[ 2045.117536][T29298] netlink: 'syz.0.6149': attribute type 2 has an invalid length.
[ 2045.287930][T29295] ptrace attach of "./syz-executor exec"[29297] was attempted by "./syz-executor exec"[29295]
[ 2045.563073][T20764] Bluetooth: hci2: command tx timeout
[ 2045.609113][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2045.631571][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2045.668631][   T35] bond0 (unregistering): Released all slaves
[ 2045.745467][T20764] Bluetooth: hci0: command tx timeout
[ 2045.882602][   T35] bond1 (unregistering): Released all slaves
[ 2045.897612][   T35] bond2 (unregistering): Released all slaves
[ 2045.961652][T29277] bridge_slave_1: left allmulticast mode
[ 2045.967465][   T30] audit: type=1400 audit(1769441829.136:5057): avc:  denied  { relabelfrom } for  pid=29256 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[ 2045.991536][T29277] bridge_slave_1: left promiscuous mode
[ 2046.076185][T29277] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2046.250014][T29277] bond0: (slave bond_slave_0): Releasing backup interface
[ 2046.365151][T29277] bond0: (slave bond_slave_1): Releasing backup interface
[ 2046.411590][   T30] audit: type=1400 audit(1769441829.136:5058): avc:  denied  { relabelto } for  pid=29256 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[ 2046.449280][T29277] team0: Port device team_slave_0 removed
[ 2046.466039][T29277] team0: Port device team_slave_1 removed
[ 2046.472115][T29277] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2046.479850][T29277] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2046.491408][T29277] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2046.499200][T29277] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2046.508378][T29277] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 2046.555689][T29278] team0: Mode changed to "loadbalance"
[ 2046.570869][T29296] ‚#{6c: entered promiscuous mode
[ 2046.577071][T29298] ‚#{6c: left promiscuous mode
[ 2046.706936][   T35] tipc: Left network mode
[ 2047.253053][   T35] hsr_slave_0: left promiscuous mode
[ 2047.293045][   T35] hsr_slave_1: left promiscuous mode
[ 2047.298859][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2047.314851][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2047.334645][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2047.342042][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2047.389071][   T35] veth1_macvtap: left promiscuous mode
[ 2047.402890][   T35] veth0_macvtap: left promiscuous mode
[ 2047.408645][   T35] veth1_vlan: left promiscuous mode
[ 2047.607750][T29350] __nla_validate_parse: 171 callbacks suppressed
[ 2047.607769][T29350] netlink: 64 bytes leftover after parsing attributes in process `syz.0.6152'.
[ 2047.663404][T25351] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2047.673484][T25351] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2047.681221][T25351] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2047.689166][T25351] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2047.697027][T25351] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2047.813011][T20764] Bluetooth: hci0: command tx timeout
[ 2047.954868][  T792] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[ 2048.272785][  T792] usb 1-1: Using ep0 maxpacket: 8
[ 2048.339673][  T792] usb 1-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62
[ 2048.410227][  T792] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2048.479024][  T792] usb 1-1: Product: syz
[ 2048.483234][  T792] usb 1-1: Manufacturer: syz
[ 2048.487824][  T792] usb 1-1: SerialNumber: syz
[ 2048.496710][  T792] usb 1-1: config 0 descriptor??
[ 2048.516963][  T792] usb 1-1: selecting invalid altsetting 3
[ 2048.523910][  T792] comedi comedi4: could not set alternate setting 3 in high speed
[ 2048.532000][  T792] usbdux 1-1:0.0: driver 'usbdux' failed to auto-configure device.
[ 2048.546312][  T792] usbdux 1-1:0.0: probe with driver usbdux failed with error -22
[ 2048.738319][  T792] usb 1-1: USB disconnect, device number 127
[ 2048.745678][   T35] team0 (unregistering): Port device team_slave_1 removed
[ 2048.804104][   T35] team0 (unregistering): Port device team_slave_0 removed
[ 2049.257031][T29353] Failed to initialize the IGMP autojoin socket (err -2)
[ 2049.300294][T29397] netlink: 'syz.3.6157': attribute type 5 has an invalid length.
[ 2049.401128][T29216] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2049.493357][T29216] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2049.939054][T20764] Bluetooth: hci2: command tx timeout
[ 2049.943323][T25351] Bluetooth: hci0: command tx timeout
[ 2050.021851][T29216] wireguard: wg0: Could not create IPv4 socket
[ 2050.100570][T29216] wireguard: wg1: Could not create IPv4 socket
[ 2050.114661][T29216] wireguard: wg2: Could not create IPv4 socket
[ 2050.575972][ T5925] Process accounting resumed
[ 2050.819719][ T5925] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 2051.048272][ T5925] usb 4-1: Using ep0 maxpacket: 16
[ 2051.058162][ T5925] usb 4-1: config 0 has an invalid descriptor of length 41, skipping remainder of the config
[ 2051.069493][ T5925] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2051.128261][ T5925] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 2051.182474][ T5925] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 2051.236674][ T5925] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2051.287602][ T5925] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2051.303442][ T5925] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2051.311429][ T5925] usb 4-1: Manufacturer: syz
[ 2051.344356][ T5925] usb 4-1: config 0 descriptor??
[ 2051.662838][ T5925] rc_core: IR keymap rc-hauppauge not found
[ 2051.677085][ T5925] Registered IR keymap rc-empty
[ 2051.691951][ T5925] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 2051.722790][ T5925] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 2051.788930][ T5925] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[ 2052.092366][T20764] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2052.105376][T20764] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2052.116339][T20764] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2052.124155][T20764] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2052.131514][T20764] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2052.141173][ T5925] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input170
[ 2052.159180][T29443] Failed to initialize the IGMP autojoin socket (err -2)
[ 2052.166323][T12015] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 2052.174119][ T5925] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 2052.196562][ T5925] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 2052.222862][ T5925] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 2052.242817][ T5925] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 2052.272980][ T5925] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 2052.304542][ T5925] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 2052.323515][ T5925] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 2052.343132][ T5925] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 2052.362331][T12015] usb 1-1: Using ep0 maxpacket: 32
[ 2052.371311][T12015] usb 1-1: config 0 has an invalid interface number: 126 but max is 0
[ 2052.379717][ T5925] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 2052.393523][T12015] usb 1-1: config 0 has no interface number 0
[ 2052.420140][T12015] usb 1-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[ 2052.423908][ T5925] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 2052.468787][T12015] usb 1-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[ 2052.519588][T12015] usb 1-1: config 0 interface 126 has no altsetting 0
[ 2052.553034][T12015] usb 1-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[ 2052.566812][ T5925] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 2052.572247][T12015] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2052.609217][ T5925] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 2052.612716][T12015] usb 1-1: Product: syz
[ 2052.646480][T12015] usb 1-1: Manufacturer: syz
[ 2052.651085][T12015] usb 1-1: SerialNumber: syz
[ 2052.657429][ T5925] usb 4-1: USB disconnect, device number 3
[ 2052.688060][T12015] usb 1-1: config 0 descriptor??
