last executing test programs:

2m55.459343222s ago: executing program 3 (id=1253):
socket(0x10, 0x3, 0xfffffffa)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2020085, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x100)
r0 = socket(0x1d, 0x2, 0x7)
r1 = socket(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r2=>0x0})
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x7, 0xf, 0x1, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
ioctl$auto(0x4000000000000c8, 0x400454d8, 0x3)
bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2}, 0x6a)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$auto_KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x489, 0x400, 0x9}]})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r4=>0x0})
connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r4}, 0x18)
sendmmsg$auto(0x3, 0x0, 0x9a4, 0xffff)

2m54.798422595s ago: executing program 3 (id=1258):
mmap$auto(0x0, 0xd, 0x2, 0x40ebe, 0xffffffffffffffff, 0x308000000000)
r0 = ioctl$auto_TIOCGPTPEER2(0xffffffffffffffff, 0x5441, 0x0)
syz_genetlink_get_family_id$auto_l2tp(0x0, r0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/platform/vivid.0/video4linux/video55/power/control\x00', 0x5d1500, 0x0)
close_range$auto(0x2, 0x8, 0x0)
unshare$auto(0x40000080)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyr1\x00', 0x80200, 0x0)
r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800)
madvise$auto(0x0, 0xff7fffffffff0001, 0x15)
close_range$auto(r2, 0x8, 0x0)
ioctl$auto_TIOCMGET(r1, 0x5415, &(0x7f0000000240)="8c138e73727869c37e2acac4cbc59e67e0a89f4da083ec710956a8173e9d7143ba1ecb9d37fd8722c3f8c176c1cd150b4f6f866a34e2520e27f58a19e206acd35cb910742d280916f3650bf401e1f2bdd73929a3210e1f216ce5179acff73330045a851373ef9915a21c09ce72ec04c574ca")
openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000200), r6)
sendmsg$auto_OVS_VPORT_CMD_SET(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)={0x2c, 0x0, 0x20, 0x70bd2b, 0x25dfdbff, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}, @OVS_VPORT_ATTR_NAME={0x13, 0x3, 'MAC80211_HWSIM\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8854}, 0x10)
sendmsg$auto_OVS_VPORT_CMD_DEL(r4, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)={&(0x7f0000000100)={0x80, r7, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@OVS_VPORT_ATTR_STATS={0x44, 0x6, {0x5, 0x7f, 0x0, 0x6, 0x7fffffff, 0x7, 0x2cf6, 0x7}}, @OVS_VPORT_ATTR_NETNSID={0x8, 0x9, 0x10}, @OVS_VPORT_ATTR_NAME={0xe, 0x3, '/#,\\\\/:!\xf2\x00'}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0x4}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0x6}]}, 0x80}}, 0x10)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
r8 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r8, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0)
socket(0x6, 0x1, 0x3ad2dd5)

2m53.501818034s ago: executing program 3 (id=1262):
read$auto(0xffffffffffffffff, 0x0, 0x4)
socket(0x11, 0x80003, 0x300)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000080), 0x44840, 0x0)
fanotify_mark$auto(0xffffffffffffffff, 0x80, 0x5e50ee86, 0xffffffffffffffff, 0x0)
openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x20500, 0x0)
r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408)
write$auto(r0, 0x0, 0xfffffdf1)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
migrate_pages$auto(0x0, 0xa, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0x1, 0x1, 0x84)
setsockopt$auto(0x3, 0x10000000084, 0x87e9, 0x0, 0x20)
unshare$auto(0x40000080)
r1 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/mac80211_hwsim/hwsim13\x00', 0x82000, 0x0)
ioctl$auto_BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f00000001c0)=0x1)
socket(0x2, 0x3, 0xa)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x6, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f00000000c0)={{0x0, 0x6, 0x0, 0xa7, &(0x7f00000001c0)="5bd951c8", 0x8000, 0x1}, 0x8}, 0xc7, 0x5)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x9, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0)
linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', 0x0, 0x7, 0x0)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0)
mprotect$auto(0x0, 0x8000000000000001, 0x8)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/net/rpc/auth.rpcsec.context/channel\x00', 0xc8841, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)

2m52.348999193s ago: executing program 3 (id=1265):
r0 = open$auto(&(0x7f0000000000)='./file0\x00', 0xe, 0xa)
setns$auto(r0, 0x99b2) (async)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/pci0000:00/0000:00:01.3/local_cpus\x00', 0x400, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000280)=""/175, 0xaf)

2m52.224125751s ago: executing program 0 (id=1267):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa0001, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
read$auto(0xffffffffffffffff, 0x0, 0x4)
sendmsg$auto_NFC_CMD_VENDOR(0xffffffffffffffff, 0x0, 0x845)
mmap$auto(0x0, 0x202000b, 0xfffffffffffffffe, 0xeb1, 0xffffffffffffffff, 0x8000)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x204880, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101200, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r2)
ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae90, &(0x7f00000001c0)={0xde31})
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x100040, 0x0)
userfaultfd$auto(0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
epoll_create$auto(0x4)
socket(0x2, 0x1, 0x106)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D2\x00', 0x1, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000080)=""/58, 0x3a)
r4 = openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x2000, 0x0)
ioctl$auto_FIONREAD(r4, 0x541b, 0x0)
select$auto(0xa, 0x0, 0x0, &(0x7f00000002c0)={[0x1fd, 0x9, 0xd3e, 0x3, 0x949b, 0x2, 0x95f4da0a, 0x7f3, 0x79, 0x8000000000000001, 0x2a61, 0x14, 0x8, 0x1209, 0xe09, 0x4]}, 0x0)
write$auto(r3, &(0x7f0000000400)=' \x00\x00\x00\xf7\xff\xff\xff\xff\xff\xff\xff', 0x100000a3d9)
select$auto(0x12, 0x0, 0x0, &(0x7f00000002c0)={[0x1fa, 0xfffffffffffffffe, 0x8f, 0x3, 0x9487, 0x8, 0x15f4da09, 0x0, 0xfffffffffffffff7, 0x20000000000005e, 0x6, 0x1040000000000007, 0x6d41, 0x3, 0x7, 0x7]}, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40ebf, 0x401, 0x300020000000)

2m52.172659724s ago: executing program 3 (id=1268):
mmap$auto(0x0, 0xd, 0x2, 0x40ebe, 0xffffffffffffffff, 0x308000000000)
r0 = ioctl$auto_TIOCGPTPEER2(0xffffffffffffffff, 0x5441, 0x0)
syz_genetlink_get_family_id$auto_l2tp(0x0, r0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/platform/vivid.0/video4linux/video55/power/control\x00', 0x5d1500, 0x0)
close_range$auto(0x2, 0x8, 0x0)
unshare$auto(0x40000080)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyr1\x00', 0x80200, 0x0)
r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800)
madvise$auto(0x0, 0xff7fffffffff0001, 0x15)
close_range$auto(r2, 0x8, 0x0)
ioctl$auto_TIOCMGET(r1, 0x5415, &(0x7f0000000240)="8c138e73727869c37e2acac4cbc59e67e0a89f4da083ec710956a8173e9d7143ba1ecb9d37fd8722c3f8c176c1cd150b4f6f866a34e2520e27f58a19e206acd35cb910742d280916f3650bf401e1f2bdd73929a3210e1f216ce5179acff73330045a851373ef9915a21c09ce72ec04c574ca")
openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000200), r6)
sendmsg$auto_OVS_VPORT_CMD_SET(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)={0x2c, 0x0, 0x20, 0x70bd2b, 0x25dfdbff, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}, @OVS_VPORT_ATTR_NAME={0x13, 0x3, 'MAC80211_HWSIM\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8854}, 0x10)
sendmsg$auto_OVS_VPORT_CMD_DEL(r4, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)={&(0x7f0000000100)={0x80, r7, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@OVS_VPORT_ATTR_STATS={0x44, 0x6, {0x5, 0x7f, 0x0, 0x6, 0x7fffffff, 0x7, 0x2cf6, 0x7}}, @OVS_VPORT_ATTR_NETNSID={0x8, 0x9, 0x10}, @OVS_VPORT_ATTR_NAME={0xe, 0x3, '/#,\\\\/:!\xf2\x00'}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0x4}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0x6}]}, 0x80}}, 0x10)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
r8 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r8, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0)
socket(0x6, 0x1, 0x3ad2dd5)

2m51.094860304s ago: executing program 0 (id=1272):
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x1, 0x84)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000580)='/sys/devices/virtual/mac80211_hwsim/hwsim1/net/wlan1/phys_port_id\x00', 0x100b02, 0x0)
sendfile$auto(r0, r0, 0x0, 0x0)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
r2 = fcntl$auto_F_DUPFD_CLOEXEC(r1, 0x406, r1)
ioctl$auto_EVIOCGMASK(r2, 0x80104592, &(0x7f0000000040)={0xff800000, 0x144, 0x8})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000640), r3)
mmap$auto(0x2, 0x3, 0xdf, 0x9b70, 0xffffffffffffffff, 0x8000)
read$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x381000, 0x0)
r5 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x302, 0x0)
ioctl$auto_VHOST_SET_OWNER(r5, 0xaf01, 0x5)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3, 0x24, 0x1001, 0x1, 0x717e, 0x0, 0x7, 0xf6b, 0xd, 0x2, 0x4080001, 0x4, 0x1ffffffffff9, 0x224a, 0x2, 0x7, 0x6, 0x7f, 0x3ff, 0x2, 0xa, 0x4, 0x200, 0x6, 0x84, 0x3, 0x0, 0x0, 0x4, 0xfffffffc, [0x2, 0x0, 0x10000000000000, 0x4002401, 0x0, 0x7, 0x8, 0xffffffff80000000, 0x0, 0x42, 0xfffffffffffffffe, 0x3, 0x0, 0x80000000000000, 0x8, 0x4, 0x400, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x668, 0x0, 0xfffffffffffffffd, 0x0, 0x5, 0x14, 0x0, 0x4, 0x0, 0x0, 0xfffffffffffffffc, 0x83, 0x400, 0x6, 0x0, 0x0, 0x7, 0x6, 0xffffffffffffffff, 0x2]}, 0x200000001fe, 0xd)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/ati_remote2/parameters/mode_mask\x00', 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000140)=""/33, 0x21)
r7 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000003c0), 0x1541, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r7, 0xfffffffffffffd01, &(0x7f00000001c0))
ioctl$auto(r5, 0x4008af23, r4)
r8 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0)
ioctl$auto_PROCMAP_QUERY(r8, 0xc0686611, &(0x7f0000000080)={0x17, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x7f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x9})
r9 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/pid_for_children\x00')
ioctl$auto(r9, 0x8004b706, 0x1)
ioctl$auto_SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000400)="1da207e1a0b3cc1768fe4e1f2e93c8e4e49cb7ed41c3a254302c78b69c3c164c158f81b4503787864da5d4f9dd56b854313062a27026e9f19190e0b6ad8b5aa7588d043fa144048f46ad70b4934ae596c45c3c7a49c717bef477acedd82f2798ccaf2b0b1505cb2ceaf6f8b9a7d2f42164b8f97ae033f6ba28f4361e5561af6ff16d1f87b8b314b6819839fe03af94fc5ecb9c45bfc43ef4fe49ad87f32e49f7dc29370d3c0b3ae2dbbe20e8a44624eb42db929c86a85fd7d600f8")
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_ETHTOOL_MSG_PLCA_SET_CFG(r10, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000001040)=ANY=[@ANYBLOB="ff070000", @ANYRES16, @ANYBLOB="01002cbd7000fddbdf2528000000080007000000"], 0x1c}, 0x1, 0x6000, 0x0, 0x1}, 0x20008800)
ioctl$auto_BLKRRPART(r1, 0x125f, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

2m50.852501899s ago: executing program 0 (id=1274):
socket(0x21, 0x2, 0x2)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socket(0x1, 0xa, 0x0)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, 0x0, 0x58)
r0 = prctl$auto(0x3e, 0x2, 0x0, 0x1, 0x8e)
mmap$auto(0xfffffffffffffffe, 0xe983, 0xdb, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r1, 0x0, 0x10001)
r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r2, &(0x7f0000000240)={0x0, 0x7}, 0x2)
socket(0xa, 0x801, 0x84)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000004240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c8c8}, 0x40080)
setfsuid$auto(0xee00)
sendmsg$auto_IPVS_CMD_GET_SERVICE(r0, 0x0, 0x24048096)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0)

2m50.170086502s ago: executing program 0 (id=1275):
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x1, 0x84)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000580)='/sys/devices/virtual/mac80211_hwsim/hwsim1/net/wlan1/phys_port_id\x00', 0x100b02, 0x0)
sendfile$auto(r0, r0, 0x0, 0x0)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
r2 = fcntl$auto_F_DUPFD_CLOEXEC(r1, 0x406, r1)
ioctl$auto_EVIOCGMASK(r2, 0x80104592, &(0x7f0000000040)={0xff800000, 0x144, 0x8})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000640), r3)
mmap$auto(0x2, 0x3, 0xdf, 0x9b70, 0xffffffffffffffff, 0x8000)
read$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x381000, 0x0)
r6 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x302, 0x0)
ioctl$auto_VHOST_SET_OWNER(r6, 0xaf01, 0x5)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3, 0x24, 0x1001, 0x1, 0x717e, 0x0, 0x7, 0xf6b, 0xd, 0x2, 0x4080001, 0x4, 0x1ffffffffff9, 0x224a, 0x2, 0x7, 0x6, 0x7f, 0x3ff, 0x2, 0xa, 0x4, 0x200, 0x6, 0x84, 0x3, 0x0, 0x0, 0x4, 0xfffffffc, [0x2, 0x0, 0x10000000000000, 0x4002401, 0x0, 0x7, 0x8, 0xffffffff80000000, 0x0, 0x42, 0xfffffffffffffffe, 0x3, 0x0, 0x80000000000000, 0x8, 0x4, 0x400, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x668, 0x0, 0xfffffffffffffffd, 0x0, 0x5, 0x14, 0x0, 0x4, 0x0, 0x0, 0xfffffffffffffffc, 0x83, 0x400, 0x6, 0x0, 0x0, 0x7, 0x6, 0xffffffffffffffff, 0x2]}, 0x200000001fe, 0xd)
r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/ati_remote2/parameters/mode_mask\x00', 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f0000000140)=""/33, 0x21)
r8 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000003c0), 0x1541, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r8, 0xfffffffffffffd01, &(0x7f00000001c0))
ioctl$auto(r6, 0x4008af23, r5)
r9 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0)
ioctl$auto_PROCMAP_QUERY(r9, 0xc0686611, &(0x7f0000000080)={0x17, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x7f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x9})
r10 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/pid_for_children\x00')
ioctl$auto(r10, 0x8004b706, 0x1)
ioctl$auto_SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000400)="1da207e1a0b3cc1768fe4e1f2e93c8e4e49cb7ed41c3a254302c78b69c3c164c158f81b4503787864da5d4f9dd56b854313062a27026e9f19190e0b6ad8b5aa7588d043fa144048f46ad70b4934ae596c45c3c7a49c717bef477acedd82f2798ccaf2b0b1505cb2ceaf6f8b9a7d2f42164b8f97ae033f6ba28f4361e5561af6ff16d1f87b8b314b6819839fe03af94fc5ecb9c45bfc43ef4fe49ad87f32e49f7dc29370d3c0b3ae2dbbe20e8a44624eb42db929c86a85fd7d600f8")
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_DP_CMD_NEW(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="080001003a66520008000200", @ANYRES32=0x9, @ANYBLOB="a3102d08db4e9c7bedc45c615fbb88ba5ede19d112b5b3509542a8af545ea747a2d74443cfc5e43f348e2d7386fced7af406a55498f55745cd5e1548c9c302ce2f219910b0054c4277472353752a4269d123c2c5eb9a533f66771526b1058ea9a25225ceb7e076595ac5b3630ace1abb8cc9d0a35088b9f94e32d3c9fb2e559c5a"], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80)
ioctl$auto_BLKRRPART(r1, 0x125f, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

2m50.042973687s ago: executing program 3 (id=1277):
r0 = openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/projid_map\x00', 0x2, 0x0)
mkdir$auto(&(0x7f00000001c0)='./cgroup/../file0\x00', 0x2)
r1 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000840), 0xc0000, 0x0)
ioctl$auto_RNDADDTOENTCNT2(r1, 0x40045201, &(0x7f0000000880)=0x80000001)
mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000)
sysfs$auto(0x2, 0x100000000000031, 0x0)
fsopen$auto(0x0, 0x1)
read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0)
r2 = socket(0x2a, 0x2, 0x6)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
getsockname$auto(r2, 0x0, 0x0)
r3 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r3, 0x107, 0x1, 0x0, 0x8004)
mmap$auto(0xa, 0x20009, 0x4000000000df, 0xffffffffffffc27d, r0, 0x8000)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8100, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x80, 0x0)
socket(0x15, 0x5, 0x0)
r4 = openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2401, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video46\x00', 0x20200, 0x0)
ioctl$auto(r5, 0xc0285628, r5)
write$auto(r4, &(0x7f0000000280)='9\x00d1L\xf0\x15\xba\xa17=(\x18\xdd\xff\xec\v\xb5^\xa1/[vv\x19\x00\x7f0\xa30\xc7\x9d\x1f]\xf8\xe04\xe7s\x9a\xd3H\xd3F\x819+\x90S\x10\xb2\b\xf8)\xe4IU\t\xb8\r\x9a\x8e\'Q\xfb\xb5I\x0f\x96;\xc7\\2V\x01g\xf8\xce\xbb\x9d\xa2c2\x00\x7f\xa1:\ax\xbc\x17\xde\x0e<\x00\x00\x00\x00\x00\x00\x00\x06\xc8\xf4\xdf\xcc\x9b\xd7D\xd7ARq', 0x10)
getsockopt$auto(r4, 0x8, 0x270d, 0xfffffffffffffffc, 0x0)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/netdevsim/del_device\x00', 0x501, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000040)="3290b800009c550d22350f737ca2dd0af0d849aec832ec49c034169af8fa9231c143b1a8dd292977588a83400445ddc508f3aef64488936413adba3a9cc99bdfd8e7000000", 0x45)

2m49.843213466s ago: executing program 0 (id=1278):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff)
r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408)
write$auto(r0, 0x0, 0xfffffdf1)
linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\xf0\xd8\xf6\x04W\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xed\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\x9bg\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000dc0), r1)
sendmsg$auto_IPVS_CMD_GET_DEST(r1, &(0x7f0000003a40)={0x0, 0x0, &(0x7f0000003a00)={&(0x7f0000000e80)={0x1c, r2, 0xc0dce8a66cb0a7ff, 0x70bd27, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x5, 0x2, 0x0, 0x1, [@generic="f1"]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040011}, 0x40010)
getcwd$auto(0x0, 0xffffffffffffffff)
unlinkat$auto(0xffffffffffffffff, 0x0, 0x200)
mprotect$auto(0x0, 0x8000000000000001, 0x8)

2m49.276682895s ago: executing program 0 (id=1281):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$auto_BPF_TASK_FD_QUERY(0x14, 0x0, 0x3)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/tty/ptyce/power/runtime_suspended_time\x00', 0x2400, 0x0)
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x5ad)
openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x40002, 0x0)
readv$auto(0x3, &(0x7f0000000040)={&(0x7f0000000000), 0x36a}, 0x6)
r1 = gettid()
setpriority$auto_PRIO_PROCESS(0x0, r1, 0x3)
openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, 0x0, 0x1494c0, 0x0)
socket(0x2, 0x1, 0x0)
read$auto(r0, 0x0, 0x20)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0xfffffffffffffffd, 0xb, 0xa, 0x40007fff, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x5e, 0x80000001, 0x7, 0x2, 0x93, 0x400000001, 0x2]}, 0x0)
writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3)
r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r2, &(0x7f0000000080)=')@-!\x00', 0x1e1)

2m34.614291558s ago: executing program 32 (id=1277):
r0 = openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/projid_map\x00', 0x2, 0x0)
mkdir$auto(&(0x7f00000001c0)='./cgroup/../file0\x00', 0x2)
r1 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000840), 0xc0000, 0x0)
ioctl$auto_RNDADDTOENTCNT2(r1, 0x40045201, &(0x7f0000000880)=0x80000001)
mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000)
sysfs$auto(0x2, 0x100000000000031, 0x0)
fsopen$auto(0x0, 0x1)
read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0)
r2 = socket(0x2a, 0x2, 0x6)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
getsockname$auto(r2, 0x0, 0x0)
r3 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r3, 0x107, 0x1, 0x0, 0x8004)
mmap$auto(0xa, 0x20009, 0x4000000000df, 0xffffffffffffc27d, r0, 0x8000)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8100, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x80, 0x0)
socket(0x15, 0x5, 0x0)
r4 = openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2401, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video46\x00', 0x20200, 0x0)
ioctl$auto(r5, 0xc0285628, r5)
write$auto(r4, &(0x7f0000000280)='9\x00d1L\xf0\x15\xba\xa17=(\x18\xdd\xff\xec\v\xb5^\xa1/[vv\x19\x00\x7f0\xa30\xc7\x9d\x1f]\xf8\xe04\xe7s\x9a\xd3H\xd3F\x819+\x90S\x10\xb2\b\xf8)\xe4IU\t\xb8\r\x9a\x8e\'Q\xfb\xb5I\x0f\x96;\xc7\\2V\x01g\xf8\xce\xbb\x9d\xa2c2\x00\x7f\xa1:\ax\xbc\x17\xde\x0e<\x00\x00\x00\x00\x00\x00\x00\x06\xc8\xf4\xdf\xcc\x9b\xd7D\xd7ARq', 0x10)
getsockopt$auto(r4, 0x8, 0x270d, 0xfffffffffffffffc, 0x0)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/netdevsim/del_device\x00', 0x501, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000040)="3290b800009c550d22350f737ca2dd0af0d849aec832ec49c034169af8fa9231c143b1a8dd292977588a83400445ddc508f3aef64488936413adba3a9cc99bdfd8e7000000", 0x45)

2m34.085631031s ago: executing program 33 (id=1281):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$auto_BPF_TASK_FD_QUERY(0x14, 0x0, 0x3)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/tty/ptyce/power/runtime_suspended_time\x00', 0x2400, 0x0)
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x5ad)
openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x40002, 0x0)
readv$auto(0x3, &(0x7f0000000040)={&(0x7f0000000000), 0x36a}, 0x6)
r1 = gettid()
setpriority$auto_PRIO_PROCESS(0x0, r1, 0x3)
openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, 0x0, 0x1494c0, 0x0)
socket(0x2, 0x1, 0x0)
read$auto(r0, 0x0, 0x20)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0xfffffffffffffffd, 0xb, 0xa, 0x40007fff, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x5e, 0x80000001, 0x7, 0x2, 0x93, 0x400000001, 0x2]}, 0x0)
writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3)
r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r2, &(0x7f0000000080)=')@-!\x00', 0x1e1)

1m4.898117188s ago: executing program 1 (id=1572):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000380)="7a47301037954c081c9a0bb84bb7b04ef84993eab91abe1686f43e43d786e964e8f04455bd620de9f3fb6d65e6c078c1a672c549dbc7876cb528ba081a81d884bfc00dd4eef57cedc0cc4156ff6a5b0aa8ba9511fe2b07c6e7f4732fe36ba218aa5b0ff402f2e6adb8ea60886c1e52c60d7d87e4c0551386501763ad098eb2b9602f83b2a643399f10dfdb0f4018b401be4db675d0acf8d348c26acf338cbe20fcb76439ca602a3c022f4463a8820f1c6f865d24e058af98f0c48bf552c3f6cc28c09d9054347db3c28701c67fa1e57d81b881638b518dd8e24969b7fd10406fcf6eb9bb66bf56ed7568510c72b380fa6efbca845bde90f7672708000000000000003513")
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000180), 0x402, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x0)
readv$auto(0x3, 0x0, 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
socket(0x8, 0x2, 0x0)
setsockopt$auto(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x4)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x123002, 0x0)
write$auto(r1, &(0x7f0000000080)='/dev/audio\x00', 0x80000000)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147)
execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
execve$auto(&(0x7f0000000280)='./file0\x00', 0x0, 0x0)
execve$auto(&(0x7f0000000040)='./file0\x00', &(0x7f00000004c0)=&(0x7f0000000340)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\x00\x00/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a(\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8L\x84j\x8c\xec\xdf\x1a\xbd\xc5\x94\xb9\xb7\xd5\xa4\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12\x16\xb8*\xa9\xc9\xe81\x9d\x06\xbbC\x17\xbb\xe6|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x874\xab?\xc8\x82\xe5\x8f\xb7\x91\xc2\xbe\xb2\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5', 0x0)
ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0x0)
ioctl$auto_SNDCTL_DSP_GETODELAY(r1, 0x80045017, &(0x7f0000000180))
read$auto(0xffffffffffffffff, 0x0, 0x1f40)
ioctl$auto(0xc8, 0x800454e1, 0x5c8d)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_SOUND_MIXER_READ_RECSRC2(r1, 0x80044dff, &(0x7f0000000500)="abea1d71a22c2fb47a06ba2bf74770129de95f60df18198cbb6b7c63d1dc26560bf6d396320c7c001b03e8532e8cc9fded75360724716eab7bb45d899f44452bf543d452757a01dc0526e09ad69a34b6ea5b450e0a502f5c8d7fd9ab35c18a010984f5c84b24c94090f029f95ed37dbf4c1036ad0d41847ace2f390aea14004cebc87293069ac84bec173366d2f85305b4b5347443eb925aaa34d0726444e36d0231d2f287ad90b7c6851144")
read$auto(0x3, 0x0, 0x8080)
sendmsg$auto_SMC_NETLINK_DUMP_UEID(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4004050}, 0x4008004)
write$auto(0xffffffffffffffff, 0x0, 0x81)

1m3.980633143s ago: executing program 1 (id=1577):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/nullb0/queue/nr_requests\x00', 0x2, 0x0)
mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2)
mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9)
rename$auto(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x40, 0x110)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x8000, 0x30)
renameat2$auto(r0, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x2)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/dev/cdrom/info\x00', 0x2000, 0x0)
unshare$auto(0x40000080)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r1, 0x8000)
mbind$auto(0x20000, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
mlock$auto(0x7c88, 0x7fff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = fanotify_init$auto(0x5, 0x0)
fanotify_mark$auto(r3, 0x205, 0xa, 0x4, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
sendmsg$auto_BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="57e7"], 0x1c}, 0x1, 0x0, 0x0, 0x4040854}, 0x8010)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0xa, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x20040000}, 0x40)
socket(0x1d, 0x2, 0x2)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x0, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0xcab, 0x0)
mmap$auto(0x1008000000000, 0xffff, 0xe2, 0x9b72, 0xffffffffffffffff, 0x1000)

1m3.382304473s ago: executing program 1 (id=1581):
mmap$auto(0x0, 0x20009, 0xe7, 0x100000eb1, 0x40000000000a1, 0x808000)
ioctl$auto_BTRFS_IOC_SEND(0xffffffffffffffff, 0x40489426, &(0x7f0000000140)={@raw, 0x2, 0x0, 0x929, 0xe5c1, 0x7cd, "abfd2e69df26f540a1d748ceff20c3ed69a359d46ed201e13aea69af"})
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x80002, 0x73)
r0 = socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/midi2\x00', 0x1, 0x0)
r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000001c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7t\b\x00w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x8c)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfa\x14&\x99?\xe6\xe5I\xe2\xae,\x95k \x97\x18VBAo', 0x100000a3d9)
mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(0x0, r4)
syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff)
mmap$auto(0x2000, 0x400008, 0xdd, 0x9b72, 0xffffffffffffffff, 0x8001)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000280)={'pimreg1\x00'})
waitid$auto_P_PGID(0x2, 0x0, &(0x7f00000002c0)={@siginfo_0_0={0x2, 0x80000000, 0x96f, @_sigpoll={0x9, r1}}}, 0x1, &(0x7f0000000400)={{0xf, 0x7}, {0x1, 0x9}, 0x2000000000, 0x1, 0xb, 0xfff, 0x10001, 0x9, 0xff, 0x9, 0x7, 0x6, 0x1ec, 0x0, 0x102, 0x4})
sendmsg$auto_MACSEC_CMD_UPD_TXSA(r0, &(0x7f00000008c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000880)={&(0x7f00000004c0)=ANY=[], 0x3b0}, 0x1, 0x0, 0x0, 0xc010}, 0x280040d1)
mbind$auto(0x2000000000000000, 0x2091d2, 0x4, 0x0, 0x6, 0x326)
ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100002, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2})
syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x8001, 0x0)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
shutdown$auto(0x200000003, 0x2)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)

