last executing test programs:

11m32.954338672s ago: executing program 3 (id=4):
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sysfs$auto(0x2, 0x4d, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyt8\x00', 0x0, 0x0)
ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0)
ioctl$auto(r2, 0x540a, 0x0)
socket(0xa, 0x5, 0x0)
timer_create$auto(0x0, 0x0, 0x0)
r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r3, 0x0, 0x0)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
socket(0xa, 0x2, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
unshare$auto(0x40000080)
timerfd_create$auto_CLOCK_BOOTTIME_ALARM(0x9, 0x7)
mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1)

11m31.394755298s ago: executing program 3 (id=8):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x745100, 0x0)
openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000200), 0x101802, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x0, 0x0)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0)
r2 = io_uring_setup$auto(0x8000, 0x0)
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0)
shmctl$auto_IPC_SET(0x8, 0x1, 0x0)
sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f0000000700)={&(0x7f0000000240), 0xc, &(0x7f00000006c0)={&(0x7f0000001180)={0x14, 0x0, 0x400, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x24008140}, 0x2404c044)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x64c1, 0x8000001f, 0x400000000, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xfc\x04\x00\x00)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
socket(0x2b, 0x1, 0x0)
ioctl$auto(0x3, 0x8905, 0x38)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15)
fallocate$auto(r2, 0x80, 0xf, 0x6ad5)
madvise$auto(0x0, 0xffffffffffff0004, 0x14)
pread64$auto(0xffffffffffffffff, &(0x7f0000000080)='\xd5u+~\xa7x\xe0VQ\x1a6\xcf\xce\xfa\xfbN\x19\b\xf64\r\x122i\xd6\x0e\xfa\x96\x9aV:\xe1G\x14\xb2\xd4N\x0e#jX:\xd0\xd0\xa9\xda\xaf\x98\x94G\xa8\xb4\xa7uPc\x1ang\xdb\xb4\xa7\xad\x1b\xcbonh\xd8\x99\x03\x10\xb0\xa5\xfey\xd5F,70\xecG\x8a\fz\x95\x7f\xb0Y{\xdd\xa1\xa3E\x03\xd4\xc67U\x93\n\xfc\xa4\x0e_\xf8\x94\xc3a\x00\xe6\xea4\xa2\x7ft\xeb\x8b$\x16\x0e\xe8j\xcaI\xe0c\x05\x12(\v\xef\xc5Z\xfb\xed\xa3\x01\x001\xa5\x18%\xae/\x1b6\xaa\xf5ysD\xa6\xee\xbf\xc0v\"\x93\x96\"\xcak.\x0e_\xb3\xf7\xac\x9e\xbd/w\xdf\xfc\xe24z\x0f\x8f\b\xbe\xda\xfb\xd0Jj\x97\xfa{\x9d\xfd\xfb\x14\x1f\b#\xb9\x01\xf7\xf5\x1c1\xfbNX\xd9\xf0\x97@\xff(\x99\x13M\xadM\b\xa7\xf3u\xa8ak\xff\x7f\x00\x00\x12\x85\x85\x14\b\x9c\x15\xc10\xb3\xd5.\x13\xc6\xb6\xbak:\xbf\x8f\xcd\x7f\a\xb8\x00'/272, 0x202, 0x7)

11m30.149708995s ago: executing program 3 (id=11):
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000)
write$auto(r0, 0x0, 0x2)
getrlimit$auto(0x3, 0x0)
fdatasync$auto(r0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snd/controlC2\x00', 0x400, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x1102, 0x0)
write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k', 0x100000a3d9)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/queue/scheduler\x00', 0x103a42, 0x0)
sendfile$auto(r2, r2, 0x0, 0x9)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0)
sendfile$auto(0x3, 0x3, 0x0, 0x400000000006)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
init_module$auto(0x0, 0xffff9, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x8000000000000000, 0x15)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
write$auto_proc_oom_score_adj_operations_base(r1, &(0x7f0000000180)="935d7ffb5a823750183d8606bfeb9ec0f46e87fe6d51338572bc525208b14c13b3d107731a6ab5e87b1465313a26cf3d60b28356389faa014307f37b614afaa023c29be261d8eb4c2ec15447d0d0db1d620858e3dd4c9173cebefca0ab08899b92d2d6", 0x63)
capget$auto(0x0, 0xfffffffffffffffe)

11m28.086589471s ago: executing program 3 (id=14):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYBLOB], 0x1ac}}, 0x40000)
write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000000)="c80d1b5d399b71", 0x7)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
recvmmsg$auto(r1, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0xc000000, 0x0)
r2 = open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72)
copy_file_range$auto(r2, 0x0, r2, &(0x7f0000000080)=0xeb2f, 0xfffffffffffffffe, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/saved_tgids\x00', 0x109100, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0)
memfd_secret$auto(0x0)
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyz7\x00', 0x48f41, 0x0)
ioctl$auto(0x3, 0x402c542d, r4)
write$auto(0x3, 0x0, 0xfffffdef)
syz_genetlink_get_family_id$auto_tipcv2(0x0, r0)
io_uring_setup$auto(0x6, 0x0)

11m27.663980311s ago: executing program 3 (id=17):
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000002200)={&(0x7f0000000000)={0x1c, 0x0, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x8470}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20044800}, 0x4000)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendto$auto(0xffffffffffffffff, 0x0, 0x402, 0x101, &(0x7f0000000000)=@generic={0xa, "01e983638bffff4993021400"}, 0x1c)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x23, 0x80805, 0x0)
fanotify_init$auto(0x5, 0x2000000000002)
io_uring_setup$auto(0x3, 0x0)
pipe$auto(0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x2, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0xe8142, 0x0)
r2 = socket(0x2, 0x3, 0xa)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r1], 0x18}, 0x1, 0x2000, 0x0, 0x40010}, 0x80)
write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef)

11m27.262624797s ago: executing program 3 (id=19):
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/available_events\x00', 0x680, 0x0)
read$auto_ftrace_avail_fops_trace_events(r0, &(0x7f00000000c0)=""/197, 0xc5)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8)
io_uring_setup$auto(0x6, 0x0)
r1 = socket(0xa, 0x1, 0x84)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r2, &(0x7f0000006940)={0x0, 0x0, &(0x7f0000006900)={&(0x7f0000000000)={0x40, r3, 0x1, 0x70bd29, 0x25dfdbff, {}, [@HWSIM_ATTR_FLAGS={0x8, 0x4, 0x1}, @HWSIM_ATTR_ADDR_TRANSMITTER={0xa, 0x2, "a060292f83d9"}, @HWSIM_ATTR_COOKIE={0xc}, @HWSIM_ATTR_SIGNAL={0x8, 0x6, 0xffffffcc}, @HWSIM_ATTR_TX_INFO={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000041}, 0x800)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(r1, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x48, r3, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@HWSIM_ATTR_RX_RATE={0x8, 0x5, 0xfffffffd}, @HWSIM_ATTR_FLAGS={0x8, 0x4, 0x2}, @HWSIM_ATTR_RADIO_ID={0x8, 0xa, 0x2}, @HWSIM_ATTR_TX_INFO_FLAGS={0x16, 0x15, "17dc2e8d81e7297ae0834edc2adab76b4211"}, @HWSIM_ATTR_MLO_SUPPORT={0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x40014}, 0x20000010)
r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x80000, 0x0)
r5 = semctl$auto_GETPID(0x10001, 0x6, 0xb, 0x100000001)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000001480)={{@raw=0x9, 0x2, 0x5, 0x0, "e462f5a29a0b2f987b9ea452a1bc9eaafd83a8eb9eea79a10397a3126cb6c4380ae1dc84e847c5ccf57f14eb", @inferred=r5}, 0x1, @integer64=@value=[0xf, 0x80, 0x0, 0x3, 0x3, 0x1000, 0xd1f6, 0x5, 0x10, 0x8, 0x4, 0xbe1, 0x1, 0x0, 0x0, 0xffffffffffffff80, 0x40, 0x5, 0x4, 0x3, 0xfffffffffffff000, 0x5, 0x2, 0x2, 0x7, 0x8, 0x2, 0x1, 0x2, 0x5cb56b90, 0x0, 0x81, 0xfffffffffffffffb, 0x9, 0x0, 0x10, 0x2, 0x6, 0x0, 0x6, 0x5, 0x5, 0x8, 0x6, 0xe7d8, 0x7fff, 0x7fffffff, 0x2, 0x2, 0x0, 0x8000000000000001, 0x6, 0xc500000000000000, 0x2, 0x9, 0x0, 0x40, 0x4, 0x5, 0x4, 0xe, 0xb, 0x800, 0x10000], "2ffa3e20e80e755123e1f42e350d190e3032fa30c3621af4571878aad95f51aea60df3a075b1c15529b67947b4b67f290e12883f526b4e566ef511611abf96d1d9b723613b1fce6def179ed465852003f47d532de2721cc6b407490cd09e96be8bf6d01dca81d1d22f2554f48d1796ac750c48d1a4c1d889a0e6b6528742320c"})
unshare$auto(0x40000080)
r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/midi0\x00', 0x28102, 0x0)
lseek$auto(r6, 0x7, 0x0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/diskstats\x00', 0x141100, 0x0)

11m12.116820661s ago: executing program 32 (id=19):
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/available_events\x00', 0x680, 0x0)
read$auto_ftrace_avail_fops_trace_events(r0, &(0x7f00000000c0)=""/197, 0xc5)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8)
io_uring_setup$auto(0x6, 0x0)
r1 = socket(0xa, 0x1, 0x84)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r2, &(0x7f0000006940)={0x0, 0x0, &(0x7f0000006900)={&(0x7f0000000000)={0x40, r3, 0x1, 0x70bd29, 0x25dfdbff, {}, [@HWSIM_ATTR_FLAGS={0x8, 0x4, 0x1}, @HWSIM_ATTR_ADDR_TRANSMITTER={0xa, 0x2, "a060292f83d9"}, @HWSIM_ATTR_COOKIE={0xc}, @HWSIM_ATTR_SIGNAL={0x8, 0x6, 0xffffffcc}, @HWSIM_ATTR_TX_INFO={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000041}, 0x800)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(r1, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x48, r3, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@HWSIM_ATTR_RX_RATE={0x8, 0x5, 0xfffffffd}, @HWSIM_ATTR_FLAGS={0x8, 0x4, 0x2}, @HWSIM_ATTR_RADIO_ID={0x8, 0xa, 0x2}, @HWSIM_ATTR_TX_INFO_FLAGS={0x16, 0x15, "17dc2e8d81e7297ae0834edc2adab76b4211"}, @HWSIM_ATTR_MLO_SUPPORT={0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x40014}, 0x20000010)
r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x80000, 0x0)
r5 = semctl$auto_GETPID(0x10001, 0x6, 0xb, 0x100000001)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000001480)={{@raw=0x9, 0x2, 0x5, 0x0, "e462f5a29a0b2f987b9ea452a1bc9eaafd83a8eb9eea79a10397a3126cb6c4380ae1dc84e847c5ccf57f14eb", @inferred=r5}, 0x1, @integer64=@value=[0xf, 0x80, 0x0, 0x3, 0x3, 0x1000, 0xd1f6, 0x5, 0x10, 0x8, 0x4, 0xbe1, 0x1, 0x0, 0x0, 0xffffffffffffff80, 0x40, 0x5, 0x4, 0x3, 0xfffffffffffff000, 0x5, 0x2, 0x2, 0x7, 0x8, 0x2, 0x1, 0x2, 0x5cb56b90, 0x0, 0x81, 0xfffffffffffffffb, 0x9, 0x0, 0x10, 0x2, 0x6, 0x0, 0x6, 0x5, 0x5, 0x8, 0x6, 0xe7d8, 0x7fff, 0x7fffffff, 0x2, 0x2, 0x0, 0x8000000000000001, 0x6, 0xc500000000000000, 0x2, 0x9, 0x0, 0x40, 0x4, 0x5, 0x4, 0xe, 0xb, 0x800, 0x10000], "2ffa3e20e80e755123e1f42e350d190e3032fa30c3621af4571878aad95f51aea60df3a075b1c15529b67947b4b67f290e12883f526b4e566ef511611abf96d1d9b723613b1fce6def179ed465852003f47d532de2721cc6b407490cd09e96be8bf6d01dca81d1d22f2554f48d1796ac750c48d1a4c1d889a0e6b6528742320c"})
unshare$auto(0x40000080)
r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/midi0\x00', 0x28102, 0x0)
lseek$auto(r6, 0x7, 0x0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/diskstats\x00', 0x141100, 0x0)

8.07213414s ago: executing program 1 (id=1925):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0xffffffffffffffff, 0x300000000000)
socket(0xa, 0x3, 0x3b)
semctl$auto_SEM_STAT(0x0, 0x80000000, 0x12, 0x0)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000500)={0x40a, 0x3, 0x3ac, 0x8, {0x1, 0x4, 0xb, 0x3, 0x9, 0x4, 0x9, 0x2, 0xe, 0xa5, 0x1, 0x4, 0x0, 0xf, 0xff}})
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
pidfd_open$auto(0x1, 0x0)
socket(0x2000000000000021, 0x2, 0x10000000000002)
r1 = openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/netdevsim/netdevsim1/ports/3/pp_hold\x00', 0x101001, 0x0)
r2 = bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x100010, 0x7, 0x4, 0xffffffffffffffff, 0xa, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0xe5, 0x3}, 0x10)
bpf$auto(0x18, &(0x7f0000000380)=@bpf_attr_11={0x9, 0x9, 0x866b, 0x100005, 0x80000009, 0xfffffe01, 0xe6d9, r2}, 0x92)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
r3 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0)
ioctl$auto(r3, 0x3b92, r1)
epoll_create$auto(0x100)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r4 = socket(0x2, 0x1, 0x0)
bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={r4, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1)
mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000)
close_range$auto(0x2, 0xa, 0x0)
fcntl$auto_F_OFD_GETLK(r4, 0x24, 0x8000000000000000)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)

7.715269986s ago: executing program 2 (id=1928):
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
socket(0x28, 0x801, 0x0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc40, 0x0)
mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x2, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socket(0x2, 0x5, 0x0)
socket(0xa, 0x80803, 0x6)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
r1 = epoll_create$auto(0x8800001)
epoll_ctl$auto(r1, 0x1, r0, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000026d00)='/dev/dri/card0\x00', 0x2000, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, 0xffffffffffffffff)
socket(0x2b, 0x1, 0x0)
close_range$auto(0x2, 0x8, 0x0)

7.269128955s ago: executing program 4 (id=1929):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
statmount$auto(0x0, 0x0, 0x1fe, 0xd)
sysfs$auto(0x2, 0xd, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0x149182, 0x0)
write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24004011}, 0x24000802)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/workqueue/parameters/default_affinity_scope\x00', 0x1a9242, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r1)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000240)={0x4c, r4, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@HWSIM_ATTR_RADIO_NAME={0x2d, 0x11, '/P\x13jE\f\xf9r\xf5\xa3\xd2\x84y\xf9*\x9b\"\x1c\xa4l-\x19\xfd\xa4\xf4y\x02\xc2\x96\xfa\x84L\x12\xcd\x83\xf7\x12\xd3\xc4\x1e]'}, @HWSIM_ATTR_PMSR_SUPPORT={0x8, 0x1a, 0x0, 0x1, [@NL80211_PMSR_ATTR_TYPE_CAPA={0x4}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4008040}, 0x40800)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001f00), r5)
sendmsg$auto_NBD_CMD_STATUS(r5, &(0x7f00000023c0)={0x0, 0x0, &(0x7f0000002380)={&(0x7f0000002000)={0x1c, r6, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x8001}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40004}, 0x4008050)
sendfile$auto(r2, r2, 0x0, 0x5)
mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x8000000eb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4044010}, 0x40850)
close_range$auto(0x2, 0xa, 0x0)
socket(0x18, 0xa, 0x1)
socket(0xa, 0x2, 0x88)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000229bd70001cdddf250200020008000308"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc8}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x1f00)

6.603726714s ago: executing program 0 (id=1930):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x1, 0x1, 0x6, 0x0, 0xffffffffffffff7f, 0x368e, 0x2, {0xffffffff, 0x20000000010000}, 0x5, 0x6, 0xfffffffffffffffd, 0x47, 0x0, 0x9, 0x81, 0xffffffffffff628e, 0xa747, 0xdead, 0x804})
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D1\x00', 0x581402, 0x0)
r2 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000080), 0xc0402, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r2, 0xc0403d11, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
waitid$auto_P_ALL(0x0, 0x3b000, &(0x7f0000000280)={@siginfo_0_0={0x200, 0x0, 0x6, @_sigsys={&(0x7f00000000c0)="55eb8df319677f9aebf453b195011dc75b314a6a2de037085459dc03a1ad199752151699faea53575d94e9e2f930abeb4f1cd2fa58eef0e25b15baeca5f900c19f32e51de1ba99fb4f82871232b30000000000", 0x1000, 0x826}}}, 0x3, &(0x7f0000000300)={{0xda0000000000000, 0x969d}, {0x2, 0x6}, 0x8000000000000000, 0xa, 0x8, 0xd11c, 0xb871, 0x6, 0x9ffd, 0x81, 0x4, 0x1000000000f8c5, 0x1000, 0x81, 0xc, 0xd})
mmap$auto(0x0, 0x5, 0x3, 0x14, r2, 0x8000)
madvise$auto(0x0, 0x2003f2, 0x15)
madvise$auto(0x0, 0x200007, 0x1d)
pwrite64$auto(0xc8, 0x0, 0xfded, 0x6)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r3, &(0x7f00000003c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4G\x0f\xed\xc0D\xd6\xaf%\xa5\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xccT\fZq', 0x100000a3da)
close_range$auto(0x0, 0xfffffffffffff001, 0x2)
socket(0x11, 0x80003, 0x300)
socket(0x29, 0x5, 0x0)
open(&(0x7f0000000040)='./cgroup\x00', 0x80, 0xb5d1af1605322de0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x0, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
close_range$auto(0x2, 0x8, 0x0)

6.387889364s ago: executing program 1 (id=1931):
ioctl$auto_UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xa})
ioctl$auto_UI_DEV_CREATE(0xffffffffffffffff, 0x5501, 0x0)
ioctl$auto_UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r0 = socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
io_uring_setup$auto(0xf0, &(0x7f0000000180)={0x6, 0x18, 0xd64, 0xc852, 0x6, 0x7, r0, [0x1, 0x401, 0x1000], {0x7, 0x5, 0x1, 0x4, 0x95, 0xf4c, 0x7fff, 0xfffffffb, 0x65f29f6d}, {0x3, 0xadc, 0x10000, 0x0, 0x5, 0xffffffff, 0x1000, 0x54f, 0x5}})
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
close_range$auto(0x2, 0xa, 0x0)
socket(0xa, 0x2, 0x0)
r1 = socket(0xa, 0x3, 0xff)
connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
write$auto_proc_mem_operations_base(0xffffffffffffffff, 0x0, 0x0)
syz_clone3(0x0, 0x0)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000)
syz_clone(0x1002000, 0x0, 0x0, 0x0, 0x0, 0x0)
futex_wake$auto(0x0, 0x5, 0x4, 0xa)
futex_wake$auto(&(0x7f0000000000), 0xfffffffffffffff8, 0xfff, 0x7f)

6.259379249s ago: executing program 2 (id=1932):
openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x20904, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x29, 0x2, 0x0)
socket(0x10, 0x1, 0x8)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
sendmsg$auto_NL80211_CMD_DEL_MPATH(r0, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400c2c2", @ANYRES16=0x0, @ANYBLOB="000129bd7000fddbdf2518000000"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$auto(r0, 0x8922, 0x24)
socket(0x2c, 0x2, 0x2)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
connect$auto(0x3, 0x0, 0x55)
r1 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x22202, 0x0)
pread64$auto(r1, 0x0, 0x0, 0x9)
read$auto_mon_fops_text_t_mon_text(r1, 0x0, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0x0, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x1dfbdb30)
openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/2t\x00', 0xb00, 0x0)
r3 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
lseek$auto(r3, 0x5, 0x0)
r4 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sg1\x00', 0x646502, 0x0)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x100242, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram14\x00', 0x44ee02, 0x0)
fsconfig$auto_HIDEPID_NO_ACCESS(r4, 0x6, &(0x7f0000000280)='/dev/snd/midiC2D0\x00', &(0x7f00000002c0)="e74d92f191b485eaf56ee335d933ef7cbd3dbf36456cd078243f1b6e5160a9031e1c8af79af3cbea78a1ff5ba6afae2a91b9d2df1482c6432d26fb20f6ec7137643c7ffdfa3a94019487165a574501a05f40ac9d574a1b8f9d67febe6f6913071e923fbaa138e157790feedaf9c0e90db128174544136ea20dc18d2f1bba543dafdaa7cd7ac8d94f7427870702d4654f3002c9d38a015f34edd563d6f16fde3ef35831ac801174487a", 0x1)

5.396283054s ago: executing program 1 (id=1933):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x5, 0x4, 0x7)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x42800, 0x0)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x22002, 0x0)
r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/mem\x00', 0x200, 0x0)
read$auto_proc_mem_operations_base(r0, &(0x7f0000000200)=""/81, 0x51)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r1 = socket(0x2, 0x80002, 0x73)
r2 = io_uring_setup$auto(0x406, 0x0)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, 0x0, 0x80)
getrandom$auto(0x0, 0x6000000, 0x3)
io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46)
io_uring_enter$auto(r2, 0x7, 0x7ffffffb, 0x3, 0x0, 0x3)
move_pages$auto(0x0, 0xa, 0x0, 0x0, 0x0, 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_GET_RADIO(r3, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={0x0}, 0x1, 0x0, 0x0, 0x884}, 0x8020)
acct$auto(&(0x7f0000000180)=':.\xf8}/\x00')
ioctl$auto_IOCTL_VMCI_DATAGRAM_SEND(r2, 0x7ab, 0x0)
io_uring_enter$auto(0x3, 0x5, 0x5f3, 0x3, 0x0, 0x2)
write$auto(0x3, 0x0, 0x70)