[ 2052.712229][T29440] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 2052.724662][T29440] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 2053.119134][T25351] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2053.131820][T25351] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2053.140436][T25351] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2053.148684][T25351] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2054.413205][T25351] Bluetooth: hci0: command tx timeout
[ 2054.421038][T25351] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2054.497303][T29467] Failed to initialize the IGMP autojoin socket (err -2)
[ 2054.817953][T12015] ir_usb 1-1:0.126: IR Dongle converter detected
[ 2054.885793][T12015] usb 1-1: IRDA class descriptor not found, device not bound
[ 2054.889687][T29443] netdevsim netdevsim4 netdevsim0: renamed from eth5
[ 2054.927945][T29443] netdevsim netdevsim4 netdevsim1: renamed from eth6
[ 2054.937627][T12015] usb 1-1: USB disconnect, device number 2
[ 2054.998162][T29443] netdevsim netdevsim4 netdevsim2: renamed from eth7
[ 2055.066398][T29443] netdevsim netdevsim4 netdevsim3: renamed from eth8
[ 2055.430769][T29492] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6166'.
[ 2056.102554][T29500] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6170'.
[ 2056.182062][T12015] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 2056.190099][T25351] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2056.201832][T25351] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2056.209784][T25351] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2056.218407][T25351] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2056.226412][T25351] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2056.251227][T29503] Failed to initialize the IGMP autojoin socket (err -2)
[ 2056.422746][T12015] usb 1-1: Using ep0 maxpacket: 16
[ 2056.445548][T12015] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[ 2056.454980][T20764] Bluetooth: hci0: command tx timeout
[ 2056.963573][T12015] usb 1-1: config 0 has no interface number 0
[ 2056.969695][T12015] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7
[ 2056.987566][T12015] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[ 2056.999356][T12015] usb 1-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d
[ 2057.059820][T12015] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2057.089033][T12015] usb 1-1: Product: syz
[ 2057.093374][T12015] usb 1-1: Manufacturer: syz
[ 2057.097962][T12015] usb 1-1: SerialNumber: syz
[ 2057.153677][T12015] usb 1-1: config 0 descriptor??
[ 2057.180673][T12015] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 2057.346836][T29524] FAULT_INJECTION: forcing a failure.
[ 2057.346836][T29524] name failslab, interval 1, probability 0, space 0, times 0
[ 2057.359451][T29524] CPU: 0 UID: 0 PID: 29524 Comm: syz.2.6168 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2057.359468][T29524] Tainted: [L]=SOFTLOCKUP
[ 2057.359473][T29524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2057.359479][T29524] Call Trace:
[ 2057.359483][T29524]  <TASK>
[ 2057.359488][T29524]  dump_stack_lvl+0x100/0x190
[ 2057.359506][T29524]  should_fail_ex.cold+0x5/0xa
[ 2057.359525][T29524]  should_failslab+0xc2/0x120
[ 2057.359541][T29524]  __kvmalloc_node_noprof+0x101/0xac0
[ 2057.359553][T29524]  ? __pfx___mutex_lock+0x10/0x10
[ 2057.359567][T29524]  ? traverse.part.0.constprop.0+0x397/0x650
[ 2057.359583][T29524]  ? traverse.part.0.constprop.0+0x397/0x650
[ 2057.359595][T29524]  traverse.part.0.constprop.0+0x397/0x650
[ 2057.359608][T29524]  ? __pfx__kstrtoull+0x10/0x10
[ 2057.359622][T29524]  seq_read_iter+0x93f/0x1270
[ 2057.359635][T29524]  ? __lock_acquire+0x4a5/0x2630
[ 2057.359650][T29524]  seq_read+0x33b/0x4c0
[ 2057.359662][T29524]  ? __pfx_seq_read+0x10/0x10
[ 2057.359679][T29524]  ? selinux_file_permission+0x8f/0x6d0
[ 2057.359693][T29524]  ? __pfx_seq_read+0x10/0x10
[ 2057.359705][T29524]  proc_reg_read+0x120/0x330
[ 2057.359716][T29524]  ? __pfx_proc_reg_read+0x10/0x10
[ 2057.359728][T29524]  vfs_read+0x1e4/0xb30
[ 2057.359742][T29524]  ? __pfx_vfs_read+0x10/0x10
[ 2057.359753][T29524]  ? find_held_lock+0x2b/0x80
[ 2057.359767][T29524]  ? __fget_files+0x215/0x3d0
[ 2057.359779][T29524]  ? __fget_files+0x215/0x3d0
[ 2057.359794][T29524]  ? __fget_files+0x21f/0x3d0
[ 2057.359811][T29524]  __x64_sys_pread64+0x1eb/0x250
[ 2057.359824][T29524]  ? __pfx___x64_sys_pread64+0x10/0x10
[ 2057.359841][T29524]  do_syscall_64+0xc9/0xf80
[ 2057.359854][T29524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2057.359866][T29524] RIP: 0033:0x7f0dd719aeb9
[ 2057.359875][T29524] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2057.359886][T29524] RSP: 002b:00007f0dd7fee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[ 2057.359896][T29524] RAX: ffffffffffffffda RBX: 00007f0dd7415fa0 RCX: 00007f0dd719aeb9
[ 2057.359903][T29524] RDX: 00000000000000d2 RSI: 0000200000000200 RDI: 0000000000000004
[ 2057.359910][T29524] RBP: 00007f0dd7fee090 R08: 0000000000000000 R09: 0000000000000000
[ 2057.359916][T29524] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[ 2057.359923][T29524] R13: 00007f0dd7416038 R14: 00007f0dd7415fa0 R15: 00007ffc16182158
[ 2057.359937][T29524]  </TASK>
[ 2057.999240][T12015] usb 1-1: USB disconnect, device number 3
[ 2058.385150][T29443] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2058.456923][T29443] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2058.496959][T29443] wireguard: wg0: Could not create IPv4 socket
[ 2058.527506][T29443] wireguard: wg1: Could not create IPv4 socket
[ 2058.547886][T29443] wireguard: wg2: Could not create IPv4 socket
[ 2058.548861][T20764] Bluetooth: hci0: command tx timeout
[ 2058.641786][T25351] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2058.651936][T25351] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2058.659932][T25351] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2058.683837][T25351] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2058.696836][T25351] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2058.738237][T29544] Failed to initialize the IGMP autojoin socket (err -2)
[ 2059.601707][T29562] netlink: 'syz.2.6173': attribute type 1 has an invalid length.
[ 2060.784133][T25351] Bluetooth: hci2: command tx timeout
[ 2061.239747][T29580] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6178'.
[ 2061.250252][T29580] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6178'.
[ 2061.259425][T29580] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6178'.
[ 2061.268271][T29580] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6178'.
[ 2061.277374][T29580] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6178'.
[ 2061.286382][T29580] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6178'.
[ 2061.295716][T29580] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6178'.
[ 2061.304615][T29580] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6178'.
[ 2061.313745][T29580] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6178'.
[ 2061.322584][T29580] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6178'.
[ 2061.353985][T29581] Failed to initialize the IGMP autojoin socket (err -2)
[ 2062.878383][T25351] Bluetooth: hci2: command tx timeout
[ 2064.695853][T29544] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2064.729750][T29544] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2064.774866][T29544] wireguard: wg0: Could not create IPv4 socket
[ 2064.804659][T29544] wireguard: wg1: Could not create IPv4 socket
[ 2064.820345][T29544] wireguard: wg2: Could not create IPv4 socket
[ 2064.933193][T25351] Bluetooth: hci2: command tx timeout
[ 2065.735890][T20764] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2065.746154][T20764] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2065.755872][T20764] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2065.764892][T20764] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2065.773316][T20764] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2065.909570][T29649] Failed to initialize the IGMP autojoin socket (err -2)
[ 2066.362782][T12015] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 2066.525283][T12015] usb 1-1: config 0 has an invalid interface number: 117 but max is 0
[ 2066.542974][T12015] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2066.562808][T12015] usb 1-1: config 0 has no interface number 0
[ 2066.587058][T12015] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 2066.616809][T12015] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2066.634153][T12015] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[ 2066.643456][T12015] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2066.657365][T12015] usb 1-1: Product: syz
[ 2066.666865][T12015] usb 1-1: Manufacturer: syz
[ 2066.671510][T12015] usb 1-1: SerialNumber: syz
[ 2066.688169][T12015] usb 1-1: config 0 descriptor??