1m2.83540789s ago: executing program 1 (id=1584):
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/usbcore/parameters/quirks\x00', 0xc0202, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000480)="bdcdae09d0dd317ad1695e8740fec28a6485fa68c717946d521b450d2abac776c4ecfb115fde7fa4494a85ceb748e2ff2ad8b65d79975fd5f17e4a577c2b3acabda79a6c5e22738addfe41bd5043b0794dff35e69acb6ad0e6b059d51c727abba07fdfaa0ccdb8c4dbba9deafe52719f7fc86caf30874dd7924aae3d6e8ad57c", 0x80)
mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0)
openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000980), 0x102001, 0x0)
mmap$auto(0xfffffffffffffffe, 0x4020009, 0xe1, 0x270c1b57, 0x401, 0x20000000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="01002cbd3000fedbdf2504924d6643b023e53d98ee76"], 0x1c}, 0x1, 0x300000000000000, 0x0, 0x4081}, 0x8800)
r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/wireless\x00', 0x0, 0x0)
pread64$auto(r3, 0x0, 0x201, 0xc000)
close_range$auto(0xffffffffffffffff, 0x8, 0x2)
socket(0x2, 0x80802, 0x0)
socket(0xa, 0x1, 0x0)
mbind$auto(0x3, 0x3, 0xa9, &(0x7f0000000000)=0x6, 0x8000, 0x5)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
r4 = socket(0xf, 0xa, 0x200)
sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}}, 0x41)

1m2.656424926s ago: executing program 1 (id=1585):
mmap$auto(0x0, 0x2020009, 0xffffffff, 0xeb1, 0xffffffffffffffff, 0x8000)
openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0)
socket(0x2a, 0x2, 0x1)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
capset$auto(&(0x7f0000000180)={0x8}, 0x0)
setrlimit$auto(0x8, 0x0)
r0 = io_uring_setup$auto(0x59, 0x0)
mmap$auto(0x0, 0x400008, 0x2, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x1c8300, 0x0)
ioctl$auto(r1, 0x8004510b, 0x3)
r2 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0)
ioctl$auto_VHOST_SET_FEATURES2(r2, 0x4008af00, 0x0)
r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0)
statmount$auto(&(0x7f0000000280)={0x9, @raw=0x275, 0xffff, 0x6, 0x6}, &(0x7f00000002c0)={0x7, 0x6, 0x2, 0xa94d, 0x9, 0x8001, 0x6, 0x1, 0x2, 0x4, 0x1, 0xfffffffc, 0x120, 0xffffffff, 0xf9, 0x1, 0x8, 0x10000, 0x8001, 0xe, 0x5, 0x1, 0x1, 0x0, 0x401, 0xae4, 0x200, 0x10000, 0x4c87, 0x9, 0x4, [0xc, 0x27f, 0x0, 0x6, 0x24d, 0x401, 0x40, 0x99c, 0x80000001, 0xc, 0x1, 0x7, 0x8, 0xb1, 0x1, 0xffffffff, 0xfe000, 0x0, 0x2, 0x4, 0x9, 0x2821, 0x0, 0x100000000, 0x0, 0x6ae4, 0x7ff, 0xfffffffffffffff7, 0x101, 0x9, 0xc4, 0x2, 0x9, 0xcff0, 0x7, 0x13, 0xd, 0x3, 0x0, 0xde8, 0xc2, 0x9, 0x3], "8eb51772afa4636a46c8f88d70ed2dae64f0970f9325a63eb5e5d70b79d5cc060790c000966f8b2e5dbd7fdf68575bed94e25abb8290d6d949a86c742fae600a8720682df9b591aee02d38e7f087b690973376590083e7bcb461485d7f306f790ffb93d8"}, 0x9, 0x9)
bpf$auto(0x0, &(0x7f0000000280)=@bpf_attr_4={0x1e, 0x4, 0x1, 0x8}, 0x6f4)
mmap$auto(0x0, 0x22009, 0x3, 0xeb1, r3, 0x8003)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/tracing/set_event_pid\x00', 0x2002, 0x0)
sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040)="d5bde24bc9210c033aa704d4c1ab83a5927f2716cca2f4d65dbdf9186caf1e36d9db5a5a18b711921d1c0acb518ee1f1c30ec0c7f75477251d0c747651956a7c63f72497df1c575f01251a009de6833b9ad397b06289af20a2b5b2b039bf26234a72258441685ded3502461d8792f97ee96f09cc3fb1a97437b85e0e9b3b88c6aa1fb0d7202da1cd82f4207cd8e13a813f2a1dbfe7459da5748d6d7c9ca507bdb02eb039b2e2b4538cbffd34b6dd2a200fa8d5303bd168d2c8be1fb5474d5b", 0x9, &(0x7f0000000100)={&(0x7f00000001c0)="33b4ff896be30097c89cfcb3b8f57d7f104e7bec52479733b76db2e43fc3dc0458223ce3bf94b83596c32f1848690ed1f263a6ebbf0ab57e301b9c2864cbd61997f9edb96c467f5579de1d2a0a86f58546828bbf726d76b9e2cdaf7413eb0bffb605dfa5b886d79ad9419ec59438ef22aba67b7374cbc77aa2409e89dfa7a623a4feaf1fd64ee2d0ab48e38b1cc4855c6aecf136ccbd250ac4ae2188503c4b65dcc34da51fee9a08d4da90540387b5ed5586f0d8f94cd9e6a000", 0x7}, 0x7, &(0x7f0000001200)="6cba8a6d39f92a03f2e1dafd617b0b7071c1432341f1bb1f7c60e4b1fdb689cb89f5ffb6d7bd93410e53690b511a36f768578a09a6af18704629d13a8035fac3af28224156247cfad034434bc0e75a7e7850380fcc4ede8e44efd9d3db46e98a309405e432146d4d421549494532ce22e45358344811edd5d3b9ec171bf94863cd1a306464de3135083e9bd9a899bba1f3b1e75685ffe14fb792ac9691daa8da433d50b273d76dce9a56b15b73287a75407d5f09b5bfa67b06f217cc1e0e3b566cddbfc135c5405a1a1b7d9c37773b74a2a5692b2e553dd0899712f1c6f87841cb9d44d63755f23121c399bd6511ce0dd1e2af34ea6cba99480a7191bc29882ecaa9aec01857bc8b97b909509190bcea71cfb2ae0419158162f406f4feff628fac0c95dbd3a37a6b3f1e1696623776afefd468253b1826f02f4355b028d8ad307551c794d5e661c2e57ee12f491b71828a5948d21877521dc7532864c899c89400b87a56cfb4937b33b87d464f77ecf047e0c2b61ee4f622a0ced4477dfb10f943f3fc2d6483e256a79c770bcc6247a496bf1fff3f6bcdec68bc3d25448b9a536a8fae9b0f7b7d615f050e98e8d971dc92b1f035f237b47127bc93951a07e0b00c04ad78511ecd786d6a99028c28c3b987877ae725019b5af1140836087df691ee81c29335b54ac2160b22d163336e3224994cb9e92360f2e727a23f75ece969e6128075c9235cdc44ee85e50588f002d00b48379fc0fee02f95682827e0738d96b9b33dcbc89f72ec4fe53dc1bc246d545a2d1d2c0feee047036bbbb550d27e84c965bc28c3cd1346b5342ea974b194d075a227fce957fdbec29a2056c810dd3d14c782cc427a44fea25189dfd3093a5644dbbb478ad30fdc17697bfdd94375e647969973b12604760ad92562b3f27851cdfca3dd7df4297f78d7f741c726f6ccb8017624bb669e20ac08fe0c9e0a13a3a29e7be9ed0ac15139d9e9dfd163a171989623496085f6877106d8c8e92ac4036538f5893ff3a1325a81b4fcd48b91d4b8ecdec65736a4988cedb0d0c41eea42d6d7489216040255c3a2b4ac0c0eb270754cc09157f2fb4999821667f06229e7461c3534709e62cf5cbaa4f340de5ddf90cc7efcdf1a18fbad319f9f63551632ffe5e29208992809ff40ac363afdf00a983065731e4010a4e1c1d1cd845ea36133fe4f29e25c151eb747f15832a27c3d7e35bb7eb974efb6c8122cb113b381adefc3cc9be1c4dd3805974f884163b546eb1fae5fc2f6132ef2aecbb27388324a4e6cd1b199a25548cbba02fe0fe468c91862d2893f3fdaa861a72013b349b050158b19ed76d82ef24910d097d5330acb1ef96d2f7d693d7ace7f2961cbc2ab81334eb4073f8225c55bb883d4d8e36eb800929d786c959b3ea9664d1744782250f3b72b4a93439f60d6b2323c6a17897af071e7c310786408635b8a8d1de9a16361ab3ef745c919b8dc2f9c1d48a06e2d94be6d5402e90ccc685f46ccb7fa66e55a77f28098390c2d03e43a1d96f44397f4921a97ddcbb0342cd0a4e0a46d228956521989d4112837462037bdb6ed45b6e2a8c87385bfa103a49d4c794935738786b6d47b7c99a4851ff03a0c24a0493b602d8e953b53b02c1e42590badaeb80f74094bbd4ea23d179aad631c85f20dfcaf0a95957fade80b7cf96476b0a3b5dd6c405ebbe13cfe9c4282fee9239087c51798575c68bbd7d043d3f0a4a1108a4ea6da40f8038d4555e4497c02a441a8f318cdc2662d44f8309f811a37c750343bb5a3701b6d96151315a1a7143d3a45da526adce6b032644c69d5bed0477dba2c196c5bd4cdd1c99de14d3b5cf0bf5a39f984f49e7c3c508abeb5f785480ca4d3668948ad48a41b664d1d5b1a5848ce1ed1383e49b73cd2991bb4b4ff3c8037196f3d25319bdf2173d6e07db1ef56dd98d516e3707bcf5bc1ba5c87271fdfd58bd217dd3812e78efdbe48908d58a615035305b3b496959451b7bf909d613bd2482043c0972e635db06dca7994099eb95040da7c6afe5f461fd86b7be77a285340fbff3377f195cca0526e5197192ce1341327bf1730d0f3c6af6e33129ca53e7788e334392045f4dc68925c31085657756e543902ee17bb3703b0fcf08bd78cf65fea7e5c08838cc4eba1802a1b2f194d9d872caf5a473e77bb35b55a5eee8a5b666b5853bede24ae5c3a6c94045149d825879bd83d0b4b971d0aaf071f9c418e88ae8c3421a202ac434289cf69b6c5a4660302b542e3e2c4cd9b359f937a99c2d6fc82d18d569da84b4df11f16c5fb288b560135a900e885cf616e9a9a90ba3f43130e2939948837f1567acfc88e0d6949406ce0211fb4f75c05154887bf8c6f7b45854ceea2c39836f1dd2792a5d2c7db3ada9d62de98898111ab1d012b270fa25963507c26968d3f102931d5bfdf35e9c372b9369398703d9ee89acc8cb468eae8a23bb0d55513b7ea7a58b2e6e09fa417786f8dd172121fc19d09e0c066cc7fba1288a52c2e55e567cc81e298d43b01f57ffe09f18e09be501830ced10d868dfc420dec59e480f9b91ed9ebe5b3a2f3bec7c00f96af67814cdf0ea58ea0efb2657f9f6683612fe19a0c5449c78f595b4a14b9791ad3a12d5e7950209df27a47d71f704b58f7f76674af72dad855eb2cb2e33303f2a2077d0a1e389dd0f11494e62bcf07739ec9d20abe5f5af5c9b4c338b28b668a1e47ede8dcc3dc6c6273f391edb4843c860115b8206d9056dd5da7b98f3c88c03cdf4ceaf119a8cabf4204006b767d83516f6afec29a74dfc4fc2686cade20d7e850eac7384811aa4bb24dc7fc84a0c59057b9ce2c4141e18f076d9e9d39d145270cd24788dc93852e00e264aea7d3ea81dfdd9855a6a79911a6a6fb2410e7ec4b07c1604e47aa36d9cf3a356c7193d591e07710e7315daf0520ad4c1372dde02093ef2dccbb7e2a5c3c8627f7e806037217fadd7ee765fc040e44ec686eb621ba65dfdd8a972bd5beef44daa61d3c05debe43ae8895803aeb9001748779b789cfb22c1ccf0e606533bc568406a21128a0ff41ea9f228ae6a9179b30be69da520abbd48212ddfb9b8452624f6dd32d6836628a76b8457aa211c877f54630976601539d4a58b3e72918b35a2a8b1c932669872d3e0a07dfa3f24a9806361576650820d0d9995d2a2e1e071034af0472a80fd9a7659700d71e1494f3baa71da354bced5cce16b300ce510b4df3ea8bdc95dd5dfeaf6e1a82664d0a3abc0211856b7402f088b657d2cfa9b4000a4ca1367e798b18ea922407896cc392aceea3042c46cf7e60abb3bd1117f0095088c44833f3d77d6a857ea15ec90153fe9685b9781591d898e75fa7cbc883c856750d9ae5779fccac5e6d30ff10c0e4c3d8b00eca0f9d0f5bde56668dc0788c448173d39c0ac96c4bf5bbf41407277a1e451538c090214c20f844b02ad55c7c1acf25ec3c81eb55e1d65ba48af4df9c7609e6ed010a64c003c7d8e36c1c589f966592898f5e68c74dbc328c3d1444663d5d8e0e362de7924b76a7d7d1b78631c4d53d88152fdb2b8f38f353f4e3e13fc3bf158e91f0fcc18428746d39920726e16e2c5a2956d1a67c3ba709dd2cf9c4dc2f734c18742a47efc916e442a8520aa6327f95d7dadf00b3222a3696cccf3acbe86c791ecf64535033a3ce523cba8a8e318f699583009eaaa1ed954d19858ea6895a0a6f3fc61e05461904d05eac6502a6696f3b57f32a2e3e8ef9b8726f7fed665df9e6ed38001bf308a309cf4bf650346b869fab87adf68d3c066cae6dc5a0b65f53f32ff9f6380773e551508d4e72064b18aad88afecb075d40b4381948e5898546a6a161c9e0790231637939ba429446ecccc04d1249994712cefd1ecc26101d1c58418a84975b1d97bff96bc96ce06fb7ae356fd1316e008d81e852b7f02db08f93d0045d3d6c338ed7464531ac96ed7ec5f47a737ac9a2167e020afd6c1106925c7cf31cfe3023d1219086234ff9c39ab69fa16852f6a8b9d78c415841bba9e59ef8abb899114c59549edd04e9d05b1588f876c9ea500ac2e3e7307432acd5e42682dfceb55ea1bbe6586678783165f0e8cc3e768d20c97f51da986968132bd5e43d487be085115ea26c7379cb8e9ddb73710523923ffb9210cc61f8e4f43997cc6f2ae758aa4a4e1e5cb7be4e65fe9347cbad637bb7a9d1af52a48ce5f7c0c32e3cb022e52aaf2908380070bef3236bbe466e0d274da90241235dfc92f3a211fb69cfa9f1a000d5d3478a624e9ae4b92621aed6795250329fe6738a0e81183047d0828fca751f2a63dd646d861519ec117f26e5349911bd83b7e3bc3b9384ef8829b47e3b53ad0f33d6a1a063fe9a95f0c44441d831bc60e566f6c481de07f9c79d32eddff9ce79715ebe052d7e44be157a233af08d64413c36dea0c4ff5fed0585b9faf25fbd4354ea0d11e35e06fe3af8295c0a5c687ee7df1c43a8ec7e7d6412142d3fa4050b28a4e53f9ce7a903b0c33efb9d0abba82a72a73f613707bcaad7c55556360e4ececa57f029745dce1bcc0dd489453f9867a3ea5d47a8706ed20deab3aa94bc792f5cb8a7324f67fb1b2166de617424679c77b7edd71bec0958f74789012ff1b2d18d19ae31fe7942bc8317c5362da66c83400c2a19aeeed7e92017e7deec37a1832c35e6905a9ac208d1ce4d9728b6d4637d264af60c5cbf8e7348065e36ca7437bc712650817f51afd63bfe1882657b0c51a3c8b1811af3d77b49db9cf6c97c59513063a4f195b62f376f635be0874f61c315ae32de0ed78f19d761a6231b3b8782688b37b17d24e180f834c495763c455fe87a22e9f1637b2e14278c2d2d8a0f6e036c3c6b86341d067b6624e85edc9869fc27fa46cd47fb5b7bd80cea64104707779110bd4d90b421a0b0a660f8f135ff3f899cfe588451fa9bc2332a0126f0ce1c638fad98583a108377d473140d54c8c520ba5e244b39639c476473d2c6d410f1827c74f7607b5d1ad9c9fcc2017e3285fea36b9645b1e66a706f817bc5c93bfe5a90184135a29783939f87bee7f427b81ade511ec8ffb9f3b4784651bf0c63ede43d19771a06fc806f5307380c9894b90319f2937abb7e7f2c9e185839c296b3f263953b41158652c22ded286863cddb3ee4bd21dc86b1c739d97b0beb2dc6309bc34bca2056b6fe0cfab8e19ff26b3ea31ebba0054e96fe338772a4a912e7ff4c79bd7fe227c06fed59488e13f00633854a44644ed250f45b5ff261cf3a566f2aa53f05e2c11f966c65712ba04625a73b906fab52156e1b930f64a44ddc421022e8a3fd937c7a57a51f9ba9e8060d12c4500e2bfd6a4e3ec21cd97f3cb23a0761086461d40f775f3a521f1bfd397c4f53ba8430a13741b3700fd74b91ccd523af720039b112bfbbf4b6af1ae369b3994603008613428c4a2e285b01ed43adcfeb69454d39ea669855299caeee37c351c5002a23cf114d86829f45ba0999b242eb02923550fed244b65a4585dc79cfc1cca0516d24612d6d30af658eac9598b46c997f802aae55fe5e618f4f6e68531127a71f0b59939ebc5d42c42c185b64918f259d0d50db899416b6ededb1fab6b0b1cd93b1575e709b0ce322c5e8642169d876dffa938541b3503be742c3934f05a108b41694fb99813c9081acb323aeb0deec0e948dd20ea2e02885a0eaacc5bc330cda0679c290a2e3d34c26b95609794e2fd6424904e6b462aa7ab517a5ae6102a8d5ab5d308b506c25b62f6204b0", 0xf, 0x8000}, 0x7}, 0x0, 0x0)
setsockopt$auto_SO_CNX_ADVICE(r0, 0x2b, 0x35, &(0x7f0000000580)='():-!-\x00', 0x9)
read$auto(r3, 0x0, 0x35cb)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0xa0342, 0x0)
syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff)
execve$auto(0x0, &(0x7f00000004c0)=&(0x7f0000000340)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\x00\x00/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a(\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8L\x84j\x8c\xec\xdf\x1a\xbd\xc5\x94\xb9\xb7\xd5\xa4\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12\x16\xb8*\xa9\xc9\xe81\x9d\x06\xbbC\x17\xbb\xe6|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x874\xab?\xc8\x82\xe5\x8f\xb7\x91\xc2\xbe\xb2\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event_pid\x00', 0xa0201, 0x0)

1m2.442261971s ago: executing program 1 (id=1586):
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
bpf$auto(0x0, &(0x7f00000001c0)=@link_update={0xffffffffffffffff, @new_prog_fd, 0x81}, 0x10)
bpf$auto(0x19, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex, 0x3, 0x81, @uprobe_multi={0x81, 0x3ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0)
write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0)
r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0)
sendmsg$auto_NL80211_CMD_TDLS_OPER(r0, &(0x7f00000007c0)={&(0x7f0000000080), 0xc, &(0x7f0000000440)={&(0x7f0000000800)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="02002abd7000fddbdf255100000005001e000d00000004008c0008004d56320000000400228077948000f0534fb4c76499ca3ca7855bb70c051dbdd9bbd6e78f9b2667465c885c85698ed0dcf428792de73b58241603fa4be07e8c940c8056a5df5da5181e3fb9bcab8cd7c426"], 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x801)
r3 = open(&(0x7f00000000c0)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/bluetooth/hci3/hci3:200/uevent\x00', 0x1, 0x0)
flock$auto(r3, 0x6)
r4 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc)
flock$auto(r4, 0x2)
r5 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4)
flock$auto(r5, 0x1)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r6, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100253d7000fddbdf2501000000140007800c000104008d800c0002000600"/46], 0x34}, 0x1, 0x0, 0x0, 0x804}, 0x8880)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x10, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x0, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x7, 0x0, [0x8, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x104000000000000, 0x2000000000000000, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x200000000002, 0x0, 0x10, 0xfffffffffffffffe, 0x3563, 0x7fffffff, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f)
close_range$auto(0x0, 0x5, 0x0)
recvmmsg$auto(r6, &(0x7f0000000740)={{&(0x7f00000004c0)="00125988e622eefc6ac2306c7423fb8b58bcaae2da93e8f0ba85da5c6d35a88e1b388ac00cafe7e4f8113acf7e26c55ebb555bd7b786a1d9858dfa3772ce18261338fb54023f104a419b570575029143e2fb8830ef7a5e9fb79bd8a66c08437e6390c9fa5a66641327ef717606b311a94c45637d1ed8c14e50feeb2f4cb252a90052a3817b64c94bda6025dc910a59b4d1797b5aed6bb323f8c03140a7987ea42b547e6b926e2e979f6a6e65470ec1187c82b7ef010c6287414772c692c970efeb774fb06245b572265158b1410167bdb496cacde9d77daf383680bfa60dbd1e679214fd79a57f4c", 0x0, &(0x7f0000000680)={&(0x7f00000005c0)="046daeba702af628b750d8b297afbe18abe86d9ae9d253f9a50433cc32850b987b065b68b1740d73790125f393af7c6ad9fb5006bb235db844ce665e44333171199f388ebcb1eaa3bb7a4218cfdddd93663b7b0ae88bcfd854c002de6b9630c4b20ed07e18748750db60956bf13e304e74918eb8e31a057b454e1ad120445b5cf540e3a368cfce525ffbbe81c0fdfcb6", 0x6}, 0x7, &(0x7f00000006c0)="61484c6d39ce9ce4dd38929036e32185c0184f584e9d1aaee09f0907b73910dac1552be1927d5dc10ffa7023dd877bbbfb521cf4e8d64107399bea3e4d5dad6f308b04", 0x2}, 0x7}, 0xffc000, 0x8, &(0x7f0000000780)={0x1, 0x2})

46.797790131s ago: executing program 34 (id=1586):
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
bpf$auto(0x0, &(0x7f00000001c0)=@link_update={0xffffffffffffffff, @new_prog_fd, 0x81}, 0x10)
bpf$auto(0x19, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex, 0x3, 0x81, @uprobe_multi={0x81, 0x3ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0)
write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0)
r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0)
sendmsg$auto_NL80211_CMD_TDLS_OPER(r0, &(0x7f00000007c0)={&(0x7f0000000080), 0xc, &(0x7f0000000440)={&(0x7f0000000800)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="02002abd7000fddbdf255100000005001e000d00000004008c0008004d56320000000400228077948000f0534fb4c76499ca3ca7855bb70c051dbdd9bbd6e78f9b2667465c885c85698ed0dcf428792de73b58241603fa4be07e8c940c8056a5df5da5181e3fb9bcab8cd7c426"], 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x801)
r3 = open(&(0x7f00000000c0)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/bluetooth/hci3/hci3:200/uevent\x00', 0x1, 0x0)
flock$auto(r3, 0x6)
r4 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc)
flock$auto(r4, 0x2)
r5 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4)
flock$auto(r5, 0x1)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r6, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100253d7000fddbdf2501000000140007800c000104008d800c0002000600"/46], 0x34}, 0x1, 0x0, 0x0, 0x804}, 0x8880)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x10, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x0, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x7, 0x0, [0x8, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x104000000000000, 0x2000000000000000, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x200000000002, 0x0, 0x10, 0xfffffffffffffffe, 0x3563, 0x7fffffff, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f)
close_range$auto(0x0, 0x5, 0x0)
recvmmsg$auto(r6, &(0x7f0000000740)={{&(0x7f00000004c0)="00125988e622eefc6ac2306c7423fb8b58bcaae2da93e8f0ba85da5c6d35a88e1b388ac00cafe7e4f8113acf7e26c55ebb555bd7b786a1d9858dfa3772ce18261338fb54023f104a419b570575029143e2fb8830ef7a5e9fb79bd8a66c08437e6390c9fa5a66641327ef717606b311a94c45637d1ed8c14e50feeb2f4cb252a90052a3817b64c94bda6025dc910a59b4d1797b5aed6bb323f8c03140a7987ea42b547e6b926e2e979f6a6e65470ec1187c82b7ef010c6287414772c692c970efeb774fb06245b572265158b1410167bdb496cacde9d77daf383680bfa60dbd1e679214fd79a57f4c", 0x0, &(0x7f0000000680)={&(0x7f00000005c0)="046daeba702af628b750d8b297afbe18abe86d9ae9d253f9a50433cc32850b987b065b68b1740d73790125f393af7c6ad9fb5006bb235db844ce665e44333171199f388ebcb1eaa3bb7a4218cfdddd93663b7b0ae88bcfd854c002de6b9630c4b20ed07e18748750db60956bf13e304e74918eb8e31a057b454e1ad120445b5cf540e3a368cfce525ffbbe81c0fdfcb6", 0x6}, 0x7, &(0x7f00000006c0)="61484c6d39ce9ce4dd38929036e32185c0184f584e9d1aaee09f0907b73910dac1552be1927d5dc10ffa7023dd877bbbfb521cf4e8d64107399bea3e4d5dad6f308b04", 0x2}, 0x7}, 0xffc000, 0x8, &(0x7f0000000780)={0x1, 0x2})

4.11747652s ago: executing program 2 (id=1640):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000380)="7a47301037954c081c9a0bb84bb7b04ef84993eab91abe1686f43e43d786e964e8f04455bd620de9f3fb6d65e6c078c1a672c549dbc7876cb528ba081a81d884bfc00dd4eef57cedc0cc4156ff6a5b0aa8ba9511fe2b07c6e7f4732fe36ba218aa5b0ff402f2e6adb8ea60886c1e52c60d7d87e4c0551386501763ad098eb2b9602f83b2a643399f10dfdb0f4018b401be4db675d0acf8d348c26acf338cbe20fcb76439ca602a3c022f4463a8820f1c6f865d24e058af98f0c48bf552c3f6cc28c09d9054347db3c28701c67fa1e57d81b881638b518dd8e24969b7fd10406fcf6eb9bb66bf56ed7568510c72b380fa6efbca845bde90f7672708000000000000003513")
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000180), 0x402, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
socket(0x8, 0x2, 0x0)
setsockopt$auto(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x4)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x123002, 0x0)
write$auto(r1, 0x0, 0x80000000)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147)
execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
execve$auto(&(0x7f0000000280)='./file0\x00', 0x0, 0x0)
execve$auto(&(0x7f0000000040)='./file0\x00', &(0x7f00000004c0)=&(0x7f0000000340)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\x00\x00/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a(\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8L\x84j\x8c\xec\xdf\x1a\xbd\xc5\x94\xb9\xb7\xd5\xa4\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12\x16\xb8*\xa9\xc9\xe81\x9d\x06\xbbC\x17\xbb\xe6|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x874\xab?\xc8\x82\xe5\x8f\xb7\x91\xc2\xbe\xb2\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5', 0x0)
ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0x0)
ioctl$auto_SNDCTL_DSP_GETODELAY(r1, 0x80045017, &(0x7f0000000180))
read$auto(0xffffffffffffffff, 0x0, 0x1f40)
ioctl$auto(0xc8, 0x800454e1, 0x5c8d)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_SOUND_MIXER_READ_RECSRC2(r1, 0x80044dff, &(0x7f0000000500)="abea1d71a22c2fb47a06ba2bf74770129de95f60df18198cbb6b7c63d1dc26560bf6d396320c7c001b03e8532e8cc9fded75360724716eab7bb45d899f44452bf543d452757a01dc0526e09ad69a34b6ea5b450e0a502f5c8d7fd9ab35c18a010984f5c84b24c94090f029f95ed37dbf4c1036ad0d41847ace2f390aea14004cebc87293069ac84bec173366d2f85305b4b5347443eb925aaa34d0726444e36d0231d2f287ad90b7c6851144")
read$auto(0x3, 0x0, 0x8080)
sendmsg$auto_SMC_NETLINK_DUMP_UEID(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4004050}, 0x4008004)
write$auto(0xffffffffffffffff, 0x0, 0x81)

