last executing test programs:

11m35.408222625s ago: executing program 1 (id=2):
r0 = io_uring_setup(0x2cf2, &(0x7f0000000200)={0x0, 0x93b0, 0x2, 0x0, 0x315}) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0x18, &(0x7f0000000100)=0x9, 0x4) (async)
io_uring_register$IORING_REGISTER_CLOCK(r0, 0x1d, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000000)={0x200000, 0x200000, 0xa, 0x0, 0x8}) (async)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) (async)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) (async)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) (async)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) (async)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x4084) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) (async)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
bind$can_raw(r5, &(0x7f0000000040), 0x10)
syz_genetlink_get_family_id$nfc(0x0, r6) (async)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r6, 0x0, 0x5000) (async)
sendfile(r4, r4, 0x0, 0x200900)

11m35.241418981s ago: executing program 1 (id=6):
syz_clone(0x80000400, 0x0, 0x0, 0x0, 0x0, 0x0)
setuid(0xee01)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x20, 0x48, 0x0, 0x0, @tick=0x6, {0x40, 0xff}, {0x0, 0x9}, @queue={0xee, {0xf, 0xc98}}}, {0x0, 0xc, 0x0, 0x0, @tick=0xc, {}, {0x80}, @time=@time={0x9, 0x1}}], 0x38)
mremap(&(0x7f0000097000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000264000/0x4000)=nil)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x30004001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8d}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000100)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x40, 0x1000000}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, 0x0, 0x0)
r7 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_G_TUNER(r7, 0xc054561d, &(0x7f0000000140)={0x31f, "13130bfd86c17f9dfa000180007c6691154bc7ec29052b9ec48e707ab8a9910f", 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0xffffffff})
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
migrate_pages(0x0, 0xf, 0x0, 0x0)
mount(&(0x7f0000000140)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='omfs\x00', 0x200008, 0x0)

11m19.971279504s ago: executing program 32 (id=6):
syz_clone(0x80000400, 0x0, 0x0, 0x0, 0x0, 0x0)
setuid(0xee01)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x20, 0x48, 0x0, 0x0, @tick=0x6, {0x40, 0xff}, {0x0, 0x9}, @queue={0xee, {0xf, 0xc98}}}, {0x0, 0xc, 0x0, 0x0, @tick=0xc, {}, {0x80}, @time=@time={0x9, 0x1}}], 0x38)
mremap(&(0x7f0000097000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000264000/0x4000)=nil)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x30004001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8d}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000100)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x40, 0x1000000}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, 0x0, 0x0)
r7 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_G_TUNER(r7, 0xc054561d, &(0x7f0000000140)={0x31f, "13130bfd86c17f9dfa000180007c6691154bc7ec29052b9ec48e707ab8a9910f", 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0xffffffff})
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
migrate_pages(0x0, 0xf, 0x0, 0x0)
mount(&(0x7f0000000140)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='omfs\x00', 0x200008, 0x0)

10m1.458864476s ago: executing program 2 (id=168):
msgget(0x0, 0xb0)
r0 = msgget(0x0, 0x100)
msgrcv(r0, 0x0, 0x1a, 0x1, 0x400)
msgsnd(0x0, &(0x7f0000000240)={0x2}, 0x8, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000180), 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r1, 0xc0045543, &(0x7f0000000d40)=0xfdfdffff)

10m0.558388481s ago: executing program 2 (id=171):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
io_setup(0x239f, 0x0)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
ioperm(0x0, 0x9, 0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f00000002c0), 0x0, 0x0, 0xfffffffffffffffe)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r5=>0x0], &(0x7f0000000340)=[<r6=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r6, r5], 0x2})

9m57.827945823s ago: executing program 2 (id=174):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0xffae, &(0x7f00000011c0)=[{&(0x7f0000000080)="5c00000013006bec9e3be35c6e17aa31076b876c1d0000007ea60864160af36507001ac0043f0202080000eab552a705251e618294ff0051f60a84c9f4d4938037e786a6d0000300000000000200ffffc6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d802, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r2, 0x2c93a000)
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl(r3, 0xfffff000, &(0x7f0000000000))
getpid()

9m55.836439085s ago: executing program 2 (id=178):
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000500)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0x9c, 0x24, 0xf0b, 0x0, 0xfffffffd, {0x0, 0x0, 0x12, r1, {0x0, 0xfff2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x6c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x1, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x8001}]}}]}, 0x9c}}, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
close(r6)
userfaultfd(0x801)
r7 = signalfd(0xffffffffffffffff, &(0x7f00000006c0), 0x8)
mount$9p_fd(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r7])
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r4, 0xf8a29000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x0, 0x40000)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r10 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r11 = openat$tcp_mem(0xffffffffffffff9c, 0x0, 0x1, 0x0)
sendfile(r11, r10, 0x0, 0x3a)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r12, 0x0, 0x40)
socket$qrtr(0x2a, 0x2, 0x0)
r13 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r13, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000000d0a010800000000000000000a00000109000100090000000000000004000380"], 0x24}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)

9m54.032204223s ago: executing program 2 (id=182):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000001d00), 0x1, 0x0)
pwritev(r4, &(0x7f0000001c80)=[{&(0x7f0000000040)="4d2e2eaecfa46d01a216ee", 0xb}], 0x1, 0xd, 0x4)

9m49.668089312s ago: executing program 2 (id=184):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
getrlimit(0x2, &(0x7f0000000080))
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000100)={0x8000, <r2=>0xffffffffffffffff, 'id1\x00'})
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2, 0x10, r2, 0xbecd9000)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x1022002, 0x0)
r4 = dup(r3)
r5 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
sendfile(r4, r5, 0x0, 0x8000fffffffe)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
read$rfkill(r4, &(0x7f0000000000), 0x8)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x29, 0x0, &(0x7f0000000080)="1cfe774b51db25e450390b70e9528ce7db777f0d4a1244964ae5e809f585d853e688204118c6e256ff", 0x0, 0x60ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000183b9220b113420016519a02030109021b00010000000009040000012e459e000905"], 0x0)
sched_setscheduler(r1, 0x0, &(0x7f0000000000)=0x2003)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000001d00), 0x1, 0x0)
r9 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0x68, 0x0, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x4}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "a6d42d454146515880ab98945199f34930457350"}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4000000}, 0x4054)
setsockopt$sock_attach_bpf(r9, 0x84, 0x9, &(0x7f0000000380), 0x98)
pwritev(r8, &(0x7f0000001c80)=[{&(0x7f0000000040)="4d2e2eaecfa46d01a216ee", 0xb}], 0x1, 0xd, 0x4)

9m34.376192181s ago: executing program 33 (id=184):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
getrlimit(0x2, &(0x7f0000000080))
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000100)={0x8000, <r2=>0xffffffffffffffff, 'id1\x00'})
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2, 0x10, r2, 0xbecd9000)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x1022002, 0x0)
r4 = dup(r3)
r5 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
sendfile(r4, r5, 0x0, 0x8000fffffffe)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
read$rfkill(r4, &(0x7f0000000000), 0x8)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x29, 0x0, &(0x7f0000000080)="1cfe774b51db25e450390b70e9528ce7db777f0d4a1244964ae5e809f585d853e688204118c6e256ff", 0x0, 0x60ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000183b9220b113420016519a02030109021b00010000000009040000012e459e000905"], 0x0)
sched_setscheduler(r1, 0x0, &(0x7f0000000000)=0x2003)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000001d00), 0x1, 0x0)
r9 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0x68, 0x0, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x4}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "a6d42d454146515880ab98945199f34930457350"}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4000000}, 0x4054)
setsockopt$sock_attach_bpf(r9, 0x84, 0x9, &(0x7f0000000380), 0x98)
pwritev(r8, &(0x7f0000001c80)=[{&(0x7f0000000040)="4d2e2eaecfa46d01a216ee", 0xb}], 0x1, 0xd, 0x4)

4m7.603832746s ago: executing program 0 (id=734):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000006c0)=ANY=[], 0xfffffffffffffeb0)
open_by_handle_at(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="104a0e00020000000a0000000000000075f2ffbac935463b"], 0x40000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r1, 0x0)
r2 = open(&(0x7f0000000040)='./file0\x00', 0x44200, 0x140)
ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f00000000c0)=@multiplanar_userptr={0x9, 0x1, 0x4, 0x7, 0x8, {0x0, 0x2710}, {0x5, 0x0, 0x3, 0x4, 0xa, 0x3, "c2a415ad"}, 0x9, 0x2, {&(0x7f0000000300)=[{0x10001, 0x1, {&(0x7f00000001c0)}}, {0x8, 0xaba, {&(0x7f0000000200)}, 0xf9}]}, 0x7, 0x0, r2})
syz_open_procfs(0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x7fffffff, &(0x7f0000006680))
shmdt(0x0)
syz_open_procfs(0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b927, 0x25dfdc01, {0x0, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x3, 0x7, 0x8, 0x0, 0x2}, 0xfffffffe, 0x1, 0xffffffff, 0x0, 0xe9, 0x14, 0xc, 0xc, 0x0, 0x7, {0x4, 0xfac0, 0x8, 0x3, 0x3, 0xffffffff}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="30000000190001000000000000000000021800000000ff000000000008000100ac1414000c0009"], 0x30}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_io_uring_setup(0x689c, &(0x7f0000000540)={0x0, 0x7a7, 0x10100, 0x0, 0x37}, &(0x7f00000005c0)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r6, r7, &(0x7f0000000600)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x40, 0x0, r8, 0x0, &(0x7f0000000000)="bd", 0x1, 0x100, 0x1})
io_uring_enter(r5, 0x46f3, 0x0, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r9 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'virt_wifi0\x00', <r10=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e00300002800800010010000000100005800a120400aaaaaaaaaabb000008000300030000000a000400aaaaaaaab1aa000008000500", @ANYRES16=r10], 0x68}, 0x1, 0x0, 0x0, 0x4010}, 0x8667f7fc7455970c)
dup3(0xffffffffffffffff, r0, 0x0)

4m7.168098079s ago: executing program 0 (id=735):
r0 = syz_open_dev$sndpcmp(&(0x7f0000000300), 0x1, 0x203)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r0, 0xc1004110, &(0x7f0000000000)={0x0, [0x2, 0xffff133a, 0x5], [{0x0, 0xffffffff}, {0x8, 0xffffffff}, {0x0, 0xffff}, {0x0, 0x1}, {0x80000004, 0xfffffe00}, {}, {0x5}, {0x5}, {0x0, 0x2}, {0x0, 0x1}, {0x0, 0xffffffff}], 0x2, 0x0, 0x0, 0x8000000})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="e40000001000010400400000000000000000ffff", @ANYRES32=0x0, @ANYBLOB="0891040000000000b000128009000100766c616e00000000a00002800400048040000380860001002d0a0000030000000e00010009000000080000000200010035570000030000000c00010009000000f00000000c0001000300000006000000580004800c000100f9ffffff65e200000c00010048000000f80e00000c00010000000000000000000c0001003bf00000150000ed7da2680005000000080000000c00010003000000040000000c000100480000008100000014000300766c616e30"], 0xe4}}, 0x0)

4m6.008857716s ago: executing program 0 (id=738):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000240)={0x13, 0x10, 0x7, {0x0, 0xffffffffffffffff, 0x3}}, 0x18)

4m5.692657712s ago: executing program 0 (id=740):
r0 = socket(0xa, 0x3, 0xff)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000200)=0x7, 0x4)
recvmmsg(r0, &(0x7f0000008b00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/6, 0x6}, 0xfffffffc}], 0x1, 0x40000102, 0x0) (fail_nth: 2)
syz_emit_ethernet(0x42, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c89000c2c0120010000000000000000000000000001fe8000000000000000000000000000aaff"], 0x0)

4m3.088845122s ago: executing program 0 (id=742):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r1, 0xf501, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000080)={0xc000003, 0x400000000000025b, &(0x7f0000000580)=[0x1f, 0x8004, 0x3, 0x9, 0x9, 0x1ed, 0x2, 0x4, 0xbb, 0x7, 0x2070, 0xfffff407, 0xfffffff7, 0x1ac, 0xfffffff8], 0x0, 0x4})

4m3.01492583s ago: executing program 0 (id=743):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010004b0400000000000002007a000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012800b000100627269646765"], 0x3c}}, 0x0)

3m47.837665244s ago: executing program 34 (id=743):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010004b0400000000000002007a000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012800b000100627269646765"], 0x3c}}, 0x0)

5.059212556s ago: executing program 4 (id=1075):
syz_open_dev$I2C(0x0, 0x1, 0x2603)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000001c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)

4.602575962s ago: executing program 3 (id=1077):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), r3)
sendmsg$IEEE802154_LLSEC_LIST_KEY(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x14, r4, 0x325}, 0x14}}, 0x0)

3.474987839s ago: executing program 3 (id=1078):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x1, 0xffffffffffffffff, 0x4}}, 0x28)

2.933349134s ago: executing program 3 (id=1079):
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000600)={@cgroup, 0xffffffffffffffff, 0x28}, 0x20)
r0 = io_uring_setup(0x2844, &(0x7f0000000840)={0x0, 0x9a3d, 0x800, 0x1, 0x151})
io_uring_register$IORING_REGISTER_BUFFERS2(r0, 0xf, &(0x7f0000002400)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f00000026c0)={0x1, 0x0, &(0x7f0000000600), 0x0, 0x2}, 0x20)

2.93147217s ago: executing program 4 (id=1080):
r0 = syz_io_uring_setup(0x315b, &(0x7f0000000140)={0x0, 0xc7ca, 0x42, 0x0, 0x7a}, &(0x7f0000000240), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f00000001c0), 0x0)

2.860164257s ago: executing program 3 (id=1081):
r0 = io_uring_setup(0x2cf2, &(0x7f0000000200)={0x0, 0x93b0, 0x2, 0x0, 0x315})
io_uring_register$IORING_REGISTER_CLOCK(r0, 0x1d, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendfile(r2, r2, 0x0, 0x200900)

1.370223295s ago: executing program 4 (id=1082):
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)=ANY=[@ANYBLOB="0213f803030000002cbd7000fddbdf250100", @ANYRES64=r0], 0x18}}, 0x2080)

1.336486312s ago: executing program 3 (id=1083):
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0)
ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, &(0x7f0000000a40)={&(0x7f0000000380)=[{0x3, 0x6000, 0x22, &(0x7f00000001c0)="74f2f0b618c985b53cb668ea6161e5001843c87830126f22589ce4a218ee4d7526e6"}, {0x8, 0x2a19, 0x0, 0x0}], 0x2})

1.196686766s ago: executing program 4 (id=1084):
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a001fffffffff7f00000000800000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\b\x00', @ANYRES32=r0], 0x24}}, 0x0)

1.100136346s ago: executing program 4 (id=1085):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff)
syz_genetlink_get_family_id$tipc(0x0, r0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c045}, 0x24000004)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
close(r1)

219.044447ms ago: executing program 4 (id=1086):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = socket(0x28, 0x5, 0x0)
r1 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r1, 0x4)
connect$vsock_stream(r0, &(0x7f0000000080), 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
close(r2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x18, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000000ffffff80e500020000000000c500fcff000000007f00feffd100000095"], &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r2}, 0x18)
sendmmsg(r0, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1b", 0x1}], 0x1}}], 0x1, 0x0)

0s ago: executing program 3 (id=1087):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_io_uring_setup(0xc8f, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
io_uring_register$IORING_REGISTER_NAPI(r1, 0x1b, &(0x7f0000000280)={0x80, 0x44}, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
close(r0)
lsetxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x0, 0x2)

kernel console output (not intermixed with test programs):