5.396160429s ago: executing program 4 (id=1934):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0)
mmap$auto(0x8, 0x810004, 0x400000000ffb, 0x8000000008011, r0, 0x8000)
close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002)
r1 = socket(0xa, 0x2, 0x73)
sendto$auto(r1, 0x0, 0x4, 0xfffffffe, 0x0, 0x1c)
mq_open$auto(&(0x7f0000000280)='\x03\x00\x94\xdb{\xa5\x81@\xbfIqz\xf3?\xbd\xb4\vJ\xf1:+\xe3\xbc5\xf53\xac^MM\xd3\xb1Ql\xb2\x97wq\xa1\xe3', 0x60d6, 0x1, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/shmem_enabled\x00', 0xc8002, 0x0)
writev$auto(r3, &(0x7f0000000080)={0x0, 0x9}, 0x4)
socket(0x2, 0x80002, 0x73)
r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0)
ioctl$auto_TIOCCONS2(r4, 0x541d, 0x0)
ioctl$auto_TIOCVHANGUP2(r4, 0x5437, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0x200000000ebe, 0x401, 0x1)
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x6, 0x4)
read$auto(0xffffffffffffffff, 0x0, 0x7fff)
openat$auto_kernel_debug_fops_orangefs_debugfs(0xffffffffffffff9c, 0x0, 0x200e01, 0x0)
prctl$auto(0x23, 0x40, 0x7fffffffefff, 0x0, 0x0)
syz_open_procfs$namespace(0x0, 0x0)
socket(0x2, 0xa, 0x1)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x0, 0x0)
ioctl$auto(0x1, 0x890c, 0x8)

5.126238389s ago: executing program 4 (id=1935):
mkdir$auto(&(0x7f0000004440)='./file0\x00', 0x1)
socket(0x28, 0x5, 0x0)
mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socket(0x26, 0x6, 0x0)
unshare$auto(0x40000080)
futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005)
r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0)
ioctl$auto_BLKPG2(r0, 0x1269, 0x0)
mmap$auto(0x0, 0x8000, 0x3, 0xeb1, 0xfffffffffffffffa, 0x10000000008000)
r1 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000980), 0x102001, 0x0)
unshare$auto(0x1)
pwrite64$auto(r1, 0x0, 0x2, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0)
ioctl$auto_MEMGETINFO(r0, 0x80204d01, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
set_mempolicy$auto(0x2005, &(0x7f0000000080)=0x87e, 0x4)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x4000804)
lstat$auto(0x0, &(0x7f0000000180)={0xd, 0x2, 0x100000001, 0x2, 0x0, 0x0, 0x0, 0xfa9a, 0x8, 0x7fffffffffffffff, 0x8000000004, 0x100000007fffffff, 0x8000000005, 0x0, 0x7, 0x4, 0x3})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, &(0x7f0000000040)={'bridge0\x00'})
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/bus/pci/rescan\x00', 0x20681, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000200)='5', 0x1)
move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2)
setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d)
mount$auto(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='xfs\x00', 0x5, 0x0)

4.324946749s ago: executing program 1 (id=1936):
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xf, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x6, 0x5, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc]}, 0x1fe, 0x81)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = socket(0x15, 0x5, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0)
sendmsg$auto(r0, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0)
prctl$auto(0x59616d61, 0xffffffffffffffff, 0x1, 0x1004, 0xfffffffffffffffb)
connect$auto(0x3, 0x0, 0x54)
socket(0x2, 0x3, 0xa)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
ioctl$auto(0x3, 0x89e1, 0x91)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
eventfd$auto(0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0)
mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x403, 0x8000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x80044942, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008)

3.95423074s ago: executing program 2 (id=1937):
socket(0xa, 0x2, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
r0 = socket(0xa, 0x5, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54)
getsockopt$auto(r0, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0)
setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90)
r1 = socket(0x2, 0x1, 0x106)
getsockopt$auto_SO_BINDTOIFINDEX(r1, 0x1, 0x3e, &(0x7f0000000080)='/dev/audio1\x00', &(0x7f00000000c0)=0x8)
open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0)
bpf$auto(0x0, 0x0, 0x6f3)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x8, 0x0, 0x7, 0x0, 0xfffffffffffffffd, 0x200}, 0x5}, 0x3, 0x4, 0x0)
poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x7ff, 0x200}, 0x100, 0x6)
mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='nfs4\x00', 0x200, &(0x7f00000001c0))
r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000100), 0x8040, 0x0)
io_uring_setup$auto(0x9, 0x0)
ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x403c6f2b, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
acct$auto(&(0x7f0000000380)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/fo\"mat\x00')
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, 0x0, 0x4048000)

3.842497446s ago: executing program 1 (id=1938):
r0 = socket(0x2, 0x2, 0x88)
readv$auto(0x3, &(0x7f0000000600)={0x0, 0xfdf3}, 0x1da)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
read$auto(0xffffffffffffffff, 0x0, 0x20)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
read$auto_fops_x64_ro_(0xffffffffffffffff, &(0x7f00000001c0)=""/42, 0x2a)
signalfd$auto(r1, &(0x7f00000003c0)={0x31e}, 0xb071)
madvise$auto(0x0, 0x200007, 0x19)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x0, 0x200, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x44000)
mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xffffffffffffffff, 0x8000)
write$auto(r1, 0x0, 0x5)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x4015)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0)
pread64$auto(r2, 0x0, 0x80000000008, 0x8000)

3.690546732s ago: executing program 4 (id=1939):
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = clone3$auto(&(0x7f0000000040)={0x43, 0x4, 0xa5e7, 0x10000, 0x1, 0x8000000000000000, 0x10, 0x5, 0xf, 0x1ff, 0x5185}, 0x1)
prctl$auto(0x3e, 0x1, r1, 0x1, 0x0)
setresuid$auto(0xffffffffffffffff, 0x0, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x123002, 0x0)
ioctl$auto_SNDCTL_DSP_GETBLKSIZE(r2, 0xc0045004, &(0x7f0000000000))
mmap$auto(0x0, 0x2020009, 0x3, 0xebf, 0xfffffffffffffffa, 0x80000001)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
madvise$auto(0xfffffffffffffffe, 0x240007, 0x17)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
unshare$auto(0x40000080)
ioctl$auto_SNDCTL_DSP_PROFILE(r2, 0x40045017, &(0x7f0000000180)="d145d0e91274995474c3f52da5506c2b5db017d54aec541e9c8eb418c73025c7e03b9bc8e20791b4ce1c4f4db3f48f0246d00a9d3d16546f77c531039b9187bc82b91c8cc22987ceb2006b062985d7cbf928bad56be8db05e3504b3912e23aee4ea963405c575980c60b64308e6c636b5157dbd1380c04bc0614aa7382cb4ff3cdd5bc7f112690d8640b830c68706ff3f04a0846eb48e1be4eb2f5d0b03ef92d53705b83531f22fa6af3aa740b1a6904b64cf750f0c6971b55fab357bc236143ef33d74124d97b2eb796885d9c1c19c1069f21d7c046ad33c1aaeb31f469e0851bd9254c78ec81b894a2bb3a0b8627b485de483bc9523201b20c5b01")
r3 = prctl$auto_PR_SET_MM_END_DATA(0x223, 0x4, r1, 0x5, 0x9)
ioctl$auto_HPET_IRQFREQ(r3, 0x40086806, &(0x7f0000000280)=0x3)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r4, 0x4b72, r5)
madvise$auto(0x0, 0x2003f2, 0x15)
madvise$auto(0x0, 0x200007, 0x19)
rseq$auto(&(0x7f0000000340)={0xe, 0x401, 0x0, 0x806, 0xffffffff, 0x2}, 0x8000, 0x0, 0x8000006)
signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0)

3.389549912s ago: executing program 2 (id=1940):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00211459a600fbdbdf250200000008000300000000001b0004"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0)
futex_requeue$auto(&(0x7f0000000040)={0xb, 0x6, 0x2, 0x2000000}, 0x0, 0xf, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000)
r0 = socket(0x2, 0x2, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50)
r1 = io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x6, 0x2, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0xff, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x76c5, 0x400005, 0x100000005}})
ioctl$auto_EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0x0, r0, 0x2, 0x2, 0x1, 0x2})
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0)
sendmsg$auto_NL80211_CMD_SET_STATION(r0, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x110000}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="100026bd"], 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x40080c0)
pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00,\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x112)
statx$auto(r2, 0x0, 0xfffffffb, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYBLOB=' \x00'], 0x1ac}}, 0x40000)
r3 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4)
sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa507}, 0x800}, 0x7, 0x8)
r4 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0)
io_uring_setup$auto(0x9, 0x0)
ioctl$auto_dvb_demux_fops_dmxdev(r4, 0x403c6f2b, 0x0)

3.27043477s ago: executing program 0 (id=1941):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
madvise$auto(0x0, 0x2000040080000004, 0xe)
write$auto(r0, 0x0, 0x10007c)
setsockopt$auto(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x4)
r1 = gettid()
mmap$auto(0x4, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket(0xa, 0x1, 0x84)
io_uring_setup$auto(0x6, 0x0)
fanotify_init$auto(0x8000, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x1, 0x84)
sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @rand_addr=0x64010100}, 0x1c)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000018c0)=@ax25={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}}, 0x55)
setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
getrlimit$auto(0x8, 0x0)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
brk$auto(0xffffffffffffff66)
ioctl$auto_BLKZEROOUT(r2, 0x127f, 0x0)
kill$auto(r1, 0x7)
syz_clone3(&(0x7f0000000380)={0x4081080, 0x0, 0x0, 0x0, {0x37}, 0x0, 0x0, 0x0, 0x0}, 0x58)
socket$nl_generic(0x10, 0x3, 0x10)

2.822496269s ago: executing program 1 (id=1942):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r0 = socket(0x2, 0x1, 0x106)
bind$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x3, 0x4001}, 0x4006b)
mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000)
unshare$auto(0x40000080)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/conf/geneve0/disable_policy\x00', 0x40180, 0x0)
close_range$auto(0x2, 0x8, 0x0)
semctl$auto(0xa, 0x2, 0x13, 0xde)
r2 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9)
ioctl$auto_I2C_SMBUS(r2, 0x720, &(0x7f0000000080)="8ec40fd419ba7ea6214186c0a8f940989326669cebe4ae7665bd85eca41bd7b66dced4c378a423dd1fc256f984c0a71ff7")
recvmmsg$auto(0x3, 0x0, 0x80000401, 0x4000, 0x0)
write$auto(r1, 0x0, 0x5)
r3 = socket(0x11, 0xa, 0x9)
bind$auto(r3, &(0x7f0000000140)=@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x38}}, 0x9)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
sendmsg$auto_OVS_FLOW_CMD_SET(r2, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x10)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socket(0x2b, 0x1, 0x0)
listen$auto(0x3, 0x81)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007)

2.326812845s ago: executing program 2 (id=1943):
unshare$auto(0x40000080)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
listen$auto(0x3, 0x81)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
r0 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/dynamic_events\x00', 0x181, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000680)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82902, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socketcall$auto(0xa, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0x10000000000402)
sendmmsg$auto(r0, &(0x7f00000002c0)={{0x0, 0x9, &(0x7f0000000080)={&(0x7f0000000180)="cb7978ababe605edf078e6f2726ae03e663c080c0d6c169eec931ca2ea579299bf44495b1fe078f2e9c5586ae69caa8135493b25428718974aeec4d6da187534e9", 0x1}, 0xfffffffffffffff7, 0x0, 0x5, 0x24b}, 0x800}, 0x8, 0xff)
ioctl$auto(0x3, 0xae41, r2)
ioctl$auto_KVM_GET_MSRS(r1, 0x4400ae8f, &(0x7f00000000c0)={0xdd})
ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0)

2.310022027s ago: executing program 0 (id=1944):
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000680)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82902, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = socketcall$auto(0xa, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0x10000000000402)
sendmmsg$auto(0xffffffffffffffff, &(0x7f00000002c0)={{0x0, 0x9, &(0x7f0000000080)={0x0, 0x1}, 0xfffffffffffffff7, 0x0, 0x5, 0x24b}, 0x800}, 0x8, 0xff)
ioctl$auto(0x3, 0xae41, r1)
ioctl$auto_KVM_GET_MSRS(r0, 0x4400ae8f, &(0x7f00000000c0)={0xdd})
ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0)

2.003341242s ago: executing program 4 (id=1945):
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
socket(0x2b, 0x1, 0x0)
listen$auto(0x3, 0x81)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0x5, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00')
socket(0x6, 0xa, 0x1)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x972, 0x0)
ioctl$auto(0x1, 0x890b, 0x8)
ioctl$auto(0x3, 0x8905, 0x38)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
madvise$auto(0x0, 0x240007, 0x19)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x24048084)
madvise$auto(0x0, 0x200007, 0x19)
userfaultfd$auto(0x1)
r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x981, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REMOVE(r2, 0xc0405519, &(0x7f00000001c0)={@raw=0xff, 0xd, 0x1, 0x7, "6c01404cf406ff7bc42f54d6a13914aed1dfa93db6d741e0214f63231859b35939f9c2c506589a74f233c35e", @raw=0x4})

1.893054132s ago: executing program 0 (id=1946):
socket(0xa, 0x1, 0x84)
connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x55)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
madvise$auto(0x0, 0x2000040080000004, 0xe)
unshare$auto(0x40000080)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/queues\x00', 0x20000, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000e80)=""/206, 0xce)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
ioctl$auto(0xffffffffffffffff, 0x90006441, 0xc35)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, 0x0)
write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x01\x00\xb6', 0x7f)
syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'})
select$auto(0x9, &(0x7f0000000340)={[0x8, 0x5, 0xffff, 0x9, 0xf55c, 0x4, 0x8, 0x1, 0x9, 0xfffffffffffffffd, 0xfffffffffffffff8, 0x2, 0x6, 0x89, 0x3, 0x5]}, &(0x7f00000003c0)={[0x101, 0x9a, 0x10, 0x4, 0x3, 0x1000000000009, 0x5, 0x223d, 0x10000, 0x3, 0x1000, 0x6, 0x4, 0x10000, 0x6, 0x10]}, &(0x7f0000000440)={[0xfffffffffffffff3, 0x8b0, 0x743b, 0x0, 0x10, 0x8, 0xffffffffffffffff, 0x6, 0x5f, 0x9, 0x6, 0x0, 0x401, 0x1, 0x9, 0x3]}, &(0x7f00000004c0)={0x7fff, 0x3})
pwrite64$auto(0xc8, &(0x7f00000001c0)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99?\x00/\x00\x00\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\x00^\x0fo\x84\xad\x83\x13\x82\xdfT\x916;CL\"\x81\x88\v\xae\xa9i8W\xe5\x00!\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2SZ\xf6\x8d\xdb\xcb\r\xcaN_\xa6h\xe2\xf9*w_\x84\xb8\x1aY>%:\xad9\xb8\x87\xfc\x85\x90\xfaB\xb6\xe3I\x18$\x1f\xc1YG\x94\xec\x82\xb7b[8n(\xd1Y\a\x04w\xd53\xce\xee\xdbw\xb0\xd4\xae\x0f\xce\x8e+\xaa\xcf\x86\xcd@~\xe0', 0xfded, 0x3)
r3 = syz_genetlink_get_family_id$auto_ethtool(0x0, r2)
sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40210}, 0xc, &(0x7f00000000c0)={&(0x7f00000006c0)={0x14, r3, 0x2, 0x70bd2a, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40004}, 0x20000080)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
listen$auto(0x3, 0x83)
accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd)

1.595578092s ago: executing program 2 (id=1947):
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0)
shmctl$auto_SHM_LOCK(0x2, 0xb, &(0x7f0000000180)={{0x9, 0xee01, 0xee01, 0x90b, 0x1, 0xdc66, 0xfff9}, 0xfffffff7, 0xffffffffffffffff, 0x20000001ff, 0xc74, @raw=0x3, @inferred, 0x8, 0x0, &(0x7f0000000000)="09c04e28946ab0e4cd5082fae10a675ec32b84ba20aabbb841b77ef33ee185a126dc3ba1ba44875f0090fab7d2a99db586778cf5490a52cca1170d079835189006ea08ee0eede456bb91d67d8c5edfb2098f3f5944b31c39eac924cd279d0a87d8734ff86874ad780848ff51e756a1741eef586bcad6002be2f1eca1f961f5371e9305a1ce0b923b7ea29f783495b7b297f2ba17587662f7dae6f076c5177e4d0e3757670f64292c5008bd44c74a", &(0x7f00000000c0)})
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r1 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
bpf$auto_BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)=@link_update={r0, @new_prog_fd=r1, 0xffffff15, @old_prog_fd=r2}, 0x5bc1adb6)
write$auto_fuse_dev_operations_fuse_i(r1, &(0x7f0000000440)="110000000100"/17, 0x11)
r3 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(r3, 0x40104d14, r3)
mmap$auto(0x3, 0x5, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000)
r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
r5 = gettid()
process_vm_writev$auto(r5, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)
r6 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc)
fallocate$auto(r6, 0x0, 0x7, 0x4cbd5d)
rename$auto(&(0x7f0000000480)='./file0\x00', &(0x7f0000000100)='./file1\x00')
rename$auto(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='./file0\x00')
write$auto(r4, &(0x7f0000000040)='//\xf2\x00', 0x80000000)
r7 = getpid()
process_vm_readv$auto(r7, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0)
getsid$auto(r7)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff)
ioctl$auto_BLKALIGNOFF(r4, 0x127a, 0x0)
fdatasync$auto(r4)
ioctl$auto_BLKTRACESTART2(r0, 0x1274, 0x0)

898.547356ms ago: executing program 0 (id=1948):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0x10000000000eb1, 0xfffffffffffffffa, 0x1000000000008004)
r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/pagemap\x00', 0x80240, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
fsconfig$auto_SHMEM_HUGE_FORCE(0xffffffffffffffff, 0x3, &(0x7f00000000c0)='\x00', &(0x7f0000000500), 0xfffffffffffffffe)
open$dir(0x0, 0x78f600, 0x0)
r1 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/ieee80211/phy0/netdev:wlan0/uapsd_queues\x00', 0x1242, 0x0)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/default/enhanced_dad\x00', 0x183000, 0x0)
read$auto(r2, 0x0, 0x1ff)
write$auto(r1, 0x0, 0x9)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/amidi2\x00', 0x40, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r3, 0xc0385720, 0x0)
fanotify_init$auto(0x8, 0x2000000000002)
r4 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64)
fchdir$auto(r4)
mkdir$auto(&(0x7f0000000040)='./cgroup\x00', 0x6)
rmdir$auto(&(0x7f0000000080)='./cgroup\x00')
setsockopt$auto_SO_PROTOCOL(r0, 0x4000000, 0x26, &(0x7f00000000c0)='/proc/self/pagemap\x00', 0x5)
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
ppoll$auto(0x0, 0x2, 0x0, 0x0, 0x8)
preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5)

602.249397ms ago: executing program 0 (id=1949):
r0 = socket(0x2, 0x2, 0x88)
readv$auto(0x3, &(0x7f0000000600)={0x0, 0xfdf3}, 0x1da)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
read$auto(0xffffffffffffffff, 0x0, 0x20)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
read$auto_fops_x64_ro_(0xffffffffffffffff, &(0x7f00000001c0)=""/42, 0x2a)
signalfd$auto(r1, &(0x7f00000003c0)={0x31e}, 0xb071)
madvise$auto(0x0, 0x200007, 0x19)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x44000)
mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xffffffffffffffff, 0x8000)
write$auto(r1, 0x0, 0x5)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x4015)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0)
pread64$auto(r2, 0x0, 0x80000000008, 0x8000)