3.179239234s ago: executing program 2 (id=1641):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000380)="7a47301037954c081c9a0bb84bb7b04ef84993eab91abe1686f43e43d786e964e8f04455bd620de9f3fb6d65e6c078c1a672c549dbc7876cb528ba081a81d884bfc00dd4eef57cedc0cc4156ff6a5b0aa8ba9511fe2b07c6e7f4732fe36ba218aa5b0ff402f2e6adb8ea60886c1e52c60d7d87e4c0551386501763ad098eb2b9602f83b2a643399f10dfdb0f4018b401be4db675d0acf8d348c26acf338cbe20fcb76439ca602a3c022f4463a8820f1c6f865d24e058af98f0c48bf552c3f6cc28c09d9054347db3c28701c67fa1e57d81b881638b518dd8e24969b7fd10406fcf6eb9bb66bf56ed7568510c72b380fa6efbca845bde90f7672708000000000000003513")
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000180), 0x402, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
socket(0x8, 0x2, 0x0)
setsockopt$auto(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x4)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x123002, 0x0)
write$auto(r1, 0x0, 0x80000000)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147)
execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
execve$auto(&(0x7f0000000280)='./file0\x00', 0x0, 0x0)
execve$auto(&(0x7f0000000040)='./file0\x00', &(0x7f00000004c0)=&(0x7f0000000340)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\x00\x00/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a(\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8L\x84j\x8c\xec\xdf\x1a\xbd\xc5\x94\xb9\xb7\xd5\xa4\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12\x16\xb8*\xa9\xc9\xe81\x9d\x06\xbbC\x17\xbb\xe6|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x874\xab?\xc8\x82\xe5\x8f\xb7\x91\xc2\xbe\xb2\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5', 0x0)
ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0x0)
ioctl$auto_SNDCTL_DSP_GETODELAY(r1, 0x80045017, &(0x7f0000000180))
read$auto(0xffffffffffffffff, 0x0, 0x1f40)
ioctl$auto(0xc8, 0x800454e1, 0x5c8d)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_SOUND_MIXER_READ_RECSRC2(r1, 0x80044dff, &(0x7f0000000500)="abea1d71a22c2fb47a06ba2bf74770129de95f60df18198cbb6b7c63d1dc26560bf6d396320c7c001b03e8532e8cc9fded75360724716eab7bb45d899f44452bf543d452757a01dc0526e09ad69a34b6ea5b450e0a502f5c8d7fd9ab35c18a010984f5c84b24c94090f029f95ed37dbf4c1036ad0d41847ace2f390aea14004cebc87293069ac84bec173366d2f85305b4b5347443eb925aaa34d0726444e36d0231d2f287ad90b7c6851144")
read$auto(0x3, 0x0, 0x8080)
sendmsg$auto_SMC_NETLINK_DUMP_UEID(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4004050}, 0x4008004)
write$auto(0xffffffffffffffff, 0x0, 0x81)

2.270029111s ago: executing program 2 (id=1642):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0)
io_uring_setup$auto(0x1, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0)
openat$auto_rfkill_fops_core(0xffffffffffffff9c, 0x0, 0x200080, 0x0)
read$auto(0xffffffffffffffff, 0x0, 0x4)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS2\x00', 0x101e81, 0x0)

2.020826895s ago: executing program 2 (id=1643):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810007, 0xf4, 0x800000000a011, r0, 0x8000)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(r1, 0x0, 0x9a28)
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/fuse\x00', 0x181042, 0x0)
socket(0x10, 0x2, 0x7)
close_range$auto(0x2, 0x8, 0x0)
socket(0x18, 0x80000, 0x2)
sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x0)
socket(0x11, 0xa, 0x9)
close_range$auto(0x2, 0x8, 0x0)
connect$auto(0xffffffffffffffff, &(0x7f0000000080)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x11}}, 0x80050)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0)
msync$auto(0x110c230000, 0x200001, 0x6)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
mbind$auto(0x500, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
close_range$auto(0x2, 0x8, 0x0)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r3, 0x40043d04, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:09/sun\x00', 0xc0a00, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x10002, 0x0)
prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_ON(0x9, 0x1, r2, 0x6, 0x2)

1.029875525s ago: executing program 2 (id=1644):
mmap$auto(0x0, 0x100000002020009, 0x1000000000003, 0x90, 0xffffffffffffffff, 0x80001)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x20008, 0xdf, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x840)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x4)
socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001240)=ANY=[@ANYBLOB="e3b74bb486f5684fb8ef96f62f7774a3bce27842d964ef9c1f3878c46e0851fdbe4ba4dedb525f9b75d96813a50b397d40a5f69879d2b3835874d4f1443c027fda7c1fec3db0f776b0580393c9bc653b9708380e007a9411b96ff00a245e43a01c6eb991c502f0a12c5801a625099460196386157fcc82fd5c55e3efa8145466ea3bbf3af5b91b6cb8a644e996736964c72ee273b126afbb7a478a804ca7575e3482794e8b5281150e49c9e7573522c6230aab2624d4b2aedeca6a99148eaa1b3f42e701f82427ce868be954d1063bd358fa2b7b157a61192dad52db805077434a99945e0de6421173a182dbf5fb1991da1b28dc267067b6cf5d46f2eab9c00f64dfde2e6968d6db2feebcd62056c0e35ac9000a9fffed3864297c2b0528323802dd344946093d9260784234dd9fde3ad6537e35d50857f8674a246493ec391861799270131f102f4e1452d270583bafd6130555c3cba2e9c4a38ef9e466c8978e23a8f5f83557e7388bfed8d14f4229595f820aebc52f23a6fb9270740f79b7d8ed87e3c1993450fcaae0f7e8f9c8c33865fec2ead80d81b4dbfc860c475733f8ae9c708e3744a4ecd4d71d91a1f0cfa48aa20d9feb4af93a47756fed8f28266c9933a364064f298f707d524ae8391548fc4cafaf7372ecb147468d7e636433f2ed5329e2d71c13b00595eb89c4ed6cb13c0f3fb6065549015d8626d565efa0aa72e19216ff97d653778533e36954cfd8ae3b6b9886a59c8f8319363cd3a18ddfa40f6132cbdc13c700280af0c62733cda249e62b2497abd51fac47c6fb12491dc9cf54ddb480b2af4680df20f808cd3a79a3f0aba034b0fcdd5d7e632c1c1f6622c78b4a2c1a5ad85a9abe715909857a06668259e7d1761fb04f6ce0234c0175fe3d5d5c4a61a4fd0e0f387cae8dba5cce8500b6741d8dc4d09b2534eb79a24058523c72e14fbedab86fc5427182ef3b30bc9deb2248fd13dddffb7bd5420d3e5e1b680f8f8d77523bee9a7982f0418af3afb36fe603ab7f736026669e4f245108364269cadf2b93f531dc00e8c72c62d560054f9292975a3a86e293e02322ee2b8b9b92371b6393ca45dd5cf82b13aa56980566c9ad75a1be1199c28e849311bfb03390bf542c2778d7eb3c77a7fa870a2025db94e40ac119dca85b680971cc620056cc6d360a4c58fba243e08dec6546a5f6c5456a5010f6396a99e1076cad18a70d59817c649eb9b37ed5241076e8672c668b37647f8354859fe6a3910b63ae50ad8c977932ef62e42d0cbf5d2354f3331366b343c8ef2272a224b5c7ee33ef3e9820c6a46ca117a20b7d6f9a4fb545ad150715ca136168b1542c0b091113e425b4d3430a808912b6b14bbdff9c6cc068072d3fb33373e4ac62aaf23ac82f11d6704ca336ff555f6b48202f62878a50ca201a764c94068f7c3d23581bc0daff45ef3c94367f6b3157188383b0c8ac91382a87dd3155ab0839336c841e98acdef9fd0cb6f23de61e105b82fba3cd8f5e6f5fa603ac06746d06554ea1ab99e7db3302fcf8a7940f5705656d49d4bbaedca1b75d22b73768d27fd1083381375e47d9bbf55c1cbec796291dd3edb0df1ae8843f93ff1d0be7b8f0ef5277b1ef1bf7c85f32684b2c80ab5f76660ed65faeac947bd223424e529caaab291f097bec244811c8e766f20f6f01939a2c830168d7e0e9395576a14aff950638998e01717dd1f8422270a36efb2723ad3590831779677f9ba5ba2a31d97f97d498be749aaa1ec4518fe3b042821c281138ad9796b4128ce56a30fbd0f1859f3499d1a2e0dc8d3c026934264c7655beafa64757f0969d301285914a5c4b2dd2edc690ef26c8f948ba1454849199a3b2b55cc6a88c5b9169e4106171b0464577fad120f5d5c6a0d829862e3ffba64a073e16cd0d6f48e083948f8f01cf96399845906bc3e6397833ef79864a02adb0dbc934462b8ef74d3f85a3d2bd7cd930ecab5880c29fcb1c15ffe82b4484bfa32d67f97138f93b1ca4f316720c455c54bbde6f80a3c1af0361e8082e8fa74d3fed8cb60b6fc1921a0d57323777e948d99b75a198301a10e4396ab5b9155afe7e6b2a491076689ee35c30a7a2f4f8f39b0ec63f41f3316727f31715d7a98c16068b5632bb1368cebd84789457d2d3b52440ded926e186d44d335389d7d21273fd020fcee887e88ef29552cd7d968ffecb81cab8b75a3b164b70731c061a5c12fc788fed62fdaf8fcf27886d48c8683efc4da5f024f5ba62ccde0c1a10b7d11c8f65a65c59aa45a0e7bb4f751b35ce77e36e5f59d6a80db4371d17cb0efa3326aebd1bf65817541f63001020cf32523be01c5fe8ccf20a87f459f577e1b9dc8c34b3e84f2610200e2ac319abeea0b28b15f2ce129359132d3e199c9aab82634ac1c104b32a2e80636660849f409662261e47210dee6ab69b4e106973f1ff0e1366ad882581b3199f50783887c1a1cd4beed0e2db382b6e30fd15c47bd322a0576a011c9d9ff09fc6e3f9175964294537c230aa60ada837b0df856cdf876742d548bf6c62da8fb867be8788ca2a21d2a879359b9ecf5a04b98634b7c270eb92b62179b65b3bcfd4a396e7152d4637f4dba9d1104e62fca7cd5421b66b1e8a4a85660e855287bbaacdefb2493d16e0a856bbc3fe78ff3a86d3dcea24839c67ac23369315a6b0c73fabe549a3a9156b4660f89c83ace57fe04e681d1465a460cbf6ee96792590594e9cf0d86957e992ff21042e840844fcd6c1e7544947eaea46fd9253089c2002a1f4b0d2a82b9b7a189de307526f761167f89656d90ae942431201e87b67397c6103dad3b43c306dd83fff110609e8207e35b44f6164cc4660717855c9541432678bd5f02c3788187ff41349719d41619fa328cb0245e80b7684244ee6b6cf6f3a52bd37b8a35671b01b70be610593f49f9da0293c42df851f5013a37fac1537f8e716b7db5ab669df2dc4e8b9f84f6d37fb96adfcedd6d34efa670003cc61cacb6552ccb50e3ef13f6fc645e7ac340e90f800423b20102853a659ca92e7ffe8c879682fb7a21a2b6678a4014bcd00ecde8a1b5866a9c4717e43d98889e6aa950faf76f08b5d2d0d9fc84493869d1a4bbb1b7afdf3790fbbae8e87aa8bdeb28a9cbe7c36ca657db9622a6bf1acdf442eb7d912c89db726cea1c65afefeab87ca31cbf8a776a83c3c7e232e60d0485a4403565cd04b95f50dfa0cf2e7612c1a092fa9f8cdfb4f057fd1766346685dad2860a5a5718bd8b9ec6341b617fc9ccbc1c40603ac6b42db4b3195cb455cd420850a886227aaa9a2658416c9f9e3e2b8ac93ef15d9b0fee3add00e20f67fb7d88368f6fddb33af7d56c1492fe18659e8ef341af4ad0761161c0a102b1160b175997baaeabeac3d7580c6882e33a7c13cec754e7f880c6641e3d1cddbf568614203a24fad20f1288dace288f15b5c879cd48f75713186ace0b84c2814ead7ece2516263d02c5ca9e7789306d6c9e60d58c518abcdc33b0a59b812695286228b18395e79a8a1b966cd29dd99bd81985da783d99c22b571b3236c2f9a63ddabe32a67199ae90d0d1b0908326dbaa78661a1a9e0f42fc6283427f52efe3b77efa629f0ca16fd4215e63a4b7c64c96ce2885f4f1c11784e9c2752d1894648098772ad33ba5b5cdcb754851f5d337d47ad95508289e55c1664db177ba48328cf02cc0337e2483f763e7d44441e4963ea4a93ea3f0f3de72a12bbc7fc4bd492a07ec7ba88925ce6f7f3f06c8da02e5f11c83021afeb39e2a36203ae259c37468f383bb6db891677bbcaecec6133e5715ba17e993bebb807897aa8916cdaa770ab54abf5d4d026226e1e5d7f2eb3b32818b739b7aeb6b530863b9b9b27e75a4bbe761a1be8bd18ed09e44c32ad5e6b34e46e2273e1b2c6a85f43d49233a1819a094e9949850df5f4895e3524a1af0923ecc3557939178f8b756a3b29a8d076004045a1ac5dc45bf2233f37efd583b6a9c655a231c5af464cc7a7939f9d76e856764b26b716282ed91605c3f5f498e34546b40e3ddffeb203d384f39104438b934d8f07da54d9e5b6a7ac59e81187966a89fc1cd532e0da163ac643fd16ba828fcb47f8bb4ae4b4ae7202cba82b3d02ec8e3c4a887f8e9508513acf3b9e226c74bbe6e9b52c384e618c4d0568323c66302a72f1e74acb9ef028baae99bd6f54dcf01279010231e8933a38f7fe52b60988f6043d9a29efc5d32acf3579893fdec589ca2cd33258a174dcc4b01c62b0158df380b20791373ca1fa6f252f047b3a609d46b025153160e69a88d08174bb93ddf791eb6ed9fa7f267b353fed71cac4f4fad9a6a7dc9de8bce71f52b3bdaea740e74e9e66c508921f2e2d99ef013fd63ccc526edb8f3e57e7062e75bc7c363469eed3f3aa90b24be44ac9292f258efbc1f12ade765679e8c011ef8dfcc471fd331aaf30b0ba4909abdedcd34e1710c30e5a2f250d9f49de1d2b20008e797a84ef7254a748d85b5c024b99559d3172860b7301ea7d42dbeb71bfa6bfee98d1a0b32151366c3e129565c56764800cb6643633f77629ca920a152ea6fef2b806d33f2784fdb8113f1912a6f600f44a2749aa07bdbfc52c86d5bcc71a3cc21ab89eef8eb9ebdcbf6c3b45d6df73d6b999f6a5c62e368e90a7aff86ce65b8763eaec95011bdfeb11ce38e96142193d5b1b2c3e32a287c03eff1ded45d8b56ea125f2dcab3490545e91cd6ef783ba799a17fa66b702698623ddf69b037a60474d6d73baabefc5508e55e7b72adac0a85efed13eb8871d78b785a7d44280eecadf2fb1e88547a3188de6045d2a4c1836cd3a723e78bb5b8d75153b2ceb16cba9d2cdba8a63fc61eabde595a6c5bec09d0562d0fa3b990bbe70073573080e8f493615b8cdbf823ec97cf5dfbef6b337c4322465ed42292b8b4524c83c121f4f7608a321ee3250cca90aa5a844db71a314ad3b969e871f3f489dc6ee8b15719e2c324c13d7e651463e54c18f26f69656dae4872d59d5776f18150ecec792db48a6131fc92118b81680592f97d7b21a8018f6b7c6dda87b1de11dfa62722259416cf365a422436f3db1af04d348bd7a523fad7feb7ca7d707c3ad0006aa33a89f1c29b0a4ede66a09fbbe5f7ff00a29a965c287cd11005b14db81ee3c813ffb5b3564f2dcc8d0a3f6f67337ac230a816e5f94a323abc12cee7fb575a2ec7c7dffd5e4747b598c1621209607346a598406cde8a90a87dcd2d8f02914cd9cd43a7b3dd439ccbecd2e439c71bceb7f3c313eb5d731d6a9f79ef8954364b5f0ad84affb352f577f9c73dae5d44ed0a718e56e6787cbb17c1e585e6cf2e8c2d465dc001d8e312a08f32e6718a4fac83a256a0fd09eb85787d9d0cf881a3f334fccb685efac843a4faa0ce3ae2aaa73942ef75b545c7856fc188ee1e0136345c57eb10d381ec9f7ed61a5332e21360c0868224d8b933c0fabe00235693785c09a62f93d6df74b6f793592b4c62fe845dc89a67f59b520556a1c1cf89aa26d58ebd766b00d4faf1dcf2ce04726a9b9d89dc35838b75090300e6b576334f59024f2fcbfef0f858780cee051804d1183e49a6f36f699eddedb325cf69d45fe8ca337e4bacb533b5c63b576a122674510cbf77795e3da3ca5788446eba6fb2118902d002afc1de4881a5cf19bb7867c47c2e03cc6ba7c36a76ed03bf80150fb107bbbbee48f4134425515797f431b52888e8793267a05805f2b65a2ffecd81fd96dd148b5b345e557851709189a4c7df9fe2a02047ab71311727d78d69829d3"], 0x20}, 0x1, 0x0, 0x0, 0x4004041}, 0x10)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x7, 0x400008, 0x100000000000de, 0x38, 0xffffffffffffffff, 0x2)
openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x110)
write$auto(r0, 0x0, 0xfffffdf1)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000001200)='/proc/sys/net/ipv6/conf/default/mtu\x00', 0x202, 0x0)
sendfile$auto(r1, r1, 0x0, 0x15)
close_range$auto(0x2, 0x8, 0x0)
r2 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
write$auto(0xca, 0x0, 0x7f)
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
fcntl$auto_F_ADD_SEALS(r2, 0x409, 0x8000000000000001)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)

0s ago: executing program 2 (id=1645):
mmap$auto(0x0, 0x20009, 0xe7, 0x100000eb1, 0x40000000000a1, 0x808000)
ioctl$auto_BTRFS_IOC_SEND(0xffffffffffffffff, 0x40489426, &(0x7f0000000140)={@raw, 0x2, 0x0, 0x929, 0xe5c1, 0x7cd, "abfd2e69df26f540a1d748ceff20c3ed69a359d46ed201e13aea69af"})
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000001c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7t\b\x00w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x8c)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfa\x14&\x99?\xe6\xe5I\xe2\xae,\x95k \x97\x18VBAo', 0x100000a3d9)
mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(0x0, r3)
syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff)
mmap$auto(0x2000, 0x400008, 0xdd, 0x9b72, 0xffffffffffffffff, 0x8001)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'pimreg1\x00', <r4=>0x0})
r5 = waitid$auto_P_PGID(0x2, 0x0, &(0x7f00000002c0)={@siginfo_0_0={0x2, 0x80000000, 0x96f, @_sigchld={0x0, 0xee01, 0x9, 0x3ff, 0xff}}}, 0x1, &(0x7f0000000400)={{0xf, 0x1}, {0x0, 0x6}, 0x0, 0x0, 0x2, 0x767c, 0x10001, 0x9, 0xff, 0x400, 0x7, 0x6, 0x1ec, 0x0, 0x101, 0x2})
sendmsg$auto_MACSEC_CMD_UPD_TXSA(r0, &(0x7f00000008c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000880)={&(0x7f0000000900)=ANY=[@ANYBLOB="b0030000", @ANYRES16=0x0, @ANYBLOB, @ANYRES32=r4, @ANYRES32=0x0, @ANYBLOB="8b0309801bde49470820f6e827f2e3986574ea4a157e5f5520a320c1d0dfd3b4a0ee346b20348462abc4d2869b9ec4f8211a91d2a0f19f03ec6cc6986137aa33a95f288e27376d1a3e004df442270e47000000000000093ef7d743732937d5636eb266753c74b0a1812ad09c85c7cadffb5c56a26815e02bd38e5d3e20fb39793a938fbc14001c800400f6800400358008008f00", @ANYRES32=r5, @ANYBLOB="15005500242d7d23265b2521405e58702d242c2d000000007e92cba98da39947d05e98de6c135cd986ff769181de50e78cab2046c452725e1fb22889e1a291936ef7492d03b03df9ea64090209f1404233c548264bb8856cb9233fdb7d1b06311d1f0b5c6726f222ccb07573348e176383bb12e20031a9ebd46b3cd491e82fabc350048d1040027b15c629d9eb3968fc32b67eb27c82fd3b558a3905a13588d14cbcdc4e0948be2db9c52f04b3946be0b3335962d0e7de0ed795ab8c7035ba6772eac60d679e392b95a63dd91774e2489d85c2ab04e3b7a57f1576dfd932c05cf52930367193b6614274d3dac8d0353ea5088accdd6ac20ea46e158b0e6a92ad6ca01b8e985ceeca2b65238c8687ea7428620c99edebd15123c99335916c5b3d82c476504701498035db52964b313df5b2dd07be5200890ed6f1e3491a3c3e1b0f7f2b49b771bf4285a76b24ac767224f798bffd2f75518be870498dfc1aa307fa9e03b334fddb94d55484fe729aa0aae7ddf6fa5ac0e8ee9f581a5247cafadb6e7984280de1a35ebf3bb959d660f2777099929e132bb1b887232f8d085b412e8ae409c867f563e95d412a99eeda57fa5204ad2b844cf3a50df3fcb03624586e31592a102171e4f9427aab65ad1c100b11b2b96bbfed477d2922f97b7c3e9362a95ccb89417c1b32609d071f01e3ab16003c002f6465762f736e642f6d696469433244300000005700d800a12e6c350e68b8f49b089962e96cddb0980beec97f2ee8800adb2504c0aa5bd97446a724702ee90ff8054e685fa22ef6c7165161520e5ded7f1183f4b4743aaf42d57a6d1dd0e13780cee26e1390b5101347b200080076006401010104003a8000bc47e2e76c083463ab8db0677d23644f1b15bc7bd9ed8bc2ecf652c1c4fc7a7a8ad2e147f0faded2dcb4546328aee7ad23e44582fc95067c4c870014cc79c6037a215f13635729c805deb068ce43429c95fea20aa18fbd927e3975ee1e8b21d7dc9257f85643afe0a114005e00200100000000000000000000000000000500880000000000080005800400100000"], 0x3b0}, 0x1, 0x0, 0x0, 0x40001}, 0x200048d0)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100002, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2})
syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x8001, 0x0)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
shutdown$auto(0x200000003, 0x2)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)

kernel console output (not intermixed with test programs):

