last executing test programs:

6.850970716s ago: executing program 3 (id=1226):
r0 = socket(0x28, 0x5, 0x0)
r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x40, 0x0)
write$auto(0xffffffffffffffff, &(0x7f00000002c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1d\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"P\x8a\xbbY8@Z5`\xa2\x9aSVd\x1d\xac\xe8\x90e\x9d\x03tm\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7.\xbe\x01\x98\xd7l\x00\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfa\xf0\xd9\xc0K\x8b\xa3c\x00'/160, 0xa9)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_smc_pnetid(0x0, r2)
sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x20000054)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
unshare$auto(0x40000080)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x4c2080, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x20004000)
r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getrandom$auto(0x0, 0x6000000, 0x3)
mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r4, 0x8000)
setresgid$auto(0x0, 0x0, 0x0)
ioctl$auto_NS_GET_TGID_IN_PIDNS(r1, 0x8004b709, 0x0)
shmctl$auto_SHM_STAT(0x1, 0xd, 0x0)
ioctl$auto_BLKRRPART(r4, 0x125f, 0x0)
lseek$auto(r3, 0x7fff, 0x40001000)
madvise$auto(0x0, 0x400053, 0x9)
connect$auto(r0, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x56)
read$auto(r0, &(0x7f0000000100)='(\x00', 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x4)

5.725592657s ago: executing program 0 (id=1227):
socket(0xa, 0x3, 0x3b)
semctl$auto_SEM_STAT(0x4, 0x665, 0x12, 0x5)
r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={0xffffffffffffffff, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x80)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto_EVIOCGMASK(0xffffffffffffffff, 0x80104592, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0x47ffffdf2)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000)
recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0)
mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000)
close_range$auto(0x2, 0xa, 0x0)
sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, 0x0, 0x0)

5.552224809s ago: executing program 0 (id=1228):
socket(0x27, 0x2, 0x1fbffffe)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0xa, 0x801, 0x84)
fcntl$auto_F_GETFD(r0, 0x1, 0xffffffff)
io_uring_setup$auto(0x4, 0x0)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS1\x00', 0x101e81, 0x0)
epoll_create$auto(0x4)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = getpid()
r3 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000000), 0x8802, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000000080)={0x1, 0x7, 0x9, 0x4, 0x1})
process_vm_readv$auto(r2, &(0x7f00000001c0)={0x0, 0xfff}, 0x3, &(0x7f0000000280)={&(0x7f0000000100)="6c4bc022f1a924305022a30137693a982a453ee9ff2946c55588f6e6", 0xffffffff}, 0x6, 0x0)
bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x5, 0x105, 0xc, 0xb, 0x800, 0xffffffffffffffff, 0x5, "d81ddef9d4e6d312212bab98f4060bd8", 0x0, 0xffffffffffffffff, 0x7fffffff, 0xa991, 0x7, 0x8001}, 0x7)
epoll_create$auto(0x3e)
r4 = epoll_create$auto(0x8800001)
epoll_ctl$auto(r4, 0x1, r1, 0x0)

5.434548042s ago: executing program 2 (id=1230):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2b, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffffffd}, 0x10001}, 0x5, 0x20000000)
setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x403, 0x8000)
syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff)
statmount$auto(0x0, 0x0, 0x1fe, 0xcde)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000)
socket(0x10, 0x2, 0x0)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000200), r0)
pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffd8ef, 0x2b3d, &(0x7f0000001a80)={@_si_pad}, 0x8f)
stat$auto(&(0x7f0000000240)='./file0\x00', 0x0)
sendmsg$auto_TIPC_NL_KEY_FLUSH(r0, 0x0, 0x4880)
write$auto(0x3, 0x0, 0x7fffffff)
sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x0, 0x8, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x11)
ioctl$auto_FIONREAD(0xffffffffffffffff, 0x541b, 0x2)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2902, 0x0)
read$auto(r1, 0x0, 0x20)
openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/mac80211_hwsim/hwsim13\x00', 0x20900, 0x0)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/jfs/loglevel\x00', 0x1a9701, 0x0)
write$auto(r2, 0x0, 0x9)
openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0)

5.32431928s ago: executing program 0 (id=1231):
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
socket(0x2c, 0x1, 0x0)
listen$auto(0x3, 0x81)
socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2)
mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000)
fsopen$auto(0x0, 0x1)
prctl$auto(0x1000000003b, 0x1, 0x4, 0xd73, 0x7)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
shutdown$auto(0x200000003, 0x2)
recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0)
madvise$auto(0x0, 0x2003f2, 0x15)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(0x0, r1)
mmap$auto(0x2, 0x1, 0x4000000000df, 0x78, r1, 0x300000000000)
socket(0x1d, 0x3, 0x1)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0)
sendfile$auto(r3, r3, 0x0, 0x3)
close_range$auto(0x2, 0x8, 0x0)

5.08763269s ago: executing program 3 (id=1232):
r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x4923c1, 0x0)
mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x9, 0x100010, r0, 0x6)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/modalias\x00', 0x80500, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07)
mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000)
move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2)
read$auto(0x3, 0x0, 0x7fffffff)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x1a1000, 0x0)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
sysfs$auto(0xf7, 0x1e, 0x1000002)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000)
r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x640, 0x0)
ioctl$auto_BLKTRACESETUP2(r2, 0xc0481273, 0x0)
ioctl$auto_XFS_IOC_ALLOCSP(r2, 0x4030580a, &(0x7f0000000000)={0x1, 0x1, 0x1000001, 0xfffffffffffffff9, 0x3})
read$auto_mon_fops_binary_mon_bin(r3, 0x0, 0x0)
ioctl$auto_MON_IOCG_STATS(r3, 0x80089203, 0x0)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0)
ioctl$auto_dma_heap_fops_dma_heap(r4, 0xffffffffffdffe00, 0x0)
ioctl$auto(0x3, 0xc0086202, 0xffffffffffffffff)

4.572812271s ago: executing program 1 (id=1233):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000)
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0)
ioctl$auto_IMDELTIMER(r0, 0x80044941, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x2, 0x1, 0x106)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
sysfs$auto(0x2, 0x23, 0x0)
r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0)
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r1)
sendmsg$auto_NL80211_CMD_DEL_PMKSA(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r5, 0x8, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xc2}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x9}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'virt_wifi0\x00'}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0xfff9}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x40400, 0xd8)
fchmod$auto(r3, 0x8)
setreuid$auto(0x4, 0x8)
mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4)
write$auto(r4, 0x0, 0x4)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
shutdown$auto(0x200000003, 0x2)

4.420469376s ago: executing program 2 (id=1234):
bpf$auto(0x0, &(0x7f0000000040)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x5}, 0x92)
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sysvipc/sem\x00', 0x88882, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(r2, 0x40084d02, r2)
getdents$auto(r1, 0x0, 0x3f1)
socket(0x10, 0x3, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000280), r3)
sendmsg$auto_TIPC_NL_MEDIA_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x20, r4, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @ipv4=@multicast1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000040}, 0x4000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r5 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x20200, 0x0)
writev$auto(r5, &(0x7f0000000280)={&(0x7f0000000440)="8e2588b506f60fc33c76d9e12061ef516d344eadcb10271787535320dcdce232b4722338882ed9efb589921eaa08ada3a217bbc437141f0394c325ba83cb7ddf79eac354ef8719b9917567ea5420b2ea9d29d4ac2d12e860e7e22077e710da19549bb98258b5608dbdee8597624ed06e9e0c117b680c6f56592660b8e55f9343c6a99ae07d067c568ac5f8f2d681c9169ed031f7886288e91ca84d088429ff55e23d1fdbb088c3affc4722603a1731e0827623d928f71965c3a9db2b92f764922ecf5c9401dee6dc02f9c9", 0x4}, 0x1ff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), r6)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="07031abd70250c00587b22"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x40800)
writev$auto(0x3, &(0x7f0000000140)={&(0x7f0000000000), 0xdc7}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x9}, 0x10007}, 0x3, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14f602, 0x0)
getdents$auto(r1, 0x0, 0xa2b0)
pread64$auto(r0, &(0x7f0000000140)='\xe8\xaa\n\x99\x92\x0e<P\x8c\xd10\xc0\x94\xd4\xda\xb1\r\f\x00\x00\xddJ\xe80\x8e\x9c\xb4U\r\xa5C.\xa9EN.\x1c\xef\xb9<w\xe2\x05~SD\x1907G\x97]\x0eS\t\v\xce\xe5-?\xd2\xa1V\x94\xaf\x81\n\x18K\x90\xed\xec\xd6,\x9bK\x9d\a^\xb0!\xd3\xd2\x9ez\x86b\xd1z\x90|\xb0Z<\\\xf4O\xefl\x8f{\xbd\x8b\x1f\xc03\x0f@\xb1\xb9j\xc3\xf4\x96\x1a#-G2d\xa2\n\x1f\xd0\xd7u\xc8\x9b#\xcd\x8c\xc5\x00\x8c\x03\xb6\vre\xbe\xca\xa88\x92\xfb\x82\xc9\x82m\xc1-3jZ\x82\xb2g\x7f\x0ei\xf1\xc1\xaa\xdd\x0faN\x92&b\xbb\xc9\x1d\xbe\x00'/194, 0x7fff, 0x3)

4.184920886s ago: executing program 2 (id=1235):
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0)
ioctl$auto_TIOCGDEV2(r0, 0x80045432, &(0x7f0000000040)=0xddc)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r1, 0x8000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x4a7)
migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2)
move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x1, 0x84)
setsockopt$auto(0x3, 0x10000000084, 0xa, 0x0, 0x20)
r2 = getpgid(0xffffffffffffffff)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f00000002c0)={{@inferred=0xffffffffffffffff, 0x4, 0x1, 0x0, "bfc956f7b829ea9bc64a831c54b927c5c84cdfcb6d840bf6034bbe162b339fcc0b9ad62f05f5e47256dc5c36", @raw=0x4}, 0x0, 0x5, 0xd77e, @inferred=r2, @integer={0x5, 0x2, 0x5}, "ff0931dc5a3fb879791acf380abcfd7f9f393a68114cc9d69244416e96525a166b971aae562cbc70472d48eb5f54d36edf407701d0d1c4e40409e86cafa60765"})
close_range$auto(0x2, 0x8, 0x0)
openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, 0x0, 0x414041, 0x0)
mmap$auto(0x0, 0x400008, 0xde, 0x9b72, 0x2, 0x800008000)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x9, 0x20000000)
getpid()
r3 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r3, 0x29, 0x30, 0x0, 0x56b)

4.184788135s ago: executing program 3 (id=1236):
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r0 = socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
io_uring_setup$auto(0xf0, &(0x7f0000000180)={0x6, 0x18, 0xd64, 0xc852, 0x6, 0x7, r0, [0x1, 0x401, 0x1000], {0x7, 0x5, 0x1, 0x4, 0x95, 0xf4c, 0x7fff, 0xfffffffb, 0x65f29f6d}, {0x3, 0xadc, 0x10000, 0x0, 0x5, 0xffffffff, 0x1000, 0x54f, 0x5}})
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
close_range$auto(0x2, 0xa, 0x0)
socket(0xa, 0x2, 0x0)
r1 = socket(0xa, 0x3, 0xff)
connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
write$auto_proc_mem_operations_base(0xffffffffffffffff, 0x0, 0x0)
syz_clone3(0x0, 0x0)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000)
io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}})
syz_clone(0x1002000, 0x0, 0x0, 0x0, 0x0, 0x0)
futex_wake$auto(0x0, 0x5, 0x4, 0xa)
futex_wake$auto(&(0x7f0000000000)="facff2b53ab3522cb329b5a87bdbc091f5a6ad597f2789e870d64db4cf6503135f5a750abc973b65703b664991ab45d13445d9c4df1d25210345f44468854c9689b943d1c65073bf11fd0c98fb48f9f4d67c0908e7470167", 0xfffffffffffffff8, 0xfff, 0x7f)
shmget$auto(0x8, 0x10563, 0x568d1af2)
mmap$auto(0x0, 0x2000a, 0x10000000000e1, 0xeb2, 0x401, 0x8000)

3.593074572s ago: executing program 1 (id=1237):
ioctl$auto_FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff)
write$auto(0xffffffffffffffff, 0x0, 0x5)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000000)={[0x1ff, 0x9, 0x8, 0x1, 0x2, 0x4, 0x15f4da0e, 0x100, 0xd08, 0xc, 0x200000000000c, 0x0, 0x6d2f, 0xffffffffffffff00, 0x2, 0x4000000000000d]}, 0x0)
socket(0x2c, 0x1, 0x4004)
getsockopt$auto(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x2002, 0x0)
sendfile$auto(0x3, 0x3, 0x0, 0x400000000006)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
fanotify_init$auto(0x5, 0x0)
mmap$auto(0x0, 0x853, 0x2000000000000002, 0xeb1, 0xffffffffffffffff, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/advisor_target_scan_time\x00', 0x201, 0x0)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/conf/ip6gretap0/accept_source_route\x00', 0x20140, 0x0)
read$auto(r0, 0x0, 0x1ff)
write$auto(0x3, 0x0, 0xfdef)
mbind$auto(0x0, 0x0, 0x100000000, 0x0, 0x6, 0x2)
userfaultfd$auto(0x5)

3.506462464s ago: executing program 0 (id=1238):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
r0 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0)
prlimit64$auto(0xffffffffffffffff, 0x101, 0x0, 0x0)
write$auto_ftrace_subsystem_filter_fops_trace_events(r0, &(0x7f0000000240)="8f0447fef2afea7e35a0274f508a73119aff3bc0528f45fd27fea1bb4baa95f757cf9e57a14e04353736f4a23ce2a531c678ed7d6d28d43aaea2a69abe3e93453380adf35653f5875227ce319330afe5e4cc7601a8eccbb3729f9869ca35edaf6343e41fe91304ef53273ed0943b28e00e9c2f919d54fe990911e4c265c3d23eb6", 0x81)
syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
mmap$auto(0x8000000000000001, 0x2020009, 0x3, 0x1fb, 0xfffffffffffffffa, 0xc000000000000)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r1, 0x0, 0x2)
ioctl$auto_FS_IOC_FSGETXATTR(r1, 0x801c581f, 0xa)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/err_count\x00', 0x800, 0x0)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop4\x00', 0x60742, 0x0)
ioctl$auto_BLKZEROOUT(r2, 0x127f, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
madvise$auto(0x0, 0x2000000080000001, 0x3)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
write$auto_tap_fops_tap(r3, &(0x7f0000000000)="c6c45342f36d76e12eaa55e1d6f56e36b2641f6f81fa48a1243798eb218435a659637ceb5ff4b2089e31", 0x2a)
shutdown$auto(r3, 0x3)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/slab/kmalloc-64/total_objects\x00', 0x80000, 0x0)

2.528601359s ago: executing program 3 (id=1239):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0)
preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r0)
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae80, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_register$auto(0x2, 0x1d, 0x0, 0x0)
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000)
mremap$auto(0x1, 0x4, 0x3, 0x50a, 0x6)
socket(0x2, 0x1, 0x0)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)

2.520943813s ago: executing program 2 (id=1247):
mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000)
pwrite64$auto(0xc8, &(0x7f0000000180)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00/\x00\x00\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL2\x01\x88\v\xae\xa9i8W\xe5\x00W\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\x90\x13\xd5\x84\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x95\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x13#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xbf\xa6\x11YTz\xf3\xdd\xe7i~:\x1a\xd0\xb0R\xb4J}\x00\x00\x00\x00\x00\x00\xa3\x05\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xd5\xc1\"\xact\xff\xc9\x00'/242, 0xfded, 0x4)
close_range$auto(0x2, 0xa, 0x0)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socket(0x28, 0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x44a700, 0x0)
socket(0x2, 0x1, 0x106)
openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/block/nbd11/hctx0/busy\x00', 0x60000, 0x0)
r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000240)='/dev/binderfs/binder0\x00', 0x80000, 0x0)
ppoll$auto(&(0x7f00000002c0)={r2, 0x101, 0x2}, 0x6, 0x0, 0x0, 0x8)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_UDMABUF_CREATE_LIST(r1, 0x40087543, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto(0xffffffffffffffff, 0x8946, 0x24)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x5, 0x2, 0xfffffffffffffffe]}, 0x0)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xfffffdfe, 0xf, 0xfffffffffffffffe, 0x948b, 0x3, 0x4, 0x3, 0x1000, 0x200000000000005e, 0x4000008000001f, 0x17, 0x6d3e, 0x0, 0x2, 0x8000000000820]}, 0x0)
r4 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0c01, 0x0)
ioctl$auto_VHOST_SET_FEATURES2(r4, 0x4008af00, &(0x7f0000000040)=0xc)

2.449294079s ago: executing program 1 (id=1240):
r0 = socket(0x2, 0x2, 0x88)
readv$auto(0x3, &(0x7f0000000600)={0x0, 0xfdf3}, 0x1da)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0)
read$auto(r2, 0x0, 0x20)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
read$auto_fops_x64_ro_(0xffffffffffffffff, &(0x7f00000001c0)=""/42, 0x2a)
signalfd$auto(r1, &(0x7f00000003c0)={0x31e}, 0xb071)
madvise$auto(0x0, 0x200007, 0x19)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x0, 0x200, 0x70bd27, 0x25dfdbfe, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x44000)
mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xffffffffffffffff, 0x8000)
write$auto(r1, 0x0, 0x5)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x4015)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0)
pread64$auto(r3, 0x0, 0x80000000008, 0x8000)

1.58829944s ago: executing program 3 (id=1241):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000)
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0)
ioctl$auto_IMDELTIMER(r0, 0x80044941, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x2, 0x1, 0x106)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
sysfs$auto(0x2, 0x23, 0x0)
r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0)
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r1)
sendmsg$auto_NL80211_CMD_DEL_PMKSA(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r5, 0x8, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xc2}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x9}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'virt_wifi0\x00'}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0xfff9}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x40400, 0xd8)
fchmod$auto(r3, 0x8)
setreuid$auto(0x4, 0x8)
mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4)
write$auto(r4, 0x0, 0x4)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
shutdown$auto(0x200000003, 0x2)

1.514826892s ago: executing program 0 (id=1242):
memfd_secret$auto(0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0)
socket(0x1a, 0x1, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
writev$auto(0xffffffffffffffff, 0x0, 0x3)
listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1)
socket(0x2b, 0x1, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
mlock$auto(0x112, 0x80006)
madvise$auto(0x0, 0x200007, 0x19)
write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000000)="4c91f2c388274610e12c861bb2bfd9800e9b39", 0x13)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
r2 = socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(r2, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f)

1.47124685s ago: executing program 2 (id=1243):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/bus/serio/drivers/pulse8-cec/bind_mode\x00', 0x1eb842, 0x0)
r0 = bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x7, 0x4, 0xffffffffffffffff, 0xa, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0xe5, 0x3}, 0x10)
bpf$auto(0x18, &(0x7f0000000380)=@bpf_attr_11={0x4, 0x9, 0x866b, 0x100005, 0x80000009, 0xfffffe01, 0xe6d9, r0}, 0x92)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x580, 0x0)
mmap$auto(0x7, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000000000000000)
openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4004810}, 0x4008815)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x6)
r1 = socket(0x2, 0x1, 0x0)
bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a)
sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mmap$auto(0x0, 0x400007, 0xde, 0x9b72, 0x2, 0x8000)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
write$auto(0x3, 0x0, 0x101085)

1.425726003s ago: executing program 1 (id=1244):
bpf$auto(0x0, &(0x7f0000000040)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x5}, 0x92)
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sysvipc/sem\x00', 0x88882, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(r2, 0x40084d02, r2)
getdents$auto(r1, 0x0, 0x3f1)
socket(0x10, 0x3, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000280), r3)
sendmsg$auto_TIPC_NL_MEDIA_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x20, r4, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @ipv4=@multicast1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000040}, 0x4000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r5 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x20200, 0x0)
writev$auto(r5, &(0x7f0000000280)={&(0x7f0000000440)="8e2588b506f60fc33c76d9e12061ef516d344eadcb10271787535320dcdce232b4722338882ed9efb589921eaa08ada3a217bbc437141f0394c325ba83cb7ddf79eac354ef8719b9917567ea5420b2ea9d29d4ac2d12e860e7e22077e710da19549bb98258b5608dbdee8597624ed06e9e0c117b680c6f56592660b8e55f9343c6a99ae07d067c568ac5f8f2d681c9169ed031f7886288e91ca84d088429ff55e23d1fdbb088c3affc4722603a1731e0827623d928f71965c3a9db2b92f764922ecf5c9401dee6dc02f9c9", 0x4}, 0x1ff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), r6)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="07031abd70250c00587b22"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x40800)
writev$auto(0x3, &(0x7f0000000140)={&(0x7f0000000000), 0xdc7}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x9}, 0x10007}, 0x3, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14f602, 0x0)
getdents$auto(r1, 0x0, 0xa2b0)
pread64$auto(r0, &(0x7f0000000140)='\xe8\xaa\n\x99\x92\x0e<P\x8c\xd10\xc0\x94\xd4\xda\xb1\r\f\x00\x00\xddJ\xe80\x8e\x9c\xb4U\r\xa5C.\xa9EN.\x1c\xef\xb9<w\xe2\x05~SD\x1907G\x97]\x0eS\t\v\xce\xe5-?\xd2\xa1V\x94\xaf\x81\n\x18K\x90\xed\xec\xd6,\x9bK\x9d\a^\xb0!\xd3\xd2\x9ez\x86b\xd1z\x90|\xb0Z<\\\xf4O\xefl\x8f{\xbd\x8b\x1f\xc03\x0f@\xb1\xb9j\xc3\xf4\x96\x1a#-G2d\xa2\n\x1f\xd0\xd7u\xc8\x9b#\xcd\x8c\xc5\x00\x8c\x03\xb6\vre\xbe\xca\xa88\x92\xfb\x82\xc9\x82m\xc1-3jZ\x82\xb2g\x7f\x0ei\xf1\xc1\xaa\xdd\x0faN\x92&b\xbb\xc9\x1d\xbe\x00'/194, 0x7fff, 0x3)

1.215663128s ago: executing program 1 (id=1245):
r0 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
write$auto(r0, &(0x7f0000000240)='/dev/vhost-net\x00', 0x4)
r1 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x42842, 0x95)
sendmsg$auto_NL80211_CMD_PROBE_CLIENT(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x6}, 0x20000000)
read$auto(r1, 0x0, 0x1)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0)
socket(0x3, 0x6, 0x4)
io_uring_setup$auto(0x2, 0x0)
r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20881, 0x0)
getsockopt$auto_SO_TXREHASH(r2, 0xffffff00, 0x4a, &(0x7f00000001c0)='\x00', &(0x7f0000000200)=0x4)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0x10, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x4, 0xd3e, 0x1, 0x948b, 0x3, 0x800295f4da0a, 0x2, 0x3, 0x5, 0x80000001, 0x40, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x4, 0xd, 0x1, 0x948f, 0x1005, 0x206, 0x1, 0x0, 0x7, 0x9, 0xfffffffffffffff4, 0x6, 0x100000000000000, 0xfff, 0xf]}, 0x0)
pread64$auto(0xffffffffffffffff, 0x0, 0x100000001, 0x100)
r4 = socket(0x2b, 0x1, 0x1)
ioctl$auto(r4, 0x89a0, 0x4)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
madvise$auto(0x2000, 0x20499d, 0x9)