[ 2066.841416][T29683] __nla_validate_parse: 170 callbacks suppressed
[ 2066.841433][T29683] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6190'.
[ 2067.830819][T20764] Bluetooth: hci0: command tx timeout
[ 2068.031445][T12015] usb 1-1: USB disconnect, device number 4
[ 2068.408199][T29706] vxcan1: entered promiscuous mode
[ 2068.431773][T29706] team0: Device vxcan1 is of different type
[ 2069.239510][   T30] audit: type=1400 audit(1769441852.426:5059): avc:  denied  { write } for  pid=29721 comm="syz.2.6196" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 2069.367810][T29730] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6197'.
[ 2069.723044][ T9096] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[ 2069.895380][T20764] Bluetooth: hci0: command tx timeout
[ 2069.935101][ T9096] usb 3-1: Using ep0 maxpacket: 8
[ 2070.056590][ T9096] usb 3-1: config 0 interface 0 has no altsetting 0
[ 2070.350331][ T9096] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 2070.398169][ T9096] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2070.430872][ T9096] usb 3-1: config 0 descriptor??
[ 2070.923530][ T9096] mcp2221 0003:04D8:00DD.0045: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[ 2071.177638][ T9096] usb 3-1: USB disconnect, device number 13
[ 2071.248740][T29649] netdevsim netdevsim4 netdevsim0: renamed from eth5
[ 2071.268601][T29649] netdevsim netdevsim4 netdevsim1: renamed from eth6
[ 2071.284991][T29649] netdevsim netdevsim4 netdevsim2: renamed from eth7
[ 2071.300680][T29649] netdevsim netdevsim4 netdevsim3: renamed from eth8
[ 2071.975496][T20764] Bluetooth: hci0: command tx timeout
[ 2072.010616][T29783] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6201'.
[ 2072.983129][T25351] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2073.005966][T25351] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2073.013922][T25351] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2073.019660][T29797] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6203'.
[ 2073.031483][T25351] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2073.038952][T25351] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2073.090731][T29791] Failed to initialize the IGMP autojoin socket (err -2)
[ 2073.112959][T15013] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[ 2073.176701][T29797] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 2073.311337][T29649] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2073.328738][T15013] usb 3-1: config 0 has an invalid interface number: 117 but max is 0
[ 2073.346988][T15013] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2073.362523][T29649] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2073.389659][T15013] usb 3-1: config 0 has no interface number 0
[ 2073.418758][T15013] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 2073.444849][T29809] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6206'.
[ 2073.479978][T29809] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 2073.497084][T15013] usb 3-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2073.543018][T15013] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[ 2073.679550][T15013] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2073.755653][T15013] usb 3-1: Product: syz
[ 2073.759800][T15013] usb 3-1: Manufacturer: syz
[ 2073.792599][T15013] usb 3-1: SerialNumber: syz
[ 2073.829294][T15013] usb 3-1: config 0 descriptor??
[ 2073.913369][T29649] wireguard: wg0: Could not create IPv4 socket
[ 2073.946079][T29649] wireguard: wg1: Could not create IPv4 socket
[ 2073.954378][T29649] wireguard: wg2: Could not create IPv4 socket
[ 2074.052763][T20764] Bluetooth: hci0: command tx timeout
[ 2076.183092][  T792] usb 3-1: USB disconnect, device number 14
[ 2076.343642][T29832] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6210'.
[ 2076.396561][T20764] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2076.406803][T20764] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2076.414064][T12015] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 2076.421622][T20492] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[ 2076.429993][T20764] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2076.442906][T20764] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2076.450481][T20764] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2076.505578][T29830] Failed to initialize the IGMP autojoin socket (err -2)
[ 2076.662732][T20492] usb 4-1: Using ep0 maxpacket: 32
[ 2076.676947][T12015] usb 1-1: Using ep0 maxpacket: 32
[ 2076.686059][T12015] usb 1-1: config 0 has an invalid interface number: 126 but max is 0
[ 2076.694778][T20492] usb 4-1: config 0 has an invalid interface number: 126 but max is 0
[ 2076.722926][T12015] usb 1-1: config 0 has no interface number 0
[ 2076.729022][T12015] usb 1-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[ 2076.739224][T20492] usb 4-1: config 0 has no interface number 0
[ 2076.763039][T20492] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[ 2076.782772][T12015] usb 1-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[ 2076.794680][T20492] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[ 2076.806783][T12015] usb 1-1: config 0 interface 126 has no altsetting 0
[ 2076.813588][T20492] usb 4-1: config 0 interface 126 has no altsetting 0
[ 2076.823072][T12015] usb 1-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[ 2076.832125][T12015] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2076.869254][T20492] usb 4-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[ 2076.882726][T20492] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2076.890716][T20492] usb 4-1: Product: syz
[ 2076.895552][T12015] usb 1-1: Product: syz
[ 2076.899881][T12015] usb 1-1: Manufacturer: syz
[ 2076.915355][T12015] usb 1-1: SerialNumber: syz
[ 2076.925714][T20492] usb 4-1: Manufacturer: syz
[ 2076.930314][T20492] usb 4-1: SerialNumber: syz
[ 2076.942428][T12015] usb 1-1: config 0 descriptor??
[ 2076.955433][T29823] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 2076.965685][T29823] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 2076.974355][T20492] usb 4-1: config 0 descriptor??
[ 2076.993143][T29822] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 2077.000535][T29822] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 2077.802367][T29867] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6211'.
[ 2077.858237][T29867] batadv_slave_1: entered promiscuous mode
[ 2077.888520][T20492] ir_usb 4-1:0.126: IR Dongle converter detected
[ 2077.969485][T20764] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2077.979316][T20764] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2077.990326][T20764] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2077.998616][T20764] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2078.006265][T20764] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2078.028705][T12015] ir_usb 1-1:0.126: IR Dongle converter detected
[ 2078.035799][T29866] batadv_slave_1: left promiscuous mode
[ 2078.042322][T29871] Failed to initialize the IGMP autojoin socket (err -2)
[ 2078.093139][T20492] usb 4-1: IR Dongle converter now attached to ttyUSB0
[ 2078.211199][T12015] usb 1-1: IR Dongle converter now attached to ttyUSB1
[ 2078.279677][T29830] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2078.302076][ T9096] usb 4-1: USB disconnect, device number 4
[ 2078.337659][ T9096] ir-usb ttyUSB0: IR Dongle converter now disconnected from ttyUSB0
[ 2078.365724][ T9096] ir_usb 4-1:0.126: device disconnected
[ 2078.387733][T29830] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2078.438269][T29830] wireguard: wg0: Could not create IPv4 socket
[ 2078.459562][T12015] usb 1-1: USB disconnect, device number 5
[ 2078.464597][T29830] wireguard: wg1: Could not create IPv4 socket
[ 2078.487716][T29830] wireguard: wg2: Could not create IPv4 socket
[ 2078.609735][T20764] Bluetooth: hci0: command tx timeout
[ 2078.617505][T12015] ir-usb ttyUSB1: IR Dongle converter now disconnected from ttyUSB1
[ 2078.630832][T12015] ir_usb 1-1:0.126: device disconnected
[ 2081.363857][T25351] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2081.374101][T25351] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2081.385352][T25351] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2081.404423][T25351] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2081.411928][T25351] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2081.434420][T29939] Failed to initialize the IGMP autojoin socket (err -2)
[ 2081.530580][   T30] audit: type=1400 audit(1769441864.716:5060): avc:  denied  { create } for  pid=29946 comm="syz.2.6219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[ 2081.559425][T29945] FAULT_INJECTION: forcing a failure.