][T12001] Tainted: [L]=SOFTLOCKUP
[  484.801824][T12001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  484.801841][T12001] Call Trace:
[  484.801850][T12001]  <TASK>
[  484.801860][T12001]  dump_stack_lvl+0x100/0x190
[  484.801894][T12001]  should_fail_ex.cold+0x5/0xa
[  484.801929][T12001]  should_failslab+0xc2/0x120
[  484.801959][T12001]  __kmalloc_cache_noprof+0x7a/0x6f0
[  484.802006][T12001]  ? percpu_ref_init+0xec/0x3f0
[  484.802040][T12001]  ? __pfx_io_ring_ctx_ref_free+0x10/0x10
[  484.802080][T12001]  percpu_ref_init+0xec/0x3f0
[  484.802113][T12001]  io_uring_setup.cold+0x23b/0x1c6e
[  484.802162][T12001]  ? __pfx_io_uring_setup+0x10/0x10
[  484.802203][T12001]  ? do_futex+0x192/0x350
[  484.802229][T12001]  ? __pfx_do_futex+0x10/0x10
[  484.802272][T12001]  ? xfd_validate_state+0x129/0x190
[  484.802299][T12001]  ? exit_to_user_mode_loop+0xf3/0x670
[  484.802353][T12001]  __x64_sys_io_uring_setup+0xc2/0x170
[  484.802396][T12001]  do_syscall_64+0x115/0x840
[  484.802432][T12001]  ? clear_bhb_loop+0x40/0x90
[  484.802468][T12001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.802496][T12001] RIP: 0033:0x7f4edcd9ce59
[  484.802517][T12001] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  484.802542][T12001] RSP: 002b:00007f4eddcc6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[  484.802568][T12001] RAX: ffffffffffffffda RBX: 00007f4edd015fa0 RCX: 00007f4edcd9ce59
[  484.802585][T12001] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  484.802607][T12001] RBP: 00007f4edce32d6f R08: 0000000000000000 R09: 0000000000000000
[  484.802623][T12001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  484.802638][T12001] R13: 00007f4edd016038 R14: 00007f4edd015fa0 R15: 00007ffd47e98398
[  484.802671][T12001]  </TASK>
[  485.316413][ T5647] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5
[  485.760027][ T5647] Bluetooth: hci0: command 0x0406 tx timeout
[  486.258797][ T5647] Bluetooth: hci2: command 0x0406 tx timeout
[  486.398558][ T5647] Bluetooth: hci1: command 0x0406 tx timeout
[  486.485567][ T5647] Bluetooth: hci3: command 0x0406 tx timeout
[  486.586717][T12027] FAULT_INJECTION: forcing a failure.
[  486.586717][T12027] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  486.631797][T12027] CPU: 0 UID: 0 PID: 12027 Comm: syz.0.1174 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  486.631823][T12027] Tainted: [L]=SOFTLOCKUP
[  486.631828][T12027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  486.631844][T12027] Call Trace:
[  486.631849][T12027]  <TASK>
[  486.631856][T12027]  dump_stack_lvl+0x100/0x190
[  486.631877][T12027]  should_fail_ex.cold+0x5/0xa
[  486.631894][T12027]  ? prepare_alloc_pages+0x16d/0x5f0
[  486.631915][T12027]  should_fail_alloc_page+0xeb/0x140
[  486.631934][T12027]  prepare_alloc_pages+0x1f0/0x5f0
[  486.631956][T12027]  __alloc_frozen_pages_noprof+0x19a/0x2bc0
[  486.631984][T12027]  ? __lock_acquire+0x4a5/0x2630
[  486.632011][T12027]  ? __lock_acquire+0x4a5/0x2630
[  486.632033][T12027]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  486.632059][T12027]  ? __lock_acquire+0x4a5/0x2630
[  486.632085][T12027]  ? __lock_acquire+0x4a5/0x2630
[  486.632108][T12027]  ? vma_is_special_huge+0x23f/0x2d0
[  486.632125][T12027]  ? __pfx_vma_is_special_huge+0x10/0x10
[  486.632143][T12027]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  486.632165][T12027]  ? policy_nodemask+0xed/0x4f0
[  486.632184][T12027]  alloc_pages_mpol+0x1fb/0x540
[  486.632202][T12027]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  486.632220][T12027]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  486.632241][T12027]  ? __pfx___thp_vma_allowable_orders+0x10/0x10
[  486.632263][T12027]  alloc_pages_noprof+0x1a/0x160
[  486.632284][T12027]  __pmd_alloc+0x3b/0x950
[  486.632304][T12027]  __handle_mm_fault+0xa9c/0x2a00
[  486.632329][T12027]  ? mt_find+0x45e/0x8e0
[  486.632352][T12027]  ? __pfx___handle_mm_fault+0x10/0x10
[  486.632372][T12027]  ? __pfx_mt_find+0x10/0x10
[  486.632403][T12027]  ? find_vma+0xbf/0x140
[  486.632419][T12027]  ? __pfx_find_vma+0x10/0x10
[  486.632436][T12027]  handle_mm_fault+0x37b/0xa30
[  486.632461][T12027]  do_user_addr_fault+0x74c/0x12f0
[  486.632482][T12027]  ? trace_page_fault_kernel+0x7a/0x200
[  486.632500][T12027]  exc_page_fault+0x6f/0xd0
[  486.632521][T12027]  asm_exc_page_fault+0x26/0x30
[  486.632536][T12027] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  486.632553][T12027] Code: 9c 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  486.632567][T12027] RSP: 0018:ffffc9000338f7b8 EFLAGS: 00050206
[  486.632579][T12027] RAX: 0000000000000001 RBX: ffff8880454e3a80 RCX: 00000000000000c7
[  486.632588][T12027] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff8880454e3a80
[  486.632597][T12027] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1008a9c768
[  486.632606][T12027] R10: ffff8880454e3b46 R11: 0000000000000000 R12: ffffc9000338fd40
[  486.632615][T12027] R13: 0000000000000000 R14: 00000000000000c7 R15: 0000000000000000
[  486.632633][T12027]  _copy_from_iter+0x355/0x1690
[  486.632657][T12027]  ? __asan_memset+0x23/0x50
[  486.632680][T12027]  ? __pfx__copy_from_iter+0x10/0x10
[  486.632699][T12027]  ? __pfx___alloc_skb+0x10/0x10
[  486.632721][T12027]  netlink_sendmsg+0x808/0xda0
[  486.632745][T12027]  ? __pfx_netlink_sendmsg+0x10/0x10
[  486.632763][T12027]  ? __import_iovec+0x1d2/0x640
[  486.632786][T12027]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  486.632804][T12027]  ____sys_sendmsg+0x9e1/0xb70
[  486.632823][T12027]  ? __pfx_netlink_sendmsg+0x10/0x10
[  486.632852][T12027]  ? __pfx_____sys_sendmsg+0x10/0x10
[  486.632874][T12027]  ? __pfx__kstrtoull+0x10/0x10
[  486.632892][T12027]  ___sys_sendmsg+0x190/0x1e0
[  486.632914][T12027]  ? __pfx____sys_sendmsg+0x10/0x10
[  486.632943][T12027]  ? find_held_lock+0x2b/0x80
[  486.632990][T12027]  __sys_sendmmsg+0x205/0x430
[  486.633009][T12027]  ? __pfx___sys_sendmmsg+0x10/0x10
[  486.633030][T12027]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  486.633061][T12027]  ? fput+0x79/0x100
[  486.633086][T12027]  ? ksys_write+0x1ac/0x250
[  486.633102][T12027]  ? __pfx_ksys_write+0x10/0x10
[  486.633122][T12027]  __x64_sys_sendmmsg+0x9c/0x100
[  486.633137][T12027]  ? lockdep_hardirqs_on+0x78/0x100
[  486.633157][T12027]  do_syscall_64+0x115/0x840
[  486.633177][T12027]  ? clear_bhb_loop+0x40/0x90
[  486.633195][T12027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.633210][T12027] RIP: 0033:0x7f1f2dd9ce59
[  486.633222][T12027] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  486.633236][T12027] RSP: 002b:00007f1f2ecfd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  486.633249][T12027] RAX: ffffffffffffffda RBX: 00007f1f2e015fa0 RCX: 00007f1f2dd9ce59
[  486.633259][T12027] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003
[  486.633267][T12027] RBP: 00007f1f2ecfd090 R08: 0000000000000000 R09: 0000000000000000
[  486.633276][T12027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  486.633284][T12027] R13: 00007f1f2e016038 R14: 00007f1f2e015fa0 R15: 00007ffd60219c28
[  486.633303][T12027]  </TASK>
[  487.841185][ T5647] Bluetooth: hci0: command 0x0406 tx timeout
[  488.070056][T12047] FAULT_INJECTION: forcing a failure.
[  488.070056][T12047] name failslab, interval 1, probability 0, space 0, times 0
[  488.137283][T12047] CPU: 1 UID: 0 PID: 12047 Comm: syz.2.1179 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  488.137328][T12047] Tainted: [L]=SOFTLOCKUP
[  488.137337][T12047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  488.137353][T12047] Call Trace:
[  488.137362][T12047]  <TASK>
[  488.137374][T12047]  dump_stack_lvl+0x100/0x190
[  488.137408][T12047]  should_fail_ex.cold+0x5/0xa
[  488.137444][T12047]  ? tomoyo_realpath_from_path+0xb6/0x690
[  488.137483][T12047]  should_failslab+0xc2/0x120
[  488.137516][T12047]  __kmalloc_noprof+0xe0/0x850
[  488.137541][T12047]  ? kfree+0x1dd/0x6c0
[  488.137582][T12047]  tomoyo_realpath_from_path+0xb6/0x690
[  488.137631][T12047]  tomoyo_path_number_perm+0x23c/0x580
[  488.137672][T12047]  ? tomoyo_path_number_perm+0x22e/0x580
[  488.137709][T12047]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  488.137780][T12047]  ? find_held_lock+0x2b/0x80
[  488.137813][T12047]  ? __fget_files+0x215/0x3d0
[  488.137844][T12047]  ? hook_file_ioctl_common+0x149/0x410
[  488.137877][T12047]  ? __fget_files+0x215/0x3d0
[  488.137914][T12047]  ? __fget_files+0x21f/0x3d0
[  488.137951][T12047]  security_file_ioctl+0xd3/0x230
[  488.137986][T12047]  __x64_sys_ioctl+0xb7/0x210
[  488.138016][T12047]  do_syscall_64+0x115/0x840
[  488.138054][T12047]  ? clear_bhb_loop+0x40/0x90
[  488.138088][T12047]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.138112][T12047] RIP: 0033:0x7f4edcd9ce59
[  488.138135][T12047] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  488.138158][T12047] RSP: 002b:00007f4eddcc6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  488.138181][T12047] RAX: ffffffffffffffda RBX: 00007f4edd015fa0 RCX: 00007f4edcd9ce59
[  488.138196][T12047] RDX: 0000000000000001 RSI: 0000000000004b46 RDI: 0000000000000003
[  488.138210][T12047] RBP: 00007f4eddcc6090 R08: 0000000000000000 R09: 0000000000000000
[  488.138225][T12047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  488.138239][T12047] R13: 00007f4edd016038 R14: 00007f4edd015fa0 R15: 00007ffd47e98398
[  488.138275][T12047]  </TASK>
[  488.347843][T12047] ERROR: Out of memory at tomoyo_realpath_from_path.
[  488.375515][ T5647] Bluetooth: hci2: command 0x0406 tx timeout
[  488.524488][ T5639] Bluetooth: hci1: command 0x0406 tx timeout
[  488.563166][ T5639] Bluetooth: hci3: command 0x0406 tx timeout
[  489.013413][ T5639] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5
[  489.840648][T12082] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1184'.
[  489.941970][T12090] FAULT_INJECTION: forcing a failure.
[  489.941970][T12090] name failslab, interval 1, probability 0, space 0, times 0
[  489.978804][T12090] CPU: 1 UID: 0 PID: 12090 Comm: syz.3.1185 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  489.978853][T12090] Tainted: [L]=SOFTLOCKUP
[  489.978863][T12090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  489.978881][T12090] Call Trace:
[  489.978891][T12090]  <TASK>
[  489.978901][T12090]  dump_stack_lvl+0x100/0x190
[  489.978938][T12090]  should_fail_ex.cold+0x5/0xa
[  489.978973][T12090]  should_failslab+0xc2/0x120
[  489.979007][T12090]  kmem_cache_alloc_lru_noprof+0x80/0x6e0
[  489.979052][T12090]  ? __d_alloc+0x34/0xa40
[  489.979088][T12090]  ? __pfx_stack_trace_save+0x10/0x10
[  489.979133][T12090]  __d_alloc+0x34/0xa40
[  489.979174][T12090]  d_alloc_parallel+0x111/0x14e0
[  489.979214][T12090]  ? find_held_lock+0x2b/0x80
[  489.979257][T12090]  ? __d_lookup+0x25c/0x4a0
[  489.979287][T12090]  ? __pfx_d_alloc_parallel+0x10/0x10
[  489.979322][T12090]  ? __d_lookup+0x266/0x4a0
[  489.979361][T12090]  lookup_open.isra.0+0x57c/0x11b0
[  489.979401][T12090]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  489.979438][T12090]  ? __pfx___might_resched+0x10/0x10
[  489.979469][T12090]  ? mnt_get_write_access+0x52/0x2f0
[  489.979520][T12090]  ? __pfx_down_write+0x10/0x10
[  489.979562][T12090]  ? mnt_get_write_access+0x1e9/0x2f0
[  489.979612][T12090]  path_openat+0x2291/0x31a0
[  489.979655][T12090]  ? entry_SYSCALL_64_after_hwframe+0x48/0x7f
[  489.979689][T12090]  ? __pfx_path_openat+0x10/0x10
[  489.979739][T12090]  do_file_open+0x20e/0x430
[  489.979781][T12090]  ? __pfx_do_file_open+0x10/0x10
[  489.979849][T12090]  ? _raw_spin_unlock+0x28/0x50
[  489.979883][T12090]  ? alloc_fd+0x476/0x790
[  489.979928][T12090]  do_sys_openat2+0x10d/0x1e0
[  489.979969][T12090]  ? __pfx_do_sys_openat2+0x10/0x10
[  489.980026][T12090]  __x64_sys_open+0xfe/0x1d0
[  489.980069][T12090]  ? __pfx___x64_sys_open+0x10/0x10
[  489.980111][T12090]  ? ksys_write+0x1ac/0x250
[  489.980148][T12090]  ? rcu_is_watching+0x12/0xc0
[  489.980185][T12090]  do_syscall_64+0x115/0x840
[  489.980218][T12090]  ? clear_bhb_loop+0x40/0x90
[  489.980262][T12090]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.980291][T12090] RIP: 0033:0x7fd952f9ce59
[  489.980315][T12090] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  489.980342][T12090] RSP: 002b:00007fd953eba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  489.980367][T12090] RAX: ffffffffffffffda RBX: 00007fd953216090 RCX: 00007fd952f9ce59
[  489.980386][T12090] RDX: 5d745cb200ae4d7b RSI: 0000000000022ac2 RDI: 0000200000000080
[  489.980403][T12090] RBP: 00007fd953032d6f R08: 0000000000000000 R09: 0000000000000000
[  489.980420][T12090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  489.980437][T12090] R13: 00007fd953216128 R14: 00007fd953216090 R15: 00007ffdfb4fd278
[  489.980476][T12090]  </TASK>
[  490.398460][ T5639] Bluetooth: hci2: command 0x0406 tx timeout
[  491.635048][ T5639] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5
[  492.537302][T12143] usbcore.quirks: string doesn't fit in 127 chars.
[  492.725526][T12146] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1196'.