579.432032ms ago: executing program 3 (id=1246):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2b, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffffffd}, 0x10001}, 0x5, 0x20000000)
setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x403, 0x8000)
syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff)
statmount$auto(0x0, 0x0, 0x1fe, 0xcde)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000200), r0)
pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffd8ef, 0x2b3d, &(0x7f0000001a80)={@_si_pad}, 0x8f)
stat$auto(&(0x7f0000000240)='./file0\x00', 0x0)
sendmsg$auto_TIPC_NL_KEY_FLUSH(r0, 0x0, 0x4880)
write$auto(0x3, 0x0, 0x7fffffff)
sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x0, 0x8, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x11)
ioctl$auto_FIONREAD(0xffffffffffffffff, 0x541b, 0x2)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2902, 0x0)
read$auto(r1, 0x0, 0x20)
openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/mac80211_hwsim/hwsim13\x00', 0x20900, 0x0)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/jfs/loglevel\x00', 0x1a9701, 0x0)
write$auto(r2, 0x0, 0x9)
openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0)

371.805198ms ago: executing program 0 (id=1248):
mmap$auto(0x0, 0x4, 0x1ff, 0x40eb1, 0x401, 0x300000000001)
r0 = socket(0x2, 0x1, 0x106)
bind$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x3, 0x4001}, 0x4006b)
mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
semctl$auto(0xa, 0x2, 0x13, 0xde)
r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS0\x00', 0x101e81, 0x0)
write$auto_tty_fops_tty_io(r2, &(0x7f0000000680)="1f9319c707498de36a6eedfcfaa139bb5f55cf18b4ee56510d38c0f1006a40000000000000003a556e204dbdd72555ac78", 0x31)
setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9)
ioctl$auto_I2C_SMBUS(r1, 0x720, &(0x7f0000000080))
recvmmsg$auto(0x3, 0x0, 0x80000401, 0x4000, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0x5)
r3 = socket(0x11, 0xa, 0x9)
bind$auto(r3, 0x0, 0x9)
sendmsg$auto_OVS_FLOW_CMD_SET(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x10)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
listen$auto(0x3, 0x81)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007)

271.577816ms ago: executing program 2 (id=1249):
ioctl$auto_FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff)
write$auto(0xffffffffffffffff, 0x0, 0x5)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000000)={[0x1ff, 0x9, 0x8, 0x1, 0x2, 0x4, 0x15f4da0e, 0x100, 0xd08, 0xc, 0x200000000000c, 0x0, 0x6d2f, 0xffffffffffffff00, 0x2, 0x4000000000000d]}, 0x0)
socket(0x2c, 0x1, 0x4004)
getsockopt$auto(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x2002, 0x0)
sendfile$auto(0x3, 0x3, 0x0, 0x400000000006)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
fanotify_init$auto(0x5, 0x0)
mmap$auto(0x0, 0x853, 0x2000000000000002, 0xeb1, 0xffffffffffffffff, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/advisor_target_scan_time\x00', 0x201, 0x0)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/conf/ip6gretap0/accept_source_route\x00', 0x20140, 0x0)
read$auto(r0, 0x0, 0x1ff)
write$auto(0x3, 0x0, 0xfdef)
mbind$auto(0x0, 0x0, 0x100000000, 0x0, 0x6, 0x2)
userfaultfd$auto(0x5)

0s ago: executing program 1 (id=1250):
r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttybf\x00', 0x88080, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000)
socket(0x1a, 0x800, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0xffff, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0)
prctl$auto(0x3e, 0x3, 0x0, 0x1, 0x0)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0)
socketpair$auto(0x1, 0x80000000, 0x7, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0)
pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00,\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
getsockopt$auto_SO_RCVMARK(r1, 0x0, 0x4b, 0x0, &(0x7f00000000c0)=0x7)
mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000)
recvmmsg$auto(0x3, 0x0, 0x2010000, 0x6, 0x0)
mlockall$auto(0x7)
mmap$auto(0x5, 0x40006, 0xdf, 0xfffffffffffffffb, r0, 0x4000028000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x6)
r2 = socket(0x2, 0x1, 0x0)
socket(0xa, 0x3, 0x3a)
setsockopt$auto(r2, 0x0, 0xd4, 0x0, 0x8)
setsockopt$auto(0xffffffffffffffff, 0x8, 0x3c, 0x0, 0x9)

kernel console output (not intermixed with test programs):