[ 2081.559425][T29945] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2081.584836][T29945] CPU: 1 UID: 0 PID: 29945 Comm: syz.0.6218 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2081.584861][T29945] Tainted: [L]=SOFTLOCKUP
[ 2081.584866][T29945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2081.584875][T29945] Call Trace:
[ 2081.584880][T29945]  <TASK>
[ 2081.584886][T29945]  dump_stack_lvl+0x100/0x190
[ 2081.584914][T29945]  should_fail_ex.cold+0x5/0xa
[ 2081.584938][T29945]  _copy_from_user+0x2e/0xd0
[ 2081.584958][T29945]  copy_msghdr_from_user+0x9f/0x4f0
[ 2081.584974][T29945]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2081.584991][T29945]  ? _kstrtoull+0x13c/0x1f0
[ 2081.585003][T29945]  ? __pfx__kstrtoull+0x10/0x10
[ 2081.585020][T29945]  ___sys_sendmsg+0x106/0x1e0
[ 2081.585035][T29945]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2081.585072][T29945]  __sys_sendmmsg+0x205/0x430
[ 2081.585093][T29945]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 2081.585116][T29945]  ? __fget_files+0x215/0x3d0
[ 2081.585132][T29945]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 2081.585156][T29945]  ? fput+0x79/0x100
[ 2081.585175][T29945]  ? ksys_write+0x1ac/0x250
[ 2081.585190][T29945]  ? __pfx_ksys_write+0x10/0x10
[ 2081.585208][T29945]  __x64_sys_sendmmsg+0x9c/0x100
[ 2081.585225][T29945]  ? lockdep_hardirqs_on+0x78/0x100
[ 2081.585240][T29945]  do_syscall_64+0xc9/0xf80
[ 2081.585256][T29945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2081.585270][T29945] RIP: 0033:0x7fdd15b9aeb9
[ 2081.585282][T29945] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2081.585295][T29945] RSP: 002b:00007fdd16a64028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2081.585309][T29945] RAX: ffffffffffffffda RBX: 00007fdd15e15fa0 RCX: 00007fdd15b9aeb9
[ 2081.585318][T29945] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000003
[ 2081.585327][T29945] RBP: 00007fdd16a64090 R08: 0000000000000000 R09: 0000000000000000
[ 2081.585336][T29945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2081.585344][T29945] R13: 00007fdd15e16038 R14: 00007fdd15e15fa0 R15: 00007ffe96537218
[ 2081.585364][T29945]  </TASK>
[ 2082.706166][T29968] FAULT_INJECTION: forcing a failure.
[ 2082.706166][T29968] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2082.842920][T29968] CPU: 0 UID: 0 PID: 29968 Comm: syz.3.6223 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2082.842951][T29968] Tainted: [L]=SOFTLOCKUP
[ 2082.842957][T29968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2082.842968][T29968] Call Trace:
[ 2082.842974][T29968]  <TASK>
[ 2082.842981][T29968]  dump_stack_lvl+0x100/0x190
[ 2082.843010][T29968]  should_fail_ex.cold+0x5/0xa
[ 2082.843041][T29968]  _copy_from_user+0x2e/0xd0
[ 2082.843065][T29968]  copy_msghdr_from_user+0x9f/0x4f0
[ 2082.843085][T29968]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2082.843106][T29968]  ? lock_acquire+0x17c/0x330
[ 2082.843127][T29968]  ? __lock_acquire+0x4a5/0x2630
[ 2082.843146][T29968]  ___sys_sendmsg+0x106/0x1e0
[ 2082.843165][T29968]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2082.843195][T29968]  ? find_held_lock+0x2b/0x80
[ 2082.843234][T29968]  __sys_sendmsg+0x170/0x220
[ 2082.843258][T29968]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2082.843290][T29968]  ? rcu_is_watching+0x12/0xc0
[ 2082.843319][T29968]  do_syscall_64+0xc9/0xf80
[ 2082.843341][T29968]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2082.843358][T29968] RIP: 0033:0x7fa14e19aeb9
[ 2082.843372][T29968] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2082.843389][T29968] RSP: 002b:00007fa14c3f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2082.843407][T29968] RAX: ffffffffffffffda RBX: 00007fa14e415fa0 RCX: 00007fa14e19aeb9
[ 2082.843419][T29968] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[ 2082.843430][T29968] RBP: 00007fa14c3f6090 R08: 0000000000000000 R09: 0000000000000000
[ 2082.843440][T29968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2082.843450][T29968] R13: 00007fa14e416038 R14: 00007fa14e415fa0 R15: 00007ffdc38911b8
[ 2082.843474][T29968]  </TASK>
[ 2083.307779][T29961] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6221'.
[ 2083.494785][T20764] Bluetooth: hci0: command tx timeout
[ 2084.027583][T29939] netdevsim netdevsim4 netdevsim0: renamed from eth5
[ 2084.075414][T29939] netdevsim netdevsim4 netdevsim1: renamed from eth6
[ 2084.115302][T29939] netdevsim netdevsim4 netdevsim2: renamed from eth7
[ 2084.139058][T29939] netdevsim netdevsim4 netdevsim3: renamed from eth8
[ 2084.541172][T30016] FAULT_INJECTION: forcing a failure.
[ 2084.541172][T30016] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2084.564308][T30018] netlink: 88 bytes leftover after parsing attributes in process `syz.3.6228'.
[ 2084.598437][T30016] CPU: 1 UID: 0 PID: 30016 Comm: syz.0.6226 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2084.598465][T30016] Tainted: [L]=SOFTLOCKUP
[ 2084.598472][T30016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2084.598483][T30016] Call Trace:
[ 2084.598489][T30016]  <TASK>
[ 2084.598496][T30016]  dump_stack_lvl+0x100/0x190
[ 2084.598525][T30016]  should_fail_ex.cold+0x5/0xa
[ 2084.598556][T30016]  _copy_from_user+0x2e/0xd0
[ 2084.598581][T30016]  copy_msghdr_from_user+0x9f/0x4f0
[ 2084.598600][T30016]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2084.598622][T30016]  ? _kstrtoull+0x13c/0x1f0
[ 2084.598638][T30016]  ? __pfx__kstrtoull+0x10/0x10
[ 2084.598659][T30016]  ___sys_sendmsg+0x106/0x1e0
[ 2084.598679][T30016]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2084.598726][T30016]  __sys_sendmmsg+0x205/0x430
[ 2084.598753][T30016]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 2084.598783][T30016]  ? __fget_files+0x215/0x3d0
[ 2084.598803][T30016]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 2084.598834][T30016]  ? fput+0x79/0x100
[ 2084.598864][T30016]  ? ksys_write+0x1ac/0x250
[ 2084.598882][T30016]  ? __pfx_ksys_write+0x10/0x10
[ 2084.598906][T30016]  __x64_sys_sendmmsg+0x9c/0x100
[ 2084.598930][T30016]  ? lockdep_hardirqs_on+0x78/0x100
[ 2084.598950][T30016]  do_syscall_64+0xc9/0xf80
[ 2084.598972][T30016]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2084.598990][T30016] RIP: 0033:0x7fdd15b9aeb9
[ 2084.599005][T30016] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2084.599022][T30016] RSP: 002b:00007fdd16a64028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2084.599040][T30016] RAX: ffffffffffffffda RBX: 00007fdd15e15fa0 RCX: 00007fdd15b9aeb9
[ 2084.599052][T30016] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004
[ 2084.599064][T30016] RBP: 00007fdd16a64090 R08: 0000000000000000 R09: 0000000000000000
[ 2084.599075][T30016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2084.599085][T30016] R13: 00007fdd15e16038 R14: 00007fdd15e15fa0 R15: 00007ffe96537218
[ 2084.599111][T30016]  </TASK>
[ 2084.907240][T25351] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2084.920328][T25351] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2084.928360][T25351] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2084.947480][T25351] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2084.955090][T25351] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2085.016620][T30020] Failed to initialize the IGMP autojoin socket (err -2)
[ 2085.222901][T30033] FAULT_INJECTION: forcing a failure.
