Debian GNU/Linux 11 syzkaller ttyS0

Warning: Permanently added '[localhost]:52188' (ECDSA) to the list of known hosts.
2025/08/29 09:19:30 fuzzer started
2025/08/29 09:19:30 dialing manager at localhost:43077
syzkaller login: [   43.576245] cgroup: Unknown subsys name 'net'
[   43.629651] cgroup: Unknown subsys name 'cpuset'
[   43.640258] cgroup: Unknown subsys name 'rlimit'
2025/08/29 09:19:41 syscalls: 2214
2025/08/29 09:19:41 code coverage: enabled
2025/08/29 09:19:41 comparison tracing: enabled
2025/08/29 09:19:41 extra coverage: enabled
2025/08/29 09:19:41 setuid sandbox: enabled
2025/08/29 09:19:41 namespace sandbox: enabled
2025/08/29 09:19:41 Android sandbox: enabled
2025/08/29 09:19:41 fault injection: enabled
2025/08/29 09:19:41 leak checking: enabled
2025/08/29 09:19:41 net packet injection: enabled
2025/08/29 09:19:41 net device setup: enabled
2025/08/29 09:19:41 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 09:19:41 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 09:19:41 USB emulation: enabled
2025/08/29 09:19:41 hci packet injection: enabled
2025/08/29 09:19:41 wifi device emulation: enabled
2025/08/29 09:19:41 802.15.4 emulation: enabled
2025/08/29 09:19:41 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 09:19:41 fetching corpus: 48, signal 26225/29535 (executing program)
2025/08/29 09:19:41 fetching corpus: 98, signal 33851/38540 (executing program)
2025/08/29 09:19:41 fetching corpus: 148, signal 42470/48199 (executing program)
2025/08/29 09:19:41 fetching corpus: 198, signal 49995/56688 (executing program)
2025/08/29 09:19:41 fetching corpus: 248, signal 54892/62519 (executing program)
2025/08/29 09:19:41 fetching corpus: 298, signal 58712/67240 (executing program)
2025/08/29 09:19:41 fetching corpus: 348, signal 63718/72900 (executing program)
2025/08/29 09:19:41 fetching corpus: 398, signal 66082/76154 (executing program)
2025/08/29 09:19:41 fetching corpus: 448, signal 69991/80623 (executing program)
2025/08/29 09:19:42 fetching corpus: 498, signal 73755/84903 (executing program)
2025/08/29 09:19:42 fetching corpus: 548, signal 77697/89240 (executing program)
2025/08/29 09:19:42 fetching corpus: 598, signal 80660/92634 (executing program)
2025/08/29 09:19:42 fetching corpus: 648, signal 84158/96337 (executing program)
2025/08/29 09:19:42 fetching corpus: 698, signal 86612/99123 (executing program)
2025/08/29 09:19:42 fetching corpus: 748, signal 88329/101354 (executing program)
2025/08/29 09:19:42 fetching corpus: 798, signal 90136/103512 (executing program)
2025/08/29 09:19:42 fetching corpus: 848, signal 92633/106218 (executing program)
2025/08/29 09:19:42 fetching corpus: 898, signal 93626/107668 (executing program)
2025/08/29 09:19:43 fetching corpus: 948, signal 95468/109760 (executing program)
2025/08/29 09:19:43 fetching corpus: 998, signal 96855/111458 (executing program)
2025/08/29 09:19:43 fetching corpus: 1048, signal 98527/113333 (executing program)
2025/08/29 09:19:43 fetching corpus: 1098, signal 99638/114814 (executing program)
2025/08/29 09:19:43 fetching corpus: 1148, signal 102897/117711 (executing program)
2025/08/29 09:19:43 fetching corpus: 1198, signal 104880/119641 (executing program)
2025/08/29 09:19:43 fetching corpus: 1248, signal 106249/121076 (executing program)
2025/08/29 09:19:43 fetching corpus: 1298, signal 107456/122433 (executing program)
2025/08/29 09:19:43 fetching corpus: 1348, signal 109057/124012 (executing program)
2025/08/29 09:19:44 fetching corpus: 1398, signal 110818/125626 (executing program)
2025/08/29 09:19:44 fetching corpus: 1448, signal 111947/126812 (executing program)
2025/08/29 09:19:44 fetching corpus: 1498, signal 113313/128111 (executing program)
2025/08/29 09:19:44 fetching corpus: 1548, signal 114204/129102 (executing program)