t_warn+0x10/0x10
[  563.612273][T11250]  hci_le_conn_complete_evt+0x23c/0x3a0
[  563.612289][T11250]  ? skb_pull_data+0x15f/0x1e0
[  563.612314][T11250]  hci_le_meta_evt+0x34a/0x5f0
[  563.612330][T11250]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  563.612349][T11250]  hci_event_packet+0x682/0x11c0
[  563.612364][T11250]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  563.612381][T11250]  ? __pfx_hci_event_packet+0x10/0x10
[  563.612398][T11250]  ? kcov_remote_start+0x374/0x660
[  563.612413][T11250]  ? lockdep_hardirqs_on+0x78/0x100
[  563.612435][T11250]  hci_rx_work+0x451/0xfc0
[  563.612453][T11250]  process_one_work+0x9d7/0x1920
[  563.612482][T11250]  ? __pfx_process_one_work+0x10/0x10
[  563.612511][T11250]  ? __pfx_hci_rx_work+0x10/0x10
[  563.612528][T11250]  worker_thread+0x5da/0xe40
[  563.612557][T11250]  ? __pfx_worker_thread+0x10/0x10
[  563.612578][T11250]  ? kthread+0x13a/0x450
[  563.612595][T11250]  ? __pfx_worker_thread+0x10/0x10
[  563.612614][T11250]  kthread+0x370/0x450
[  563.612632][T11250]  ? __pfx_kthread+0x10/0x10
[  563.612651][T11250]  ret_from_fork+0x754/0xd80
[  563.612674][T11250]  ? __pfx_ret_from_fork+0x10/0x10
[  563.612697][T11250]  ? __switch_to+0x7b4/0x1120
[  563.612713][T11250]  ? __pfx_kthread+0x10/0x10
[  563.612733][T11250]  ret_from_fork_asm+0x1a/0x30
[  563.612759][T11250]  </TASK>
[  563.612851][T11250] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  563.932729][T11250] Bluetooth: hci0: failed to register connection device
[  564.599648][T10083] Bluetooth: hci1: command 0x0406 tx timeout
[  564.759740][T11270] Bluetooth: hci0: command 0x0406 tx timeout
[  564.842472][T11270] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  564.850731][T11270] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[  564.860914][T11270] CPU: 0 UID: 0 PID: 11270 Comm: kworker/u11:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  564.860948][T11270] Tainted: [L]=SOFTLOCKUP
[  564.860954][T11270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  564.860964][T11270] Workqueue: hci0 hci_rx_work
[  564.860984][T11270] Call Trace:
[  564.860990][T11270]  <TASK>
[  564.860996][T11270]  dump_stack_lvl+0x100/0x190
[  564.861021][T11270]  sysfs_warn_dup.cold+0x1c/0x28
[  564.861043][T11270]  sysfs_create_dir_ns+0x24b/0x2b0
[  564.861066][T11270]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  564.861084][T11270]  ? find_held_lock+0x2b/0x80
[  564.861098][T11270]  ? kobject_add_internal+0x25f/0x930
[  564.861119][T11270]  ? kobject_add_internal+0x25f/0x930
[  564.861141][T11270]  ? do_raw_spin_unlock+0x145/0x1e0
[  564.861164][T11270]  kobject_add_internal+0x2c8/0x930
[  564.861188][T11270]  kobject_add+0x16a/0x1e0
[  564.861208][T11270]  ? __pfx_kobject_add+0x10/0x10
[  564.861227][T11270]  ? class_to_subsys+0x10f/0x150
[  564.861246][T11270]  ? kobject_put+0xb9/0x640
[  564.861264][T11270]  ? _raw_spin_unlock+0x28/0x50
[  564.861284][T11270]  device_add+0x294/0x1950
[  564.861309][T11270]  ? __pfx_dev_set_name+0x10/0x10
[  564.861327][T11270]  ? __pfx_device_add+0x10/0x10
[  564.861350][T11270]  ? mgmt_send_event_skb+0x2fb/0x460
[  564.861372][T11270]  hci_conn_add_sysfs+0x1a3/0x260
[  564.861392][T11270]  le_conn_complete_evt+0x11cb/0x1f40
[  564.861412][T11270]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  564.861427][T11270]  ? __pfx_bt_warn+0x10/0x10
[  564.861447][T11270]  hci_le_conn_complete_evt+0x23c/0x3a0
[  564.861464][T11270]  ? skb_pull_data+0x15f/0x1e0
[  564.861488][T11270]  hci_le_meta_evt+0x34a/0x5f0
[  564.861505][T11270]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  564.861523][T11270]  hci_event_packet+0x682/0x11c0
[  564.861539][T11270]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  564.861556][T11270]  ? __pfx_hci_event_packet+0x10/0x10
[  564.861573][T11270]  ? kcov_remote_start+0x374/0x660
[  564.861587][T11270]  ? lockdep_hardirqs_on+0x78/0x100
[  564.861618][T11270]  hci_rx_work+0x451/0xfc0
[  564.861640][T11270]  process_one_work+0x9d7/0x1920
[  564.861671][T11270]  ? __pfx_process_one_work+0x10/0x10
[  564.861698][T11270]  ? __pfx_hci_rx_work+0x10/0x10
[  564.861715][T11270]  worker_thread+0x5da/0xe40
[  564.861741][T11270]  ? __pfx_worker_thread+0x10/0x10
[  564.861762][T11270]  ? kthread+0x13a/0x450
[  564.861779][T11270]  ? __pfx_worker_thread+0x10/0x10
[  564.861797][T11270]  kthread+0x370/0x450
[  564.861822][T11270]  ? __pfx_kthread+0x10/0x10
[  564.861846][T11270]  ret_from_fork+0x754/0xd80
[  564.861868][T11270]  ? __pfx_ret_from_fork+0x10/0x10
[  564.861891][T11270]  ? __switch_to+0x7b4/0x1120
[  564.861907][T11270]  ? __pfx_kthread+0x10/0x10
[  564.861927][T11270]  ret_from_fork_asm+0x1a/0x30
[  564.861953][T11270]  </TASK>
[  564.862049][T11270] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  565.175975][T11270] Bluetooth: hci0: failed to register connection device
[  565.640784][T11270] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  565.649364][T11270] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  565.660485][T11270] CPU: 0 UID: 0 PID: 11270 Comm: kworker/u11:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  565.660511][T11270] Tainted: [L]=SOFTLOCKUP
[  565.660517][T11270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  565.660528][T11270] Workqueue: hci2 hci_rx_work
[  565.660549][T11270] Call Trace:
[  565.660554][T11270]  <TASK>
[  565.660560][T11270]  dump_stack_lvl+0x100/0x190
[  565.660586][T11270]  sysfs_warn_dup.cold+0x1c/0x28
[  565.660609][T11270]  sysfs_create_dir_ns+0x24b/0x2b0
[  565.660630][T11270]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  565.660648][T11270]  ? find_held_lock+0x2b/0x80
[  565.660662][T11270]  ? kobject_add_internal+0x25f/0x930
[  565.660684][T11270]  ? kobject_add_internal+0x25f/0x930
[  565.660705][T11270]  ? do_raw_spin_unlock+0x145/0x1e0
[  565.660728][T11270]  kobject_add_internal+0x2c8/0x930
[  565.660752][T11270]  kobject_add+0x16a/0x1e0
[  565.660782][T11270]  ? __pfx_kobject_add+0x10/0x10
[  565.660802][T11270]  ? class_to_subsys+0x10f/0x150
[  565.660822][T11270]  ? kobject_put+0xb9/0x640
[  565.660841][T11270]  ? _raw_spin_unlock+0x28/0x50
[  565.660862][T11270]  device_add+0x294/0x1950
[  565.660877][T11270]  ? __pfx_dev_set_name+0x10/0x10
[  565.660894][T11270]  ? __pfx_device_add+0x10/0x10
[  565.660909][T11270]  ? mgmt_send_event_skb+0x2fb/0x460
[  565.660939][T11270]  hci_conn_add_sysfs+0x1a3/0x260
[  565.660959][T11270]  le_conn_complete_evt+0x11cb/0x1f40
[  565.660981][T11270]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  565.660995][T11270]  ? __pfx_bt_warn+0x10/0x10
[  565.661017][T11270]  hci_le_conn_complete_evt+0x23c/0x3a0
[  565.661033][T11270]  ? skb_pull_data+0x15f/0x1e0
[  565.661059][T11270]  hci_le_meta_evt+0x34a/0x5f0
[  565.661076][T11270]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  565.661094][T11270]  hci_event_packet+0x682/0x11c0
[  565.661110][T11270]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  565.661127][T11270]  ? __pfx_hci_event_packet+0x10/0x10
[  565.661144][T11270]  ? kcov_remote_start+0x374/0x660
[  565.661158][T11270]  ? lockdep_hardirqs_on+0x78/0x100
[  565.661180][T11270]  hci_rx_work+0x451/0xfc0
[  565.661199][T11270]  process_one_work+0x9d7/0x1920
[  565.661228][T11270]  ? __pfx_process_one_work+0x10/0x10
[  565.661254][T11270]  ? __pfx_hci_rx_work+0x10/0x10
[  565.661274][T11270]  worker_thread+0x5da/0xe40
[  565.661300][T11270]  ? __pfx_worker_thread+0x10/0x10
[  565.661321][T11270]  ? kthread+0x13a/0x450
[  565.661338][T11270]  ? __pfx_worker_thread+0x10/0x10
[  565.661357][T11270]  kthread+0x370/0x450
[  565.661375][T11270]  ? __pfx_kthread+0x10/0x10
[  565.661394][T11270]  ret_from_fork+0x754/0xd80
[  565.661417][T11270]  ? __pfx_ret_from_fork+0x10/0x10
[  565.661439][T11270]  ? __switch_to+0x7b4/0x1120
[  565.661455][T11270]  ? __pfx_kthread+0x10/0x10
[  565.661475][T11270]  ret_from_fork_asm+0x1a/0x30
[  565.661502][T11270]  </TASK>
[  565.661525][T11270] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  565.987111][T11270] Bluetooth: hci2: failed to register connection device
[  566.283769][T11270] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  566.293719][T11270] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0'
[  566.306205][T11270] CPU: 0 UID: 0 PID: 11270 Comm: kworker/u11:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  566.306231][T11270] Tainted: [L]=SOFTLOCKUP
[  566.306236][T11270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  566.306247][T11270] Workqueue: hci1 hci_rx_work
[  566.306267][T11270] Call Trace:
[  566.306272][T11270]  <TASK>
[  566.306279][T11270]  dump_stack_lvl+0x100/0x190
[  566.306305][T11270]  sysfs_warn_dup.cold+0x1c/0x28
[  566.306328][T11270]  sysfs_create_dir_ns+0x24b/0x2b0
[  566.306348][T11270]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  566.306367][T11270]  ? find_held_lock+0x2b/0x80
[  566.306381][T11270]  ? kobject_add_internal+0x25f/0x930
[  566.306403][T11270]  ? kobject_add_internal+0x25f/0x930
[  566.306424][T11270]  ? do_raw_spin_unlock+0x145/0x1e0
[  566.306446][T11270]  kobject_add_internal+0x2c8/0x930
[  566.306470][T11270]  kobject_add+0x16a/0x1e0
[  566.306490][T11270]  ? __pfx_kobject_add+0x10/0x10
[  566.306510][T11270]  ? class_to_subsys+0x10f/0x150
[  566.306528][T11270]  ? kobject_put+0xb9/0x640
[  566.306546][T11270]  ? _raw_spin_unlock+0x28/0x50
[  566.306566][T11270]  device_add+0x294/0x1950
[  566.306580][T11270]  ? __pfx_dev_set_name+0x10/0x10
[  566.306599][T11270]  ? __pfx_device_add+0x10/0x10
[  566.306614][T11270]  ? mgmt_send_event_skb+0x2fb/0x460
[  566.306634][T11270]  hci_conn_add_sysfs+0x1a3/0x260
[  566.306653][T11270]  le_conn_complete_evt+0x11cb/0x1f40
[  566.306673][T11270]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  566.306687][T11270]  ? __pfx_bt_warn+0x10/0x10
[  566.306709][T11270]  hci_le_conn_complete_evt+0x23c/0x3a0
[  566.306725][T11270]  ? skb_pull_data+0x15f/0x1e0
[  566.306750][T11270]  hci_le_meta_evt+0x34a/0x5f0
[  566.306766][T11270]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  566.306785][T11270]  hci_event_packet+0x682/0x11c0
[  566.306800][T11270]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  566.306826][T11270]  ? __pfx_hci_event_packet+0x10/0x10
[  566.306845][T11270]  ? kcov_remote_start+0x374/0x660
[  566.306859][T11270]  ? lockdep_hardirqs_on+0x78/0x100
[  566.306882][T11270]  hci_rx_work+0x451/0xfc0
[  566.306901][T11270]  process_one_work+0x9d7/0x1920
[  566.306929][T11270]  ? __pfx_process_one_work+0x10/0x10
[  566.306956][T11270]  ? __pfx_hci_rx_work+0x10/0x10
[  566.306972][T11270]  worker_thread+0x5da/0xe40
[  566.306997][T11270]  ? __pfx_worker_thread+0x10/0x10
[  566.307017][T11270]  ? kthread+0x13a/0x450
[  566.307035][T11270]  ? __pfx_worker_thread+0x10/0x10
[  566.307054][T11270]  kthread+0x370/0x450
[  566.307072][T11270]  ? __pfx_kthread+0x10/0x10
[  566.307091][T11270]  ret_from_fork+0x754/0xd80
[  566.307113][T11270]  ? __pfx_ret_from_fork+0x10/0x10
[  566.307136][T11270]  ? __switch_to+0x7b4/0x1120
[  566.307151][T11270]  ? __pfx_kthread+0x10/0x10
[  566.307171][T11270]  ret_from_fork_asm+0x1a/0x30
[  566.307197][T11270]  </TASK>
[  566.307217][T11270] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  566.623089][T11270] Bluetooth: hci1: failed to register connection device
[  566.682375][T11270] Bluetooth: hci1: command 0x0406 tx timeout
[  566.844528][T11270] Bluetooth: hci0: command 0x0406 tx timeout
[  567.331876][T11270] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  567.398773][T11330] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  567.702361][T11332] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1034'.
[  567.748612][T11332] netlink: 'syz.0.1034': attribute type 1 has an invalid length.
[  567.794586][T11332] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1034'.
[  568.042093][T10030] Bluetooth: hci2: command 0x0406 tx timeout
[  568.509581][T11270] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  568.517814][T11270] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  568.528009][T11270] CPU: 0 UID: 0 PID: 11270 Comm: kworker/u11:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  568.528035][T11270] Tainted: [L]=SOFTLOCKUP
[  568.528041][T11270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  568.528052][T11270] Workqueue: hci3 hci_rx_work
[  568.528072][T11270] Call Trace:
[  568.528079][T11270]  <TASK>
[  568.528085][T11270]  dump_stack_lvl+0x100/0x190
[  568.528150][T11270]  sysfs_warn_dup.cold+0x1c/0x28
[  568.528173][T11270]  sysfs_create_dir_ns+0x24b/0x2b0
[  568.528195][T11270]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  568.528214][T11270]  ? find_held_lock+0x2b/0x80
[  568.528228][T11270]  ? kobject_add_internal+0x25f/0x930
[  568.528248][T11270]  ? kobject_add_internal+0x25f/0x930
[  568.528270][T11270]  ? do_raw_spin_unlock+0x145/0x1e0
[  568.528293][T11270]  kobject_add_internal+0x2c8/0x930
[  568.528317][T11270]  kobject_add+0x16a/0x1e0
[  568.528337][T11270]  ? __pfx_kobject_add+0x10/0x10
[  568.528356][T11270]  ? class_to_subsys+0x10f/0x150
[  568.528374][T11270]  ? kobject_put+0xb9/0x640
[  568.528392][T11270]  ? _raw_spin_unlock+0x28/0x50
[  568.528423][T11270]  device_add+0x294/0x1950
[  568.528437][T11270]  ? __pfx_dev_set_name+0x10/0x10
[  568.528455][T11270]  ? __pfx_device_add+0x10/0x10
[  568.528470][T11270]  ? mgmt_send_event_skb+0x2fb/0x460
[  568.528492][T11270]  hci_conn_add_sysfs+0x1a3/0x260
[  568.528511][T11270]  le_conn_complete_evt+0x11cb/0x1f40
[  568.528532][T11270]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  568.528546][T11270]  ? __pfx_bt_warn+0x10/0x10
[  568.528567][T11270]  hci_le_conn_complete_evt+0x23c/0x3a0
[  568.528583][T11270]  ? skb_pull_data+0x15f/0x1e0
[  568.528608][T11270]  hci_le_meta_evt+0x34a/0x5f0
[  568.528625][T11270]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  568.528643][T11270]  hci_event_packet+0x682/0x11c0
[  568.528658][T11270]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  568.528675][T11270]  ? __pfx_hci_event_packet+0x10/0x10
[  568.528693][T11270]  ? kcov_remote_start+0x374/0x660
[  568.528707][T11270]  ? lockdep_hardirqs_on+0x78/0x100
[  568.528730][T11270]  hci_rx_work+0x451/0xfc0
[  568.528748][T11270]  process_one_work+0x9d7/0x1920
[  568.528777][T11270]  ? __pfx_process_one_work+0x10/0x10
[  568.528803][T11270]  ? __pfx_hci_rx_work+0x10/0x10
[  568.528822][T11270]  worker_thread+0x5da/0xe40
[  568.528847][T11270]  ? __pfx_worker_thread+0x10/0x10
[  568.528868][T11270]  ? kthread+0x13a/0x450
[  568.528885][T11270]  ? __pfx_worker_thread+0x10/0x10
[  568.528904][T11270]  kthread+0x370/0x450
[  568.528922][T11270]  ? __pfx_kthread+0x10/0x10
[  568.528941][T11270]  ret_from_fork+0x754/0xd80
[  568.528963][T11270]  ? __pfx_ret_from_fork+0x10/0x10
[  568.528986][T11270]  ? __switch_to+0x7b4/0x1120
[  568.529002][T11270]  ? __pfx_kthread+0x10/0x10
[  568.529022][T11270]  ret_from_fork_asm+0x1a/0x30
[  568.529048][T11270]  </TASK>
[  568.529069][T11270] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  568.828989][T10083] Bluetooth: hci1: command 0x0406 tx timeout
[  568.843937][T11270] Bluetooth: hci3: failed to register connection device
[  568.923006][T11353] Bluetooth: hci0: command 0x0406 tx timeout
[  569.402702][T11270] Bluetooth: hci3: command 0x0406 tx timeout
[  570.123479][T10030] Bluetooth: hci2: command 0x0406 tx timeout
[  570.923872][T10083] Bluetooth: hci1: command 0x0406 tx timeout
[  571.003026][T10083] Bluetooth: hci0: command 0x0406 tx timeout
[  571.061415][T11385] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1045'.
[  571.113607][T11385] netlink: 'syz.2.1045': attribute type 1 has an invalid length.
[  571.146361][T11385] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1045'.
[  571.451391][T10083] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  571.459515][T10083] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  571.471343][T10083] CPU: 0 UID: 0 PID: 10083 Comm: kworker/u11:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  571.471369][T10083] Tainted: [L]=SOFTLOCKUP
[  571.471374][T10083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  571.471386][T10083] Workqueue: hci2 hci_rx_work
[  571.471405][T10083] Call Trace:
[  571.471410][T10083]  <TASK>
[  571.471416][T10083]  dump_stack_lvl+0x100/0x190
[  571.471442][T10083]  sysfs_warn_dup.cold+0x1c/0x28
[  571.471465][T10083]  sysfs_create_dir_ns+0x24b/0x2b0
[  571.471486][T10083]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  571.471504][T10083]  ? find_held_lock+0x2b/0x80
[  571.471519][T10083]  ? kobject_add_internal+0x25f/0x930
[  571.471539][T10083]  ? kobject_add_internal+0x25f/0x930
[  571.471561][T10083]  ? do_raw_spin_unlock+0x145/0x1e0
[  571.471585][T10083]  kobject_add_internal+0x2c8/0x930
[  571.471609][T10083]  kobject_add+0x16a/0x1e0
[  571.471630][T10083]  ? __pfx_kobject_add+0x10/0x10
[  571.471649][T10083]  ? class_to_subsys+0x10f/0x150
[  571.471668][T10083]  ? kobject_put+0xb9/0x640
[  571.471685][T10083]  ? _raw_spin_unlock+0x28/0x50
[  571.471705][T10083]  device_add+0x294/0x1950
[  571.471720][T10083]  ? __pfx_dev_set_name+0x10/0x10
[  571.471738][T10083]  ? __pfx_device_add+0x10/0x10
[  571.471754][T10083]  ? mgmt_send_event_skb+0x2fb/0x460
[  571.471778][T10083]  hci_conn_add_sysfs+0x1a3/0x260
[  571.471797][T10083]  le_conn_complete_evt+0x11cb/0x1f40
[  571.471817][T10083]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  571.471831][T10083]  ? __pfx_bt_warn+0x10/0x10
[  571.471852][T10083]  hci_le_conn_complete_evt+0x23c/0x3a0
[  571.471869][T10083]  ? skb_pull_data+0x15f/0x1e0
[  571.471906][T10083]  hci_le_meta_evt+0x34a/0x5f0
[  571.471923][T10083]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  571.471943][T10083]  hci_event_packet+0x682/0x11c0
[  571.471959][T10083]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  571.471977][T10083]  ? __pfx_hci_event_packet+0x10/0x10
[  571.471995][T10083]  ? kcov_remote_start+0x374/0x660
[  571.472011][T10083]  ? lockdep_hardirqs_on+0x78/0x100
[  571.472032][T10083]  hci_rx_work+0x451/0xfc0
[  571.472051][T10083]  process_one_work+0x9d7/0x1920
[  571.472080][T10083]  ? __pfx_process_one_work+0x10/0x10
[  571.472106][T10083]  ? __pfx_hci_rx_work+0x10/0x10
[  571.472122][T10083]  worker_thread+0x5da/0xe40
[  571.472147][T10083]  ? __pfx_worker_thread+0x10/0x10
[  571.472168][T10083]  ? kthread+0x13a/0x450
[  571.472185][T10083]  ? __pfx_worker_thread+0x10/0x10
[  571.472204][T10083]  kthread+0x370/0x450
[  571.472222][T10083]  ? __pfx_kthread+0x10/0x10
[  571.472242][T10083]  ret_from_fork+0x754/0xd80
[  571.472271][T10083]  ? __pfx_ret_from_fork+0x10/0x10
[  571.472295][T10083]  ? __switch_to+0x7b4/0x1120
[  571.472311][T10083]  ? __pfx_kthread+0x10/0x10
[  571.472337][T10083]  ret_from_fork_asm+0x1a/0x30
[  571.472363][T10083]  </TASK>
[  571.472385][T10083] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  571.769660][T11270] Bluetooth: hci3: command 0x0406 tx timeout
[  571.791169][T10083] Bluetooth: hci2: failed to register connection device
[  572.339542][T10083] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  572.347469][T10083] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff
[  572.771757][T10030] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  572.779762][T10030] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  572.789586][T10030] CPU: 0 UID: 0 PID: 10030 Comm: kworker/u11:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  572.789611][T10030] Tainted: [L]=SOFTLOCKUP
[  572.789617][T10030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  572.789627][T10030] Workqueue: hci2 hci_rx_work
[  572.789647][T10030] Call Trace:
[  572.789652][T10030]  <TASK>
[  572.789658][T10030]  dump_stack_lvl+0x100/0x190
[  572.789694][T10030]  sysfs_warn_dup.cold+0x1c/0x28
[  572.789717][T10030]  sysfs_create_dir_ns+0x24b/0x2b0
[  572.789738][T10030]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  572.789758][T10030]  ? find_held_lock+0x2b/0x80
[  572.789772][T10030]  ? kobject_add_internal+0x25f/0x930
[  572.789793][T10030]  ? kobject_add_internal+0x25f/0x930
[  572.789815][T10030]  ? do_raw_spin_unlock+0x145/0x1e0
[  572.789838][T10030]  kobject_add_internal+0x2c8/0x930
[  572.789863][T10030]  kobject_add+0x16a/0x1e0
[  572.789883][T10030]  ? __pfx_kobject_add+0x10/0x10
[  572.789902][T10030]  ? class_to_subsys+0x10f/0x150
[  572.789921][T10030]  ? kobject_put+0xb9/0x640
[  572.789938][T10030]  ? _raw_spin_unlock+0x28/0x50
[  572.789963][T10030]  device_add+0x294/0x1950
[  572.789978][T10030]  ? __pfx_dev_set_name+0x10/0x10
[  572.789995][T10030]  ? __pfx_device_add+0x10/0x10
[  572.790009][T10030]  ? mgmt_send_event_skb+0x2fb/0x460
[  572.790031][T10030]  hci_conn_add_sysfs+0x1a3/0x260
[  572.790050][T10030]  le_conn_complete_evt+0x11cb/0x1f40
[  572.790070][T10030]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  572.790084][T10030]  ? __pfx_bt_warn+0x10/0x10
[  572.790105][T10030]  hci_le_conn_complete_evt+0x23c/0x3a0
[  572.790121][T10030]  ? skb_pull_data+0x15f/0x1e0
[  572.790146][T10030]  hci_le_meta_evt+0x34a/0x5f0
[  572.790163][T10030]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  572.790185][T10030]  hci_event_packet+0x682/0x11c0
[  572.790200][T10030]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  572.790218][T10030]  ? __pfx_hci_event_packet+0x10/0x10
[  572.790235][T10030]  ? kcov_remote_start+0x374/0x660
[  572.790249][T10030]  ? lockdep_hardirqs_on+0x78/0x100
[  572.790271][T10030]  hci_rx_work+0x451/0xfc0
[  572.790290][T10030]  process_one_work+0x9d7/0x1920
[  572.790318][T10030]  ? __pfx_process_one_work+0x10/0x10
[  572.790345][T10030]  ? __pfx_hci_rx_work+0x10/0x10
[  572.790361][T10030]  worker_thread+0x5da/0xe40
[  572.790388][T10030]  ? kthread+0x13a/0x450
[  572.790406][T10030]  ? __pfx_worker_thread+0x10/0x10
[  572.790425][T10030]  kthread+0x370/0x450
[  572.790443][T10030]  ? __pfx_kthread+0x10/0x10
[  572.790463][T10030]  ret_from_fork+0x754/0xd80
[  572.790485][T10030]  ? __pfx_ret_from_fork+0x10/0x10
[  572.790507][T10030]  ? __switch_to+0x7b4/0x1120
[  572.790523][T10030]  ? __pfx_kthread+0x10/0x10