[ 2085.222901][T30033] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2085.235991][T30033] CPU: 0 UID: 0 PID: 30033 Comm: syz.0.6229 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2085.236019][T30033] Tainted: [L]=SOFTLOCKUP
[ 2085.236026][T30033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2085.236037][T30033] Call Trace:
[ 2085.236044][T30033]  <TASK>
[ 2085.236051][T30033]  dump_stack_lvl+0x100/0x190
[ 2085.236080][T30033]  should_fail_ex.cold+0x5/0xa
[ 2085.236111][T30033]  _copy_from_user+0x2e/0xd0
[ 2085.236136][T30033]  move_addr_to_kernel+0x65/0x170
[ 2085.236157][T30033]  __sys_bind+0x11d/0x260
[ 2085.236176][T30033]  ? __pfx___sys_bind+0x10/0x10
[ 2085.236191][T30033]  ? __fget_files+0x21f/0x3d0
[ 2085.236214][T30033]  ? __pfx_ksys_write+0x10/0x10
[ 2085.236233][T30033]  __x64_sys_bind+0x72/0xb0
[ 2085.236246][T30033]  ? lockdep_hardirqs_on+0x78/0x100
[ 2085.236262][T30033]  do_syscall_64+0xc9/0xf80
[ 2085.236279][T30033]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2085.236293][T30033] RIP: 0033:0x7fdd15b9aeb9
[ 2085.236304][T30033] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2085.236317][T30033] RSP: 002b:00007fdd16a22028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 2085.236330][T30033] RAX: ffffffffffffffda RBX: 00007fdd15e16180 RCX: 00007fdd15b9aeb9
[ 2085.236339][T30033] RDX: 0000000000000018 RSI: 0000200000000100 RDI: 0000000000000005
[ 2085.236348][T30033] RBP: 00007fdd16a22090 R08: 0000000000000000 R09: 0000000000000000
[ 2085.236356][T30033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2085.236364][T30033] R13: 00007fdd15e16218 R14: 00007fdd15e16180 R15: 00007ffe96537218
[ 2085.236383][T30033]  </TASK>
[ 2085.578331][T25351] Bluetooth: hci0: command tx timeout
[ 2086.199991][T29939] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2086.262940][T29939] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2086.309721][T29939] wireguard: wg0: Could not create IPv4 socket
[ 2086.334920][T29939] wireguard: wg1: Could not create IPv4 socket
[ 2086.352055][T29939] wireguard: wg2: Could not create IPv4 socket
[ 2087.863571][T20764] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2087.884610][T20764] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2087.906541][T20764] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2088.022817][T20764] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2088.112764][T20764] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2088.135922][T30082] Failed to initialize the IGMP autojoin socket (err -2)
[ 2089.047313][T30101] FAULT_INJECTION: forcing a failure.
[ 2089.047313][T30101] name failslab, interval 1, probability 0, space 0, times 0
[ 2089.059972][T30101] CPU: 1 UID: 0 PID: 30101 Comm: syz.2.6235 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2089.059999][T30101] Tainted: [L]=SOFTLOCKUP
[ 2089.060006][T30101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2089.060017][T30101] Call Trace:
[ 2089.060024][T30101]  <TASK>
[ 2089.060031][T30101]  dump_stack_lvl+0x100/0x190
[ 2089.060061][T30101]  should_fail_ex.cold+0x5/0xa
[ 2089.060093][T30101]  should_failslab+0xc2/0x120
[ 2089.060117][T30101]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 2089.060138][T30101]  __kmalloc_noprof+0xf6/0x9c0
[ 2089.060164][T30101]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 2089.060184][T30101]  tomoyo_realpath_from_path+0xb6/0x690
[ 2089.060210][T30101]  tomoyo_path_number_perm+0x23c/0x580
[ 2089.060238][T30101]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2089.060267][T30101]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2089.060320][T30101]  ? find_held_lock+0x2b/0x80
[ 2089.060345][T30101]  ? hook_file_ioctl_common+0x146/0x410
[ 2089.060368][T30101]  ? __fget_files+0x215/0x3d0
[ 2089.060394][T30101]  ? __fget_files+0x21f/0x3d0
[ 2089.060420][T30101]  security_file_ioctl+0xd3/0x230
[ 2089.060441][T30101]  __x64_sys_ioctl+0xb7/0x210
[ 2089.060462][T30101]  do_syscall_64+0xc9/0xf80
[ 2089.060485][T30101]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2089.060504][T30101] RIP: 0033:0x7f0dd719aeb9
[ 2089.060518][T30101] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2089.060535][T30101] RSP: 002b:00007f0dd7fac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2089.060554][T30101] RAX: ffffffffffffffda RBX: 00007f0dd7416180 RCX: 00007f0dd719aeb9
[ 2089.060566][T30101] RDX: 00000000000fffff RSI: 0000000000004c80 RDI: 0000000000000009
[ 2089.060578][T30101] RBP: 00007f0dd7fac090 R08: 0000000000000000 R09: 0000000000000000
[ 2089.060589][T30101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2089.060600][T30101] R13: 00007f0dd7416218 R14: 00007f0dd7416180 R15: 00007ffc16182158
[ 2089.060627][T30101]  </TASK>
[ 2089.060635][T30101] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2089.330089][   T30] audit: type=1400 audit(1769441872.236:5061): avc:  denied  { read write } for  pid=30092 comm="syz.2.6235" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 2089.367881][   T30] audit: type=1400 audit(1769441872.236:5062): avc:  denied  { open } for  pid=30092 comm="syz.2.6235" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 2089.613359][   T30] audit: type=1400 audit(1769441872.546:5063): avc:  denied  { ioctl } for  pid=30092 comm="syz.2.6235" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 2089.920910][T30111] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6237'.
[ 2090.212734][T25351] Bluetooth: hci0: command tx timeout
[ 2090.401594][T17800] lec:lec_start_xmit: lec0:No lecd attached
[ 2090.969800][T30132] Failed to initialize the IGMP autojoin socket (err -2)
[ 2091.399004][T30124] vivid-007: kernel_thread() failed
[ 2092.228759][T30139] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6240'.
[ 2092.292851][T25351] Bluetooth: hci0: command tx timeout
[ 2092.949216][T30150] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6243'.