2025/08/29 09:19:44 fetching corpus: 1598, signal 115163/130040 (executing program)
2025/08/29 09:19:44 fetching corpus: 1648, signal 115877/130899 (executing program)
2025/08/29 09:19:44 fetching corpus: 1698, signal 116743/131779 (executing program)
2025/08/29 09:19:45 fetching corpus: 1748, signal 117857/132868 (executing program)
2025/08/29 09:19:45 fetching corpus: 1798, signal 118686/133683 (executing program)
2025/08/29 09:19:45 fetching corpus: 1848, signal 119707/134585 (executing program)
2025/08/29 09:19:45 fetching corpus: 1898, signal 120782/135464 (executing program)
2025/08/29 09:19:45 fetching corpus: 1948, signal 121624/136222 (executing program)
2025/08/29 09:19:45 fetching corpus: 1998, signal 122153/136901 (executing program)
2025/08/29 09:19:45 fetching corpus: 2048, signal 123152/137716 (executing program)
2025/08/29 09:19:45 fetching corpus: 2098, signal 124063/138484 (executing program)
2025/08/29 09:19:45 fetching corpus: 2148, signal 126336/139717 (executing program)
2025/08/29 09:19:46 fetching corpus: 2198, signal 127642/140598 (executing program)
2025/08/29 09:19:46 fetching corpus: 2248, signal 128689/141252 (executing program)
2025/08/29 09:19:46 fetching corpus: 2298, signal 129245/141720 (executing program)
2025/08/29 09:19:46 fetching corpus: 2348, signal 130214/142268 (executing program)
2025/08/29 09:19:46 fetching corpus: 2398, signal 130909/142757 (executing program)
2025/08/29 09:19:46 fetching corpus: 2448, signal 131700/143253 (executing program)
2025/08/29 09:19:46 fetching corpus: 2498, signal 132587/143762 (executing program)
2025/08/29 09:19:46 fetching corpus: 2548, signal 133315/144244 (executing program)
2025/08/29 09:19:46 fetching corpus: 2598, signal 134292/144741 (executing program)
2025/08/29 09:19:47 fetching corpus: 2648, signal 135038/145143 (executing program)
2025/08/29 09:19:47 fetching corpus: 2698, signal 135881/145544 (executing program)
2025/08/29 09:19:47 fetching corpus: 2748, signal 136430/145831 (executing program)
2025/08/29 09:19:47 fetching corpus: 2798, signal 137568/146234 (executing program)
2025/08/29 09:19:47 fetching corpus: 2848, signal 138467/146591 (executing program)
2025/08/29 09:19:47 fetching corpus: 2898, signal 139220/146914 (executing program)
2025/08/29 09:19:47 fetching corpus: 2948, signal 139871/147168 (executing program)
2025/08/29 09:19:47 fetching corpus: 2998, signal 140253/147357 (executing program)
2025/08/29 09:19:48 fetching corpus: 3048, signal 140888/147588 (executing program)
2025/08/29 09:19:48 fetching corpus: 3098, signal 141582/147790 (executing program)
2025/08/29 09:19:48 fetching corpus: 3148, signal 142113/147976 (executing program)
2025/08/29 09:19:48 fetching corpus: 3198, signal 142550/148119 (executing program)
2025/08/29 09:19:48 fetching corpus: 3248, signal 143058/148261 (executing program)
2025/08/29 09:19:48 fetching corpus: 3298, signal 143947/148397 (executing program)
2025/08/29 09:19:48 fetching corpus: 3348, signal 144328/148482 (executing program)
2025/08/29 09:19:48 fetching corpus: 3398, signal 144761/148630 (executing program)
2025/08/29 09:19:48 fetching corpus: 3448, signal 145377/148712 (executing program)
2025/08/29 09:19:48 fetching corpus: 3498, signal 145992/148780 (executing program)
2025/08/29 09:19:48 fetching corpus: 3538, signal 146502/148820 (executing program)
2025/08/29 09:19:48 fetching corpus: 3538, signal 146502/148820 (executing program)
2025/08/29 09:19:48 fetching corpus: 3538, signal 146502/148820 (executing program)
2025/08/29 09:19:50 starting 8 fuzzer processes
09:19:50 executing program 0:
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
write$selinux_attr(r0, &(0x7f0000000040)='system_u:object_r:smartcard_device_t:s0\x00', 0x28)