[  572.790543][T10030]  ret_from_fork_asm+0x1a/0x30
[  572.790569][T10030]  </TASK>
[  572.790590][T10030] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  573.086712][T10083] Bluetooth: hci0: command 0x0406 tx timeout
[  573.095222][T10030] Bluetooth: hci2: failed to register connection device
[  573.809298][T10057] Bluetooth: hci3: command 0x0406 tx timeout
[  573.884036][T10057] Bluetooth: hci2: command 0x0406 tx timeout
[  574.244314][T11306] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  574.252344][T11306] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  574.262518][T11306] CPU: 0 UID: 0 PID: 11306 Comm: kworker/u11:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  574.262544][T11306] Tainted: [L]=SOFTLOCKUP
[  574.262550][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  574.262561][T11306] Workqueue: hci2 hci_rx_work
[  574.262580][T11306] Call Trace:
[  574.262585][T11306]  <TASK>
[  574.262592][T11306]  dump_stack_lvl+0x100/0x190
[  574.262616][T11306]  sysfs_warn_dup.cold+0x1c/0x28
[  574.262639][T11306]  sysfs_create_dir_ns+0x24b/0x2b0
[  574.262660][T11306]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  574.262679][T11306]  ? find_held_lock+0x2b/0x80
[  574.262694][T11306]  ? kobject_add_internal+0x25f/0x930
[  574.262715][T11306]  ? kobject_add_internal+0x25f/0x930
[  574.262737][T11306]  ? do_raw_spin_unlock+0x145/0x1e0
[  574.262760][T11306]  kobject_add_internal+0x2c8/0x930
[  574.262785][T11306]  kobject_add+0x16a/0x1e0
[  574.262806][T11306]  ? __pfx_kobject_add+0x10/0x10
[  574.262825][T11306]  ? class_to_subsys+0x10f/0x150
[  574.262843][T11306]  ? kobject_put+0xb9/0x640
[  574.262861][T11306]  ? _raw_spin_unlock+0x28/0x50
[  574.262881][T11306]  device_add+0x294/0x1950
[  574.262896][T11306]  ? __pfx_dev_set_name+0x10/0x10
[  574.262925][T11306]  ? __pfx_device_add+0x10/0x10
[  574.262940][T11306]  ? mgmt_send_event_skb+0x2fb/0x460
[  574.262962][T11306]  hci_conn_add_sysfs+0x1a3/0x260
[  574.262982][T11306]  le_conn_complete_evt+0x11cb/0x1f40
[  574.263002][T11306]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  574.263016][T11306]  ? __pfx_bt_warn+0x10/0x10
[  574.263037][T11306]  hci_le_conn_complete_evt+0x23c/0x3a0
[  574.263053][T11306]  ? skb_pull_data+0x15f/0x1e0
[  574.263078][T11306]  hci_le_meta_evt+0x34a/0x5f0
[  574.263094][T11306]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  574.263112][T11306]  hci_event_packet+0x682/0x11c0
[  574.263128][T11306]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  574.263145][T11306]  ? __pfx_hci_event_packet+0x10/0x10
[  574.263162][T11306]  ? kcov_remote_start+0x374/0x660
[  574.263176][T11306]  ? lockdep_hardirqs_on+0x78/0x100
[  574.263198][T11306]  hci_rx_work+0x451/0xfc0
[  574.263217][T11306]  process_one_work+0x9d7/0x1920
[  574.263247][T11306]  ? __pfx_process_one_work+0x10/0x10
[  574.263274][T11306]  ? __pfx_hci_rx_work+0x10/0x10
[  574.263290][T11306]  worker_thread+0x5da/0xe40
[  574.263315][T11306]  ? __pfx_worker_thread+0x10/0x10
[  574.263336][T11306]  ? kthread+0x13a/0x450
[  574.263354][T11306]  ? __pfx_worker_thread+0x10/0x10
[  574.263373][T11306]  kthread+0x370/0x450
[  574.263390][T11306]  ? __pfx_kthread+0x10/0x10
[  574.263410][T11306]  ret_from_fork+0x754/0xd80
[  574.263432][T11306]  ? __pfx_ret_from_fork+0x10/0x10
[  574.263455][T11306]  ? __switch_to+0x7b4/0x1120
[  574.263471][T11306]  ? __pfx_kthread+0x10/0x10
[  574.263491][T11306]  ret_from_fork_asm+0x1a/0x30
[  574.263516][T11306]  </TASK>
[  574.263536][T11306] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  574.573995][T11306] Bluetooth: hci2: failed to register connection device
[  574.642054][T11306] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  575.166976][T11306] Bluetooth: hci0: command 0x0406 tx timeout
[  575.428837][T11306] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  575.438296][T11306] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  575.450111][T11306] CPU: 0 UID: 0 PID: 11306 Comm: kworker/u11:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  575.450138][T11306] Tainted: [L]=SOFTLOCKUP
[  575.450144][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  575.450154][T11306] Workqueue: hci3 hci_rx_work
[  575.450174][T11306] Call Trace:
[  575.450180][T11306]  <TASK>
[  575.450187][T11306]  dump_stack_lvl+0x100/0x190
[  575.450212][T11306]  sysfs_warn_dup.cold+0x1c/0x28
[  575.450235][T11306]  sysfs_create_dir_ns+0x24b/0x2b0
[  575.450256][T11306]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  575.450274][T11306]  ? find_held_lock+0x2b/0x80
[  575.450288][T11306]  ? kobject_add_internal+0x25f/0x930
[  575.450310][T11306]  ? kobject_add_internal+0x25f/0x930
[  575.450332][T11306]  ? do_raw_spin_unlock+0x145/0x1e0
[  575.450361][T11306]  kobject_add_internal+0x2c8/0x930
[  575.450386][T11306]  kobject_add+0x16a/0x1e0
[  575.450411][T11306]  ? __pfx_kobject_add+0x10/0x10
[  575.450430][T11306]  ? class_to_subsys+0x10f/0x150
[  575.450449][T11306]  ? kobject_put+0xb9/0x640
[  575.450473][T11306]  ? _raw_spin_unlock+0x28/0x50
[  575.450495][T11306]  device_add+0x294/0x1950
[  575.450511][T11306]  ? __pfx_dev_set_name+0x10/0x10
[  575.450529][T11306]  ? __pfx_device_add+0x10/0x10
[  575.450544][T11306]  ? mgmt_send_event_skb+0x2fb/0x460
[  575.450566][T11306]  hci_conn_add_sysfs+0x1a3/0x260
[  575.450585][T11306]  le_conn_complete_evt+0x11cb/0x1f40
[  575.450606][T11306]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  575.450624][T11306]  ? __pfx_bt_warn+0x10/0x10
[  575.450648][T11306]  hci_le_conn_complete_evt+0x23c/0x3a0
[  575.450665][T11306]  ? skb_pull_data+0x15f/0x1e0
[  575.450692][T11306]  hci_le_meta_evt+0x34a/0x5f0
[  575.450709][T11306]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  575.450729][T11306]  hci_event_packet+0x682/0x11c0
[  575.450744][T11306]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  575.450761][T11306]  ? __pfx_hci_event_packet+0x10/0x10
[  575.450778][T11306]  ? kcov_remote_start+0x374/0x660
[  575.450792][T11306]  ? lockdep_hardirqs_on+0x78/0x100
[  575.450815][T11306]  hci_rx_work+0x451/0xfc0
[  575.450833][T11306]  process_one_work+0x9d7/0x1920
[  575.450864][T11306]  ? __pfx_process_one_work+0x10/0x10
[  575.450898][T11306]  ? __pfx_hci_rx_work+0x10/0x10
[  575.450915][T11306]  worker_thread+0x5da/0xe40
[  575.450943][T11306]  ? __pfx_worker_thread+0x10/0x10
[  575.450969][T11306]  ? kthread+0x13a/0x450
[  575.450989][T11306]  ? __pfx_worker_thread+0x10/0x10
[  575.451007][T11306]  kthread+0x370/0x450
[  575.451025][T11306]  ? __pfx_kthread+0x10/0x10
[  575.451046][T11306]  ret_from_fork+0x754/0xd80
[  575.451069][T11306]  ? __pfx_ret_from_fork+0x10/0x10
[  575.451091][T11306]  ? __switch_to+0x7b4/0x1120
[  575.451107][T11306]  ? __pfx_kthread+0x10/0x10
[  575.451127][T11306]  ret_from_fork_asm+0x1a/0x30
[  575.451158][T11306]  </TASK>
[  575.451247][T11306] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  575.765298][T11306] Bluetooth: hci3: failed to register connection device
[  575.885023][T11306] Bluetooth: hci3: command 0x0406 tx timeout
[  575.965149][T11306] Bluetooth: hci2: command 0x0406 tx timeout
[  576.289489][T11306] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  576.378522][   T30] audit: type=1804 audit(1773200956.199:13): pid=11453 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1062" name="/newroot/274/file0" dev="tmpfs" ino=1443 res=1 errno=0
[  576.516207][   T30] audit: type=1804 audit(1773200956.229:14): pid=11455 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1062" name="/newroot/274/file0" dev="tmpfs" ino=1443 res=1 errno=0
[  576.565289][T10030] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  576.574668][T10030] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  576.586884][T10030] CPU: 0 UID: 0 PID: 10030 Comm: kworker/u11:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  576.586911][T10030] Tainted: [L]=SOFTLOCKUP
[  576.586917][T10030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  576.586928][T10030] Workqueue: hci2 hci_rx_work
[  576.586949][T10030] Call Trace:
[  576.586955][T10030]  <TASK>
[  576.586963][T10030]  dump_stack_lvl+0x100/0x190
[  576.586990][T10030]  sysfs_warn_dup.cold+0x1c/0x28
[  576.587011][T10030]  sysfs_create_dir_ns+0x24b/0x2b0
[  576.587034][T10030]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  576.587052][T10030]  ? find_held_lock+0x2b/0x80
[  576.587067][T10030]  ? kobject_add_internal+0x25f/0x930
[  576.587088][T10030]  ? kobject_add_internal+0x25f/0x930
[  576.587110][T10030]  ? do_raw_spin_unlock+0x145/0x1e0
[  576.587132][T10030]  kobject_add_internal+0x2c8/0x930
[  576.587157][T10030]  kobject_add+0x16a/0x1e0
[  576.587178][T10030]  ? __pfx_kobject_add+0x10/0x10
[  576.587197][T10030]  ? class_to_subsys+0x10f/0x150
[  576.587216][T10030]  ? kobject_put+0xb9/0x640
[  576.587234][T10030]  ? _raw_spin_unlock+0x28/0x50
[  576.587257][T10030]  device_add+0x294/0x1950
[  576.587273][T10030]  ? __pfx_dev_set_name+0x10/0x10
[  576.587290][T10030]  ? __pfx_device_add+0x10/0x10
[  576.587304][T10030]  ? mgmt_send_event_skb+0x2fb/0x460
[  576.587325][T10030]  hci_conn_add_sysfs+0x1a3/0x260
[  576.587343][T10030]  le_conn_complete_evt+0x11cb/0x1f40
[  576.587364][T10030]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  576.587378][T10030]  ? __pfx_bt_warn+0x10/0x10
[  576.587399][T10030]  hci_le_conn_complete_evt+0x23c/0x3a0
[  576.587416][T10030]  ? skb_pull_data+0x15f/0x1e0
[  576.587441][T10030]  hci_le_meta_evt+0x34a/0x5f0
[  576.587457][T10030]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  576.587476][T10030]  hci_event_packet+0x682/0x11c0
[  576.587491][T10030]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  576.587509][T10030]  ? __pfx_hci_event_packet+0x10/0x10
[  576.587527][T10030]  ? kcov_remote_start+0x374/0x660
[  576.587541][T10030]  ? lockdep_hardirqs_on+0x78/0x100
[  576.587564][T10030]  hci_rx_work+0x451/0xfc0
[  576.587582][T10030]  process_one_work+0x9d7/0x1920
[  576.587611][T10030]  ? __pfx_process_one_work+0x10/0x10
[  576.587638][T10030]  ? __pfx_hci_rx_work+0x10/0x10
[  576.587672][T10030]  worker_thread+0x5da/0xe40
[  576.587701][T10030]  ? kthread+0x13a/0x450
[  576.587720][T10030]  ? __pfx_worker_thread+0x10/0x10
[  576.587748][T10030]  kthread+0x370/0x450
[  576.587768][T10030]  ? __pfx_kthread+0x10/0x10
[  576.587788][T10030]  ret_from_fork+0x754/0xd80
[  576.587811][T10030]  ? __pfx_ret_from_fork+0x10/0x10
[  576.587833][T10030]  ? __switch_to+0x7b4/0x1120
[  576.587849][T10030]  ? __pfx_kthread+0x10/0x10
[  576.587870][T10030]  ret_from_fork_asm+0x1a/0x30
[  576.587896][T10030]  </TASK>
[  576.587924][T10030] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  576.920899][T10030] Bluetooth: hci2: failed to register connection device
[  577.836196][T10030] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  577.844339][T10030] Bluetooth: hci2: Invalid handle: 0x3a4a > 0x0eff
[  577.970198][T10030] Bluetooth: hci3: command 0x0406 tx timeout
[  578.046119][T10030] Bluetooth: hci2: command 0x0406 tx timeout
[  578.366400][T11306] Bluetooth: hci0: command 0x0406 tx timeout
[  578.441730][T10030] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  578.491711][T10030] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  580.049906][T10030] Bluetooth: hci3: command 0x0406 tx timeout
[  580.128288][T10030] Bluetooth: hci2: command 0x0406 tx timeout
[  580.354567][T11520] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1078'.
[  580.393806][T11520] netlink: 'syz.3.1078': attribute type 1 has an invalid length.
[  580.426645][T11520] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1078'.
[  580.447314][T11270] Bluetooth: hci0: command 0x0406 tx timeout
[  580.530821][T10083] Bluetooth: hci1: command 0x0406 tx timeout
[  580.620019][T11306] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  580.628050][T11306] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0'
[  580.638004][T11306] CPU: 0 UID: 0 PID: 11306 Comm: kworker/u11:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  580.638032][T11306] Tainted: [L]=SOFTLOCKUP
[  580.638038][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  580.638049][T11306] Workqueue: hci1 hci_rx_work
[  580.638069][T11306] Call Trace:
[  580.638074][T11306]  <TASK>
[  580.638081][T11306]  dump_stack_lvl+0x100/0x190
[  580.638106][T11306]  sysfs_warn_dup.cold+0x1c/0x28
[  580.638128][T11306]  sysfs_create_dir_ns+0x24b/0x2b0
[  580.638149][T11306]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  580.638168][T11306]  ? find_held_lock+0x2b/0x80
[  580.638183][T11306]  ? kobject_add_internal+0x25f/0x930
[  580.638203][T11306]  ? kobject_add_internal+0x25f/0x930
[  580.638225][T11306]  ? do_raw_spin_unlock+0x145/0x1e0
[  580.638249][T11306]  kobject_add_internal+0x2c8/0x930
[  580.638273][T11306]  kobject_add+0x16a/0x1e0
[  580.638294][T11306]  ? __pfx_kobject_add+0x10/0x10
[  580.638313][T11306]  ? class_to_subsys+0x10f/0x150
[  580.638332][T11306]  ? kobject_put+0xb9/0x640
[  580.638350][T11306]  ? _raw_spin_unlock+0x28/0x50
[  580.638370][T11306]  device_add+0x294/0x1950
[  580.638486][T11306]  ? __pfx_dev_set_name+0x10/0x10
[  580.638504][T11306]  ? __pfx_device_add+0x10/0x10
[  580.638520][T11306]  ? mgmt_send_event_skb+0x2fb/0x460
[  580.638542][T11306]  hci_conn_add_sysfs+0x1a3/0x260
[  580.638561][T11306]  le_conn_complete_evt+0x11cb/0x1f40
[  580.638582][T11306]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  580.638596][T11306]  ? __pfx_bt_warn+0x10/0x10
[  580.638617][T11306]  hci_le_conn_complete_evt+0x23c/0x3a0
[  580.638634][T11306]  ? skb_pull_data+0x15f/0x1e0
[  580.638658][T11306]  hci_le_meta_evt+0x34a/0x5f0
[  580.638675][T11306]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  580.638693][T11306]  hci_event_packet+0x682/0x11c0
[  580.638709][T11306]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  580.638726][T11306]  ? __pfx_hci_event_packet+0x10/0x10
[  580.638743][T11306]  ? kcov_remote_start+0x374/0x660
[  580.638757][T11306]  ? lockdep_hardirqs_on+0x78/0x100
[  580.638779][T11306]  hci_rx_work+0x451/0xfc0
[  580.638798][T11306]  process_one_work+0x9d7/0x1920
[  580.638827][T11306]  ? __pfx_process_one_work+0x10/0x10
[  580.638853][T11306]  ? __pfx_hci_rx_work+0x10/0x10
[  580.638869][T11306]  worker_thread+0x5da/0xe40
[  580.638895][T11306]  ? __pfx_worker_thread+0x10/0x10
[  580.638915][T11306]  ? kthread+0x13a/0x450
[  580.638933][T11306]  ? __pfx_worker_thread+0x10/0x10
[  580.638952][T11306]  kthread+0x370/0x450
[  580.638969][T11306]  ? __pfx_kthread+0x10/0x10
[  580.638989][T11306]  ret_from_fork+0x754/0xd80
[  580.639012][T11306]  ? __pfx_ret_from_fork+0x10/0x10
[  580.639034][T11306]  ? __switch_to+0x7b4/0x1120
[  580.639050][T11306]  ? __pfx_kthread+0x10/0x10
[  580.639070][T11306]  ret_from_fork_asm+0x1a/0x30
[  580.639096][T11306]  </TASK>
[  580.639118][T11306] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  580.945720][T11306] Bluetooth: hci1: failed to register connection device
[  580.991739][T11525] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  581.988573][T11306] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  582.129226][T10057] Bluetooth: hci3: command 0x0406 tx timeout
[  582.208312][T11306] Bluetooth: hci2: command 0x0406 tx timeout
[  582.369207][T10030] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  582.609854][T10030] Bluetooth: hci1: command 0x0406 tx timeout
[  583.286429][T11566] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1088'.
[  583.324680][T11566] netlink: 'syz.3.1088': attribute type 1 has an invalid length.
[  583.356230][T11566] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1088'.
[  583.440478][T10030] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  583.448946][T10030] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  583.460194][T10030] CPU: 0 UID: 0 PID: 10030 Comm: kworker/u11:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  583.460227][T10030] Tainted: [L]=SOFTLOCKUP
[  583.460233][T10030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  583.460244][T10030] Workqueue: hci3 hci_rx_work
[  583.460263][T10030] Call Trace:
[  583.460269][T10030]  <TASK>
[  583.460275][T10030]  dump_stack_lvl+0x100/0x190
[  583.460300][T10030]  sysfs_warn_dup.cold+0x1c/0x28
[  583.460322][T10030]  sysfs_create_dir_ns+0x24b/0x2b0
[  583.460343][T10030]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  583.460362][T10030]  ? find_held_lock+0x2b/0x80
[  583.460376][T10030]  ? kobject_add_internal+0x25f/0x930
[  583.460397][T10030]  ? kobject_add_internal+0x25f/0x930
[  583.460419][T10030]  ? do_raw_spin_unlock+0x145/0x1e0
[  583.460442][T10030]  kobject_add_internal+0x2c8/0x930
[  583.460465][T10030]  kobject_add+0x16a/0x1e0
[  583.460485][T10030]  ? __pfx_kobject_add+0x10/0x10
[  583.460504][T10030]  ? class_to_subsys+0x10f/0x150
[  583.460523][T10030]  ? kobject_put+0xb9/0x640
[  583.460541][T10030]  ? _raw_spin_unlock+0x28/0x50
[  583.460561][T10030]  device_add+0x294/0x1950
[  583.460576][T10030]  ? __pfx_dev_set_name+0x10/0x10
[  583.460593][T10030]  ? __pfx_device_add+0x10/0x10
[  583.460607][T10030]  ? mgmt_send_event_skb+0x2fb/0x460
[  583.460628][T10030]  hci_conn_add_sysfs+0x1a3/0x260
[  583.460647][T10030]  le_conn_complete_evt+0x11cb/0x1f40
[  583.460671][T10030]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  583.460684][T10030]  ? __pfx_bt_warn+0x10/0x10
[  583.460705][T10030]  hci_le_conn_complete_evt+0x23c/0x3a0
[  583.460722][T10030]  ? skb_pull_data+0x15f/0x1e0
[  583.460746][T10030]  hci_le_meta_evt+0x34a/0x5f0
[  583.460763][T10030]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  583.460781][T10030]  hci_event_packet+0x682/0x11c0
[  583.460796][T10030]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  583.460814][T10030]  ? __pfx_hci_event_packet+0x10/0x10
[  583.460832][T10030]  ? kcov_remote_start+0x374/0x660
[  583.460846][T10030]  ? lockdep_hardirqs_on+0x78/0x100
[  583.460869][T10030]  hci_rx_work+0x451/0xfc0
[  583.460888][T10030]  process_one_work+0x9d7/0x1920
[  583.460917][T10030]  ? __pfx_process_one_work+0x10/0x10
[  583.460943][T10030]  ? __pfx_hci_rx_work+0x10/0x10
[  583.460959][T10030]  worker_thread+0x5da/0xe40
[  583.460986][T10030]  ? kthread+0x13a/0x450
[  583.461003][T10030]  ? __pfx_worker_thread+0x10/0x10
[  583.461022][T10030]  kthread+0x370/0x450
[  583.461040][T10030]  ? __pfx_kthread+0x10/0x10
[  583.461059][T10030]  ret_from_fork+0x754/0xd80
[  583.461081][T10030]  ? __pfx_ret_from_fork+0x10/0x10
[  583.461103][T10030]  ? __switch_to+0x7b4/0x1120
[  583.461120][T10030]  ? __pfx_kthread+0x10/0x10
[  583.461139][T10030]  ret_from_fork_asm+0x1a/0x30
[  583.461165][T10030]  </TASK>
[  583.461186][T10030] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  583.773208][T10030] Bluetooth: hci3: failed to register connection device
[  583.999274][T10030] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  584.049108][T11270] Bluetooth: hci0: command 0x0406 tx timeout
[  584.209690][T10030] Bluetooth: hci3: command 0x0406 tx timeout
[  584.293537][T10030] Bluetooth: hci2: command 0x0406 tx timeout
[  584.512176][T10030] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  584.521457][T10030] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[  584.532702][T10030] CPU: 0 UID: 0 PID: 10030 Comm: kworker/u11:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  584.532729][T10030] Tainted: [L]=SOFTLOCKUP
[  584.532734][T10030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  584.532745][T10030] Workqueue: hci0 hci_rx_work
[  584.532766][T10030] Call Trace:
[  584.532771][T10030]  <TASK>
[  584.532777][T10030]  dump_stack_lvl+0x100/0x190
[  584.532803][T10030]  sysfs_warn_dup.cold+0x1c/0x28
[  584.532827][T10030]  sysfs_create_dir_ns+0x24b/0x2b0
[  584.532848][T10030]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  584.532867][T10030]  ? find_held_lock+0x2b/0x80
[  584.532881][T10030]  ? kobject_add_internal+0x25f/0x930
[  584.532901][T10030]  ? kobject_add_internal+0x25f/0x930
[  584.532924][T10030]  ? do_raw_spin_unlock+0x145/0x1e0
[  584.532948][T10030]  kobject_add_internal+0x2c8/0x930
[  584.532973][T10030]  kobject_add+0x16a/0x1e0
[  584.532993][T10030]  ? __pfx_kobject_add+0x10/0x10
[  584.533012][T10030]  ? class_to_subsys+0x10f/0x150
[  584.533031][T10030]  ? kobject_put+0xb9/0x640
[  584.533048][T10030]  ? _raw_spin_unlock+0x28/0x50
[  584.533069][T10030]  device_add+0x294/0x1950
[  584.533084][T10030]  ? __pfx_dev_set_name+0x10/0x10
[  584.533115][T10030]  ? __pfx_device_add+0x10/0x10
[  584.533145][T10030]  ? mgmt_send_event_skb+0x2fb/0x460
[  584.533191][T10030]  hci_conn_add_sysfs+0x1a3/0x260
[  584.533218][T10030]  le_conn_complete_evt+0x11cb/0x1f40
[  584.533240][T10030]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  584.533254][T10030]  ? __pfx_bt_warn+0x10/0x10
[  584.533276][T10030]  hci_le_conn_complete_evt+0x23c/0x3a0
[  584.533293][T10030]  ? skb_pull_data+0x15f/0x1e0
[  584.533318][T10030]  hci_le_meta_evt+0x34a/0x5f0
[  584.533335][T10030]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  584.533353][T10030]  hci_event_packet+0x682/0x11c0
[  584.533369][T10030]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  584.533387][T10030]  ? __pfx_hci_event_packet+0x10/0x10
[  584.533405][T10030]  ? kcov_remote_start+0x374/0x660
[  584.533419][T10030]  ? lockdep_hardirqs_on+0x78/0x100
[  584.533441][T10030]  hci_rx_work+0x451/0xfc0
[  584.533460][T10030]  process_one_work+0x9d7/0x1920
[  584.533488][T10030]  ? __pfx_process_one_work+0x10/0x10
[  584.533515][T10030]  ? __pfx_hci_rx_work+0x10/0x10
[  584.533532][T10030]  worker_thread+0x5da/0xe40
[  584.533559][T10030]  ? kthread+0x13a/0x450
[  584.533577][T10030]  ? __pfx_worker_thread+0x10/0x10
[  584.533607][T10030]  kthread+0x370/0x450
[  584.533626][T10030]  ? __pfx_kthread+0x10/0x10
[  584.533646][T10030]  ret_from_fork+0x754/0xd80
[  584.533670][T10030]  ? __pfx_ret_from_fork+0x10/0x10
[  584.533693][T10030]  ? __switch_to+0x7b4/0x1120
[  584.533709][T10030]  ? __pfx_kthread+0x10/0x10
[  584.533728][T10030]  ret_from_fork_asm+0x1a/0x30
[  584.533754][T10030]  </TASK>