0s ago: executing program 4 (id=1950):
r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000)
r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0)
recvmmsg$auto(0x3, 0x0, 0x1003f, 0x0, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5)
fchdir$auto(0xffffffffffffffff)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000)
mmap$auto(0x2, 0x202000d, 0x20003, 0xebe, 0xfffffffffffffffa, 0x8001)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/irq/5/affinity_hint\x00', 0x509001, 0x0)
pread64$auto(r1, 0x0, 0x800002, 0x26f)
msgctl$auto_IPC_RMID(0x4000005, 0x0, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x80011, 0x0)
write$auto_seq_oss_f_ops_seq_oss(r2, 0x0, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev7\x00', 0x141083, 0x0)
poll$auto(&(0x7f0000000080)={0x3, 0x1, 0x83e7}, 0x5, 0xb)
write$auto(0xffffffffffffffff, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
close_range$auto(0x2, 0xa, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000)

kernel console output (not intermixed with test programs):

pected subevent 0x01 length: 123 > 18
[  360.067641][ T5828] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  360.664855][ T5835] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  360.672431][ T5835] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  363.052700][T10331] netlink: 12 bytes leftover after parsing attributes in process `syz.1.757'.
[  363.421719][T10337] netlink: 'syz.0.758': attribute type 64 has an invalid length.
[  363.433789][T10337] netlink: 74 bytes leftover after parsing attributes in process `syz.0.758'.
[  364.099984][ T5835] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  364.107634][ T5835] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  364.375886][T10353] netlink: 12 bytes leftover after parsing attributes in process `syz.2.761'.
[  364.436452][T10352] netlink: 186 bytes leftover after parsing attributes in process `syz.1.762'.
[  366.696930][T10398] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  366.703682][T10398] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  366.711911][T10398] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  366.740062][T10398] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  366.748618][T10398] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  366.769479][T10398] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  366.777489][T10398] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  366.795152][T10398] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  366.806429][T10398] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  367.911578][ T5835] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  367.919919][ T5835] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff
[  368.473736][   T30] audit: type=1800 audit(1773242992.751:7): pid=10428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.774" name="dbroot" dev="configfs" ino=39259 res=0 errno=0
[  368.678771][T10428] tipc: Started in network mode
[  368.686867][T10428] tipc: Node identity ffffffff, cluster identity 4711
[  368.710146][T10428] tipc: Node number set to 4294967295
[  368.777570][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout
[  368.783756][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout
[  368.790861][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[  368.857088][ T5835] Bluetooth: hci4: command 0x0c1a tx timeout
[  369.281818][T10435] netlink: 12 bytes leftover after parsing attributes in process `syz.2.775'.
[  370.868181][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout
[  370.874331][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout
[  370.880474][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout
[  371.215549][ T5828] Bluetooth: hci3: unexpected event 0x18 length: 440 > 23
[  371.917329][T10488] netlink: 12 bytes leftover after parsing attributes in process `syz.1.783'.
[  372.663737][T10503] netlink: 12 bytes leftover after parsing attributes in process `syz.4.786'.
[  372.941384][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout
[  372.947434][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout
[  372.985105][T10514] futex_wake_op: syz.0.789 tries to shift op by -2048; fix this program
[  372.996328][T10514] futex_wake_op: syz.0.789 tries to shift op by -2048; fix this program
[  373.008434][T10514] 0x000000000001-0x000000020000 : ""
[  373.028759][T10514] ftl_cs: FTL header corrupt!
[  373.713438][T10526] netlink: 12 bytes leftover after parsing attributes in process `syz.2.791'.
[  374.172714][T10535] netlink: 12 bytes leftover after parsing attributes in process `syz.1.793'.
[  375.519411][T10557] netlink: 28 bytes leftover after parsing attributes in process `syz.0.797'.
[  375.691045][T10557] ipvlan1: entered promiscuous mode
[  375.697653][T10557] ipvlan1: entered allmulticast mode
[  375.704351][T10557] veth0_vlan: entered allmulticast mode
[  376.452813][T10573] netlink: 12 bytes leftover after parsing attributes in process `syz.2.801'.
[  377.236874][T10580] netlink: 12 bytes leftover after parsing attributes in process `syz.0.802'.
[  378.170076][ T5828] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  378.807267][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  378.814198][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  380.923524][T10669] netlink: 12 bytes leftover after parsing attributes in process `syz.4.816'.
[  381.444867][T10680] netlink: 12 bytes leftover after parsing attributes in process `syz.1.818'.
[  382.817152][T10703] netlink: 12 bytes leftover after parsing attributes in process `syz.4.822'.
[  383.821978][T10726] netlink: 12 bytes leftover after parsing attributes in process `syz.2.826'.
[  384.694615][T10739] binder: 10738:10739 ioctl c018620c 0 returned -1
[  387.971232][T10791] netlink: 12 bytes leftover after parsing attributes in process `syz.2.838'.
[  388.647677][ T5835] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  388.655269][ T5835] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  389.271259][T10820] netlink: 12 bytes leftover after parsing attributes in process `syz.2.843'.
[  389.685579][T10829] FAULT_INJECTION: forcing a failure.
[  389.685579][T10829] name failslab, interval 1, probability 0, space 0, times 0
[  389.783994][T10829] CPU: 1 UID: 0 PID: 10829 Comm: syz.4.845 Not tainted syzkaller #0 PREEMPT(full) 
[  389.784020][T10829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  389.784035][T10829] Call Trace:
[  389.784041][T10829]  <TASK>
[  389.784049][T10829]  dump_stack_lvl+0x100/0x190
[  389.784083][T10829]  should_fail_ex.cold+0x5/0xa
[  389.784123][T10829]  should_failslab+0xc2/0x120
[  389.784156][T10829]  kmem_cache_alloc_lru_noprof+0x80/0x6e0
[  389.784190][T10829]  ? sock_alloc_inode+0x25/0x1c0
[  389.784262][T10829]  ? __pfx_sock_alloc_inode+0x10/0x10
[  389.784284][T10829]  sock_alloc_inode+0x25/0x1c0
[  389.784305][T10829]  alloc_inode+0x68/0x250
[  389.784332][T10829]  sock_alloc+0x44/0x280
[  389.784350][T10829]  ? security_socket_create+0x7f/0x250
[  389.784438][T10829]  sock_create_lite+0x82/0x120
[  389.784460][T10829]  __netlink_kernel_create+0xbd/0x750
[  389.784528][T10829]  ? __pfx___netlink_kernel_create+0x10/0x10
[  389.784554][T10829]  uevent_net_init+0xf8/0x330
[  389.784578][T10829]  ? __pfx_uevent_net_init+0x10/0x10
[  389.784600][T10829]  ? __pfx_uevent_net_rcv+0x10/0x10
[  389.784623][T10829]  ? __kmalloc_noprof+0x320/0x850
[  389.784648][T10829]  ? __pfx_uevent_net_init+0x10/0x10
[  389.784669][T10829]  ops_init+0x1e2/0x5f0
[  389.784716][T10829]  setup_net+0x118/0x3a0
[  389.784736][T10829]  ? __pfx_setup_net+0x10/0x10
[  389.784753][T10829]  ? lockdep_init_map_type+0x5c/0x250
[  389.784774][T10829]  ? mutex_init_lockep+0x110/0x150
[  389.784798][T10829]  copy_net_ns+0x46f/0x7c0
[  389.784820][T10829]  create_new_namespaces+0x3ea/0xac0
[  389.784841][T10829]  unshare_nsproxy_namespaces+0xc3/0x1f0
[  389.784859][T10829]  ksys_unshare+0x473/0xad0
[  389.784889][T10829]  ? __pfx_ksys_unshare+0x10/0x10
[  389.784914][T10829]  __x64_sys_unshare+0x31/0x40
[  389.784936][T10829]  do_syscall_64+0x106/0xf80
[  389.785000][T10829]  ? clear_bhb_loop+0x40/0x90
[  389.785045][T10829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.785072][T10829] RIP: 0033:0x7f975f99c799
[  389.785095][T10829] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  389.785122][T10829] RSP: 002b:00007f97607c3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  389.785184][T10829] RAX: ffffffffffffffda RBX: 00007f975fc15fa0 RCX: 00007f975f99c799
[  389.785204][T10829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  389.785222][T10829] RBP: 00007f975fa32c99 R08: 0000000000000000 R09: 0000000000000000
[  389.785241][T10829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  389.785258][T10829] R13: 00007f975fc16038 R14: 00007f975fc15fa0 R15: 00007ffc90242268
[  389.785299][T10829]  </TASK>
[  389.785397][T10829] kobject_uevent: unable to create netlink socket!
[  392.085107][T10859] netlink: 12 bytes leftover after parsing attributes in process `syz.1.849'.
[  392.755028][   T30] audit: type=1800 audit(1773243017.019:8): pid=10881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.853" name="dbroot" dev="configfs" ino=42011 res=0 errno=0
[  393.304423][T10881] tipc: Started in network mode
[  393.325840][T10881] tipc: Node identity ffffffff, cluster identity 4711
[  393.355579][T10881] tipc: Node number set to 4294967295
[  395.458104][T10925] bridge0: port 3(team0) entered blocking state
[  395.573322][T10925] bridge0: port 3(team0) entered disabled state
[  395.783706][T10925] team0: entered allmulticast mode
[  395.789080][T10925] team_slave_0: entered allmulticast mode
[  395.864945][T10925] team_slave_1: entered allmulticast mode
[  395.898245][T10925] team0: entered promiscuous mode
[  395.909157][T10925] team_slave_0: entered promiscuous mode
[  395.921641][T10925] team_slave_1: entered promiscuous mode
[  396.044633][T10925] bridge0: port 3(team0) entered blocking state
[  396.051742][T10925] bridge0: port 3(team0) entered forwarding state
[  396.629606][T10944] netlink: 12 bytes leftover after parsing attributes in process `syz.1.863'.
[  398.602066][T10961] bond0: option slaves: interface -Âô does not exist!
[  401.075524][T10994] netlink: 12 bytes leftover after parsing attributes in process `syz.4.872'.
[  402.613932][   T30] audit: type=1800 audit(1773243026.854:9): pid=11029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.878" name="dbroot" dev="configfs" ino=43172 res=0 errno=0
[  403.156952][T11029] tipc: Started in network mode
[  403.161840][T11029] tipc: Node identity ffffffff, cluster identity 4711
[  403.178829][T11029] tipc: Node number set to 4294967295
[  403.931903][T11049] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint
[  405.693453][T11065] netlink: 12 bytes leftover after parsing attributes in process `syz.2.885'.
[  405.718616][T11072] bond0: option slaves: interface -Âô does not exist!
[  406.222619][T11084] futex_wake_op: syz.4.888 tries to shift op by -2048; fix this program
[  406.252370][T11084] futex_wake_op: syz.4.888 tries to shift op by -2048; fix this program
[  406.364631][T11084] 0x000000000001-0x000000020000 : ""
[  406.541061][T11084] ftl_cs: FTL header corrupt!
[  411.507766][ T5828] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  414.582749][T11224] netlink: 12 bytes leftover after parsing attributes in process `syz.0.912'.
[  414.974921][ T5835] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  415.671763][T11255] netlink: 12 bytes leftover after parsing attributes in process `syz.1.917'.
[  416.884750][T11267] netlink: 12 bytes leftover after parsing attributes in process `syz.2.919'.
[  417.962535][T11299] netlink: 12 bytes leftover after parsing attributes in process `syz.1.923'.
[  419.280916][ T5828] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  419.291959][ T5828] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  420.238242][T11342] netlink: 12 bytes leftover after parsing attributes in process `syz.1.931'.
[  421.263444][T11358] netlink: 12 bytes leftover after parsing attributes in process `syz.4.934'.
[  422.414901][T11376] netlink: 12 bytes leftover after parsing attributes in process `syz.2.937'.
[  425.828561][ T5828] block nbd0: Receive control failed (result -32)
[  426.013585][ T5828] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  426.021226][ T5828] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  426.472003][T11449] netlink: 12 bytes leftover after parsing attributes in process `syz.2.947'.
[  428.125542][T11470] netlink: 12 bytes leftover after parsing attributes in process `syz.1.951'.
[  432.241024][T11524] netlink: 12 bytes leftover after parsing attributes in process `syz.0.962'.
[  433.497642][T11547] netlink: 12 bytes leftover after parsing attributes in process `syz.0.967'.
[  438.933798][T11654] netlink: 12 bytes leftover after parsing attributes in process `syz.2.984'.
[  439.554083][ T5835] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  439.561975][ T5835] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  439.698669][T11667] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3)
[  440.256070][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  440.262919][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  443.120038][T11723] netlink: 12 bytes leftover after parsing attributes in process `syz.2.998'.
[  443.609780][T11732] binder: 11731:11732 ioctl c018620c 0 returned -1
[  445.393106][T11765] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1003'.
[  448.043491][T11815] blktrace: Concurrent blktraces are not allowed on loop2
[  450.784676][T11872] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1023'.
[  450.814575][T11867] FAULT_INJECTION: forcing a failure.
[  450.814575][T11867] name failslab, interval 1, probability 0, space 0, times 0
[  450.887961][T11867] CPU: 0 UID: 0 PID: 11867 Comm: syz.4.1024 Not tainted syzkaller #0 PREEMPT(full) 
[  450.887998][T11867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  450.888023][T11867] Call Trace:
[  450.888032][T11867]  <TASK>
[  450.888042][T11867]  dump_stack_lvl+0x100/0x190
[  450.888125][T11867]  should_fail_ex.cold+0x5/0xa
[  450.888175][T11867]  should_failslab+0xc2/0x120
[  450.888221][T11867]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  450.888273][T11867]  ? security_inode_alloc+0x3b/0x2c0
[  450.888406][T11867]  ? lockdep_init_map_type+0x5c/0x250
[  450.888462][T11867]  security_inode_alloc+0x3b/0x2c0
[  450.888505][T11867]  inode_init_always_gfp+0xced/0x1040
[  450.888547][T11867]  alloc_inode+0x8e/0x250
[  450.888584][T11867]  new_inode+0x22/0x1c0
[  450.888625][T11867]  hugetlbfs_get_inode+0x313/0x750
[  450.888681][T11867]  hugetlb_file_setup+0x3cc/0x5b0
[  450.888724][T11867]  newseg+0xabb/0xed0
[  450.888810][T11867]  ? __pfx_newseg+0x10/0x10
[  450.888841][T11867]  ? down_write+0x146/0x1f0
[  450.888941][T11867]  ? ksys_write+0x190/0x250
[  450.888973][T11867]  ? ksys_write+0x190/0x250
[  450.889006][T11867]  ipcget+0xee/0xf50
[  450.889062][T11867]  ? do_futex+0x192/0x350
[  450.889113][T11867]  ? __pfx_do_futex+0x10/0x10
[  450.889156][T11867]  ? __pfx_ipcget+0x10/0x10
[  450.889189][T11867]  ? __x64_sys_futex+0x34f/0x4d0
[  450.889222][T11867]  ? __x64_sys_futex+0x358/0x4d0
[  450.889265][T11867]  __x64_sys_shmget+0x13b/0x1b0
[  450.889298][T11867]  ? __pfx___x64_sys_shmget+0x10/0x10
[  450.889341][T11867]  do_syscall_64+0x106/0xf80
[  450.889374][T11867]  ? clear_bhb_loop+0x40/0x90
[  450.889416][T11867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.889445][T11867] RIP: 0033:0x7f975f99c799
[  450.889469][T11867] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  450.889496][T11867] RSP: 002b:00007f9760781028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d
[  450.889525][T11867] RAX: ffffffffffffffda RBX: 00007f975fc16180 RCX: 00007f975f99c799
[  450.889545][T11867] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000
[  450.889563][T11867] RBP: 00007f975fa32c99 R08: 0000000000000000 R09: 0000000000000000
[  450.889579][T11867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  450.889596][T11867] R13: 00007f975fc16218 R14: 00007f975fc16180 R15: 00007ffc90242268
[  450.889650][T11867]  </TASK>
[  451.198982][T11873] zswap: compressor  not available
[  452.160172][T11901] futex_wake_op: syz.2.1027 tries to shift op by -2048; fix this program
[  452.189206][T11901] futex_wake_op: syz.2.1027 tries to shift op by -2048; fix this program
[  452.223587][T11901] 0x000000000001-0x000000020000 : ""
[  452.343503][T11901] ftl_cs: FTL header corrupt!
[  452.465064][ T5828] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  452.538048][T11895] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1028'.
[  454.297507][T11922] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1031'.
[  457.557007][T11964] Invalid ELF header magic: != ELF
[  457.628308][T11964] FAULT_INJECTION: forcing a failure.
[  457.628308][T11964] name failslab, interval 1, probability 0, space 0, times 0
[  457.672610][T11964] CPU: 0 UID: 0 PID: 11964 Comm: syz.0.1039 Not tainted syzkaller #0 PREEMPT(full) 
[  457.672649][T11964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  457.672666][T11964] Call Trace:
[  457.672675][T11964]  <TASK>
[  457.672685][T11964]  dump_stack_lvl+0x100/0x190
[  457.672733][T11964]  should_fail_ex.cold+0x5/0xa
[  457.672765][T11964]  should_failslab+0xc2/0x120
[  457.672796][T11964]  __kvmalloc_node_noprof+0xfa/0xa00
[  457.672840][T11964]  ? file_tty_write.isra.0+0x64e/0x890
[  457.672994][T11964]  file_tty_write.isra.0+0x64e/0x890
[  457.673031][T11964]  ? security_file_permission+0x76/0x210
[  457.673071][T11964]  ? rw_verify_area+0xce/0x6d0
[  457.673115][T11964]  vfs_write+0x6ac/0x1070
[  457.673158][T11964]  ? __pfx_tty_write+0x10/0x10
[  457.673194][T11964]  ? __pfx_vfs_write+0x10/0x10
[  457.673233][T11964]  ? find_held_lock+0x2b/0x80
[  457.673283][T11964]  ksys_write+0x12a/0x250
[  457.673304][T11964]  ? __pfx_ksys_write+0x10/0x10
[  457.673337][T11964]  do_syscall_64+0x106/0xf80
[  457.673370][T11964]  ? clear_bhb_loop+0x40/0x90
[  457.673406][T11964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.673434][T11964] RIP: 0033:0x7f4aa179c799
[  457.673457][T11964] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  457.673483][T11964] RSP: 002b:00007f4aa2722028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  457.673509][T11964] RAX: ffffffffffffffda RBX: 00007f4aa1a15fa0 RCX: 00007f4aa179c799
[  457.673528][T11964] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003
[  457.673544][T11964] RBP: 00007f4aa1832c99 R08: 0000000000000000 R09: 0000000000000000
[  457.673560][T11964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  457.673577][T11964] R13: 00007f4aa1a16038 R14: 00007f4aa1a15fa0 R15: 00007ffcd6109408
[  457.673616][T11964]  </TASK>
[  459.530794][ T5828] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  459.538548][ T5828] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  462.745236][T12036] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1051'.
[  463.317744][T12053] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1055'.
[  468.007954][T12117] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3)
[  469.614547][ T5828] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  469.622509][ T5828] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  471.033596][T12192] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1079'.
[  474.786263][ T5828] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  474.797223][ T5828] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  474.807839][ T5828] CPU: 0 UID: 0 PID: 5828 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
[  474.807870][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  474.807889][ T5828] Workqueue: hci3 hci_rx_work
[  474.807928][ T5828] Call Trace:
[  474.807934][ T5828]  <TASK>
[  474.807941][ T5828]  dump_stack_lvl+0x100/0x190
[  474.807969][ T5828]  sysfs_warn_dup.cold+0x1c/0x28
[  474.807994][ T5828]  sysfs_create_dir_ns+0x24b/0x2b0
[  474.808023][ T5828]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  474.808041][ T5828]  ? find_held_lock+0x2b/0x80
[  474.808056][ T5828]  ? kobject_add_internal+0x25f/0x930
[  474.808083][ T5828]  ? kobject_add_internal+0x25f/0x930
[  474.808105][ T5828]  ? do_raw_spin_unlock+0x145/0x1e0
[  474.808129][ T5828]  kobject_add_internal+0x2c8/0x930
[  474.808154][ T5828]  kobject_add+0x16a/0x1e0
[  474.808174][ T5828]  ? __pfx_kobject_add+0x10/0x10
[  474.808193][ T5828]  ? class_to_subsys+0x10f/0x150
[  474.808223][ T5828]  ? kobject_put+0xb9/0x640
[  474.808240][ T5828]  ? _raw_spin_unlock+0x28/0x50
[  474.808261][ T5828]  device_add+0x294/0x1950
[  474.808276][ T5828]  ? __pfx_dev_set_name+0x10/0x10
[  474.808294][ T5828]  ? __pfx_device_add+0x10/0x10
[  474.808309][ T5828]  ? mgmt_send_event_skb+0x2fb/0x460
[  474.808332][ T5828]  hci_conn_add_sysfs+0x1a3/0x260
[  474.808353][ T5828]  le_conn_complete_evt+0x11cb/0x1f40
[  474.808375][ T5828]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  474.808389][ T5828]  ? __pfx_bt_warn+0x10/0x10
[  474.808418][ T5828]  hci_le_conn_complete_evt+0x23c/0x3a0
[  474.808434][ T5828]  ? skb_pull_data+0x15f/0x1e0
[  474.808474][ T5828]  hci_le_meta_evt+0x34a/0x5f0