[ 2092.959577][T30150] batadv_slave_1: entered promiscuous mode
[ 2093.029488][T30148] batadv_slave_1: left promiscuous mode
[ 2093.061500][T30149] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6241'.
[ 2093.305823][T30082] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2093.341206][T30082] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2093.378595][T30082] wireguard: wg0: Could not create IPv4 socket
[ 2093.395532][T30082] wireguard: wg1: Could not create IPv4 socket
[ 2093.414656][T30082] wireguard: wg2: Could not create IPv4 socket
[ 2094.345622][T30165] FAULT_INJECTION: forcing a failure.
[ 2094.345622][T30165] name failslab, interval 1, probability 0, space 0, times 0
[ 2094.410730][T30165] CPU: 0 UID: 0 PID: 30165 Comm: syz.3.6246 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2094.410761][T30165] Tainted: [L]=SOFTLOCKUP
[ 2094.410768][T30165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2094.410778][T30165] Call Trace:
[ 2094.410784][T30165]  <TASK>
[ 2094.410792][T30165]  dump_stack_lvl+0x100/0x190
[ 2094.410822][T30165]  should_fail_ex.cold+0x5/0xa
[ 2094.410855][T30165]  should_failslab+0xc2/0x120
[ 2094.410880][T30165]  __kmalloc_cache_noprof+0x80/0x810
[ 2094.410900][T30165]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 2094.410922][T30165]  ? copy_mount_options+0x55/0x190
[ 2094.410956][T30165]  ? copy_mount_options+0x55/0x190
[ 2094.410984][T30165]  copy_mount_options+0x55/0x190
[ 2094.411015][T30165]  __x64_sys_mount+0x1ab/0x310
[ 2094.411042][T30165]  ? __pfx___x64_sys_mount+0x10/0x10
[ 2094.411075][T30165]  do_syscall_64+0xc9/0xf80
[ 2094.411099][T30165]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2094.411117][T30165] RIP: 0033:0x7fa14e19aeb9
[ 2094.411133][T30165] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2094.411149][T30165] RSP: 002b:00007fa14c3f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2094.411167][T30165] RAX: ffffffffffffffda RBX: 00007fa14e415fa0 RCX: 00007fa14e19aeb9
[ 2094.411179][T30165] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000000
[ 2094.411190][T30165] RBP: 00007fa14c3f6090 R08: 0000200000000240 R09: 0000000000000000
[ 2094.411201][T30165] R10: 0000000000084022 R11: 0000000000000246 R12: 0000000000000001
[ 2094.411212][T30165] R13: 00007fa14e416038 R14: 00007fa14e415fa0 R15: 00007ffdc38911b8
[ 2094.411237][T30165]  </TASK>
[ 2095.138383][T20764] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2095.148858][T20764] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2095.269820][T20764] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2095.403298][T20764] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2095.416284][T20764] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2095.422694][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms
[ 2095.431206][    C0] lec:lec_tx_timeout: lec0
[ 2095.872185][T30170] Failed to initialize the IGMP autojoin socket (err -2)
[ 2096.099131][   T30] audit: type=1400 audit(1769441879.286:5064): avc:  denied  { remount } for  pid=30185 comm="syz.0.6249" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 2096.148033][   T30] audit: type=1400 audit(1769441879.306:5065): avc:  denied  { mounton } for  pid=30185 comm="syz.0.6249" path="/648/file0" dev="tmpfs" ino=3418 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 2096.291653][T30192] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6251'.
[ 2096.482938][T30200] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6251'.
[ 2097.020423][T30192] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6251'.
[ 2097.587899][T20764] Bluetooth: hci0: command tx timeout
[ 2097.673376][   T30] audit: type=1400 audit(1769441880.726:5066): avc:  denied  { link } for  pid=30210 comm="syz.2.6254" name="#73" dev="tmpfs" ino=3396 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 2097.896630][   T30] audit: type=1400 audit(1769441880.726:5067): avc:  denied  { rename } for  pid=30210 comm="syz.2.6254" name="#74" dev="tmpfs" ino=3396 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 2098.382748][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 2098.389040][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 2098.397200][ T1297] lec:lec_start_xmit: lec0:No lecd attached
[ 2098.427289][T30170] netdevsim netdevsim4 netdevsim0: renamed from eth5
[ 2098.439349][T30170] netdevsim netdevsim4 netdevsim1: renamed from eth6
[ 2098.449393][T30170] netdevsim netdevsim4 netdevsim2: renamed from eth7
[ 2098.460592][T30170] netdevsim netdevsim4 netdevsim3: renamed from eth8
[ 2098.999790][T30170] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2099.032768][T30170] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2099.074744][T30170] wireguard: wg0: Could not create IPv4 socket
[ 2099.089092][T30238] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6256'.
[ 2099.108006][T30170] wireguard: wg1: Could not create IPv4 socket
[ 2099.119801][T30240] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6257'.
[ 2099.165854][T30170] wireguard: wg2: Could not create IPv4 socket
[ 2099.259781][T25351] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2099.271724][T25351] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2099.281094][T25351] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2099.291486][T25351] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2099.387484][T30250] FAULT_INJECTION: forcing a failure.
[ 2099.387484][T30250] name failslab, interval 1, probability 0, space 0, times 0
[ 2099.400138][T30250] CPU: 1 UID: 0 PID: 30250 Comm: syz.0.6255 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2099.400165][T30250] Tainted: [L]=SOFTLOCKUP
[ 2099.400171][T30250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2099.400182][T30250] Call Trace:
[ 2099.400188][T30250]  <TASK>
[ 2099.400196][T30250]  dump_stack_lvl+0x100/0x190
[ 2099.400223][T30250]  should_fail_ex.cold+0x5/0xa
[ 2099.400254][T30250]  should_failslab+0xc2/0x120
[ 2099.400278][T30250]  kmem_cache_alloc_noprof+0x83/0x780
[ 2099.400301][T30250]  ? getname_flags.part.0+0x4c/0x540
[ 2099.400331][T30250]  ? getname_flags.part.0+0x4c/0x540
[ 2099.400356][T30250]  getname_flags.part.0+0x4c/0x540
[ 2099.400385][T30250]  __x64_sys_rmdir+0xb0/0x110
[ 2099.400408][T30250]  do_syscall_64+0xc9/0xf80
[ 2099.400429][T30250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2099.400447][T30250] RIP: 0033:0x7fdd15b9aeb9
[ 2099.400462][T30250] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2099.400479][T30250] RSP: 002b:00007fdd16a22028 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[ 2099.400497][T30250] RAX: ffffffffffffffda RBX: 00007fdd15e16180 RCX: 00007fdd15b9aeb9
[ 2099.400510][T30250] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000380
[ 2099.400521][T30250] RBP: 00007fdd16a22090 R08: 0000000000000000 R09: 0000000000000000
[ 2099.400531][T30250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2099.400542][T30250] R13: 00007fdd15e16218 R14: 00007fdd15e16180 R15: 00007ffe96537218
[ 2099.400572][T30250]  </TASK>
[ 2099.590027][T25351] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2099.652803][T25351] Bluetooth: hci0: command tx timeout
[ 2100.259374][T30238] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6256'.
[ 2100.269653][T30245] Failed to initialize the IGMP autojoin socket (err -2)
[ 2101.658008][T20764] Bluetooth: hci2: command tx timeout
[ 2103.412694][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms
[ 2103.420697][    C0] lec:lec_tx_timeout: lec0
[ 2103.472804][T30303] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6264'.