syzkaller
syzkaller login: [  493.943956][T12170] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1201'.
[  494.435162][ T5639] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5
[  494.859710][T12191] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1205'.
[  494.882389][T12178] ACPI: \_SB_.LNKS: No IRQ available. Try pci=noacpi or acpi=off
[  494.894603][T12178] pci 0000:00:01.3: PCI INT A: no GSI
[  495.046168][T12195] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1206'.
[  495.594965][T12204] MTRR 1 not used
[  496.030137][T12213] netlink: 346 bytes leftover after parsing attributes in process `syz.3.1209'.
[  496.074994][T12216] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1210'.
[  496.208084][T12216] FAULT_INJECTION: forcing a failure.
[  496.208084][T12216] name failslab, interval 1, probability 0, space 0, times 0
[  496.262108][T12216] CPU: 0 UID: 0 PID: 12216 Comm: syz.2.1210 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  496.262149][T12216] Tainted: [L]=SOFTLOCKUP
[  496.262158][T12216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  496.262174][T12216] Call Trace:
[  496.262182][T12216]  <TASK>
[  496.262192][T12216]  dump_stack_lvl+0x100/0x190
[  496.262226][T12216]  should_fail_ex.cold+0x5/0xa
[  496.262261][T12216]  should_failslab+0xc2/0x120
[  496.262293][T12216]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  496.262334][T12216]  ? security_inode_alloc+0x3b/0x2c0
[  496.262365][T12216]  ? lockdep_init_map_type+0x5c/0x250
[  496.262410][T12216]  security_inode_alloc+0x3b/0x2c0
[  496.262440][T12216]  inode_init_always_gfp+0xc77/0xfb0
[  496.262477][T12216]  alloc_inode+0x8e/0x250
[  496.262514][T12216]  sock_alloc+0x44/0x280
[  496.262541][T12216]  ? security_socket_create+0x7f/0x250
[  496.262570][T12216]  __sock_create+0xc2/0x860
[  496.262608][T12216]  __sys_socket+0x14d/0x260
[  496.262641][T12216]  ? fput+0x79/0x100
[  496.262686][T12216]  ? __pfx___sys_socket+0x10/0x10
[  496.262719][T12216]  ? ksys_write+0x1ac/0x250
[  496.262747][T12216]  ? __pfx_ksys_write+0x10/0x10
[  496.262782][T12216]  __x64_sys_socket+0x72/0xb0
[  496.262818][T12216]  ? lockdep_hardirqs_on+0x78/0x100
[  496.262855][T12216]  do_syscall_64+0x115/0x840
[  496.262889][T12216]  ? clear_bhb_loop+0x40/0x90
[  496.262923][T12216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.262951][T12216] RIP: 0033:0x7f4edcd9e6c7
[  496.262974][T12216] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  496.262999][T12216] RSP: 002b:00007f4eddcc4f98 EFLAGS: 00000286 ORIG_RAX: 0000000000000029
[  496.263024][T12216] RAX: ffffffffffffffda RBX: 00007f4edd015fa0 RCX: 00007f4edcd9e6c7
[  496.263043][T12216] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  496.263059][T12216] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
[  496.263075][T12216] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000001
[  496.263091][T12216] R13: 00007f4edd016038 R14: 00007f4edd015fa0 R15: 00007ffd47e98398
[  496.263127][T12216]  </TASK>
[  496.295125][T12216] socket: no more sockets
[  497.070741][ T5639] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5
[  499.897755][T12286] FAULT_INJECTION: forcing a failure.
[  499.897755][T12286] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  499.961555][T12286] CPU: 0 UID: 0 PID: 12286 Comm: syz.3.1222 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  499.961583][T12286] Tainted: [L]=SOFTLOCKUP
[  499.961588][T12286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  499.961597][T12286] Call Trace:
[  499.961602][T12286]  <TASK>
[  499.961608][T12286]  dump_stack_lvl+0x100/0x190
[  499.961628][T12286]  should_fail_ex.cold+0x5/0xa
[  499.961651][T12286]  _copy_from_user+0x2e/0xd0
[  499.961673][T12286]  copy_msghdr_from_user+0x9f/0x4f0
[  499.961695][T12286]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  499.961718][T12286]  ? rcu_is_watching+0x12/0xc0
[  499.961735][T12286]  ? ___sys_sendmsg+0x19d/0x1e0
[  499.961753][T12286]  ? kfree+0x1dd/0x6c0
[  499.961776][T12286]  ___sys_sendmsg+0x106/0x1e0
[  499.961797][T12286]  ? __pfx____sys_sendmsg+0x10/0x10
[  499.961832][T12286]  ? __pfx___might_resched+0x10/0x10
[  499.961852][T12286]  __sys_sendmmsg+0x205/0x430
[  499.961869][T12286]  ? __pfx___sys_sendmmsg+0x10/0x10
[  499.961890][T12286]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  499.961920][T12286]  ? fput+0x79/0x100
[  499.961940][T12286]  ? ksys_write+0x1ac/0x250
[  499.961956][T12286]  ? __pfx_ksys_write+0x10/0x10
[  499.961976][T12286]  __x64_sys_sendmmsg+0x9c/0x100
[  499.961991][T12286]  ? lockdep_hardirqs_on+0x78/0x100
[  499.962011][T12286]  do_syscall_64+0x115/0x840
[  499.962031][T12286]  ? clear_bhb_loop+0x40/0x90
[  499.962056][T12286]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.962083][T12286] RIP: 0033:0x7fd952f9ce59
[  499.962105][T12286] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  499.962130][T12286] RSP: 002b:00007fd953edb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  499.962148][T12286] RAX: ffffffffffffffda RBX: 00007fd953215fa0 RCX: 00007fd952f9ce59
[  499.962157][T12286] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003
[  499.962166][T12286] RBP: 00007fd953edb090 R08: 0000000000000000 R09: 0000000000000000
[  499.962175][T12286] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001
[  499.962183][T12286] R13: 00007fd953216038 R14: 00007fd953215fa0 R15: 00007ffdfb4fd278
[  499.962202][T12286]  </TASK>
[  501.451125][T12332] FAULT_INJECTION: forcing a failure.
[  501.451125][T12332] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  501.464716][T12332] CPU: 0 UID: 0 PID: 12332 Comm: syz.2.1231 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  501.464748][T12332] Tainted: [L]=SOFTLOCKUP
[  501.464754][T12332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  501.464763][T12332] Call Trace:
[  501.464768][T12332]  <TASK>
[  501.464774][T12332]  dump_stack_lvl+0x100/0x190
[  501.464794][T12332]  should_fail_ex.cold+0x5/0xa
[  501.464813][T12332]  _copy_from_user+0x2e/0xd0
[  501.464835][T12332]  move_addr_to_kernel+0x65/0x170
[  501.464860][T12332]  __sys_connect+0xb5/0x170
[  501.464898][T12332]  ? __pfx___sys_connect+0x10/0x10
[  501.464925][T12332]  ? __fget_files+0x21f/0x3d0
[  501.464949][T12332]  ? __pfx_ksys_write+0x10/0x10
[  501.464969][T12332]  __x64_sys_connect+0x72/0xb0
[  501.464990][T12332]  ? lockdep_hardirqs_on+0x78/0x100
[  501.465010][T12332]  do_syscall_64+0x115/0x840
[  501.465030][T12332]  ? clear_bhb_loop+0x40/0x90
[  501.465048][T12332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.465063][T12332] RIP: 0033:0x7f4edcd9ce59
[  501.465076][T12332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  501.465090][T12332] RSP: 002b:00007f4eddcc6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  501.465105][T12332] RAX: ffffffffffffffda RBX: 00007f4edd015fa0 RCX: 00007f4edcd9ce59
[  501.465114][T12332] RDX: 0000000000000053 RSI: 0000000000000000 RDI: 0000000000000003
[  501.465123][T12332] RBP: 00007f4eddcc6090 R08: 0000000000000000 R09: 0000000000000000
[  501.465132][T12332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  501.465147][T12332] R13: 00007f4edd016038 R14: 00007f4edd015fa0 R15: 00007ffd47e98398
[  501.465166][T12332]  </TASK>
[  501.672455][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  501.680660][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  504.356368][T12400] bond0: invalid ARP target specified
[  504.495569][T12400] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1249'.
[  504.504804][T12400] nbd: must specify at least one socket
[  504.555429][T12400] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1249'.
[  505.133948][T12410] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1242'.
[  507.108828][T12455] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1247'.
[  508.420037][T12480] bond0: invalid ARP target specified
[  508.447545][T12482] FAULT_INJECTION: forcing a failure.
[  508.447545][T12482] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  508.493609][T12482] CPU: 0 UID: 0 PID: 12482 Comm: syz.1.1251 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  508.493634][T12482] Tainted: [L]=SOFTLOCKUP
[  508.493639][T12482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  508.493648][T12482] Call Trace:
[  508.493653][T12482]  <TASK>
[  508.493658][T12482]  dump_stack_lvl+0x100/0x190
[  508.493679][T12482]  should_fail_ex.cold+0x5/0xa
[  508.493699][T12482]  _copy_from_user+0x2e/0xd0
[  508.493720][T12482]  memdup_user_nul+0x6c/0x120
[  508.493743][T12482]  nsim_dev_health_break_write+0xbd/0x210
[  508.493766][T12482]  ? __pfx_nsim_dev_health_break_write+0x10/0x10
[  508.493795][T12482]  full_proxy_write+0x135/0x1a0
[  508.493818][T12482]  vfs_write+0x2aa/0x1070
[  508.493835][T12482]  ? __pfx_full_proxy_write+0x10/0x10
[  508.493857][T12482]  ? __pfx_vfs_write+0x10/0x10
[  508.493873][T12482]  ? __fget_files+0x215/0x3d0
[  508.493895][T12482]  ? __fget_files+0x21f/0x3d0
[  508.493917][T12482]  ksys_write+0x12a/0x250
[  508.493933][T12482]  ? __pfx_ksys_write+0x10/0x10
[  508.493951][T12482]  ? rcu_is_watching+0x12/0xc0
[  508.493971][T12482]  do_syscall_64+0x115/0x840
[  508.493991][T12482]  ? clear_bhb_loop+0x40/0x90
[  508.494010][T12482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  508.494025][T12482] RIP: 0033:0x7f8fc119ce59
[  508.494038][T12482] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  508.494052][T12482] RSP: 002b:00007f8fc206a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  508.494066][T12482] RAX: ffffffffffffffda RBX: 00007f8fc1416090 RCX: 00007f8fc119ce59
[  508.494076][T12482] RDX: 00000000000001e1 RSI: 0000200000000080 RDI: 0000000000000006
[  508.494085][T12482] RBP: 00007f8fc206a090 R08: 0000000000000000 R09: 0000000000000000
[  508.494093][T12482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  508.494102][T12482] R13: 00007f8fc1416128 R14: 00007f8fc1416090 R15: 00007fff151731a8
[  508.494121][T12482]  </TASK>
[  508.565851][T12480] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1251'.
[  509.167229][T12491] usbcore.quirks: string doesn't fit in 127 chars.
[  509.198751][T12491] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1254'.
[  509.307165][T12495] warning: `syz.1.1254' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  509.881708][T12515] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1258'.
[  510.640167][T12526] FAULT_INJECTION: forcing a failure.
[  510.640167][T12526] name failslab, interval 1, probability 0, space 0, times 0
[  510.697828][T12526] CPU: 1 UID: 0 PID: 12526 Comm: syz.2.1260 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  510.697868][T12526] Tainted: [L]=SOFTLOCKUP
[  510.697873][T12526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  510.697883][T12526] Call Trace:
[  510.697888][T12526]  <TASK>
[  510.697895][T12526]  dump_stack_lvl+0x100/0x190
[  510.697915][T12526]  should_fail_ex.cold+0x5/0xa
[  510.697936][T12526]  should_failslab+0xc2/0x120
[  510.697953][T12526]  __kvmalloc_node_noprof+0xfa/0xa00
[  510.697970][T12526]  ? io_alloc_cache_init+0x38/0x170
[  510.697988][T12526]  ? lockdep_init_map_type+0x10/0x250
[  510.698014][T12526]  io_alloc_cache_init+0x38/0x170
[  510.698034][T12526]  io_uring_setup.cold+0x3eb/0x1c6e
[  510.698059][T12526]  ? __pfx_io_uring_setup+0x10/0x10
[  510.698083][T12526]  ? do_futex+0x192/0x350
[  510.698098][T12526]  ? __pfx_do_futex+0x10/0x10
[  510.698121][T12526]  ? xfd_validate_state+0x129/0x190
[  510.698135][T12526]  ? exit_to_user_mode_loop+0xf3/0x670
[  510.698166][T12526]  __x64_sys_io_uring_setup+0xc2/0x170
[  510.698190][T12526]  do_syscall_64+0x115/0x840
[  510.698210][T12526]  ? clear_bhb_loop+0x40/0x90
[  510.698228][T12526]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.698243][T12526] RIP: 0033:0x7f4edcd9ce59
[  510.698257][T12526] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  510.698271][T12526] RSP: 002b:00007f4eddcc6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[  510.698286][T12526] RAX: ffffffffffffffda RBX: 00007f4edd015fa0 RCX: 00007f4edcd9ce59
[  510.698296][T12526] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  510.698305][T12526] RBP: 00007f4edce32d6f R08: 0000000000000000 R09: 0000000000000000
[  510.698321][T12526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  510.698330][T12526] R13: 00007f4edd016038 R14: 00007f4edd015fa0 R15: 00007ffd47e98398
[  510.698354][T12526]  </TASK>
[  511.002147][T12529] random: crng reseeded on system resumption
[  511.724205][T12539] FAULT_INJECTION: forcing a failure.
[  511.724205][T12539] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  511.792239][T12539] CPU: 0 UID: 0 PID: 12539 Comm: syz.2.1263 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  511.792285][T12539] Tainted: [L]=SOFTLOCKUP
[  511.792294][T12539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  511.792310][T12539] Call Trace:
[  511.792319][T12539]  <TASK>
[  511.792329][T12539]  dump_stack_lvl+0x100/0x190
[  511.792364][T12539]  should_fail_ex.cold+0x5/0xa
[  511.792401][T12539]  _copy_to_iter+0x1f3/0x1720
[  511.792440][T12539]  ? do_raw_spin_lock+0x128/0x260
[  511.792472][T12539]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  511.792502][T12539]  ? __pfx__copy_to_iter+0x10/0x10
[  511.792534][T12539]  ? __pfx_autoremove_wake_function+0x10/0x10
[  511.792572][T12539]  ? _raw_spin_lock_irqsave+0x52/0x60
[  511.792608][T12539]  ? find_held_lock+0x2b/0x80
[  511.792643][T12539]  ? mark_held_locks+0x40/0x70
[  511.792683][T12539]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  511.792721][T12539]  simple_copy_to_iter+0x46/0x90
[  511.792758][T12539]  __skb_datagram_iter+0x5c8/0x900
[  511.792789][T12539]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  511.792815][T12539]  skb_copy_datagram_iter+0xa5/0x270
[  511.792838][T12539]  tcp_recvmsg_locked+0x1b74/0x2a20
[  511.792862][T12539]  ? __pfx_tcp_recvmsg_locked+0x10/0x10
[  511.792880][T12539]  ? __local_bh_enable_ip+0x9e/0x120
[  511.792901][T12539]  tcp_recvmsg+0x141/0x630
[  511.792918][T12539]  ? __pfx_tcp_recvmsg+0x10/0x10
[  511.792935][T12539]  ? __fget_files+0x215/0x3d0
[  511.792952][T12539]  ? __fget_files+0x215/0x3d0
[  511.792972][T12539]  ? __pfx_tcp_recvmsg+0x10/0x10
[  511.792986][T12539]  inet_recvmsg+0xd5/0x4c0
[  511.793008][T12539]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  511.793030][T12539]  ? __pfx_inet_recvmsg+0x10/0x10
[  511.793053][T12539]  sock_recvmsg+0x187/0x1f0
[  511.793073][T12539]  __sys_recvfrom+0x200/0x300
[  511.793088][T12539]  ? 0xffffffff81000000
[  511.793099][T12539]  ? __pfx___sys_recvfrom+0x10/0x10
[  511.793139][T12539]  ? ksys_write+0x1ac/0x250
[  511.793155][T12539]  ? __pfx_ksys_write+0x10/0x10
[  511.793175][T12539]  __x64_sys_recvfrom+0xe0/0x1c0
[  511.793188][T12539]  ? do_syscall_64+0x90/0x840
[  511.793208][T12539]  ? lockdep_hardirqs_on+0x78/0x100
[  511.793236][T12539]  do_syscall_64+0x115/0x840
[  511.793255][T12539]  ? clear_bhb_loop+0x40/0x90
[  511.793277][T12539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  511.793292][T12539] RIP: 0033:0x7f4edcd9ce59
[  511.793304][T12539] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  511.793318][T12539] RSP: 002b:00007f4eddcc6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  511.793333][T12539] RAX: ffffffffffffffda RBX: 00007f4edd015fa0 RCX: 00007f4edcd9ce59
[  511.793343][T12539] RDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003
[  511.793352][T12539] RBP: 00007f4eddcc6090 R08: 0000000000000000 R09: ffffffff81000000
[  511.793361][T12539] R10: 0000000000000a00 R11: 0000000000000246 R12: 0000000000000001
[  511.793369][T12539] R13: 00007f4edd016038 R14: 00007f4edd015fa0 R15: 00007ffd47e98398
[  511.793382][T12539]  ? 0xffffffff81000000
[  511.793398][T12539]  </TASK>
[  512.445684][T12566] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1268'.
[  513.472619][T12584] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1271'.
[  513.701933][T12593] FAULT_INJECTION: forcing a failure.
[  513.701933][T12593] name fail_futex, interval 1, probability 0, space 0, times 0
[  513.730721][T12593] CPU: 0 UID: 0 PID: 12593 Comm: syz.0.1274 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  513.730747][T12593] Tainted: [L]=SOFTLOCKUP
[  513.730752][T12593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  513.730760][T12593] Call Trace:
[  513.730766][T12593]  <TASK>
[  513.730772][T12593]  dump_stack_lvl+0x100/0x190
[  513.730791][T12593]  should_fail_ex.cold+0x5/0xa
[  513.730811][T12593]  get_futex_key+0x295/0x1510
[  513.730838][T12593]  ? __pfx_get_futex_key+0x10/0x10
[  513.730860][T12593]  ? lock_acquire+0x1b1/0x370
[  513.730891][T12593]  futex_wake+0xea/0x530
[  513.730911][T12593]  ? __pfx_futex_wake+0x10/0x10
[  513.730928][T12593]  ? exit_mm_release+0x19/0x30
[  513.730954][T12593]  do_futex+0x32b/0x350
[  513.730970][T12593]  ? __pfx_do_futex+0x10/0x10
[  513.730983][T12593]  ? __might_fault+0xc5/0x140
[  513.731010][T12593]  mm_release+0x24a/0x2f0
[  513.731028][T12593]  do_exit+0x707/0x2af0
[  513.731054][T12593]  ? __pfx_do_exit+0x10/0x10
[  513.731075][T12593]  ? do_raw_spin_lock+0x128/0x260
[  513.731090][T12593]  ? find_held_lock+0x2b/0x80
[  513.731107][T12593]  ? get_signal+0x7e5/0x2210
[  513.731126][T12593]  do_group_exit+0xd5/0x2a0
[  513.731149][T12593]  get_signal+0x20ff/0x2210
[  513.731169][T12593]  ? rcu_is_watching+0x12/0xc0
[  513.731188][T12593]  ? __pfx_get_signal+0x10/0x10
[  513.731208][T12593]  ? do_futex+0x192/0x350
[  513.731223][T12593]  arch_do_signal_or_restart+0x91/0x7a0
[  513.731246][T12593]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  513.731274][T12593]  ? rcu_is_watching+0x12/0xc0
[  513.731293][T12593]  exit_to_user_mode_loop+0x98/0x670
[  513.731322][T12593]  ? rcu_is_watching+0x12/0xc0
[  513.731340][T12593]  do_syscall_64+0x652/0x840
[  513.731360][T12593]  ? clear_bhb_loop+0x40/0x90
[  513.731378][T12593]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.731393][T12593] RIP: 0033:0x7f1f2dd9ce59
[  513.731406][T12593] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  513.731420][T12593] RSP: 002b:00007f1f2ecfd0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  513.731435][T12593] RAX: 0000000000000001 RBX: 00007f1f2e015fa8 RCX: 00007f1f2dd9ce59
[  513.731444][T12593] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1f2e015fac
[  513.731453][T12593] RBP: 00007f1f2e015fa0 R08: 0000000000000001 R09: 0000000000000000
[  513.731462][T12593] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000
[  513.731470][T12593] R13: 00007f1f2e016038 R14: 00007ffd60219b40 R15: 00007ffd60219c28
[  513.731489][T12593]  </TASK>
[  514.926888][T12608] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.551733][T12608] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.840396][T12608] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.944748][T12632] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1283'.
[  515.986670][T12608] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  516.013959][T12633] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1283'.
[  516.224657][T12635] FAULT_INJECTION: forcing a failure.
[  516.224657][T12635] name failslab, interval 1, probability 0, space 0, times 0
[  516.243154][T12635] CPU: 1 UID: 0 PID: 12635 Comm: syz.1.1284 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  516.243204][T12635] Tainted: [L]=SOFTLOCKUP
[  516.243213][T12635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  516.243229][T12635] Call Trace:
[  516.243238][T12635]  <TASK>
[  516.243248][T12635]  dump_stack_lvl+0x100/0x190
[  516.243281][T12635]  should_fail_ex.cold+0x5/0xa
[  516.243316][T12635]  should_failslab+0xc2/0x120
[  516.243346][T12635]  __kmalloc_cache_noprof+0x7a/0x6f0
[  516.243385][T12635]  ? percpu_ref_init+0xec/0x3f0
[  516.243422][T12635]  ? __pfx_io_ring_ctx_ref_free+0x10/0x10
[  516.243461][T12635]  percpu_ref_init+0xec/0x3f0
[  516.243491][T12635]  io_uring_setup.cold+0x23b/0x1c6e
[  516.243536][T12635]  ? __pfx_io_uring_setup+0x10/0x10
[  516.243580][T12635]  ? do_futex+0x192/0x350
[  516.243605][T12635]  ? __pfx_do_futex+0x10/0x10
[  516.243651][T12635]  ? __pfx___x64_sys_futex+0x10/0x10
[  516.243681][T12635]  ? exit_to_user_mode_loop+0xf3/0x670
[  516.243723][T12635]  ? rcu_is_watching+0x12/0xc0
[  516.243762][T12635]  ? exit_to_user_mode_loop+0xf3/0x670
[  516.243808][T12635]  __x64_sys_io_uring_setup+0xc2/0x170
[  516.243851][T12635]  do_syscall_64+0x115/0x840
[  516.243889][T12635]  ? clear_bhb_loop+0x40/0x90
[  516.243922][T12635]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  516.243952][T12635] RIP: 0033:0x7f8fc119ce59
[  516.243976][T12635] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  516.244005][T12635] RSP: 002b:00007f8fc208b028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[  516.244032][T12635] RAX: ffffffffffffffda RBX: 00007f8fc1415fa0 RCX: 00007f8fc119ce59
[  516.244050][T12635] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  516.244067][T12635] RBP: 00007f8fc1232d6f R08: 0000000000000000 R09: 0000000000000000
[  516.244084][T12635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  516.244101][T12635] R13: 00007f8fc1416038 R14: 00007f8fc1415fa0 R15: 00007fff151731a8
[  516.244140][T12635]  </TASK>
[  516.461518][T12637] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1285'.
[  518.629047][T12669] FAULT_INJECTION: forcing a failure.
[  518.629047][T12669] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  518.642540][T12669] CPU: 0 UID: 0 PID: 12669 Comm: syz.2.1291 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  518.642582][T12669] Tainted: [L]=SOFTLOCKUP
[  518.642591][T12669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  518.642606][T12669] Call Trace:
[  518.642614][T12669]  <TASK>
[  518.642624][T12669]  dump_stack_lvl+0x100/0x190
[  518.642660][T12669]  should_fail_ex.cold+0x5/0xa
[  518.642699][T12669]  _copy_from_user+0x2e/0xd0
[  518.642739][T12669]  copy_mnt_id_req+0x108/0x350
[  518.642787][T12669]  __do_sys_listmount+0x184/0xee0
[  518.642817][T12669]  ? __pfx_do_futex+0x10/0x10
[  518.642859][T12669]  ? fput+0x79/0x100
[  518.642897][T12669]  ? __pfx___do_sys_listmount+0x10/0x10
[  518.642946][T12669]  ? rcu_is_watching+0x12/0xc0
[  518.642983][T12669]  do_syscall_64+0x115/0x840
[  518.643021][T12669]  ? clear_bhb_loop+0x40/0x90
[  518.643056][T12669]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.643084][T12669] RIP: 0033:0x7f4edcd9ce59
[  518.643108][T12669] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  518.643134][T12669] RSP: 002b:00007f4eddcc6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca
[  518.643160][T12669] RAX: ffffffffffffffda RBX: 00007f4edd015fa0 RCX: 00007f4edcd9ce59
[  518.643177][T12669] RDX: 00000000000bc23c RSI: 0000000000000000 RDI: 0000200000000100
[  518.643193][T12669] RBP: 00007f4edce32d6f R08: 0000000000000000 R09: 0000000000000000
[  518.643209][T12669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  518.643224][T12669] R13: 00007f4edd016038 R14: 00007f4edd015fa0 R15: 00007ffd47e98398
[  518.643259][T12669]  </TASK>
[  519.003742][T12673] FAULT_INJECTION: forcing a failure.
[  519.003742][T12673] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  519.017196][T12673] CPU: 1 UID: 0 PID: 12673 Comm: syz.1.1292 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  519.017234][T12673] Tainted: [L]=SOFTLOCKUP
[  519.017240][T12673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  519.017249][T12673] Call Trace:
[  519.017255][T12673]  <TASK>
[  519.017261][T12673]  dump_stack_lvl+0x100/0x190
[  519.017282][T12673]  should_fail_ex.cold+0x5/0xa
[  519.017303][T12673]  _copy_from_user+0x2e/0xd0
[  519.017325][T12673]  copy_mnt_id_req+0x108/0x350
[  519.017351][T12673]  __do_sys_listmount+0x184/0xee0
[  519.017367][T12673]  ? __pfx_do_futex+0x10/0x10
[  519.017385][T12673]  ? fput+0x79/0x100
[  519.017404][T12673]  ? __pfx___do_sys_listmount+0x10/0x10
[  519.017428][T12673]  ? rcu_is_watching+0x12/0xc0
[  519.017447][T12673]  do_syscall_64+0x115/0x840
[  519.017468][T12673]  ? clear_bhb_loop+0x40/0x90
[  519.017485][T12673]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  519.017501][T12673] RIP: 0033:0x7f8fc119ce59
[  519.017527][T12673] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  519.017542][T12673] RSP: 002b:00007f8fc208b028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca
[  519.017558][T12673] RAX: ffffffffffffffda RBX: 00007f8fc1415fa0 RCX: 00007f8fc119ce59
[  519.017568][T12673] RDX: 00000000000bc23c RSI: 0000000000000000 RDI: 0000200000000100
[  519.017577][T12673] RBP: 00007f8fc1232d6f R08: 0000000000000000 R09: 0000000000000000
[  519.017587][T12673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  519.017597][T12673] R13: 00007f8fc1416038 R14: 00007f8fc1415fa0 R15: 00007fff151731a8
[  519.017616][T12673]  </TASK>
[  520.446376][T12686] FAULT_INJECTION: forcing a failure.
[  520.446376][T12686] name failslab, interval 1, probability 0, space 0, times 0
[  520.461541][T12686] CPU: 1 UID: 0 PID: 12686 Comm: syz.1.1294 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  520.461580][T12686] Tainted: [L]=SOFTLOCKUP
[  520.461588][T12686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  520.461603][T12686] Call Trace:
[  520.461611][T12686]  <TASK>
[  520.461620][T12686]  dump_stack_lvl+0x100/0x190
[  520.461653][T12686]  should_fail_ex.cold+0x5/0xa
[  520.461688][T12686]  should_failslab+0xc2/0x120
[  520.461731][T12686]  __kmalloc_cache_noprof+0x7a/0x6f0
[  520.461767][T12686]  ? sctp_add_bind_addr+0xae/0x3e0
[  520.461793][T12686]  sctp_add_bind_addr+0xae/0x3e0
[  520.461818][T12686]  sctp_copy_local_addr_list+0x349/0x550
[  520.461837][T12686]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  520.461854][T12686]  ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360
[  520.461872][T12686]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  520.461895][T12686]  sctp_bind_addr_copy+0xe0/0x530
[  520.461922][T12686]  sctp_connect_new_asoc+0x1c9/0x770
[  520.461943][T12686]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  520.461961][T12686]  ? sctp_endpoint_lookup_assoc+0x15c/0x2a0
[  520.461978][T12686]  ? sctp_endpoint_lookup_assoc+0x15c/0x2a0
[  520.462001][T12686]  __sctp_connect+0x3e7/0xc70
[  520.462024][T12686]  ? __pfx___sctp_connect+0x10/0x10
[  520.462044][T12686]  ? __pfx_sctp_inet_connect+0x10/0x10
[  520.462063][T12686]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  520.462085][T12686]  ? __pfx_sctp_inet_connect+0x10/0x10
[  520.462103][T12686]  sctp_inet_connect+0x15f/0x220
[  520.462122][T12686]  __sys_connect_file+0x141/0x1a0
[  520.462148][T12686]  __sys_connect+0x141/0x170
[  520.462169][T12686]  ? __pfx___sys_connect+0x10/0x10
[  520.462190][T12686]  ? __fget_files+0x21f/0x3d0
[  520.462214][T12686]  ? __pfx_ksys_write+0x10/0x10
[  520.462229][T12686]  ? trace_irq_enable.constprop.0+0x31/0x160
[  520.462264][T12686]  __x64_sys_connect+0x72/0xb0
[  520.462297][T12686]  ? lockdep_hardirqs_on+0x78/0x100
[  520.462319][T12686]  do_syscall_64+0x115/0x840
[  520.462339][T12686]  ? clear_bhb_loop+0x40/0x90
[  520.462357][T12686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  520.462372][T12686] RIP: 0033:0x7f8fc119ce59
[  520.462385][T12686] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  520.462400][T12686] RSP: 002b:00007f8fc2049028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  520.462415][T12686] RAX: ffffffffffffffda RBX: 00007f8fc1416180 RCX: 00007f8fc119ce59
[  520.462425][T12686] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003
[  520.462434][T12686] RBP: 00007f8fc2049090 R08: 0000000000000000 R09: 0000000000000000
[  520.462443][T12686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  520.462451][T12686] R13: 00007f8fc1416218 R14: 00007f8fc1416180 R15: 00007fff151731a8
[  520.462473][T12686]  </TASK>
[  521.080566][T12694] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1295'.
[  522.976763][T12720] FAULT_INJECTION: forcing a failure.
[  522.976763][T12720] name failslab, interval 1, probability 0, space 0, times 0
[  522.989694][T12720] CPU: 1 UID: 0 PID: 12720 Comm: syz.2.1301 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  522.989737][T12720] Tainted: [L]=SOFTLOCKUP
[  522.989748][T12720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  522.989765][T12720] Call Trace:
[  522.989773][T12720]  <TASK>
[  522.989784][T12720]  dump_stack_lvl+0x100/0x190
[  522.989819][T12720]  should_fail_ex.cold+0x5/0xa
[  522.989855][T12720]  should_failslab+0xc2/0x120
[  522.989888][T12720]  __kvmalloc_node_noprof+0xfa/0xa00
[  522.989915][T12720]  ? io_uring_setup.cold+0x171/0x1c6e
[  522.989960][T12720]  ? lockdep_init_map_type+0x5c/0x250
[  522.990010][T12720]  io_uring_setup.cold+0x171/0x1c6e
[  522.990058][T12720]  ? __pfx_io_uring_setup+0x10/0x10
[  522.990103][T12720]  ? do_futex+0x192/0x350
[  522.990134][T12720]  ? __pfx_do_futex+0x10/0x10
[  522.990192][T12720]  ? __pfx___x64_sys_futex+0x10/0x10
[  522.990221][T12720]  ? exit_to_user_mode_loop+0xf3/0x670
[  522.990268][T12720]  __x64_sys_io_uring_setup+0xc2/0x170
[  522.990310][T12720]  do_syscall_64+0x115/0x840
[  522.990348][T12720]  ? clear_bhb_loop+0x40/0x90
[  522.990384][T12720]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  522.990413][T12720] RIP: 0033:0x7f4edcd9ce59
[  522.990435][T12720] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  522.990462][T12720] RSP: 002b:00007f4eddcc6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[  522.990487][T12720] RAX: ffffffffffffffda RBX: 00007f4edd015fa0 RCX: 00007f4edcd9ce59
[  522.990498][T12720] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  522.990506][T12720] RBP: 00007f4edce32d6f R08: 0000000000000000 R09: 0000000000000000
[  522.990515][T12720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  522.990523][T12720] R13: 00007f4edd016038 R14: 00007f4edd015fa0 R15: 00007ffd47e98398
[  522.990543][T12720]  </TASK>
[  523.333278][T12725] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1303'.
[  523.501071][ T5639] Bluetooth: hci3: ACL packet for unknown connection handle 0
[  524.062845][T12726] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  524.089062][T12726] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  524.099929][T12726] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  524.106114][T12726] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  525.600130][ T5639] Bluetooth: hci0: command 0x0406 tx timeout
[  525.969581][T12770] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1307'.
[  525.989071][T12770] tc_dump_action: action bad kind
[  526.158858][ T5639] Bluetooth: hci3: command 0x0406 tx timeout
[  526.164954][ T5639] Bluetooth: hci1: command 0x0406 tx timeout
[  526.171209][ T5639] Bluetooth: hci2: command 0x0406 tx timeout
[  526.401506][T12776] FAULT_INJECTION: forcing a failure.
[  526.401506][T12776] name failslab, interval 1, probability 0, space 0, times 0
[  526.414428][T12776] CPU: 0 UID: 0 PID: 12776 Comm: syz.1.1308 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  526.414455][T12776] Tainted: [L]=SOFTLOCKUP
[  526.414460][T12776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  526.414470][T12776] Call Trace:
[  526.414477][T12776]  <TASK>
[  526.414483][T12776]  dump_stack_lvl+0x100/0x190
[  526.414503][T12776]  should_fail_ex.cold+0x5/0xa
[  526.414524][T12776]  should_failslab+0xc2/0x120
[  526.414542][T12776]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  526.414567][T12776]  ? copy_fs_struct+0x49/0x340
[  526.414582][T12776]  ? dup_fd+0x831/0xd10
[  526.414602][T12776]  copy_fs_struct+0x49/0x340
[  526.414619][T12776]  copy_process+0x6b64/0x7ed0
[  526.414637][T12776]  ? __futex_wait+0x256/0x300
[  526.414665][T12776]  ? __pfx_copy_process+0x10/0x10
[  526.414687][T12776]  ? futex_hash+0x141/0x370
[  526.414713][T12776]  kernel_clone+0x176/0x9e0
[  526.414730][T12776]  ? __pfx_futex_wait+0x10/0x10
[  526.414750][T12776]  ? __pfx_kernel_clone+0x10/0x10
[  526.414780][T12776]  __do_sys_clone+0xd9/0x120
[  526.414800][T12776]  ? __pfx___do_sys_clone+0x10/0x10
[  526.414830][T12776]  ? rcu_is_watching+0x12/0xc0