80
[  537.552689][ T8708]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  537.552710][ T8708]  ? trace_irq_disable+0x37/0x100
[  537.552733][ T8708]  ? clear_bhb_loop+0x60/0xb0
[  537.552760][ T8708]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  537.552792][ T8708] RIP: 0033:0x7fabc1fbf749
[  537.552811][ T8708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  537.552829][ T8708] RSP: 002b:00007fabc0226038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  537.552851][ T8708] RAX: ffffffffffffffda RBX: 00007fabc2215fa0 RCX: 00007fabc1fbf749
[  537.552867][ T8708] RDX: 0000200000000040 RSI: 000000004018aebd RDI: 0000000000000004
[  537.552881][ T8708] RBP: 00007fabc0226090 R08: 0000000000000000 R09: 0000000000000000
[  537.552894][ T8708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  537.552906][ T8708] R13: 00007fabc2216038 R14: 00007fabc2215fa0 R15: 00007ffdaf9d3808
[  537.552941][ T8708]  </TASK>
[  537.552966][ T8708] ERROR: Out of memory at tomoyo_realpath_from_path.
[  539.159208][ T8678] Bluetooth: hci5: command tx timeout
[  539.946065][   T45] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  540.594996][ T8301] veth0_macvtap: entered promiscuous mode
[  540.665808][ T8301] veth1_macvtap: entered promiscuous mode
[  541.461034][ T8678] Bluetooth: hci5: command tx timeout
[  541.814402][   T45] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  541.909266][ T6012] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  541.974640][ T8301] batman_adv: batadv0: Interface activated: batadv_slave_0
[  541.978304][ T8745] netlink: 8 bytes leftover after parsing attributes in process `syz.3.715'.
[  542.012174][   T37] kauditd_printk_skb: 9 callbacks suppressed
[  542.012194][   T37] audit: type=1326 audit(1766743197.154:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8743 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  542.012497][   T37] audit: type=1326 audit(1766743197.154:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8743 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  542.012894][   T37] audit: type=1326 audit(1766743197.154:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8743 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  542.013794][   T37] audit: type=1326 audit(1766743197.154:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8743 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  542.014096][   T37] audit: type=1326 audit(1766743197.154:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8743 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  542.014565][   T37] audit: type=1326 audit(1766743197.154:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8743 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=451 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  542.014899][   T37] audit: type=1326 audit(1766743197.154:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8743 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  542.015214][   T37] audit: type=1326 audit(1766743197.154:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8743 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  542.015538][   T37] audit: type=1326 audit(1766743197.154:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8743 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  542.015901][   T37] audit: type=1326 audit(1766743197.154:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8743 comm="syz.3.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  542.069181][ T6012] usb 1-1: Using ep0 maxpacket: 32
[  543.158128][   T45] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.205948][ T8753] FAULT_INJECTION: forcing a failure.
[  543.205948][ T8753] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  543.205987][ T8753] CPU: 0 UID: 0 PID: 8753 Comm: syz.4.717 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  543.206016][ T8753] Tainted: [L]=SOFTLOCKUP
[  543.206024][ T8753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  543.206043][ T8753] Call Trace:
[  543.206050][ T8753]  <TASK>
[  543.206056][ T8753]  dump_stack_lvl+0xe8/0x150
[  543.206098][ T8753]  should_fail_ex+0x46c/0x600
[  543.206143][ T8753]  _copy_from_user+0x2d/0xb0
[  543.206167][ T8753]  sctp_setsockopt+0x1c4/0x12c0
[  543.206198][ T8753]  ? sock_common_setsockopt+0x36/0xc0
[  543.206237][ T8753]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  543.206254][ T8753]  do_sock_setsockopt+0x17c/0x1b0
[  543.206297][ T8753]  __x64_sys_setsockopt+0x145/0x1b0
[  543.206332][ T8753]  do_syscall_64+0xec/0xf80
[  543.206353][ T8753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.206373][ T8753]  ? trace_irq_disable+0x37/0x100
[  543.206400][ T8753]  ? clear_bhb_loop+0x60/0xb0
[  543.206419][ T8753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.206434][ T8753] RIP: 0033:0x7f590913f749
[  543.206466][ T8753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  543.206484][ T8753] RSP: 002b:00007f59073a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  543.206507][ T8753] RAX: ffffffffffffffda RBX: 00007f5909395fa0 RCX: 00007f590913f749
[  543.206522][ T8753] RDX: 0000000000000071 RSI: 0000000000000084 RDI: 0000000000000003
[  543.206534][ T8753] RBP: 00007f59073a6090 R08: 0000000000000008 R09: 0000000000000000
[  543.206547][ T8753] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  543.206560][ T8753] R13: 00007f5909396038 R14: 00007f5909395fa0 R15: 00007fff1ae6e458
[  543.206591][ T8753]  </TASK>
[  543.440655][ T8749] netlink: 4076 bytes leftover after parsing attributes in process `syz.3.715'.
[  543.478905][ T8301] batman_adv: batadv0: Interface activated: batadv_slave_1
[  543.527539][ T2825] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  543.527861][ T2825] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  543.527903][ T2825] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  543.527941][ T2825] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  543.856426][ T6012] usb 1-1: unable to get BOS descriptor or descriptor too short
[  543.857535][ T6012] usb 1-1: unable to read config index 0 descriptor/start: -71
[  543.857571][ T6012] usb 1-1: can't read configurations, error -71
[  544.489427][ T6012] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  544.663576][ T6012] usb 1-1: Using ep0 maxpacket: 32
[  544.675924][ T6012] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  544.716176][ T6012] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  544.716207][ T6012] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  544.716227][ T6012] usb 1-1: Product: syz
[  544.716242][ T6012] usb 1-1: Manufacturer: syz
[  544.716257][ T6012] usb 1-1: SerialNumber: syz
[  545.098710][ T6012] usb 1-1: config 0 descriptor??
[  545.354394][ T6012] usb 1-1: bad CDC descriptors
[  545.355182][ T6012] usb 1-1: unsupported MDLM descriptors
[  545.389694][ T8676] chnl_net:caif_netlink_parms(): no params data found
[  545.550716][ T6687] usb 1-1: USB disconnect, device number 26
[  545.892647][ T3530] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  545.892669][ T3530] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  545.989326][ T6687] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  546.158442][ T8775] FAULT_INJECTION: forcing a failure.
[  546.158442][ T8775] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  546.158482][ T8775] CPU: 1 UID: 0 PID: 8775 Comm: syz.4.722 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  546.158512][ T8775] Tainted: [L]=SOFTLOCKUP
[  546.158520][ T8775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  546.158533][ T8775] Call Trace:
[  546.158541][ T8775]  <TASK>
[  546.158550][ T8775]  dump_stack_lvl+0xe8/0x150
[  546.158586][ T8775]  should_fail_ex+0x46c/0x600
[  546.158621][ T8775]  _copy_from_iter+0x1cd/0x1630
[  546.158660][ T8775]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  546.158696][ T8775]  ? __pfx__copy_from_iter+0x10/0x10
[  546.158735][ T8775]  ? set_page_refcounted+0xa0/0x1e0
[  546.158758][ T8775]  ? page_copy_sane+0x4e/0x280
[  546.158793][ T8775]  copy_page_from_iter+0xdd/0x170
[  546.158830][ T8775]  tun_get_user+0x1d40/0x3de0
[  546.158864][ T8775]  ? tun_get_user+0x6fc/0x3de0
[  546.158914][ T8775]  ? __pfx_tun_get_user+0x10/0x10
[  546.158944][ T8775]  ? __lock_acquire+0x6b6/0x2cf0
[  546.158978][ T8775]  ? kstrtoull+0x12f/0x1d0
[  546.159015][ T8775]  ? ref_tracker_alloc+0x2fe/0x450
[  546.159045][ T8775]  ? get_pid_task+0x20/0x1f0
[  546.159076][ T8775]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  546.159109][ T8775]  ? tun_get+0x1c/0x2f0
[  546.159135][ T8775]  ? tun_get+0x1c/0x2f0
[  546.159166][ T8775]  ? tun_get+0x1c/0x2f0
[  546.159191][ T8775]  ? tun_get+0x1c/0x2f0
[  546.159222][ T8775]  tun_chr_write_iter+0x119/0x200
[  546.159252][ T8775]  vfs_write+0x5d5/0xb40
[  546.159286][ T8775]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  546.159314][ T8775]  ? __pfx_vfs_write+0x10/0x10
[  546.159355][ T8775]  ? __fget_files+0x2a/0x420
[  546.159388][ T8775]  ksys_write+0x14b/0x260
[  546.159423][ T8775]  ? __pfx_ksys_write+0x10/0x10
[  546.159474][ T8775]  do_syscall_64+0xec/0xf80
[  546.159496][ T8775]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.159518][ T8775]  ? trace_irq_disable+0x37/0x100
[  546.159541][ T8775]  ? clear_bhb_loop+0x60/0xb0
[  546.159568][ T8775]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.159590][ T8775] RIP: 0033:0x7f590913e1ff
[  546.159610][ T8775] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  546.159629][ T8775] RSP: 002b:00007f59073a6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  546.159652][ T8775] RAX: ffffffffffffffda RBX: 00007f5909395fa0 RCX: 00007f590913e1ff
[  546.159668][ T8775] RDX: 000000000000007e RSI: 0000200000000180 RDI: 00000000000000c8
[  546.159682][ T8775] RBP: 00007f59073a6090 R08: 0000000000000000 R09: 0000000000000000
[  546.159696][ T8775] R10: 000000000000007e R11: 0000000000000293 R12: 0000000000000001
[  546.159708][ T8775] R13: 00007f5909396038 R14: 00007f5909395fa0 R15: 00007fff1ae6e458
[  546.159743][ T8775]  </TASK>
[  546.159972][ T6687] usb 4-1: Using ep0 maxpacket: 16
[  546.244167][ T6687] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  546.244205][ T6687] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  546.244245][ T6687] usb 4-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00
[  546.244269][ T6687] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  546.249799][ T8676] bridge0: port 1(bridge_slave_0) entered blocking state
[  546.250516][ T8676] bridge0: port 1(bridge_slave_0) entered disabled state
[  546.251218][ T8676] bridge_slave_0: entered allmulticast mode
[  546.294876][ T8676] bridge_slave_0: entered promiscuous mode
[  546.371466][ T6687] usb 4-1: config 0 descriptor??
[  546.462111][ T8676] bridge0: port 2(bridge_slave_1) entered blocking state
[  546.462431][ T8676] bridge0: port 2(bridge_slave_1) entered disabled state
[  546.490415][ T8676] bridge_slave_1: entered allmulticast mode
[  546.497884][ T8676] bridge_slave_1: entered promiscuous mode
[  546.696299][ T3092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  546.696322][ T3092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  546.699712][   T45] bridge_slave_1: left allmulticast mode
[  546.699749][   T45] bridge_slave_1: left promiscuous mode
[  546.700207][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  546.984396][ T6687] uclogic 0003:5543:0064.0005: hidraw0: USB HID v0.05 Device [HID 5543:0064] on usb-dummy_hcd.3-1/input0
[  547.128747][ T6687] usb 4-1: USB disconnect, device number 32
[  547.257720][   T45] bridge_slave_0: left allmulticast mode
[  547.258033][   T45] bridge_slave_0: left promiscuous mode
[  547.298343][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  548.891585][ T5117] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  548.912164][ T5117] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  548.913580][ T5117] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  548.914764][ T5117] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  548.915554][ T5117] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  551.714427][ T5117] Bluetooth: hci4: command tx timeout
[  554.109512][ T8678] Bluetooth: hci4: command tx timeout
[  554.180170][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  554.275904][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  554.313488][   T45] bond0 (unregistering): Released all slaves
[  555.032879][ T8676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  555.907595][ T8817] netlink: 36 bytes leftover after parsing attributes in process `syz.0.735'.
[  555.907622][ T8817] netlink: 60 bytes leftover after parsing attributes in process `syz.0.735'.
[  556.136389][ T8676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  556.137708][ T8817] vlan0: entered promiscuous mode
[  556.199258][ T5117] Bluetooth: hci4: command tx timeout
[  557.487871][ T8676] team0: Port device team_slave_0 added
[  557.510461][ T8676] team0: Port device team_slave_1 added
[  557.519717][ T8837] FAULT_INJECTION: forcing a failure.
[  557.519717][ T8837] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  557.519880][ T8837] CPU: 0 UID: 0 PID: 8837 Comm: syz.0.740 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  557.519961][ T8837] Tainted: [L]=SOFTLOCKUP
[  557.519984][ T8837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  557.520017][ T8837] Call Trace:
[  557.520048][ T8837]  <TASK>
[  557.520071][ T8837]  dump_stack_lvl+0xe8/0x150
[  557.520165][ T8837]  should_fail_ex+0x46c/0x600
[  557.520293][ T8837]  _copy_to_user+0x31/0xb0
[  557.520344][ T8837]  simple_read_from_buffer+0xe1/0x170
[  557.520419][ T8837]  proc_fail_nth_read+0x1b6/0x220
[  557.520516][ T8837]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  557.520619][ T8837]  ? rw_verify_area+0x2ac/0x4e0
[  557.520706][ T8837]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  557.520792][ T8837]  vfs_read+0x206/0xa30
[  557.520897][ T8837]  ? __pfx_vfs_read+0x10/0x10
[  557.520985][ T8837]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  557.521049][ T8837]  ? lockdep_hardirqs_on+0x7b/0x110
[  557.521104][ T8837]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  557.521166][ T8837]  ? mutex_lock_nested+0x154/0x1d0
[  557.521235][ T8837]  ? fdget_pos+0x253/0x320
[  557.521330][ T8837]  ksys_read+0x14b/0x260
[  557.521437][ T8837]  ? __pfx_ksys_read+0x10/0x10
[  557.521554][ T8837]  do_syscall_64+0xec/0xf80
[  557.521609][ T8837]  ? rcu_is_watching+0x15/0xb0
[  557.521656][ T8837]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.521719][ T8837]  ? clear_bhb_loop+0x60/0xb0
[  557.521785][ T8837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.521847][ T8837] RIP: 0033:0x7fabc1fbe15c
[  557.521893][ T8837] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  557.521944][ T8837] RSP: 002b:00007fabc0226030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  557.522008][ T8837] RAX: ffffffffffffffda RBX: 00007fabc2215fa0 RCX: 00007fabc1fbe15c
[  557.522061][ T8837] RDX: 000000000000000f RSI: 00007fabc02260a0 RDI: 0000000000000004
[  557.522095][ T8837] RBP: 00007fabc0226090 R08: 0000000000000000 R09: 0000000000000000
[  557.522128][ T8837] R10: 0000000040000102 R11: 0000000000000246 R12: 0000000000000001
[  557.522161][ T8837] R13: 00007fabc2216038 R14: 00007fabc2215fa0 R15: 00007ffdaf9d3808
[  557.522250][ T8837]  </TASK>
[  558.857122][ T5117] Bluetooth: hci4: command tx timeout
[  559.315471][ T8848] netlink: 12 bytes leftover after parsing attributes in process `syz.0.743'.
[  559.379300][   T45] hsr_slave_0: left promiscuous mode
[  559.399428][   T45] hsr_slave_1: left promiscuous mode
[  559.400695][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  559.400721][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  559.450954][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  559.450983][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  559.557794][   T45] veth1_macvtap: left promiscuous mode
[  559.557873][   T45] veth0_macvtap: left promiscuous mode
[  559.558033][   T45] veth1_vlan: left promiscuous mode
[  559.558145][   T45] veth0_vlan: left promiscuous mode
[  561.880778][ T8860] FAULT_INJECTION: forcing a failure.
[  561.880778][ T8860] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  561.880818][ T8860] CPU: 1 UID: 0 PID: 8860 Comm: syz.4.744 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  561.880847][ T8860] Tainted: [L]=SOFTLOCKUP
[  561.880854][ T8860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  561.880867][ T8860] Call Trace:
[  561.880875][ T8860]  <TASK>
[  561.880884][ T8860]  dump_stack_lvl+0xe8/0x150
[  561.880918][ T8860]  should_fail_ex+0x46c/0x600
[  561.880955][ T8860]  _copy_from_user+0x2d/0xb0
[  561.880977][ T8860]  ucma_resolve_route+0x89/0x2b0
[  561.881007][ T8860]  ? __pfx_ucma_resolve_route+0x10/0x10
[  561.881045][ T8860]  ucma_write+0x252/0x2f0
[  561.881074][ T8860]  ? __pfx_ucma_write+0x10/0x10
[  561.881103][ T8860]  ? rw_verify_area+0x25b/0x4e0
[  561.881133][ T8860]  ? __pfx_ucma_write+0x10/0x10
[  561.881160][ T8860]  vfs_write+0x287/0xb40
[  561.881199][ T8860]  ? __pfx_vfs_write+0x10/0x10
[  561.881232][ T8860]  ? __fget_files+0x2a/0x420