[  584.533865][T10030] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  584.828187][T11306] Bluetooth: hci1: command 0x0406 tx timeout
[  584.840781][T10030] Bluetooth: hci0: failed to register connection device
[  584.863632][T10030] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  584.872641][T10030] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  584.883461][T10030] CPU: 0 UID: 0 PID: 10030 Comm: kworker/u11:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  584.883486][T10030] Tainted: [L]=SOFTLOCKUP
[  584.883491][T10030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  584.883503][T10030] Workqueue: hci2 hci_rx_work
[  584.883523][T10030] Call Trace:
[  584.883528][T10030]  <TASK>
[  584.883534][T10030]  dump_stack_lvl+0x100/0x190
[  584.883560][T10030]  sysfs_warn_dup.cold+0x1c/0x28
[  584.883583][T10030]  sysfs_create_dir_ns+0x24b/0x2b0
[  584.883604][T10030]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  584.883622][T10030]  ? find_held_lock+0x2b/0x80
[  584.883637][T10030]  ? kobject_add_internal+0x25f/0x930
[  584.883658][T10030]  ? kobject_add_internal+0x25f/0x930
[  584.883680][T10030]  ? do_raw_spin_unlock+0x145/0x1e0
[  584.883702][T10030]  kobject_add_internal+0x2c8/0x930
[  584.883726][T10030]  kobject_add+0x16a/0x1e0
[  584.883746][T10030]  ? __pfx_kobject_add+0x10/0x10
[  584.883765][T10030]  ? class_to_subsys+0x10f/0x150
[  584.883783][T10030]  ? kobject_put+0xb9/0x640
[  584.883801][T10030]  ? _raw_spin_unlock+0x28/0x50
[  584.883821][T10030]  device_add+0x294/0x1950
[  584.883836][T10030]  ? __pfx_dev_set_name+0x10/0x10
[  584.883853][T10030]  ? __pfx_device_add+0x10/0x10
[  584.883867][T10030]  ? mgmt_send_event_skb+0x2fb/0x460
[  584.883888][T10030]  hci_conn_add_sysfs+0x1a3/0x260
[  584.883908][T10030]  le_conn_complete_evt+0x11cb/0x1f40
[  584.883929][T10030]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  584.883952][T10030]  ? __pfx_bt_warn+0x10/0x10
[  584.883975][T10030]  hci_le_conn_complete_evt+0x23c/0x3a0
[  584.883992][T10030]  ? skb_pull_data+0x15f/0x1e0
[  584.884018][T10030]  hci_le_meta_evt+0x34a/0x5f0
[  584.884044][T10030]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  584.884063][T10030]  hci_event_packet+0x682/0x11c0
[  584.884079][T10030]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  584.884097][T10030]  ? __pfx_hci_event_packet+0x10/0x10
[  584.884115][T10030]  ? kcov_remote_start+0x374/0x660
[  584.884130][T10030]  ? lockdep_hardirqs_on+0x78/0x100
[  584.884153][T10030]  hci_rx_work+0x451/0xfc0
[  584.884172][T10030]  process_one_work+0x9d7/0x1920
[  584.884201][T10030]  ? __pfx_process_one_work+0x10/0x10
[  584.884227][T10030]  ? __pfx_hci_rx_work+0x10/0x10
[  584.884244][T10030]  worker_thread+0x5da/0xe40
[  584.884271][T10030]  ? kthread+0x13a/0x450
[  584.884288][T10030]  ? __pfx_worker_thread+0x10/0x10
[  584.884307][T10030]  kthread+0x370/0x450
[  584.884325][T10030]  ? __pfx_kthread+0x10/0x10
[  584.884345][T10030]  ret_from_fork+0x754/0xd80
[  584.884367][T10030]  ? __pfx_ret_from_fork+0x10/0x10
[  584.884391][T10030]  ? __switch_to+0x7b4/0x1120
[  584.884409][T10030]  ? __pfx_kthread+0x10/0x10
[  584.884428][T10030]  ret_from_fork_asm+0x1a/0x30
[  584.884454][T10030]  </TASK>
[  584.884549][T10030] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  585.195613][T10030] Bluetooth: hci2: failed to register connection device
[  585.355740][T11587] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1093'.
[  586.130596][T10030] Bluetooth: hci0: command 0x0406 tx timeout
[  586.290130][T10030] Bluetooth: hci3: command 0x0406 tx timeout
[  586.373971][T10030] Bluetooth: hci2: command 0x0406 tx timeout
[  586.850571][T11353] Bluetooth: hci1: command 0x0406 tx timeout
[  588.212230][T10030] Bluetooth: hci0: command 0x0406 tx timeout
[  588.373464][T10030] Bluetooth: hci3: command 0x0406 tx timeout
[  588.451691][T11306] Bluetooth: hci2: command 0x0406 tx timeout
[  588.487829][T10057] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  588.932961][T10057] Bluetooth: hci1: command 0x0406 tx timeout
[  588.975760][T10057] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  588.985542][T10057] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  588.995868][T10057] CPU: 0 UID: 0 PID: 10057 Comm: kworker/u11:1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  588.995894][T10057] Tainted: [L]=SOFTLOCKUP
[  588.995899][T10057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  588.995911][T10057] Workqueue: hci2 hci_rx_work
[  588.995932][T10057] Call Trace:
[  588.995938][T10057]  <TASK>
[  588.995944][T10057]  dump_stack_lvl+0x100/0x190
[  588.995968][T10057]  sysfs_warn_dup.cold+0x1c/0x28
[  588.995991][T10057]  sysfs_create_dir_ns+0x24b/0x2b0
[  588.996012][T10057]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  588.996032][T10057]  ? find_held_lock+0x2b/0x80
[  588.996047][T10057]  ? kobject_add_internal+0x25f/0x930
[  588.996067][T10057]  ? kobject_add_internal+0x25f/0x930
[  588.996090][T10057]  ? do_raw_spin_unlock+0x145/0x1e0
[  588.996114][T10057]  kobject_add_internal+0x2c8/0x930
[  588.996138][T10057]  kobject_add+0x16a/0x1e0
[  588.996158][T10057]  ? __pfx_kobject_add+0x10/0x10
[  588.996177][T10057]  ? class_to_subsys+0x10f/0x150
[  588.996196][T10057]  ? kobject_put+0xb9/0x640
[  588.996214][T10057]  ? _raw_spin_unlock+0x28/0x50
[  588.996234][T10057]  device_add+0x294/0x1950
[  588.996249][T10057]  ? __pfx_dev_set_name+0x10/0x10
[  588.996266][T10057]  ? __pfx_device_add+0x10/0x10
[  588.996280][T10057]  ? mgmt_send_event_skb+0x2fb/0x460
[  588.996301][T10057]  hci_conn_add_sysfs+0x1a3/0x260
[  588.996320][T10057]  le_conn_complete_evt+0x11cb/0x1f40
[  588.996340][T10057]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  588.996355][T10057]  ? __pfx_bt_warn+0x10/0x10
[  588.996376][T10057]  hci_le_conn_complete_evt+0x23c/0x3a0
[  588.996392][T10057]  ? skb_pull_data+0x15f/0x1e0
[  588.996417][T10057]  hci_le_meta_evt+0x34a/0x5f0
[  588.996451][T10057]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  588.996470][T10057]  hci_event_packet+0x682/0x11c0
[  588.996486][T10057]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  588.996507][T10057]  ? __pfx_hci_event_packet+0x10/0x10
[  588.996527][T10057]  ? kcov_remote_start+0x374/0x660
[  588.996542][T10057]  ? lockdep_hardirqs_on+0x78/0x100
[  588.996564][T10057]  hci_rx_work+0x451/0xfc0
[  588.996583][T10057]  process_one_work+0x9d7/0x1920
[  588.996612][T10057]  ? __pfx_process_one_work+0x10/0x10
[  588.996639][T10057]  ? __pfx_hci_rx_work+0x10/0x10
[  588.996655][T10057]  worker_thread+0x5da/0xe40
[  588.996681][T10057]  ? __pfx_worker_thread+0x10/0x10
[  588.996703][T10057]  ? kthread+0x13a/0x450
[  588.996722][T10057]  ? __pfx_worker_thread+0x10/0x10
[  588.996748][T10057]  kthread+0x370/0x450
[  588.996766][T10057]  ? __pfx_kthread+0x10/0x10
[  588.996787][T10057]  ret_from_fork+0x754/0xd80
[  588.996813][T10057]  ? __pfx_ret_from_fork+0x10/0x10
[  588.996835][T10057]  ? rcu_is_watching+0x12/0xc0
[  588.996856][T10057]  ? __switch_to+0x7b4/0x1120
[  588.996872][T10057]  ? __pfx_kthread+0x10/0x10
[  588.996891][T10057]  ret_from_fork_asm+0x1a/0x30
[  588.996917][T10057]  </TASK>
[  588.996940][T10057] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  589.318998][T10057] Bluetooth: hci2: failed to register connection device
[  589.431133][T10083] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  590.292931][T10083] Bluetooth: hci0: command 0x0406 tx timeout
[  590.452215][T10083] Bluetooth: hci3: command 0x0406 tx timeout
[  590.562326][T11306] Bluetooth: hci2: command 0x0406 tx timeout
[  590.903882][T11306] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  590.912970][T11306] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  590.922972][T11306] CPU: 0 UID: 0 PID: 11306 Comm: kworker/u11:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  590.922999][T11306] Tainted: [L]=SOFTLOCKUP
[  590.923005][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  590.923015][T11306] Workqueue: hci3 hci_rx_work
[  590.923034][T11306] Call Trace:
[  590.923040][T11306]  <TASK>
[  590.923046][T11306]  dump_stack_lvl+0x100/0x190
[  590.923072][T11306]  sysfs_warn_dup.cold+0x1c/0x28
[  590.923095][T11306]  sysfs_create_dir_ns+0x24b/0x2b0
[  590.923115][T11306]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  590.923134][T11306]  ? find_held_lock+0x2b/0x80
[  590.923149][T11306]  ? kobject_add_internal+0x25f/0x930
[  590.923169][T11306]  ? kobject_add_internal+0x25f/0x930
[  590.923191][T11306]  ? do_raw_spin_unlock+0x145/0x1e0
[  590.923213][T11306]  kobject_add_internal+0x2c8/0x930
[  590.923237][T11306]  kobject_add+0x16a/0x1e0
[  590.923257][T11306]  ? __pfx_kobject_add+0x10/0x10
[  590.923276][T11306]  ? class_to_subsys+0x10f/0x150
[  590.923294][T11306]  ? kobject_put+0xb9/0x640
[  590.923312][T11306]  ? _raw_spin_unlock+0x28/0x50
[  590.923332][T11306]  device_add+0x294/0x1950
[  590.923347][T11306]  ? __pfx_dev_set_name+0x10/0x10
[  590.923365][T11306]  ? __pfx_device_add+0x10/0x10
[  590.923380][T11306]  ? mgmt_send_event_skb+0x2fb/0x460
[  590.923401][T11306]  hci_conn_add_sysfs+0x1a3/0x260
[  590.923420][T11306]  le_conn_complete_evt+0x11cb/0x1f40
[  590.923440][T11306]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  590.923547][T11306]  ? __pfx_bt_warn+0x10/0x10
[  590.923571][T11306]  hci_le_conn_complete_evt+0x23c/0x3a0
[  590.923588][T11306]  ? skb_pull_data+0x15f/0x1e0
[  590.923614][T11306]  hci_le_meta_evt+0x34a/0x5f0
[  590.923631][T11306]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  590.923650][T11306]  hci_event_packet+0x682/0x11c0
[  590.923665][T11306]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  590.923683][T11306]  ? __pfx_hci_event_packet+0x10/0x10
[  590.923700][T11306]  ? kcov_remote_start+0x374/0x660
[  590.923715][T11306]  ? lockdep_hardirqs_on+0x78/0x100
[  590.923737][T11306]  hci_rx_work+0x451/0xfc0
[  590.923755][T11306]  process_one_work+0x9d7/0x1920
[  590.923784][T11306]  ? __pfx_process_one_work+0x10/0x10
[  590.923811][T11306]  ? __pfx_hci_rx_work+0x10/0x10
[  590.923827][T11306]  worker_thread+0x5da/0xe40
[  590.923853][T11306]  ? __pfx_worker_thread+0x10/0x10
[  590.923873][T11306]  ? kthread+0x13a/0x450
[  590.923891][T11306]  ? __pfx_worker_thread+0x10/0x10
[  590.923910][T11306]  kthread+0x370/0x450
[  590.923928][T11306]  ? __pfx_kthread+0x10/0x10
[  590.923947][T11306]  ret_from_fork+0x754/0xd80
[  590.923975][T11306]  ? __pfx_ret_from_fork+0x10/0x10
[  590.923998][T11306]  ? __switch_to+0x7b4/0x1120
[  590.924015][T11306]  ? __pfx_kthread+0x10/0x10
[  590.924036][T11306]  ret_from_fork_asm+0x1a/0x30
[  590.924064][T11306]  </TASK>
[  590.924089][T11306] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  591.237785][T10057] Bluetooth: hci1: command 0x0406 tx timeout
[  591.262618][T11306] Bluetooth: hci3: failed to register connection device
[  591.285214][T11306] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  591.294424][T11306] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[  591.306567][T11306] CPU: 0 UID: 0 PID: 11306 Comm: kworker/u11:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  591.306594][T11306] Tainted: [L]=SOFTLOCKUP
[  591.306599][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  591.306611][T11306] Workqueue: hci0 hci_rx_work
[  591.306631][T11306] Call Trace:
[  591.306636][T11306]  <TASK>
[  591.306642][T11306]  dump_stack_lvl+0x100/0x190
[  591.306667][T11306]  sysfs_warn_dup.cold+0x1c/0x28
[  591.306689][T11306]  sysfs_create_dir_ns+0x24b/0x2b0
[  591.306710][T11306]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  591.306728][T11306]  ? find_held_lock+0x2b/0x80
[  591.306742][T11306]  ? kobject_add_internal+0x25f/0x930
[  591.306763][T11306]  ? kobject_add_internal+0x25f/0x930
[  591.306785][T11306]  ? do_raw_spin_unlock+0x145/0x1e0
[  591.306809][T11306]  kobject_add_internal+0x2c8/0x930
[  591.306833][T11306]  kobject_add+0x16a/0x1e0
[  591.306853][T11306]  ? __pfx_kobject_add+0x10/0x10
[  591.306872][T11306]  ? class_to_subsys+0x10f/0x150
[  591.306891][T11306]  ? kobject_put+0xb9/0x640
[  591.306909][T11306]  ? _raw_spin_unlock+0x28/0x50
[  591.306934][T11306]  device_add+0x294/0x1950
[  591.306948][T11306]  ? __pfx_dev_set_name+0x10/0x10
[  591.306965][T11306]  ? __pfx_device_add+0x10/0x10
[  591.306980][T11306]  ? mgmt_send_event_skb+0x2fb/0x460
[  591.307001][T11306]  hci_conn_add_sysfs+0x1a3/0x260
[  591.307020][T11306]  le_conn_complete_evt+0x11cb/0x1f40
[  591.307040][T11306]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  591.307054][T11306]  ? __pfx_bt_warn+0x10/0x10
[  591.307075][T11306]  hci_le_conn_complete_evt+0x23c/0x3a0
[  591.307092][T11306]  ? skb_pull_data+0x15f/0x1e0
[  591.307117][T11306]  hci_le_meta_evt+0x34a/0x5f0
[  591.307133][T11306]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  591.307152][T11306]  hci_event_packet+0x682/0x11c0
[  591.307167][T11306]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  591.307184][T11306]  ? __pfx_hci_event_packet+0x10/0x10
[  591.307202][T11306]  ? kcov_remote_start+0x374/0x660
[  591.307216][T11306]  ? lockdep_hardirqs_on+0x78/0x100
[  591.307238][T11306]  hci_rx_work+0x451/0xfc0
[  591.307257][T11306]  process_one_work+0x9d7/0x1920
[  591.307285][T11306]  ? __pfx_process_one_work+0x10/0x10
[  591.307311][T11306]  ? __pfx_hci_rx_work+0x10/0x10
[  591.307328][T11306]  worker_thread+0x5da/0xe40
[  591.307353][T11306]  ? __pfx_worker_thread+0x10/0x10
[  591.307374][T11306]  ? kthread+0x13a/0x450
[  591.307391][T11306]  ? __pfx_worker_thread+0x10/0x10
[  591.307410][T11306]  kthread+0x370/0x450
[  591.307439][T11306]  ? __pfx_kthread+0x10/0x10
[  591.307459][T11306]  ret_from_fork+0x754/0xd80
[  591.307484][T11306]  ? __pfx_ret_from_fork+0x10/0x10
[  591.307508][T11306]  ? __switch_to+0x7b4/0x1120
[  591.307524][T11306]  ? __pfx_kthread+0x10/0x10
[  591.307544][T11306]  ret_from_fork_asm+0x1a/0x30
[  591.307570][T11306]  </TASK>
[  591.307592][T11306] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  591.641864][T11306] Bluetooth: hci0: failed to register connection device
[  592.373233][T11306] Bluetooth: hci0: command 0x0406 tx timeout
[  592.416200][T11306] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  592.424324][T11306] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[  592.434261][T11306] CPU: 0 UID: 0 PID: 11306 Comm: kworker/u11:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  592.434384][T11306] Tainted: [L]=SOFTLOCKUP
[  592.434390][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  592.434402][T11306] Workqueue: hci0 hci_rx_work
[  592.434422][T11306] Call Trace:
[  592.434427][T11306]  <TASK>
[  592.434434][T11306]  dump_stack_lvl+0x100/0x190
[  592.434463][T11306]  sysfs_warn_dup.cold+0x1c/0x28
[  592.434485][T11306]  sysfs_create_dir_ns+0x24b/0x2b0
[  592.434507][T11306]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  592.434525][T11306]  ? find_held_lock+0x2b/0x80
[  592.434540][T11306]  ? kobject_add_internal+0x25f/0x930
[  592.434561][T11306]  ? kobject_add_internal+0x25f/0x930
[  592.434583][T11306]  ? do_raw_spin_unlock+0x145/0x1e0
[  592.434605][T11306]  kobject_add_internal+0x2c8/0x930
[  592.434629][T11306]  kobject_add+0x16a/0x1e0
[  592.434650][T11306]  ? __pfx_kobject_add+0x10/0x10
[  592.434668][T11306]  ? class_to_subsys+0x10f/0x150
[  592.434688][T11306]  ? kobject_put+0xb9/0x640
[  592.434705][T11306]  ? _raw_spin_unlock+0x28/0x50
[  592.434725][T11306]  device_add+0x294/0x1950
[  592.434740][T11306]  ? __pfx_dev_set_name+0x10/0x10
[  592.434759][T11306]  ? __pfx_device_add+0x10/0x10
[  592.434773][T11306]  ? mgmt_send_event_skb+0x2fb/0x460
[  592.434794][T11306]  hci_conn_add_sysfs+0x1a3/0x260
[  592.434813][T11306]  le_conn_complete_evt+0x11cb/0x1f40
[  592.434833][T11306]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  592.434847][T11306]  ? __pfx_bt_warn+0x10/0x10
[  592.434868][T11306]  hci_le_conn_complete_evt+0x23c/0x3a0
[  592.434885][T11306]  ? skb_pull_data+0x15f/0x1e0
[  592.434909][T11306]  hci_le_meta_evt+0x34a/0x5f0
[  592.434925][T11306]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  592.434944][T11306]  hci_event_packet+0x682/0x11c0
[  592.434959][T11306]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  592.434976][T11306]  ? __pfx_hci_event_packet+0x10/0x10
[  592.434997][T11306]  ? kcov_remote_start+0x374/0x660
[  592.435011][T11306]  ? lockdep_hardirqs_on+0x78/0x100
[  592.435033][T11306]  hci_rx_work+0x451/0xfc0
[  592.435060][T11306]  process_one_work+0x9d7/0x1920
[  592.435090][T11306]  ? __pfx_process_one_work+0x10/0x10
[  592.435118][T11306]  ? __pfx_hci_rx_work+0x10/0x10
[  592.435135][T11306]  worker_thread+0x5da/0xe40
[  592.435161][T11306]  ? __pfx_worker_thread+0x10/0x10
[  592.435182][T11306]  ? kthread+0x13a/0x450
[  592.435203][T11306]  ? __pfx_worker_thread+0x10/0x10
[  592.435222][T11306]  kthread+0x370/0x450
[  592.435240][T11306]  ? __pfx_kthread+0x10/0x10
[  592.435260][T11306]  ret_from_fork+0x754/0xd80
[  592.435282][T11306]  ? __pfx_ret_from_fork+0x10/0x10
[  592.435313][T11306]  ? __switch_to+0x7b4/0x1120
[  592.435330][T11306]  ? __pfx_kthread+0x10/0x10
[  592.435350][T11306]  ret_from_fork_asm+0x1a/0x30
[  592.435377][T11306]  </TASK>
[  592.435402][T11306] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  592.743091][T10057] Bluetooth: hci3: command 0x0406 tx timeout
[  592.750365][T10057] Bluetooth: hci2: command 0x0406 tx timeout
[  592.772443][T11306] Bluetooth: hci0: failed to register connection device
[  594.454253][T11306] Bluetooth: hci0: command 0x0406 tx timeout
[  594.709767][T11306] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  594.720823][T11306] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  594.732661][T11306] CPU: 0 UID: 0 PID: 11306 Comm: kworker/u11:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  594.732686][T11306] Tainted: [L]=SOFTLOCKUP
[  594.732692][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  594.732703][T11306] Workqueue: hci2 hci_rx_work
[  594.732723][T11306] Call Trace:
[  594.732729][T11306]  <TASK>
[  594.732735][T11306]  dump_stack_lvl+0x100/0x190
[  594.732759][T11306]  sysfs_warn_dup.cold+0x1c/0x28
[  594.732782][T11306]  sysfs_create_dir_ns+0x24b/0x2b0
[  594.732803][T11306]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  594.732822][T11306]  ? find_held_lock+0x2b/0x80
[  594.732837][T11306]  ? kobject_add_internal+0x25f/0x930
[  594.732859][T11306]  ? kobject_add_internal+0x25f/0x930
[  594.732881][T11306]  ? do_raw_spin_unlock+0x145/0x1e0
[  594.732903][T11306]  kobject_add_internal+0x2c8/0x930
[  594.732927][T11306]  kobject_add+0x16a/0x1e0
[  594.732947][T11306]  ? __pfx_kobject_add+0x10/0x10
[  594.732966][T11306]  ? class_to_subsys+0x10f/0x150
[  594.732984][T11306]  ? kobject_put+0xb9/0x640
[  594.733002][T11306]  ? _raw_spin_unlock+0x28/0x50
[  594.733035][T11306]  device_add+0x294/0x1950
[  594.733051][T11306]  ? __pfx_dev_set_name+0x10/0x10
[  594.733069][T11306]  ? __pfx_device_add+0x10/0x10
[  594.733084][T11306]  ? mgmt_send_event_skb+0x2fb/0x460
[  594.733107][T11306]  hci_conn_add_sysfs+0x1a3/0x260
[  594.733126][T11306]  le_conn_complete_evt+0x11cb/0x1f40
[  594.733147][T11306]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  594.733161][T11306]  ? __pfx_bt_warn+0x10/0x10
[  594.733182][T11306]  hci_le_conn_complete_evt+0x23c/0x3a0
[  594.733198][T11306]  ? skb_pull_data+0x15f/0x1e0
[  594.733223][T11306]  hci_le_meta_evt+0x34a/0x5f0
[  594.733240][T11306]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  594.733258][T11306]  hci_event_packet+0x682/0x11c0
[  594.733273][T11306]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  594.733290][T11306]  ? __pfx_hci_event_packet+0x10/0x10
[  594.733307][T11306]  ? kcov_remote_start+0x374/0x660
[  594.733322][T11306]  ? lockdep_hardirqs_on+0x78/0x100
[  594.733387][T11306]  hci_rx_work+0x451/0xfc0
[  594.733409][T11306]  process_one_work+0x9d7/0x1920
[  594.733440][T11306]  ? __pfx_process_one_work+0x10/0x10
[  594.733466][T11306]  ? __pfx_hci_rx_work+0x10/0x10
[  594.733482][T11306]  worker_thread+0x5da/0xe40
[  594.733508][T11306]  ? __pfx_worker_thread+0x10/0x10
[  594.733538][T11306]  ? kthread+0x13a/0x450
[  594.733559][T11306]  ? __pfx_worker_thread+0x10/0x10
[  594.733578][T11306]  kthread+0x370/0x450
[  594.733596][T11306]  ? __pfx_kthread+0x10/0x10
[  594.733616][T11306]  ret_from_fork+0x754/0xd80
[  594.733638][T11306]  ? __pfx_ret_from_fork+0x10/0x10
[  594.733661][T11306]  ? __switch_to+0x7b4/0x1120
[  594.733677][T11306]  ? __pfx_kthread+0x10/0x10
[  594.733696][T11306]  ret_from_fork_asm+0x1a/0x30
[  594.733722][T11306]  </TASK>
[  594.733745][T11306] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  595.045217][T11353] Bluetooth: hci3: command 0x0406 tx timeout
[  595.060636][T11306] Bluetooth: hci2: failed to register connection device
[  595.070372][T11306] Bluetooth: hci2: command 0x0406 tx timeout
[  595.965877][T11306] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  595.974203][T11306] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  595.986364][T11306] CPU: 0 UID: 0 PID: 11306 Comm: kworker/u11:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  595.986389][T11306] Tainted: [L]=SOFTLOCKUP
[  595.986395][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  595.986406][T11306] Workqueue: hci2 hci_rx_work
[  595.986427][T11306] Call Trace:
[  595.986432][T11306]  <TASK>
[  595.986438][T11306]  dump_stack_lvl+0x100/0x190
[  595.986464][T11306]  sysfs_warn_dup.cold+0x1c/0x28
[  595.986489][T11306]  sysfs_create_dir_ns+0x24b/0x2b0
[  595.986513][T11306]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  595.986531][T11306]  ? find_held_lock+0x2b/0x80
[  595.986546][T11306]  ? kobject_add_internal+0x25f/0x930
[  595.986567][T11306]  ? kobject_add_internal+0x25f/0x930
[  595.986589][T11306]  ? do_raw_spin_unlock+0x145/0x1e0
[  595.986611][T11306]  kobject_add_internal+0x2c8/0x930
[  595.986635][T11306]  kobject_add+0x16a/0x1e0
[  595.986655][T11306]  ? __pfx_kobject_add+0x10/0x10
[  595.986674][T11306]  ? class_to_subsys+0x10f/0x150
[  595.986693][T11306]  ? kobject_put+0xb9/0x640
[  595.986710][T11306]  ? _raw_spin_unlock+0x28/0x50