[  474.808491][ T5828]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  474.808509][ T5828]  hci_event_packet+0x682/0x11c0
[  474.808526][ T5828]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  474.808543][ T5828]  ? __pfx_hci_event_packet+0x10/0x10
[  474.808561][ T5828]  ? kcov_remote_start+0x374/0x660
[  474.808581][ T5828]  ? lockdep_hardirqs_on+0x78/0x100
[  474.808603][ T5828]  hci_rx_work+0x451/0xfc0
[  474.808621][ T5828]  process_one_work+0x9d7/0x1920
[  474.808655][ T5828]  ? __pfx_process_one_work+0x10/0x10
[  474.808681][ T5828]  ? __pfx_hci_rx_work+0x10/0x10
[  474.808698][ T5828]  worker_thread+0x5da/0xe40
[  474.808723][ T5828]  ? __pfx_worker_thread+0x10/0x10
[  474.808744][ T5828]  ? kthread+0x13a/0x450
[  474.808761][ T5828]  ? __pfx_worker_thread+0x10/0x10
[  474.808783][ T5828]  kthread+0x370/0x450
[  474.808800][ T5828]  ? __pfx_kthread+0x10/0x10
[  474.808820][ T5828]  ret_from_fork+0x754/0xd80
[  474.808848][ T5828]  ? __pfx_ret_from_fork+0x10/0x10
[  474.808877][ T5828]  ? __switch_to+0x7b4/0x1120
[  474.808894][ T5828]  ? __pfx_kthread+0x10/0x10
[  474.808915][ T5828]  ret_from_fork_asm+0x1a/0x30
[  474.808942][ T5828]  </TASK>
[  474.808992][ T5828] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  475.100241][ T5828] Bluetooth: hci3: failed to register connection device
[  477.151358][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout
[  478.008515][ T5835] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  478.016336][ T5835] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  478.454365][ T5831] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  478.472013][ T5831] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  479.233746][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout
[  480.136339][T12358] FAULT_INJECTION: forcing a failure.
[  480.136339][T12358] name failslab, interval 1, probability 0, space 0, times 0
[  480.136380][T12358] CPU: 1 UID: 0 PID: 12358 Comm: syz.2.1111 Not tainted syzkaller #0 PREEMPT(full) 
[  480.136412][T12358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  480.136429][T12358] Call Trace:
[  480.136437][T12358]  <TASK>
[  480.136447][T12358]  dump_stack_lvl+0x100/0x190
[  480.136495][T12358]  should_fail_ex.cold+0x5/0xa
[  480.136529][T12358]  should_failslab+0xc2/0x120
[  480.136560][T12358]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  480.136601][T12358]  ? alloc_empty_file+0x55/0x1c0
[  480.136643][T12358]  alloc_empty_file+0x55/0x1c0
[  480.136676][T12358]  alloc_file_pseudo+0x13a/0x230
[  480.136712][T12358]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  480.136745][T12358]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  480.136797][T12358]  create_pipe_files+0x360/0x970
[  480.136830][T12358]  do_pipe2+0xbd/0x1e0
[  480.136858][T12358]  ? __pfx_do_pipe2+0x10/0x10
[  480.136900][T12358]  __x64_sys_pipe+0x33/0x50
[  480.136942][T12358]  do_syscall_64+0x106/0xf80
[  480.136977][T12358]  ? clear_bhb_loop+0x40/0x90
[  480.137013][T12358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.137042][T12358] RIP: 0033:0x7fb16f99c799
[  480.137066][T12358] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  480.137092][T12358] RSP: 002b:00007fb17086e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000016
[  480.137117][T12358] RAX: ffffffffffffffda RBX: 00007fb16fc16180 RCX: 00007fb16f99c799
[  480.137136][T12358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  480.137152][T12358] RBP: 00007fb16fa32c99 R08: 0000000000000000 R09: 0000000000000000
[  480.137168][T12358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  480.137184][T12358] R13: 00007fb16fc16218 R14: 00007fb16fc16180 R15: 00007ffd7132dbe8
[  480.137218][T12358]  </TASK>
[  481.491790][ T5831] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  481.499457][ T5831] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  484.745121][ T5831] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  484.752756][ T5831] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  486.714102][T12436] program syz.1.1125 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  492.391571][ T5831] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  492.399358][ T5831] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  494.546231][ T5831] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  494.556632][ T5831] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  496.144365][ T5828] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  496.152203][ T5828] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  501.060670][ T5831] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  501.068503][ T5831] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  501.727012][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  501.741724][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  503.339281][ T5828] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  503.349572][ T5828] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  505.375541][   T30] audit: type=1800 audit(1773243129.573:10): pid=12823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1192" name="dbroot" dev="configfs" ino=53705 res=0 errno=0
[  505.401708][ T5828] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  505.421245][ T5828] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[  505.435054][ T5828] CPU: 0 UID: 0 PID: 5828 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
[  505.435080][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  505.435091][ T5828] Workqueue: hci0 hci_rx_work
[  505.435112][ T5828] Call Trace:
[  505.435118][ T5828]  <TASK>
[  505.435125][ T5828]  dump_stack_lvl+0x100/0x190
[  505.435149][ T5828]  sysfs_warn_dup.cold+0x1c/0x28
[  505.435172][ T5828]  sysfs_create_dir_ns+0x24b/0x2b0
[  505.435194][ T5828]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  505.435219][ T5828]  ? find_held_lock+0x2b/0x80
[  505.435243][ T5828]  ? kobject_add_internal+0x25f/0x930
[  505.435280][ T5828]  ? kobject_add_internal+0x25f/0x930
[  505.435317][ T5828]  ? do_raw_spin_unlock+0x145/0x1e0
[  505.435354][ T5828]  kobject_add_internal+0x2c8/0x930
[  505.435396][ T5828]  kobject_add+0x16a/0x1e0
[  505.435432][ T5828]  ? __pfx_kobject_add+0x10/0x10
[  505.435467][ T5828]  ? class_to_subsys+0x10f/0x150
[  505.435499][ T5828]  ? kobject_put+0xb9/0x640
[  505.435539][ T5828]  ? _raw_spin_unlock+0x28/0x50
[  505.435576][ T5828]  device_add+0x294/0x1950
[  505.435604][ T5828]  ? __pfx_dev_set_name+0x10/0x10
[  505.435636][ T5828]  ? __pfx_device_add+0x10/0x10
[  505.435660][ T5828]  ? mgmt_send_event_skb+0x2fb/0x460
[  505.435682][ T5828]  hci_conn_add_sysfs+0x1a3/0x260
[  505.435700][ T5828]  le_conn_complete_evt+0x11cb/0x1f40
[  505.435721][ T5828]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  505.435736][ T5828]  ? __pfx_bt_warn+0x10/0x10
[  505.435758][ T5828]  hci_le_conn_complete_evt+0x23c/0x3a0
[  505.435774][ T5828]  ? skb_pull_data+0x15f/0x1e0
[  505.435800][ T5828]  hci_le_meta_evt+0x34a/0x5f0
[  505.435822][ T5828]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  505.435842][ T5828]  hci_event_packet+0x682/0x11c0
[  505.435858][ T5828]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  505.435876][ T5828]  ? __pfx_hci_event_packet+0x10/0x10
[  505.435894][ T5828]  ? kcov_remote_start+0x374/0x660
[  505.435909][ T5828]  ? lockdep_hardirqs_on+0x78/0x100
[  505.435932][ T5828]  hci_rx_work+0x451/0xfc0
[  505.435950][ T5828]  process_one_work+0x9d7/0x1920
[  505.435979][ T5828]  ? __pfx_process_one_work+0x10/0x10
[  505.436006][ T5828]  ? __pfx_hci_rx_work+0x10/0x10
[  505.436025][ T5828]  worker_thread+0x5da/0xe40
[  505.436051][ T5828]  ? __pfx_worker_thread+0x10/0x10
[  505.436071][ T5828]  ? kthread+0x13a/0x450
[  505.436089][ T5828]  ? __pfx_worker_thread+0x10/0x10
[  505.436108][ T5828]  kthread+0x370/0x450
[  505.436125][ T5828]  ? __pfx_kthread+0x10/0x10
[  505.436145][ T5828]  ret_from_fork+0x754/0xd80
[  505.436168][ T5828]  ? __pfx_ret_from_fork+0x10/0x10
[  505.436190][ T5828]  ? __switch_to+0x7b4/0x1120
[  505.436206][ T5828]  ? __pfx_kthread+0x10/0x10
[  505.436226][ T5828]  ret_from_fork_asm+0x1a/0x30
[  505.436252][ T5828]  </TASK>
[  505.735730][ T5828] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  505.766560][ T5828] Bluetooth: hci0: failed to register connection device
[  507.896791][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout
[  508.088415][T12864] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1199'.
[  508.196355][T12854] zswap: compressor  not available
[  509.967824][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[  511.932192][ T5831] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  511.940055][ T5831] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[  511.950506][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) 
[  511.950527][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  511.950539][ T5831] Workqueue: hci0 hci_rx_work
[  511.950558][ T5831] Call Trace:
[  511.950563][ T5831]  <TASK>
[  511.950569][ T5831]  dump_stack_lvl+0x100/0x190
[  511.950595][ T5831]  sysfs_warn_dup.cold+0x1c/0x28
[  511.950617][ T5831]  sysfs_create_dir_ns+0x24b/0x2b0
[  511.950639][ T5831]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  511.950658][ T5831]  ? find_held_lock+0x2b/0x80
[  511.950672][ T5831]  ? kobject_add_internal+0x25f/0x930
[  511.950693][ T5831]  ? kobject_add_internal+0x25f/0x930
[  511.950716][ T5831]  ? do_raw_spin_unlock+0x145/0x1e0
[  511.950739][ T5831]  kobject_add_internal+0x2c8/0x930
[  511.950769][ T5831]  kobject_add+0x16a/0x1e0
[  511.950790][ T5831]  ? __pfx_kobject_add+0x10/0x10
[  511.950810][ T5831]  ? class_to_subsys+0x10f/0x150
[  511.950830][ T5831]  ? kobject_put+0xb9/0x640
[  511.950847][ T5831]  ? _raw_spin_unlock+0x28/0x50
[  511.950868][ T5831]  device_add+0x294/0x1950
[  511.950882][ T5831]  ? __pfx_dev_set_name+0x10/0x10
[  511.950901][ T5831]  ? __pfx_device_add+0x10/0x10
[  511.950915][ T5831]  ? mgmt_send_event_skb+0x2fb/0x460
[  511.950936][ T5831]  hci_conn_add_sysfs+0x1a3/0x260
[  511.950955][ T5831]  le_conn_complete_evt+0x11cb/0x1f40
[  511.950976][ T5831]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  511.950989][ T5831]  ? __pfx_bt_warn+0x10/0x10
[  511.951022][ T5831]  hci_le_conn_complete_evt+0x23c/0x3a0
[  511.951040][ T5831]  ? skb_pull_data+0x15f/0x1e0
[  511.951065][ T5831]  hci_le_meta_evt+0x34a/0x5f0
[  511.951083][ T5831]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  511.951100][ T5831]  hci_event_packet+0x682/0x11c0
[  511.951116][ T5831]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  511.951134][ T5831]  ? __pfx_hci_event_packet+0x10/0x10
[  511.951152][ T5831]  ? kcov_remote_start+0x374/0x660
[  511.951167][ T5831]  ? lockdep_hardirqs_on+0x78/0x100
[  511.951188][ T5831]  hci_rx_work+0x451/0xfc0
[  511.951208][ T5831]  process_one_work+0x9d7/0x1920
[  511.951236][ T5831]  ? __pfx_process_one_work+0x10/0x10
[  511.951266][ T5831]  ? __pfx_hci_rx_work+0x10/0x10
[  511.951283][ T5831]  worker_thread+0x5da/0xe40
[  511.951311][ T5831]  ? kthread+0x13a/0x450
[  511.951328][ T5831]  ? __pfx_worker_thread+0x10/0x10
[  511.951347][ T5831]  kthread+0x370/0x450
[  511.951365][ T5831]  ? __pfx_kthread+0x10/0x10
[  511.951385][ T5831]  ret_from_fork+0x754/0xd80
[  511.951407][ T5831]  ? __pfx_ret_from_fork+0x10/0x10
[  511.951430][ T5831]  ? __switch_to+0x7b4/0x1120
[  511.951445][ T5831]  ? __pfx_kthread+0x10/0x10
[  511.951465][ T5831]  ret_from_fork_asm+0x1a/0x30
[  511.951491][ T5831]  </TASK>
[  511.951541][ T5831] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  512.238743][ T5831] Bluetooth: hci0: failed to register connection device
[  512.730664][ T5831] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  512.741005][ T5831] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0'
[  512.759033][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) 
[  512.759073][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  512.759100][ T5831] Workqueue: hci4 hci_rx_work
[  512.759132][ T5831] Call Trace:
[  512.759142][ T5831]  <TASK>
[  512.759152][ T5831]  dump_stack_lvl+0x100/0x190
[  512.759194][ T5831]  sysfs_warn_dup.cold+0x1c/0x28
[  512.759229][ T5831]  sysfs_create_dir_ns+0x24b/0x2b0
[  512.759264][ T5831]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  512.759298][ T5831]  ? find_held_lock+0x2b/0x80
[  512.759322][ T5831]  ? kobject_add_internal+0x25f/0x930
[  512.759359][ T5831]  ? kobject_add_internal+0x25f/0x930
[  512.759400][ T5831]  ? do_raw_spin_unlock+0x145/0x1e0
[  512.759438][ T5831]  kobject_add_internal+0x2c8/0x930
[  512.759487][ T5831]  kobject_add+0x16a/0x1e0
[  512.759526][ T5831]  ? __pfx_kobject_add+0x10/0x10
[  512.759557][ T5831]  ? class_to_subsys+0x10f/0x150
[  512.759592][ T5831]  ? kobject_put+0xb9/0x640
[  512.759626][ T5831]  ? _raw_spin_unlock+0x28/0x50
[  512.759667][ T5831]  device_add+0x294/0x1950
[  512.759696][ T5831]  ? __pfx_dev_set_name+0x10/0x10
[  512.759729][ T5831]  ? __pfx_device_add+0x10/0x10
[  512.759769][ T5831]  ? mgmt_send_event_skb+0x2fb/0x460
[  512.759811][ T5831]  hci_conn_add_sysfs+0x1a3/0x260
[  512.759844][ T5831]  le_conn_complete_evt+0x11cb/0x1f40
[  512.759879][ T5831]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  512.759903][ T5831]  ? __pfx_bt_warn+0x10/0x10
[  512.759941][ T5831]  hci_le_conn_complete_evt+0x23c/0x3a0
[  512.759970][ T5831]  ? skb_pull_data+0x15f/0x1e0
[  512.760018][ T5831]  hci_le_meta_evt+0x34a/0x5f0
[  512.760047][ T5831]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  512.760083][ T5831]  hci_event_packet+0x682/0x11c0
[  512.760113][ T5831]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  512.760144][ T5831]  ? __pfx_hci_event_packet+0x10/0x10
[  512.760177][ T5831]  ? kcov_remote_start+0x374/0x660
[  512.760204][ T5831]  ? lockdep_hardirqs_on+0x78/0x100
[  512.760248][ T5831]  hci_rx_work+0x451/0xfc0
[  512.760281][ T5831]  process_one_work+0x9d7/0x1920
[  512.760338][ T5831]  ? __pfx_process_one_work+0x10/0x10
[  512.760389][ T5831]  ? __pfx_hci_rx_work+0x10/0x10
[  512.760422][ T5831]  worker_thread+0x5da/0xe40
[  512.760477][ T5831]  ? kthread+0x13a/0x450
[  512.760511][ T5831]  ? __pfx_worker_thread+0x10/0x10
[  512.760548][ T5831]  kthread+0x370/0x450
[  512.760582][ T5831]  ? __pfx_kthread+0x10/0x10
[  512.760621][ T5831]  ret_from_fork+0x754/0xd80
[  512.760671][ T5831]  ? __pfx_ret_from_fork+0x10/0x10
[  512.760716][ T5831]  ? __switch_to+0x7b4/0x1120
[  512.760747][ T5831]  ? __pfx_kthread+0x10/0x10
[  512.760798][ T5831]  ret_from_fork_asm+0x1a/0x30
[  512.760850][ T5831]  </TASK>
[  512.763743][ T5831] kobject: kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  513.042491][ T5831] Bluetooth: hci4: failed to register connection device
[  514.624005][T12966] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  515.110390][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[  515.449414][T12960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1215'.
[  517.174149][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[  519.301365][ T5828] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  519.309277][ T5828] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0'
[  519.323412][ T5828] CPU: 0 UID: 0 PID: 5828 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
[  519.323450][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  519.323467][ T5828] Workqueue: hci4 hci_rx_work
[  519.323500][ T5828] Call Trace:
[  519.323509][ T5828]  <TASK>
[  519.323520][ T5828]  dump_stack_lvl+0x100/0x190
[  519.323567][ T5828]  sysfs_warn_dup.cold+0x1c/0x28
[  519.323607][ T5828]  sysfs_create_dir_ns+0x24b/0x2b0
[  519.323648][ T5828]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  519.323686][ T5828]  ? find_held_lock+0x2b/0x80
[  519.323714][ T5828]  ? kobject_add_internal+0x25f/0x930
[  519.323770][ T5828]  ? kobject_add_internal+0x25f/0x930
[  519.323814][ T5828]  ? do_raw_spin_unlock+0x145/0x1e0
[  519.323860][ T5828]  kobject_add_internal+0x2c8/0x930
[  519.323908][ T5828]  kobject_add+0x16a/0x1e0
[  519.323949][ T5828]  ? __pfx_kobject_add+0x10/0x10
[  519.323986][ T5828]  ? class_to_subsys+0x10f/0x150
[  519.324022][ T5828]  ? kobject_put+0xb9/0x640
[  519.324057][ T5828]  ? _raw_spin_unlock+0x28/0x50
[  519.324112][ T5828]  device_add+0x294/0x1950
[  519.324141][ T5828]  ? __pfx_dev_set_name+0x10/0x10
[  519.324176][ T5828]  ? __pfx_device_add+0x10/0x10
[  519.324206][ T5828]  ? mgmt_send_event_skb+0x2fb/0x460
[  519.324247][ T5828]  hci_conn_add_sysfs+0x1a3/0x260
[  519.324288][ T5828]  le_conn_complete_evt+0x11cb/0x1f40
[  519.324327][ T5828]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  519.324355][ T5828]  ? __pfx_bt_warn+0x10/0x10
[  519.324397][ T5828]  hci_le_conn_complete_evt+0x23c/0x3a0
[  519.324425][ T5828]  ? skb_pull_data+0x15f/0x1e0
[  519.324469][ T5828]  hci_le_meta_evt+0x34a/0x5f0
[  519.324503][ T5828]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  519.324540][ T5828]  hci_event_packet+0x682/0x11c0
[  519.324567][ T5828]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  519.324601][ T5828]  ? __pfx_hci_event_packet+0x10/0x10
[  519.324633][ T5828]  ? kcov_remote_start+0x374/0x660
[  519.324660][ T5828]  ? lockdep_hardirqs_on+0x78/0x100
[  519.324703][ T5828]  hci_rx_work+0x451/0xfc0
[  519.324740][ T5828]  process_one_work+0x9d7/0x1920
[  519.324797][ T5828]  ? __pfx_process_one_work+0x10/0x10
[  519.324849][ T5828]  ? __pfx_hci_rx_work+0x10/0x10
[  519.324882][ T5828]  worker_thread+0x5da/0xe40
[  519.324931][ T5828]  ? __pfx_worker_thread+0x10/0x10
[  519.324973][ T5828]  ? kthread+0x13a/0x450
[  519.325006][ T5828]  ? __pfx_worker_thread+0x10/0x10
[  519.325044][ T5828]  kthread+0x370/0x450
[  519.325079][ T5828]  ? __pfx_kthread+0x10/0x10
[  519.325131][ T5828]  ret_from_fork+0x754/0xd80
[  519.325184][ T5828]  ? __pfx_ret_from_fork+0x10/0x10
[  519.325231][ T5828]  ? __switch_to+0x7b4/0x1120
[  519.325262][ T5828]  ? __pfx_kthread+0x10/0x10
[  519.325302][ T5828]  ret_from_fork_asm+0x1a/0x30
[  519.325353][ T5828]  </TASK>
[  519.325524][ T5828] kobject: kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  519.620202][ T5828] Bluetooth: hci4: failed to register connection device
[  520.353294][T13053] FAULT_INJECTION: forcing a failure.
[  520.353294][T13053] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  520.382826][T13053] CPU: 0 UID: 0 PID: 13053 Comm: syz.4.1231 Not tainted syzkaller #0 PREEMPT(full) 
[  520.382871][T13053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  520.382887][T13053] Call Trace:
[  520.382897][T13053]  <TASK>
[  520.382908][T13053]  dump_stack_lvl+0x100/0x190
[  520.382955][T13053]  should_fail_ex.cold+0x5/0xa
[  520.383014][T13053]  _copy_from_user+0x2e/0xd0
[  520.383139][T13053]  snd_pcm_oss_write2+0x1c2/0x400
[  520.383261][T13053]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  520.383311][T13053]  snd_pcm_oss_write+0x729/0xa30
[  520.383339][T13053]  ? security_file_permission+0x76/0x210
[  520.383376][T13053]  vfs_write+0x2aa/0x1070
[  520.383421][T13053]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  520.383455][T13053]  ? __pfx_vfs_write+0x10/0x10
[  520.383494][T13053]  ? find_held_lock+0x2b/0x80
[  520.383518][T13053]  ? __fget_files+0x215/0x3d0
[  520.383542][T13053]  ? __fget_files+0x215/0x3d0
[  520.383574][T13053]  ? __fget_files+0x21f/0x3d0
[  520.383613][T13053]  ksys_write+0x12a/0x250
[  520.383639][T13053]  ? __pfx_ksys_write+0x10/0x10
[  520.383678][T13053]  do_syscall_64+0x106/0xf80
[  520.383713][T13053]  ? clear_bhb_loop+0x40/0x90
[  520.383750][T13053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  520.383781][T13053] RIP: 0033:0x7f975f99c799
[  520.383805][T13053] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  520.383830][T13053] RSP: 002b:00007f975d7f4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  520.383856][T13053] RAX: ffffffffffffffda RBX: 00007f975fc16270 RCX: 00007f975f99c799
[  520.383874][T13053] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003
[  520.383891][T13053] RBP: 00007f975fa32c99 R08: 0000000000000000 R09: 0000000000000000
[  520.383906][T13053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  520.383924][T13053] R13: 00007f975fc16308 R14: 00007f975fc16270 R15: 00007ffc90242268
[  520.383964][T13053]  </TASK>
[  522.457867][T13072] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1234'.
[  525.653678][ T5831] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  525.666682][ T5831] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  529.355004][T13203] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  530.674762][T13222] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed
[  530.684008][T13222] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff)
[  535.095550][T13298] Invalid ELF header magic: != ELF
[  535.340498][T13276] program syz.4.1271 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  535.362204][T13308] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78002
[  535.446382][T13308] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  535.480370][T13308] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  535.509925][T13308] page_type: f5(slab)
[  535.527003][T13308] raw: 00fff00000000040 ffff88813fe54c80 dead000000000100 dead000000000122
[  535.596689][T13308] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[  535.682737][T13308] head: 00fff00000000040 ffff88813fe54c80 dead000000000100 dead000000000122