[  561.881259][ T8860]  ? __fget_files+0x2a/0x420
[  561.881280][ T8860]  ? __fget_files+0x3a6/0x420
[  561.881302][ T8860]  ? __fget_files+0x2a/0x420
[  561.881335][ T8860]  ksys_write+0x14b/0x260
[  561.881368][ T8860]  ? __pfx_ksys_write+0x10/0x10
[  561.881412][ T8860]  do_syscall_64+0xec/0xf80
[  561.881433][ T8860]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.881459][ T8860]  ? trace_irq_disable+0x37/0x100
[  561.881481][ T8860]  ? clear_bhb_loop+0x60/0xb0
[  561.881507][ T8860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.881528][ T8860] RIP: 0033:0x7f590913f749
[  561.881548][ T8860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  561.881566][ T8860] RSP: 002b:00007f59073a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  561.881588][ T8860] RAX: ffffffffffffffda RBX: 00007f5909395fa0 RCX: 00007f590913f749
[  561.881604][ T8860] RDX: 0000000000000010 RSI: 0000200000000680 RDI: 0000000000000003
[  561.881617][ T8860] RBP: 00007f59073a6090 R08: 0000000000000000 R09: 0000000000000000
[  561.881630][ T8860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  561.881642][ T8860] R13: 00007f5909396038 R14: 00007f5909395fa0 R15: 00007fff1ae6e458
[  561.881682][ T8860]  </TASK>
[  568.038668][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  568.038740][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  570.325108][ T8886] FAULT_INJECTION: forcing a failure.
[  570.325108][ T8886] name failslab, interval 1, probability 0, space 0, times 0
[  570.325136][ T8886] CPU: 0 UID: 0 PID: 8886 Comm: syz.4.755 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  570.325157][ T8886] Tainted: [L]=SOFTLOCKUP
[  570.325162][ T8886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  570.325172][ T8886] Call Trace:
[  570.325177][ T8886]  <TASK>
[  570.325201][ T8886]  dump_stack_lvl+0xe8/0x150
[  570.325227][ T8886]  should_fail_ex+0x46c/0x600
[  570.325251][ T8886]  should_failslab+0xa8/0x100
[  570.325268][ T8886]  __kmalloc_noprof+0xe0/0x7e0
[  570.325294][ T8886]  ? tomoyo_encode+0x28b/0x550
[  570.325313][ T8886]  tomoyo_encode+0x28b/0x550
[  570.325331][ T8886]  tomoyo_realpath_from_path+0x58d/0x5d0
[  570.325349][ T8886]  ? tomoyo_domain+0xd9/0x130
[  570.325368][ T8886]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  570.325390][ T8886]  tomoyo_path_number_perm+0x1e8/0x5a0
[  570.325414][ T8886]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  570.325435][ T8886]  ? __lock_acquire+0x6b6/0x2cf0
[  570.325458][ T8886]  ? do_raw_spin_lock+0x121/0x290
[  570.325500][ T8886]  ? __fget_files+0x2a/0x420
[  570.325519][ T8886]  ? __fget_files+0x2a/0x420
[  570.325534][ T8886]  ? __fget_files+0x3a6/0x420
[  570.325549][ T8886]  ? __fget_files+0x2a/0x420
[  570.325568][ T8886]  security_file_ioctl+0xcb/0x2d0
[  570.325593][ T8886]  __se_sys_ioctl+0x47/0x170
[  570.325616][ T8886]  do_syscall_64+0xec/0xf80
[  570.325632][ T8886]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.325647][ T8886]  ? trace_irq_disable+0x37/0x100
[  570.325664][ T8886]  ? clear_bhb_loop+0x60/0xb0
[  570.325684][ T8886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.325699][ T8886] RIP: 0033:0x7f590913f749
[  570.325713][ T8886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  570.325726][ T8886] RSP: 002b:00007f59073a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  570.325742][ T8886] RAX: ffffffffffffffda RBX: 00007f5909395fa0 RCX: 00007f590913f749
[  570.325754][ T8886] RDX: 0000200000000100 RSI: 000000004140aecd RDI: 0000000000000005
[  570.325765][ T8886] RBP: 00007f59073a6090 R08: 0000000000000000 R09: 0000000000000000
[  570.325774][ T8886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  570.325784][ T8886] R13: 00007f5909396038 R14: 00007f5909395fa0 R15: 00007fff1ae6e458
[  570.325808][ T8886]  </TASK>
[  570.325822][ T8886] ERROR: Out of memory at tomoyo_realpath_from_path.
[  572.980143][   T45] team0 (unregistering): Port device team_slave_1 removed
[  573.286300][   T45] team0 (unregistering): Port device team_slave_0 removed
[  574.566965][ T8678] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  574.584053][ T8678] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  574.627319][ T8678] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  574.637616][ T8678] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  574.638507][ T8678] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  575.908688][ T8878] bond1: option arp_all_targets: invalid value (238)
[  575.936445][ T8878] bond1 (unregistering): Released all slaves
[  575.989473][ T8893] tipc: Started in network mode
[  575.989498][ T8893] tipc: Node identity 4, cluster identity 4711
[  575.989512][ T8893] tipc: Node number set to 4
[  576.059307][ T8676] batman_adv: batadv0: Adding interface: batadv_slave_0
[  576.059327][ T8676] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  576.059358][ T8676] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  576.152990][ T8676] batman_adv: batadv0: Adding interface: batadv_slave_1
[  576.153010][ T8676] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  576.153039][ T8676] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  576.858660][ T8678] Bluetooth: hci3: command tx timeout
[  576.992947][ T8906] netlink: 8 bytes leftover after parsing attributes in process `syz.3.761'.
[  576.997057][   T37] kauditd_printk_skb: 11 callbacks suppressed
[  576.997069][   T37] audit: type=1326 audit(1766743232.134:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8903 comm="syz.3.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  576.997375][   T37] audit: type=1326 audit(1766743232.134:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8903 comm="syz.3.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  576.997614][   T37] audit: type=1326 audit(1766743232.134:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8903 comm="syz.3.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  576.998293][   T37] audit: type=1326 audit(1766743232.134:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8903 comm="syz.3.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  576.998570][   T37] audit: type=1326 audit(1766743232.134:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8903 comm="syz.3.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  576.999843][   T37] audit: type=1326 audit(1766743232.134:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8903 comm="syz.3.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=451 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  576.999895][   T37] audit: type=1326 audit(1766743232.144:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8903 comm="syz.3.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  576.999940][   T37] audit: type=1326 audit(1766743232.144:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8903 comm="syz.3.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  577.069635][   T37] audit: type=1326 audit(1766743232.214:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8903 comm="syz.3.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  577.287379][   T37] audit: type=1326 audit(1766743232.404:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8903 comm="syz.3.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  577.652137][ T8676] hsr_slave_0: entered promiscuous mode
[  577.653789][ T8676] hsr_slave_1: entered promiscuous mode
[  577.654861][ T8676] debugfs: 'hsr0' already exists in 'hsr'
[  577.654887][ T8676] Cannot create hsr debugfs directory
[  578.910667][ T8678] Bluetooth: hci3: command tx timeout
[  579.220874][ T8787] chnl_net:caif_netlink_parms(): no params data found
[  580.459978][ T8944] netlink: 'syz.3.770': attribute type 10 has an invalid length.
[  580.514050][ T8945] netlink: 'syz.3.770': attribute type 10 has an invalid length.
[  580.747864][ T8944] dummy0: entered promiscuous mode
[  580.748068][ T8944] dummy0: entered allmulticast mode
[  580.750975][ T8944] team0: Port device dummy0 added
[  580.759187][ T8945] dummy0: left promiscuous mode
[  580.759775][ T8945] dummy0: left allmulticast mode
[  580.790962][ T8945] team0: Port device dummy0 removed
[  580.795220][ T8945] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  580.817176][ T8895] chnl_net:caif_netlink_parms(): no params data found
[  580.918644][ T8951] Invalid source name
[  580.918682][ T8951] UBIFS error (pid: 8951): cannot open "/dev/sg0", error -22
[  581.009510][ T8678] Bluetooth: hci3: command tx timeout
[  581.076037][   T45] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.596290][ T8678] Bluetooth: hci3: command tx timeout
[  583.912392][   T45] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  584.100595][ T8787] bridge0: port 1(bridge_slave_0) entered blocking state
[  584.100814][ T8787] bridge0: port 1(bridge_slave_0) entered disabled state
[  584.101097][ T8787] bridge_slave_0: entered allmulticast mode
[  584.103853][ T8787] bridge_slave_0: entered promiscuous mode
[  584.158906][ T8787] bridge0: port 2(bridge_slave_1) entered blocking state
[  584.159039][ T8787] bridge0: port 2(bridge_slave_1) entered disabled state
[  584.174032][ T8787] bridge_slave_1: entered allmulticast mode
[  584.176811][ T8787] bridge_slave_1: entered promiscuous mode
[  584.371825][   T45] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  585.293626][   T45] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  585.346278][ T8787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  585.550016][ T8983] FAULT_INJECTION: forcing a failure.
[  585.550016][ T8983] name failslab, interval 1, probability 0, space 0, times 0
[  585.550054][ T8983] CPU: 1 UID: 0 PID: 8983 Comm: syz.3.782 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  585.550082][ T8983] Tainted: [L]=SOFTLOCKUP
[  585.550089][ T8983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  585.550102][ T8983] Call Trace:
[  585.550116][ T8983]  <TASK>
[  585.550126][ T8983]  dump_stack_lvl+0xe8/0x150
[  585.550161][ T8983]  should_fail_ex+0x46c/0x600
[  585.550195][ T8983]  should_failslab+0xa8/0x100
[  585.550219][ T8983]  __kmalloc_noprof+0xe0/0x7e0
[  585.550253][ T8983]  ? tomoyo_encode+0x28b/0x550
[  585.550280][ T8983]  tomoyo_encode+0x28b/0x550
[  585.550307][ T8983]  tomoyo_realpath_from_path+0x58d/0x5d0
[  585.550331][ T8983]  ? tomoyo_domain+0xd9/0x130
[  585.550359][ T8983]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  585.550391][ T8983]  tomoyo_path_number_perm+0x1e8/0x5a0
[  585.550425][ T8983]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  585.550453][ T8983]  ? __lock_acquire+0x6b6/0x2cf0
[  585.550486][ T8983]  ? do_raw_spin_lock+0x121/0x290
[  585.550545][ T8983]  ? __fget_files+0x2a/0x420
[  585.550572][ T8983]  ? __fget_files+0x2a/0x420
[  585.550593][ T8983]  ? __fget_files+0x3a6/0x420
[  585.550614][ T8983]  ? __fget_files+0x2a/0x420
[  585.550642][ T8983]  security_file_ioctl+0xcb/0x2d0
[  585.550676][ T8983]  __se_sys_ioctl+0x47/0x170
[  585.550709][ T8983]  do_syscall_64+0xec/0xf80
[  585.550729][ T8983]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.550750][ T8983]  ? trace_irq_disable+0x37/0x100
[  585.550779][ T8983]  ? clear_bhb_loop+0x60/0xb0
[  585.550824][ T8983]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.550846][ T8983] RIP: 0033:0x7f126ba6f749
[  585.550875][ T8983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  585.550896][ T8983] RSP: 002b:00007f1269cce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  585.550919][ T8983] RAX: ffffffffffffffda RBX: 00007f126bcc5fa0 RCX: 00007f126ba6f749
[  585.550934][ T8983] RDX: 0000200000001a40 RSI: 000000004188aec6 RDI: 0000000000000004
[  585.550949][ T8983] RBP: 00007f1269cce090 R08: 0000000000000000 R09: 0000000000000000
[  585.550962][ T8983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  585.550974][ T8983] R13: 00007f126bcc6038 R14: 00007f126bcc5fa0 R15: 00007ffd9c204358
[  585.551010][ T8983]  </TASK>
[  585.551030][ T8983] ERROR: Out of memory at tomoyo_realpath_from_path.
[  585.613913][ T8787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  585.616982][ T8895] bridge0: port 1(bridge_slave_0) entered blocking state
[  585.630858][ T8895] bridge0: port 1(bridge_slave_0) entered disabled state
[  585.631631][ T8895] bridge_slave_0: entered allmulticast mode
[  585.655531][ T8895] bridge_slave_0: entered promiscuous mode
[  586.050265][ T8895] bridge0: port 2(bridge_slave_1) entered blocking state
[  586.050394][ T8895] bridge0: port 2(bridge_slave_1) entered disabled state
[  586.050649][ T8895] bridge_slave_1: entered allmulticast mode
[  586.053879][ T8895] bridge_slave_1: entered promiscuous mode
[  588.301336][ T8787] team0: Port device team_slave_0 added
[  588.585980][ T8787] team0: Port device team_slave_1 added
[  588.627976][ T8895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  588.855796][ T8895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  588.997710][ T8999] FAULT_INJECTION: forcing a failure.
[  588.997710][ T8999] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  588.997748][ T8999] CPU: 0 UID: 0 PID: 8999 Comm: syz.3.787 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  588.997777][ T8999] Tainted: [L]=SOFTLOCKUP
[  588.997785][ T8999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  588.997797][ T8999] Call Trace:
[  588.997805][ T8999]  <TASK>
[  588.997814][ T8999]  dump_stack_lvl+0xe8/0x150
[  588.997850][ T8999]  should_fail_ex+0x46c/0x600
[  588.997885][ T8999]  _copy_from_user+0x2d/0xb0
[  588.997908][ T8999]  sctp_getsockopt_scheduler+0xb8/0x2a0
[  588.997940][ T8999]  ? __local_bh_enable+0x1e2/0x2f0
[  588.997968][ T8999]  ? __pfx_sctp_getsockopt_scheduler+0x10/0x10
[  588.998000][ T8999]  ? __local_bh_enable_ip+0x1af/0x2c0
[  588.998025][ T8999]  ? lockdep_hardirqs_on+0x7b/0x110
[  588.998052][ T8999]  sctp_getsockopt+0xa7b/0xb90
[  588.998082][ T8999]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  588.998107][ T8999]  do_sock_getsockopt+0x2b4/0x3d0
[  588.998136][ T8999]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  588.998164][ T8999]  ? __fget_files+0x3a6/0x420
[  588.998188][ T8999]  ? __fget_files+0x2a/0x420
[  588.998218][ T8999]  __x64_sys_getsockopt+0x1ab/0x250
[  588.998255][ T8999]  do_syscall_64+0xec/0xf80
[  588.998276][ T8999]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  588.998297][ T8999]  ? trace_irq_disable+0x37/0x100
[  588.998319][ T8999]  ? clear_bhb_loop+0x60/0xb0
[  588.998346][ T8999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  588.998368][ T8999] RIP: 0033:0x7f126ba6f749
[  588.998386][ T8999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  588.998404][ T8999] RSP: 002b:00007f1269cad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  588.998427][ T8999] RAX: ffffffffffffffda RBX: 00007f126bcc6090 RCX: 00007f126ba6f749
[  588.998441][ T8999] RDX: 000000000000007b RSI: 0000000000000084 RDI: 0000000000000003
[  588.998455][ T8999] RBP: 00007f1269cad090 R08: 00002000000000c0 R09: 0000000000000000
[  588.998469][ T8999] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  588.998482][ T8999] R13: 00007f126bcc6128 R14: 00007f126bcc6090 R15: 00007ffd9c204358
[  588.998517][ T8999]  </TASK>
[  589.407636][ T8787] batman_adv: batadv0: Adding interface: batadv_slave_0
[  589.407657][ T8787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  589.408034][ T8787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  589.533065][ T8787] batman_adv: batadv0: Adding interface: batadv_slave_1
[  589.533080][ T8787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  589.533103][ T8787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  589.586534][ T8676] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  589.644171][ T8895] team0: Port device team_slave_0 added
[  589.674381][ T8676] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  589.709018][ T8895] team0: Port device team_slave_1 added
[  589.710923][ T8676] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  590.150515][ T8676] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  590.720925][ T8895] batman_adv: batadv0: Adding interface: batadv_slave_0
[  590.720944][ T8895] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  590.720972][ T8895] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  590.796111][ T8787] hsr_slave_0: entered promiscuous mode
[  590.797505][ T8787] hsr_slave_1: entered promiscuous mode
[  590.798439][ T8787] debugfs: 'hsr0' already exists in 'hsr'
[  590.798471][ T8787] Cannot create hsr debugfs directory
[  590.830687][ T8895] batman_adv: batadv0: Adding interface: batadv_slave_1
[  590.830715][ T8895] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  590.830744][ T8895] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  591.106019][   T45] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  591.574575][   T45] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  591.796162][ T8895] hsr_slave_0: entered promiscuous mode
[  591.797325][ T8895] hsr_slave_1: entered promiscuous mode
[  591.798112][ T8895] debugfs: 'hsr0' already exists in 'hsr'
[  591.798131][ T8895] Cannot create hsr debugfs directory