[  526.414849][T12776]  do_syscall_64+0x115/0x840
[  526.414869][T12776]  ? clear_bhb_loop+0x40/0x90
[  526.414887][T12776]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  526.414903][T12776] RIP: 0033:0x7f8fc119ce59
[  526.414917][T12776] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  526.414931][T12776] RSP: 002b:00007f8fc208afd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  526.414946][T12776] RAX: ffffffffffffffda RBX: 00007f8fc1415fa0 RCX: 00007f8fc119ce59
[  526.414956][T12776] RDX: 0000000000000000 RSI: 0000000000000900 RDI: 0000000000008000
[  526.414965][T12776] RBP: 00007f8fc1232d6f R08: 0000000000000000 R09: 0000000000000000
[  526.414974][T12776] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  526.414982][T12776] R13: 00007f8fc1416038 R14: 00007f8fc1415fa0 R15: 00007fff151731a8
[  526.415001][T12776]  </TASK>
[  526.830595][T12783] FAULT_INJECTION: forcing a failure.
[  526.830595][T12783] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  526.851469][T12783] CPU: 1 UID: 0 PID: 12783 Comm: syz.1.1311 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  526.851513][T12783] Tainted: [L]=SOFTLOCKUP
[  526.851520][T12783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  526.851529][T12783] Call Trace:
[  526.851534][T12783]  <TASK>
[  526.851541][T12783]  dump_stack_lvl+0x100/0x190
[  526.851562][T12783]  should_fail_ex.cold+0x5/0xa
[  526.851580][T12783]  ? prepare_alloc_pages+0x16d/0x5f0
[  526.851601][T12783]  should_fail_alloc_page+0xeb/0x140
[  526.851620][T12783]  prepare_alloc_pages+0x1f0/0x5f0
[  526.851642][T12783]  __alloc_frozen_pages_noprof+0x19a/0x2bc0
[  526.851667][T12783]  ? stack_trace_save+0x8e/0xc0
[  526.851686][T12783]  ? __pfx_stack_trace_save+0x10/0x10
[  526.851707][T12783]  ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0
[  526.851731][T12783]  ? stack_depot_save_flags+0x27/0x9d0
[  526.851758][T12783]  ? kasan_save_stack+0x3f/0x50
[  526.851773][T12783]  ? kasan_save_stack+0x30/0x50
[  526.851787][T12783]  ? kasan_save_track+0x14/0x30
[  526.851800][T12783]  ? __kasan_slab_alloc+0x89/0x90
[  526.851815][T12783]  ? kmem_cache_alloc_noprof+0x241/0x6e0
[  526.851842][T12783]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  526.851865][T12783]  ? do_user_addr_fault+0x74c/0x12f0
[  526.851882][T12783]  ? exc_page_fault+0x6f/0xd0
[  526.851901][T12783]  ? asm_exc_page_fault+0x26/0x30
[  526.851915][T12783]  ? ppp_ioctl+0xcc8/0x27c0
[  526.851930][T12783]  ? do_syscall_64+0x115/0x840
[  526.851950][T12783]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  526.851973][T12783]  ? __lock_acquire+0x4a5/0x2630
[  526.851997][T12783]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  526.852020][T12783]  ? policy_nodemask+0xed/0x4f0
[  526.852039][T12783]  alloc_pages_mpol+0x1fb/0x540
[  526.852058][T12783]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  526.852075][T12783]  ? __thp_vma_allowable_orders+0x1d9/0xce0
[  526.852102][T12783]  ? do_raw_spin_lock+0x128/0x260
[  526.852120][T12783]  alloc_pages_noprof+0x1a/0x160
[  526.852141][T12783]  pte_alloc_one+0x1c/0x3d0
[  526.852160][T12783]  do_fault+0x86c/0x1750
[  526.852179][T12783]  ? __pmd_alloc+0x3fb/0x950
[  526.852198][T12783]  __handle_mm_fault+0x187d/0x2a00
[  526.852223][T12783]  ? mt_find+0x45e/0x8e0
[  526.852246][T12783]  ? __pfx___handle_mm_fault+0x10/0x10
[  526.852267][T12783]  ? __pfx_mt_find+0x10/0x10
[  526.852298][T12783]  ? find_vma+0xbf/0x140
[  526.852314][T12783]  ? __pfx_find_vma+0x10/0x10
[  526.852332][T12783]  handle_mm_fault+0x37b/0xa30
[  526.852358][T12783]  do_user_addr_fault+0x74c/0x12f0
[  526.852377][T12783]  ? trace_page_fault_kernel+0x7a/0x200
[  526.852395][T12783]  exc_page_fault+0x6f/0xd0
[  526.852416][T12783]  asm_exc_page_fault+0x26/0x30
[  526.852430][T12783] RIP: 0010:__get_user_4+0x14/0x20
[  526.852447][T12783] Code: 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca e9 80 95 04 00 90 90 90 90 90 90 90 90 90 90
[  526.852461][T12783] RSP: 0018:ffffc9000229fd98 EFLAGS: 00050287
[  526.852474][T12783] RAX: 0000000000000000 RBX: ffff8880694b0e40 RCX: ffffc9000229fd3c
[  526.852483][T12783] RDX: 00007ffffffff000 RSI: ffffffff8257f671 RDI: ffffffff8c1c4380
[  526.852493][T12783] RBP: 1ffff92000453fbb R08: 0000000000000001 R09: 00000000000001c5
[  526.852502][T12783] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000040047452
[  526.852510][T12783] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000003
[  526.852525][T12783]  ? __might_fault+0x111/0x140
[  526.852550][T12783]  ppp_ioctl+0xcc8/0x27c0
[  526.852567][T12783]  ? find_held_lock+0x2b/0x80
[  526.852585][T12783]  ? __pfx_ppp_ioctl+0x10/0x10
[  526.852603][T12783]  ? __fget_files+0x21f/0x3d0
[  526.852624][T12783]  ? __pfx_ppp_ioctl+0x10/0x10
[  526.852639][T12783]  __x64_sys_ioctl+0x18e/0x210
[  526.852656][T12783]  do_syscall_64+0x115/0x840
[  526.852675][T12783]  ? clear_bhb_loop+0x40/0x90
[  526.852693][T12783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  526.852708][T12783] RIP: 0033:0x7f8fc119ce59
[  526.852723][T12783] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  526.852737][T12783] RSP: 002b:00007f8fc208b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  526.852750][T12783] RAX: ffffffffffffffda RBX: 00007f8fc1415fa0 RCX: 00007f8fc119ce59
[  526.852759][T12783] RDX: 0000000000000000 RSI: 0000000040047452 RDI: 0000000000000003
[  526.852768][T12783] RBP: 00007f8fc208b090 R08: 0000000000000000 R09: 0000000000000000
[  526.852776][T12783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  526.852785][T12783] R13: 00007f8fc1416038 R14: 00007f8fc1415fa0 R15: 00007fff151731a8
[  526.852804][T12783]  </TASK>
[  527.628070][T12774] Bluetooth: hci3: ACL packet for unknown connection handle 0
[  527.876257][T12792] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  530.041222][T12819] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1321'.
[  530.174676][ T5647] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  530.188125][ T5647] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  530.201899][ T5647] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  530.226374][ T5647] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  530.235181][ T5647] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  530.307725][T12825] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1322'.
[  530.339356][T12825] ima: policy update failed
[  530.354750][   T29] audit: type=1802 audit(1780417886.471:7): pid=12825 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1322" res=0 errno=0
[  530.737012][T12774] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  530.753297][T12774] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  530.771106][T12774] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  530.781327][T12774] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  530.789832][T12774] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  531.080730][T12848] usbcore.quirks: string doesn't fit in 127 chars.
[  531.129223][T12848] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1326'.
[  531.606332][T12860] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1327'.
[  532.254243][T12821] bridge0: port 1(bridge_slave_0) entered blocking state
[  532.269101][T12821] bridge0: port 1(bridge_slave_0) entered disabled state
[  532.276598][T12821] bridge_slave_0: entered allmulticast mode
[  532.285101][T12821] bridge_slave_0: entered promiscuous mode
[  532.313567][T12821] bridge0: port 2(bridge_slave_1) entered blocking state
[  532.321302][T12821] bridge0: port 2(bridge_slave_1) entered disabled state
[  532.329492][T12821] bridge_slave_1: entered allmulticast mode
[  532.330467][ T5647] Bluetooth: hci4: command tx timeout
[  532.348727][T12821] bridge_slave_1: entered promiscuous mode
[  532.524668][T12821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  532.541767][T12821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  532.701292][T12878] FAULT_INJECTION: forcing a failure.
[  532.701292][T12878] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  532.716767][T12821] team0: Port device team_slave_0 added
[  532.740536][T12821] team0: Port device team_slave_1 added
[  532.773830][T12878] CPU: 1 UID: 0 PID: 12878 Comm: syz.1.1330 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  532.773872][T12878] Tainted: [L]=SOFTLOCKUP
[  532.773881][T12878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  532.773897][T12878] Call Trace:
[  532.773906][T12878]  <TASK>
[  532.773915][T12878]  dump_stack_lvl+0x100/0x190
[  532.773949][T12878]  should_fail_ex.cold+0x5/0xa
[  532.773984][T12878]  _copy_from_user+0x2e/0xd0
[  532.774023][T12878]  copy_msghdr_from_user+0x9f/0x4f0
[  532.774061][T12878]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  532.774104][T12878]  ? rcu_is_watching+0x12/0xc0
[  532.774132][T12878]  ? ___sys_recvmsg+0x177/0x1a0
[  532.774161][T12878]  ? kfree+0x1dd/0x6c0
[  532.774200][T12878]  ___sys_recvmsg+0xdd/0x1a0
[  532.774233][T12878]  ? __pfx____sys_recvmsg+0x10/0x10
[  532.774297][T12878]  ? __pfx___might_resched+0x10/0x10
[  532.774335][T12878]  do_recvmmsg+0x301/0x760
[  532.774377][T12878]  ? __pfx_do_recvmmsg+0x10/0x10
[  532.774411][T12878]  ? ksys_write+0x190/0x250
[  532.774448][T12878]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  532.774486][T12878]  ? kernel_write+0x683/0x6c0
[  532.774526][T12878]  ? __fget_files+0x21f/0x3d0
[  532.774566][T12878]  __x64_sys_recvmmsg+0x22a/0x280
[  532.774598][T12878]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  532.774632][T12878]  ? rcu_is_watching+0x12/0xc0
[  532.774665][T12878]  do_syscall_64+0x115/0x840
[  532.774701][T12878]  ? clear_bhb_loop+0x40/0x90
[  532.774734][T12878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.774763][T12878] RIP: 0033:0x7f8fc119ce59
[  532.774786][T12878] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  532.774811][T12878] RSP: 002b:00007f8fc208b028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  532.774838][T12878] RAX: ffffffffffffffda RBX: 00007f8fc1415fa0 RCX: 00007f8fc119ce59
[  532.774856][T12878] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003
[  532.774872][T12878] RBP: 00007f8fc208b090 R08: 0000000000000000 R09: 0000000000000000
[  532.774888][T12878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  532.774903][T12878] R13: 00007f8fc1416038 R14: 00007f8fc1415fa0 R15: 00007fff151731a8
[  532.774938][T12878]  </TASK>
[  533.004006][ T5647] Bluetooth: hci5: command tx timeout
[  533.060703][T12821] batman_adv: batadv0: Adding interface: batadv_slave_0
[  533.068453][T12821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  533.106021][T12821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  533.167815][T12821] batman_adv: batadv0: Adding interface: batadv_slave_1
[  533.182553][T12821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  533.232682][T12821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  533.389469][T12839] bridge0: port 1(bridge_slave_0) entered blocking state
[  533.401117][T12839] bridge0: port 1(bridge_slave_0) entered disabled state
[  533.413823][T12839] bridge_slave_0: entered allmulticast mode
[  533.429129][T12839] bridge_slave_0: entered promiscuous mode
[  533.457256][T12821] hsr_slave_0: entered promiscuous mode
[  533.472286][T12821] hsr_slave_1: entered promiscuous mode
[  533.481249][T12821] debugfs: 'hsr0' already exists in 'hsr'
[  533.492489][T12821] Cannot create hsr debugfs directory
[  533.511384][T12839] bridge0: port 2(bridge_slave_1) entered blocking state
[  533.538556][T12839] bridge0: port 2(bridge_slave_1) entered disabled state
[  533.561353][T12839] bridge_slave_1: entered allmulticast mode
[  533.583064][T12839] bridge_slave_1: entered promiscuous mode
[  533.707188][T12839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  533.769541][T12839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  533.896545][T12839] team0: Port device team_slave_0 added
[  533.922851][T12839] team0: Port device team_slave_1 added
[  534.042117][T12839] batman_adv: batadv0: Adding interface: batadv_slave_0
[  534.061238][T12839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  534.065113][T12774] Bluetooth: hci3: ACL packet for unknown connection handle 0
[  534.128535][T12839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  534.162435][T12839] batman_adv: batadv0: Adding interface: batadv_slave_1
[  534.181684][T12839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  534.255274][T12839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  534.404909][T12774] Bluetooth: hci4: command tx timeout
[  534.445016][T12839] hsr_slave_0: entered promiscuous mode
[  534.459773][T12839] hsr_slave_1: entered promiscuous mode
[  534.466299][T12839] debugfs: 'hsr0' already exists in 'hsr'
[  534.472314][T12839] Cannot create hsr debugfs directory
[  534.751684][T12900] FAULT_INJECTION: forcing a failure.
[  534.751684][T12900] name failslab, interval 1, probability 0, space 0, times 0
[  534.764566][T12900] CPU: 0 UID: 0 PID: 12900 Comm: syz.2.1334 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  534.764641][T12900] Tainted: [L]=SOFTLOCKUP
[  534.764656][T12900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  534.764678][T12900] Call Trace:
[  534.764688][T12900]  <TASK>
[  534.764703][T12900]  dump_stack_lvl+0x100/0x190
[  534.764739][T12900]  should_fail_ex.cold+0x5/0xa
[  534.764782][T12900]  should_failslab+0xc2/0x120
[  534.764828][T12900]  kmem_cache_alloc_lru_noprof+0x80/0x6e0
[  534.764877][T12900]  ? alloc_inode+0x183/0x250
[  534.764946][T12900]  alloc_inode+0x183/0x250
[  534.764995][T12900]  alloc_anon_inode+0x2a/0x3e0
[  534.765037][T12900]  anon_inode_make_secure_inode+0x2f/0x140
[  534.765086][T12900]  __anon_inode_getfile+0x1cf/0x280
[  534.765123][T12900]  ? _copy_to_user+0xaf/0xd0
[  534.765161][T12900]  io_uring_setup.cold+0x1951/0x1c6e
[  534.765206][T12900]  ? __pfx_io_uring_setup+0x10/0x10
[  534.765253][T12900]  ? __pfx_do_futex+0x10/0x10
[  534.765294][T12900]  ? xfd_validate_state+0x129/0x190
[  534.765319][T12900]  ? exit_to_user_mode_loop+0xf3/0x670
[  534.765378][T12900]  __x64_sys_io_uring_setup+0xc2/0x170
[  534.765421][T12900]  do_syscall_64+0x115/0x840
[  534.765457][T12900]  ? clear_bhb_loop+0x40/0x90
[  534.765490][T12900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  534.765518][T12900] RIP: 0033:0x7f4edcd9ce59
[  534.765540][T12900] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  534.765565][T12900] RSP: 002b:00007f4eddcc6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[  534.765591][T12900] RAX: ffffffffffffffda RBX: 00007f4edd015fa0 RCX: 00007f4edcd9ce59
[  534.765608][T12900] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  534.765623][T12900] RBP: 00007f4edce32d6f R08: 0000000000000000 R09: 0000000000000000
[  534.765639][T12900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  534.765654][T12900] R13: 00007f4edd016038 R14: 00007f4edd015fa0 R15: 00007ffd47e98398
[  534.765689][T12900]  </TASK>
[  535.038540][T12774] Bluetooth: hci5: command tx timeout
[  536.490702][T12774] Bluetooth: hci4: command tx timeout
[  537.128434][T12774] Bluetooth: hci5: command tx timeout
[  537.873774][T12947] usbcore.quirks: string doesn't fit in 127 chars.
[  537.898944][T12947] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1341'.
[  538.558542][T12774] Bluetooth: hci4: command tx timeout
[  539.200291][T12774] Bluetooth: hci5: command tx timeout
[  539.754131][T13006] usbcore.quirks: string doesn't fit in 127 chars.
[  539.792835][T13006] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1347'.
[  541.370892][T13054] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1353'.
[  541.473780][T13055] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1353'.
[  541.989751][T13059] vivid-003: =================  START STATUS  =================
[  541.999463][T13059] vivid-003: Radio HW Seek Mode: Bounded
[  542.006377][T13059] vivid-003: Radio Programmable HW Seek: false
[  542.014905][T13059] vivid-003: RDS Rx I/O Mode: Block I/O
[  542.021554][T13059] vivid-003: Generate RBDS Instead of RDS: false
[  542.027975][T13059] vivid-003: RDS Reception: true
[  542.033064][T13059] vivid-003: RDS Program Type: 0 inactive
[  542.038934][T13059] vivid-003: RDS PS Name:  inactive
[  542.044190][T13059] vivid-003: RDS Radio Text:  inactive
[  542.049930][T13059] vivid-003: RDS Traffic Announcement: false inactive
[  542.056800][T13059] vivid-003: RDS Traffic Program: false inactive
[  542.064420][T13059] vivid-003: RDS Music: false inactive
[  542.070010][T13059] vivid-003: ==================  END STATUS  ==================
[  544.976492][T13098] openvswitch: netlink: IPv4 tunnel dst address is zero
[  545.210316][T13103] FAULT_INJECTION: forcing a failure.
[  545.210316][T13103] name failslab, interval 1, probability 0, space 0, times 0
[  545.232980][T13103] CPU: 1 UID: 0 PID: 13103 Comm: syz.1.1363 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  545.233031][T13103] Tainted: [L]=SOFTLOCKUP
[  545.233041][T13103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  545.233059][T13103] Call Trace:
[  545.233068][T13103]  <TASK>
[  545.233077][T13103]  dump_stack_lvl+0x100/0x190
[  545.233120][T13103]  should_fail_ex.cold+0x5/0xa
[  545.233155][T13103]  should_failslab+0xc2/0x120
[  545.233187][T13103]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  545.233233][T13103]  ? __proc_create+0x2cb/0x8c0
[  545.233278][T13103]  __proc_create+0x2cb/0x8c0
[  545.233317][T13103]  ? __pfx___proc_create+0x10/0x10
[  545.233359][T13103]  ? __pfx_netdev_run_todo+0x10/0x10
[  545.233398][T13103]  proc_create_reg+0x75/0x170
[  545.233436][T13103]  ? __pfx_psched_show+0x10/0x10
[  545.233476][T13103]  proc_create_single_data+0x86/0x130
[  545.233516][T13103]  ? __pfx_proc_create_single_data+0x10/0x10
[  545.233567][T13103]  ? __pfx_psched_net_init+0x10/0x10
[  545.233606][T13103]  psched_net_init+0x4a/0x70
[  545.233642][T13103]  ops_init+0x1e2/0x5f0
[  545.233677][T13103]  setup_net+0x118/0x3a0
[  545.233706][T13103]  ? __pfx_setup_net+0x10/0x10
[  545.233738][T13103]  ? mutex_init_lockdep+0xf1/0x120
[  545.233774][T13103]  copy_net_ns+0x46f/0x7c0
[  545.233812][T13103]  create_new_namespaces+0x3ea/0xac0
[  545.233856][T13103]  unshare_nsproxy_namespaces+0xf2/0x220
[  545.233896][T13103]  ksys_unshare+0x438/0xab0
[  545.233939][T13103]  ? __pfx_ksys_unshare+0x10/0x10
[  545.233977][T13103]  ? xfd_validate_state+0x129/0x190
[  545.234004][T13103]  ? exit_to_user_mode_loop+0xf3/0x670
[  545.234062][T13103]  __x64_sys_unshare+0x31/0x40
[  545.234114][T13103]  do_syscall_64+0x115/0x840
[  545.234155][T13103]  ? clear_bhb_loop+0x40/0x90
[  545.234192][T13103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.234222][T13103] RIP: 0033:0x7f8fc119ce59
[  545.234246][T13103] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  545.234274][T13103] RSP: 002b:00007f8fc206a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  545.234302][T13103] RAX: ffffffffffffffda RBX: 00007f8fc1416090 RCX: 00007f8fc119ce59
[  545.234322][T13103] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  545.234341][T13103] RBP: 00007f8fc1232d6f R08: 0000000000000000 R09: 0000000000000000
[  545.234359][T13103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  545.234376][T13103] R13: 00007f8fc1416128 R14: 00007f8fc1416090 R15: 00007fff151731a8
[  545.234415][T13103]  </TASK>
[  545.502092][T13100] random: crng reseeded on system resumption
[  546.690417][T12774] Bluetooth: hci2: ACL packet for unknown connection handle 0
[  547.338272][T13118] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  547.345592][T13118] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  547.352686][T13118] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  547.358898][T13118] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  547.365030][T13118] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  547.371128][T13118] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  547.379956][T13118] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  547.389468][T13118] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  547.395581][T13118] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  547.403453][T13118] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  548.794828][T12774] Bluetooth: hci0: command 0x0406 tx timeout
[  548.909258][T12774] Bluetooth: hci2: ACL packet for unknown connection handle 0
[  549.354609][T12774] Bluetooth: hci2: command 0x0406 tx timeout
[  549.354640][ T5647] Bluetooth: hci1: command 0x0406 tx timeout
[  549.444501][ T5647] Bluetooth: hci5: command 0x0c1a tx timeout
[  549.444554][T12774] Bluetooth: hci4: command 0x0c1a tx timeout
[  549.452690][ T5647] Bluetooth: hci3: command 0x0406 tx timeout
[  549.564177][T13174] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  549.570810][T13174] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  549.577153][T13174] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  549.583217][T13174] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  549.590057][T13174] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  549.597242][T13174] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  550.223466][T13213] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1383'.
[  551.036055][ T5647] Bluetooth: hci0: command 0x0406 tx timeout
[  551.439406][   T29] audit: type=1800 audit(1780417907.556:8): pid=13227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1386" name="dbroot" dev="configfs" ino=49450 res=0 errno=0
[  551.466563][T13227] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1386'.
[  551.594054][ T5647] Bluetooth: hci4: command 0x0c1a tx timeout
[  551.594099][T13193] Bluetooth: hci3: command 0x0406 tx timeout
[  551.600166][ T5639] Bluetooth: hci1: command 0x0406 tx timeout
[  551.606389][T13193] Bluetooth: hci2: command 0x0406 tx timeout
[  551.673394][T13231] Bluetooth: hci5: command 0x0c1a tx timeout
[  552.022843][T13234] usbcore.quirks: string doesn't fit in 127 chars.
[  552.061073][T13234] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1388'.
[  552.275993][T13241] FAULT_INJECTION: forcing a failure.
[  552.275993][T13241] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  552.289480][T13241] CPU: 1 UID: 0 PID: 13241 Comm: syz.1.1390 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  552.289525][T13241] Tainted: [L]=SOFTLOCKUP
[  552.289535][T13241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  552.289553][T13241] Call Trace:
[  552.289563][T13241]  <TASK>
[  552.289574][T13241]  dump_stack_lvl+0x100/0x190
[  552.289610][T13241]  should_fail_ex.cold+0x5/0xa
[  552.289647][T13241]  _copy_from_user+0x2e/0xd0
[  552.289688][T13241]  copy_mnt_id_req+0x108/0x350
[  552.289748][T13241]  __do_sys_listmount+0x184/0xee0
[  552.289778][T13241]  ? __pfx_do_futex+0x10/0x10
[  552.289813][T13241]  ? fput+0x79/0x100
[  552.289849][T13241]  ? __pfx___do_sys_listmount+0x10/0x10
[  552.289895][T13241]  ? rcu_is_watching+0x12/0xc0
[  552.289932][T13241]  do_syscall_64+0x115/0x840
[  552.289972][T13241]  ? clear_bhb_loop+0x40/0x90
[  552.290006][T13241]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.290036][T13241] RIP: 0033:0x7f8fc119ce59
[  552.290059][T13241] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  552.290086][T13241] RSP: 002b:00007f8fc208b028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca
[  552.290113][T13241] RAX: ffffffffffffffda RBX: 00007f8fc1415fa0 RCX: 00007f8fc119ce59
[  552.290132][T13241] RDX: 00000000000bc23c RSI: 0000000000000000 RDI: 0000200000000100
[  552.290150][T13241] RBP: 00007f8fc1232d6f R08: 0000000000000000 R09: 0000000000000000
[  552.290167][T13241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  552.290184][T13241] R13: 00007f8fc1416038 R14: 00007f8fc1415fa0 R15: 00007fff151731a8
[  552.290221][T13241]  </TASK>
[  553.674252][T13231] Bluetooth: hci4: command 0x0c1a tx timeout
[  553.752385][T13231] Bluetooth: hci5: command 0x0c1a tx timeout
[  553.987338][T13271] netlink: 346 bytes leftover after parsing attributes in process `syz.2.1395'.
[  555.132746][T13305] FAULT_INJECTION: forcing a failure.
[  555.132746][T13305] name failslab, interval 1, probability 0, space 0, times 0
[  555.151674][T13305] CPU: 0 UID: 0 PID: 13305 Comm: syz.2.1397 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  555.151713][T13305] Tainted: [L]=SOFTLOCKUP
[  555.151718][T13305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  555.151728][T13305] Call Trace:
[  555.151733][T13305]  <TASK>
[  555.151738][T13305]  dump_stack_lvl+0x100/0x190
[  555.151760][T13305]  should_fail_ex.cold+0x5/0xa
[  555.151784][T13305]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0
[  555.151822][T13305]  should_failslab+0xc2/0x120
[  555.151855][T13305]  __kmalloc_noprof+0xe0/0x850
[  555.151889][T13305]  genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0
[  555.151916][T13305]  genl_start+0x18f/0x970
[  555.151939][T13305]  __netlink_dump_start+0x60e/0x990
[  555.151961][T13305]  genl_family_rcv_msg_dumpit+0x1e2/0x2e0
[  555.151984][T13305]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  555.152007][T13305]  ? __pfx___mutex_lock+0x10/0x10
[  555.152033][T13305]  ? __pfx_genl_get_cmd+0x10/0x10
[  555.152051][T13305]  ? __pfx_genl_start+0x10/0x10
[  555.152070][T13305]  ? __pfx_genl_dumpit+0x10/0x10
[  555.152090][T13305]  ? __pfx_genl_done+0x10/0x10
[  555.152112][T13305]  ? __dev_queue_xmit+0xa10/0x4950
[  555.152132][T13305]  ? __radix_tree_lookup+0x217/0x2b0
[  555.152159][T13305]  genl_rcv_msg+0x471/0x800
[  555.152183][T13305]  ? __pfx_genl_rcv_msg+0x10/0x10
[  555.152204][T13305]  ? __pfx_ctrl_dumppolicy_start+0x10/0x10
[  555.152225][T13305]  ? __pfx_ctrl_dumppolicy+0x10/0x10
[  555.152245][T13305]  ? __pfx_ctrl_dumppolicy_done+0x10/0x10
[  555.152272][T13305]  netlink_rcv_skb+0x159/0x420
[  555.152291][T13305]  ? __pfx_genl_rcv_msg+0x10/0x10
[  555.152313][T13305]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  555.152340][T13305]  ? netlink_deliver_tap+0x1ae/0xcc0
[  555.152360][T13305]  genl_rcv+0x28/0x40
[  555.152379][T13305]  netlink_unicast+0x585/0x850
[  555.152403][T13305]  ? __pfx_netlink_unicast+0x10/0x10
[  555.152427][T13305]  netlink_sendmsg+0x8b0/0xda0
[  555.152450][T13305]  ? __pfx_netlink_sendmsg+0x10/0x10
[  555.152468][T13305]  ? __import_iovec+0x1d2/0x640
[  555.152491][T13305]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  555.152510][T13305]  ____sys_sendmsg+0x9e1/0xb70
[  555.152529][T13305]  ? __pfx_netlink_sendmsg+0x10/0x10
[  555.152550][T13305]  ? __pfx_____sys_sendmsg+0x10/0x10
[  555.152577][T13305]  ___sys_sendmsg+0x190/0x1e0
[  555.152599][T13305]  ? __pfx____sys_sendmsg+0x10/0x10
[  555.152642][T13305]  __sys_sendmsg+0x170/0x220
[  555.152657][T13305]  ? __pfx___sys_sendmsg+0x10/0x10
[  555.152678][T13305]  ? arch_syscall_is_vdso_sigreturn+0xb6/0x200
[  555.152701][T13305]  ? syscall_user_dispatch+0x76/0x130
[  555.152719][T13305]  do_syscall_64+0x115/0x840
[  555.152740][T13305]  ? clear_bhb_loop+0x40/0x90
[  555.152758][T13305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  555.152773][T13305] RIP: 0033:0x7f4edcd9ce59
[  555.152787][T13305] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  555.152802][T13305] RSP: 002b:00007f4eddca5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  555.152816][T13305] RAX: ffffffffffffffda RBX: 00007f4edd016090 RCX: 00007f4edcd9ce59
[  555.152825][T13305] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 000000000000000b
[  555.152834][T13305] RBP: 00007f4eddca5090 R08: 0000000000000000 R09: 0000000000000000
[  555.152843][T13305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  555.152851][T13305] R13: 00007f4edd016128 R14: 00007f4edd016090 R15: 00007ffd47e98398
[  555.152870][T13305]  </TASK>
[  555.882310][T13316] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1399'.
[  556.900292][T13347] FAULT_INJECTION: forcing a failure.
[  556.900292][T13347] name failslab, interval 1, probability 0, space 0, times 0
[  556.932354][T13347] CPU: 1 UID: 0 PID: 13347 Comm: syz.1.1401 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  556.932395][T13347] Tainted: [L]=SOFTLOCKUP
[  556.932403][T13347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  556.932418][T13347] Call Trace:
[  556.932426][T13347]  <TASK>
[  556.932436][T13347]  dump_stack_lvl+0x100/0x190
[  556.932468][T13347]  should_fail_ex.cold+0x5/0xa
[  556.932499][T13347]  should_failslab+0xc2/0x120
[  556.932527][T13347]  __kmalloc_cache_noprof+0x7a/0x6f0
[  556.932560][T13347]  ? alloc_pipe_info+0x10e/0x590
[  556.932590][T13347]  ? find_held_lock+0x2b/0x80
[  556.932623][T13347]  alloc_pipe_info+0x10e/0x590
[  556.932656][T13347]  splice_direct_to_actor+0x78f/0xa30
[  556.932688][T13347]  ? __pfx_direct_splice_actor+0x10/0x10
[  556.932719][T13347]  ? __pfx_aa_file_perm+0x10/0x10
[  556.932753][T13347]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  556.932791][T13347]  do_splice_direct+0x174/0x240
[  556.932821][T13347]  ? __pfx_do_splice_direct+0x10/0x10
[  556.932852][T13347]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  556.932887][T13347]  ? rw_verify_area+0xce/0x6d0
[  556.932918][T13347]  do_sendfile+0xadc/0xe20
[  556.932956][T13347]  ? __pfx_do_sendfile+0x10/0x10
[  556.932984][T13347]  ? do_handle_open+0x2ca/0xce0
[  556.933044][T13347]  __x64_sys_sendfile64+0x1d8/0x220
[  556.933080][T13347]  ? ksys_write+0x1ac/0x250
[  556.933109][T13347]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  556.933147][T13347]  ? rcu_is_watching+0x12/0xc0
[  556.933182][T13347]  do_syscall_64+0x115/0x840
[  556.933219][T13347]  ? clear_bhb_loop+0x40/0x90
[  556.933252][T13347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.933281][T13347] RIP: 0033:0x7f8fc119ce59
[  556.933304][T13347] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  556.933330][T13347] RSP: 002b:00007f8fc206a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  556.933356][T13347] RAX: ffffffffffffffda RBX: 00007f8fc1416090 RCX: 00007f8fc119ce59
[  556.933375][T13347] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000002
[  556.933391][T13347] RBP: 00007f8fc206a090 R08: 0000000000000000 R09: 0000000000000000
[  556.933407][T13347] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  556.933423][T13347] R13: 00007f8fc1416128 R14: 00007f8fc1416090 R15: 00007fff151731a8
[  556.933459][T13347]  </TASK>
[  560.171588][T13368] FAULT_INJECTION: forcing a failure.
[  560.171588][T13368] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  560.199403][T13368] CPU: 1 UID: 0 PID: 13368 Comm: syz.2.1404 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  560.199449][T13368] Tainted: [L]=SOFTLOCKUP
[  560.199460][T13368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  560.199478][T13368] Call Trace:
[  560.199487][T13368]  <TASK>
[  560.199497][T13368]  dump_stack_lvl+0x100/0x190
[  560.199532][T13368]  should_fail_ex.cold+0x5/0xa
[  560.199568][T13368]  _copy_from_user+0x2e/0xd0
[  560.199608][T13368]  copy_mnt_id_req+0x108/0x350
[  560.199658][T13368]  __do_sys_listmount+0x184/0xee0
[  560.199688][T13368]  ? __pfx_do_futex+0x10/0x10
[  560.199722][T13368]  ? fput+0x79/0x100
[  560.199761][T13368]  ? __pfx___do_sys_listmount+0x10/0x10
[  560.199798][T13368]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[  560.199832][T13368]  ? fput+0x79/0x100
[  560.199879][T13368]  ? rcu_is_watching+0x12/0xc0
[  560.199925][T13368]  do_syscall_64+0x115/0x840
[  560.199966][T13368]  ? clear_bhb_loop+0x40/0x90
[  560.200002][T13368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.200032][T13368] RIP: 0033:0x7f4edcd9ce59
[  560.200057][T13368] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  560.200085][T13368] RSP: 002b:00007f4eddcc6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca
[  560.200113][T13368] RAX: ffffffffffffffda RBX: 00007f4edd015fa0 RCX: 00007f4edcd9ce59
[  560.200133][T13368] RDX: 00000000000bc23c RSI: 0000000000000000 RDI: 0000200000000100
[  560.200152][T13368] RBP: 00007f4edce32d6f R08: 0000000000000000 R09: 0000000000000000