[ 2103.732859][T20764] Bluetooth: hci2: command tx timeout
[ 2105.259083][T30326] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6270'.
[ 2105.307916][T30329] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6272'.
[ 2105.356417][T30329] FAULT_INJECTION: forcing a failure.
[ 2105.356417][T30329] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2105.582383][T30329] CPU: 1 UID: 0 PID: 30329 Comm: syz.2.6272 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2105.582414][T30329] Tainted: [L]=SOFTLOCKUP
[ 2105.582421][T30329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2105.582431][T30329] Call Trace:
[ 2105.582437][T30329]  <TASK>
[ 2105.582449][T30329]  dump_stack_lvl+0x100/0x190
[ 2105.582476][T30329]  should_fail_ex.cold+0x5/0xa
[ 2105.582506][T30329]  _copy_from_user+0x2e/0xd0
[ 2105.582530][T30329]  copy_msghdr_from_user+0x9f/0x4f0
[ 2105.582549][T30329]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2105.582577][T30329]  ___sys_sendmsg+0x106/0x1e0
[ 2105.582596][T30329]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2105.582625][T30329]  ? find_held_lock+0x2b/0x80
[ 2105.582662][T30329]  __sys_sendmsg+0x170/0x220
[ 2105.582685][T30329]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2105.582720][T30329]  do_syscall_64+0xc9/0xf80
[ 2105.582743][T30329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2105.582762][T30329] RIP: 0033:0x7f0dd719aeb9
[ 2105.582776][T30329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2105.582793][T30329] RSP: 002b:00007f0dd7fee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2105.582811][T30329] RAX: ffffffffffffffda RBX: 00007f0dd7415fa0 RCX: 00007f0dd719aeb9
[ 2105.582823][T30329] RDX: 0000000000008000 RSI: 0000200000000100 RDI: 0000000000000004
[ 2105.582833][T30329] RBP: 00007f0dd7fee090 R08: 0000000000000000 R09: 0000000000000000
[ 2105.582843][T30329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2105.582853][T30329] R13: 00007f0dd7416038 R14: 00007f0dd7415fa0 R15: 00007ffc16182158
[ 2105.582876][T30329]  </TASK>
[ 2105.932714][T30245] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[ 2105.942726][T20764] Bluetooth: hci2: command tx timeout
[ 2105.958871][T30245] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[ 2105.987003][T30245] wireguard: wg0: Could not create IPv4 socket
[ 2106.044784][T30245] wireguard: wg1: Could not create IPv4 socket
[ 2106.085095][T30245] wireguard: wg2: Could not create IPv4 socket
[ 2106.475375][T15013] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[ 2106.633225][T15013] usb 1-1: Using ep0 maxpacket: 16
[ 2106.640006][T15013] usb 1-1: config 157 has an invalid descriptor of length 0, skipping remainder of the config
[ 2106.663741][T15013] usb 1-1: config 157 has 0 interfaces, different from the descriptor's value: 1
[ 2106.701308][T15013] usb 1-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[ 2106.712730][T15013] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2106.724635][T15013] usb 1-1: Product: syz
[ 2106.729327][T15013] usb 1-1: Manufacturer: syz
[ 2106.735563][T15013] usb 1-1: SerialNumber: syz
[ 2108.765980][T30388] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6277'.
[ 2108.975844][T30390] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6277'.
[ 2109.219539][T25351] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2109.229028][T25351] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2109.238449][T25351] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2109.308472][T25351] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2109.321765][T15013] usb 1-1: USB disconnect, device number 6
[ 2109.333965][T25351] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2109.378488][T30392] Failed to initialize the IGMP autojoin socket (err -2)
[ 2111.452896][T25351] Bluetooth: hci0: command tx timeout
[ 2111.545251][   T35] ------------[ cut here ]------------
[ 2111.550712][   T35] conntrack cleanup blocked for 60s
[ 2111.550720][   T35] WARNING: net/netfilter/nf_conntrack_core.c:2511 at nf_conntrack_cleanup_net_list+0x4f7/0x690, CPU#1: kworker/u8:2/35
[ 2111.568563][   T35] Modules linked in:
[ 2111.572567][   T35] CPU: 1 UID: 0 PID: 35 Comm: kworker/u8:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2111.583440][   T35] Tainted: [L]=SOFTLOCKUP
[ 2111.587740][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2111.597993][   T35] Workqueue: netns cleanup_net
[ 2111.602967][   T35] RIP: 0010:nf_conntrack_cleanup_net_list+0x4f7/0x690
[ 2111.609717][   T35] Code: 29 c3 48 89 de e8 e9 ad 6e f8 48 85 db 78 0f e8 ff b2 6e f8 e8 fa 8c df 01 e9 0e fc ff ff e8 f0 b2 6e f8 48 8d 3d 19 5f 2d 07 <67> 48 0f b9 3a eb de 4c 8b 6c 24 40 e8 d8 b2 6e f8 48 b8 00 00 00
[ 2111.629529][   T35] RSP: 0018:ffffc90000ab7930 EFLAGS: 00010293
[ 2111.635591][   T35] RAX: 0000000000000000 RBX: fffffffffffffff0 RCX: ffffffff89984857
[ 2111.643549][   T35] RDX: ffff88801fac8000 RSI: ffffffff89984870 RDI: ffffffff90c5a790
[ 2111.651493][   T35] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[ 2111.659765][   T35] R10: fffffffffffffff0 R11: 0000000000000000 R12: 0000000000000001
[ 2111.667743][   T35] R13: 0000000000000001 R14: ffffc90000ab7ac0 R15: dffffc0000000000
[ 2111.675710][   T35] FS:  0000000000000000(0000) GS:ffff8881246db000(0000) knlGS:0000000000000000
[ 2111.684815][   T35] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2111.691372][   T35] CR2: 00007ffba7acf4e8 CR3: 000000007e88f000 CR4: 00000000003526f0
[ 2111.699336][   T35] Call Trace:
[ 2111.702587][   T35]  <TASK>
[ 2111.705510][   T35]  ? nf_conntrack_cleanup_net_list+0x158/0x690
[ 2111.711643][   T35]  ? __pfx_nf_conntrack_cleanup_net_list+0x10/0x10
[ 2111.718313][   T35]  ? nf_conntrack_pernet_exit+0xaa/0x150