[  592.400910][   T45] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  593.958018][   T45] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  595.239839][ T5117] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  595.245796][ T5117] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  595.264023][ T5117] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  595.288471][ T5117] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  595.297728][ T5117] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  596.262185][ T9046] trusted_key: encrypted_key: insufficient parameters specified
[  597.389434][ T8678] Bluetooth: hci0: command tx timeout
[  597.898202][   T45] team0: left allmulticast mode
[  597.898224][   T45] team_slave_0: left allmulticast mode
[  597.898243][   T45] team_slave_1: left allmulticast mode
[  597.898493][   T45] bridge0: port 3(team0) entered disabled state
[  598.029526][   T45] bridge_slave_1: left allmulticast mode
[  598.029551][   T45] bridge_slave_1: left promiscuous mode
[  598.029758][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  598.103121][   T45] bridge_slave_0: left allmulticast mode
[  598.103161][   T45] bridge_slave_0: left promiscuous mode
[  598.103433][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  598.221291][   T45] bridge_slave_1: left allmulticast mode
[  598.221323][   T45] bridge_slave_1: left promiscuous mode
[  598.221593][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  598.386325][   T45] bridge_slave_0: left allmulticast mode
[  598.386357][   T45] bridge_slave_0: left promiscuous mode
[  598.386606][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  600.872269][ T8678] Bluetooth: hci0: command tx timeout
[  604.297927][ T8678] Bluetooth: hci0: command tx timeout
[  604.530427][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  604.619813][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  604.642089][   T45] bond0 (unregistering): Released all slaves
[  605.459268][ T6042] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  605.643243][ T6042] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  605.643273][ T6042] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.668596][ T6042] usb 5-1: config 0 descriptor??
[  605.905981][ T6042] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  606.220057][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  606.260003][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  606.282810][   T45] bond0 (unregistering): Released all slaves
[  606.425253][ T8678] Bluetooth: hci0: command tx timeout
[  606.645431][   T45] tipc: Left network mode
[  607.059300][ T6042] [drm:udl_init] *ERROR* Selecting channel failed
[  607.122303][ T6042] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2
[  607.122324][ T6042] [drm] Initialized udl on minor 2
[  607.159307][ T6042] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  607.161788][ T6042] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  607.216074][ T6042] usb 5-1: USB disconnect, device number 37
[  607.232336][ T6687] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  608.829473][ T9041] chnl_net:caif_netlink_parms(): no params data found
[  609.101179][ T5117] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  609.133427][ T5117] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  609.136925][ T5117] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  609.153626][ T5117] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  609.154684][ T5117] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  612.004777][ T8678] Bluetooth: hci4: command tx timeout
[  612.579343][ T8895] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  612.647627][ T8895] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  613.009174][   T45] hsr_slave_0: left promiscuous mode
[  613.029264][   T45] hsr_slave_1: left promiscuous mode
[  613.030317][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  613.030342][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  613.090875][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  613.090908][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  613.136167][ T9111] netlink: 8 bytes leftover after parsing attributes in process `syz.4.814'.
[  613.137869][   T37] kauditd_printk_skb: 12 callbacks suppressed
[  613.138005][   T37] audit: type=1326 audit(1766743268.274:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9106 comm="syz.4.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590913f749 code=0x7ffc0000
[  613.138072][   T37] audit: type=1326 audit(1766743268.274:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9106 comm="syz.4.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590913f749 code=0x7ffc0000
[  613.138221][   T37] audit: type=1326 audit(1766743268.274:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9106 comm="syz.4.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=451 compat=0 ip=0x7f590913f749 code=0x7ffc0000
[  613.138396][   T37] audit: type=1326 audit(1766743268.274:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9106 comm="syz.4.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590913f749 code=0x7ffc0000
[  613.138556][   T37] audit: type=1326 audit(1766743268.274:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9106 comm="syz.4.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590913f749 code=0x7ffc0000
[  613.380295][   T45] hsr_slave_0: left promiscuous mode
[  613.399826][   T45] hsr_slave_1: left promiscuous mode
[  613.401011][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  613.401038][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  613.460337][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  613.460361][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  613.594297][   T45] batadv_slave_1: left promiscuous mode
[  613.594455][   T45] veth1_macvtap: left promiscuous mode
[  613.594516][   T45] veth0_macvtap: left promiscuous mode
[  613.595920][   T45] veth1_vlan: left promiscuous mode
[  613.729668][   T45] veth1_macvtap: left promiscuous mode
[  613.729749][   T45] veth0_macvtap: left promiscuous mode
[  613.729916][   T45] veth1_vlan: left promiscuous mode
[  613.730034][   T45] veth0_vlan: left promiscuous mode
[  613.931764][ T9109] slcan: can't register candev
[  614.124441][ T8678] Bluetooth: hci4: command tx timeout
[  616.189243][ T8678] Bluetooth: hci4: command tx timeout
[  616.782785][   T45] team_slave_1 (unregistering): left promiscuous mode
[  616.799948][   T45] team0 (unregistering): Port device team_slave_1 removed
[  617.073279][   T45] team_slave_0 (unregistering): left promiscuous mode
[  617.113807][   T45] team0 (unregistering): Port device team_slave_0 removed
[  618.290243][ T8678] Bluetooth: hci4: command tx timeout
[  623.489820][   T45] team0 (unregistering): Port device team_slave_1 removed
[  623.710962][   T45] team0 (unregistering): Port device team_slave_0 removed
[  626.030356][ T8895] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  626.146911][ T9122] dummy0: entered promiscuous mode
[  626.147791][ T9122] dummy0: left promiscuous mode
[  626.201780][ T8895] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  626.259567][ T9041] bridge0: port 1(bridge_slave_0) entered blocking state
[  626.259806][ T9041] bridge0: port 1(bridge_slave_0) entered disabled state
[  626.260004][ T9041] bridge_slave_0: entered allmulticast mode
[  626.262690][ T9041] bridge_slave_0: entered promiscuous mode
[  626.341832][ T9041] bridge0: port 2(bridge_slave_1) entered blocking state
[  626.341974][ T9041] bridge0: port 2(bridge_slave_1) entered disabled state
[  626.342211][ T9041] bridge_slave_1: entered allmulticast mode
[  626.345169][ T9041] bridge_slave_1: entered promiscuous mode
[  626.557323][ T9179] FAULT_INJECTION: forcing a failure.
[  626.557323][ T9179] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  626.557364][ T9179] CPU: 0 UID: 0 PID: 9179 Comm: syz.4.831 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  626.557394][ T9179] Tainted: [L]=SOFTLOCKUP
[  626.557402][ T9179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  626.557415][ T9179] Call Trace:
[  626.557423][ T9179]  <TASK>
[  626.557432][ T9179]  dump_stack_lvl+0xe8/0x150
[  626.557467][ T9179]  should_fail_ex+0x46c/0x600
[  626.557501][ T9179]  _copy_from_user+0x2d/0xb0
[  626.557524][ T9179]  ____sys_sendmsg+0x2fa/0x810
[  626.557559][ T9179]  ? __pfx_____sys_sendmsg+0x10/0x10
[  626.557595][ T9179]  ? import_iovec+0x74/0xa0
[  626.557620][ T9179]  ___sys_sendmsg+0x21f/0x2a0
[  626.557650][ T9179]  ? __pfx____sys_sendmsg+0x10/0x10
[  626.557715][ T9179]  ? __fget_files+0x2a/0x420
[  626.557737][ T9179]  ? __fget_files+0x3a6/0x420
[  626.557771][ T9179]  __x64_sys_sendmsg+0x1a1/0x260
[  626.557803][ T9179]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  626.557842][ T9179]  ? __pfx_ksys_write+0x10/0x10
[  626.557884][ T9179]  do_syscall_64+0xec/0xf80
[  626.557906][ T9179]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.557927][ T9179]  ? trace_irq_disable+0x37/0x100
[  626.557951][ T9179]  ? clear_bhb_loop+0x60/0xb0
[  626.557977][ T9179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.558004][ T9179] RIP: 0033:0x7f590913f749
[  626.558023][ T9179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  626.558041][ T9179] RSP: 002b:00007f59073a6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  626.558063][ T9179] RAX: ffffffffffffffda RBX: 00007f5909395fa0 RCX: 00007f590913f749
[  626.558078][ T9179] RDX: 0000000020008054 RSI: 00002000000000c0 RDI: 0000000000000003
[  626.558092][ T9179] RBP: 00007f59073a6090 R08: 0000000000000000 R09: 0000000000000000
[  626.558105][ T9179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  626.558117][ T9179] R13: 00007f5909396038 R14: 00007f5909395fa0 R15: 00007fff1ae6e458
[  626.558150][ T9179]  </TASK>
[  626.830699][ T9185] FAULT_INJECTION: forcing a failure.
[  626.830699][ T9185] name failslab, interval 1, probability 0, space 0, times 0
[  626.830728][ T9185] CPU: 1 UID: 0 PID: 9185 Comm: syz.4.834 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  626.830750][ T9185] Tainted: [L]=SOFTLOCKUP
[  626.830756][ T9185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  626.830766][ T9185] Call Trace:
[  626.830772][ T9185]  <TASK>
[  626.830778][ T9185]  dump_stack_lvl+0xe8/0x150
[  626.830805][ T9185]  should_fail_ex+0x46c/0x600
[  626.830841][ T9185]  should_failslab+0xa8/0x100
[  626.830857][ T9185]  __kmalloc_noprof+0xe0/0x7e0
[  626.830881][ T9185]  ? io_cache_alloc_new+0x40/0x100
[  626.830900][ T9185]  io_cache_alloc_new+0x40/0x100
[  626.830916][ T9185]  io_msg_alloc_async+0x1b2/0x2d0
[  626.830944][ T9185]  io_connect_prep+0x1b1/0x300
[  626.830969][ T9185]  io_submit_sqes+0xad3/0x2140
[  626.831010][ T9185]  __se_sys_io_uring_enter+0x2df/0x2b00
[  626.831036][ T9185]  ? do_raw_spin_lock+0x121/0x290
[  626.831064][ T9185]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  626.831083][ T9185]  ? lockdep_hardirqs_on+0x7b/0x110
[  626.831098][ T9185]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  626.831114][ T9185]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  626.831135][ T9185]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  626.831162][ T9185]  ? fput+0xa0/0xd0
[  626.831180][ T9185]  ? ksys_write+0x230/0x260
[  626.831203][ T9185]  ? __pfx_ksys_write+0x10/0x10
[  626.831223][ T9185]  ? fput+0xa0/0xd0
[  626.831242][ T9185]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  626.831263][ T9185]  do_syscall_64+0xec/0xf80
[  626.831277][ T9185]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.831292][ T9185]  ? trace_irq_disable+0x37/0x100
[  626.831309][ T9185]  ? clear_bhb_loop+0x60/0xb0
[  626.831327][ T9185]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.831342][ T9185] RIP: 0033:0x7f590913f749
[  626.831355][ T9185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  626.831369][ T9185] RSP: 002b:00007f59073a6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  626.831385][ T9185] RAX: ffffffffffffffda RBX: 00007f5909395fa0 RCX: 00007f590913f749
[  626.831396][ T9185] RDX: 0000000000000000 RSI: 00000000000047bc RDI: 0000000000000006
[  626.831406][ T9185] RBP: 00007f59073a6090 R08: 0000000000000000 R09: 0000000000000000
[  626.831415][ T9185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  626.831424][ T9185] R13: 00007f5909396038 R14: 00007f5909395fa0 R15: 00007fff1ae6e458
[  626.831447][ T9185]  </TASK>
[  627.210890][ T9041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  627.256361][ T9041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  627.835074][ T9041] team0: Port device team_slave_0 added
[  627.862072][ T9041] team0: Port device team_slave_1 added
[  628.110338][ T9041] batman_adv: batadv0: Adding interface: batadv_slave_0
[  628.110351][ T9041] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  628.110369][ T9041] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  628.117523][ T9041] batman_adv: batadv0: Adding interface: batadv_slave_1
[  628.117539][ T9041] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  628.117564][ T9041] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  628.896848][ T9041] hsr_slave_0: entered promiscuous mode
[  628.897852][ T9041] hsr_slave_1: entered promiscuous mode
[  628.898532][ T9041] debugfs: 'hsr0' already exists in 'hsr'
[  628.898554][ T9041] Cannot create hsr debugfs directory
[  629.129211][ T5885] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  629.341713][ T5885] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  629.341734][ T5885] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  629.343478][ T5885] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  629.343498][ T5885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  629.343514][ T5885] usb 5-1: SerialNumber: syz
[  629.475655][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  629.475739][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  629.601491][ T9198] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  629.602650][ T9198] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  629.639355][ T5885] usb 5-1: 0:2 : does not exist
[  629.644024][ T9095] chnl_net:caif_netlink_parms(): no params data found
[  629.724552][ T5885] usb 5-1: USB disconnect, device number 38
[  632.410017][ T9095] bridge0: port 1(bridge_slave_0) entered blocking state
[  632.415592][ T9095] bridge0: port 1(bridge_slave_0) entered disabled state
[  632.415860][ T9095] bridge_slave_0: entered allmulticast mode
[  632.418705][ T9095] bridge_slave_0: entered promiscuous mode
[  632.473672][ T9095] bridge0: port 2(bridge_slave_1) entered blocking state
[  632.473814][ T9095] bridge0: port 2(bridge_slave_1) entered disabled state
[  632.474083][ T9095] bridge_slave_1: entered allmulticast mode
[  632.478402][ T9095] bridge_slave_1: entered promiscuous mode
[  633.367152][ T9216] binfmt_misc: register: failed to install interpreter file ./file0/../file0
[  633.465191][ T9095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  633.484289][ T9095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  633.589775][ T9218] FAULT_INJECTION: forcing a failure.
[  633.589775][ T9218] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  633.589803][ T9218] CPU: 1 UID: 0 PID: 9218 Comm: syz.4.843 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  633.589824][ T9218] Tainted: [L]=SOFTLOCKUP
[  633.589830][ T9218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  633.589839][ T9218] Call Trace:
[  633.589845][ T9218]  <TASK>
[  633.589851][ T9218]  dump_stack_lvl+0xe8/0x150
[  633.589889][ T9218]  should_fail_ex+0x46c/0x600
[  633.589913][ T9218]  _copy_from_user+0x2d/0xb0
[  633.589928][ T9218]  __copy_msghdr+0x3c5/0x5b0
[  633.589951][ T9218]  ___sys_sendmsg+0x1a5/0x2a0
[  633.589971][ T9218]  ? __pfx____sys_sendmsg+0x10/0x10
[  633.589995][ T9218]  ? kstrtouint+0x6e/0xe0
[  633.590032][ T9218]  ? __fget_files+0x2a/0x420
[  633.590047][ T9218]  ? __fget_files+0x3a6/0x420
[  633.590069][ T9218]  __sys_sendmmsg+0x22d/0x430
[  633.590092][ T9218]  ? __pfx___sys_sendmmsg+0x10/0x10
[  633.590118][ T9218]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  633.590149][ T9218]  ? ksys_write+0x230/0x260
[  633.590179][ T9218]  ? __pfx_ksys_write+0x10/0x10
[  633.590206][ T9218]  __x64_sys_sendmmsg+0xa0/0xc0
[  633.590227][ T9218]  do_syscall_64+0xec/0xf80
[  633.590242][ T9218]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.590257][ T9218]  ? trace_irq_disable+0x37/0x100
[  633.590273][ T9218]  ? clear_bhb_loop+0x60/0xb0
[  633.590292][ T9218]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.590306][ T9218] RIP: 0033:0x7f590913f749
[  633.590320][ T9218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  633.590333][ T9218] RSP: 002b:00007f59073a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  633.590349][ T9218] RAX: ffffffffffffffda RBX: 00007f5909395fa0 RCX: 00007f590913f749
[  633.590360][ T9218] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000003
[  633.590370][ T9218] RBP: 00007f59073a6090 R08: 0000000000000000 R09: 0000000000000000
[  633.590379][ T9218] R10: 0000000034000091 R11: 0000000000000246 R12: 0000000000000001
[  633.590388][ T9218] R13: 00007f5909396038 R14: 00007f5909395fa0 R15: 00007fff1ae6e458
[  633.590411][ T9218]  </TASK>