[  560.200170][T13368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  560.200187][T13368] R13: 00007f4edd016038 R14: 00007f4edd015fa0 R15: 00007ffd47e98398
[  560.200224][T13368]  </TASK>
[  562.764026][T13231] Bluetooth: hci2: ACL packet for unknown connection handle 0
[  563.034496][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  563.041931][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  563.170724][T13407] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  563.189201][T13407] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  563.197415][T13407] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  563.206869][T13407] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  563.214681][T13407] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  563.227805][T13407] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  563.544981][T13433] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1411'.
[  563.562326][T13433] ipvlan1: entered promiscuous mode
[  563.568055][T13433] ipvlan1: entered allmulticast mode
[  563.573546][T13433] veth0_vlan: entered allmulticast mode
[  564.849231][T13459] usbcore.quirks: string doesn't fit in 127 chars.
[  564.912056][T13459] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1416'.
[  564.958371][T13231] Bluetooth: hci0: command 0x0406 tx timeout
[  565.266673][T13231] Bluetooth: hci5: command 0x0c1a tx timeout
[  565.266709][T12774] Bluetooth: hci4: command 0x0c1a tx timeout
[  565.272776][T13193] Bluetooth: hci3: command 0x0406 tx timeout
[  565.278892][ T5639] Bluetooth: hci1: command 0x0406 tx timeout
[  565.284780][T13231] Bluetooth: hci2: command 0x0406 tx timeout
[  565.302115][T13463] FAULT_INJECTION: forcing a failure.
[  565.302115][T13463] name failslab, interval 1, probability 0, space 0, times 0
[  565.314917][T13463] CPU: 1 UID: 0 PID: 13463 Comm: syz.1.1418 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  565.314963][T13463] Tainted: [L]=SOFTLOCKUP
[  565.314974][T13463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  565.314992][T13463] Call Trace:
[  565.315003][T13463]  <TASK>
[  565.315015][T13463]  dump_stack_lvl+0x100/0x190
[  565.315052][T13463]  should_fail_ex.cold+0x5/0xa
[  565.315091][T13463]  should_failslab+0xc2/0x120
[  565.315127][T13463]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  565.315172][T13463]  ? security_file_alloc+0x34/0x2c0
[  565.315217][T13463]  ? trace_kmem_cache_alloc+0xd5/0x100
[  565.315256][T13463]  security_file_alloc+0x34/0x2c0
[  565.315295][T13463]  init_file+0x95/0x480
[  565.315337][T13463]  alloc_empty_file+0x79/0x1c0
[  565.315381][T13463]  alloc_file_pseudo+0x13a/0x230
[  565.315425][T13463]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  565.315477][T13463]  __shmem_file_setup+0x205/0x460
[  565.315519][T13463]  ? __pfx___shmem_file_setup+0x10/0x10
[  565.315562][T13463]  ? vm_area_alloc+0x1f/0x160
[  565.315608][T13463]  shmem_zero_setup+0x96/0x1b0
[  565.315640][T13463]  __mmap_region+0x2509/0x2dd0
[  565.315691][T13463]  ? __pfx___mmap_region+0x10/0x10
[  565.315765][T13463]  ? do_raw_spin_lock+0x128/0x260
[  565.315821][T13463]  ? do_raw_spin_lock+0x128/0x260
[  565.315853][T13463]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  565.315898][T13463]  ? hrtimer_start_range_ns+0x860/0x1a50
[  565.315934][T13463]  ? find_held_lock+0x2b/0x80
[  565.315968][T13463]  ? finish_task_switch.isra.0+0x2c6/0x1010
[  565.316066][T13463]  mmap_region+0x35d/0x620
[  565.316095][T13463]  ? rcu_is_watching+0x12/0xc0
[  565.316128][T13463]  ? __pfx_mmap_region+0x10/0x10
[  565.316160][T13463]  ? cap_mmap_addr+0x4b/0x120
[  565.316187][T13463]  ? bpf_lsm_mmap_addr+0x9/0x30
[  565.316220][T13463]  ? security_mmap_addr+0x71/0x1e0
[  565.316261][T13463]  ? __get_unmapped_area+0x255/0x3e0
[  565.316302][T13463]  do_mmap+0xc63/0x12f0
[  565.316344][T13463]  ? __pfx_do_mmap+0x10/0x10
[  565.316379][T13463]  ? __pfx_down_write_killable+0x10/0x10
[  565.316425][T13463]  vm_mmap_pgoff+0x29e/0x470
[  565.316464][T13463]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  565.316502][T13463]  ? do_futex+0x192/0x350
[  565.316533][T13463]  ? __pfx_do_futex+0x10/0x10
[  565.316569][T13463]  ksys_mmap_pgoff+0xe4/0x610
[  565.316605][T13463]  ? __x64_sys_futex+0x358/0x4d0
[  565.316635][T13463]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[  565.316669][T13463]  ? xfd_validate_state+0x129/0x190
[  565.316710][T13463]  __x64_sys_mmap+0x125/0x190
[  565.316745][T13463]  do_syscall_64+0x115/0x840
[  565.316784][T13463]  ? clear_bhb_loop+0x40/0x90
[  565.316821][T13463]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  565.316850][T13463] RIP: 0033:0x7f8fc119ce59
[  565.316875][T13463] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  565.316904][T13463] RSP: 002b:00007f8fc208b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  565.316931][T13463] RAX: ffffffffffffffda RBX: 00007f8fc1415fa0 RCX: 00007f8fc119ce59
[  565.316950][T13463] RDX: 00004000000000df RSI: 0000000000020009 RDI: 0000000000000000
[  565.316966][T13463] RBP: 00007f8fc1232d6f R08: 0000000000000401 R09: 0000000000008000
[  565.316981][T13463] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000
[  565.316996][T13463] R13: 00007f8fc1416038 R14: 00007f8fc1415fa0 R15: 00007fff151731a8
[  565.317034][T13463]  </TASK>
[  565.926592][T13470] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1420'.
[  567.034368][T13479] FAULT_INJECTION: forcing a failure.
[  567.034368][T13479] name failslab, interval 1, probability 0, space 0, times 0
[  567.060621][T13479] CPU: 1 UID: 0 PID: 13479 Comm: syz.1.1421 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  567.060660][T13479] Tainted: [L]=SOFTLOCKUP
[  567.060669][T13479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  567.060683][T13479] Call Trace:
[  567.060691][T13479]  <TASK>
[  567.060701][T13479]  dump_stack_lvl+0x100/0x190
[  567.060726][T13479]  should_fail_ex.cold+0x5/0xa
[  567.060746][T13479]  ? tomoyo_encode2+0xfb/0x3c0
[  567.060766][T13479]  should_failslab+0xc2/0x120
[  567.060784][T13479]  __kmalloc_noprof+0xe0/0x850
[  567.060796][T13479]  ? d_absolute_path+0x136/0x1b0
[  567.060814][T13479]  tomoyo_encode2+0xfb/0x3c0
[  567.060837][T13479]  tomoyo_encode+0x29/0x50
[  567.060857][T13479]  tomoyo_realpath_from_path+0x18c/0x690
[  567.060882][T13479]  tomoyo_path_number_perm+0x23c/0x580
[  567.060900][T13479]  ? tomoyo_path_number_perm+0x22e/0x580
[  567.060919][T13479]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  567.060955][T13479]  ? find_held_lock+0x2b/0x80
[  567.060973][T13479]  ? __fget_files+0x215/0x3d0
[  567.060990][T13479]  ? hook_file_ioctl_common+0x149/0x410
[  567.061012][T13479]  ? __fget_files+0x215/0x3d0
[  567.061039][T13479]  ? __fget_files+0x21f/0x3d0
[  567.061059][T13479]  security_file_ioctl+0xd3/0x230
[  567.061078][T13479]  __x64_sys_ioctl+0xb7/0x210
[  567.061095][T13479]  do_syscall_64+0x115/0x840
[  567.061115][T13479]  ? clear_bhb_loop+0x40/0x90
[  567.061133][T13479]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.061149][T13479] RIP: 0033:0x7f8fc119ce59
[  567.061162][T13479] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  567.061177][T13479] RSP: 002b:00007f8fc206a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  567.061191][T13479] RAX: ffffffffffffffda RBX: 00007f8fc1416090 RCX: 00007f8fc119ce59
[  567.061201][T13479] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000002
[  567.061210][T13479] RBP: 00007f8fc206a090 R08: 0000000000000000 R09: 0000000000000000
[  567.061218][T13479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  567.061227][T13479] R13: 00007f8fc1416128 R14: 00007f8fc1416090 R15: 00007fff151731a8
[  567.061245][T13479]  </TASK>
[  567.061276][T13479] ERROR: Out of memory at tomoyo_realpath_from_path.
[  569.723624][T13504] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.117254][T13511] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1426'.
[  571.488508][T13533] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1430'.
[  572.492236][T13551] netlink: 346 bytes leftover after parsing attributes in process `syz.2.1434'.
[  574.309616][T13612] usbcore.quirks: string doesn't fit in 127 chars.
[  574.326794][T13612] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1443'.
[  575.273931][T13636] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1449'.
[  578.042609][T13665] usbcore.quirks: string doesn't fit in 127 chars.
[  578.083211][T13665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1455'.
[  581.410932][T13700] netlink: 'syz.1.1462': attribute type 33 has an invalid length.
[  581.702545][T13705] usbcore.quirks: string doesn't fit in 127 chars.
[  581.716771][T13705] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1464'.
[  583.164725][T13726] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1468'.
[  584.644202][T13731] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  584.650452][T13731] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  584.656501][T13731] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  584.662655][T13731] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  584.668851][T13731] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  584.674897][T13731] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  585.757667][T13745] syz.1.1472 (13745) used greatest stack depth: 19040 bytes left
[  586.056342][T13193] Bluetooth: hci0: command 0x0406 tx timeout
[  586.696198][T13193] Bluetooth: hci5: command 0x0c1a tx timeout
[  586.696250][T13465] Bluetooth: hci4: command 0x0c1a tx timeout
[  586.702309][ T5647] Bluetooth: hci3: command 0x0406 tx timeout
[  586.708334][T13231] Bluetooth: hci1: command 0x0406 tx timeout
[  586.708374][T13231] Bluetooth: hci2: command 0x0406 tx timeout
[  589.567441][T13796] usbcore.quirks: string doesn't fit in 127 chars.
[  589.584052][T13796] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1482'.
[  590.071229][T13465] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  590.084970][T13465] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  590.093836][T13465] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  590.105007][T13465] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  590.113034][T13465] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  590.697668][T13465] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  590.719975][T13465] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  590.728301][T13465] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  590.739264][T13465] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  590.747763][T13465] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  591.267381][T13804] bridge0: port 1(bridge_slave_0) entered blocking state
[  591.297326][T13804] bridge0: port 1(bridge_slave_0) entered disabled state
[  591.319832][T13804] bridge_slave_0: entered allmulticast mode
[  591.348871][T13804] bridge_slave_0: entered promiscuous mode
[  591.365276][T13804] bridge0: port 2(bridge_slave_1) entered blocking state
[  591.385424][T13804] bridge0: port 2(bridge_slave_1) entered disabled state
[  591.399092][T13804] bridge_slave_1: entered allmulticast mode
[  591.420492][T13804] bridge_slave_1: entered promiscuous mode
[  591.502660][T13804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  591.552936][T13804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  591.625971][T13804] team0: Port device team_slave_0 added
[  591.644835][T13804] team0: Port device team_slave_1 added
[  591.738301][T13804] batman_adv: batadv0: Adding interface: batadv_slave_0
[  591.748989][T13804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  591.777984][T13804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  591.813830][T13804] batman_adv: batadv0: Adding interface: batadv_slave_1
[  591.823240][T13804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  591.868861][T13804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  592.024601][T13804] hsr_slave_0: entered promiscuous mode
[  592.041885][T13804] hsr_slave_1: entered promiscuous mode
[  592.050175][T13804] debugfs: 'hsr0' already exists in 'hsr'
[  592.062636][T13804] Cannot create hsr debugfs directory
[  592.213243][T13231] Bluetooth: hci6: command tx timeout
[  592.241088][T13844] netlink: 208 bytes leftover after parsing attributes in process `syz.1.1485'.
[  592.397182][T13817] bridge0: port 1(bridge_slave_0) entered blocking state
[  592.405262][T13817] bridge0: port 1(bridge_slave_0) entered disabled state
[  592.412803][T13817] bridge_slave_0: entered allmulticast mode
[  592.423350][T13817] bridge_slave_0: entered promiscuous mode
[  592.434028][T13817] bridge0: port 2(bridge_slave_1) entered blocking state
[  592.442483][T13817] bridge0: port 2(bridge_slave_1) entered disabled state
[  592.449922][T13817] bridge_slave_1: entered allmulticast mode
[  592.458086][T13817] bridge_slave_1: entered promiscuous mode
[  592.500380][T13817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  592.518037][T13817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  592.549454][T13853] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1487'.
[  592.572673][T13817] team0: Port device team_slave_0 added
[  592.605226][T13817] team0: Port device team_slave_1 added
[  592.758787][T13817] batman_adv: batadv0: Adding interface: batadv_slave_0
[  592.770617][T13817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  592.808327][T13817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  592.827890][T13817] batman_adv: batadv0: Adding interface: batadv_slave_1
[  592.834927][T13817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  592.860971][T13817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  592.872058][T13231] Bluetooth: hci7: command tx timeout
[  593.105414][T13817] hsr_slave_0: entered promiscuous mode
[  593.115791][T13817] hsr_slave_1: entered promiscuous mode
[  593.125360][T13817] debugfs: 'hsr0' already exists in 'hsr'
[  593.131116][T13817] Cannot create hsr debugfs directory
[  594.302064][T13231] Bluetooth: hci6: command tx timeout
[  594.565978][T13877] FAULT_INJECTION: forcing a failure.
[  594.565978][T13877] name failslab, interval 1, probability 0, space 0, times 0
[  594.580009][T13877] CPU: 1 UID: 0 PID: 13877 Comm: syz.2.1493 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  594.580055][T13877] Tainted: [L]=SOFTLOCKUP
[  594.580065][T13877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  594.580082][T13877] Call Trace:
[  594.580092][T13877]  <TASK>
[  594.580102][T13877]  dump_stack_lvl+0x100/0x190
[  594.580144][T13877]  should_fail_ex.cold+0x5/0xa
[  594.580182][T13877]  should_failslab+0xc2/0x120
[  594.580216][T13877]  __kvmalloc_node_noprof+0xfa/0xa00
[  594.580246][T13877]  ? io_alloc_cache_init+0x38/0x170
[  594.580280][T13877]  ? lockdep_init_map_type+0x5c/0x250
[  594.580331][T13877]  io_alloc_cache_init+0x38/0x170
[  594.580367][T13877]  io_uring_setup.cold+0x3cd/0x1c6e
[  594.580416][T13877]  ? __pfx_io_uring_setup+0x10/0x10
[  594.580470][T13877]  ? do_futex+0x192/0x350
[  594.580500][T13877]  ? __pfx_do_futex+0x10/0x10
[  594.580547][T13877]  ? xfd_validate_state+0x129/0x190
[  594.580574][T13877]  ? exit_to_user_mode_loop+0xf3/0x670
[  594.580629][T13877]  __x64_sys_io_uring_setup+0xc2/0x170
[  594.580676][T13877]  do_syscall_64+0x115/0x840
[  594.580714][T13877]  ? clear_bhb_loop+0x40/0x90
[  594.580750][T13877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  594.580779][T13877] RIP: 0033:0x7f4edcd9ce59
[  594.580803][T13877] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  594.580831][T13877] RSP: 002b:00007f4eddcc6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[  594.580859][T13877] RAX: ffffffffffffffda RBX: 00007f4edd015fa0 RCX: 00007f4edcd9ce59
[  594.580879][T13877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  594.580897][T13877] RBP: 00007f4edce32d6f R08: 0000000000000000 R09: 0000000000000000
[  594.580915][T13877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  594.580932][T13877] R13: 00007f4edd016038 R14: 00007f4edd015fa0 R15: 00007ffd47e98398
[  594.580969][T13877]  </TASK>
[  594.857856][T13883] tipc: Trying to set illegal importance in message
[  594.932284][T13231] Bluetooth: hci7: command tx timeout
[  594.992238][T13886] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1495'.
[  595.004232][T13886] netlink: 'syz.2.1495': attribute type 1 has an invalid length.
[  595.014944][T13886] netlink: 51465 bytes leftover after parsing attributes in process `syz.2.1495'.
[  595.337093][T13889] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1496'.
[  595.813583][T13894] netlink: 245 bytes leftover after parsing attributes in process `syz.2.1497'.
[  596.371138][T13231] Bluetooth: hci6: command tx timeout
[  597.009862][T13914] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1502'.
[  597.021151][T13231] Bluetooth: hci7: command tx timeout
[  598.061669][T13942] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1507'.
[  598.449925][T13231] Bluetooth: hci6: command tx timeout
[  599.089972][T13231] Bluetooth: hci7: command tx timeout
[  600.463309][T13985] FAULT_INJECTION: forcing a failure.
[  600.463309][T13985] name failslab, interval 1, probability 0, space 0, times 0
[  600.477349][T13985] CPU: 1 UID: 0 PID: 13985 Comm: syz.2.1518 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  600.477376][T13985] Tainted: [L]=SOFTLOCKUP
[  600.477382][T13985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  600.477391][T13985] Call Trace:
[  600.477397][T13985]  <TASK>
[  600.477403][T13985]  dump_stack_lvl+0x100/0x190
[  600.477424][T13985]  should_fail_ex.cold+0x5/0xa
[  600.477444][T13985]  should_failslab+0xc2/0x120
[  600.477464][T13985]  __kmalloc_cache_noprof+0x7a/0x6f0
[  600.477485][T13985]  ? io_uring_setup.cold+0x6c/0x1c6e
[  600.477508][T13985]  ? rep_movs_alternative+0x4a/0x90
[  600.477528][T13985]  io_uring_setup.cold+0x6c/0x1c6e
[  600.477552][T13985]  ? __pfx_io_uring_setup+0x10/0x10
[  600.477578][T13985]  ? do_futex+0x192/0x350
[  600.477594][T13985]  ? __pfx_do_futex+0x10/0x10
[  600.477618][T13985]  ? xfd_validate_state+0x129/0x190
[  600.477632][T13985]  ? exit_to_user_mode_loop+0xf3/0x670
[  600.477661][T13985]  __x64_sys_io_uring_setup+0xc2/0x170
[  600.477684][T13985]  do_syscall_64+0x115/0x840
[  600.477703][T13985]  ? clear_bhb_loop+0x40/0x90
[  600.477721][T13985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.477736][T13985] RIP: 0033:0x7f4edcd9ce59
[  600.477749][T13985] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  600.477763][T13985] RSP: 002b:00007f4eddcc6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[  600.477782][T13985] RAX: ffffffffffffffda RBX: 00007f4edd015fa0 RCX: 00007f4edcd9ce59
[  600.477792][T13985] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  600.477801][T13985] RBP: 00007f4edce32d6f R08: 0000000000000000 R09: 0000000000000000
[  600.477810][T13985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  600.477819][T13985] R13: 00007f4edd016038 R14: 00007f4edd015fa0 R15: 00007ffd47e98398
[  600.477839][T13985]  </TASK>
[  600.964616][T13992] usbcore.quirks: string doesn't fit in 127 chars.
[  600.987572][T13992] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1521'.
[  603.347879][T14034] usbcore.quirks: string doesn't fit in 127 chars.
[  603.401132][T14034] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1528'.
[  603.824098][T14042] random: crng reseeded on system resumption
[  605.033577][T14068] Console: switching to colour VGA+ 80x25
[  610.870487][T14182] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1542'.
[  611.709328][T14200] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1546'.
[  612.625959][T14208] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1547'.
[  614.156403][T14240] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1)
[  614.318324][T14243] FAULT_INJECTION: forcing a failure.
[  614.318324][T14243] name failslab, interval 1, probability 0, space 0, times 0
[  614.343527][T14243] CPU: 0 UID: 0 PID: 14243 Comm: syz.1.1555 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  614.343553][T14243] Tainted: [L]=SOFTLOCKUP
[  614.343559][T14243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  614.343568][T14243] Call Trace:
[  614.343573][T14243]  <TASK>
[  614.343579][T14243]  dump_stack_lvl+0x100/0x190
[  614.343608][T14243]  should_fail_ex.cold+0x5/0xa
[  614.343629][T14243]  should_failslab+0xc2/0x120
[  614.343649][T14243]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  614.343673][T14243]  ? ptlock_alloc+0x1f/0x70
[  614.343693][T14243]  ? do_raw_spin_lock+0x128/0x260
[  614.343712][T14243]  ptlock_alloc+0x1f/0x70
[  614.343735][T14243]  pte_alloc_one+0x82/0x3d0
[  614.343755][T14243]  do_fault+0x86c/0x1750
[  614.343773][T14243]  ? __pmd_alloc+0x3fb/0x950
[  614.343793][T14243]  __handle_mm_fault+0x187d/0x2a00
[  614.343818][T14243]  ? mt_find+0x45e/0x8e0
[  614.343843][T14243]  ? __pfx___handle_mm_fault+0x10/0x10
[  614.343864][T14243]  ? __pfx_mt_find+0x10/0x10
[  614.343896][T14243]  ? find_vma+0xbf/0x140
[  614.343912][T14243]  ? __pfx_find_vma+0x10/0x10
[  614.343931][T14243]  handle_mm_fault+0x37b/0xa30
[  614.343957][T14243]  do_user_addr_fault+0x74c/0x12f0
[  614.343976][T14243]  ? trace_page_fault_kernel+0x7a/0x200
[  614.343994][T14243]  exc_page_fault+0x6f/0xd0
[  614.344015][T14243]  asm_exc_page_fault+0x26/0x30
[  614.344029][T14243] RIP: 0010:rep_movs_alternative+0x30/0x90
[  614.344046][T14243] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 cd 9c 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[  614.344061][T14243] RSP: 0018:ffffc90005217a98 EFLAGS: 00050212
[  614.344074][T14243] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000024
[  614.344083][T14243] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc90005217b28
[  614.344091][T14243] RBP: 0000000000000024 R08: 0000000000000001 R09: fffff52000a42f69
[  614.344100][T14243] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000
[  614.344108][T14243] R13: ffffc90005217b28 R14: 0000000000000000 R15: 000000000000b6bd
[  614.344127][T14243]  _copy_from_user+0x98/0xd0
[  614.344148][T14243]  sg_write+0x2af/0xdb0
[  614.344172][T14243]  ? __pfx_sg_write+0x10/0x10
[  614.344211][T14243]  ? apparmor_file_permission+0x13f/0x1c0
[  614.344230][T14243]  ? bpf_lsm_file_permission+0x9/0x10
[  614.344244][T14243]  ? security_file_permission+0x76/0x210
[  614.344268][T14243]  ? rw_verify_area+0xce/0x6d0
[  614.344286][T14243]  vfs_write+0x2aa/0x1070
[  614.344302][T14243]  ? __pfx_sg_write+0x10/0x10
[  614.344324][T14243]  ? __pfx_vfs_write+0x10/0x10
[  614.344339][T14243]  ? find_held_lock+0x2b/0x80
[  614.344356][T14243]  ? __fget_files+0x215/0x3d0
[  614.344372][T14243]  ? __fget_files+0x215/0x3d0
[  614.344392][T14243]  ? __fget_files+0x21f/0x3d0
[  614.344414][T14243]  ksys_write+0x12a/0x250
[  614.344430][T14243]  ? __pfx_ksys_write+0x10/0x10
[  614.344448][T14243]  ? rcu_is_watching+0x12/0xc0
[  614.344468][T14243]  do_syscall_64+0x115/0x840
[  614.344487][T14243]  ? clear_bhb_loop+0x40/0x90
[  614.344505][T14243]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.344519][T14243] RIP: 0033:0x7f8fc119ce59
[  614.344531][T14243] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  614.344545][T14243] RSP: 002b:00007f8fc208b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  614.344558][T14243] RAX: ffffffffffffffda RBX: 00007f8fc1415fa0 RCX: 00007f8fc119ce59
[  614.344568][T14243] RDX: 000000000000b6bd RSI: 0000000000000000 RDI: 0000000000000003
[  614.344576][T14243] RBP: 00007f8fc1232d6f R08: 0000000000000000 R09: 0000000000000000
[  614.344592][T14243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  614.344601][T14243] R13: 00007f8fc1416038 R14: 00007f8fc1415fa0 R15: 00007fff151731a8
[  614.344621][T14243]  </TASK>
[  618.059166][T14279] netlink: 346 bytes leftover after parsing attributes in process `syz.2.1561'.
[  619.537854][T14314] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1569'.
[  620.415809][T14336] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1)
[  621.680369][T14375] usbcore.quirks: string doesn't fit in 127 chars.
[  621.706163][T14375] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1584'.
[  622.289666][T14394] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1586'.
[  622.298890][T14394] nbd: must specify a size in bytes for the device
[  622.520910][T14407] FAULT_INJECTION: forcing a failure.
[  622.520910][T14407] name fail_futex, interval 1, probability 0, space 0, times 0
[  622.535322][T14407] CPU: 0 UID: 0 PID: 14407 Comm: syz.2.1587 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  622.535370][T14407] Tainted: [L]=SOFTLOCKUP
[  622.535380][T14407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  622.535398][T14407] Call Trace:
[  622.535408][T14407]  <TASK>
[  622.535419][T14407]  dump_stack_lvl+0x100/0x190
[  622.535454][T14407]  should_fail_ex.cold+0x5/0xa
[  622.535492][T14407]  get_futex_key+0x1d2/0x1510
[  622.535542][T14407]  ? __pfx_get_futex_key+0x10/0x10
[  622.535589][T14407]  ? choose_idle_cpu+0x18d/0x270
[  622.535629][T14407]  ? __pfx_call_function_single_prep_ipi+0x10/0x10
[  622.535675][T14407]  ? ttwu_queue_wakelist+0x2fd/0x450
[  622.535713][T14407]  futex_wait_setup+0x83/0x510
[  622.535758][T14407]  __futex_wait+0x19f/0x300
[  622.535797][T14407]  ? __pfx___futex_wait+0x10/0x10
[  622.535830][T14407]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  622.535871][T14407]  ? __pfx_futex_wake_mark+0x10/0x10
[  622.535919][T14407]  ? find_held_lock+0x2b/0x80
[  622.535938][T14407]  ? futex_wake+0x456/0x530
[  622.535959][T14407]  futex_wait+0xe6/0x370
[  622.535979][T14407]  ? __pfx_futex_wait+0x10/0x10
[  622.536002][T14407]  ? __do_sys_listmount+0x1ce/0xee0
[  622.536018][T14407]  ? rcu_is_watching+0x12/0xc0
[  622.536034][T14407]  ? __do_sys_listmount+0x1ce/0xee0
[  622.536053][T14407]  ? kfree+0x1dd/0x6c0
[  622.536075][T14407]  do_futex+0x1ef/0x350
[  622.536091][T14407]  ? __pfx_do_futex+0x10/0x10
[  622.536111][T14407]  __x64_sys_futex+0x34f/0x4d0
[  622.536128][T14407]  ? fput+0x79/0x100
[  622.536147][T14407]  ? __pfx___x64_sys_futex+0x10/0x10
[  622.536168][T14407]  ? rcu_is_watching+0x12/0xc0
[  622.536186][T14407]  do_syscall_64+0x115/0x840
[  622.536206][T14407]  ? clear_bhb_loop+0x40/0x90
[  622.536223][T14407]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  622.536239][T14407] RIP: 0033:0x7f4edcd9ce59
[  622.536253][T14407] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  622.536268][T14407] RSP: 002b:00007f4eddcc60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  622.536283][T14407] RAX: ffffffffffffffda RBX: 00007f4edd015fa8 RCX: 00007f4edcd9ce59
[  622.536293][T14407] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4edd015fa8
[  622.536302][T14407] RBP: 00007f4edd015fa0 R08: 0000000000000000 R09: 0000000000000000
[  622.536311][T14407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  622.536320][T14407] R13: 00007f4edd016038 R14: 00007ffd47e982b0 R15: 00007ffd47e98398
[  622.536340][T14407]  </TASK>
[  624.440734][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  624.447223][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  633.414793][T14462] FAULT_INJECTION: forcing a failure.
[  633.414793][T14462] name failslab, interval 1, probability 0, space 0, times 0
[  633.429675][T14462] CPU: 1 UID: 0 PID: 14462 Comm: syz.2.1595 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  633.429721][T14462] Tainted: [L]=SOFTLOCKUP
[  633.429731][T14462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  633.429747][T14462] Call Trace:
[  633.429756][T14462]  <TASK>
[  633.429766][T14462]  dump_stack_lvl+0x100/0x190
[  633.429814][T14462]  should_fail_ex.cold+0x5/0xa
[  633.429853][T14462]  should_failslab+0xc2/0x120
[  633.429886][T14462]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  633.429928][T14462]  ? anon_vma_fork+0x8d/0x6b0
[  633.429973][T14462]  anon_vma_fork+0x8d/0x6b0
[  633.430012][T14462]  ? vm_area_dup+0x59d/0x8e0
[  633.430052][T14462]  dup_mmap+0x143e/0x21b0
[  633.430100][T14462]  ? __pfx_dup_mmap+0x10/0x10
[  633.430134][T14462]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  633.430180][T14462]  ? __lock_acquire+0x4a5/0x2630
[  633.430229][T14462]  ? find_held_lock+0x2b/0x80
[  633.430263][T14462]  ? __percpu_counter_init_many+0x2bc/0x3b0
[  633.430335][T14462]  copy_process+0x6c78/0x7ed0
[  633.430373][T14462]  ? __futex_wait+0x256/0x300
[  633.430430][T14462]  ? __pfx_copy_process+0x10/0x10
[  633.430466][T14462]  ? find_held_lock+0x2b/0x80
[  633.430510][T14462]  kernel_clone+0x176/0x9e0
[  633.430544][T14462]  ? __pfx_futex_wait+0x10/0x10
[  633.430577][T14462]  ? __pfx_kernel_clone+0x10/0x10
[  633.430637][T14462]  __do_sys_clone+0xd9/0x120
[  633.430676][T14462]  ? __pfx___do_sys_clone+0x10/0x10
[  633.430734][T14462]  ? __pfx_do_writev+0x10/0x10
[  633.430769][T14462]  ? rcu_is_watching+0x12/0xc0
[  633.430815][T14462]  do_syscall_64+0x115/0x840
[  633.430855][T14462]  ? clear_bhb_loop+0x40/0x90
[  633.430893][T14462]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.430923][T14462] RIP: 0033:0x7f4edcd9ce59
[  633.430948][T14462] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  633.430977][T14462] RSP: 002b:00007f4eddcc6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  633.431007][T14462] RAX: ffffffffffffffda RBX: 00007f4edd015fa0 RCX: 00007f4edcd9ce59
[  633.431027][T14462] RDX: 0000000000000000 RSI: fffffffffffffc4d RDI: 0000000000000002
[  633.431045][T14462] RBP: 00007f4edce32d6f R08: 0000000005000000 R09: 0000000000000000
[  633.431063][T14462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  633.431079][T14462] R13: 00007f4edd016038 R14: 00007f4edd015fa0 R15: 00007ffd47e98398
[  633.431118][T14462]  </TASK>
[  637.213619][T14478] block nbd2: not configured, cannot reconfigure
[  637.861964][T13465] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  637.879526][T13465] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  637.888354][T13465] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  637.896525][T13465] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  637.904844][T13465] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  639.263943][T14485] bridge0: port 1(bridge_slave_0) entered blocking state
[  639.271418][T14485] bridge0: port 1(bridge_slave_0) entered disabled state
[  639.272154][T14526] FAULT_INJECTION: forcing a failure.
[  639.272154][T14526] name failslab, interval 1, probability 0, space 0, times 0
[  639.278741][T14485] bridge_slave_0: entered allmulticast mode
[  639.299213][T14485] bridge_slave_0: entered promiscuous mode
[  639.308509][T14485] bridge0: port 2(bridge_slave_1) entered blocking state
[  639.315840][T14485] bridge0: port 2(bridge_slave_1) entered disabled state
[  639.316033][T14526] CPU: 1 UID: 0 PID: 14526 Comm: syz.2.1601 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  639.316074][T14526] Tainted: [L]=SOFTLOCKUP
[  639.316083][T14526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  639.316101][T14526] Call Trace:
[  639.316109][T14526]  <TASK>
[  639.316119][T14526]  dump_stack_lvl+0x100/0x190
[  639.316154][T14526]  should_fail_ex.cold+0x5/0xa
[  639.316190][T14526]  should_failslab+0xc2/0x120
[  639.316225][T14526]  kmem_cache_alloc_lru_noprof+0x80/0x6e0
[  639.316269][T14526]  ? sock_alloc_inode+0x26/0x290
[  639.316305][T14526]  ? __pfx_sock_alloc_inode+0x10/0x10
[  639.316335][T14526]  sock_alloc_inode+0x26/0x290
[  639.316367][T14526]  ? __pfx_sock_alloc_inode+0x10/0x10
[  639.316399][T14526]  alloc_inode+0x68/0x250
[  639.316441][T14526]  sock_alloc+0x44/0x280
[  639.316469][T14526]  ? security_socket_create+0x7f/0x250
[  639.316501][T14526]  __sock_create+0xc2/0x860
[  639.316543][T14526]  __sys_socket+0x14d/0x260
[  639.316591][T14526]  ? __pfx___sys_socket+0x10/0x10
[  639.316639][T14526]  __x64_sys_socket+0x72/0xb0
[  639.316677][T14526]  ? lockdep_hardirqs_on+0x78/0x100
[  639.316717][T14526]  do_syscall_64+0x115/0x840
[  639.316754][T14526]  ? clear_bhb_loop+0x40/0x90
[  639.316790][T14526]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.316818][T14526] RIP: 0033:0x7f4edcd9ce59