[  595.986730][T11306]  device_add+0x294/0x1950
[  595.986745][T11306]  ? __pfx_dev_set_name+0x10/0x10
[  595.986763][T11306]  ? __pfx_device_add+0x10/0x10
[  595.986778][T11306]  ? mgmt_send_event_skb+0x2fb/0x460
[  595.986800][T11306]  hci_conn_add_sysfs+0x1a3/0x260
[  595.986818][T11306]  le_conn_complete_evt+0x11cb/0x1f40
[  595.986839][T11306]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  595.986853][T11306]  ? __pfx_bt_warn+0x10/0x10
[  595.986874][T11306]  hci_le_conn_complete_evt+0x23c/0x3a0
[  595.986890][T11306]  ? skb_pull_data+0x15f/0x1e0
[  595.986915][T11306]  hci_le_meta_evt+0x34a/0x5f0
[  595.986932][T11306]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  595.986950][T11306]  hci_event_packet+0x682/0x11c0
[  595.986965][T11306]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  595.986983][T11306]  ? __pfx_hci_event_packet+0x10/0x10
[  595.987011][T11306]  ? kcov_remote_start+0x374/0x660
[  595.987026][T11306]  ? lockdep_hardirqs_on+0x78/0x100
[  595.987050][T11306]  hci_rx_work+0x451/0xfc0
[  595.987069][T11306]  process_one_work+0x9d7/0x1920
[  595.987097][T11306]  ? __pfx_process_one_work+0x10/0x10
[  595.987124][T11306]  ? __pfx_hci_rx_work+0x10/0x10
[  595.987140][T11306]  worker_thread+0x5da/0xe40
[  595.987165][T11306]  ? __pfx_worker_thread+0x10/0x10
[  595.987186][T11306]  ? kthread+0x13a/0x450
[  595.987203][T11306]  ? __pfx_worker_thread+0x10/0x10
[  595.987222][T11306]  kthread+0x370/0x450
[  595.987240][T11306]  ? __pfx_kthread+0x10/0x10
[  595.987260][T11306]  ret_from_fork+0x754/0xd80
[  595.987283][T11306]  ? __pfx_ret_from_fork+0x10/0x10
[  595.987305][T11306]  ? __switch_to+0x7b4/0x1120
[  595.987321][T11306]  ? __pfx_kthread+0x10/0x10
[  595.987341][T11306]  ret_from_fork_asm+0x1a/0x30
[  595.987368][T11306]  </TASK>
[  595.987389][T11306] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  596.304002][T11306] Bluetooth: hci2: failed to register connection device
[  596.535331][T11306] Bluetooth: hci0: command 0x0406 tx timeout
[  597.018632][T11306] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  597.026919][T11306] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  597.036724][T11306] CPU: 0 UID: 0 PID: 11306 Comm: kworker/u11:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  597.036751][T11306] Tainted: [L]=SOFTLOCKUP
[  597.036756][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  597.036767][T11306] Workqueue: hci2 hci_rx_work
[  597.036787][T11306] Call Trace:
[  597.036792][T11306]  <TASK>
[  597.036798][T11306]  dump_stack_lvl+0x100/0x190
[  597.036923][T11306]  sysfs_warn_dup.cold+0x1c/0x28
[  597.036946][T11306]  sysfs_create_dir_ns+0x24b/0x2b0
[  597.036968][T11306]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  597.036986][T11306]  ? find_held_lock+0x2b/0x80
[  597.037001][T11306]  ? kobject_add_internal+0x25f/0x930
[  597.037022][T11306]  ? kobject_add_internal+0x25f/0x930
[  597.037044][T11306]  ? do_raw_spin_unlock+0x145/0x1e0
[  597.037068][T11306]  kobject_add_internal+0x2c8/0x930
[  597.037093][T11306]  kobject_add+0x16a/0x1e0
[  597.037113][T11306]  ? __pfx_kobject_add+0x10/0x10
[  597.037133][T11306]  ? class_to_subsys+0x10f/0x150
[  597.037151][T11306]  ? kobject_put+0xb9/0x640
[  597.037169][T11306]  ? _raw_spin_unlock+0x28/0x50
[  597.037189][T11306]  device_add+0x294/0x1950
[  597.037203][T11306]  ? __pfx_dev_set_name+0x10/0x10
[  597.037222][T11306]  ? __pfx_device_add+0x10/0x10
[  597.037238][T11306]  ? mgmt_send_event_skb+0x2fb/0x460
[  597.037259][T11306]  hci_conn_add_sysfs+0x1a3/0x260
[  597.037278][T11306]  le_conn_complete_evt+0x11cb/0x1f40
[  597.037298][T11306]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  597.037312][T11306]  ? __pfx_bt_warn+0x10/0x10
[  597.037333][T11306]  hci_le_conn_complete_evt+0x23c/0x3a0
[  597.037350][T11306]  ? skb_pull_data+0x15f/0x1e0
[  597.037374][T11306]  hci_le_meta_evt+0x34a/0x5f0
[  597.037391][T11306]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  597.037410][T11306]  hci_event_packet+0x682/0x11c0
[  597.037425][T11306]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  597.037442][T11306]  ? __pfx_hci_event_packet+0x10/0x10
[  597.037459][T11306]  ? kcov_remote_start+0x374/0x660
[  597.037474][T11306]  ? lockdep_hardirqs_on+0x78/0x100
[  597.037496][T11306]  hci_rx_work+0x451/0xfc0
[  597.037514][T11306]  process_one_work+0x9d7/0x1920
[  597.037543][T11306]  ? __pfx_process_one_work+0x10/0x10
[  597.037569][T11306]  ? __pfx_hci_rx_work+0x10/0x10
[  597.037586][T11306]  worker_thread+0x5da/0xe40
[  597.037611][T11306]  ? __pfx_worker_thread+0x10/0x10
[  597.037632][T11306]  ? kthread+0x13a/0x450
[  597.037649][T11306]  ? __pfx_worker_thread+0x10/0x10
[  597.037668][T11306]  kthread+0x370/0x450
[  597.037685][T11306]  ? __pfx_kthread+0x10/0x10
[  597.037705][T11306]  ret_from_fork+0x754/0xd80
[  597.037728][T11306]  ? __pfx_ret_from_fork+0x10/0x10
[  597.037750][T11306]  ? __switch_to+0x7b4/0x1120
[  597.037767][T11306]  ? __pfx_kthread+0x10/0x10
[  597.037786][T11306]  ret_from_fork_asm+0x1a/0x30
[  597.037813][T11306]  </TASK>
[  597.037842][T11306] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  597.348559][T10030] Bluetooth: hci3: command 0x0406 tx timeout
[  597.370337][T11306] Bluetooth: hci2: failed to register connection device
[  597.382709][T11306] Bluetooth: hci2: command 0x0406 tx timeout
[  597.978603][T10083] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  598.498940][T10083] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  598.616304][T11306] Bluetooth: hci0: command 0x0406 tx timeout
[  599.219137][T11306] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  599.229156][T11306] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[  599.239784][T11306] CPU: 0 UID: 0 PID: 11306 Comm: kworker/u11:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  599.239813][T11306] Tainted: [L]=SOFTLOCKUP
[  599.239819][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  599.239831][T11306] Workqueue: hci0 hci_rx_work
[  599.239852][T11306] Call Trace:
[  599.239858][T11306]  <TASK>
[  599.239864][T11306]  dump_stack_lvl+0x100/0x190
[  599.239890][T11306]  sysfs_warn_dup.cold+0x1c/0x28
[  599.239913][T11306]  sysfs_create_dir_ns+0x24b/0x2b0
[  599.239935][T11306]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  599.239953][T11306]  ? find_held_lock+0x2b/0x80
[  599.239967][T11306]  ? kobject_add_internal+0x25f/0x930
[  599.239988][T11306]  ? kobject_add_internal+0x25f/0x930
[  599.240010][T11306]  ? do_raw_spin_unlock+0x145/0x1e0
[  599.240032][T11306]  kobject_add_internal+0x2c8/0x930
[  599.240055][T11306]  kobject_add+0x16a/0x1e0
[  599.240075][T11306]  ? __pfx_kobject_add+0x10/0x10
[  599.240094][T11306]  ? class_to_subsys+0x10f/0x150
[  599.240116][T11306]  ? kobject_put+0xb9/0x640
[  599.240134][T11306]  ? _raw_spin_unlock+0x28/0x50
[  599.240155][T11306]  device_add+0x294/0x1950
[  599.240169][T11306]  ? __pfx_dev_set_name+0x10/0x10
[  599.240187][T11306]  ? __pfx_device_add+0x10/0x10
[  599.240201][T11306]  ? mgmt_send_event_skb+0x2fb/0x460
[  599.240222][T11306]  hci_conn_add_sysfs+0x1a3/0x260
[  599.240241][T11306]  le_conn_complete_evt+0x11cb/0x1f40
[  599.240261][T11306]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  599.240275][T11306]  ? __pfx_bt_warn+0x10/0x10
[  599.240296][T11306]  hci_le_conn_complete_evt+0x23c/0x3a0
[  599.240313][T11306]  ? skb_pull_data+0x15f/0x1e0
[  599.240337][T11306]  hci_le_meta_evt+0x34a/0x5f0
[  599.240354][T11306]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  599.240372][T11306]  hci_event_packet+0x682/0x11c0
[  599.240388][T11306]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  599.240405][T11306]  ? __pfx_hci_event_packet+0x10/0x10
[  599.240422][T11306]  ? kcov_remote_start+0x374/0x660
[  599.240436][T11306]  ? lockdep_hardirqs_on+0x78/0x100
[  599.240458][T11306]  hci_rx_work+0x451/0xfc0
[  599.240476][T11306]  process_one_work+0x9d7/0x1920
[  599.240505][T11306]  ? __pfx_process_one_work+0x10/0x10
[  599.240531][T11306]  ? __pfx_hci_rx_work+0x10/0x10
[  599.240548][T11306]  worker_thread+0x5da/0xe40
[  599.240573][T11306]  ? __pfx_worker_thread+0x10/0x10
[  599.240601][T11306]  ? kthread+0x13a/0x450
[  599.240629][T11306]  ? __pfx_worker_thread+0x10/0x10
[  599.240649][T11306]  kthread+0x370/0x450
[  599.240668][T11306]  ? __pfx_kthread+0x10/0x10
[  599.240688][T11306]  ret_from_fork+0x754/0xd80
[  599.240712][T11306]  ? __pfx_ret_from_fork+0x10/0x10
[  599.240740][T11306]  ? __switch_to+0x7b4/0x1120
[  599.240757][T11306]  ? __pfx_kthread+0x10/0x10
[  599.240777][T11306]  ret_from_fork_asm+0x1a/0x30
[  599.240805][T11306]  </TASK>
[  599.240827][T11306] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  599.548265][T10057] Bluetooth: hci2: command 0x0406 tx timeout
[  599.554961][T10057] Bluetooth: hci3: command 0x0406 tx timeout
[  599.566714][T11306] Bluetooth: hci0: failed to register connection device
[  600.111782][T11793] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  600.484577][T11306] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  600.492907][T11306] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[  600.502559][T11306] CPU: 0 UID: 0 PID: 11306 Comm: kworker/u11:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  600.502586][T11306] Tainted: [L]=SOFTLOCKUP
[  600.502592][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  600.502627][T11306] Workqueue: hci0 hci_rx_work
[  600.502647][T11306] Call Trace:
[  600.502655][T11306]  <TASK>
[  600.502662][T11306]  dump_stack_lvl+0x100/0x190
[  600.502687][T11306]  sysfs_warn_dup.cold+0x1c/0x28
[  600.502708][T11306]  sysfs_create_dir_ns+0x24b/0x2b0
[  600.502730][T11306]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  600.502749][T11306]  ? find_held_lock+0x2b/0x80
[  600.502763][T11306]  ? kobject_add_internal+0x25f/0x930
[  600.502783][T11306]  ? kobject_add_internal+0x25f/0x930
[  600.502805][T11306]  ? do_raw_spin_unlock+0x145/0x1e0
[  600.502829][T11306]  kobject_add_internal+0x2c8/0x930
[  600.502854][T11306]  kobject_add+0x16a/0x1e0
[  600.502875][T11306]  ? __pfx_kobject_add+0x10/0x10
[  600.502893][T11306]  ? class_to_subsys+0x10f/0x150
[  600.502912][T11306]  ? kobject_put+0xb9/0x640
[  600.502935][T11306]  ? _raw_spin_unlock+0x28/0x50
[  600.502957][T11306]  device_add+0x294/0x1950
[  600.502972][T11306]  ? __pfx_dev_set_name+0x10/0x10
[  600.502991][T11306]  ? __pfx_device_add+0x10/0x10
[  600.503006][T11306]  ? mgmt_send_event_skb+0x2fb/0x460
[  600.503027][T11306]  hci_conn_add_sysfs+0x1a3/0x260
[  600.503047][T11306]  le_conn_complete_evt+0x11cb/0x1f40
[  600.503067][T11306]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  600.503081][T11306]  ? __pfx_bt_warn+0x10/0x10
[  600.503102][T11306]  hci_le_conn_complete_evt+0x23c/0x3a0
[  600.503118][T11306]  ? skb_pull_data+0x15f/0x1e0
[  600.503142][T11306]  hci_le_meta_evt+0x34a/0x5f0
[  600.503159][T11306]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  600.503177][T11306]  hci_event_packet+0x682/0x11c0
[  600.503193][T11306]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  600.503209][T11306]  ? __pfx_hci_event_packet+0x10/0x10
[  600.503227][T11306]  ? kcov_remote_start+0x374/0x660
[  600.503241][T11306]  ? lockdep_hardirqs_on+0x78/0x100
[  600.503263][T11306]  hci_rx_work+0x451/0xfc0
[  600.503285][T11306]  process_one_work+0x9d7/0x1920
[  600.503314][T11306]  ? __pfx_process_one_work+0x10/0x10
[  600.503341][T11306]  ? __pfx_hci_rx_work+0x10/0x10
[  600.503358][T11306]  worker_thread+0x5da/0xe40
[  600.503383][T11306]  ? __pfx_worker_thread+0x10/0x10
[  600.503403][T11306]  ? kthread+0x13a/0x450
[  600.503421][T11306]  ? __pfx_worker_thread+0x10/0x10
[  600.503440][T11306]  kthread+0x370/0x450
[  600.503458][T11306]  ? __pfx_kthread+0x10/0x10
[  600.503477][T11306]  ret_from_fork+0x754/0xd80
[  600.503500][T11306]  ? __pfx_ret_from_fork+0x10/0x10
[  600.503522][T11306]  ? __switch_to+0x7b4/0x1120
[  600.503538][T11306]  ? __pfx_kthread+0x10/0x10
[  600.503558][T11306]  ret_from_fork_asm+0x1a/0x30
[  600.503584][T11306]  </TASK>
[  600.503614][T11306] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  600.807306][T10057] Bluetooth: hci1: command 0x0406 tx timeout
[  600.837441][T11306] Bluetooth: hci0: failed to register connection device
[  600.846328][T11306] Bluetooth: hci0: command 0x0406 tx timeout
[  601.209130][T11306] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  601.217165][T11306] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  601.227728][T11306] CPU: 0 UID: 0 PID: 11306 Comm: kworker/u11:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  601.227753][T11306] Tainted: [L]=SOFTLOCKUP
[  601.227758][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  601.227778][T11306] Workqueue: hci2 hci_rx_work
[  601.227802][T11306] Call Trace:
[  601.227808][T11306]  <TASK>
[  601.227814][T11306]  dump_stack_lvl+0x100/0x190
[  601.227838][T11306]  sysfs_warn_dup.cold+0x1c/0x28
[  601.227862][T11306]  sysfs_create_dir_ns+0x24b/0x2b0
[  601.227888][T11306]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  601.227911][T11306]  ? find_held_lock+0x2b/0x80
[  601.227924][T11306]  ? kobject_add_internal+0x25f/0x930
[  601.227945][T11306]  ? kobject_add_internal+0x25f/0x930
[  601.227967][T11306]  ? do_raw_spin_unlock+0x145/0x1e0
[  601.227991][T11306]  kobject_add_internal+0x2c8/0x930
[  601.228015][T11306]  kobject_add+0x16a/0x1e0
[  601.228035][T11306]  ? __pfx_kobject_add+0x10/0x10
[  601.228054][T11306]  ? class_to_subsys+0x10f/0x150
[  601.228073][T11306]  ? kobject_put+0xb9/0x640
[  601.228090][T11306]  ? _raw_spin_unlock+0x28/0x50
[  601.228110][T11306]  device_add+0x294/0x1950
[  601.228125][T11306]  ? __pfx_dev_set_name+0x10/0x10
[  601.228142][T11306]  ? __pfx_device_add+0x10/0x10
[  601.228157][T11306]  ? mgmt_send_event_skb+0x2fb/0x460
[  601.228177][T11306]  hci_conn_add_sysfs+0x1a3/0x260
[  601.228196][T11306]  le_conn_complete_evt+0x11cb/0x1f40
[  601.228216][T11306]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  601.228230][T11306]  ? __pfx_bt_warn+0x10/0x10
[  601.228251][T11306]  hci_le_conn_complete_evt+0x23c/0x3a0
[  601.228267][T11306]  ? skb_pull_data+0x15f/0x1e0
[  601.228293][T11306]  hci_le_meta_evt+0x34a/0x5f0
[  601.228309][T11306]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  601.228328][T11306]  hci_event_packet+0x682/0x11c0
[  601.228343][T11306]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  601.228361][T11306]  ? __pfx_hci_event_packet+0x10/0x10
[  601.228378][T11306]  ? kcov_remote_start+0x374/0x660
[  601.228400][T11306]  ? lockdep_hardirqs_on+0x78/0x100
[  601.228424][T11306]  hci_rx_work+0x451/0xfc0
[  601.228443][T11306]  process_one_work+0x9d7/0x1920
[  601.228473][T11306]  ? __pfx_process_one_work+0x10/0x10
[  601.228500][T11306]  ? __pfx_hci_rx_work+0x10/0x10
[  601.228517][T11306]  worker_thread+0x5da/0xe40
[  601.228542][T11306]  ? __pfx_worker_thread+0x10/0x10
[  601.228563][T11306]  ? kthread+0x13a/0x450
[  601.228581][T11306]  ? __pfx_worker_thread+0x10/0x10
[  601.228599][T11306]  kthread+0x370/0x450
[  601.228617][T11306]  ? __pfx_kthread+0x10/0x10
[  601.228637][T11306]  ret_from_fork+0x754/0xd80
[  601.228660][T11306]  ? __pfx_ret_from_fork+0x10/0x10
[  601.228682][T11306]  ? __switch_to+0x7b4/0x1120
[  601.228698][T11306]  ? __pfx_kthread+0x10/0x10
[  601.228718][T11306]  ret_from_fork_asm+0x1a/0x30
[  601.228744][T11306]  </TASK>
[  601.228765][T11306] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  601.540232][T11306] Bluetooth: hci2: failed to register connection device
[  601.578283][T10057] Bluetooth: hci2: command 0x0406 tx timeout
[  601.585178][T10030] Bluetooth: hci3: command 0x0406 tx timeout
[  602.831097][   T30] audit: type=1800 audit(1773202005.640:15): pid=11843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1151" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0
[  602.882958][T11306] Bluetooth: hci0: command 0x0406 tx timeout
[  602.891294][T10057] Bluetooth: hci1: command 0x0406 tx timeout
[  603.181906][T11845] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1153'.
[  603.229376][T11845] netlink: 'syz.2.1153': attribute type 1 has an invalid length.
[  603.268781][T11845] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1153'.
[  603.659129][T10083] Bluetooth: hci2: command 0x0406 tx timeout
[  604.271998][T11353] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  604.280196][T11353] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  604.290435][T11353] CPU: 0 UID: 0 PID: 11353 Comm: kworker/u11:6 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  604.290460][T11353] Tainted: [L]=SOFTLOCKUP
[  604.290466][T11353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  604.290477][T11353] Workqueue: hci2 hci_rx_work
[  604.290497][T11353] Call Trace:
[  604.290503][T11353]  <TASK>
[  604.290509][T11353]  dump_stack_lvl+0x100/0x190
[  604.290535][T11353]  sysfs_warn_dup.cold+0x1c/0x28
[  604.290557][T11353]  sysfs_create_dir_ns+0x24b/0x2b0
[  604.290578][T11353]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  604.290597][T11353]  ? find_held_lock+0x2b/0x80
[  604.290611][T11353]  ? kobject_add_internal+0x25f/0x930
[  604.290632][T11353]  ? kobject_add_internal+0x25f/0x930
[  604.290658][T11353]  ? do_raw_spin_unlock+0x145/0x1e0
[  604.290681][T11353]  kobject_add_internal+0x2c8/0x930
[  604.290705][T11353]  kobject_add+0x16a/0x1e0
[  604.290725][T11353]  ? __pfx_kobject_add+0x10/0x10
[  604.290745][T11353]  ? class_to_subsys+0x10f/0x150
[  604.290763][T11353]  ? kobject_put+0xb9/0x640
[  604.290781][T11353]  ? _raw_spin_unlock+0x28/0x50
[  604.290801][T11353]  device_add+0x294/0x1950
[  604.290816][T11353]  ? __pfx_dev_set_name+0x10/0x10
[  604.290833][T11353]  ? __pfx_device_add+0x10/0x10
[  604.290847][T11353]  ? mgmt_send_event_skb+0x2fb/0x460
[  604.290868][T11353]  hci_conn_add_sysfs+0x1a3/0x260
[  604.290887][T11353]  le_conn_complete_evt+0x11cb/0x1f40
[  604.290907][T11353]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  604.290921][T11353]  ? __pfx_bt_warn+0x10/0x10
[  604.290942][T11353]  hci_le_conn_complete_evt+0x23c/0x3a0
[  604.290958][T11353]  ? skb_pull_data+0x15f/0x1e0
[  604.290984][T11353]  hci_le_meta_evt+0x34a/0x5f0
[  604.291000][T11353]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  604.291018][T11353]  hci_event_packet+0x682/0x11c0
[  604.291034][T11353]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  604.291052][T11353]  ? __pfx_hci_event_packet+0x10/0x10
[  604.291069][T11353]  ? kcov_remote_start+0x374/0x660
[  604.291083][T11353]  ? lockdep_hardirqs_on+0x78/0x100
[  604.291105][T11353]  hci_rx_work+0x451/0xfc0
[  604.291124][T11353]  process_one_work+0x9d7/0x1920
[  604.291163][T11353]  ? __pfx_process_one_work+0x10/0x10
[  604.291191][T11353]  ? __pfx_hci_rx_work+0x10/0x10
[  604.291207][T11353]  worker_thread+0x5da/0xe40
[  604.291233][T11353]  ? __pfx_worker_thread+0x10/0x10
[  604.291255][T11353]  ? kthread+0x13a/0x450
[  604.291273][T11353]  ? __pfx_worker_thread+0x10/0x10
[  604.291292][T11353]  kthread+0x370/0x450
[  604.291310][T11353]  ? __pfx_kthread+0x10/0x10
[  604.291330][T11353]  ret_from_fork+0x754/0xd80
[  604.291352][T11353]  ? __pfx_ret_from_fork+0x10/0x10
[  604.291373][T11353]  ? rcu_is_watching+0x12/0xc0
[  604.291394][T11353]  ? __switch_to+0x7b4/0x1120
[  604.291411][T11353]  ? __pfx_kthread+0x10/0x10
[  604.291430][T11353]  ret_from_fork_asm+0x1a/0x30
[  604.291457][T11353]  </TASK>
[  604.291487][T11353] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  604.601871][T11353] Bluetooth: hci2: failed to register connection device
[  604.940553][T11353] Bluetooth: hci0: command 0x0406 tx timeout
[  605.245285][T11353] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  605.678954][T11888] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1163'.
[  605.718955][T11888] netlink: 'syz.1.1163': attribute type 1 has an invalid length.
[  605.739887][T11353] Bluetooth: hci2: command 0x0406 tx timeout
[  605.755125][T11888] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1163'.
[  606.432603][T11353] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  607.023275][T10030] Bluetooth: hci0: command 0x0406 tx timeout
[  607.260670][T11306] Bluetooth: hci1: command 0x0406 tx timeout
[  607.485825][T10030] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  607.493677][T10030] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  607.503174][T10030] CPU: 0 UID: 0 PID: 10030 Comm: kworker/u11:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  607.503202][T10030] Tainted: [L]=SOFTLOCKUP
[  607.503207][T10030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  607.503218][T10030] Workqueue: hci3 hci_rx_work
[  607.503238][T10030] Call Trace:
[  607.503244][T10030]  <TASK>
[  607.503252][T10030]  dump_stack_lvl+0x100/0x190
[  607.503278][T10030]  sysfs_warn_dup.cold+0x1c/0x28
[  607.503302][T10030]  sysfs_create_dir_ns+0x24b/0x2b0
[  607.503324][T10030]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  607.503343][T10030]  ? find_held_lock+0x2b/0x80
[  607.503358][T10030]  ? kobject_add_internal+0x25f/0x930
[  607.503379][T10030]  ? kobject_add_internal+0x25f/0x930
[  607.503402][T10030]  ? do_raw_spin_unlock+0x145/0x1e0
[  607.503425][T10030]  kobject_add_internal+0x2c8/0x930
[  607.503448][T10030]  kobject_add+0x16a/0x1e0
[  607.503469][T10030]  ? __pfx_kobject_add+0x10/0x10
[  607.503491][T10030]  ? class_to_subsys+0x10f/0x150
[  607.503510][T10030]  ? kobject_put+0xb9/0x640
[  607.503528][T10030]  ? _raw_spin_unlock+0x28/0x50
[  607.503548][T10030]  device_add+0x294/0x1950
[  607.503562][T10030]  ? __pfx_dev_set_name+0x10/0x10
[  607.503580][T10030]  ? __pfx_device_add+0x10/0x10
[  607.503594][T10030]  ? mgmt_send_event_skb+0x2fb/0x460
[  607.503615][T10030]  hci_conn_add_sysfs+0x1a3/0x260
[  607.503633][T10030]  le_conn_complete_evt+0x11cb/0x1f40
[  607.503653][T10030]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  607.503667][T10030]  ? __pfx_bt_warn+0x10/0x10
[  607.503689][T10030]  hci_le_conn_complete_evt+0x23c/0x3a0
[  607.503705][T10030]  ? skb_pull_data+0x15f/0x1e0