[  634.351462][ T9095] team0: Port device team_slave_0 added
[  634.365446][ T8895] 8021q: adding VLAN 0 to HW filter on device bond0
[  634.388614][ T9095] team0: Port device team_slave_1 added
[  634.499712][ T6042] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  634.649216][ T6042] usb 5-1: Using ep0 maxpacket: 16
[  634.655278][ T6042] usb 5-1: config 252 has an invalid interface number: 15 but max is 0
[  634.655311][ T6042] usb 5-1: config 252 has no interface number 0
[  634.655371][ T6042] usb 5-1: config 252 interface 15 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[  634.695967][ T6042] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=2b.29
[  634.696001][ T6042] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.696015][ T6042] usb 5-1: Product: syz
[  634.696026][ T6042] usb 5-1: Manufacturer: syz
[  634.696036][ T6042] usb 5-1: SerialNumber: syz
[  634.774572][ T6042] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  635.052501][ T9095] batman_adv: batadv0: Adding interface: batadv_slave_0
[  635.052521][ T9095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  635.052552][ T9095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  635.081311][ T9095] batman_adv: batadv0: Adding interface: batadv_slave_1
[  635.081357][ T9095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  635.081431][ T9095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  635.354929][   T37] audit: type=1326 audit(1766743290.494:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9228 comm="syz.3.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  635.355913][   T37] audit: type=1326 audit(1766743290.494:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9228 comm="syz.3.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  635.415826][   T37] audit: type=1326 audit(1766743290.554:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9228 comm="syz.3.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  635.417264][   T37] audit: type=1326 audit(1766743290.554:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9228 comm="syz.3.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  635.417971][   T37] audit: type=1326 audit(1766743290.554:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9228 comm="syz.3.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  635.418928][   T37] audit: type=1326 audit(1766743290.554:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9228 comm="syz.3.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=91 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  635.490448][   T37] audit: type=1326 audit(1766743290.624:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9228 comm="syz.3.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  635.490505][   T37] audit: type=1326 audit(1766743290.624:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9228 comm="syz.3.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f126ba6f749 code=0x7ffc0000
[  635.506261][   T37] audit: type=1326 audit(1766743290.634:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9228 comm="syz.3.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f126ba71667 code=0x7ffc0000
[  635.519693][   T37] audit: type=1326 audit(1766743290.634:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9228 comm="syz.3.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f126ba715dc code=0x7ffc0000
[  635.599590][ T6758] usb 5-1: Failed to submit usb control message: -71
[  635.599629][ T6758] usb 5-1: unable to send the bmi data to the device: -71
[  635.599648][ T6758] usb 5-1: unable to get target info from device
[  635.599677][ T6758] usb 5-1: could not get target info (-71)
[  635.600098][ T6758] usb 5-1: could not probe fw (-71)
[  635.601418][   T50] usb 5-1: USB disconnect, device number 39
[  635.926990][ T9095] hsr_slave_0: entered promiscuous mode
[  635.928541][ T9095] hsr_slave_1: entered promiscuous mode
[  635.942296][ T9095] debugfs: 'hsr0' already exists in 'hsr'
[  635.942325][ T9095] Cannot create hsr debugfs directory
[  636.022406][ T5117] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  636.025312][ T5117] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  636.048881][ T5117] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  636.056916][ T5117] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  636.057658][ T5117] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  636.179418][   T50] usb 5-1: new full-speed USB device number 40 using dummy_hcd
[  636.309249][   T50] usb 5-1: device descriptor read/64, error -71
[  636.559192][   T50] usb 5-1: new full-speed USB device number 41 using dummy_hcd
[  636.699281][   T50] usb 5-1: device descriptor read/64, error -71
[  636.813847][   T50] usb usb5-port1: attempt power cycle
[  636.936095][   T45] bridge_slave_1: left allmulticast mode
[  636.936125][   T45] bridge_slave_1: left promiscuous mode
[  636.936327][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  636.969211][ T5886] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  636.988360][   T45] bridge_slave_0: left allmulticast mode
[  636.988382][   T45] bridge_slave_0: left promiscuous mode
[  636.988610][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  637.052732][   T45] bridge_slave_1: left allmulticast mode
[  637.052756][   T45] bridge_slave_1: left promiscuous mode
[  637.052930][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  637.110373][   T45] bridge_slave_0: left allmulticast mode
[  637.110394][   T45] bridge_slave_0: left promiscuous mode
[  637.110573][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  637.138877][ T5886] usb 4-1: config 16 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0
[  637.138907][ T5886] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  637.138928][ T5886] usb 4-1: config 16 has no interfaces?
[  637.138977][ T5886] usb 4-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  637.138994][ T5886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.159213][   T50] usb 5-1: new full-speed USB device number 42 using dummy_hcd
[  637.181902][   T50] usb 5-1: device descriptor read/8, error -71
[  637.419199][   T50] usb 5-1: new full-speed USB device number 43 using dummy_hcd
[  637.441015][   T50] usb 5-1: device descriptor read/8, error -71
[  637.481906][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  637.549735][   T50] usb usb5-port1: unable to enumerate USB device
[  637.566438][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  637.624777][   T45] bond0 (unregistering): Released all slaves
[  637.930119][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  637.999798][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  638.071408][   T45] bond0 (unregistering): Released all slaves
[  638.109284][ T5117] Bluetooth: hci5: command tx timeout
[  638.618866][ T5886] usb 4-1: USB disconnect, device number 33
[  638.699230][   T45] hsr_slave_0: left promiscuous mode
[  638.739318][   T45] hsr_slave_1: left promiscuous mode
[  638.740092][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  638.780254][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  638.959313][   T45] hsr_slave_0: left promiscuous mode
[  638.999323][   T45] hsr_slave_1: left promiscuous mode
[  639.000294][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  639.043453][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  639.700167][   T45] team0 (unregistering): Port device team_slave_1 removed
[  639.840034][   T45] team0 (unregistering): Port device team_slave_0 removed
[  640.189247][ T5117] Bluetooth: hci5: command tx timeout
[  641.179869][   T45] team0 (unregistering): Port device team_slave_1 removed
[  641.331078][   T45] team0 (unregistering): Port device team_slave_0 removed
[  642.289432][ T5117] Bluetooth: hci5: command tx timeout
[  642.372107][ T9263] tmpfs: Unknown parameter 'usrquota00000000000'
[  642.755576][ T9233] chnl_net:caif_netlink_parms(): no params data found
[  644.349176][ T5117] Bluetooth: hci5: command tx timeout
[  644.971206][ T9233] bridge0: port 1(bridge_slave_0) entered blocking state
[  644.971470][ T9233] bridge0: port 1(bridge_slave_0) entered disabled state
[  644.971695][ T9233] bridge_slave_0: entered allmulticast mode
[  644.974055][ T9233] bridge_slave_0: entered promiscuous mode
[  645.242628][ T9041] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  646.342255][ T6012] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  647.415000][ T6012] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  647.415036][ T6012] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  647.415132][ T6012] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  647.415204][ T6012] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  647.516772][ T6012] usb 4-1: config 0 descriptor??
[  647.653986][ T9233] bridge0: port 2(bridge_slave_1) entered blocking state
[  647.654200][ T9233] bridge0: port 2(bridge_slave_1) entered disabled state
[  647.654542][ T9233] bridge_slave_1: entered allmulticast mode
[  647.691290][ T9233] bridge_slave_1: entered promiscuous mode
[  647.800738][ T9041] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  647.800971][ T6012] usbhid 4-1:0.0: can't add hid device: -71
[  647.803777][ T6012] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  647.859677][ T6012] usb 4-1: USB disconnect, device number 34
[  648.040525][ T9041] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  650.219406][ T9289] Illegal XDP return value 4294967294 on prog  (id 221) dev N/A, expect packet loss!
[  650.262084][ T9041] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  650.367863][ T9233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  650.401243][ T9233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  650.434298][ T9294] FAULT_INJECTION: forcing a failure.
[  650.434298][ T9294] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  650.434337][ T9294] CPU: 1 UID: 0 PID: 9294 Comm: syz.4.861 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  650.434363][ T9294] Tainted: [L]=SOFTLOCKUP
[  650.434370][ T9294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  650.434382][ T9294] Call Trace:
[  650.434391][ T9294]  <TASK>
[  650.434399][ T9294]  dump_stack_lvl+0xe8/0x150
[  650.434430][ T9294]  should_fail_ex+0x46c/0x600
[  650.434463][ T9294]  _copy_from_user+0x2d/0xb0
[  650.434484][ T9294]  copy_from_bpfptr+0x5c/0x90
[  650.434509][ T9294]  bpf_prog_load+0xa83/0x1a10
[  650.434544][ T9294]  ? __pfx_bpf_prog_load+0x10/0x10
[  650.434568][ T9294]  ? __might_fault+0xb0/0x130
[  650.434618][ T9294]  ? bpf_lsm_bpf+0x9/0x20
[  650.434635][ T9294]  ? security_bpf+0x7e/0x300
[  650.434668][ T9294]  __sys_bpf+0x507/0x860
[  650.434693][ T9294]  ? __pfx___sys_bpf+0x10/0x10
[  650.434713][ T9294]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  650.434757][ T9294]  ? ksys_write+0x230/0x260
[  650.434787][ T9294]  ? __pfx_ksys_write+0x10/0x10
[  650.434823][ T9294]  __x64_sys_bpf+0x7c/0x90
[  650.434844][ T9294]  do_syscall_64+0xec/0xf80
[  650.434864][ T9294]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.434884][ T9294]  ? trace_irq_disable+0x37/0x100
[  650.434905][ T9294]  ? clear_bhb_loop+0x60/0xb0
[  650.434930][ T9294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.434955][ T9294] RIP: 0033:0x7f590913f749
[  650.434973][ T9294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  650.434991][ T9294] RSP: 002b:00007f59073a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  650.435012][ T9294] RAX: ffffffffffffffda RBX: 00007f5909395fa0 RCX: 00007f590913f749
[  650.435026][ T9294] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005
[  650.435039][ T9294] RBP: 00007f59073a6090 R08: 0000000000000000 R09: 0000000000000000
[  650.435052][ T9294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  650.435063][ T9294] R13: 00007f5909396038 R14: 00007f5909395fa0 R15: 00007fff1ae6e458
[  650.435094][ T9294]  </TASK>
[  652.386647][ T9233] team0: Port device team_slave_0 added
[  652.430941][ T9233] team0: Port device team_slave_1 added
[  652.579225][ T9095] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  652.819297][ T9095] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  652.853538][ T9233] batman_adv: batadv0: Adding interface: batadv_slave_0
[  652.853557][ T9233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  652.853584][ T9233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  652.888838][ T9095] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  652.950597][ T9233] batman_adv: batadv0: Adding interface: batadv_slave_1
[  652.950616][ T9233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  652.950645][ T9233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  652.969429][ T6042] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  653.140194][ T6042] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  653.140221][ T6042] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  653.142721][ T6042] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  653.142749][ T6042] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  653.142769][ T6042] usb 4-1: SerialNumber: syz
[  653.298934][ T9095] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  653.509294][ T6012] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  653.605559][ T6042] usb 4-1: 0:2 : does not exist
[  653.605618][ T6042] usb 4-1: unit 5: unexpected type 0x09
[  653.647535][ T6042] usb 4-1: USB disconnect, device number 35
[  653.679181][ T6012] usb 5-1: Using ep0 maxpacket: 8
[  653.681616][ T6012] usb 5-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  653.681657][ T6012] usb 5-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  653.681674][ T6012] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  653.889599][ T6012] usb 5-1: string descriptor 0 read error: -71
[  653.917371][ T6012] usb 5-1: USB disconnect, device number 44
[  654.005819][ T9233] hsr_slave_0: entered promiscuous mode
[  654.006742][ T9233] hsr_slave_1: entered promiscuous mode
[  654.007350][ T9233] debugfs: 'hsr0' already exists in 'hsr'
[  654.007368][ T9233] Cannot create hsr debugfs directory
[  655.193484][   T45] bridge_slave_1: left allmulticast mode
[  655.193515][   T45] bridge_slave_1: left promiscuous mode
[  655.193770][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  655.301559][   T45] bridge_slave_0: left allmulticast mode
[  655.301589][   T45] bridge_slave_0: left promiscuous mode
[  655.301933][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  655.354951][ T8678] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  655.376739][ T8678] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  655.383095][ T8678] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  655.396221][ T8678] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  655.396949][ T8678] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  658.803173][ T8678] Bluetooth: hci0: command tx timeout
[  660.829998][ T8678] Bluetooth: hci0: command tx timeout
[  662.979453][ T5117] Bluetooth: hci0: command tx timeout
[  664.629967][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  664.709940][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  664.791393][   T45] bond0 (unregistering): Released all slaves
[  664.837327][ T9384] netlink: 16 bytes leftover after parsing attributes in process `syz.4.880'.
[  664.855985][ T9389] bridge0: port 1(bridge_slave_0) entered disabled state
[  664.992434][ T5117] Bluetooth: hci0: command tx timeout
[  667.510650][   T45] hsr_slave_0: left promiscuous mode
[  667.536051][   T45] hsr_slave_1: left promiscuous mode
[  667.537541][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  667.553075][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  667.556892][ T9404] netlink: 36 bytes leftover after parsing attributes in process `syz.4.886'.
[  671.320502][ T9420] trusted_key: encrypted_key: insufficient parameters specified
[  671.349331][   T45] team0 (unregistering): Port device team_slave_1 removed
[  671.631958][   T45] team0 (unregistering): Port device team_slave_0 removed
[  671.926816][ T8678] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  671.933267][ T8678] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  671.944829][ T8678] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  672.052144][ T8678] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  672.058765][ T8678] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  674.126398][ T8678] Bluetooth: hci3: command tx timeout
[  675.846245][   T50] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  675.989249][   T50] usb 4-1: Using ep0 maxpacket: 16
[  676.017024][   T50] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  676.017048][   T50] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  676.017062][   T50] usb 4-1: Product: syz
[  676.017073][   T50] usb 4-1: Manufacturer: syz
[  676.017083][   T50] usb 4-1: SerialNumber: syz
[  676.068185][   T50] r8152-cfgselector 4-1: Unknown version 0x0000
[  676.068212][   T50] r8152-cfgselector 4-1: config 0 descriptor??
[  676.189279][ T8678] Bluetooth: hci3: command tx timeout
[  676.735427][   T50] r8152-cfgselector 4-1: Unknown version 0x0000
[  676.737026][   T50] r8152-cfgselector 4-1: bad CDC descriptors