[  639.316841][T14526] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  639.316870][T14526] RSP: 002b:00007f4eddcc6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  639.316895][T14526] RAX: ffffffffffffffda RBX: 00007f4edd015fa0 RCX: 00007f4edcd9ce59
[  639.316913][T14526] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  639.316929][T14526] RBP: 00007f4edce32d6f R08: 0000000000000000 R09: 0000000000000000
[  639.316984][T14526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  639.317001][T14526] R13: 00007f4edd016038 R14: 00007f4edd015fa0 R15: 00007ffd47e98398
[  639.317040][T14526]  </TASK>
[  639.317072][T14526] socket: no more sockets
[  639.323310][T14485] bridge_slave_1: entered allmulticast mode
[  639.543325][T14485] bridge_slave_1: entered promiscuous mode
[  639.641023][T14485] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  639.688862][T14485] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  639.776260][T14485] team0: Port device team_slave_0 added
[  639.806619][T14485] team0: Port device team_slave_1 added
[  639.910890][T14485] batman_adv: batadv0: Adding interface: batadv_slave_0
[  639.949834][T14485] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  639.976102][T13465] Bluetooth: hci8: command tx timeout
[  640.047267][T14485] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  640.091933][T14485] batman_adv: batadv0: Adding interface: batadv_slave_1
[  640.111099][T14485] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  640.177904][T14485] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  640.391724][T14485] hsr_slave_0: entered promiscuous mode
[  640.416456][T14485] hsr_slave_1: entered promiscuous mode
[  640.442542][T14485] debugfs: 'hsr0' already exists in 'hsr'
[  640.462343][T14485] Cannot create hsr debugfs directory
[  642.028156][T13465] Bluetooth: hci8: command tx timeout
[  644.107311][T13465] Bluetooth: hci8: command tx timeout
[  645.668357][T14610] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1609'.
[  645.682507][T14610] ip6gretap0: refused to change device tx_queue_len
[  646.186533][T13465] Bluetooth: hci8: command tx timeout
[  650.225302][T13231] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  650.244795][T13231] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  650.253300][T13231] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  650.261701][T13231] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  650.269817][T13231] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  650.518353][T14667] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1613'.
[  650.819720][T13231] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  650.838018][T13231] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  650.851292][T13231] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  650.861574][T13231] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  650.869524][T13231] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  652.358920][T13231] Bluetooth: hci3: command tx timeout
[  652.846265][T14655] bridge0: port 1(bridge_slave_0) entered blocking state
[  652.855232][T14655] bridge0: port 1(bridge_slave_0) entered disabled state
[  652.865496][T14655] bridge_slave_0: entered allmulticast mode
[  652.873763][T14655] bridge_slave_0: entered promiscuous mode
[  652.899065][T14655] bridge0: port 2(bridge_slave_1) entered blocking state
[  652.906545][T13231] Bluetooth: hci9: command tx timeout
[  652.917730][T14655] bridge0: port 2(bridge_slave_1) entered disabled state
[  652.926498][T14655] bridge_slave_1: entered allmulticast mode
[  652.936635][T14655] bridge_slave_1: entered promiscuous mode
[  653.024912][T14655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  653.038656][T14655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  653.128841][T14655] team0: Port device team_slave_0 added
[  653.150931][T14655] team0: Port device team_slave_1 added
[  653.226147][T14655] batman_adv: batadv0: Adding interface: batadv_slave_0
[  653.235946][T14655] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  653.262866][T14655] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  653.290815][T14655] batman_adv: batadv0: Adding interface: batadv_slave_1
[  653.298073][T14655] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  653.324144][T14655] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  653.451705][T14655] hsr_slave_0: entered promiscuous mode
[  653.460102][T14655] hsr_slave_1: entered promiscuous mode
[  653.471716][T14655] debugfs: 'hsr0' already exists in 'hsr'
[  653.480035][T14655] Cannot create hsr debugfs directory
[  653.540359][T14678] bridge0: port 1(bridge_slave_0) entered blocking state
[  653.549753][T14678] bridge0: port 1(bridge_slave_0) entered disabled state
[  653.557887][T14678] bridge_slave_0: entered allmulticast mode
[  653.567133][T14678] bridge_slave_0: entered promiscuous mode
[  653.587838][T14678] bridge0: port 2(bridge_slave_1) entered blocking state
[  653.595618][T14678] bridge0: port 2(bridge_slave_1) entered disabled state
[  653.603911][T14678] bridge_slave_1: entered allmulticast mode
[  653.612500][T14678] bridge_slave_1: entered promiscuous mode
[  653.701598][T14678] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  653.737946][T14678] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  653.807258][T14678] team0: Port device team_slave_0 added
[  653.825180][T14678] team0: Port device team_slave_1 added
[  653.877870][T14678] batman_adv: batadv0: Adding interface: batadv_slave_0
[  653.885016][T14678] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  653.912854][T14678] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  653.979860][T14678] batman_adv: batadv0: Adding interface: batadv_slave_1
[  653.987707][T14678] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  654.032117][T14678] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  654.133629][T14678] hsr_slave_0: entered promiscuous mode
[  654.140714][T14678] hsr_slave_1: entered promiscuous mode
[  654.185336][T14678] debugfs: 'hsr0' already exists in 'hsr'
[  654.262249][T14678] Cannot create hsr debugfs directory
[  654.421963][T13231] Bluetooth: hci3: command tx timeout
[  654.981836][T13231] Bluetooth: hci9: command tx timeout
[  656.510937][T13231] Bluetooth: hci3: command tx timeout
[  657.070599][T13231] Bluetooth: hci9: command tx timeout
[  658.579916][T13231] Bluetooth: hci3: command tx timeout
[  659.141053][T13231] Bluetooth: hci9: command tx timeout
[  660.365894][T14744] usbcore.quirks: string doesn't fit in 127 chars.
[  660.388628][T14744] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1620'.
[  660.574122][T14746] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5634] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[14746]
[  664.005483][T14811] block nbd2: not configured, cannot reconfigure
[  683.581163][T13231] Bluetooth: hci2: ACL packet for unknown connection handle 0
[  684.286598][T14937] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  684.293951][T14937] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  684.300255][T14937] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  684.306320][T14937] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  684.312486][T14937] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  684.318667][T14937] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  684.324656][T14937] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  684.333251][T14937] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  684.342560][T14937] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  684.349688][T14937] Bluetooth: hci7: Opcode 0x0406 failed: -4
[  684.356940][T14937] Bluetooth: hci7: Opcode 0x0406 failed: -4
[  684.363999][T14937] Bluetooth: hci8: Opcode 0x0c1a failed: -4
[  684.370446][T14937] Bluetooth: hci8: Opcode 0x0406 failed: -4
[  684.377739][T14937] Bluetooth: hci8: Opcode 0x0406 failed: -4
[  684.384748][T14937] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  684.392109][T14937] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  684.402692][T14937] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  684.413340][T14937] Bluetooth: hci9: Opcode 0x0c1a failed: -4
[  684.419868][T14937] Bluetooth: hci9: Opcode 0x0406 failed: -4
[  684.427745][T14937] Bluetooth: hci9: Opcode 0x0406 failed: -4
[  685.766273][T13231] Bluetooth: hci0: command 0x0406 tx timeout
[  685.848264][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  685.854635][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  686.326029][T13231] Bluetooth: hci6: command 0x0c1a tx timeout
[  686.326046][T13465] Bluetooth: hci5: command 0x0c1a tx timeout
[  686.332635][T13231] Bluetooth: hci4: command 0x0c1a tx timeout
[  686.332672][T13231] Bluetooth: hci1: command 0x0406 tx timeout
[  686.339127][T13193] Bluetooth: hci2: command 0x0406 tx timeout
[  686.406100][T13465] Bluetooth: hci8: command 0x0c1a tx timeout
[  686.406374][ T5647] Bluetooth: hci7: command 0x0c1a tx timeout
[  686.413568][T13193] Bluetooth: hci3: command 0x0c1a tx timeout
[  686.487803][T13465] Bluetooth: hci9: command 0x0c1a tx timeout
[  687.780674][   T30] INFO: task syz.3.1277:12608 blocked for more than 143 seconds.
[  687.789334][   T30]       Tainted: G             L      syzkaller #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  687.845981][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  687.875240][   T30] task:syz.3.1277      state:D stack:24296 pid:12608 tgid:12606 ppid:5633   task_flags:0x480140 flags:0x00080002
[  687.905128][   T30] Call Trace:
[  687.909957][   T30]  <TASK>
[  687.914397][   T30]  __schedule+0x1295/0x67a0
[  687.935202][   T30]  ? __pfx___schedule+0x10/0x10
[  687.941683][   T30]  ? find_held_lock+0x2b/0x80
[  687.950297][   T30]  ? schedule+0x2bf/0x390
[  687.954794][   T30]  schedule+0xdd/0x390
[  687.960008][   T30]  schedule_timeout+0x1b2/0x280
[  687.965111][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  687.971236][   T30]  ? mark_held_locks+0x40/0x70
[  687.976201][   T30]  __wait_for_common+0x2e7/0x4c0
[  687.981281][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  687.987969][   T30]  ? __pfx___wait_for_common+0x10/0x10
[  687.993678][   T30]  remove_one+0x312/0x420
[  687.999272][   T30]  ? find_next_child+0x18f/0x280
[  688.004340][   T30]  __simple_recursive_removal+0x148/0x5c0
[  688.010433][   T30]  ? __pfx_remove_one+0x10/0x10
[  688.015456][   T30]  debugfs_remove+0x5d/0x80
[  688.021216][   T30]  nsim_dev_health_exit+0x3b/0xe0
[  688.027020][   T30]  nsim_dev_reload_destroy+0x144/0x4a0
[  688.032636][   T30]  nsim_drv_remove+0x52/0x1e0
[  688.037505][   T30]  ? __pfx_nsim_bus_remove+0x10/0x10
[  688.042924][   T30]  device_remove+0xcb/0x180
[  688.047893][   T30]  device_release_driver_internal+0x44e/0x620
[  688.056128][   T30]  bus_remove_device+0x2bc/0x560
[  688.062330][   T30]  ? __pfx_bus_remove_device+0x10/0x10
[  688.079249][   T30]  ? __pfx_device_remove_attrs+0x10/0x10
[  688.092794][   T30]  device_del+0x376/0x9b0
[  688.105921][   T30]  ? __pfx_device_del+0x10/0x10
[  688.122145][   T30]  ? __lock_acquire+0x4a5/0x2630
[  688.128738][   T30]  device_unregister+0x1d/0xe0
[  688.137014][   T30]  del_device_store+0x346/0x480
[  688.145266][   T30]  ? __pfx_del_device_store+0x10/0x10
[  688.156825][   T30]  ? find_held_lock+0x2b/0x80
[  688.170019][   T30]  ? sysfs_file_kobj+0xe4/0x290
[  688.184976][   T30]  ? sysfs_file_kobj+0xe4/0x290
[  688.195233][   T30]  ? __pfx_del_device_store+0x10/0x10
[  688.205225][   T30]  bus_attr_store+0x74/0xb0
[  688.216767][   T30]  ? __pfx_bus_attr_store+0x10/0x10
[  688.228245][   T30]  sysfs_kf_write+0xf2/0x150
[  688.234975][   T30]  kernfs_fop_write_iter+0x3e0/0x5f0
[  688.244993][   T30]  ? __pfx_sysfs_kf_write+0x10/0x10
[  688.251761][   T30]  vfs_write+0x6ac/0x1070
[  688.259349][   T30]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  688.275648][   T30]  ? __pfx_vfs_write+0x10/0x10
[  688.285049][   T30]  ksys_write+0x12a/0x250
[  688.295025][   T30]  ? __pfx_ksys_write+0x10/0x10
[  688.299939][   T30]  ? rcu_is_watching+0x12/0xc0
[  688.304745][   T30]  do_syscall_64+0x115/0x840
[  688.314959][   T30]  ? clear_bhb_loop+0x40/0x90
[  688.321109][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.344882][   T30] RIP: 0033:0x7fd952f9ce59
[  688.349326][   T30] RSP: 002b:00007fd953edb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  688.365253][   T30] RAX: ffffffffffffffda RBX: 00007fd953215fa0 RCX: 00007fd952f9ce59
[  688.378271][   T30] RDX: 0000000000000045 RSI: 0000200000000040 RDI: 000000000000000b
[  688.396721][   T30] RBP: 00007fd953032d6f R08: 0000000000000000 R09: 0000000000000000
[  688.405011][T13465] Bluetooth: hci6: command 0x0c1a tx timeout
[  688.405284][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  688.424942][   T30] R13: 00007fd953216038 R14: 00007fd953215fa0 R15: 00007ffdfb4fd278
[  688.444911][   T30]  </TASK>
[  688.448013][   T30] INFO: task syz.0.1281:12626 blocked for more than 144 seconds.
[  688.466043][   T30]       Tainted: G             L      syzkaller #0
[  688.472588][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  688.482612][   T30] task:syz.0.1281      state:D stack:26712 pid:12626 tgid:12625 ppid:5632   task_flags:0x400140 flags:0x00080002
[  688.494942][   T30] Call Trace:
[  688.495058][T13193] Bluetooth: hci8: command 0x0c1a tx timeout
[  688.498289][ T5647] Bluetooth: hci7: command 0x0c1a tx timeout
[  688.504256][T13465] Bluetooth: hci3: command 0x0c1a tx timeout
[  688.516800][   T30]  <TASK>
[  688.519781][   T30]  __schedule+0x1295/0x67a0
[  688.524298][   T30]  ? __pfx___schedule+0x10/0x10
[  688.529219][   T30]  ? find_held_lock+0x2b/0x80
[  688.534096][   T30]  ? schedule+0x2bf/0x390
[  688.538482][   T30]  schedule+0xdd/0x390
[  688.542697][   T30]  schedule_preempt_disabled+0x13/0x30
[  688.548213][   T30]  __mutex_lock+0xced/0x1b10
[  688.552958][   T30]  ? devlink_health_report+0x66c/0xb20
[  688.558490][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  688.563651][   T30]  ? devlink_recover_notify.constprop.0+0x1e3/0x550
[  688.570591][   T30]  ? devlink_health_report+0x66c/0xb20
[  688.576207][ T5647] Bluetooth: hci9: command 0x0c1a tx timeout
[  688.583206][   T30]  devlink_health_report+0x66c/0xb20
[  688.588605][   T30]  ? __pfx_devlink_health_report+0x10/0x10
[  688.594581][   T30]  ? _copy_from_user+0x59/0xd0
[  688.599467][   T30]  nsim_dev_health_break_write+0x166/0x210
[  688.605547][   T30]  ? __pfx_nsim_dev_health_break_write+0x10/0x10
[  688.611937][   T30]  full_proxy_write+0x135/0x1a0
[  688.616858][   T30]  vfs_write+0x2aa/0x1070
[  688.621368][   T30]  ? __pfx_full_proxy_write+0x10/0x10
[  688.627024][   T30]  ? __pfx_vfs_write+0x10/0x10
[  688.631813][   T30]  ? __fget_files+0x215/0x3d0
[  688.636582][   T30]  ? __fget_files+0x21f/0x3d0
[  688.641438][   T30]  ksys_write+0x12a/0x250
[  688.645948][   T30]  ? __pfx_ksys_write+0x10/0x10
[  688.650983][   T30]  ? rcu_is_watching+0x12/0xc0
[  688.655799][   T30]  do_syscall_64+0x115/0x840
[  688.660539][   T30]  ? clear_bhb_loop+0x40/0x90
[  688.665350][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.671422][   T30] RIP: 0033:0x7f1f2dd9ce59
[  688.675917][   T30] RSP: 002b:00007f1f2ecfd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  688.685331][   T30] RAX: ffffffffffffffda RBX: 00007f1f2e015fa0 RCX: 00007f1f2dd9ce59
[  688.693356][   T30] RDX: 00000000000001e1 RSI: 0000200000000080 RDI: 0000000000000007
[  688.701378][   T30] RBP: 00007f1f2de32d6f R08: 0000000000000000 R09: 0000000000000000
[  688.709435][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  688.717470][   T30] R13: 00007f1f2e016038 R14: 00007f1f2e015fa0 R15: 00007ffd60219c28
[  688.725597][   T30]  </TASK>
[  688.728695][   T30] INFO: task syz-executor:12821 blocked for more than 144 seconds.
[  688.736953][   T30]       Tainted: G             L      syzkaller #0
[  688.743503][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  688.752232][   T30] task:syz-executor    state:D stack:24504 pid:12821 tgid:12821 ppid:1      task_flags:0x400140 flags:0x00080002
[  688.765770][   T30] Call Trace:
[  688.772436][   T30]  <TASK>
[  688.777281][   T30]  __schedule+0x1295/0x67a0
[  688.785489][   T30]  ? __pfx___schedule+0x10/0x10
[  688.790990][   T30]  ? find_held_lock+0x2b/0x80
[  688.795783][   T30]  ? schedule+0x2bf/0x390
[  688.800138][   T30]  schedule+0xdd/0x390
[  688.804202][   T30]  schedule_preempt_disabled+0x13/0x30
[  688.809882][   T30]  __mutex_lock+0xced/0x1b10
[  688.814956][   T30]  ? del_device_store+0xd1/0x480
[  688.824888][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  688.834926][   T30]  ? sscanf+0xc7/0x100
[  688.844918][   T30]  ? __pfx_sscanf+0x10/0x10
[  688.854843][   T30]  ? __lock_acquire+0x4a5/0x2630
[  688.865767][   T30]  ? __lock_acquire+0x4a5/0x2630
[  688.875070][   T30]  ? del_device_store+0xd1/0x480
[  688.884974][   T30]  del_device_store+0xd1/0x480
[  688.890954][   T30]  ? __pfx_del_device_store+0x10/0x10
[  688.896611][   T30]  ? find_held_lock+0x2b/0x80
[  688.904775][   T30]  ? sysfs_file_kobj+0xe4/0x290
[  688.914798][   T30]  ? sysfs_file_kobj+0xe4/0x290
[  688.924821][   T30]  ? __pfx_del_device_store+0x10/0x10
[  688.930293][   T30]  bus_attr_store+0x74/0xb0
[  688.938058][   T30]  ? __pfx_bus_attr_store+0x10/0x10
[  688.943269][   T30]  sysfs_kf_write+0xf2/0x150
[  688.964692][   T30]  kernfs_fop_write_iter+0x3e0/0x5f0
[  688.974978][   T30]  ? __pfx_sysfs_kf_write+0x10/0x10
[  688.984801][   T30]  vfs_write+0x6ac/0x1070
[  688.992542][   T30]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  689.006713][   T30]  ? __pfx_vfs_write+0x10/0x10
[  689.012656][   T30]  ? __pfx_do_sys_openat2+0x10/0x10
[  689.026035][   T30]  ksys_write+0x12a/0x250
[  689.042131][   T30]  ? __pfx_ksys_write+0x10/0x10
[  689.048265][   T30]  ? rcu_is_watching+0x12/0xc0
[  689.053097][   T30]  do_syscall_64+0x115/0x840
[  689.057835][   T30]  ? clear_bhb_loop+0x40/0x90
[  689.062556][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  689.068698][   T30] RIP: 0033:0x7f79d195d68e
[  689.073157][   T30] RSP: 002b:00007ffcfda226c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  689.081741][   T30] RAX: ffffffffffffffda RBX: 0000555587e64500 RCX: 00007f79d195d68e
[  689.089797][   T30] RDX: 0000000000000001 RSI: 00007ffcfda22750 RDI: 0000000000000005
[  689.098639][   T30] RBP: 00007f79d1a335f2 R08: 0000000000000000 R09: 0000000000000000
[  689.106722][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  689.114767][   T30] R13: 00007ffcfda22750 R14: 00007f79d2744620 R15: 0000000000000003
[  689.122794][   T30]  </TASK>
[  689.125999][   T30] INFO: task syz-executor:12839 blocked for more than 144 seconds.
[  689.134024][   T30]       Tainted: G             L      syzkaller #0
[  689.142937][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  689.151710][   T30] task:syz-executor    state:D stack:23896 pid:12839 tgid:12839 ppid:1      task_flags:0x400140 flags:0x00080002
[  689.163699][   T30] Call Trace:
[  689.167023][   T30]  <TASK>
[  689.169970][   T30]  __schedule+0x1295/0x67a0
[  689.174752][   T30]  ? __pfx___schedule+0x10/0x10
[  689.179660][   T30]  ? find_held_lock+0x2b/0x80
[  689.184333][   T30]  ? schedule+0x2bf/0x390
[  689.188747][   T30]  schedule+0xdd/0x390
[  689.192835][   T30]  schedule_preempt_disabled+0x13/0x30
[  689.199162][   T30]  __mutex_lock+0xced/0x1b10
[  689.203813][   T30]  ? del_device_store+0xd1/0x480
[  689.209220][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  689.214559][   T30]  ? sscanf+0xc7/0x100
[  689.218700][   T30]  ? __pfx_sscanf+0x10/0x10
[  689.223206][   T30]  ? __lock_acquire+0x4a5/0x2630
[  689.228237][   T30]  ? __lock_acquire+0x4a5/0x2630
[  689.233210][   T30]  ? del_device_store+0xd1/0x480
[  689.238225][   T30]  del_device_store+0xd1/0x480
[  689.243012][   T30]  ? __pfx_del_device_store+0x10/0x10
[  689.248539][   T30]  ? find_held_lock+0x2b/0x80
[  689.253242][   T30]  ? sysfs_file_kobj+0xe4/0x290
[  689.258171][   T30]  ? sysfs_file_kobj+0xe4/0x290
[  689.263046][   T30]  ? __pfx_del_device_store+0x10/0x10
[  689.268483][   T30]  bus_attr_store+0x74/0xb0
[  689.273006][   T30]  ? __pfx_bus_attr_store+0x10/0x10
[  689.278273][   T30]  sysfs_kf_write+0xf2/0x150
[  689.282889][   T30]  kernfs_fop_write_iter+0x3e0/0x5f0
[  689.288393][   T30]  ? __pfx_sysfs_kf_write+0x10/0x10
[  689.293666][   T30]  vfs_write+0x6ac/0x1070
[  689.298076][   T30]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  689.304548][   T30]  ? __pfx_vfs_write+0x10/0x10
[  689.309358][   T30]  ? __pfx_do_sys_openat2+0x10/0x10
[  689.314657][   T30]  ksys_write+0x12a/0x250
[  689.319006][   T30]  ? __pfx_ksys_write+0x10/0x10
[  689.323856][   T30]  ? rcu_is_watching+0x12/0xc0
[  689.328721][   T30]  do_syscall_64+0x115/0x840
[  689.333339][   T30]  ? clear_bhb_loop+0x40/0x90
[  689.338141][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  689.344078][   T30] RIP: 0033:0x7fdca755d68e
[  689.348632][   T30] RSP: 002b:00007ffd4f42f9c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  689.357128][   T30] RAX: ffffffffffffffda RBX: 00005555784c1500 RCX: 00007fdca755d68e
[  689.365240][   T30] RDX: 0000000000000001 RSI: 00007ffd4f42fa50 RDI: 0000000000000005
[  689.373231][   T30] RBP: 00007fdca76335f2 R08: 0000000000000000 R09: 0000000000000000
[  689.381289][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  689.389316][   T30] R13: 00007ffd4f42fa50 R14: 00007fdca8344620 R15: 0000000000000003
[  689.397627][   T30]  </TASK>
[  689.401584][   T30] 
[  689.401584][   T30] Showing all locks held in the system:
[  689.441125][   T30] 1 lock held by khungtaskd/30:
[  689.453504][   T30]  #0: ffffffff8e7e5360 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184
[  689.474425][   T30] 1 lock held by klogd/4988:
[  689.484309][   T30]  #0: ffff8880b843b420 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x88/0x140
[  689.504727][   T30] 2 locks held by getty/12142:
[  689.514279][   T30]  #0: ffff88803395c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  689.544338][   T30]  #1: ffffc90003aaf2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x14f0
[  689.559861][   T30] 8 locks held by syz.3.1277/12608:
[  689.566287][   T30]  #0: ffff888059853eb0 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380
[  689.575530][   T30]  #1: ffff888033cce410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  689.584593][   T30]  #2: ffff88807250bc80 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  689.594425][   T30]  #3: ffff88802ab9d0f8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  689.604648][   T30]  #4: ffffffff8fb87800 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  689.616107][   T30]  #5: ffff888031652128 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb2/0x620
[  689.626815][   T30]  #6: ffff88807883d258 (&devlink->lock_key#2){+.+.}-{4:4}, at: nsim_drv_remove+0x4a/0x1e0
[  689.636915][   T30]  #7: ffff888076630fb0 (&sb->s_type->i_mutex_key#9/2){+.+.}-{4:4}, at: __simple_recursive_removal+0xe0/0x5c0
[  689.648684][   T30] 3 locks held by syz.0.1281/12626:
[  689.653896][   T30]  #0: ffff8880784749b0 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380
[  689.663107][   T30]  #1: ffff8880202d8410 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  689.672201][   T30]  #2: ffff88807883d258 (&devlink->lock_key#2){+.+.}-{4:4}, at: devlink_health_report+0x66c/0xb20
[  689.682935][   T30] 4 locks held by syz-executor/12821:
[  689.688392][   T30]  #0: ffff888033cce410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  689.697445][   T30]  #1: ffff8880592f9480 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  689.707300][   T30]  #2: ffff88802ab9d0f8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  689.718109][   T30]  #3: ffffffff8fb87800 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  689.728690][   T30] 4 locks held by syz-executor/12839:
[  689.734155][   T30]  #0: ffff888033cce410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  689.743176][   T30]  #1: ffff88803af85080 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  689.753039][   T30]  #2: ffff88802ab9d0f8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  689.763152][   T30]  #3: ffffffff8fb87800 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  689.773537][   T30] 4 locks held by syz-executor/13804:
[  689.779001][   T30]  #0: ffff888033cce410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  689.788054][   T30]  #1: ffff88804450fc80 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  689.797915][   T30]  #2: ffff88802ab9d0f8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  689.808084][   T30]  #3: ffffffff8fb87800 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  689.819276][   T30] 4 locks held by syz-executor/13817:
[  689.824777][   T30]  #0: ffff888033cce410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  689.833802][   T30]  #1: ffff8880326be080 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  689.843757][   T30]  #2: ffff88802ab9d0f8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  689.853892][   T30]  #3: ffffffff8fb87800 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  689.864238][   T30] 2 locks held by syz.1.1586/14390:
[  689.869444][   T30]  #0: ffff8880202d8410 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x9b1/0x31a0
[  689.878684][   T30]  #1: ffff888076630fb0 (&sb->s_type->i_mutex_key#17){++++}-{4:4}, at: path_openat+0xa16/0x31a0
[  689.889235][   T30] 4 locks held by syz-executor/14485:
[  689.894632][   T30]  #0: ffff888033cce410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  689.903652][   T30]  #1: ffff88807a4b1080 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  689.914364][   T30]  #2: ffff88802ab9d0f8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  689.924651][   T30]  #3: ffffffff8fb87800 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  689.935047][   T30] 4 locks held by syz-executor/14655:
[  689.940432][   T30]  #0: ffff888033cce410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  689.949644][   T30]  #1: ffff88806a4bcc80 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  689.959552][   T30]  #2: ffff88802ab9d0f8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  689.969667][   T30]  #3: ffffffff8fb87800 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  689.980064][   T30] 4 locks held by syz-executor/14678:
[  689.985503][   T30]  #0: ffff888033cce410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  689.994529][   T30]  #1: ffff88807bf51880 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  690.004367][   T30]  #2: ffff88802ab9d0f8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  690.014539][   T30]  #3: ffffffff8fb87800 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  690.025795][   T30] 
[  690.028175][   T30] =============================================
[  690.028175][   T30] 
[  690.040697][   T30] NMI backtrace for cpu 1
[  690.040719][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  690.040756][   T30] Tainted: [L]=SOFTLOCKUP
[  690.040763][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  690.040779][   T30] Call Trace:
[  690.040788][   T30]  <TASK>
[  690.040797][   T30]  dump_stack_lvl+0x100/0x190
[  690.040831][   T30]  nmi_cpu_backtrace.cold+0x12d/0x151
[  690.040862][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  690.040887][   T30]  nmi_trigger_cpumask_backtrace+0x1d7/0x230
[  690.040921][   T30]  sys_info+0x141/0x190
[  690.040942][   T30]  watchdog+0xcb1/0x1030
[  690.040981][   T30]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  690.041014][   T30]  ? __pfx_watchdog+0x10/0x10
[  690.041049][   T30]  ? __kthread_parkme+0x18c/0x230
[  690.041086][   T30]  ? kthread+0x13a/0x450
[  690.041119][   T30]  ? __pfx_watchdog+0x10/0x10
[  690.041151][   T30]  kthread+0x370/0x450
[  690.041188][   T30]  ? __pfx_kthread+0x10/0x10
[  690.041228][   T30]  ret_from_fork+0x72b/0xd50
[  690.041258][   T30]  ? __pfx_ret_from_fork+0x10/0x10
[  690.041288][   T30]  ? __switch_to+0x800/0x1100
[  690.041322][   T30]  ? __switch_to_asm+0x39/0x70
[  690.041354][   T30]  ? __pfx_kthread+0x10/0x10
[  690.041395][   T30]  ret_from_fork_asm+0x1a/0x30
[  690.041446][   T30]  </TASK>
[  690.041455][   T30] Sending NMI from CPU 1 to CPUs 0:
[  690.178439][    C0] NMI backtrace for cpu 0
[  690.178468][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  690.178503][    C0] Tainted: [L]=SOFTLOCKUP
[  690.178512][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  690.178528][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  690.178566][    C0] Code: d6 95 02 e9 43 44 03 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 b0 24 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  690.178591][    C0] RSP: 0018:ffffffff8e407e00 EFLAGS: 00000242
[  690.178611][    C0] RAX: 00000000008550df RBX: ffffffff8e4955c0 RCX: ffffffff8b86e225
[  690.178628][    C0] RDX: 0000000000000000 RSI: ffffffff8df1a757 RDI: ffffffff8c1c4380
[  690.178643][    C0] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10170867b5
[  690.178659][    C0] R10: ffff8880b8433dab R11: 0000000000000000 R12: 0000000000000000
[  690.178674][    C0] R13: fffffbfff1c92ab8 R14: 0000000000000000 R15: ffffffff90d73c50
[  690.178691][    C0] FS:  0000000000000000(0000) GS:ffff88812438a000(0000) knlGS:0000000000000000
[  690.178714][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  690.178741][    C0] CR2: 00007ffed01badf4 CR3: 000000003517c000 CR4: 00000000003526f0
[  690.178757][    C0] Call Trace:
[  690.178764][    C0]  <TASK>
[  690.178772][    C0]  default_idle+0x9/0x10
[  690.178794][    C0]  default_idle_call+0x6c/0xb0
[  690.178816][    C0]  do_idle+0x464/0x590
[  690.178847][    C0]  ? __pfx_do_idle+0x10/0x10
[  690.178874][    C0]  ? finish_task_switch.isra.0+0x152/0x1010
[  690.178910][    C0]  cpu_startup_entry+0x4f/0x60
[  690.178939][    C0]  rest_init+0x251/0x260
[  690.178962][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  690.178989][    C0]  start_kernel+0x484/0x490
[  690.179028][    C0]  x86_64_start_reservations+0x24/0x30
[  690.179054][    C0]  x86_64_start_kernel+0x12b/0x130
[  690.179078][    C0]  common_startup_64+0x13e/0x148
[  690.179117][    C0]  </TASK>
[  690.373031][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  690.379915][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  690.390608][   T30] Tainted: [L]=SOFTLOCKUP
[  690.394928][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  690.404982][   T30] Call Trace:
[  690.408260][   T30]  <TASK>
[  690.411205][   T30]  dump_stack_lvl+0x100/0x190
[  690.415900][   T30]  vpanic+0x552/0x970
[  690.419885][   T30]  ? __pfx_vpanic+0x10/0x10
[  690.424393][   T30]  ? nmi_trigger_cpumask_backtrace+0x182/0x230
[  690.430568][   T30]  ? nmi_trigger_cpumask_backtrace+0x182/0x230
[  690.436743][   T30]  panic+0xd1/0xe0
[  690.440472][   T30]  ? __pfx_panic+0x10/0x10
[  690.444901][   T30]  ? nmi_trigger_cpumask_backtrace+0x1b5/0x230
[  690.451061][   T30]  ? nmi_trigger_cpumask_backtrace+0x1f6/0x230
[  690.457245][   T30]  ? nmi_trigger_cpumask_backtrace+0x200/0x230
[  690.463405][   T30]  ? watchdog.cold+0x1ec/0x234
[  690.468176][   T30]  ? watchdog+0xcc1/0x1030
[  690.472607][   T30]  watchdog.cold+0x1fd/0x234
[  690.477296][   T30]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  690.483204][   T30]  ? __pfx_watchdog+0x10/0x10
[  690.487895][   T30]  ? __kthread_parkme+0x18c/0x230
[  690.492935][   T30]  ? kthread+0x13a/0x450
[  690.497194][   T30]  ? __pfx_watchdog+0x10/0x10
[  690.501882][   T30]  kthread+0x370/0x450
[  690.505966][   T30]  ? __pfx_kthread+0x10/0x10
[  690.510576][   T30]  ret_from_fork+0x72b/0xd50
[  690.515174][   T30]  ? __pfx_ret_from_fork+0x10/0x10
[  690.520291][   T30]  ? __switch_to+0x800/0x1100
[  690.524979][   T30]  ? __switch_to_asm+0x39/0x70
[  690.529763][   T30]  ? __pfx_kthread+0x10/0x10
[  690.534462][   T30]  ret_from_fork_asm+0x1a/0x30
[  690.539279][   T30]  </TASK>
[  690.542732][   T30] Kernel Offset: disabled
[  690.547060][   T30] Rebooting in 86400 seconds..