[  607.503730][T10030]  hci_le_meta_evt+0x34a/0x5f0
[  607.503746][T10030]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  607.503764][T10030]  hci_event_packet+0x682/0x11c0
[  607.503780][T10030]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  607.503797][T10030]  ? __pfx_hci_event_packet+0x10/0x10
[  607.503814][T10030]  ? kcov_remote_start+0x374/0x660
[  607.503828][T10030]  ? lockdep_hardirqs_on+0x78/0x100
[  607.503854][T10030]  hci_rx_work+0x451/0xfc0
[  607.503881][T10030]  process_one_work+0x9d7/0x1920
[  607.503912][T10030]  ? __pfx_process_one_work+0x10/0x10
[  607.503941][T10030]  ? __pfx_hci_rx_work+0x10/0x10
[  607.503958][T10030]  worker_thread+0x5da/0xe40
[  607.503986][T10030]  ? kthread+0x13a/0x450
[  607.504003][T10030]  ? __pfx_worker_thread+0x10/0x10
[  607.504022][T10030]  kthread+0x370/0x450
[  607.504040][T10030]  ? __pfx_kthread+0x10/0x10
[  607.504059][T10030]  ret_from_fork+0x754/0xd80
[  607.504082][T10030]  ? __pfx_ret_from_fork+0x10/0x10
[  607.504104][T10030]  ? __switch_to+0x7b4/0x1120
[  607.504120][T10030]  ? __pfx_kthread+0x10/0x10
[  607.504140][T10030]  ret_from_fork_asm+0x1a/0x30
[  607.504166][T10030]  </TASK>
[  607.504188][T10030] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  607.834635][T10083] Bluetooth: hci2: command 0x0406 tx timeout
[  607.842274][T10030] Bluetooth: hci3: failed to register connection device
[  608.461677][T10030] Bluetooth: hci3: command 0x0406 tx timeout
[  609.102668][T10030] Bluetooth: hci0: command 0x0406 tx timeout
[  609.341849][T10030] Bluetooth: hci1: command 0x0406 tx timeout
[  609.398428][T11306] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  609.406703][T11306] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  609.417032][T11306] CPU: 0 UID: 0 PID: 11306 Comm: kworker/u11:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  609.417058][T11306] Tainted: [L]=SOFTLOCKUP
[  609.417064][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  609.417074][T11306] Workqueue: hci3 hci_rx_work
[  609.417095][T11306] Call Trace:
[  609.417100][T11306]  <TASK>
[  609.417106][T11306]  dump_stack_lvl+0x100/0x190
[  609.417131][T11306]  sysfs_warn_dup.cold+0x1c/0x28
[  609.417201][T11306]  sysfs_create_dir_ns+0x24b/0x2b0
[  609.417223][T11306]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  609.417243][T11306]  ? find_held_lock+0x2b/0x80
[  609.417257][T11306]  ? kobject_add_internal+0x25f/0x930
[  609.417279][T11306]  ? kobject_add_internal+0x25f/0x930
[  609.417301][T11306]  ? do_raw_spin_unlock+0x145/0x1e0
[  609.417324][T11306]  kobject_add_internal+0x2c8/0x930
[  609.417349][T11306]  kobject_add+0x16a/0x1e0
[  609.417369][T11306]  ? __pfx_kobject_add+0x10/0x10
[  609.417388][T11306]  ? class_to_subsys+0x10f/0x150
[  609.417407][T11306]  ? kobject_put+0xb9/0x640
[  609.417424][T11306]  ? _raw_spin_unlock+0x28/0x50
[  609.417444][T11306]  device_add+0x294/0x1950
[  609.417466][T11306]  ? __pfx_dev_set_name+0x10/0x10
[  609.417485][T11306]  ? __pfx_device_add+0x10/0x10
[  609.417500][T11306]  ? mgmt_send_event_skb+0x2fb/0x460
[  609.417521][T11306]  hci_conn_add_sysfs+0x1a3/0x260
[  609.417541][T11306]  le_conn_complete_evt+0x11cb/0x1f40
[  609.417567][T11306]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  609.417581][T11306]  ? __pfx_bt_warn+0x10/0x10
[  609.417604][T11306]  hci_le_conn_complete_evt+0x23c/0x3a0
[  609.417621][T11306]  ? skb_pull_data+0x15f/0x1e0
[  609.417646][T11306]  hci_le_meta_evt+0x34a/0x5f0
[  609.417675][T11306]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  609.417710][T11306]  hci_event_packet+0x682/0x11c0
[  609.417742][T11306]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  609.417774][T11306]  ? __pfx_hci_event_packet+0x10/0x10
[  609.417792][T11306]  ? kcov_remote_start+0x374/0x660
[  609.417808][T11306]  ? lockdep_hardirqs_on+0x78/0x100
[  609.417831][T11306]  hci_rx_work+0x451/0xfc0
[  609.417850][T11306]  process_one_work+0x9d7/0x1920
[  609.417879][T11306]  ? __pfx_process_one_work+0x10/0x10
[  609.417905][T11306]  ? __pfx_hci_rx_work+0x10/0x10
[  609.417922][T11306]  worker_thread+0x5da/0xe40
[  609.417947][T11306]  ? __pfx_worker_thread+0x10/0x10
[  609.417969][T11306]  ? kthread+0x13a/0x450
[  609.417987][T11306]  ? __pfx_worker_thread+0x10/0x10
[  609.418006][T11306]  kthread+0x370/0x450
[  609.418024][T11306]  ? __pfx_kthread+0x10/0x10
[  609.418044][T11306]  ret_from_fork+0x754/0xd80
[  609.418066][T11306]  ? __pfx_ret_from_fork+0x10/0x10
[  609.418088][T11306]  ? __switch_to+0x7b4/0x1120
[  609.418104][T11306]  ? __pfx_kthread+0x10/0x10
[  609.418124][T11306]  ret_from_fork_asm+0x1a/0x30
[  609.418159][T11306]  </TASK>
[  609.418206][T11306] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  609.742192][T11306] Bluetooth: hci3: failed to register connection device
[  609.902651][T11306] Bluetooth: hci2: command 0x0406 tx timeout
[  610.542558][T11306] Bluetooth: hci3: command 0x0406 tx timeout
[  611.034523][T11306] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  611.184252][T11306] Bluetooth: hci0: command 0x0406 tx timeout
[  611.333329][T11270] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  611.984758][T11270] Bluetooth: hci2: command 0x0406 tx timeout
[  612.193300][T11270] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  612.201552][T11270] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  612.211330][T11270] CPU: 0 UID: 0 PID: 11270 Comm: kworker/u11:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  612.211357][T11270] Tainted: [L]=SOFTLOCKUP
[  612.211363][T11270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  612.211374][T11270] Workqueue: hci3 hci_rx_work
[  612.211395][T11270] Call Trace:
[  612.211400][T11270]  <TASK>
[  612.211408][T11270]  dump_stack_lvl+0x100/0x190
[  612.211434][T11270]  sysfs_warn_dup.cold+0x1c/0x28
[  612.211478][T11270]  sysfs_create_dir_ns+0x24b/0x2b0
[  612.211500][T11270]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  612.211520][T11270]  ? find_held_lock+0x2b/0x80
[  612.211535][T11270]  ? kobject_add_internal+0x25f/0x930
[  612.211556][T11270]  ? kobject_add_internal+0x25f/0x930
[  612.211578][T11270]  ? do_raw_spin_unlock+0x145/0x1e0
[  612.211601][T11270]  kobject_add_internal+0x2c8/0x930
[  612.211624][T11270]  kobject_add+0x16a/0x1e0
[  612.211644][T11270]  ? __pfx_kobject_add+0x10/0x10
[  612.211663][T11270]  ? class_to_subsys+0x10f/0x150
[  612.211682][T11270]  ? kobject_put+0xb9/0x640
[  612.211700][T11270]  ? _raw_spin_unlock+0x28/0x50
[  612.211720][T11270]  device_add+0x294/0x1950
[  612.211734][T11270]  ? __pfx_dev_set_name+0x10/0x10
[  612.211751][T11270]  ? __pfx_device_add+0x10/0x10
[  612.211765][T11270]  ? mgmt_send_event_skb+0x2fb/0x460
[  612.211786][T11270]  hci_conn_add_sysfs+0x1a3/0x260
[  612.211805][T11270]  le_conn_complete_evt+0x11cb/0x1f40
[  612.211825][T11270]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  612.211839][T11270]  ? __pfx_bt_warn+0x10/0x10
[  612.211860][T11270]  hci_le_conn_complete_evt+0x23c/0x3a0
[  612.211876][T11270]  ? skb_pull_data+0x15f/0x1e0
[  612.211901][T11270]  hci_le_meta_evt+0x34a/0x5f0
[  612.211917][T11270]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  612.211935][T11270]  hci_event_packet+0x682/0x11c0
[  612.211952][T11270]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  612.211972][T11270]  ? __pfx_hci_event_packet+0x10/0x10
[  612.211989][T11270]  ? kcov_remote_start+0x374/0x660
[  612.212003][T11270]  ? lockdep_hardirqs_on+0x78/0x100
[  612.212025][T11270]  hci_rx_work+0x451/0xfc0
[  612.212044][T11270]  process_one_work+0x9d7/0x1920
[  612.212072][T11270]  ? __pfx_process_one_work+0x10/0x10
[  612.212098][T11270]  ? __pfx_hci_rx_work+0x10/0x10
[  612.212115][T11270]  worker_thread+0x5da/0xe40
[  612.212140][T11270]  ? __pfx_worker_thread+0x10/0x10
[  612.212161][T11270]  ? kthread+0x13a/0x450
[  612.212178][T11270]  ? __pfx_worker_thread+0x10/0x10
[  612.212197][T11270]  kthread+0x370/0x450
[  612.212215][T11270]  ? __pfx_kthread+0x10/0x10
[  612.212235][T11270]  ret_from_fork+0x754/0xd80
[  612.212257][T11270]  ? __pfx_ret_from_fork+0x10/0x10
[  612.212279][T11270]  ? __switch_to+0x7b4/0x1120
[  612.212295][T11270]  ? __pfx_kthread+0x10/0x10
[  612.212315][T11270]  ret_from_fork_asm+0x1a/0x30
[  612.212341][T11270]  </TASK>
[  612.212386][T11270] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  612.525779][T11270] Bluetooth: hci3: failed to register connection device
[  612.624096][T11270] Bluetooth: hci3: command 0x0406 tx timeout
[  613.263729][T11270] Bluetooth: hci0: command 0x0406 tx timeout
[  613.326360][T11270] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  613.337241][T11270] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  613.347561][T11270] CPU: 0 UID: 0 PID: 11270 Comm: kworker/u11:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  613.347587][T11270] Tainted: [L]=SOFTLOCKUP
[  613.347593][T11270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  613.347604][T11270] Workqueue: hci3 hci_rx_work
[  613.347623][T11270] Call Trace:
[  613.347629][T11270]  <TASK>
[  613.347635][T11270]  dump_stack_lvl+0x100/0x190
[  613.347660][T11270]  sysfs_warn_dup.cold+0x1c/0x28
[  613.347682][T11270]  sysfs_create_dir_ns+0x24b/0x2b0
[  613.347703][T11270]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  613.347722][T11270]  ? find_held_lock+0x2b/0x80
[  613.347736][T11270]  ? kobject_add_internal+0x25f/0x930
[  613.347756][T11270]  ? kobject_add_internal+0x25f/0x930
[  613.347779][T11270]  ? do_raw_spin_unlock+0x145/0x1e0
[  613.347802][T11270]  kobject_add_internal+0x2c8/0x930
[  613.347834][T11270]  kobject_add+0x16a/0x1e0
[  613.347854][T11270]  ? __pfx_kobject_add+0x10/0x10
[  613.347873][T11270]  ? class_to_subsys+0x10f/0x150
[  613.347892][T11270]  ? kobject_put+0xb9/0x640
[  613.347909][T11270]  ? _raw_spin_unlock+0x28/0x50
[  613.347930][T11270]  device_add+0x294/0x1950
[  613.347945][T11270]  ? __pfx_dev_set_name+0x10/0x10
[  613.347962][T11270]  ? __pfx_device_add+0x10/0x10
[  613.347977][T11270]  ? mgmt_send_event_skb+0x2fb/0x460
[  613.347998][T11270]  hci_conn_add_sysfs+0x1a3/0x260
[  613.348016][T11270]  le_conn_complete_evt+0x11cb/0x1f40
[  613.348036][T11270]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  613.348050][T11270]  ? __pfx_bt_warn+0x10/0x10
[  613.348071][T11270]  hci_le_conn_complete_evt+0x23c/0x3a0
[  613.348087][T11270]  ? skb_pull_data+0x15f/0x1e0
[  613.348112][T11270]  hci_le_meta_evt+0x34a/0x5f0
[  613.348128][T11270]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  613.348147][T11270]  hci_event_packet+0x682/0x11c0
[  613.348162][T11270]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  613.348179][T11270]  ? __pfx_hci_event_packet+0x10/0x10
[  613.348197][T11270]  ? kcov_remote_start+0x374/0x660
[  613.348211][T11270]  ? lockdep_hardirqs_on+0x78/0x100
[  613.348233][T11270]  hci_rx_work+0x451/0xfc0
[  613.348251][T11270]  process_one_work+0x9d7/0x1920
[  613.348280][T11270]  ? __pfx_process_one_work+0x10/0x10
[  613.348306][T11270]  ? __pfx_hci_rx_work+0x10/0x10
[  613.348332][T11270]  worker_thread+0x5da/0xe40
[  613.348358][T11270]  ? __pfx_worker_thread+0x10/0x10
[  613.348380][T11270]  ? kthread+0x13a/0x450
[  613.348398][T11270]  ? __pfx_worker_thread+0x10/0x10
[  613.348417][T11270]  kthread+0x370/0x450
[  613.348436][T11270]  ? __pfx_kthread+0x10/0x10
[  613.348456][T11270]  ret_from_fork+0x754/0xd80
[  613.348479][T11270]  ? __pfx_ret_from_fork+0x10/0x10
[  613.348502][T11270]  ? __switch_to+0x7b4/0x1120
[  613.348518][T11270]  ? __pfx_kthread+0x10/0x10
[  613.348538][T11270]  ret_from_fork_asm+0x1a/0x30
[  613.348577][T11270]  </TASK>
[  613.348600][T11270] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  613.657288][T11306] Bluetooth: hci1: command 0x0406 tx timeout
[  613.668277][T11270] Bluetooth: hci3: failed to register connection device
[  614.064250][T11270] Bluetooth: hci2: command 0x0406 tx timeout
[  614.539757][T11270] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  614.547994][T11270] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0'
[  614.558231][T11270] CPU: 0 UID: 0 PID: 11270 Comm: kworker/u11:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  614.558257][T11270] Tainted: [L]=SOFTLOCKUP
[  614.558263][T11270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  614.558275][T11270] Workqueue: hci1 hci_rx_work
[  614.558296][T11270] Call Trace:
[  614.558301][T11270]  <TASK>
[  614.558307][T11270]  dump_stack_lvl+0x100/0x190
[  614.558331][T11270]  sysfs_warn_dup.cold+0x1c/0x28
[  614.558354][T11270]  sysfs_create_dir_ns+0x24b/0x2b0
[  614.558374][T11270]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  614.558393][T11270]  ? find_held_lock+0x2b/0x80
[  614.558407][T11270]  ? kobject_add_internal+0x25f/0x930
[  614.558428][T11270]  ? kobject_add_internal+0x25f/0x930
[  614.558450][T11270]  ? do_raw_spin_unlock+0x145/0x1e0
[  614.558474][T11270]  kobject_add_internal+0x2c8/0x930
[  614.558498][T11270]  kobject_add+0x16a/0x1e0
[  614.558517][T11270]  ? __pfx_kobject_add+0x10/0x10
[  614.558536][T11270]  ? class_to_subsys+0x10f/0x150
[  614.558555][T11270]  ? kobject_put+0xb9/0x640
[  614.558572][T11270]  ? _raw_spin_unlock+0x28/0x50
[  614.558592][T11270]  device_add+0x294/0x1950
[  614.558607][T11270]  ? __pfx_dev_set_name+0x10/0x10
[  614.558624][T11270]  ? __pfx_device_add+0x10/0x10
[  614.558639][T11270]  ? mgmt_send_event_skb+0x2fb/0x460
[  614.558659][T11270]  hci_conn_add_sysfs+0x1a3/0x260
[  614.558678][T11270]  le_conn_complete_evt+0x11cb/0x1f40
[  614.558698][T11270]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  614.558712][T11270]  ? __pfx_bt_warn+0x10/0x10
[  614.558733][T11270]  hci_le_conn_complete_evt+0x23c/0x3a0
[  614.558749][T11270]  ? skb_pull_data+0x15f/0x1e0
[  614.558777][T11270]  hci_le_meta_evt+0x34a/0x5f0
[  614.558795][T11270]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  614.558812][T11270]  hci_event_packet+0x682/0x11c0
[  614.558828][T11270]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  614.558845][T11270]  ? __pfx_hci_event_packet+0x10/0x10
[  614.558863][T11270]  ? kcov_remote_start+0x374/0x660
[  614.558877][T11270]  ? lockdep_hardirqs_on+0x78/0x100
[  614.558899][T11270]  hci_rx_work+0x451/0xfc0
[  614.558918][T11270]  process_one_work+0x9d7/0x1920
[  614.558960][T11270]  ? __pfx_process_one_work+0x10/0x10
[  614.558991][T11270]  ? __pfx_hci_rx_work+0x10/0x10
[  614.559008][T11270]  worker_thread+0x5da/0xe40
[  614.559035][T11270]  ? __pfx_worker_thread+0x10/0x10
[  614.559056][T11270]  ? kthread+0x13a/0x450
[  614.559074][T11270]  ? __pfx_worker_thread+0x10/0x10
[  614.559094][T11270]  kthread+0x370/0x450
[  614.559112][T11270]  ? __pfx_kthread+0x10/0x10
[  614.559132][T11270]  ret_from_fork+0x754/0xd80
[  614.559161][T11270]  ? __pfx_ret_from_fork+0x10/0x10
[  614.559186][T11270]  ? __switch_to+0x7b4/0x1120
[  614.559203][T11270]  ? __pfx_kthread+0x10/0x10
[  614.559223][T11270]  ret_from_fork_asm+0x1a/0x30
[  614.559249][T11270]  </TASK>
[  614.559350][T11270] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  614.870366][T10030] Bluetooth: hci3: command 0x0406 tx timeout
[  614.889947][T11270] Bluetooth: hci1: failed to register connection device
[  615.344631][T11270] Bluetooth: hci0: command 0x0406 tx timeout
[  615.664940][T10030] Bluetooth: hci1: command 0x0406 tx timeout
[  615.791747][T11270] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  616.145573][T11270] Bluetooth: hci2: command 0x0406 tx timeout
[  616.578858][T12037] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1197'.
[  616.951198][T10178] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 928 with max blocks 38 with error 117
[  616.972100][T11270] Bluetooth: hci3: command 0x0406 tx timeout
[  617.025498][T10178] EXT4-fs (sda1): This should not happen!! Data will be lost
[  617.025498][T10178] 
[  617.263210][T11270] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  617.746901][T11270] Bluetooth: hci1: command 0x0406 tx timeout
[  618.226308][T10083] Bluetooth: hci2: command 0x0406 tx timeout
[  618.650929][T11270] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  618.659235][T11270] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[  618.670944][T11270] CPU: 0 UID: 0 PID: 11270 Comm: kworker/u11:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  618.670969][T11270] Tainted: [L]=SOFTLOCKUP
[  618.670978][T11270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  618.670990][T11270] Workqueue: hci0 hci_rx_work
[  618.671010][T11270] Call Trace:
[  618.671016][T11270]  <TASK>
[  618.671021][T11270]  dump_stack_lvl+0x100/0x190
[  618.671047][T11270]  sysfs_warn_dup.cold+0x1c/0x28
[  618.671069][T11270]  sysfs_create_dir_ns+0x24b/0x2b0
[  618.671090][T11270]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  618.671108][T11270]  ? find_held_lock+0x2b/0x80
[  618.671123][T11270]  ? kobject_add_internal+0x25f/0x930
[  618.671143][T11270]  ? kobject_add_internal+0x25f/0x930
[  618.671166][T11270]  ? do_raw_spin_unlock+0x145/0x1e0
[  618.671190][T11270]  kobject_add_internal+0x2c8/0x930
[  618.671214][T11270]  kobject_add+0x16a/0x1e0
[  618.671242][T11270]  ? __pfx_kobject_add+0x10/0x10
[  618.671265][T11270]  ? class_to_subsys+0x10f/0x150
[  618.671285][T11270]  ? kobject_put+0xb9/0x640
[  618.671303][T11270]  ? _raw_spin_unlock+0x28/0x50
[  618.671323][T11270]  device_add+0x294/0x1950
[  618.671338][T11270]  ? __pfx_dev_set_name+0x10/0x10
[  618.671356][T11270]  ? __pfx_device_add+0x10/0x10
[  618.671371][T11270]  ? mgmt_send_event_skb+0x2fb/0x460
[  618.671392][T11270]  hci_conn_add_sysfs+0x1a3/0x260
[  618.671411][T11270]  le_conn_complete_evt+0x11cb/0x1f40
[  618.671433][T11270]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  618.671447][T11270]  ? __pfx_bt_warn+0x10/0x10
[  618.671468][T11270]  hci_le_conn_complete_evt+0x23c/0x3a0
[  618.671484][T11270]  ? skb_pull_data+0x15f/0x1e0
[  618.671509][T11270]  hci_le_meta_evt+0x34a/0x5f0
[  618.671525][T11270]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  618.671544][T11270]  hci_event_packet+0x682/0x11c0
[  618.671559][T11270]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  618.671576][T11270]  ? __pfx_hci_event_packet+0x10/0x10
[  618.671593][T11270]  ? kcov_remote_start+0x374/0x660
[  618.671607][T11270]  ? lockdep_hardirqs_on+0x78/0x100
[  618.671629][T11270]  hci_rx_work+0x451/0xfc0
[  618.671647][T11270]  process_one_work+0x9d7/0x1920
[  618.671676][T11270]  ? __pfx_process_one_work+0x10/0x10
[  618.671703][T11270]  ? __pfx_hci_rx_work+0x10/0x10
[  618.671719][T11270]  worker_thread+0x5da/0xe40
[  618.671744][T11270]  ? __pfx_worker_thread+0x10/0x10
[  618.671773][T11270]  ? kthread+0x13a/0x450
[  618.671791][T11270]  ? __pfx_worker_thread+0x10/0x10
[  618.671811][T11270]  kthread+0x370/0x450
[  618.671829][T11270]  ? __pfx_kthread+0x10/0x10
[  618.671850][T11270]  ret_from_fork+0x754/0xd80
[  618.671873][T11270]  ? __pfx_ret_from_fork+0x10/0x10
[  618.671895][T11270]  ? __switch_to+0x7b4/0x1120
[  618.671911][T11270]  ? __pfx_kthread+0x10/0x10
[  618.671931][T11270]  ret_from_fork_asm+0x1a/0x30
[  618.671957][T11270]  </TASK>
[  618.671979][T11270] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  618.993707][T11270] Bluetooth: hci0: failed to register connection device
[  619.031013][T11270] Bluetooth: hci3: command 0x0406 tx timeout
[  619.346747][T11270] Bluetooth: hci0: command 0x0406 tx timeout
[  619.452571][T11270] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  619.460485][T11270] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0'
[  619.470521][T11270] CPU: 0 UID: 0 PID: 11270 Comm: kworker/u11:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  619.470547][T11270] Tainted: [L]=SOFTLOCKUP
[  619.470552][T11270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  619.470562][T11270] Workqueue: hci1 hci_rx_work
[  619.470584][T11270] Call Trace:
[  619.470589][T11270]  <TASK>
[  619.470595][T11270]  dump_stack_lvl+0x100/0x190
[  619.470620][T11270]  sysfs_warn_dup.cold+0x1c/0x28
[  619.470642][T11270]  sysfs_create_dir_ns+0x24b/0x2b0
[  619.470662][T11270]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  619.470685][T11270]  ? find_held_lock+0x2b/0x80
[  619.470700][T11270]  ? kobject_add_internal+0x25f/0x930
[  619.470721][T11270]  ? kobject_add_internal+0x25f/0x930
[  619.470744][T11270]  ? do_raw_spin_unlock+0x145/0x1e0
[  619.470771][T11270]  kobject_add_internal+0x2c8/0x930
[  619.470795][T11270]  kobject_add+0x16a/0x1e0
[  619.470816][T11270]  ? __pfx_kobject_add+0x10/0x10
[  619.470834][T11270]  ? class_to_subsys+0x10f/0x150
[  619.470853][T11270]  ? kobject_put+0xb9/0x640
[  619.470871][T11270]  ? _raw_spin_unlock+0x28/0x50
[  619.470891][T11270]  device_add+0x294/0x1950
[  619.470906][T11270]  ? __pfx_dev_set_name+0x10/0x10
[  619.470924][T11270]  ? __pfx_device_add+0x10/0x10
[  619.470939][T11270]  ? mgmt_send_event_skb+0x2fb/0x460
[  619.470959][T11270]  hci_conn_add_sysfs+0x1a3/0x260
[  619.470978][T11270]  le_conn_complete_evt+0x11cb/0x1f40
[  619.470998][T11270]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  619.471012][T11270]  ? __pfx_bt_warn+0x10/0x10
[  619.471034][T11270]  hci_le_conn_complete_evt+0x23c/0x3a0
[  619.471050][T11270]  ? skb_pull_data+0x15f/0x1e0
[  619.471075][T11270]  hci_le_meta_evt+0x34a/0x5f0
[  619.471091][T11270]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  619.471110][T11270]  hci_event_packet+0x682/0x11c0
[  619.471125][T11270]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  619.471142][T11270]  ? __pfx_hci_event_packet+0x10/0x10
[  619.471159][T11270]  ? kcov_remote_start+0x374/0x660
[  619.471173][T11270]  ? lockdep_hardirqs_on+0x78/0x100
[  619.471208][T11270]  hci_rx_work+0x451/0xfc0
[  619.471228][T11270]  process_one_work+0x9d7/0x1920
[  619.471259][T11270]  ? __pfx_process_one_work+0x10/0x10
[  619.471285][T11270]  ? __pfx_hci_rx_work+0x10/0x10
[  619.471301][T11270]  worker_thread+0x5da/0xe40
[  619.471327][T11270]  ? __pfx_worker_thread+0x10/0x10
[  619.471347][T11270]  ? kthread+0x13a/0x450
[  619.471365][T11270]  ? __pfx_worker_thread+0x10/0x10
[  619.471384][T11270]  kthread+0x370/0x450