[  676.785365][   T50] r8152-cfgselector 4-1: USB disconnect, device number 36
[  677.449959][ T9459] Invalid logical block size (1792)
[  678.010000][ T9233] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  678.098098][ T9233] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  678.185241][ T9426] chnl_net:caif_netlink_parms(): no params data found
[  678.269325][ T8678] Bluetooth: hci3: command tx timeout
[  678.667452][ T9233] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  678.766767][ T9233] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  679.149713][ T9336] chnl_net:caif_netlink_parms(): no params data found
[  680.045322][ T9485] exFAT-fs (nullb0): invalid boot record signature
[  680.045338][ T9485] exFAT-fs (nullb0): failed to read boot sector
[  680.045345][ T9485] exFAT-fs (nullb0): failed to recognize exfat type
[  680.363156][ T8678] Bluetooth: hci3: command tx timeout
[  680.381547][ T9489] netlink: 45 bytes leftover after parsing attributes in process `syz.3.904'.
[  680.534277][ T9486] tipc: Enabling of bearer <eth:pimreg1> rejected, failed to enable media
[  681.155201][   T37] kauditd_printk_skb: 38 callbacks suppressed
[  681.155218][   T37] audit: type=1326 audit(1766743336.294:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9503 comm="syz.3.908" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f126ba6f749 code=0x0
[  681.220356][ T9506] netlink: 32 bytes leftover after parsing attributes in process `syz.4.909'.
[  681.222200][ T9426] bridge0: port 1(bridge_slave_0) entered blocking state
[  681.222314][ T9426] bridge0: port 1(bridge_slave_0) entered disabled state
[  681.222494][ T9426] bridge_slave_0: entered allmulticast mode
[  681.226236][ T9426] bridge_slave_0: entered promiscuous mode
[  681.254128][ T9426] bridge0: port 2(bridge_slave_1) entered blocking state
[  681.254581][ T9426] bridge0: port 2(bridge_slave_1) entered disabled state
[  681.255050][ T9426] bridge_slave_1: entered allmulticast mode
[  681.299941][ T9426] bridge_slave_1: entered promiscuous mode
[  684.067505][ T9521] FAULT_INJECTION: forcing a failure.
[  684.067505][ T9521] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  684.067542][ T9521] CPU: 0 UID: 0 PID: 9521 Comm: syz.4.912 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  684.067569][ T9521] Tainted: [L]=SOFTLOCKUP
[  684.067576][ T9521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  684.067588][ T9521] Call Trace:
[  684.067601][ T9521]  <TASK>
[  684.067609][ T9521]  dump_stack_lvl+0xe8/0x150
[  684.067641][ T9521]  should_fail_ex+0x46c/0x600
[  684.067673][ T9521]  _copy_from_user+0x2d/0xb0
[  684.067694][ T9521]  ___sys_sendmsg+0x158/0x2a0
[  684.067723][ T9521]  ? __pfx____sys_sendmsg+0x10/0x10
[  684.067782][ T9521]  ? __fget_files+0x2a/0x420
[  684.067804][ T9521]  ? __fget_files+0x3a6/0x420
[  684.067835][ T9521]  __x64_sys_sendmsg+0x1a1/0x260
[  684.067864][ T9521]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  684.067901][ T9521]  ? __pfx_ksys_write+0x10/0x10
[  684.067942][ T9521]  do_syscall_64+0xec/0xf80
[  684.067962][ T9521]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.067982][ T9521]  ? trace_irq_disable+0x37/0x100
[  684.068004][ T9521]  ? clear_bhb_loop+0x60/0xb0
[  684.068029][ T9521]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.068049][ T9521] RIP: 0033:0x7f590913f749
[  684.068066][ T9521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  684.068084][ T9521] RSP: 002b:00007f59073a6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  684.068105][ T9521] RAX: ffffffffffffffda RBX: 00007f5909395fa0 RCX: 00007f590913f749
[  684.068119][ T9521] RDX: 0000000000000814 RSI: 00002000000003c0 RDI: 0000000000000004
[  684.068132][ T9521] RBP: 00007f59073a6090 R08: 0000000000000000 R09: 0000000000000000
[  684.068144][ T9521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  684.068155][ T9521] R13: 00007f5909396038 R14: 00007f5909395fa0 R15: 00007fff1ae6e458
[  684.068186][ T9521]  </TASK>
[  684.273859][ T9336] bridge0: port 1(bridge_slave_0) entered blocking state
[  684.276673][ T9336] bridge0: port 1(bridge_slave_0) entered disabled state
[  684.276907][ T9336] bridge_slave_0: entered allmulticast mode
[  684.309920][ T9336] bridge_slave_0: entered promiscuous mode
[  684.328337][ T9426] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  684.359344][ T9336] bridge0: port 2(bridge_slave_1) entered blocking state
[  684.359494][ T9336] bridge0: port 2(bridge_slave_1) entered disabled state
[  684.359702][ T9336] bridge_slave_1: entered allmulticast mode
[  684.361547][ T9336] bridge_slave_1: entered promiscuous mode
[  684.365304][ T9426] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  684.464271][ T9523] netlink: 20 bytes leftover after parsing attributes in process `syz.4.914'.
[  684.762523][ T9527] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  684.762553][ T9527] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  684.768041][ T9527] vhci_hcd vhci_hcd.0: Device attached
[  684.833626][ T9528] vhci_hcd: connection closed
[  684.841875][ T3530] vhci_hcd vhci_hcd.4: stop threads
[  684.842927][ T3530] vhci_hcd vhci_hcd.4: release socket
[  684.843054][ T3530] vhci_hcd vhci_hcd.4: disconnect device
[  684.912738][ T9426] team0: Port device team_slave_0 added
[  684.939895][ T9336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  684.957656][ T9426] team0: Port device team_slave_1 added
[  684.967757][ T9336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  685.448566][ T9336] team0: Port device team_slave_0 added
[  685.639371][ T9426] batman_adv: batadv0: Adding interface: batadv_slave_0
[  685.639391][ T9426] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  685.639420][ T9426] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  685.644350][ T9336] team0: Port device team_slave_1 added
[  685.692390][ T9426] batman_adv: batadv0: Adding interface: batadv_slave_1
[  685.692429][ T9426] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  685.692492][ T9426] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  685.808811][ T9535] netlink: 'syz.4.918': attribute type 10 has an invalid length.
[  686.020473][ T9535] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  686.241459][ T9336] batman_adv: batadv0: Adding interface: batadv_slave_0
[  686.241478][ T9336] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  686.241509][ T9336] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  687.699326][   T50] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  687.793765][ T9552] FAULT_INJECTION: forcing a failure.
[  687.793765][ T9552] name failslab, interval 1, probability 0, space 0, times 0
[  687.793794][ T9552] CPU: 1 UID: 0 PID: 9552 Comm: syz.4.922 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  687.793814][ T9552] Tainted: [L]=SOFTLOCKUP
[  687.793819][ T9552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  687.793828][ T9552] Call Trace:
[  687.793834][ T9552]  <TASK>
[  687.793840][ T9552]  dump_stack_lvl+0xe8/0x150
[  687.793865][ T9552]  should_fail_ex+0x46c/0x600
[  687.793888][ T9552]  ? getname_flags+0xb8/0x540
[  687.793903][ T9552]  should_failslab+0xa8/0x100
[  687.793918][ T9552]  ? getname_flags+0xb8/0x540
[  687.793932][ T9552]  kmem_cache_alloc_noprof+0x84/0x6c0
[  687.793959][ T9552]  getname_flags+0xb8/0x540
[  687.793977][ T9552]  path_setxattrat+0x2ac/0x3a0
[  687.794004][ T9552]  ? __pfx_path_setxattrat+0x10/0x10
[  687.794052][ T9552]  ? ksys_write+0x230/0x260
[  687.794076][ T9552]  ? __pfx_ksys_write+0x10/0x10
[  687.794101][ T9552]  __x64_sys_setxattr+0xbc/0xe0
[  687.794121][ T9552]  do_syscall_64+0xec/0xf80
[  687.794136][ T9552]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.794150][ T9552]  ? trace_irq_disable+0x37/0x100
[  687.794166][ T9552]  ? clear_bhb_loop+0x60/0xb0
[  687.794184][ T9552]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.794199][ T9552] RIP: 0033:0x7f590913f749
[  687.794213][ T9552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  687.794226][ T9552] RSP: 002b:00007f59073a6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  687.794242][ T9552] RAX: ffffffffffffffda RBX: 00007f5909395fa0 RCX: 00007f590913f749
[  687.794253][ T9552] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 00002000000001c0
[  687.794263][ T9552] RBP: 00007f59073a6090 R08: 0000000000000002 R09: 0000000000000000
[  687.794272][ T9552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  687.794281][ T9552] R13: 00007f5909396038 R14: 00007f5909395fa0 R15: 00007fff1ae6e458
[  687.794305][ T9552]  </TASK>
[  687.869196][   T50] usb 4-1: Using ep0 maxpacket: 16
[  687.931616][   T50] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  687.989877][   T50] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  687.989969][   T50] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  687.990042][   T50] usb 4-1: SerialNumber: syz
[  688.382364][ T9336] batman_adv: batadv0: Adding interface: batadv_slave_1
[  688.382378][ T9336] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  688.382398][ T9336] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  688.462465][   T50] usb 4-1: USB disconnect, device number 37
[  688.745362][ T9426] hsr_slave_0: entered promiscuous mode
[  688.746658][ T9426] hsr_slave_1: entered promiscuous mode
[  688.747691][ T9426] debugfs: 'hsr0' already exists in 'hsr'
[  688.747711][ T9426] Cannot create hsr debugfs directory
[  688.816365][   T37] audit: type=1326 audit(1766743343.954:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9553 comm="syz.4.923" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f590913f749 code=0x0
[  689.279698][ T9336] hsr_slave_0: entered promiscuous mode
[  689.282203][ T9336] hsr_slave_1: entered promiscuous mode
[  689.286633][ T9336] debugfs: 'hsr0' already exists in 'hsr'
[  689.286661][ T9336] Cannot create hsr debugfs directory
[  689.899216][   T50] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  689.909249][ T5885] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  690.044934][ T9233] 8021q: adding VLAN 0 to HW filter on device bond0
[  690.059589][   T50] usb 4-1: Using ep0 maxpacket: 32
[  690.062649][   T50] usb 4-1: config 0 interface 0 has no altsetting 0
[  690.066963][   T50] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  690.066991][   T50] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  690.067012][   T50] usb 4-1: Product: syz
[  690.067026][   T50] usb 4-1: Manufacturer: syz
[  690.067051][   T50] usb 4-1: SerialNumber: syz
[  690.069594][ T5885] usb 5-1: Using ep0 maxpacket: 32
[  690.122258][ T5885] usb 5-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=b2.bf
[  690.122289][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  690.122311][ T5885] usb 5-1: Product: syz
[  690.122326][ T5885] usb 5-1: Manufacturer: syz
[  690.122340][ T5885] usb 5-1: SerialNumber: syz
[  690.128272][   T50] usb 4-1: config 0 descriptor??
[  690.166319][ T5885] usb 5-1: config 0 descriptor??
[  690.180247][ T5885] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  690.375684][ T9567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  690.376991][ T9567] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  690.638621][ T6030] usb 5-1: USB disconnect, device number 45
[  690.639534][   T50] gs_usb 4-1:0.0: Configuring for 1 interfaces
[  690.802638][ T9233] 8021q: adding VLAN 0 to HW filter on device team0
[  690.842988][   T69] bridge0: port 1(bridge_slave_0) entered blocking state
[  690.843307][   T69] bridge0: port 1(bridge_slave_0) entered forwarding state
[  690.877386][   T45] bridge_slave_1: left allmulticast mode
[  690.877408][   T45] bridge_slave_1: left promiscuous mode
[  690.877755][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  690.914745][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  690.914902][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  691.001086][   T45] bridge_slave_0: left allmulticast mode
[  691.001110][   T45] bridge_slave_0: left promiscuous mode
[  691.001485][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  691.068413][   T50] gs_usb 4-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[  691.084482][   T45] bridge_slave_1: left allmulticast mode
[  691.084506][   T45] bridge_slave_1: left promiscuous mode
[  691.084683][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  691.108377][   T50] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -22
[  691.144442][   T45] bridge_slave_0: left allmulticast mode
[  691.144475][   T45] bridge_slave_0: left promiscuous mode
[  691.144723][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  692.890930][ T6030] usb 4-1: USB disconnect, device number 38
[  693.059206][ T5885] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  693.234649][ T5885] usb 5-1: Using ep0 maxpacket: 32
[  693.236728][ T5885] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x2 has invalid wMaxPacketSize 0
[  693.236756][ T5885] usb 5-1: config 0 interface 0 has no altsetting 0
[  693.236791][ T5885] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  693.236807][ T5885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  693.280901][ T5885] usb 5-1: config 0 descriptor??
[  695.338222][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  695.338336][ T9580] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  695.357619][ T9580] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  695.530677][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  695.649336][   T45] bond0 (unregistering): Released all slaves
[  695.833212][ T5117] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  695.837468][ T5117] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  695.838894][ T5117] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  695.877064][ T5117] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  695.878035][ T5117] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  698.139135][ T5117] Bluetooth: hci4: command tx timeout
[  698.278817][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  698.325516][ T5885] usbhid 5-1:0.0: can't add hid device: -71
[  698.342954][ T5885] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  698.347617][ T5885] usb 5-1: USB disconnect, device number 46
[  698.460141][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  698.533278][   T45] bond0 (unregistering): Released all slaves
[  700.191939][ T5117] Bluetooth: hci4: command tx timeout
[  700.236117][ T9606] FAULT_INJECTION: forcing a failure.
[  700.236117][ T9606] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  700.236342][ T9606] CPU: 0 UID: 0 PID: 9606 Comm: syz.4.939 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  700.236373][ T9606] Tainted: [L]=SOFTLOCKUP
[  700.236380][ T9606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  700.236394][ T9606] Call Trace:
[  700.236402][ T9606]  <TASK>
[  700.236411][ T9606]  dump_stack_lvl+0xe8/0x150
[  700.236447][ T9606]  should_fail_ex+0x46c/0x600
[  700.236482][ T9606]  copy_fpstate_to_sigframe+0xa60/0xcc0
[  700.236519][ T9606]  ? __lock_acquire+0x6b6/0x2cf0
[  700.236560][ T9606]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  700.236594][ T9606]  ? do_raw_spin_lock+0x121/0x290
[  700.236624][ T9606]  ? rt_spin_lock+0x1c1/0x3e0
[  700.236655][ T9606]  ? rt_spin_lock+0x1c1/0x3e0
[  700.236692][ T9606]  ? do_raw_spin_lock+0x121/0x290
[  700.236717][ T9606]  ? fpu__alloc_mathframe+0xad/0x130
[  700.236741][ T9606]  get_sigframe+0x58d/0x7d0
[  700.236782][ T9606]  ? __pfx_get_sigframe+0x10/0x10
[  700.236816][ T9606]  ? rt_mutex_slowunlock+0x493/0x8a0
[  700.236846][ T9606]  ? reacquire_held_locks+0x104/0x190
[  700.236877][ T9606]  ? rt_spin_lock+0x1c1/0x3e0
[  700.236912][ T9606]  x64_setup_rt_frame+0x15c/0xd40
[  700.236943][ T9606]  ? rt_spin_unlock+0x150/0x200
[  700.236977][ T9606]  ? rt_spin_unlock+0x161/0x200
[  700.237009][ T9606]  ? get_signal+0x1121/0x1310
[  700.237041][ T9606]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  700.237086][ T9606]  arch_do_signal_or_restart+0x3d6/0x7a0
[  700.237125][ T9606]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  700.237181][ T9606]  exit_to_user_mode_loop+0x87/0x4e0
[  700.237212][ T9606]  ? rcu_is_watching+0x15/0xb0
[  700.237236][ T9606]  do_syscall_64+0x2b7/0xf80
[  700.237257][ T9606]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.237278][ T9606]  ? trace_irq_disable+0x37/0x100
[  700.237300][ T9606]  ? clear_bhb_loop+0x60/0xb0
[  700.237334][ T9606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.237356][ T9606] RIP: 0033:0x7f590913f747
[  700.237374][ T9606] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  700.237393][ T9606] RSP: 002b:00007f59073a6038 EFLAGS: 00000246
[  700.237411][ T9606] RAX: 0000000000000147 RBX: 00007f5909395fa0 RCX: 00007f590913f749
[  700.237426][ T9606] RDX: 0000000000000020 RSI: 0000200000000180 RDI: 0000000000000003
[  700.237440][ T9606] RBP: 00007f59073a6090 R08: 0000000000000004 R09: 0000000000000001
[  700.237452][ T9606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  700.237465][ T9606] R13: 00007f5909396038 R14: 00007f5909395fa0 R15: 00007fff1ae6e458
[  700.237499][ T9606]  </TASK>
[  701.080824][   T45] hsr_slave_0: left promiscuous mode