[  535.782700][T13308] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[  535.887392][T13308] head: 00fff00000000001 ffffea0001e00081 00000000ffffffff 00000000ffffffff
[  535.955514][T13308] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  536.020597][T13308] page dumped because: unmovable page
[  536.089225][T13308] page_owner tracks the page as allocated
[  536.108342][T13308] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5326, tgid 5326 (v4l_id), ts 40207223444, free_ts 26264898864
[  536.194769][T13308]  post_alloc_hook+0x153/0x170
[  536.199682][T13308]  get_page_from_freelist+0x111d/0x3140
[  536.301358][T13308]  __alloc_frozen_pages_noprof+0x27c/0x2ba0
[  536.393149][T13308]  new_slab+0xa6/0x6c0
[  536.397368][T13308]  refill_objects+0x26b/0x400
[  536.446000][T13308]  __prefill_sheaf_pfmemalloc+0x5f/0xb0
[  536.460869][T13308]  kmem_cache_prefill_sheaf+0x1ba/0x4c0
[  536.472411][T13308]  mas_alloc_nodes+0x2c3/0x390
[  536.484009][T13308]  mas_preallocate+0x39c/0xf10
[  536.488868][T13308]  __split_vma+0x33d/0xd90
[  536.522182][T13308]  vma_modify+0x1121/0x2250
[  536.530805][T13308]  vma_modify_flags+0x257/0x3d0
[  536.556252][T13308]  mprotect_fixup+0x209/0xb70
[  536.628712][T13308]  do_mprotect_pkey+0x9e1/0xe70
[  536.649754][T13308]  __x64_sys_mprotect+0x78/0xc0
[  536.665046][T13308]  do_syscall_64+0x106/0xf80
[  536.669752][T13308] page last free pid 1 tgid 1 stack trace:
[  536.702975][T13308]  __free_frozen_pages+0x7e1/0x10d0
[  536.741042][T13308]  free_contig_range+0xde/0x1d0
[  536.750983][T13308]  destroy_args+0xa8/0x7a0
[  536.755875][T13308]  debug_vm_pgtable+0x1b66/0x34c0
[  536.801023][T13308]  do_one_initcall+0x11d/0x760
[  536.805847][T13308]  kernel_init_freeable+0x6e5/0x7a0
[  536.846413][T13308]  kernel_init+0x1f/0x1e0
[  536.863762][T13308]  ret_from_fork+0x754/0xd80
[  536.878321][T13308]  ret_from_fork_asm+0x1a/0x30
[  537.554226][ T5828] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  537.562021][ T5828] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  537.571557][ T5828] CPU: 1 UID: 0 PID: 5828 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
[  537.571594][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  537.571612][ T5828] Workqueue: hci3 hci_rx_work
[  537.571642][ T5828] Call Trace:
[  537.571650][ T5828]  <TASK>
[  537.571660][ T5828]  dump_stack_lvl+0x100/0x190
[  537.571703][ T5828]  sysfs_warn_dup.cold+0x1c/0x28
[  537.571740][ T5828]  sysfs_create_dir_ns+0x24b/0x2b0
[  537.571779][ T5828]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  537.571811][ T5828]  ? find_held_lock+0x2b/0x80
[  537.571836][ T5828]  ? kobject_add_internal+0x25f/0x930
[  537.571874][ T5828]  ? kobject_add_internal+0x25f/0x930
[  537.571914][ T5828]  ? do_raw_spin_unlock+0x145/0x1e0
[  537.571956][ T5828]  kobject_add_internal+0x2c8/0x930
[  537.572002][ T5828]  kobject_add+0x16a/0x1e0
[  537.572040][ T5828]  ? __pfx_kobject_add+0x10/0x10
[  537.572077][ T5828]  ? class_to_subsys+0x10f/0x150
[  537.572113][ T5828]  ? kobject_put+0xb9/0x640
[  537.572145][ T5828]  ? _raw_spin_unlock+0x28/0x50
[  537.572186][ T5828]  device_add+0x294/0x1950
[  537.572211][ T5828]  ? __pfx_dev_set_name+0x10/0x10
[  537.572242][ T5828]  ? __pfx_device_add+0x10/0x10
[  537.572264][ T5828]  ? mgmt_send_event_skb+0x2fb/0x460
[  537.572302][ T5828]  hci_conn_add_sysfs+0x1a3/0x260
[  537.572334][ T5828]  le_conn_complete_evt+0x11cb/0x1f40
[  537.572373][ T5828]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  537.572399][ T5828]  ? __pfx_bt_warn+0x10/0x10
[  537.572449][ T5828]  hci_le_conn_complete_evt+0x23c/0x3a0
[  537.572479][ T5828]  ? skb_pull_data+0x15f/0x1e0
[  537.572524][ T5828]  hci_le_meta_evt+0x34a/0x5f0
[  537.572554][ T5828]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  537.572587][ T5828]  hci_event_packet+0x682/0x11c0
[  537.572615][ T5828]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  537.572646][ T5828]  ? __pfx_hci_event_packet+0x10/0x10
[  537.572678][ T5828]  ? kcov_remote_start+0x374/0x660
[  537.572704][ T5828]  ? lockdep_hardirqs_on+0x78/0x100
[  537.572745][ T5828]  hci_rx_work+0x451/0xfc0
[  537.572781][ T5828]  process_one_work+0x9d7/0x1920
[  537.572835][ T5828]  ? __pfx_process_one_work+0x10/0x10
[  537.572884][ T5828]  ? __pfx_hci_rx_work+0x10/0x10
[  537.572914][ T5828]  worker_thread+0x5da/0xe40
[  537.572962][ T5828]  ? __pfx_worker_thread+0x10/0x10
[  537.573002][ T5828]  ? kthread+0x13a/0x450
[  537.573035][ T5828]  ? __pfx_worker_thread+0x10/0x10
[  537.573071][ T5828]  kthread+0x370/0x450
[  537.573105][ T5828]  ? __pfx_kthread+0x10/0x10
[  537.573140][ T5828]  ret_from_fork+0x754/0xd80
[  537.573182][ T5828]  ? __pfx_ret_from_fork+0x10/0x10
[  537.573225][ T5828]  ? __switch_to+0x7b4/0x1120
[  537.573255][ T5828]  ? __pfx_kthread+0x10/0x10
[  537.573292][ T5828]  ret_from_fork_asm+0x1a/0x30
[  537.573342][ T5828]  </TASK>
[  537.573374][ T5828] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  537.862830][ T5828] Bluetooth: hci3: failed to register connection device
[  538.417000][T13341] zswap: compressor û not available
[  538.573316][T13340] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1278'.
[  538.757246][T13353] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  544.468593][T13429] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1296'.
[  550.333412][T13542] random: crng reseeded on system resumption
[  550.700434][T13550] Console: switching to colour VGA+ 80x25
[  553.082394][T13558] program syz.0.1315 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  554.669331][T13620] bond0: invalid ARP target specified
[  554.757490][T13620] FAULT_INJECTION: forcing a failure.
[  554.757490][T13620] name fail_futex, interval 1, probability 0, space 0, times 1
[  554.804198][T13620] CPU: 0 UID: 0 PID: 13620 Comm: syz.1.1326 Not tainted syzkaller #0 PREEMPT(full) 
[  554.804248][T13620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  554.804265][T13620] Call Trace:
[  554.804275][T13620]  <TASK>
[  554.804286][T13620]  dump_stack_lvl+0x100/0x190
[  554.804336][T13620]  should_fail_ex.cold+0x5/0xa
[  554.804371][T13620]  get_futex_key+0x1d2/0x1620
[  554.804411][T13620]  ? __pfx_get_futex_key+0x10/0x10
[  554.804458][T13620]  futex_wake+0xea/0x530
[  554.804504][T13620]  ? __pfx_futex_wake+0x10/0x10
[  554.804548][T13620]  ? putname+0xb1/0x110
[  554.804575][T13620]  ? kmem_cache_free+0x124/0x6a0
[  554.804621][T13620]  do_futex+0x32b/0x350
[  554.804656][T13620]  ? __pfx_do_futex+0x10/0x10
[  554.804689][T13620]  ? __pfx_do_sys_openat2+0x10/0x10
[  554.804728][T13620]  ? vhost_vsock_dev_ioctl+0x2b4/0xb60
[  554.804862][T13620]  __x64_sys_futex+0x34f/0x4d0
[  554.804903][T13620]  ? __x64_sys_openat+0x12d/0x210
[  554.804941][T13620]  ? __pfx___x64_sys_futex+0x10/0x10
[  554.804993][T13620]  do_syscall_64+0x106/0xf80
[  554.805027][T13620]  ? clear_bhb_loop+0x40/0x90
[  554.805064][T13620]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.805095][T13620] RIP: 0033:0x7f77f999c799
[  554.805120][T13620] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  554.805148][T13620] RSP: 002b:00007f77fa81f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  554.805176][T13620] RAX: ffffffffffffffda RBX: 00007f77f9c15fa8 RCX: 00007f77f999c799
[  554.805196][T13620] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f77f9c15fac
[  554.805221][T13620] RBP: 00007f77f9c15fa0 R08: 0000000000000000 R09: 0000000000000000
[  554.805239][T13620] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000
[  554.805256][T13620] R13: 00007f77f9c16038 R14: 00007ffe87f033f0 R15: 00007ffe87f034d8
[  554.805296][T13620]  </TASK>
[  555.496840][T13617] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1325'.
[  555.932172][ T5828] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  555.939632][ T5828] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  558.772485][T13692] random: crng reseeded on system resumption
[  559.638986][T13706] FAULT_INJECTION: forcing a failure.
[  559.638986][T13706] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  559.662523][T13706] CPU: 1 UID: 0 PID: 13706 Comm: syz.1.1343 Not tainted syzkaller #0 PREEMPT(full) 
[  559.662563][T13706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  559.662579][T13706] Call Trace:
[  559.662588][T13706]  <TASK>
[  559.662599][T13706]  dump_stack_lvl+0x100/0x190
[  559.662646][T13706]  should_fail_ex.cold+0x5/0xa
[  559.662673][T13706]  _copy_from_user+0x2e/0xd0
[  559.662690][T13706]  snd_pcm_oss_write2+0x1c2/0x400
[  559.662718][T13706]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  559.662747][T13706]  snd_pcm_oss_write+0x729/0xa30
[  559.662764][T13706]  ? security_file_permission+0x76/0x210
[  559.662787][T13706]  vfs_write+0x2aa/0x1070
[  559.662811][T13706]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  559.662828][T13706]  ? __pfx_vfs_write+0x10/0x10
[  559.662848][T13706]  ? find_held_lock+0x2b/0x80
[  559.662862][T13706]  ? __fget_files+0x215/0x3d0
[  559.662876][T13706]  ? __fget_files+0x215/0x3d0
[  559.662892][T13706]  ? __fget_files+0x21f/0x3d0
[  559.662911][T13706]  ksys_write+0x12a/0x250
[  559.662924][T13706]  ? __pfx_ksys_write+0x10/0x10
[  559.662943][T13706]  do_syscall_64+0x106/0xf80
[  559.662962][T13706]  ? clear_bhb_loop+0x40/0x90
[  559.662981][T13706]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  559.662997][T13706] RIP: 0033:0x7f77f999c799
[  559.663011][T13706] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  559.663026][T13706] RSP: 002b:00007f77fa7bc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  559.663041][T13706] RAX: ffffffffffffffda RBX: 00007f77f9c16270 RCX: 00007f77f999c799
[  559.663051][T13706] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003
[  559.663059][T13706] RBP: 00007f77f9a32c99 R08: 0000000000000000 R09: 0000000000000000
[  559.663068][T13706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  559.663077][T13706] R13: 00007f77f9c16308 R14: 00007f77f9c16270 R15: 00007ffe87f034d8
[  559.663097][T13706]  </TASK>
[  563.201188][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  563.208994][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  564.034633][ T5828] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  564.042064][ T5828] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  565.623571][T13821] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  565.674197][T13821] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  567.585360][T13851] blktrace: Concurrent blktraces are not allowed on loop2
[  567.958540][T13844] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1367'.
[  569.646618][T13884] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  569.678376][T13884] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  571.105969][ T5828] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  571.113768][ T5828] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  571.874359][T13919] FAULT_INJECTION: forcing a failure.
[  571.874359][T13919] name failslab, interval 1, probability 0, space 0, times 0
[  571.998938][T13919] CPU: 1 UID: 0 PID: 13919 Comm: syz.1.1381 Not tainted syzkaller #0 PREEMPT(full) 
[  571.998962][T13919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  571.998973][T13919] Call Trace:
[  571.998978][T13919]  <TASK>
[  571.998984][T13919]  dump_stack_lvl+0x100/0x190
[  571.999013][T13919]  should_fail_ex.cold+0x5/0xa
[  571.999032][T13919]  should_failslab+0xc2/0x120
[  571.999047][T13919]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  571.999069][T13919]  ? __kernfs_new_node+0xd2/0x960
[  571.999091][T13919]  ? kstrdup+0xb3/0xe0
[  571.999138][T13919]  __kernfs_new_node+0xd2/0x960
[  571.999161][T13919]  ? __pfx___kernfs_new_node+0x10/0x10
[  571.999187][T13919]  ? find_held_lock+0x2b/0x80
[  571.999203][T13919]  ? kernfs_root+0xee/0x2a0
[  571.999223][T13919]  ? kernfs_root+0xee/0x2a0
[  571.999247][T13919]  kernfs_new_node+0x11b/0x1a0
[  571.999272][T13919]  __kernfs_create_file+0x53/0x350
[  571.999291][T13919]  cgroup_addrm_files+0x4d8/0xb90
[  571.999322][T13919]  ? __pfx_cgroup_addrm_files+0x10/0x10
[  571.999344][T13919]  ? __pfx___xa_store+0x10/0x10
[  571.999421][T13919]  ? do_raw_spin_unlock+0x145/0x1e0
[  571.999447][T13919]  css_populate_dir+0x161/0x590
[  571.999467][T13919]  cgroup_apply_control_enable+0x40a/0xbd0
[  571.999497][T13919]  cgroup_mkdir+0x57f/0x1330
[  571.999522][T13919]  ? __pfx_cgroup_mkdir+0x10/0x10
[  571.999546][T13919]  kernfs_iop_mkdir+0x111/0x190
[  571.999567][T13919]  ? bpf_lsm_inode_mkdir+0x9/0x10
[  571.999600][T13919]  vfs_mkdir+0x361/0x850
[  571.999623][T13919]  filename_mkdirat+0x48b/0x5e0
[  571.999642][T13919]  ? __pfx_filename_mkdirat+0x10/0x10
[  571.999659][T13919]  ? strncpy_from_user+0x19d/0x2d0
[  571.999725][T13919]  ? do_getname+0x191/0x390
[  571.999745][T13919]  __x64_sys_mkdir+0x6b/0x90
[  571.999763][T13919]  do_syscall_64+0x106/0xf80
[  571.999780][T13919]  ? clear_bhb_loop+0x40/0x90
[  571.999798][T13919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.999814][T13919] RIP: 0033:0x7f77f999c799
[  571.999827][T13919] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  571.999842][T13919] RSP: 002b:00007f77fa7dd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  571.999857][T13919] RAX: ffffffffffffffda RBX: 00007f77f9c16180 RCX: 00007f77f999c799
[  571.999868][T13919] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000
[  571.999877][T13919] RBP: 00007f77f9a32c99 R08: 0000000000000000 R09: 0000000000000000
[  571.999887][T13919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  571.999896][T13919] R13: 00007f77f9c16218 R14: 00007f77f9c16180 R15: 00007ffe87f034d8
[  571.999916][T13919]  </TASK>
[  572.000043][T13919] cgroup: cgroup_addrm_files: failed to add force_empty, err=-12
[  573.489938][T13932] FAULT_INJECTION: forcing a failure.
[  573.489938][T13932] name failslab, interval 1, probability 0, space 0, times 0
[  573.509421][T13932] CPU: 0 UID: 0 PID: 13932 Comm: syz.2.1385 Not tainted syzkaller #0 PREEMPT(full) 
[  573.509472][T13932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  573.509491][T13932] Call Trace:
[  573.509501][T13932]  <TASK>
[  573.509513][T13932]  dump_stack_lvl+0x100/0x190
[  573.509565][T13932]  should_fail_ex.cold+0x5/0xa
[  573.509599][T13932]  should_failslab+0xc2/0x120
[  573.509630][T13932]  __kmalloc_cache_noprof+0x7a/0x6f0
[  573.509668][T13932]  ? snd_pcm_attach_substream+0x451/0xd60
[  573.509791][T13932]  ? snd_ctl_get_preferred_subdevice+0x191/0x200
[  573.509876][T13932]  ? snd_pcm_open+0x25f/0x710
[  573.509940][T13932]  snd_pcm_attach_substream+0x451/0xd60
[  573.509984][T13932]  snd_pcm_open_substream+0x90/0x1850
[  573.510021][T13932]  ? __pfx_snd_pcm_open_substream+0x10/0x10
[  573.510058][T13932]  ? rcu_is_watching+0x12/0xc0
[  573.510115][T13932]  snd_pcm_open+0x2a3/0x710
[  573.510154][T13932]  ? __pfx_snd_pcm_open+0x10/0x10
[  573.510193][T13932]  ? __pfx_default_wake_function+0x10/0x10
[  573.510234][T13932]  ? __pfx_snd_pcm_capture_open+0x10/0x10
[  573.510268][T13932]  snd_pcm_capture_open+0x89/0xe0
[  573.510303][T13932]  snd_open+0x22d/0x4c0
[  573.510346][T13932]  ? __pfx_snd_open+0x10/0x10
[  573.510387][T13932]  chrdev_open+0x234/0x6a0
[  573.510417][T13932]  ? __pfx_chrdev_open+0x10/0x10
[  573.510458][T13932]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[  573.510504][T13932]  do_dentry_open+0x6d8/0x1660
[  573.510532][T13932]  ? __pfx_chrdev_open+0x10/0x10
[  573.510571][T13932]  vfs_open+0x82/0x3f0
[  573.510612][T13932]  path_openat+0x208c/0x31a0
[  573.510655][T13932]  ? __pfx_path_openat+0x10/0x10
[  573.510699][T13932]  do_file_open+0x20e/0x430
[  573.510731][T13932]  ? __pfx_do_file_open+0x10/0x10
[  573.510794][T13932]  ? alloc_fd+0x476/0x790
[  573.510826][T13932]  ? do_getname+0x191/0x390
[  573.510865][T13932]  do_sys_openat2+0x10d/0x1e0
[  573.510903][T13932]  ? __pfx_do_sys_openat2+0x10/0x10
[  573.510942][T13932]  ? __fget_files+0x21f/0x3d0
[  573.510977][T13932]  __x64_sys_openat+0x12d/0x210
[  573.511015][T13932]  ? __pfx___x64_sys_openat+0x10/0x10
[  573.511062][T13932]  do_syscall_64+0x106/0xf80
[  573.511095][T13932]  ? clear_bhb_loop+0x40/0x90
[  573.511131][T13932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.511158][T13932] RIP: 0033:0x7fb16f99c799
[  573.511182][T13932] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  573.511208][T13932] RSP: 002b:00007fb1708b0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  573.511234][T13932] RAX: ffffffffffffffda RBX: 00007fb16fc15fa0 RCX: 00007fb16f99c799
[  573.511252][T13932] RDX: 0000000000080042 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  573.511266][T13932] RBP: 00007fb16fa32c99 R08: 0000000000000000 R09: 0000000000000000
[  573.511283][T13932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  573.511303][T13932] R13: 00007fb16fc16038 R14: 00007fb16fc15fa0 R15: 00007ffd7132dbe8
[  573.511341][T13932]  </TASK>
[  574.368480][ T5828] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  574.376257][ T5828] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  574.832814][ T5828] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  574.840547][ T5828] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  576.147992][T13968] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1390'.
[  576.486510][T13982] FAULT_INJECTION: forcing a failure.
[  576.486510][T13982] name failslab, interval 1, probability 0, space 0, times 0
[  576.501854][T13982] CPU: 1 UID: 0 PID: 13982 Comm: syz.4.1392 Not tainted syzkaller #0 PREEMPT(full) 
[  576.501879][T13982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  576.501889][T13982] Call Trace:
[  576.501895][T13982]  <TASK>
[  576.501902][T13982]  dump_stack_lvl+0x100/0x190
[  576.501935][T13982]  should_fail_ex.cold+0x5/0xa
[  576.501966][T13982]  should_failslab+0xc2/0x120
[  576.501995][T13982]  __kmalloc_node_track_caller_noprof+0xe3/0x850
[  576.502042][T13982]  ? kstrdup_const+0x63/0x80
[  576.502073][T13982]  ? __pfx_string+0x10/0x10
[  576.502092][T13982]  kstrdup+0x51/0xe0
[  576.502114][T13982]  kstrdup_const+0x63/0x80
[  576.502136][T13982]  __kernfs_new_node+0x9b/0x960
[  576.502160][T13982]  ? __pfx___kernfs_new_node+0x10/0x10
[  576.502186][T13982]  ? find_held_lock+0x2b/0x80
[  576.502200][T13982]  ? kernfs_root+0xee/0x2a0
[  576.502221][T13982]  ? kernfs_root+0xee/0x2a0
[  576.502245][T13982]  kernfs_new_node+0x11b/0x1a0
[  576.502270][T13982]  __kernfs_create_file+0x53/0x350
[  576.502290][T13982]  cgroup_addrm_files+0x4d8/0xb90
[  576.502320][T13982]  ? __pfx_cgroup_addrm_files+0x10/0x10
[  576.502342][T13982]  ? __pfx___xa_store+0x10/0x10
[  576.502367][T13982]  ? do_raw_spin_unlock+0x145/0x1e0
[  576.502392][T13982]  css_populate_dir+0x161/0x590
[  576.502412][T13982]  cgroup_apply_control_enable+0x40a/0xbd0
[  576.502442][T13982]  cgroup_mkdir+0x57f/0x1330
[  576.502467][T13982]  ? __pfx_cgroup_mkdir+0x10/0x10
[  576.502490][T13982]  kernfs_iop_mkdir+0x111/0x190
[  576.502511][T13982]  ? bpf_lsm_inode_mkdir+0x9/0x10
[  576.502533][T13982]  vfs_mkdir+0x361/0x850
[  576.502556][T13982]  filename_mkdirat+0x48b/0x5e0
[  576.502575][T13982]  ? __pfx_filename_mkdirat+0x10/0x10
[  576.502591][T13982]  ? strncpy_from_user+0x19d/0x2d0
[  576.502617][T13982]  ? do_getname+0x191/0x390
[  576.502637][T13982]  __x64_sys_mkdir+0x6b/0x90
[  576.502653][T13982]  do_syscall_64+0x106/0xf80
[  576.502670][T13982]  ? clear_bhb_loop+0x40/0x90
[  576.502688][T13982]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  576.502704][T13982] RIP: 0033:0x7f975f99c799
[  576.502729][T13982] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  576.502744][T13982] RSP: 002b:00007f97607a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  576.502760][T13982] RAX: ffffffffffffffda RBX: 00007f975fc16090 RCX: 00007f975f99c799
[  576.502771][T13982] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000
[  576.502781][T13982] RBP: 00007f975fa32c99 R08: 0000000000000000 R09: 0000000000000000
[  576.502790][T13982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  576.502802][T13982] R13: 00007f975fc16128 R14: 00007f975fc16090 R15: 00007ffc90242268
[  576.502822][T13982]  </TASK>
[  576.502856][T13982] cgroup: cgroup_addrm_files: failed to add use_hierarchy, err=-12
[  580.537606][ T5828] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  580.546019][ T5828] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  580.814045][T14051] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  580.853324][T14051] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  581.331311][ T5828] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  581.340603][ T5828] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  583.678388][T14101] FAULT_INJECTION: forcing a failure.
[  583.678388][T14101] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  583.719479][T14101] CPU: 1 UID: 0 PID: 14101 Comm: syz.0.1411 Not tainted syzkaller #0 PREEMPT(full) 
[  583.719516][T14101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  583.719532][T14101] Call Trace:
[  583.719540][T14101]  <TASK>
[  583.719551][T14101]  dump_stack_lvl+0x100/0x190
[  583.719598][T14101]  should_fail_ex.cold+0x5/0xa
[  583.719631][T14101]  _copy_from_user+0x2e/0xd0
[  583.719659][T14101]  snd_pcm_oss_write2+0x1c2/0x400
[  583.719707][T14101]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  583.719758][T14101]  snd_pcm_oss_write+0x729/0xa30