[  619.471401][T11270]  ? __pfx_kthread+0x10/0x10
[  619.471421][T11270]  ret_from_fork+0x754/0xd80
[  619.471444][T11270]  ? __pfx_ret_from_fork+0x10/0x10
[  619.471466][T11270]  ? __switch_to+0x7b4/0x1120
[  619.471482][T11270]  ? __pfx_kthread+0x10/0x10
[  619.471502][T11270]  ret_from_fork_asm+0x1a/0x30
[  619.471527][T11270]  </TASK>
[  619.471548][T11270] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  619.783438][T11270] Bluetooth: hci1: failed to register connection device
[  619.827651][T11270] Bluetooth: hci1: command 0x0406 tx timeout
[  621.027503][T10083] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  621.113240][T10083] Bluetooth: hci3: command 0x0406 tx timeout
[  621.429999][T11270] Bluetooth: hci0: command 0x0406 tx timeout
[  621.908395][T10083] Bluetooth: hci1: command 0x0406 tx timeout
[  622.658411][T10083] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  622.666792][T10083] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  622.677046][T10083] CPU: 0 UID: 0 PID: 10083 Comm: kworker/u11:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  622.677071][T10083] Tainted: [L]=SOFTLOCKUP
[  622.677077][T10083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  622.677087][T10083] Workqueue: hci2 hci_rx_work
[  622.677107][T10083] Call Trace:
[  622.677113][T10083]  <TASK>
[  622.677119][T10083]  dump_stack_lvl+0x100/0x190
[  622.677144][T10083]  sysfs_warn_dup.cold+0x1c/0x28
[  622.677165][T10083]  sysfs_create_dir_ns+0x24b/0x2b0
[  622.677186][T10083]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  622.677206][T10083]  ? find_held_lock+0x2b/0x80
[  622.677220][T10083]  ? kobject_add_internal+0x25f/0x930
[  622.677240][T10083]  ? kobject_add_internal+0x25f/0x930
[  622.677262][T10083]  ? do_raw_spin_unlock+0x145/0x1e0
[  622.677290][T10083]  kobject_add_internal+0x2c8/0x930
[  622.677314][T10083]  kobject_add+0x16a/0x1e0
[  622.677337][T10083]  ? __pfx_kobject_add+0x10/0x10
[  622.677360][T10083]  ? class_to_subsys+0x10f/0x150
[  622.677379][T10083]  ? kobject_put+0xb9/0x640
[  622.677397][T10083]  ? _raw_spin_unlock+0x28/0x50
[  622.677417][T10083]  device_add+0x294/0x1950
[  622.677441][T10083]  ? __pfx_dev_set_name+0x10/0x10
[  622.677460][T10083]  ? __pfx_device_add+0x10/0x10
[  622.677479][T10083]  ? mgmt_send_event_skb+0x2fb/0x460
[  622.677500][T10083]  hci_conn_add_sysfs+0x1a3/0x260
[  622.677519][T10083]  le_conn_complete_evt+0x11cb/0x1f40
[  622.677540][T10083]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  622.677554][T10083]  ? __pfx_bt_warn+0x10/0x10
[  622.677576][T10083]  hci_le_conn_complete_evt+0x23c/0x3a0
[  622.677593][T10083]  ? skb_pull_data+0x15f/0x1e0
[  622.677618][T10083]  hci_le_meta_evt+0x34a/0x5f0
[  622.677634][T10083]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  622.677653][T10083]  hci_event_packet+0x682/0x11c0
[  622.677669][T10083]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  622.677687][T10083]  ? __pfx_hci_event_packet+0x10/0x10
[  622.677714][T10083]  ? kcov_remote_start+0x374/0x660
[  622.677730][T10083]  ? lockdep_hardirqs_on+0x78/0x100
[  622.677753][T10083]  hci_rx_work+0x451/0xfc0
[  622.677778][T10083]  process_one_work+0x9d7/0x1920
[  622.677808][T10083]  ? __pfx_process_one_work+0x10/0x10
[  622.677835][T10083]  ? __pfx_hci_rx_work+0x10/0x10
[  622.677852][T10083]  worker_thread+0x5da/0xe40
[  622.677878][T10083]  ? __pfx_worker_thread+0x10/0x10
[  622.677899][T10083]  ? kthread+0x13a/0x450
[  622.677917][T10083]  ? __pfx_worker_thread+0x10/0x10
[  622.677938][T10083]  kthread+0x370/0x450
[  622.677956][T10083]  ? __pfx_kthread+0x10/0x10
[  622.677975][T10083]  ret_from_fork+0x754/0xd80
[  622.677998][T10083]  ? __pfx_ret_from_fork+0x10/0x10
[  622.678020][T10083]  ? __switch_to+0x7b4/0x1120
[  622.678036][T10083]  ? __pfx_kthread+0x10/0x10
[  622.678056][T10083]  ret_from_fork_asm+0x1a/0x30
[  622.678082][T10083]  </TASK>
[  622.678103][T10083] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  622.983137][T10083] Bluetooth: hci2: failed to register connection device
[  623.203796][T10083] Bluetooth: hci3: command 0x0406 tx timeout
[  623.509834][T11353] Bluetooth: hci0: command 0x0406 tx timeout
[  624.000938][T10030] Bluetooth: hci1: command 0x0406 tx timeout
[  624.321013][T12140] binder: 12133:12140 ioctl c018620c 0 returned -1
[  624.636010][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  624.643438][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  624.856107][T10030] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  625.029487][T11270] Bluetooth: hci2: command 0x0406 tx timeout
[  625.274471][T10030] Bluetooth: hci3: command 0x0406 tx timeout
[  625.589833][T10083] Bluetooth: hci0: command 0x0406 tx timeout
[  626.070179][T11353] Bluetooth: hci1: command 0x0406 tx timeout
[  626.492479][T11306] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  626.500572][T11306] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  626.509929][T11306] CPU: 0 UID: 0 PID: 11306 Comm: kworker/u11:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  626.509956][T11306] Tainted: [L]=SOFTLOCKUP
[  626.509962][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  626.509974][T11306] Workqueue: hci2 hci_rx_work
[  626.510001][T11306] Call Trace:
[  626.510009][T11306]  <TASK>
[  626.510016][T11306]  dump_stack_lvl+0x100/0x190
[  626.510166][T11306]  sysfs_warn_dup.cold+0x1c/0x28
[  626.510190][T11306]  sysfs_create_dir_ns+0x24b/0x2b0
[  626.510220][T11306]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  626.510239][T11306]  ? find_held_lock+0x2b/0x80
[  626.510255][T11306]  ? kobject_add_internal+0x25f/0x930
[  626.510277][T11306]  ? kobject_add_internal+0x25f/0x930
[  626.510299][T11306]  ? do_raw_spin_unlock+0x145/0x1e0
[  626.510321][T11306]  kobject_add_internal+0x2c8/0x930
[  626.510346][T11306]  kobject_add+0x16a/0x1e0
[  626.510366][T11306]  ? __pfx_kobject_add+0x10/0x10
[  626.510385][T11306]  ? class_to_subsys+0x10f/0x150
[  626.510406][T11306]  ? kobject_put+0xb9/0x640
[  626.510424][T11306]  ? _raw_spin_unlock+0x28/0x50
[  626.510446][T11306]  device_add+0x294/0x1950
[  626.510461][T11306]  ? __pfx_dev_set_name+0x10/0x10
[  626.510481][T11306]  ? __pfx_device_add+0x10/0x10
[  626.510496][T11306]  ? mgmt_send_event_skb+0x2fb/0x460
[  626.510517][T11306]  hci_conn_add_sysfs+0x1a3/0x260
[  626.510536][T11306]  le_conn_complete_evt+0x11cb/0x1f40
[  626.510556][T11306]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  626.510570][T11306]  ? __pfx_bt_warn+0x10/0x10
[  626.510600][T11306]  hci_le_conn_complete_evt+0x23c/0x3a0
[  626.510617][T11306]  ? skb_pull_data+0x15f/0x1e0
[  626.510645][T11306]  hci_le_meta_evt+0x34a/0x5f0
[  626.510663][T11306]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  626.510682][T11306]  hci_event_packet+0x682/0x11c0
[  626.510698][T11306]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  626.510716][T11306]  ? __pfx_hci_event_packet+0x10/0x10
[  626.510734][T11306]  ? kcov_remote_start+0x374/0x660
[  626.510749][T11306]  ? lockdep_hardirqs_on+0x78/0x100
[  626.510771][T11306]  hci_rx_work+0x451/0xfc0
[  626.510790][T11306]  process_one_work+0x9d7/0x1920
[  626.510819][T11306]  ? __pfx_process_one_work+0x10/0x10
[  626.510845][T11306]  ? __pfx_hci_rx_work+0x10/0x10
[  626.510862][T11306]  worker_thread+0x5da/0xe40
[  626.510887][T11306]  ? __pfx_worker_thread+0x10/0x10
[  626.510913][T11306]  ? kthread+0x13a/0x450
[  626.510932][T11306]  ? __pfx_worker_thread+0x10/0x10
[  626.510952][T11306]  kthread+0x370/0x450
[  626.510971][T11306]  ? __pfx_kthread+0x10/0x10
[  626.510991][T11306]  ret_from_fork+0x754/0xd80
[  626.511014][T11306]  ? __pfx_ret_from_fork+0x10/0x10
[  626.511037][T11306]  ? __switch_to+0x7b4/0x1120
[  626.511060][T11306]  ? __pfx_kthread+0x10/0x10
[  626.511081][T11306]  ret_from_fork_asm+0x1a/0x30
[  626.511109][T11306]  </TASK>
[  627.103184][T11306] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  627.118870][T11306] Bluetooth: hci2: failed to register connection device
[  627.127921][T11306] Bluetooth: hci2: command 0x0406 tx timeout
[  627.355776][T11306] Bluetooth: hci3: command 0x0406 tx timeout
[  627.670717][T11306] Bluetooth: hci0: command 0x0406 tx timeout
[  627.753849][T11306] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  627.763050][T11306] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  627.773574][T11306] CPU: 0 UID: 0 PID: 11306 Comm: kworker/u11:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  627.773601][T11306] Tainted: [L]=SOFTLOCKUP
[  627.773607][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  627.773618][T11306] Workqueue: hci2 hci_rx_work
[  627.773638][T11306] Call Trace:
[  627.773644][T11306]  <TASK>
[  627.773650][T11306]  dump_stack_lvl+0x100/0x190
[  627.773676][T11306]  sysfs_warn_dup.cold+0x1c/0x28
[  627.773699][T11306]  sysfs_create_dir_ns+0x24b/0x2b0
[  627.773720][T11306]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  627.773739][T11306]  ? find_held_lock+0x2b/0x80
[  627.773753][T11306]  ? kobject_add_internal+0x25f/0x930
[  627.773774][T11306]  ? kobject_add_internal+0x25f/0x930
[  627.773796][T11306]  ? do_raw_spin_unlock+0x145/0x1e0
[  627.773819][T11306]  kobject_add_internal+0x2c8/0x930
[  627.773843][T11306]  kobject_add+0x16a/0x1e0
[  627.773864][T11306]  ? __pfx_kobject_add+0x10/0x10
[  627.773883][T11306]  ? class_to_subsys+0x10f/0x150
[  627.773902][T11306]  ? kobject_put+0xb9/0x640
[  627.773919][T11306]  ? _raw_spin_unlock+0x28/0x50
[  627.773949][T11306]  device_add+0x294/0x1950
[  627.773965][T11306]  ? __pfx_dev_set_name+0x10/0x10
[  627.773983][T11306]  ? __pfx_device_add+0x10/0x10
[  627.773998][T11306]  ? mgmt_send_event_skb+0x2fb/0x460
[  627.774020][T11306]  hci_conn_add_sysfs+0x1a3/0x260
[  627.774040][T11306]  le_conn_complete_evt+0x11cb/0x1f40
[  627.774060][T11306]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  627.774074][T11306]  ? __pfx_bt_warn+0x10/0x10
[  627.774095][T11306]  hci_le_conn_complete_evt+0x23c/0x3a0
[  627.774112][T11306]  ? skb_pull_data+0x15f/0x1e0
[  627.774136][T11306]  hci_le_meta_evt+0x34a/0x5f0
[  627.774153][T11306]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  627.774172][T11306]  hci_event_packet+0x682/0x11c0
[  627.774187][T11306]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  627.774205][T11306]  ? __pfx_hci_event_packet+0x10/0x10
[  627.774222][T11306]  ? kcov_remote_start+0x374/0x660
[  627.774238][T11306]  ? lockdep_hardirqs_on+0x78/0x100
[  627.774260][T11306]  hci_rx_work+0x451/0xfc0
[  627.774279][T11306]  process_one_work+0x9d7/0x1920
[  627.774308][T11306]  ? __pfx_process_one_work+0x10/0x10
[  627.774335][T11306]  ? __pfx_hci_rx_work+0x10/0x10
[  627.774351][T11306]  worker_thread+0x5da/0xe40
[  627.774376][T11306]  ? __pfx_worker_thread+0x10/0x10
[  627.774397][T11306]  ? kthread+0x13a/0x450
[  627.774415][T11306]  ? __pfx_worker_thread+0x10/0x10
[  627.774434][T11306]  kthread+0x370/0x450
[  627.774452][T11306]  ? __pfx_kthread+0x10/0x10
[  627.774471][T11306]  ret_from_fork+0x754/0xd80
[  627.774494][T11306]  ? __pfx_ret_from_fork+0x10/0x10
[  627.774522][T11306]  ? __switch_to+0x7b4/0x1120
[  627.774539][T11306]  ? __pfx_kthread+0x10/0x10
[  627.774560][T11306]  ret_from_fork_asm+0x1a/0x30
[  627.774587][T11306]  </TASK>
[  627.774610][T11306] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  628.105373][T11306] Bluetooth: hci2: failed to register connection device
[  628.151711][T10083] Bluetooth: hci1: command 0x0406 tx timeout
[  629.191926][T10083] Bluetooth: hci2: command 0x0406 tx timeout
[  629.436802][T10083] Bluetooth: hci3: command 0x0406 tx timeout
[  629.753816][T10083] Bluetooth: hci0: command 0x0406 tx timeout
[  631.273091][T10083] Bluetooth: hci2: command 0x0406 tx timeout
[  631.514654][T10083] Bluetooth: hci3: command 0x0406 tx timeout
[  633.130527][T10083] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  633.139446][T10083] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  633.149091][T10083] CPU: 0 UID: 0 PID: 10083 Comm: kworker/u11:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  633.149118][T10083] Tainted: [L]=SOFTLOCKUP
[  633.149124][T10083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  633.149136][T10083] Workqueue: hci2 hci_rx_work
[  633.149157][T10083] Call Trace:
[  633.149164][T10083]  <TASK>
[  633.149171][T10083]  dump_stack_lvl+0x100/0x190
[  633.149197][T10083]  sysfs_warn_dup.cold+0x1c/0x28
[  633.149219][T10083]  sysfs_create_dir_ns+0x24b/0x2b0
[  633.149241][T10083]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  633.149260][T10083]  ? find_held_lock+0x2b/0x80
[  633.149274][T10083]  ? kobject_add_internal+0x25f/0x930
[  633.149295][T10083]  ? kobject_add_internal+0x25f/0x930
[  633.149321][T10083]  ? do_raw_spin_unlock+0x145/0x1e0
[  633.149343][T10083]  kobject_add_internal+0x2c8/0x930
[  633.149367][T10083]  kobject_add+0x16a/0x1e0
[  633.149388][T10083]  ? __pfx_kobject_add+0x10/0x10
[  633.149407][T10083]  ? class_to_subsys+0x10f/0x150
[  633.149426][T10083]  ? kobject_put+0xb9/0x640
[  633.149451][T10083]  ? _raw_spin_unlock+0x28/0x50
[  633.149472][T10083]  device_add+0x294/0x1950
[  633.149488][T10083]  ? __pfx_dev_set_name+0x10/0x10
[  633.149506][T10083]  ? __pfx_device_add+0x10/0x10
[  633.149521][T10083]  ? mgmt_send_event_skb+0x2fb/0x460
[  633.149543][T10083]  hci_conn_add_sysfs+0x1a3/0x260
[  633.149562][T10083]  le_conn_complete_evt+0x11cb/0x1f40
[  633.149582][T10083]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  633.149596][T10083]  ? __pfx_bt_warn+0x10/0x10
[  633.149617][T10083]  hci_le_conn_complete_evt+0x23c/0x3a0
[  633.149634][T10083]  ? skb_pull_data+0x15f/0x1e0
[  633.149659][T10083]  hci_le_meta_evt+0x34a/0x5f0
[  633.149675][T10083]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  633.149694][T10083]  hci_event_packet+0x682/0x11c0
[  633.149709][T10083]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  633.149727][T10083]  ? __pfx_hci_event_packet+0x10/0x10
[  633.149748][T10083]  ? kcov_remote_start+0x374/0x660
[  633.149762][T10083]  ? lockdep_hardirqs_on+0x78/0x100
[  633.149785][T10083]  hci_rx_work+0x451/0xfc0
[  633.149808][T10083]  process_one_work+0x9d7/0x1920
[  633.149837][T10083]  ? __pfx_process_one_work+0x10/0x10
[  633.149864][T10083]  ? __pfx_hci_rx_work+0x10/0x10
[  633.149881][T10083]  worker_thread+0x5da/0xe40
[  633.149908][T10083]  ? __pfx_worker_thread+0x10/0x10
[  633.149930][T10083]  ? kthread+0x13a/0x450
[  633.149948][T10083]  ? __pfx_worker_thread+0x10/0x10
[  633.149966][T10083]  kthread+0x370/0x450
[  633.149984][T10083]  ? __pfx_kthread+0x10/0x10
[  633.150004][T10083]  ret_from_fork+0x754/0xd80
[  633.150027][T10083]  ? __pfx_ret_from_fork+0x10/0x10
[  633.150050][T10083]  ? __switch_to+0x7b4/0x1120
[  633.150066][T10083]  ? __pfx_kthread+0x10/0x10
[  633.150085][T10083]  ret_from_fork_asm+0x1a/0x30
[  633.150112][T10083]  </TASK>
[  633.150237][T10083] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  633.460069][T10083] Bluetooth: hci2: failed to register connection device
[  633.469854][T10083] Bluetooth: hci2: command 0x0406 tx timeout
[  634.234112][   T31] INFO: task kworker/u8:7:1006 blocked for more than 143 seconds.
[  634.258007][   T31]       Tainted: G             L      syzkaller #0
[  634.283591][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  634.319374][   T31] task:kworker/u8:7    state:D stack:23480 pid:1006  tgid:1006  ppid:2      task_flags:0x4208160 flags:0x00080000
[  634.362554][   T31] Workqueue: netns cleanup_net
[  634.389463][   T31] Call Trace:
[  634.404555][   T31]  <TASK>
[  634.418586][   T31]  __schedule+0xfee/0x6120
[  634.449224][   T31]  ? __lock_acquire+0x4a5/0x2630
[  634.472084][   T31]  ? __pfx___schedule+0x10/0x10
[  634.489052][   T31]  ? find_held_lock+0x2b/0x80
[  634.504989][   T31]  ? schedule+0x2bf/0x390
[  634.519445][   T31]  schedule+0xdd/0x390
[  634.533876][   T31]  schedule_timeout+0x1b2/0x280
[  634.546848][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  634.563055][   T31]  ? mark_held_locks+0x40/0x70
[  634.573981][   T31]  __wait_for_common+0x2e7/0x4c0
[  634.585317][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  634.598669][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  634.611460][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  634.622675][   T31]  ? flush_workqueue_prep_pwqs+0x2e9/0x510
[  634.641864][   T31]  __flush_workqueue+0x3f7/0x1200
[  634.652725][   T31]  ? __lock_acquire+0x4a5/0x2630
[  634.666846][   T31]  ? __lock_acquire+0x4a5/0x2630
[  634.678631][   T31]  ? __pfx___flush_workqueue+0x10/0x10
[  634.691125][   T31]  ? reacquire_held_locks+0xce/0x1e0
[  634.703456][   T31]  ? __pfx_sock_def_readable+0x10/0x10
[  634.716649][   T31]  ? __pfx_sock_def_readable+0x10/0x10
[  634.731528][   T31]  rds_tcp_listen_stop+0x104/0x160
[  634.744733][   T31]  rds_tcp_exit_net+0xe0/0x870
[  634.755457][   T31]  ? __pfx_rds_tcp_exit_net+0x10/0x10
[  634.767821][   T31]  ? __pfx___might_resched+0x10/0x10
[  634.783343][   T31]  ? __pfx_rds_tcp_exit_net+0x10/0x10
[  634.795866][   T31]  ops_undo_list+0x2ee/0xab0
[  634.806940][   T31]  ? __pfx_ops_undo_list+0x10/0x10
[  634.819237][   T31]  ? cleanup_net+0x332/0x920
[  634.830051][   T31]  ? idr_destroy+0x62/0x2e0
[  634.840992][   T31]  cleanup_net+0x499/0x920
[  634.851598][   T31]  ? __pfx_cleanup_net+0x10/0x10
[  634.863694][   T31]  ? rcu_is_watching+0x12/0xc0
[  634.876780][   T31]  process_one_work+0x9d7/0x1920
[  634.889553][   T31]  ? __pfx_process_one_work+0x10/0x10
[  634.902077][   T31]  ? __pfx_cleanup_net+0x10/0x10
[  634.916645][   T31]  worker_thread+0x5da/0xe40
[  634.929287][   T31]  ? __pfx_worker_thread+0x10/0x10
[  634.941444][   T31]  ? kthread+0x13a/0x450
[  634.946117][   T31]  ? __pfx_worker_thread+0x10/0x10
[  634.951400][   T31]  kthread+0x370/0x450
[  634.956245][   T31]  ? __pfx_kthread+0x10/0x10
[  634.961249][   T31]  ret_from_fork+0x754/0xd80
[  634.966384][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  634.971668][   T31]  ? __switch_to+0x7b4/0x1120
[  634.977447][   T31]  ? __pfx_kthread+0x10/0x10
[  634.983382][   T31]  ret_from_fork_asm+0x1a/0x30
[  634.992288][   T31]  </TASK>
[  635.001353][   T31] 
[  635.001353][   T31] Showing all locks held in the system:
[  635.018840][   T31] 1 lock held by khungtaskd/31:
[  635.040145][   T31]  #0: ffffffff8e7e7460 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184
[  635.056164][   T31] 3 locks held by kworker/u8:7/1006:
[  635.061690][   T31]  #0: ffff88801c6ae948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920
[  635.072879][   T31]  #1: ffffc9000464fd08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920
[  635.084553][   T31]  #2: ffffffff905fad50 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920
[  635.094197][   T31] 3 locks held by kworker/u11:4/11270:
[  635.100890][   T31]  #0: ffff888038644148 ((wq_completion)hci2){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920
[  635.114649][   T31]  #1: ffffc90005237d08 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920
[  635.127283][   T31]  #2: ffff8880260f4ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470
[  635.137847][   T31] 
[  635.140556][   T31] =============================================
[  635.140556][   T31] 
[  635.152259][   T31] NMI backtrace for cpu 0
[  635.152274][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  635.152295][   T31] Tainted: [L]=SOFTLOCKUP
[  635.152300][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  635.152311][   T31] Call Trace:
[  635.152317][   T31]  <TASK>
[  635.152322][   T31]  dump_stack_lvl+0x100/0x190
[  635.152350][   T31]  nmi_cpu_backtrace.cold+0x12d/0x151
[  635.152377][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  635.152429][   T31]  nmi_trigger_cpumask_backtrace+0x1d7/0x230
[  635.152455][   T31]  sys_info+0x141/0x190
[  635.152476][   T31]  watchdog+0xd25/0x1050
[  635.152496][   T31]  ? __pfx_watchdog+0x10/0x10
[  635.152511][   T31]  ? __kthread_parkme+0x18c/0x230
[  635.152529][   T31]  ? kthread+0x13a/0x450
[  635.152548][   T31]  ? __pfx_watchdog+0x10/0x10
[  635.152561][   T31]  kthread+0x370/0x450
[  635.152578][   T31]  ? __pfx_kthread+0x10/0x10
[  635.152598][   T31]  ret_from_fork+0x754/0xd80
[  635.152620][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  635.152643][   T31]  ? __switch_to+0x7b4/0x1120
[  635.152659][   T31]  ? __pfx_kthread+0x10/0x10
[  635.152678][   T31]  ret_from_fork_asm+0x1a/0x30
[  635.152703][   T31]  </TASK>
[  635.285579][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  635.292782][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  635.304197][   T31] Tainted: [L]=SOFTLOCKUP
[  635.308718][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  635.319045][   T31] Call Trace:
[  635.322491][   T31]  <TASK>
[  635.325519][   T31]  dump_stack_lvl+0x100/0x190
[  635.330295][   T31]  vpanic+0x552/0x970
[  635.334680][   T31]  ? __pfx_vpanic+0x10/0x10
[  635.339358][   T31]  ? nmi_trigger_cpumask_backtrace+0x182/0x230
[  635.345611][   T31]  panic+0xd1/0xe0
[  635.349506][   T31]  ? __pfx_panic+0x10/0x10
[  635.354197][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b5/0x230
[  635.360474][   T31]  ? nmi_trigger_cpumask_backtrace+0x1f6/0x230
[  635.367025][   T31]  ? nmi_trigger_cpumask_backtrace+0x200/0x230
[  635.373643][   T31]  ? watchdog.cold+0x198/0x1ca
[  635.378690][   T31]  ? watchdog+0xd35/0x1050
[  635.383226][   T31]  watchdog.cold+0x1a9/0x1ca
[  635.388000][   T31]  ? __pfx_watchdog+0x10/0x10
[  635.393021][   T31]  ? __kthread_parkme+0x18c/0x230
[  635.398158][   T31]  ? kthread+0x13a/0x450
[  635.402493][   T31]  ? __pfx_watchdog+0x10/0x10
[  635.407366][   T31]  kthread+0x370/0x450
[  635.411626][   T31]  ? __pfx_kthread+0x10/0x10
[  635.416601][   T31]  ret_from_fork+0x754/0xd80
[  635.421318][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  635.426909][   T31]  ? __switch_to+0x7b4/0x1120
[  635.431885][   T31]  ? __pfx_kthread+0x10/0x10
[  635.437026][   T31]  ret_from_fork_asm+0x1a/0x30
[  635.441989][   T31]  </TASK>
[  635.445343][   T31] Kernel Offset: disabled
[  635.449670][   T31] Rebooting in 86400 seconds..