[  702.729814][ T5117] Bluetooth: hci4: command tx timeout
[  702.799141][   T45] hsr_slave_1: left promiscuous mode
[  702.800155][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  702.892594][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  703.079347][   T45] hsr_slave_0: left promiscuous mode
[  703.119405][   T45] hsr_slave_1: left promiscuous mode
[  703.121490][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  703.160222][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  703.876562][   T45] team0 (unregistering): Port device team_slave_1 removed
[  704.029905][   T45] team0 (unregistering): Port device team_slave_0 removed
[  705.735830][ T5117] Bluetooth: hci4: command tx timeout
[  706.821271][   T45] team0 (unregistering): Port device team_slave_1 removed
[  706.990041][   T45] team0 (unregistering): Port device team_slave_0 removed
[  708.661719][ T9586] chnl_net:caif_netlink_parms(): no params data found
[  709.111496][ T9586] bridge0: port 1(bridge_slave_0) entered blocking state
[  709.111765][ T9586] bridge0: port 1(bridge_slave_0) entered disabled state
[  709.111984][ T9586] bridge_slave_0: entered allmulticast mode
[  709.115273][ T9586] bridge_slave_0: entered promiscuous mode
[  709.225488][ T9586] bridge0: port 2(bridge_slave_1) entered blocking state
[  709.225626][ T9586] bridge0: port 2(bridge_slave_1) entered disabled state
[  709.225832][ T9586] bridge_slave_1: entered allmulticast mode
[  709.228551][ T9586] bridge_slave_1: entered promiscuous mode
[  710.652686][ T9586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  710.724074][ T9586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  710.984547][ T9586] team0: Port device team_slave_0 added
[  711.006662][ T9586] team0: Port device team_slave_1 added
[  711.006942][ T9426] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  711.197039][ T9426] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  711.372311][ T9426] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  711.460520][ T9586] batman_adv: batadv0: Adding interface: batadv_slave_0
[  711.460539][ T9586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  711.460579][ T9586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  711.541677][   T37] audit: type=1326 audit(1766743366.674:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9681 comm="syz.4.962" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f590913f749 code=0x0
[  711.673950][ T9426] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  711.696945][ T9586] batman_adv: batadv0: Adding interface: batadv_slave_1
[  711.696963][ T9586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  711.696993][ T9586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  712.204100][ T9586] hsr_slave_0: entered promiscuous mode
[  712.206533][ T9586] hsr_slave_1: entered promiscuous mode
[  712.208532][ T9586] debugfs: 'hsr0' already exists in 'hsr'
[  712.208550][ T9586] Cannot create hsr debugfs directory
[  712.287838][ T9336] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  713.490371][ T9336] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  713.658171][ T9336] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  713.819137][ T6687] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  713.969192][ T6687] usb 5-1: Using ep0 maxpacket: 8
[  713.978427][ T6687] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  713.978460][ T6687] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  713.978487][ T6687] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  713.978511][ T6687] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  713.978549][ T6687] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  713.978571][ T6687] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  714.026785][ T9336] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  714.274568][ T6687] usb 5-1: GET_CAPABILITIES returned 0
[  714.274602][ T6687] usbtmc 5-1:16.0: can't read capabilities
[  714.477953][ T5886] usb 5-1: USB disconnect, device number 47
[  715.032962][ T9426] 8021q: adding VLAN 0 to HW filter on device bond0
[  715.084383][ T9426] 8021q: adding VLAN 0 to HW filter on device team0
[  715.124596][ T9336] 8021q: adding VLAN 0 to HW filter on device bond0
[  715.137247][ T3501] bridge0: port 1(bridge_slave_0) entered blocking state
[  715.137452][ T3501] bridge0: port 1(bridge_slave_0) entered forwarding state
[  715.365607][ T6048] bridge0: port 2(bridge_slave_1) entered blocking state
[  715.365763][ T6048] bridge0: port 2(bridge_slave_1) entered forwarding state
[  716.371308][   T45] bridge_slave_1: left allmulticast mode
[  716.371342][   T45] bridge_slave_1: left promiscuous mode
[  716.373193][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  716.465675][   T45] bridge_slave_0: left allmulticast mode
[  716.465706][   T45] bridge_slave_0: left promiscuous mode
[  716.465959][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  717.265289][ T8678] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  717.280316][ T8678] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  717.281837][ T8678] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  717.283686][ T8678] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  717.284706][ T8678] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  720.145310][ T8678] Bluetooth: hci0: command tx timeout
[  721.625048][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  721.703122][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  721.778291][   T45] bond0 (unregistering): Released all slaves
[  722.189270][ T8678] Bluetooth: hci0: command tx timeout
[  722.579188][   T45] hsr_slave_0: left promiscuous mode
[  722.699189][   T45] hsr_slave_1: left promiscuous mode
[  722.705528][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  723.561789][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  723.714792][ T9765] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  724.269242][ T8678] Bluetooth: hci0: command tx timeout
[  724.982524][ T9774] program syz.3.985 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  726.875147][ T8678] Bluetooth: hci0: command tx timeout
[  729.240925][   T45] team0 (unregistering): Port device team_slave_1 removed
[  729.688009][   T45] team0 (unregistering): Port device team_slave_0 removed
[  733.118209][ T8678] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  733.135902][ T8678] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  733.146246][ T8678] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  733.147532][ T8678] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  733.148255][ T8678] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  733.879194][ T5886] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  735.325341][ T8678] Bluetooth: hci5: command tx timeout
[  735.419166][ T5886] usb 5-1: Using ep0 maxpacket: 8
[  735.429734][ T5886] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  735.429818][ T5886] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  735.429889][ T5886] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  735.429964][ T5886] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  735.430073][ T5886] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  735.430142][ T5886] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  735.703946][ T5886] usb 5-1: GET_CAPABILITIES returned 0
[  735.703979][ T5886] usbtmc 5-1:16.0: can't read capabilities
[  736.562869][ T9721] chnl_net:caif_netlink_parms(): no params data found
[  736.607043][ T5886] usb 5-1: USB disconnect, device number 48
[  737.389225][ T8678] Bluetooth: hci5: command tx timeout
[  737.497188][ T9806] chnl_net:caif_netlink_parms(): no params data found
[  739.428785][ T9586] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  739.469730][ T8678] Bluetooth: hci5: command tx timeout
[  739.904618][ T9586] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  739.989915][ T9586] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  740.833751][ T9586] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  741.362617][ T9721] bridge0: port 1(bridge_slave_0) entered blocking state
[  741.362755][ T9721] bridge0: port 1(bridge_slave_0) entered disabled state
[  741.362969][ T9721] bridge_slave_0: entered allmulticast mode
[  741.364833][ T9721] bridge_slave_0: entered promiscuous mode
[  741.450236][ T9721] bridge0: port 2(bridge_slave_1) entered blocking state
[  741.450322][ T9721] bridge0: port 2(bridge_slave_1) entered disabled state
[  741.450449][ T9721] bridge_slave_1: entered allmulticast mode
[  741.452074][ T9721] bridge_slave_1: entered promiscuous mode
[  741.562804][ T8678] Bluetooth: hci5: command tx timeout
[  741.740157][ T9806] bridge0: port 1(bridge_slave_0) entered blocking state
[  741.740300][ T9806] bridge0: port 1(bridge_slave_0) entered disabled state
[  741.740441][ T9806] bridge_slave_0: entered allmulticast mode
[  741.742226][ T9806] bridge_slave_0: entered promiscuous mode
[  742.069617][ T9806] bridge0: port 2(bridge_slave_1) entered blocking state
[  742.069992][ T9806] bridge0: port 2(bridge_slave_1) entered disabled state
[  742.070186][ T9806] bridge_slave_1: entered allmulticast mode
[  742.072198][ T9806] bridge_slave_1: entered promiscuous mode
[  742.105832][ T9721] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  742.240114][ T9721] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  742.406891][ T9806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  742.542648][ T9806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  742.547190][ T9721] team0: Port device team_slave_0 added
[  742.706480][ T9721] team0: Port device team_slave_1 added
[  742.975079][ T9806] team0: Port device team_slave_0 added
[  743.057597][ T9806] team0: Port device team_slave_1 added
[  743.058294][ T9721] batman_adv: batadv0: Adding interface: batadv_slave_0
[  743.058304][ T9721] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  743.058322][ T9721] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  743.190861][ T9721] batman_adv: batadv0: Adding interface: batadv_slave_1
[  743.190881][ T9721] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  743.190911][ T9721] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  743.501581][ T9806] batman_adv: batadv0: Adding interface: batadv_slave_0
[  743.501595][ T9806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  743.501613][ T9806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  743.570109][ T9806] batman_adv: batadv0: Adding interface: batadv_slave_1
[  743.570127][ T9806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  743.570155][ T9806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  743.865527][ T9721] hsr_slave_0: entered promiscuous mode
[  743.888386][ T9721] hsr_slave_1: entered promiscuous mode
[  743.898273][ T9721] debugfs: 'hsr0' already exists in 'hsr'
[  743.907631][ T9721] Cannot create hsr debugfs directory
[  745.884099][ T9806] hsr_slave_0: entered promiscuous mode
[  745.885202][ T9806] hsr_slave_1: entered promiscuous mode
[  745.885965][ T9806] debugfs: 'hsr0' already exists in 'hsr'
[  745.885983][ T9806] Cannot create hsr debugfs directory
[  752.294559][ T9913] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  752.294911][ T9913] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  752.353784][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  752.353920][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  752.392128][ T9913] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  752.392361][ T9913] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  752.450214][ T9913] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  752.524072][ T9913] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  752.524202][ T9913] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  752.574121][ T9913] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  752.623148][ T9913] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  752.623535][ T9913] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  752.710645][ T9913] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  753.003974][ T9586] 8021q: adding VLAN 0 to HW filter on device bond0
[  753.020887][ T5885] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  754.252755][ T5885] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  754.252791][ T5885] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  754.252814][ T5885] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  754.252858][ T5885] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  754.252881][ T5885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  754.264273][ T5885] usb 4-1: config 0 descriptor??
[  754.349186][ T8678] Bluetooth: hci2: command 0x0406 tx timeout
[  754.427894][ T9586] 8021q: adding VLAN 0 to HW filter on device team0
[  754.430528][ T8678] Bluetooth: hci4: command 0x0c1a tx timeout
[  754.569675][ T1121] bridge0: port 1(bridge_slave_0) entered blocking state
[  754.570406][ T1121] bridge0: port 1(bridge_slave_0) entered forwarding state
[  754.590908][ T8678] Bluetooth: hci0: command 0x0c1a tx timeout
[  754.669209][ T8678] Bluetooth: hci5: command 0x0c1a tx timeout
[  754.711745][   T89] bridge0: port 2(bridge_slave_1) entered blocking state
[  754.711858][   T89] bridge0: port 2(bridge_slave_1) entered forwarding state
[  754.734634][ T5885] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  754.797380][   T45] bridge_slave_1: left allmulticast mode
[  754.797403][   T45] bridge_slave_1: left promiscuous mode
[  754.797612][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  754.880358][   T45] bridge_slave_0: left allmulticast mode
[  754.880380][   T45] bridge_slave_0: left promiscuous mode
[  754.880561][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  754.952709][   T45] bridge_slave_1: left allmulticast mode
[  754.952751][   T45] bridge_slave_1: left promiscuous mode
[  754.952922][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  755.031320][   T45] bridge_slave_0: left allmulticast mode
[  755.031347][   T45] bridge_slave_0: left promiscuous mode
[  755.031579][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  755.066318][   T50] usb 4-1: USB disconnect, device number 39
[  756.361585][ T5117] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  756.378445][ T5117] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  756.383980][ T5117] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  756.438263][ T5117] Bluetooth: hci2: command 0x0406 tx timeout
[  756.446790][ T5117] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  756.459521][ T5117] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  756.519199][ T5117] Bluetooth: hci4: command 0x0c1a tx timeout
[  756.699121][ T5117] Bluetooth: hci0: command 0x0c1a tx timeout
[  756.849091][ T5117] Bluetooth: hci5: command 0x0c1a tx timeout
[  758.519377][ T5117] Bluetooth: hci3: command tx timeout
[  758.589236][ T5117] Bluetooth: hci4: command 0x0c1a tx timeout
[  758.749309][ T5117] Bluetooth: hci0: command 0x0c1a tx timeout
[  758.909112][ T5117] Bluetooth: hci5: command 0x0c1a tx timeout
[  759.223602][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  759.280121][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  759.308150][   T45] bond0 (unregistering): Released all slaves
[  760.612736][ T5117] Bluetooth: hci3: command tx timeout
[  761.171803][ T6012] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  761.467398][ T6012] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  761.467442][ T6012] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  761.467565][ T6012] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  761.467623][ T6012] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  761.845911][ T6012] usb 4-1: config 0 descriptor??
[  762.679489][ T5117] Bluetooth: hci3: command tx timeout
[  764.749288][ T5117] Bluetooth: hci3: command tx timeout
[  766.041942][ T6012] usbhid 4-1:0.0: can't add hid device: -71
[  766.042378][ T6012] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  766.174597][ T6012] usb 4-1: USB disconnect, device number 40
[  769.760119][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  769.882737][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  769.990073][   T45] bond0 (unregistering): Released all slaves
[  770.859191][   T45] hsr_slave_0: left promiscuous mode
[  770.899187][   T45] hsr_slave_1: left promiscuous mode
[  770.900143][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  770.924610][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  772.278908][   T45] hsr_slave_0: left promiscuous mode
[  772.346183][   T45] hsr_slave_1: left promiscuous mode
[  772.354810][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  772.618026][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  773.894821][ T9990] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1046'.
[  776.059849][   T45] team0 (unregistering): Port device team_slave_1 removed
[  776.400074][   T45] team0 (unregistering): Port device team_slave_0 removed
[  779.163800][ T8678] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  779.167467][ T8678] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  779.172571][ T8678] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  779.195811][   T45] team0 (unregistering): Port device team_slave_1 removed