[  583.719787][T14101]  ? security_file_permission+0x76/0x210
[  583.719824][T14101]  vfs_write+0x2aa/0x1070
[  583.719870][T14101]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  583.719899][T14101]  ? __pfx_vfs_write+0x10/0x10
[  583.719939][T14101]  ? find_held_lock+0x2b/0x80
[  583.719962][T14101]  ? __fget_files+0x215/0x3d0
[  583.719997][T14101]  ? __fget_files+0x215/0x3d0
[  583.720030][T14101]  ? __fget_files+0x21f/0x3d0
[  583.720066][T14101]  ksys_write+0x12a/0x250
[  583.720090][T14101]  ? __pfx_ksys_write+0x10/0x10
[  583.720126][T14101]  do_syscall_64+0x106/0xf80
[  583.720160][T14101]  ? clear_bhb_loop+0x40/0x90
[  583.720197][T14101]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.720227][T14101] RIP: 0033:0x7f4aa179c799
[  583.720251][T14101] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  583.720278][T14101] RSP: 002b:00007f4aa26bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  583.720301][T14101] RAX: ffffffffffffffda RBX: 00007f4aa1a16270 RCX: 00007f4aa179c799
[  583.720316][T14101] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003
[  583.720330][T14101] RBP: 00007f4aa1832c99 R08: 0000000000000000 R09: 0000000000000000
[  583.720344][T14101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  583.720356][T14101] R13: 00007f4aa1a16308 R14: 00007f4aa1a16270 R15: 00007ffcd6109408
[  583.720384][T14101]  </TASK>
[  584.163716][ T5828] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  584.174154][ T5828] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  584.932724][T14113] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  585.653677][ T5828] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  585.661398][ T5828] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  588.023242][ T5828] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  588.030856][ T5828] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  588.060149][T14149] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1423'.
[  589.671202][T14172] FAULT_INJECTION: forcing a failure.
[  589.671202][T14172] name failslab, interval 1, probability 0, space 0, times 0
[  589.794609][T14172] CPU: 0 UID: 0 PID: 14172 Comm: syz.4.1425 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  589.794655][T14172] Tainted: [L]=SOFTLOCKUP
[  589.794666][T14172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  589.794682][T14172] Call Trace:
[  589.794691][T14172]  <TASK>
[  589.794702][T14172]  dump_stack_lvl+0x100/0x190
[  589.794755][T14172]  should_fail_ex.cold+0x5/0xa
[  589.794790][T14172]  should_failslab+0xc2/0x120
[  589.794821][T14172]  __kmalloc_cache_noprof+0x7a/0x6f0
[  589.794859][T14172]  ? percpu_ref_init+0xec/0x3f0
[  589.794988][T14172]  ? __pfx_free_ioctx_reqs+0x10/0x10
[  589.795018][T14172]  percpu_ref_init+0xec/0x3f0
[  589.795054][T14172]  ? __init_waitqueue_head+0xca/0x150
[  589.795103][T14172]  ioctx_alloc+0x3ee/0x21d0
[  589.795147][T14172]  ? find_held_lock+0x2b/0x80
[  589.795175][T14172]  ? __pfx_ioctx_alloc+0x10/0x10
[  589.795216][T14172]  __x64_sys_io_setup+0xc9/0x220
[  589.795251][T14172]  do_syscall_64+0x106/0xf80
[  589.795285][T14172]  ? clear_bhb_loop+0x40/0x90
[  589.795322][T14172]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.795352][T14172] RIP: 0033:0x7f975f99c799
[  589.795377][T14172] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  589.795404][T14172] RSP: 002b:00007f975d7f4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[  589.795432][T14172] RAX: ffffffffffffffda RBX: 00007f975fc16270 RCX: 00007f975f99c799
[  589.795451][T14172] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 000000000000000e
[  589.795469][T14172] RBP: 00007f975fa32c99 R08: 0000000000000000 R09: 0000000000000000
[  589.795487][T14172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  589.795503][T14172] R13: 00007f975fc16308 R14: 00007f975fc16270 R15: 00007ffc90242268
[  589.795543][T14172]  </TASK>
[  591.055374][T14192] FAULT_INJECTION: forcing a failure.
[  591.055374][T14192] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  591.069121][T14192] CPU: 0 UID: 0 PID: 14192 Comm: syz.2.1428 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  591.069168][T14192] Tainted: [L]=SOFTLOCKUP
[  591.069178][T14192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  591.069195][T14192] Call Trace:
[  591.069204][T14192]  <TASK>
[  591.069215][T14192]  dump_stack_lvl+0x100/0x190
[  591.069263][T14192]  should_fail_ex.cold+0x5/0xa
[  591.069296][T14192]  _copy_from_user+0x2e/0xd0
[  591.069325][T14192]  snd_pcm_oss_write2+0x1c2/0x400
[  591.069375][T14192]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  591.069431][T14192]  snd_pcm_oss_write+0x729/0xa30
[  591.069460][T14192]  ? security_file_permission+0x76/0x210
[  591.069498][T14192]  vfs_write+0x2aa/0x1070
[  591.069545][T14192]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  591.069577][T14192]  ? __pfx_vfs_write+0x10/0x10
[  591.069617][T14192]  ? find_held_lock+0x2b/0x80
[  591.069643][T14192]  ? __fget_files+0x215/0x3d0
[  591.069668][T14192]  ? __fget_files+0x215/0x3d0
[  591.069700][T14192]  ? __fget_files+0x21f/0x3d0
[  591.069736][T14192]  ksys_write+0x12a/0x250
[  591.069761][T14192]  ? __pfx_ksys_write+0x10/0x10
[  591.069827][T14192]  do_syscall_64+0x106/0xf80
[  591.069863][T14192]  ? clear_bhb_loop+0x40/0x90
[  591.069899][T14192]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  591.069928][T14192] RIP: 0033:0x7fb16f99c799
[  591.069952][T14192] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  591.069980][T14192] RSP: 002b:00007fb17084d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  591.070007][T14192] RAX: ffffffffffffffda RBX: 00007fb16fc16270 RCX: 00007fb16f99c799
[  591.070027][T14192] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003
[  591.070044][T14192] RBP: 00007fb16fa32c99 R08: 0000000000000000 R09: 0000000000000000
[  591.070063][T14192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  591.070080][T14192] R13: 00007fb16fc16308 R14: 00007fb16fc16270 R15: 00007ffd7132dbe8
[  591.070112][T14192]  </TASK>
[  592.391405][ T5828] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  592.399077][ T5828] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  593.643583][T14231] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  593.697696][T14230] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  593.764512][T14231] FAULT_INJECTION: forcing a failure.
[  593.764512][T14231] name failslab, interval 1, probability 0, space 0, times 0
[  593.798340][T14231] CPU: 0 UID: 0 PID: 14231 Comm: syz.0.1437 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  593.798392][T14231] Tainted: [L]=SOFTLOCKUP
[  593.798403][T14231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  593.798420][T14231] Call Trace:
[  593.798430][T14231]  <TASK>
[  593.798441][T14231]  dump_stack_lvl+0x100/0x190
[  593.798492][T14231]  should_fail_ex.cold+0x5/0xa
[  593.798569][T14231]  ? apply_wqattrs_prepare+0xfe/0xbb0
[  593.798598][T14231]  should_failslab+0xc2/0x120
[  593.798629][T14231]  __kmalloc_noprof+0xe0/0x850
[  593.798681][T14231]  apply_wqattrs_prepare+0xfe/0xbb0
[  593.798724][T14231]  workqueue_apply_unbound_cpumask+0x18c/0x970
[  593.798765][T14231]  ? __pfx_workqueue_apply_unbound_cpumask+0x10/0x10
[  593.798796][T14231]  ? bitmap_parse+0x306/0x3f0
[  593.798838][T14231]  cpumask_store+0x1ad/0x220
[  593.798866][T14231]  ? __pfx_cpumask_store+0x10/0x10
[  593.798896][T14231]  ? find_held_lock+0x2b/0x80
[  593.798922][T14231]  ? sysfs_file_kobj+0xe4/0x290
[  593.798956][T14231]  ? sysfs_file_kobj+0xe4/0x290
[  593.798997][T14231]  ? __pfx_cpumask_store+0x10/0x10
[  593.799024][T14231]  dev_attr_store+0x58/0x80
[  593.799144][T14231]  ? __pfx_dev_attr_store+0x10/0x10
[  593.799189][T14231]  sysfs_kf_write+0xf2/0x150
[  593.799227][T14231]  kernfs_fop_write_iter+0x3e0/0x5f0
[  593.799257][T14231]  ? __pfx_sysfs_kf_write+0x10/0x10
[  593.799296][T14231]  vfs_write+0x6ac/0x1070
[  593.799342][T14231]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  593.799372][T14231]  ? __pfx_vfs_write+0x10/0x10
[  593.799431][T14231]  ksys_write+0x12a/0x250
[  593.799455][T14231]  ? __pfx_ksys_write+0x10/0x10
[  593.799492][T14231]  do_syscall_64+0x106/0xf80
[  593.799534][T14231]  ? clear_bhb_loop+0x40/0x90
[  593.799569][T14231]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  593.799600][T14231] RIP: 0033:0x7f4aa179c799
[  593.799624][T14231] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  593.799652][T14231] RSP: 002b:00007f4aa2722028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  593.799679][T14231] RAX: ffffffffffffffda RBX: 00007f4aa1a15fa0 RCX: 00007f4aa179c799
[  593.799699][T14231] RDX: 0000000000000005 RSI: 0000200000000180 RDI: 0000000000000006
[  593.799717][T14231] RBP: 00007f4aa1832c99 R08: 0000000000000000 R09: 0000000000000000
[  593.799735][T14231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  593.799751][T14231] R13: 00007f4aa1a16038 R14: 00007f4aa1a15fa0 R15: 00007ffcd6109408
[  593.799792][T14231]  </TASK>
[  594.542516][T14250] vivid-007: =================  START STATUS  =================
[  594.670434][T14250] vivid-007: Generate PTS: true
[  594.686436][T14250] vivid-007: Generate SCR: true
[  594.713940][T14250] tpg source WxH: 320x240 (Y'CbCr)
[  594.740492][T14250] tpg field: 1
[  594.747889][T14250] tpg crop: (0,0)/320x240
[  594.755122][T14250] tpg compose: (0,0)/320x240
[  594.761723][T14250] tpg colorspace: 8
[  594.767077][T14250] tpg transfer function: 0/0
[  594.772265][T14250] tpg Y'CbCr encoding: 0/0
[  594.778049][T14250] tpg quantization: 0/0
[  594.782494][T14250] tpg RGB range: 0/2
[  594.786554][T14250] vivid-007: ==================  END STATUS  ==================
[  595.985583][T14271] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  596.008798][T14271] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  597.833749][T14312] blktrace: Concurrent blktraces are not allowed on loop2
[  600.357520][T14358] zswap: compressor û not available
[  601.949889][ T5828] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  601.959019][ T5828] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  608.617124][ T5831] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  608.624754][ T5831] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  609.365710][ T5831] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  609.373445][ T5831] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  612.949321][ T5828] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  612.956774][ T5828] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  615.373558][ T5828] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  615.382058][ T5828] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  620.321180][ T5831] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  620.328878][ T5831] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  623.456534][ T5831] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  623.464840][ T5831] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0'
[  623.474606][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: kworker/u9:3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  623.474634][ T5831] Tainted: [L]=SOFTLOCKUP
[  623.474639][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  623.474651][ T5831] Workqueue: hci1 hci_rx_work
[  623.474681][ T5831] Call Trace:
[  623.474687][ T5831]  <TASK>
[  623.474694][ T5831]  dump_stack_lvl+0x100/0x190
[  623.474721][ T5831]  sysfs_warn_dup.cold+0x1c/0x28
[  623.474745][ T5831]  sysfs_create_dir_ns+0x24b/0x2b0
[  623.474767][ T5831]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  623.474785][ T5831]  ? find_held_lock+0x2b/0x80
[  623.474800][ T5831]  ? kobject_add_internal+0x25f/0x930
[  623.474822][ T5831]  ? kobject_add_internal+0x25f/0x930
[  623.474844][ T5831]  ? do_raw_spin_unlock+0x145/0x1e0
[  623.474866][ T5831]  kobject_add_internal+0x2c8/0x930
[  623.474890][ T5831]  kobject_add+0x16a/0x1e0
[  623.474910][ T5831]  ? __pfx_kobject_add+0x10/0x10
[  623.474929][ T5831]  ? class_to_subsys+0x10f/0x150
[  623.474950][ T5831]  ? kobject_put+0xb9/0x640
[  623.474968][ T5831]  ? _raw_spin_unlock+0x28/0x50
[  623.474989][ T5831]  device_add+0x294/0x1950
[  623.475003][ T5831]  ? __pfx_dev_set_name+0x10/0x10
[  623.475021][ T5831]  ? __pfx_device_add+0x10/0x10
[  623.475036][ T5831]  ? mgmt_send_event_skb+0x2fb/0x460
[  623.475058][ T5831]  hci_conn_add_sysfs+0x1a3/0x260
[  623.475076][ T5831]  le_conn_complete_evt+0x11cb/0x1f40
[  623.475097][ T5831]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  623.475111][ T5831]  ? __pfx_bt_warn+0x10/0x10
[  623.475133][ T5831]  hci_le_conn_complete_evt+0x23c/0x3a0
[  623.475149][ T5831]  ? skb_pull_data+0x15f/0x1e0
[  623.475178][ T5831]  hci_le_meta_evt+0x34a/0x5f0
[  623.475196][ T5831]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  623.475215][ T5831]  hci_event_packet+0x682/0x11c0
[  623.475230][ T5831]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  623.475248][ T5831]  ? __pfx_hci_event_packet+0x10/0x10
[  623.475265][ T5831]  ? kcov_remote_start+0x374/0x660
[  623.475279][ T5831]  ? lockdep_hardirqs_on+0x78/0x100
[  623.475302][ T5831]  hci_rx_work+0x451/0xfc0
[  623.475320][ T5831]  process_one_work+0x9d7/0x1920
[  623.475348][ T5831]  ? __pfx_process_one_work+0x10/0x10
[  623.475374][ T5831]  ? __pfx_hci_rx_work+0x10/0x10
[  623.475391][ T5831]  worker_thread+0x5da/0xe40
[  623.475418][ T5831]  ? kthread+0x13a/0x450
[  623.475436][ T5831]  ? __pfx_worker_thread+0x10/0x10
[  623.475455][ T5831]  kthread+0x370/0x450
[  623.475472][ T5831]  ? __pfx_kthread+0x10/0x10
[  623.475492][ T5831]  ret_from_fork+0x754/0xd80
[  623.475515][ T5831]  ? __pfx_ret_from_fork+0x10/0x10
[  623.475537][ T5831]  ? __switch_to+0x7b4/0x1120
[  623.475553][ T5831]  ? __pfx_kthread+0x10/0x10
[  623.475573][ T5831]  ret_from_fork_asm+0x1a/0x30
[  623.475599][ T5831]  </TASK>
[  623.475624][ T5831] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  623.764589][ T5831] Bluetooth: hci1: failed to register connection device
[  624.678654][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  624.690347][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  625.547346][ T5831] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  625.554878][ T5831] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  628.238849][T14847] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1544'.
[  631.465920][ T5828] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  631.475689][ T5828] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  635.120673][ T5828] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  635.128166][ T5828] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  638.592017][ T5831] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  638.925117][T15045] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1574'.
[  644.340224][    C0] vcan0: j1939_tp_rxtimer: 0xffff888058b41c00: rx timeout, send abort
[  644.348690][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888058b41c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  645.853534][    C0] vcan0: j1939_tp_rxtimer: 0xffff888058b40000: rx timeout, send abort
[  646.362158][    C0] vcan0: j1939_tp_rxtimer: 0xffff888058b40000: abort rx timeout. Force session deactivation
[  647.402091][ T5831] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  647.409994][ T5831] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  647.903269][T15179] bridge_slave_1: left allmulticast mode
[  647.951992][T15179] bridge_slave_1: left promiscuous mode
[  647.966952][T15179] bridge0: port 2(bridge_slave_1) entered disabled state
[  649.794890][ T5828] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  649.802430][ T5828] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  653.244043][T15279] kvm: kvm [15277]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc1) = 0x2
[  653.583290][ T5828] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  653.591000][ T5828] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  654.889105][T15318] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15
[  656.611360][T15343] mkiss: ax0: crc mode is auto.
[  660.710303][ T5831] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  660.718001][ T5831] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  663.537489][ T5828] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  663.547080][ T5828] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  664.239426][ T5828] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  664.249510][ T5828] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  665.105436][T15507] FAULT_INJECTION: forcing a failure.
[  665.105436][T15507] name failslab, interval 1, probability 0, space 0, times 0
[  665.118746][T15507] CPU: 1 UID: 0 PID: 15507 Comm: syz.4.1649 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  665.118791][T15507] Tainted: [L]=SOFTLOCKUP
[  665.118801][T15507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  665.118818][T15507] Call Trace:
[  665.118826][T15507]  <TASK>
[  665.118836][T15507]  dump_stack_lvl+0x100/0x190
[  665.118881][T15507]  should_fail_ex.cold+0x5/0xa
[  665.118915][T15507]  should_failslab+0xc2/0x120
[  665.118945][T15507]  __kmalloc_cache_noprof+0x7a/0x6f0
[  665.118983][T15507]  ? ima_d_path+0xc9/0x260
[  665.119127][T15507]  ? xattr_resolve_name+0x27d/0x3f0
[  665.119192][T15507]  ima_d_path+0xc9/0x260
[  665.119234][T15507]  ? __pfx_ima_d_path+0x10/0x10
[  665.119282][T15507]  ? __pfx_ima_get_hash_algo+0x10/0x10
[  665.119342][T15507]  process_measurement+0x1b25/0x2350
[  665.119394][T15507]  ? __pfx_process_measurement+0x10/0x10
[  665.119435][T15507]  ? trace_contention_end+0x140/0x180
[  665.119486][T15507]  ? find_held_lock+0x2b/0x80
[  665.119510][T15507]  ? trace_array_get+0xd8/0x100
[  665.119534][T15507]  ? trace_array_get+0xd8/0x100
[  665.119590][T15507]  ? bpf_lsm_locked_down+0x9/0x10
[  665.119619][T15507]  ? security_locked_down+0x70/0x1e0
[  665.119650][T15507]  ? tracing_open_generic+0x94/0xc0
[  665.119687][T15507]  ? subsystem_open+0x1bc/0x4b0
[  665.119728][T15507]  ? inode_to_bdi+0x9e/0x160
[  665.119761][T15507]  ima_file_check+0xcc/0x120
[  665.119800][T15507]  ? __pfx_ima_file_check+0x10/0x10
[  665.119847][T15507]  security_file_post_open+0xc4/0x210
[  665.119933][T15507]  path_openat+0x1418/0x31a0
[  665.119974][T15507]  ? __pfx_path_openat+0x10/0x10
[  665.120014][T15507]  do_file_open+0x20e/0x430
[  665.120045][T15507]  ? __pfx_do_file_open+0x10/0x10
[  665.120100][T15507]  ? alloc_fd+0x476/0x790
[  665.120129][T15507]  ? do_getname+0x191/0x390
[  665.120198][T15507]  do_sys_openat2+0x10d/0x1e0
[  665.120236][T15507]  ? __pfx_do_sys_openat2+0x10/0x10
[  665.120274][T15507]  ? __pfx_idempotent_init_module+0x10/0x10
[  665.120334][T15507]  __x64_sys_openat+0x12d/0x210
[  665.120371][T15507]  ? __pfx___x64_sys_openat+0x10/0x10
[  665.120423][T15507]  do_syscall_64+0x106/0xf80
[  665.120457][T15507]  ? clear_bhb_loop+0x40/0x90
[  665.120492][T15507]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.120520][T15507] RIP: 0033:0x7f975f99c799
[  665.120545][T15507] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  665.120574][T15507] RSP: 002b:00007f97607a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  665.120601][T15507] RAX: ffffffffffffffda RBX: 00007f975fc16090 RCX: 00007f975f99c799
[  665.120620][T15507] RDX: 0000000000000002 RSI: 0000200000001a80 RDI: ffffffffffffff9c
[  665.120638][T15507] RBP: 00007f975fa32c99 R08: 0000000000000000 R09: 0000000000000000
[  665.120654][T15507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  665.120671][T15507] R13: 00007f975fc16128 R14: 00007f975fc16090 R15: 00007ffc90242268
[  665.120710][T15507]  </TASK>
[  665.681178][T15511] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1650'.
[  665.867710][T15503] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  665.877442][T15503] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  665.924461][T15503] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  665.942040][T15503] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  665.960710][T15503] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  665.994801][T15503] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  666.039566][T15503] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  666.105933][T15503] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  666.112008][T15503] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  666.143337][T15503] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  666.156801][T15503] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  666.163509][T15503] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  666.170525][T15503] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  666.289264][T15503] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  666.319726][T15503] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  666.801198][T15526] can: request_module (can-proto-0) failed.
[  667.130070][T15539] syz.0.1656 uses obsolete (PF_INET,SOCK_PACKET)
[  667.487539][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[  667.845416][ T5831] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  667.966492][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[  668.126771][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout
[  668.206775][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout
[  669.567553][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[  670.057743][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[  670.210594][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout
[  670.298507][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout
[  671.694107][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[  671.928457][ T5831] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  671.936181][ T5831] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  672.130063][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[  672.175156][T15606] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  672.182822][T15606] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  672.188920][T15606] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  672.288938][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout
[  672.326473][T15606] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  672.333704][T15606] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  672.994419][T15626] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1670'.
[  673.027040][T15626] netlink: 'syz.0.1670': attribute type 1 has an invalid length.
[  673.111690][T15626] netlink: 51505 bytes leftover after parsing attributes in process `syz.0.1670'.
[  673.413233][T15628] mkiss: ax0: crc mode is auto.
[  674.227018][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[  674.227027][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout
[  674.382488][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout
[  674.382527][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout
[  674.692431][T15649] kvm: kvm [15647]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc1) = 0x2
[  675.402502][ T5828] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  676.290664][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[  676.489609][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout
[  678.822196][T15711] snd_dummy snd_dummy.0: control 0:4:8:1Õ…:0 is already present
[  680.445311][T15740] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16
[  680.730571][T15742] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17
[  682.943116][ T5831] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  684.145563][T15793] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1697'.
[  684.157333][T15793] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1697'.
[  685.019670][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout
[  686.146487][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  686.153002][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  687.013322][T15838] kvm: kvm [15836]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc1) = 0x2
[  687.096083][ T5835] Bluetooth: hci4: command 0x0c1a tx timeout
[  688.176147][T15861] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18
[  688.393995][   T30] audit: type=1804 audit(1773243312.512:11): pid=15855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1708" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=1059 res=1 errno=0
[  688.399274][T15855] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1708'.
[  688.597768][T15864] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19
[  690.561144][ T5831] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  700.279765][T16068] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  700.289656][T16068] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  700.297252][T16068] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  700.556054][T16068] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  700.582926][T16068] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  700.767117][T16068] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  700.887283][T16082] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  702.304106][T16093] Bluetooth: hci1: command 0x0c1a tx timeout
[  702.311256][T16089] Bluetooth: hci0: command 0x0c1a tx timeout
[  702.624087][T16089] Bluetooth: hci3: command 0x0c1a tx timeout
[  702.795539][T16089] Bluetooth: hci4: command 0x0c1a tx timeout
[  703.227101][T16089] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  704.384845][T16113] Bluetooth: hci1: command 0x0c1a tx timeout
[  704.756496][T16113] Bluetooth: hci3: command 0x0c1a tx timeout
[  704.911250][T16168] blktrace: Concurrent blktraces are not allowed on loop2
[  705.296855][T16159] FAULT_INJECTION: forcing a failure.
[  705.296855][T16159] name failslab, interval 1, probability 0, space 0, times 0
[  705.311201][T16173] FAULT_INJECTION: forcing a failure.
[  705.311201][T16173] name failslab, interval 1, probability 0, space 0, times 0
[  705.331275][T16159] CPU: 1 UID: 0 PID: 16159 Comm: syz.0.1753 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  705.331303][T16159] Tainted: [L]=SOFTLOCKUP
[  705.331309][T16159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  705.331318][T16159] Call Trace:
[  705.331324][T16159]  <TASK>
[  705.331332][T16159]  dump_stack_lvl+0x100/0x190
[  705.331369][T16159]  should_fail_ex.cold+0x5/0xa
[  705.331388][T16159]  ? memcg_list_lru_alloc+0x4ec/0x740
[  705.331410][T16159]  should_failslab+0xc2/0x120
[  705.331426][T16159]  __kmalloc_noprof+0xe0/0x850
[  705.331448][T16159]  ? ipcget+0xee/0xf50
[  705.331467][T16159]  memcg_list_lru_alloc+0x4ec/0x740
[  705.331493][T16159]  ? __pfx_memcg_list_lru_alloc+0x10/0x10
[  705.331514][T16159]  ? rcu_read_unlock+0x17/0x60
[  705.331535][T16159]  ? get_mem_cgroup_from_objcg+0xd3/0x330
[  705.331558][T16159]  __memcg_slab_post_alloc_hook+0x130/0x990
[  705.331579][T16159]  ? kasan_save_track+0x14/0x30
[  705.331603][T16159]  kmem_cache_alloc_lru_noprof+0x592/0x6e0
[  705.331624][T16159]  ? hugetlbfs_alloc_inode+0x8c/0x1d0
[  705.331644][T16159]  hugetlbfs_alloc_inode+0x8c/0x1d0
[  705.331658][T16159]  ? __pfx_hugetlbfs_alloc_inode+0x10/0x10
[  705.331673][T16159]  alloc_inode+0x68/0x250
[  705.331693][T16159]  new_inode+0x22/0x1c0
[  705.331713][T16159]  hugetlbfs_get_inode+0x313/0x750
[  705.331731][T16159]  hugetlb_file_setup+0x3cc/0x5b0
[  705.331749][T16159]  newseg+0xabb/0xed0
[  705.331769][T16159]  ? __pfx_newseg+0x10/0x10
[  705.331784][T16159]  ? down_write+0x146/0x1f0
[  705.331804][T16159]  ? ksys_write+0x190/0x250
[  705.331817][T16159]  ? ksys_write+0x190/0x250
[  705.331834][T16159]  ipcget+0xee/0xf50
[  705.331851][T16159]  ? do_futex+0x192/0x350
[  705.331871][T16159]  ? __pfx_do_futex+0x10/0x10
[  705.331892][T16159]  ? __pfx_ipcget+0x10/0x10
[  705.331908][T16159]  ? __x64_sys_futex+0x34f/0x4d0
[  705.331926][T16159]  ? __x64_sys_futex+0x358/0x4d0
[  705.331947][T16159]  __x64_sys_shmget+0x13b/0x1b0
[  705.331964][T16159]  ? __pfx___x64_sys_shmget+0x10/0x10
[  705.331986][T16159]  do_syscall_64+0x106/0xf80
[  705.332003][T16159]  ? clear_bhb_loop+0x40/0x90
[  705.332021][T16159]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.332037][T16159] RIP: 0033:0x7f4aa179c799
[  705.332052][T16159] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  705.332066][T16159] RSP: 002b:00007f4aa2722028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d
[  705.332082][T16159] RAX: ffffffffffffffda RBX: 00007f4aa1a15fa0 RCX: 00007f4aa179c799
[  705.332092][T16159] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000
[  705.332101][T16159] RBP: 00007f4aa1832c99 R08: 0000000000000000 R09: 0000000000000000
[  705.332110][T16159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  705.332119][T16159] R13: 00007f4aa1a16038 R14: 00007f4aa1a15fa0 R15: 00007ffcd6109408
[  705.332139][T16159]  </TASK>
[  705.631367][T16173] CPU: 1 UID: 0 PID: 16173 Comm: syz.2.1755 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  705.631419][T16173] Tainted: [L]=SOFTLOCKUP
[  705.631430][T16173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  705.631449][T16173] Call Trace:
[  705.631459][T16173]  <TASK>
[  705.631470][T16173]  dump_stack_lvl+0x100/0x190
[  705.631524][T16173]  should_fail_ex.cold+0x5/0xa
[  705.631562][T16173]  should_failslab+0xc2/0x120
[  705.631594][T16173]  __kmalloc_node_noprof+0xe6/0x850
[  705.631637][T16173]  ? __rb_allocate_pages+0x589/0xf50
[  705.631675][T16173]  ? __pfx_autoremove_wake_function+0x10/0x10
[  705.631710][T16173]  __rb_allocate_pages+0x589/0xf50
[  705.631756][T16173]  ring_buffer_subbuf_order_set+0x3ef/0x18c0
[  705.631798][T16173]  ? tracing_stop_tr+0xf6/0x210
[  705.631838][T16173]  ? __pfx_ring_buffer_subbuf_order_set+0x10/0x10
[  705.631876][T16173]  ? __pfx___might_resched+0x10/0x10
[  705.631915][T16173]  ? iovec_from_user+0xda/0x140
[  705.631950][T16173]  buffer_subbuf_size_write+0x182/0x280
[  705.631997][T16173]  ? __pfx_buffer_subbuf_size_write+0x10/0x10
[  705.632043][T16173]  ? iov_iter_advance+0xac/0x6d0
[  705.632167][T16173]  ? __pfx_buffer_subbuf_size_write+0x10/0x10
[  705.632214][T16173]  vfs_writev+0x5ea/0xe10
[  705.632256][T16173]  ? rcu_is_watching+0x12/0xc0
[  705.632309][T16173]  ? __pfx_vfs_writev+0x10/0x10
[  705.632358][T16173]  ? fdget_pos+0x2aa/0x380
[  705.632415][T16173]  ? __fget_files+0x21f/0x3d0
[  705.632449][T16173]  ? do_writev+0x13e/0x340
[  705.632486][T16173]  do_writev+0x13e/0x340
[  705.632526][T16173]  ? __pfx_do_writev+0x10/0x10
[  705.632578][T16173]  do_syscall_64+0x106/0xf80
[  705.632610][T16173]  ? clear_bhb_loop+0x40/0x90
[  705.632646][T16173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.632676][T16173] RIP: 0033:0x7fb16f99c799
[  705.632700][T16173] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  705.632726][T16173] RSP: 002b:00007fb1708b0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  705.632754][T16173] RAX: ffffffffffffffda RBX: 00007fb16fc15fa0 RCX: 00007fb16f99c799
[  705.632773][T16173] RDX: 000000000000000a RSI: 0000200000000200 RDI: 0000000000000008
[  705.632788][T16173] RBP: 00007fb16fa32c99 R08: 0000000000000000 R09: 0000000000000000
[  705.632803][T16173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  705.632821][T16173] R13: 00007fb16fc16038 R14: 00007fb16fc15fa0 R15: 00007ffd7132dbe8
[  705.632857][T16173]  </TASK>
[  711.001657][T16113] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  713.287907][T16307] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  718.594623][ T5824] usb usb40-port2: attempt power cycle
[  718.958450][T16398] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1794'.
[  719.223696][ T5824] usb usb40-port2: unable to enumerate USB device
[  719.629331][T16089] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  719.788501][T16421] can: request_module (can-proto-0) failed.
[  723.303284][T16472] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  723.419544][T16113] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  723.444286][T16113] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  727.011917][T16539] can: request_module (can-proto-0) failed.
[  731.771386][T16589] FAULT_INJECTION: forcing a failure.
[  731.771386][T16589] name failslab, interval 1, probability 0, space 0, times 0
[  731.785455][T16589] CPU: 0 UID: 0 PID: 16589 Comm: syz.0.1822 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  731.785514][T16589] Tainted: [L]=SOFTLOCKUP
[  731.785525][T16589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  731.785542][T16589] Call Trace:
[  731.785552][T16589]  <TASK>
[  731.785562][T16589]  dump_stack_lvl+0x100/0x190
[  731.785614][T16589]  should_fail_ex.cold+0x5/0xa
[  731.785649][T16589]  should_failslab+0xc2/0x120
[  731.785681][T16589]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  731.785724][T16589]  ? security_inode_alloc+0x3b/0x2c0
[  731.785768][T16589]  ? lockdep_init_map_type+0x5c/0x250
[  731.785813][T16589]  security_inode_alloc+0x3b/0x2c0
[  731.785867][T16589]  inode_init_always_gfp+0xced/0x1040
[  731.785903][T16589]  alloc_inode+0x8e/0x250
[  731.785939][T16589]  new_inode+0x22/0x1c0
[  731.785974][T16589]  hugetlbfs_get_inode+0x313/0x750
[  731.786010][T16589]  hugetlb_file_setup+0x3cc/0x5b0
[  731.786042][T16589]  newseg+0xabb/0xed0
[  731.786084][T16589]  ? __pfx_newseg+0x10/0x10
[  731.786112][T16589]  ? down_write+0x146/0x1f0
[  731.786150][T16589]  ? ksys_write+0x190/0x250
[  731.786173][T16589]  ? ksys_write+0x190/0x250
[  731.786200][T16589]  ipcget+0xee/0xf50
[  731.786226][T16589]  ? do_futex+0x192/0x350
[  731.786259][T16589]  ? __pfx_do_futex+0x10/0x10
[  731.786296][T16589]  ? __pfx_ipcget+0x10/0x10
[  731.786325][T16589]  ? __x64_sys_futex+0x34f/0x4d0
[  731.786355][T16589]  ? __x64_sys_futex+0x358/0x4d0
[  731.786392][T16589]  __x64_sys_shmget+0x13b/0x1b0
[  731.786421][T16589]  ? __pfx___x64_sys_shmget+0x10/0x10
[  731.786459][T16589]  do_syscall_64+0x106/0xf80
[  731.786496][T16589]  ? clear_bhb_loop+0x40/0x90
[  731.786529][T16589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  731.786555][T16589] RIP: 0033:0x7f4aa179c799
[  731.786576][T16589] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  731.786600][T16589] RSP: 002b:00007f4aa26bf028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d
[  731.786624][T16589] RAX: ffffffffffffffda RBX: 00007f4aa1a16270 RCX: 00007f4aa179c799
[  731.786641][T16589] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000
[  731.786657][T16589] RBP: 00007f4aa1832c99 R08: 0000000000000000 R09: 0000000000000000
[  731.786672][T16589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  731.786688][T16589] R13: 00007f4aa1a16308 R14: 00007f4aa1a16270 R15: 00007ffcd6109408
[  731.786723][T16589]  </TASK>
[  733.050643][T16617] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  733.077885][T16617] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  733.087953][T16617] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  733.275503][T16617] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  733.297072][T16617] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  733.605974][T16617] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  733.633845][T16617] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  735.121221][T16113] Bluetooth: hci1: command 0x0c1a tx timeout
[  735.127277][T16089] Bluetooth: hci0: command 0x0c1a tx timeout
[  735.280294][T16113] Bluetooth: hci3: command 0x0c1a tx timeout
[  735.682820][T16113] Bluetooth: hci4: command 0x0c1a tx timeout
[  735.781980][ T5824] usb usb40-port2: attempt power cycle
[  736.372425][ T5824] usb usb40-port2: unable to enumerate USB device
[  736.625990][T16677] FAULT_INJECTION: forcing a failure.
[  736.625990][T16677] name failslab, interval 1, probability 0, space 0, times 0
[  736.800745][T16677] CPU: 0 UID: 0 PID: 16677 Comm: syz.1.1843 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  736.800792][T16677] Tainted: [L]=SOFTLOCKUP
[  736.800805][T16677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  736.800819][T16677] Call Trace:
[  736.800828][T16677]  <TASK>
[  736.800837][T16677]  dump_stack_lvl+0x100/0x190
[  736.800881][T16677]  should_fail_ex.cold+0x5/0xa
[  736.800915][T16677]  should_failslab+0xc2/0x120
[  736.800945][T16677]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  736.800987][T16677]  ? security_inode_alloc+0x3b/0x2c0
[  736.801030][T16677]  ? lockdep_init_map_type+0x5c/0x250
[  736.801072][T16677]  security_inode_alloc+0x3b/0x2c0
[  736.801114][T16677]  inode_init_always_gfp+0xced/0x1040
[  736.801149][T16677]  alloc_inode+0x8e/0x250
[  736.801187][T16677]  alloc_anon_inode+0x2a/0x3e0
[  736.801219][T16677]  ioctx_alloc+0x4dc/0x21d0
[  736.801263][T16677]  ? find_held_lock+0x2b/0x80
[  736.801290][T16677]  ? __pfx_ioctx_alloc+0x10/0x10
[  736.801330][T16677]  __x64_sys_io_setup+0xc9/0x220
[  736.801364][T16677]  do_syscall_64+0x106/0xf80
[  736.801405][T16677]  ? clear_bhb_loop+0x40/0x90
[  736.801441][T16677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.801469][T16677] RIP: 0033:0x7f77f999c799
[  736.801492][T16677] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  736.801518][T16677] RSP: 002b:00007f77fa79b028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[  736.801544][T16677] RAX: ffffffffffffffda RBX: 00007f77f9c16360 RCX: 00007f77f999c799
[  736.801564][T16677] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 000000000000000e
[  736.801581][T16677] RBP: 00007f77f9a32c99 R08: 0000000000000000 R09: 0000000000000000
[  736.801597][T16677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  736.801614][T16677] R13: 00007f77f9c163f8 R14: 00007f77f9c16360 R15: 00007ffe87f034d8
[  736.801653][T16677]  </TASK>
[  737.229704][T16113] Bluetooth: hci1: command 0x0c1a tx timeout
[  737.365046][T16113] Bluetooth: hci3: command 0x0c1a tx timeout
[  737.781548][T16113] Bluetooth: hci4: command 0x0c1a tx timeout
[  738.753761][T16723] blktrace: Concurrent blktraces are not allowed on loop2
[  740.226969][T16751] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1845'.
[  741.263200][ T5913] usb usb40-port2: attempt power cycle
[  741.898047][ T5913] usb usb40-port2: unable to enumerate USB device
[  743.337344][T16827] FAULT_INJECTION: forcing a failure.
[  743.337344][T16827] name failslab, interval 1, probability 0, space 0, times 0
[  743.361888][T16827] CPU: 0 UID: 0 PID: 16827 Comm: syz.0.1851 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  743.361934][T16827] Tainted: [L]=SOFTLOCKUP
[  743.361943][T16827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  743.361960][T16827] Call Trace:
[  743.361969][T16827]  <TASK>
[  743.361979][T16827]  dump_stack_lvl+0x100/0x190
[  743.362011][T16827]  should_fail_ex.cold+0x5/0xa
[  743.362029][T16827]  should_failslab+0xc2/0x120
[  743.362046][T16827]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  743.362068][T16827]  ? security_inode_alloc+0x3b/0x2c0
[  743.362091][T16827]  ? lockdep_init_map_type+0x5c/0x250
[  743.362114][T16827]  security_inode_alloc+0x3b/0x2c0
[  743.362138][T16827]  inode_init_always_gfp+0xced/0x1040
[  743.362156][T16827]  alloc_inode+0x8e/0x250
[  743.362175][T16827]  alloc_anon_inode+0x2a/0x3e0
[  743.362192][T16827]  ioctx_alloc+0x4dc/0x21d0
[  743.362215][T16827]  ? find_held_lock+0x2b/0x80
[  743.362229][T16827]  ? __pfx_ioctx_alloc+0x10/0x10
[  743.362253][T16827]  __x64_sys_io_setup+0xc9/0x220
[  743.362271][T16827]  do_syscall_64+0x106/0xf80
[  743.362289][T16827]  ? clear_bhb_loop+0x40/0x90
[  743.362308][T16827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.362323][T16827] RIP: 0033:0x7f4aa179c799
[  743.362337][T16827] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  743.362351][T16827] RSP: 002b:00007f4aa26bf028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[  743.362366][T16827] RAX: ffffffffffffffda RBX: 00007f4aa1a16270 RCX: 00007f4aa179c799
[  743.362376][T16827] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 000000000000000e
[  743.362385][T16827] RBP: 00007f4aa1832c99 R08: 0000000000000000 R09: 0000000000000000
[  743.362393][T16827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  743.362402][T16827] R13: 00007f4aa1a16308 R14: 00007f4aa1a16270 R15: 00007ffcd6109408
[  743.362422][T16827]  </TASK>
[  743.858937][T16113] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18
[  746.196406][ T5824] usb usb40-port2: attempt power cycle
[  746.556203][T16113] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  746.784039][ T5824] usb usb40-port2: unable to enumerate USB device
[  747.061562][T16089] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  747.069901][T16089] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  747.609282][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  747.615907][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  749.550655][T16934] blktrace: Concurrent blktraces are not allowed on loop2
[  750.092414][T16932] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20
[  750.355316][T16113] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  750.779142][T16958] futex_wake_op: syz.1.1875 tries to shift op by -2048; fix this program
[  750.822041][T16958] futex_wake_op: syz.1.1875 tries to shift op by -2048; fix this program
[  750.929146][T16958] 0x000000000001-0x000000020000 : ""
[  750.985300][T16958] ftl_cs: FTL header corrupt!
[  751.650818][T16969] FAULT_INJECTION: forcing a failure.
[  751.650818][T16969] name failslab, interval 1, probability 0, space 0, times 0
[  751.675195][T16969] CPU: 0 UID: 0 PID: 16969 Comm: syz.0.1877 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  751.675240][T16969] Tainted: [L]=SOFTLOCKUP
[  751.675251][T16969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  751.675267][T16969] Call Trace:
[  751.675275][T16969]  <TASK>
[  751.675286][T16969]  dump_stack_lvl+0x100/0x190
[  751.675335][T16969]  should_fail_ex.cold+0x5/0xa
[  751.675368][T16969]  should_failslab+0xc2/0x120
[  751.675399][T16969]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  751.675456][T16969]  ? security_inode_alloc+0x3b/0x2c0
[  751.675503][T16969]  ? lockdep_init_map_type+0x5c/0x250
[  751.675549][T16969]  security_inode_alloc+0x3b/0x2c0
[  751.675598][T16969]  inode_init_always_gfp+0xced/0x1040
[  751.675652][T16969]  alloc_inode+0x8e/0x250
[  751.675694][T16969]  path_from_stashed+0x25b/0x750
[  751.675737][T16969]  pidfs_alloc_file+0xf8/0x290
[  751.675786][T16969]  ? __pfx_pidfs_alloc_file+0x10/0x10
[  751.675836][T16969]  pidfd_prepare+0x123/0x200
[  751.675901][T16969]  __x64_sys_pidfd_open+0x105/0x1a0