[ 2111.723936][   T35]  ? nf_conntrack_pernet_exit+0xaa/0x150
[ 2111.729540][   T35]  ? unregister_sysctl_table+0x52/0x60
[ 2111.734983][   T35]  ? __pfx_nf_conntrack_pernet_exit+0x10/0x10
[ 2111.741033][   T35]  ops_undo_list+0x363/0xab0
[ 2111.745798][   T35]  ? __pfx_ops_undo_list+0x10/0x10
[ 2111.750885][   T35]  ? cleanup_net+0x345/0x830
[ 2111.755470][   T35]  ? idr_destroy+0x62/0x2e0
[ 2111.759951][   T35]  cleanup_net+0x419/0x830
[ 2111.764366][   T35]  ? __pfx_cleanup_net+0x10/0x10
[ 2111.769281][   T35]  ? rcu_is_watching+0x12/0xc0
[ 2111.774235][   T35]  process_one_work+0x9c2/0x1840
[ 2111.779152][   T35]  ? __pfx_process_one_work+0x10/0x10
[ 2111.784522][   T35]  ? assign_work+0x19c/0x250
[ 2111.789098][   T35]  worker_thread+0x5da/0xe40
[ 2111.793679][   T35]  ? kthread+0x17d/0x730
[ 2111.797893][   T35]  ? __pfx_worker_thread+0x10/0x10
[ 2111.803178][   T35]  kthread+0x3b3/0x730
[ 2111.807219][   T35]  ? __pfx_kthread+0x10/0x10
[ 2111.811778][   T35]  ? ret_from_fork+0x79/0xaf0
[ 2111.816481][   T35]  ? ret_from_fork+0x79/0xaf0
[ 2111.821134][   T35]  ? rcu_is_watching+0x12/0xc0
[ 2111.825892][   T35]  ? __pfx_kthread+0x10/0x10
[ 2111.830453][   T35]  ret_from_fork+0x754/0xaf0
[ 2111.835212][   T35]  ? __pfx_ret_from_fork+0x10/0x10
[ 2111.840297][   T35]  ? __switch_to+0x7b9/0x10c0
[ 2111.844961][   T35]  ? __pfx_kthread+0x10/0x10
[ 2111.849524][   T35]  ret_from_fork_asm+0x1a/0x30
[ 2111.854289][   T35]  </TASK>
[ 2111.857283][   T35] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 2111.864535][   T35] CPU: 1 UID: 0 PID: 35 Comm: kworker/u8:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2111.875349][   T35] Tainted: [L]=SOFTLOCKUP
[ 2111.879640][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 2111.889664][   T35] Workqueue: netns cleanup_net
[ 2111.894408][   T35] Call Trace:
[ 2111.897659][   T35]  <TASK>
[ 2111.900563][   T35]  dump_stack_lvl+0x100/0x190
[ 2111.905214][   T35]  vpanic+0x20d/0x630
[ 2111.909165][   T35]  panic+0xd1/0xd1
[ 2111.912855][   T35]  ? __pfx_panic+0x10/0x10
[ 2111.917246][   T35]  ? check_panic_on_warn+0x1f/0x90
[ 2111.922331][   T35]  check_panic_on_warn.cold+0x19/0x34
[ 2111.927673][   T35]  ? nf_conntrack_cleanup_net_list+0x4f7/0x690
[ 2111.933799][   T35]  __warn.cold+0x191/0x2f8
[ 2111.938184][   T35]  __report_bug+0x296/0x3d0
[ 2111.942655][   T35]  ? nf_conntrack_cleanup_net_list+0x4f7/0x690
[ 2111.948792][   T35]  ? __pfx___report_bug+0x10/0x10
[ 2111.953783][   T35]  ? irqentry_exit+0x180/0x670
[ 2111.958518][   T35]  ? lockdep_hardirqs_on+0x78/0x100
[ 2111.963687][   T35]  ? nf_conntrack_cleanup_net_list+0x4f0/0x690
[ 2111.969810][   T35]  ? nf_conntrack_cleanup_net_list+0x4d7/0x690
[ 2111.975934][   T35]  ? nf_conntrack_cleanup_net_list+0x4f7/0x690
[ 2111.982060][   T35]  report_bug_entry+0xe1/0x290
[ 2111.986795][   T35]  ? nf_conntrack_cleanup_net_list+0x4f7/0x690
[ 2111.992939][   T35]  handle_bug+0x1c9/0x2a0
[ 2111.997241][   T35]  exc_invalid_op+0x17/0x50
[ 2112.001717][   T35]  asm_exc_invalid_op+0x1a/0x20
[ 2112.006536][   T35] RIP: 0010:nf_conntrack_cleanup_net_list+0x4f7/0x690
[ 2112.013267][   T35] Code: 29 c3 48 89 de e8 e9 ad 6e f8 48 85 db 78 0f e8 ff b2 6e f8 e8 fa 8c df 01 e9 0e fc ff ff e8 f0 b2 6e f8 48 8d 3d 19 5f 2d 07 <67> 48 0f b9 3a eb de 4c 8b 6c 24 40 e8 d8 b2 6e f8 48 b8 00 00 00
[ 2112.032845][   T35] RSP: 0018:ffffc90000ab7930 EFLAGS: 00010293
[ 2112.038886][   T35] RAX: 0000000000000000 RBX: fffffffffffffff0 RCX: ffffffff89984857
[ 2112.046828][   T35] RDX: ffff88801fac8000 RSI: ffffffff89984870 RDI: ffffffff90c5a790
[ 2112.054769][   T35] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[ 2112.062714][   T35] R10: fffffffffffffff0 R11: 0000000000000000 R12: 0000000000000001
[ 2112.070667][   T35] R13: 0000000000000001 R14: ffffc90000ab7ac0 R15: dffffc0000000000
[ 2112.078615][   T35]  ? nf_conntrack_cleanup_net_list+0x4d7/0x690
[ 2112.084742][   T35]  ? nf_conntrack_cleanup_net_list+0x4f0/0x690
[ 2112.090868][   T35]  ? nf_conntrack_cleanup_net_list+0x158/0x690
[ 2112.096993][   T35]  ? __pfx_nf_conntrack_cleanup_net_list+0x10/0x10
[ 2112.103465][   T35]  ? nf_conntrack_pernet_exit+0xaa/0x150
[ 2112.109084][   T35]  ? nf_conntrack_pernet_exit+0xaa/0x150
[ 2112.114695][   T35]  ? unregister_sysctl_table+0x52/0x60
[ 2112.120128][   T35]  ? __pfx_nf_conntrack_pernet_exit+0x10/0x10
[ 2112.126168][   T35]  ops_undo_list+0x363/0xab0
[ 2112.130736][   T35]  ? __pfx_ops_undo_list+0x10/0x10
[ 2112.135820][   T35]  ? cleanup_net+0x345/0x830
[ 2112.140385][   T35]  ? idr_destroy+0x62/0x2e0
[ 2112.144864][   T35]  cleanup_net+0x419/0x830
[ 2112.149260][   T35]  ? __pfx_cleanup_net+0x10/0x10
[ 2112.154173][   T35]  ? rcu_is_watching+0x12/0xc0
[ 2112.158911][   T35]  process_one_work+0x9c2/0x1840
[ 2112.163826][   T35]  ? __pfx_process_one_work+0x10/0x10
[ 2112.169175][   T35]  ? assign_work+0x19c/0x250
[ 2112.173745][   T35]  worker_thread+0x5da/0xe40
[ 2112.178312][   T35]  ? kthread+0x17d/0x730
[ 2112.182523][   T35]  ? __pfx_worker_thread+0x10/0x10
[ 2112.187606][   T35]  kthread+0x3b3/0x730
[ 2112.191645][   T35]  ? __pfx_kthread+0x10/0x10
[ 2112.196204][   T35]  ? ret_from_fork+0x79/0xaf0
[ 2112.200853][   T35]  ? ret_from_fork+0x79/0xaf0
[ 2112.205501][   T35]  ? rcu_is_watching+0x12/0xc0
[ 2112.210238][   T35]  ? __pfx_kthread+0x10/0x10
[ 2112.214798][   T35]  ret_from_fork+0x754/0xaf0
[ 2112.219365][   T35]  ? __pfx_ret_from_fork+0x10/0x10
[ 2112.224447][   T35]  ? __switch_to+0x7b9/0x10c0
[ 2112.229099][   T35]  ? __pfx_kthread+0x10/0x10
[ 2112.233659][   T35]  ret_from_fork_asm+0x1a/0x30
[ 2112.238397][   T35]  </TASK>
[ 2112.241658][   T35] Kernel Offset: disabled
[ 2112.245955][   T35] Rebooting in 86400 seconds..