[  779.213235][ T8678] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  779.215204][ T8678] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  779.390041][   T45] team0 (unregistering): Port device team_slave_0 removed
[  782.063082][ T5117] Bluetooth: hci4: command tx timeout
[  782.217242][ T5886] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  782.374252][ T5886] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  782.376564][ T5886] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  782.376623][ T5886] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  782.376652][ T5886] usb 4-1: config 0 interface 0 has no altsetting 0
[  782.378755][ T5886] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  782.378838][ T5886] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  782.378868][ T5886] usb 4-1: config 0 interface 0 has no altsetting 0
[  782.380206][ T5886] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  782.380260][ T5886] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  782.380288][ T5886] usb 4-1: config 0 interface 0 has no altsetting 0
[  782.381698][ T5886] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  782.381753][ T5886] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  782.381781][ T5886] usb 4-1: config 0 interface 0 has no altsetting 0
[  782.389821][ T5886] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  782.389878][ T5886] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  782.389905][ T5886] usb 4-1: config 0 interface 0 has no altsetting 0
[  782.391382][ T5886] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  782.391438][ T5886] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  782.391468][ T5886] usb 4-1: config 0 interface 0 has no altsetting 0
[  782.392934][ T5886] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  782.392989][ T5886] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  782.393017][ T5886] usb 4-1: config 0 interface 0 has no altsetting 0
[  782.394504][ T5886] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  782.394555][ T5886] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  782.394583][ T5886] usb 4-1: config 0 interface 0 has no altsetting 0
[  782.430884][ T5886] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  782.430914][ T5886] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  782.430936][ T5886] usb 4-1: Product: syz
[  782.430950][ T5886] usb 4-1: Manufacturer: syz
[  782.430981][ T5886] usb 4-1: SerialNumber: syz
[  782.646079][ T5886] usb 4-1: config 0 descriptor??
[  782.719840][ T5886] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[  782.881836][ T5886] usb 4-1: USB disconnect, device number 41
[  782.948558][ T5886] yurex 4-1:0.0: USB YUREX #0 now disconnected
[  784.638795][ T5117] Bluetooth: hci4: command tx timeout
[  785.134325][ T9932] chnl_net:caif_netlink_parms(): no params data found
[  786.355741][T10035] netlink: 'syz.3.1059': attribute type 1 has an invalid length.
[  786.669129][ T5117] Bluetooth: hci4: command tx timeout
[  788.769493][ T5117] Bluetooth: hci4: command tx timeout
[  789.091757][T10001] chnl_net:caif_netlink_parms(): no params data found
[  789.192466][ T9932] bridge0: port 1(bridge_slave_0) entered blocking state
[  789.192669][ T9932] bridge0: port 1(bridge_slave_0) entered disabled state
[  789.192925][ T9932] bridge_slave_0: entered allmulticast mode
[  789.195467][ T9932] bridge_slave_0: entered promiscuous mode
[  789.309460][ T9932] bridge0: port 2(bridge_slave_1) entered blocking state
[  789.309612][ T9932] bridge0: port 2(bridge_slave_1) entered disabled state
[  789.309871][ T9932] bridge_slave_1: entered allmulticast mode
[  789.319646][ T9932] bridge_slave_1: entered promiscuous mode
[  790.848683][T10067] binder: 10062:10067 ioctl c0306201 0 returned -14
[  790.873352][T10067] virtio-fs: tag </dev/md0> not found
[  791.790033][ T9932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  791.862589][ T9932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  793.049853][ T9932] team0: Port device team_slave_0 added
[  793.050293][T10001] bridge0: port 1(bridge_slave_0) entered blocking state
[  793.053608][T10001] bridge0: port 1(bridge_slave_0) entered disabled state
[  793.053806][T10001] bridge_slave_0: entered allmulticast mode
[  793.093669][T10001] bridge_slave_0: entered promiscuous mode
[  793.105069][ T9806] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  793.231543][ T9932] team0: Port device team_slave_1 added
[  793.231799][T10001] bridge0: port 2(bridge_slave_1) entered blocking state
[  793.231923][T10001] bridge0: port 2(bridge_slave_1) entered disabled state
[  793.232121][T10001] bridge_slave_1: entered allmulticast mode
[  793.234674][T10001] bridge_slave_1: entered promiscuous mode
[  793.279705][ T9806] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  794.072181][ T9932] batman_adv: batadv0: Adding interface: batadv_slave_0
[  794.072201][ T9932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  794.072228][ T9932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  794.124804][T10001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  794.128651][ T9932] batman_adv: batadv0: Adding interface: batadv_slave_1
[  794.128664][ T9932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  794.128685][ T9932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  794.204022][T10001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  794.604211][ T8678] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  794.642493][ T8678] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  794.644916][ T8678] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  794.681039][ T8678] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  794.685427][ T8678] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  794.739273][ T6030] usb 4-1: new full-speed USB device number 42 using dummy_hcd
[  794.792666][T10001] team0: Port device team_slave_0 added
[  794.922911][ T6030] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  794.922938][ T6030] usb 4-1: config 0 has no interface number 0
[  794.922983][ T6030] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  794.923006][ T6030] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  794.967495][ T6030] usb 4-1: config 0 descriptor??
[  794.983363][ T6030] usb 4-1: selecting invalid altsetting 1
[  794.983544][ T6030] dvb_ttusb_budget: ttusb_init_controller: error
[  794.983560][ T6030] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  795.025415][T10001] team0: Port device team_slave_1 added
[  795.065691][ T6030] DVB: Unable to find symbol cx22700_attach()
[  795.122716][ T6030] DVB: Unable to find symbol tda10046_attach()
[  795.122732][ T6030] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  795.181731][ T6030] usb 4-1: USB disconnect, device number 42
[  795.238019][ T9932] hsr_slave_0: entered promiscuous mode
[  795.241037][ T9932] hsr_slave_1: entered promiscuous mode
[  795.243608][ T9932] debugfs: 'hsr0' already exists in 'hsr'
[  795.243669][ T9932] Cannot create hsr debugfs directory
[  797.118776][ T5117] Bluetooth: hci0: command tx timeout
[  797.344298][T10001] batman_adv: batadv0: Adding interface: batadv_slave_0
[  797.344315][T10001] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  797.344341][T10001] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  797.394083][T10001] batman_adv: batadv0: Adding interface: batadv_slave_1
[  797.394100][T10001] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  797.394127][T10001] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  797.540075][T10101] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1076'.
[  799.151261][ T5117] Bluetooth: hci0: command tx timeout
[  801.071410][T10001] hsr_slave_0: entered promiscuous mode
[  801.072856][T10001] hsr_slave_1: entered promiscuous mode
[  801.073865][T10001] debugfs: 'hsr0' already exists in 'hsr'
[  801.073889][T10001] Cannot create hsr debugfs directory
[  801.139306][ T6030] usb 4-1: new full-speed USB device number 43 using dummy_hcd
[  801.239157][ T5117] Bluetooth: hci0: command tx timeout
[  801.298325][ T6030] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  801.298371][ T6030] usb 4-1: config 0 has no interface number 0
[  801.298498][ T6030] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  801.298524][ T6030] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  801.335393][ T6030] usb 4-1: config 0 descriptor??
[  801.345125][ T6030] usb 4-1: selecting invalid altsetting 1
[  801.345233][ T6030] dvb_ttusb_budget: ttusb_init_controller: error
[  801.345242][ T6030] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  801.454606][ T6030] DVB: Unable to find symbol cx22700_attach()
[  801.494994][ T6030] DVB: Unable to find symbol tda10046_attach()
[  801.495010][ T6030] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  801.544535][ T6012] usb 4-1: USB disconnect, device number 43
[  801.786462][   T45] bridge_slave_1: left allmulticast mode
[  801.786492][   T45] bridge_slave_1: left promiscuous mode
[  801.788835][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  801.860430][   T45] bridge_slave_0: left allmulticast mode
[  801.860452][   T45] bridge_slave_0: left promiscuous mode
[  801.860653][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  801.933113][   T45] bridge_slave_1: left allmulticast mode
[  801.933144][   T45] bridge_slave_1: left promiscuous mode
[  801.933363][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  802.001496][   T45] bridge_slave_0: left allmulticast mode
[  802.001535][   T45] bridge_slave_0: left promiscuous mode
[  802.001864][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  802.301894][T10135] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
[  802.301919][T10135] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 10135, name: syz.4.1086
[  802.301937][T10135] preempt_count: 2, expected: 0
[  802.301947][T10135] RCU nest depth: 1, expected: 1
[  802.301963][T10135] 3 locks held by syz.4.1086/10135:
[  802.301976][T10135]  #0: ffff8880397fb918 (sk_lock-AF_VSOCK){+.+.}-{0:0}, at: vsock_connectible_sendmsg+0x189/0x1040
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  802.302052][T10135]  #1: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run9+0x1ec/0x510
[  802.302104][T10135]  #2: ffff8880b883fe88 (&s->lock_key#14){+.+.}-{3:3}, at: ___slab_alloc+0x12f/0x13e0
[  802.302159][T10135] Preemption disabled at:
[  802.302164][T10135] [<0000000000000000>] 0x0
[  802.302193][T10135] CPU: 0 UID: 0 PID: 10135 Comm: syz.4.1086 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  802.302219][T10135] Tainted: [L]=SOFTLOCKUP
[  802.302226][T10135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  802.302240][T10135] Call Trace:
[  802.302248][T10135]  <TASK>
[  802.302257][T10135]  dump_stack_lvl+0xe8/0x150
[  802.302289][T10135]  __might_resched+0x32a/0x480
[  802.302319][T10135]  rt_spin_lock+0xc7/0x3e0
[  802.302351][T10135]  ? __pfx_rt_spin_lock+0x10/0x10
[  802.302379][T10135]  ? __lock_acquire+0x6b6/0x2cf0
[  802.302411][T10135]  ? __lock_acquire+0x6b6/0x2cf0
[  802.302444][T10135]  ___slab_alloc+0x12f/0x13e0
[  802.302472][T10135]  ? unwind_next_frame+0xa5/0x23d0
[  802.302504][T10135]  ? lock_acquire+0x107/0x340
[  802.302531][T10135]  ? __bpf_stream_push_str+0xa8/0x2b0
[  802.302557][T10135]  __slab_alloc+0xc6/0x1f0
[  802.302578][T10135]  ? __bpf_stream_push_str+0xa8/0x2b0
[  802.302601][T10135]  kmalloc_nolock_noprof+0x1be/0x440
[  802.302632][T10135]  ? __bpf_stream_push_str+0xa8/0x2b0
[  802.302657][T10135]  __bpf_stream_push_str+0xa8/0x2b0
[  802.302677][T10135]  ? __asan_memcpy+0x40/0x70
[  802.302706][T10135]  ? __pfx___bpf_stream_push_str+0x10/0x10
[  802.302738][T10135]  bpf_stream_stage_printk+0x14e/0x1c0
[  802.302757][T10135]  ? __pfx_find_from_stack_cb+0x10/0x10
[  802.302782][T10135]  ? arch_bpf_stack_walk+0x112/0x170
[  802.302819][T10135]  ? __pfx_bpf_stream_stage_printk+0x10/0x10
[  802.302858][T10135]  bpf_prog_report_may_goto_violation+0xc4/0x190
[  802.302881][T10135]  ? __pfx_bpf_prog_report_may_goto_violation+0x10/0x10
[  802.302901][T10135]  ? irqentry_exit+0x5dd/0x660
[  802.302921][T10135]  ? trace_irq_disable+0x37/0x100
[  802.302948][T10135]  ? read_tsc+0x9/0x20
[  802.302971][T10135]  bpf_check_timed_may_goto+0xaa/0xb0
[  802.303008][T10135]  arch_bpf_timed_may_goto+0x21/0x40
[  802.303034][T10135]  bpf_prog_262a74d054ad2993+0x53/0x5f
[  802.303055][T10135]  bpf_trace_run9+0x2de/0x510
[  802.303081][T10135]  ? bpf_trace_run9+0x1ec/0x510
[  802.303105][T10135]  ? __pfx_bpf_trace_run9+0x10/0x10
[  802.303153][T10135]  __bpf_trace_virtio_transport_alloc_pkt+0x2d7/0x340
[  802.303189][T10135]  ? __pfx___bpf_trace_virtio_transport_alloc_pkt+0x10/0x10
[  802.303214][T10135]  ? kmem_cache_alloc_node_noprof+0x292/0x6f0
[  802.303262][T10135]  ? skb_copy_datagram_from_iter_full+0x122/0x170
[  802.303313][T10135]  virtio_transport_alloc_skb+0x10af/0x1110
[  802.303361][T10135]  ? __pfx_virtio_transport_alloc_skb+0x10/0x10
[  802.303394][T10135]  ? __local_bh_enable_ip+0x1af/0x2c0
[  802.303420][T10135]  ? lockdep_hardirqs_on+0x7b/0x110
[  802.303445][T10135]  virtio_transport_send_pkt_info+0x694/0x10b0
[  802.303478][T10135]  ? virtio_transport_send_pkt_info+0x1ea/0x10b0
[  802.303526][T10135]  ? virtio_transport_seqpacket_enqueue+0xba/0x1f0
[  802.303555][T10135]  virtio_transport_seqpacket_enqueue+0x166/0x1f0
[  802.303582][T10135]  ? reacquire_held_locks+0x104/0x190
[  802.303618][T10135]  ? __pfx_virtio_transport_seqpacket_enqueue+0x10/0x10
[  802.303650][T10135]  ? rt_spin_unlock+0x150/0x200
[  802.303684][T10135]  ? rt_spin_unlock+0x161/0x200
[  802.303716][T10135]  vsock_connectible_sendmsg+0xabf/0x1040
[  802.303769][T10135]  ? __pfx_vsock_connectible_sendmsg+0x10/0x10
[  802.303807][T10135]  ? __pfx_woken_wake_function+0x10/0x10
[  802.303836][T10135]  ? lockdep_hardirqs_on+0x7b/0x110
[  802.303855][T10135]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  802.303880][T10135]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  802.303910][T10135]  ? __pfx_vsock_connectible_sendmsg+0x10/0x10
[  802.303944][T10135]  __sock_sendmsg+0x21c/0x270
[  802.303981][T10135]  ____sys_sendmsg+0x534/0x810
[  802.304014][T10135]  ? __pfx_____sys_sendmsg+0x10/0x10
[  802.304050][T10135]  ? import_iovec+0x74/0xa0
[  802.304075][T10135]  ___sys_sendmsg+0x21f/0x2a0
[  802.304104][T10135]  ? __pfx____sys_sendmsg+0x10/0x10
[  802.304138][T10135]  ? __pfx_futex_wake_mark+0x10/0x10
[  802.304187][T10135]  ? __fget_files+0x2a/0x420
[  802.304210][T10135]  ? __fget_files+0x3a6/0x420
[  802.304244][T10135]  __sys_sendmmsg+0x22d/0x430
[  802.304277][T10135]  ? __pfx___sys_sendmmsg+0x10/0x10
[  802.304303][T10135]  ? do_futex+0x333/0x420
[  802.304367][T10135]  ? rcu_is_watching+0x15/0xb0
[  802.304396][T10135]  __x64_sys_sendmmsg+0xa0/0xc0
[  802.304427][T10135]  do_syscall_64+0xec/0xf80
[  802.304446][T10135]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  802.304467][T10135]  ? trace_irq_disable+0x37/0x100
[  802.304489][T10135]  ? clear_bhb_loop+0x60/0xb0
[  802.304521][T10135]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  802.304541][T10135] RIP: 0033:0x7f590913f749
[  802.304560][T10135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  802.304579][T10135] RSP: 002b:00007f59073a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  802.304600][T10135] RAX: ffffffffffffffda RBX: 00007f5909395fa0 RCX: 00007f590913f749
[  802.304616][T10135] RDX: 0000000000000001 RSI: 0000200000000b40 RDI: 0000000000000003
[  802.304630][T10135] RBP: 00007f59091c3f91 R08: 0000000000000000 R09: 0000000000000000
[  802.304643][T10135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  802.304656][T10135] R13: 00007f5909396038 R14: 00007f5909395fa0 R15: 00007fff1ae6e458
[  802.304690][T10135]  </TASK>
[  803.309195][ T5117] Bluetooth: hci0: command tx timeout
[  803.599993][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  803.729993][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  803.792512][   T45] bond0 (unregistering): Released all slaves
[  805.371380][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  805.450069][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  805.521540][   T45] bond0 (unregistering): Released all slaves
[  807.099344][   T45] hsr_slave_0: left promiscuous mode
[  807.139318][   T45] hsr_slave_1: left promiscuous mode
[  807.140137][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  807.163131][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  807.319295][   T45] hsr_slave_0: left promiscuous mode
[  807.339184][   T45] hsr_slave_1: left promiscuous mode
[  807.339967][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  807.380037][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  808.110765][   T45] team0 (unregistering): Port device team_slave_1 removed
[  808.249861][   T45] team0 (unregistering): Port device team_slave_0 removed
[  809.390144][   T45] team0 (unregistering): Port device team_slave_1 removed
[  809.544745][   T45] team0 (unregistering): Port device team_slave_0 removed