[  751.675942][T16969]  ? __pfx___x64_sys_pidfd_open+0x10/0x10
[  751.675994][T16969]  do_syscall_64+0x106/0xf80
[  751.676029][T16969]  ? clear_bhb_loop+0x40/0x90
[  751.676064][T16969]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  751.676095][T16969] RIP: 0033:0x7f4aa179c799
[  751.676121][T16969] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  751.676149][T16969] RSP: 002b:00007f4aa2722028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2
[  751.676178][T16969] RAX: ffffffffffffffda RBX: 00007f4aa1a15fa0 RCX: 00007f4aa179c799
[  751.676198][T16969] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  751.676217][T16969] RBP: 00007f4aa1832c99 R08: 0000000000000000 R09: 0000000000000000
[  751.676235][T16969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  751.676254][T16969] R13: 00007f4aa1a16038 R14: 00007f4aa1a15fa0 R15: 00007ffcd6109408
[  751.676297][T16969]  </TASK>
[  754.172332][T16976] kexec: Could not allocate control_code_buffer
[  758.320721][T17044] FAULT_INJECTION: forcing a failure.
[  758.320721][T17044] name failslab, interval 1, probability 0, space 0, times 0
[  758.382493][T17044] CPU: 0 UID: 0 PID: 17044 Comm: syz.2.1890 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  758.382548][T17044] Tainted: [L]=SOFTLOCKUP
[  758.382558][T17044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  758.382569][T17044] Call Trace:
[  758.382575][T17044]  <TASK>
[  758.382582][T17044]  dump_stack_lvl+0x100/0x190
[  758.382609][T17044]  should_fail_ex.cold+0x5/0xa
[  758.382629][T17044]  should_failslab+0xc2/0x120
[  758.382645][T17044]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  758.382666][T17044]  ? security_inode_alloc+0x3b/0x2c0
[  758.382688][T17044]  ? lockdep_init_map_type+0x5c/0x250
[  758.382710][T17044]  security_inode_alloc+0x3b/0x2c0
[  758.382733][T17044]  inode_init_always_gfp+0xced/0x1040
[  758.382751][T17044]  alloc_inode+0x8e/0x250
[  758.382770][T17044]  new_inode+0x22/0x1c0
[  758.382798][T17044]  hugetlbfs_get_inode+0x313/0x750
[  758.382818][T17044]  hugetlb_file_setup+0x3cc/0x5b0
[  758.382837][T17044]  newseg+0xabb/0xed0
[  758.382862][T17044]  ? __pfx_newseg+0x10/0x10
[  758.382877][T17044]  ? down_write+0x146/0x1f0
[  758.382898][T17044]  ? ksys_write+0x190/0x250
[  758.382912][T17044]  ? ksys_write+0x190/0x250
[  758.382928][T17044]  ipcget+0xee/0xf50
[  758.382944][T17044]  ? do_futex+0x192/0x350
[  758.382963][T17044]  ? __pfx_do_futex+0x10/0x10
[  758.382984][T17044]  ? __pfx_ipcget+0x10/0x10
[  758.383066][T17044]  ? __x64_sys_futex+0x34f/0x4d0
[  758.383088][T17044]  ? __x64_sys_futex+0x358/0x4d0
[  758.383111][T17044]  __x64_sys_shmget+0x13b/0x1b0
[  758.383131][T17044]  ? __pfx___x64_sys_shmget+0x10/0x10
[  758.383153][T17044]  do_syscall_64+0x106/0xf80
[  758.383171][T17044]  ? clear_bhb_loop+0x40/0x90
[  758.383192][T17044]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  758.383208][T17044] RIP: 0033:0x7fb16f99c799
[  758.383223][T17044] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  758.383237][T17044] RSP: 002b:00007fb1708b0028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d
[  758.383306][T17044] RAX: ffffffffffffffda RBX: 00007fb16fc15fa0 RCX: 00007fb16f99c799
[  758.383316][T17044] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000
[  758.383326][T17044] RBP: 00007fb16fa32c99 R08: 0000000000000000 R09: 0000000000000000
[  758.383336][T17044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  758.383345][T17044] R13: 00007fb16fc16038 R14: 00007fb16fc15fa0 R15: 00007ffd7132dbe8
[  758.383366][T17044]  </TASK>
[  760.706521][T17073] netlink: 'syz.1.1893': attribute type 1 has an invalid length.
[  764.495925][T17117] FAULT_INJECTION: forcing a failure.
[  764.495925][T17117] name fail_futex, interval 1, probability 0, space 0, times 0
[  764.525759][T17117] CPU: 0 UID: 0 PID: 17117 Comm: syz.1.1902 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  764.525809][T17117] Tainted: [L]=SOFTLOCKUP
[  764.525819][T17117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  764.525834][T17117] Call Trace:
[  764.525843][T17117]  <TASK>
[  764.525853][T17117]  dump_stack_lvl+0x100/0x190
[  764.525902][T17117]  should_fail_ex.cold+0x5/0xa
[  764.525937][T17117]  get_futex_key+0x1d2/0x1620
[  764.525977][T17117]  ? __pfx_get_futex_key+0x10/0x10
[  764.526012][T17117]  ? __call_rcu_common.constprop.0+0x3f0/0x9b0
[  764.526050][T17117]  ? lockdep_hardirqs_on+0x78/0x100
[  764.526086][T17117]  ? iput+0x3a/0x40
[  764.526116][T17117]  ? hugetlb_file_setup+0x2c8/0x5b0
[  764.526151][T17117]  futex_wake+0xea/0x530
[  764.526195][T17117]  ? __pfx_futex_wake+0x10/0x10
[  764.526245][T17117]  ? up_write+0x290/0x4f0
[  764.526290][T17117]  do_futex+0x32b/0x350
[  764.526327][T17117]  ? __pfx_do_futex+0x10/0x10
[  764.526373][T17117]  __x64_sys_futex+0x34f/0x4d0
[  764.526415][T17117]  ? __pfx___x64_sys_futex+0x10/0x10
[  764.526454][T17117]  ? __pfx___x64_sys_shmget+0x10/0x10
[  764.526504][T17117]  do_syscall_64+0x106/0xf80
[  764.526538][T17117]  ? clear_bhb_loop+0x40/0x90
[  764.526574][T17117]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  764.526603][T17117] RIP: 0033:0x7f77f999c799
[  764.526625][T17117] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  764.526653][T17117] RSP: 002b:00007f77fa7bc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  764.526689][T17117] RAX: ffffffffffffffda RBX: 00007f77f9c16278 RCX: 00007f77f999c799
[  764.526708][T17117] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f77f9c1627c
[  764.526727][T17117] RBP: 00007f77f9c16270 R08: 0000000000000000 R09: 0000000000000000
[  764.526745][T17117] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[  764.526764][T17117] R13: 00007f77f9c16308 R14: 00007ffe87f033f0 R15: 00007ffe87f034d8
[  764.526803][T17117]  </TASK>
[  764.986949][T17135] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  764.993078][T17135] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  764.999148][T17135] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  765.042557][T17135] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  765.072687][T17135] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  765.124232][T17135] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  765.165163][T17135] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  765.655991][T17141] FAULT_INJECTION: forcing a failure.
[  765.655991][T17141] name failslab, interval 1, probability 0, space 0, times 0
[  765.672347][T17141] CPU: 0 UID: 0 PID: 17141 Comm: syz.2.1907 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  765.672390][T17141] Tainted: [L]=SOFTLOCKUP
[  765.672399][T17141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  765.672414][T17141] Call Trace:
[  765.672423][T17141]  <TASK>
[  765.672433][T17141]  dump_stack_lvl+0x100/0x190
[  765.672480][T17141]  should_fail_ex.cold+0x5/0xa
[  765.672512][T17141]  should_failslab+0xc2/0x120
[  765.672540][T17141]  kmem_cache_alloc_lru_noprof+0x80/0x6e0
[  765.672564][T17141]  ? proc_alloc_inode+0x25/0x200
[  765.672588][T17141]  ? __pfx_proc_alloc_inode+0x10/0x10
[  765.672608][T17141]  proc_alloc_inode+0x25/0x200
[  765.672628][T17141]  alloc_inode+0x68/0x250
[  765.672652][T17141]  new_inode+0x22/0x1c0
[  765.672673][T17141]  proc_pid_make_inode+0x22/0x160
[  765.672694][T17141]  proc_pident_instantiate+0x85/0x310
[  765.672718][T17141]  proc_pident_lookup+0x1e3/0x270
[  765.672743][T17141]  lookup_open.isra.0+0x631/0x11b0
[  765.672769][T17141]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  765.672794][T17141]  ? __pfx___might_resched+0x10/0x10
[  765.672815][T17141]  ? mnt_get_write_access+0x52/0x2f0
[  765.672838][T17141]  ? __pfx_down_write+0x10/0x10
[  765.672857][T17141]  ? mnt_get_write_access+0x1e9/0x2f0
[  765.672880][T17141]  path_openat+0x2291/0x31a0
[  765.672901][T17141]  ? __pfx_path_openat+0x10/0x10
[  765.672923][T17141]  do_file_open+0x20e/0x430
[  765.672940][T17141]  ? __pfx_do_file_open+0x10/0x10
[  765.672963][T17141]  ? __pfx_kfree_link+0x10/0x10
[  765.672989][T17141]  ? alloc_fd+0x476/0x790
[  765.673005][T17141]  ? do_getname+0x191/0x390
[  765.673025][T17141]  do_sys_openat2+0x10d/0x1e0
[  765.673044][T17141]  ? __pfx_do_sys_openat2+0x10/0x10
[  765.673064][T17141]  ? __fget_files+0x21f/0x3d0
[  765.673082][T17141]  __x64_sys_openat+0x12d/0x210
[  765.673102][T17141]  ? __pfx___x64_sys_openat+0x10/0x10
[  765.673137][T17141]  do_syscall_64+0x106/0xf80
[  765.673157][T17141]  ? clear_bhb_loop+0x40/0x90
[  765.673178][T17141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  765.673196][T17141] RIP: 0033:0x7fb16f99c799
[  765.673211][T17141] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  765.673225][T17141] RSP: 002b:00007fb17086e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  765.673240][T17141] RAX: ffffffffffffffda RBX: 00007fb16fc16180 RCX: 00007fb16f99c799
[  765.673250][T17141] RDX: 0000000000000840 RSI: 0000200000000180 RDI: ffffffffffffff9c
[  765.673260][T17141] RBP: 00007fb16fa32c99 R08: 0000000000000000 R09: 0000000000000000
[  765.673269][T17141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  765.673278][T17141] R13: 00007fb16fc16218 R14: 00007fb16fc16180 R15: 00007ffd7132dbe8
[  765.673299][T17141]  </TASK>
[  766.825928][T16089] Bluetooth: hci0: command 0x0c1a tx timeout
[  767.056216][T16089] Bluetooth: hci3: command 0x0c1a tx timeout
[  767.062700][T16089] Bluetooth: hci1: command 0x0c1a tx timeout
[  767.136457][T16089] Bluetooth: hci4: command 0x0c1a tx timeout
[  769.137297][T16089] Bluetooth: hci1: command 0x0c1a tx timeout
[  769.143391][T16089] Bluetooth: hci3: command 0x0c1a tx timeout
[  769.219488][T16089] Bluetooth: hci4: command 0x0c1a tx timeout
[  773.887915][T17214] FAULT_INJECTION: forcing a failure.
[  773.887915][T17214] name failslab, interval 1, probability 0, space 0, times 0
[  773.900907][T17214] CPU: 1 UID: 0 PID: 17214 Comm: syz.4.1918 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  773.900945][T17214] Tainted: [L]=SOFTLOCKUP
[  773.900951][T17214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  773.900961][T17214] Call Trace:
[  773.900970][T17214]  <TASK>
[  773.900976][T17214]  dump_stack_lvl+0x100/0x190
[  773.901003][T17214]  should_fail_ex.cold+0x5/0xa
[  773.901022][T17214]  should_failslab+0xc2/0x120
[  773.901039][T17214]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  773.901062][T17214]  ? security_inode_alloc+0x3b/0x2c0
[  773.901084][T17214]  ? lockdep_init_map_type+0x5c/0x250
[  773.901107][T17214]  security_inode_alloc+0x3b/0x2c0
[  773.901130][T17214]  inode_init_always_gfp+0xced/0x1040
[  773.901149][T17214]  alloc_inode+0x8e/0x250
[  773.901168][T17214]  new_inode+0x22/0x1c0
[  773.901188][T17214]  hugetlbfs_get_inode+0x313/0x750
[  773.901208][T17214]  hugetlb_file_setup+0x3cc/0x5b0
[  773.901227][T17214]  newseg+0xabb/0xed0
[  773.901247][T17214]  ? __pfx_newseg+0x10/0x10
[  773.901262][T17214]  ? down_write+0x146/0x1f0
[  773.901286][T17214]  ? ksys_write+0x190/0x250
[  773.901300][T17214]  ? ksys_write+0x190/0x250
[  773.901316][T17214]  ipcget+0xee/0xf50
[  773.901332][T17214]  ? do_futex+0x192/0x350
[  773.901352][T17214]  ? __pfx_do_futex+0x10/0x10
[  773.901373][T17214]  ? __pfx_ipcget+0x10/0x10
[  773.901390][T17214]  ? __x64_sys_futex+0x34f/0x4d0
[  773.901406][T17214]  ? __x64_sys_futex+0x358/0x4d0
[  773.901428][T17214]  __x64_sys_shmget+0x13b/0x1b0
[  773.901444][T17214]  ? __pfx___x64_sys_shmget+0x10/0x10
[  773.901466][T17214]  do_syscall_64+0x106/0xf80
[  773.901483][T17214]  ? clear_bhb_loop+0x40/0x90
[  773.901501][T17214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  773.901517][T17214] RIP: 0033:0x7f975f99c799
[  773.901531][T17214] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  773.901545][T17214] RSP: 002b:00007f97607c3028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d
[  773.901559][T17214] RAX: ffffffffffffffda RBX: 00007f975fc15fa0 RCX: 00007f975f99c799
[  773.901569][T17214] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000
[  773.901578][T17214] RBP: 00007f975fa32c99 R08: 0000000000000000 R09: 0000000000000000
[  773.901588][T17214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  773.901597][T17214] R13: 00007f975fc16038 R14: 00007f975fc15fa0 R15: 00007ffc90242268
[  773.901617][T17214]  </TASK>
[  774.297536][T17246] futex_wake_op: syz.2.1927 tries to shift op by -2048; fix this program
[  774.306231][T17246] futex_wake_op: syz.2.1927 tries to shift op by -2048; fix this program
[  774.316934][T17246] 0x000000000001-0x000000020000 : ""
[  774.344273][T17246] ftl_cs: FTL header corrupt!
[  775.743371][T17269] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjEùrõ£Ò„yù*›"¤l-ý¤ôy–ú„
[  775.792364][T17255] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  775.799923][T17255] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  775.808149][T17255] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  775.834665][T17266] zswap: compressor  not available
[  775.852326][T17255] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  777.349893][T17301] futex_wake_op: syz.4.1935 tries to shift op by -2048; fix this program
[  777.421767][T17301] futex_wake_op: syz.4.1935 tries to shift op by -2048; fix this program
[  777.467593][T17301] 0x000000000001-0x000000020000 : ""
[  777.494823][T17301] ftl_cs: FTL header corrupt!
[  777.532162][T17302] misc userio: No port type given on /dev/userio
[  777.871499][T16113] Bluetooth: hci4: command 0x0c1a tx timeout
[  777.880258][T16113] Bluetooth: hci3: command 0x0c1a tx timeout
[  777.886922][T16089] Bluetooth: hci1: command 0x0c1a tx timeout
[  777.893299][T16113] Bluetooth: hci0: command 0x0c1a tx timeout
[  777.925993][T17301] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint
[  778.106392][T17302] : Can't lookup blockdev
[  780.752996][T17308] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  781.064905][T17335] page: refcount:513 mapcount:0 mapping:ffff8880270c1f80 index:0x4f8 pfn:0x380f8
[  781.134819][T17335] head: order:9 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  781.263426][T17335] memcg:ffff88801caf9a80
[  781.270547][T17335] aops:def_blk_aops ino:fa00000
[  781.287420][T17335] flags: 0xfff00000000061(locked|lru|head|node=0|zone=1|lastcpupid=0x7ff)
[  781.323200][T17335] raw: 00fff00000000000 ffffea0000e00001 dead000000000122 dead000000000400
[  781.360051][T17335] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  781.410667][T17335] head: 00fff00000000061 ffffea0002120008 ffff88801dec5b28 ffff8880270c1f80
[  781.456707][T17335] head: 0000000000000400 0000000000000000 00000201ffffffff ffff88801caf9a80
[  781.503509][T17335] head: 00fff00000000209 ffffea0000e00001 00000000ffffffff 00000000ffffffff
[  781.583636][T17335] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000200
[  781.613269][T17335] page dumped because: VM_BUG_ON_PAGE(page->compound_head & 1)
[  781.641809][T17335] page_owner tracks the page as allocated
[  781.653728][T17335] page last allocated via order 9, migratetype Unmovable, gfp_mask 0x153c40(GFP_NOFS|__GFP_WRITE|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 17362, tgid 17361 (syz.2.1947), ts 781059868393, free_ts 778963907130
[  781.755918][T17335]  post_alloc_hook+0x153/0x170
[  781.760759][T17335]  get_page_from_freelist+0x111d/0x3140
[  781.823422][T17335]  __alloc_frozen_pages_noprof+0x27c/0x2ba0
[  781.829485][T17335]  alloc_pages_mpol+0x1fb/0x550
[  781.868052][T17335]  folio_alloc_noprof+0x22/0x330
[  781.890233][T17335]  filemap_alloc_folio_noprof.part.0+0x377/0x450
[  781.917435][T17335]  __filemap_get_folio_mpol+0x6a4/0xe70
[  781.933416][T17335]  iomap_write_begin+0x15bd/0x2340
[  781.944087][T17335]  iomap_file_buffered_write+0x48b/0xac0
[  781.978111][T17335]  blkdev_write_iter+0x575/0xd70
[  781.987842][T17335]  vfs_write+0x6ac/0x1070
[  782.012846][T17335]  ksys_write+0x12a/0x250
[  782.020749][T17335]  do_syscall_64+0x106/0xf80
[  782.097139][T17335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.164405][T17335] page last free pid 17277 tgid 17274 stack trace:
[  782.187769][T17335]  free_unref_folios+0xaea/0x1790
[  782.205158][T17335]  folios_put_refs+0x53c/0x840
[  782.224712][T17335]  truncate_inode_pages_range+0x30c/0x1050
[  782.246729][T17335]  blkdev_flush_mapping+0xfb/0x2e0
[  782.251925][T17335]  blkdev_put_whole+0xc9/0xf0
[  782.263830][T17335]  bdev_release+0x47f/0x6d0
[  782.268420][T17335]  blkdev_release+0x15/0x20
[  782.273268][T17335]  __fput+0x3ff/0xb40
[  782.277728][T17335]  task_work_run+0x150/0x240
[  782.293380][T17335]  exit_to_user_mode_loop+0x100/0x4a0
[  782.309776][T17335]  do_syscall_64+0x668/0xf80
[  782.321837][T17335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.340935][T17335] ------------[ cut here ]------------
[  782.347150][T17335] kernel BUG at ./include/linux/page-flags.h:351!
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  782.418347][T17335] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  782.424644][T17335] CPU: 1 UID: 0 PID: 17335 Comm: syz.1.1942 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  782.435790][T17335] Tainted: [L]=SOFTLOCKUP
[  782.440130][T17335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  782.450383][T17335] RIP: 0010:set_ps_flags+0x321/0x390
[  782.455700][T17335] Code: f6 0f 84 9e fe ff ff e8 fd 6e b9 ff 49 83 ed 01 e9 98 fe ff ff e8 ef 6e b9 ff 48 c7 c6 00 61 be 8b 48 89 df e8 80 82 05 00 90 <0f> 0b e8 e8 f8 24 00 e9 0e fd ff ff e8 0e f9 24 00 e9 78 fd ff ff
[  782.475532][T17335] RSP: 0018:ffffc9000cd7f900 EFLAGS: 00010246
[  782.481717][T17335] RAX: 0000000000080000 RBX: ffffea0000e03e00 RCX: ffffc900063da000
[  782.489728][T17335] RDX: 0000000000080000 RSI: ffffffff825429a8 RDI: ffff888035c2e044
[  782.497812][T17335] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  782.505796][T17335] R10: 0000000000000001 R11: 0000000000000001 R12: ffffc9000cd7f9d0
[  782.513779][T17335] R13: 0000000000000201 R14: ffffea0000e00034 R15: ffffc9000cd7f9d0
[  782.521777][T17335] FS:  00007f77fa81f6c0(0000) GS:ffff88812444d000(0000) knlGS:0000000000000000
[  782.530801][T17335] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  782.537392][T17335] CR2: 00007f8ee6747e20 CR3: 00000000463ba000 CR4: 00000000003526f0
[  782.545461][T17335] Call Trace:
[  782.548746][T17335]  <TASK>
[  782.551697][T17335]  snapshot_page+0x49a/0x660
[  782.556313][T17335]  get_kpage_count+0x94/0x240
[  782.561032][T17335]  ? __pfx_get_kpage_count+0x10/0x10
[  782.566457][T17335]  ? __pfx___might_resched+0x10/0x10
[  782.571765][T17335]  ? __nr_to_section+0xaa/0x100
[  782.576887][T17335]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  782.583174][T17335]  kpage_read.isra.0+0x1b8/0x2b0
[  782.588262][T17335]  ? __pfx_kpagecount_read+0x10/0x10
[  782.593668][T17335]  proc_reg_read+0x120/0x330
[  782.598280][T17335]  ? __pfx_proc_reg_read+0x10/0x10
[  782.603408][T17335]  vfs_readv+0x5d8/0x8d0
[  782.607846][T17335]  ? rcu_is_watching+0x12/0xc0
[  782.612631][T17335]  ? __pfx_vfs_readv+0x10/0x10
[  782.617410][T17335]  ? fdget_pos+0x2aa/0x380
[  782.622045][T17335]  ? __fget_files+0x21f/0x3d0
[  782.626839][T17335]  ? do_readv+0x13e/0x340
[  782.631470][T17335]  do_readv+0x13e/0x340
[  782.635855][T17335]  ? __pfx_do_readv+0x10/0x10
[  782.640552][T17335]  do_syscall_64+0x106/0xf80
[  782.645178][T17335]  ? clear_bhb_loop+0x40/0x90
[  782.649865][T17335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.655765][T17335] RIP: 0033:0x7f77f999c799
[  782.660183][T17335] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  782.679801][T17335] RSP: 002b:00007f77fa81f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  782.688312][T17335] RAX: ffffffffffffffda RBX: 00007f77f9c15fa0 RCX: 00007f77f999c799
[  782.696292][T17335] RDX: 0000000100000007 RSI: 00002000000001c0 RDI: 0000000000000003
[  782.704273][T17335] RBP: 00007f77f9a32c99 R08: 0000000000000000 R09: 0000000000000000
[  782.712251][T17335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  782.720228][T17335] R13: 00007f77f9c16038 R14: 00007f77f9c15fa0 R15: 00007ffe87f034d8
[  782.728222][T17335]  </TASK>
[  782.731238][T17335] Modules linked in:
[  782.736329][T17335] ---[ end trace 0000000000000000 ]---
[  783.031096][T17335] RIP: 0010:set_ps_flags+0x321/0x390
[  783.075764][T17335] Code: f6 0f 84 9e fe ff ff e8 fd 6e b9 ff 49 83 ed 01 e9 98 fe ff ff e8 ef 6e b9 ff 48 c7 c6 00 61 be 8b 48 89 df e8 80 82 05 00 90 <0f> 0b e8 e8 f8 24 00 e9 0e fd ff ff e8 0e f9 24 00 e9 78 fd ff ff
[  783.174467][T17335] RSP: 0018:ffffc9000cd7f900 EFLAGS: 00010246
[  783.180579][T17335] RAX: 0000000000080000 RBX: ffffea0000e03e00 RCX: ffffc900063da000
[  783.214327][T17335] RDX: 0000000000080000 RSI: ffffffff825429a8 RDI: ffff888035c2e044
[  783.222448][T17335] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  783.257615][T17335] R10: 0000000000000001 R11: 0000000000000001 R12: ffffc9000cd7f9d0
[  783.284774][T17335] R13: 0000000000000201 R14: ffffea0000e00034 R15: ffffc9000cd7f9d0
[  783.292893][T17335] FS:  00007f77fa81f6c0(0000) GS:ffff88812434d000(0000) knlGS:0000000000000000
[  783.342686][T17335] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  783.387440][T17335] CR2: 000055558fcd99b8 CR3: 00000000463ba000 CR4: 00000000003526f0
[  783.424873][T17335] Kernel panic - not syncing: Fatal exception
[  783.431505][T17335] Kernel Offset: disabled
[  783.435851][T17335] Rebooting in 86400 seconds..