09:19:50 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = dup2(r0, r1)
mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
ioctl$TCSBRKP(r2, 0x5437, 0x0)

09:19:50 executing program 7:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0x5)
setuid(r1)
r2 = msgget$private(0x0, 0x0)
msgctl$MSG_STAT(r2, 0xb, 0x0)

09:19:51 executing program 2:
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x20802)

09:19:51 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x45, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, 0x0)

[   63.537758] audit: type=1400 audit(1756459191.051:7): avc:  denied  { execmem } for  pid=271 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
09:19:51 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = epoll_create(0x2b)
r1 = epoll_create(0xdc)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))

09:19:51 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)

09:19:51 executing program 4:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SCROLLCONSOLE(r0, 0x5412, &(0x7f0000000140))

[   64.824731] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.827567] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.829336] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.834112] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.836795] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.845597] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.846936] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   64.850723] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   64.850795] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.860901] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.862496] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   64.868297] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.868436] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   64.871033] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.874915] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.899208] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   64.903218] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   64.906533] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   64.912881] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   64.915693] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   64.954805] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   64.964029] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   64.969975] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   64.976661] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   64.981817] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   64.985148] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   64.990445] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   64.998658] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   65.001557] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   65.012571] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   65.014617] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   65.024712] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   65.028171] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   65.032321] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   65.033963] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   65.036711] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   65.042879] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   65.044991] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   65.048142] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   65.058574] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   66.923977] Bluetooth: hci2: command tx timeout
[   66.924643] Bluetooth: hci0: command tx timeout
[   66.925092] Bluetooth: hci1: command tx timeout
[   66.988580] Bluetooth: hci3: command tx timeout
[   67.051448] Bluetooth: hci6: command tx timeout
[   67.116481] Bluetooth: hci7: command tx timeout
[   67.117077] Bluetooth: hci4: command tx timeout
[   67.117586] Bluetooth: hci5: command tx timeout
[   68.973026] Bluetooth: hci1: command tx timeout
[   68.974696] Bluetooth: hci0: command tx timeout
[   68.975079] Bluetooth: hci2: command tx timeout
[   69.035486] Bluetooth: hci3: command tx timeout
[   69.099480] Bluetooth: hci6: command tx timeout
[   69.164387] Bluetooth: hci7: command tx timeout
[   69.164872] Bluetooth: hci5: command tx timeout
[   69.165257] Bluetooth: hci4: command tx timeout
[   71.019451] Bluetooth: hci2: command tx timeout
[   71.019909] Bluetooth: hci0: command tx timeout
[   71.020296] Bluetooth: hci1: command tx timeout
[   71.085048] Bluetooth: hci3: command tx timeout
[   71.147763] Bluetooth: hci6: command tx timeout
[   71.211438] Bluetooth: hci7: command tx timeout
[   71.211857] Bluetooth: hci5: command tx timeout
[   71.212238] Bluetooth: hci4: command tx timeout
[   73.067555] Bluetooth: hci1: command tx timeout
[   73.068012] Bluetooth: hci2: command tx timeout
[   73.068500] Bluetooth: hci0: command tx timeout
[   73.131699] Bluetooth: hci3: command tx timeout
[   73.195466] Bluetooth: hci6: command tx timeout
[   73.259463] Bluetooth: hci4: command tx timeout
[   73.259878] Bluetooth: hci5: command tx timeout
[   73.260254] Bluetooth: hci7: command tx timeout
[  102.265597] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.266276] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.470558] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.471178] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.707816] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.708494] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.773586] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.774223] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.838334] audit: type=1400 audit(1756459230.351:8): avc:  denied  { open } for  pid=3757 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  102.840076] audit: type=1400 audit(1756459230.351:9): avc:  denied  { kernel } for  pid=3757 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  102.952105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.953150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:20:30 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = dup2(r0, r1)
mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
ioctl$TCSBRKP(r2, 0x5437, 0x0)

[  103.105023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.106433] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:20:30 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = dup2(r0, r1)
mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
ioctl$TCSBRKP(r2, 0x5437, 0x0)

09:20:30 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = dup2(r0, r1)
mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
ioctl$TCSBRKP(r2, 0x5437, 0x0)

[  103.533751] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.534400] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:20:31 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = dup2(r0, r1)
mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
ioctl$TCSBRKP(r2, 0x5437, 0x0)

09:20:31 executing program 4:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SCROLLCONSOLE(r0, 0x5412, &(0x7f0000000140))

09:20:31 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)

09:20:31 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = dup2(r0, r1)
mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
ioctl$TCSBRKP(r2, 0x5437, 0x0)

09:20:31 executing program 4:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SCROLLCONSOLE(r0, 0x5412, &(0x7f0000000140))

[  103.758489] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.759081] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.824014] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.825159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.925724] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.926451] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.113366] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.114004] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.189406] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.190029] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.415743] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.416469] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.447833] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.448419] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.520478] audit: type=1401 audit(1756459232.033:10): op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:kernel_t:s0 newcontext=system_u:object_r:smartcard_device_t:s0
[  104.885314] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.886028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.908490] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.909079] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:20:32 executing program 0:
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
write$selinux_attr(r0, &(0x7f0000000040)='system_u:object_r:smartcard_device_t:s0\x00', 0x28)

09:20:32 executing program 4:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SCROLLCONSOLE(r0, 0x5412, &(0x7f0000000140))

09:20:32 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = dup2(r0, r1)
mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
ioctl$TCSBRKP(r2, 0x5437, 0x0)

09:20:32 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = epoll_create(0x2b)
r1 = epoll_create(0xdc)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))

09:20:32 executing program 7:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0x5)
setuid(r1)
r2 = msgget$private(0x0, 0x0)
msgctl$MSG_STAT(r2, 0xb, 0x0)

09:20:32 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = epoll_create(0x2b)
r1 = epoll_create(0xdc)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))

09:20:32 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x45, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, 0x0)

09:20:32 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)

[  105.114320] audit: type=1401 audit(1756459232.627:11): op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:kernel_t:s0 newcontext=system_u:object_r:smartcard_device_t:s0
09:20:32 executing program 7:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0x5)
setuid(r1)
r2 = msgget$private(0x0, 0x0)
msgctl$MSG_STAT(r2, 0xb, 0x0)

09:20:32 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = epoll_create(0x2b)
r1 = epoll_create(0xdc)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))

[  105.213212] kmemleak: Found object by alias at 0x607f1a639c4c
[  105.213236] CPU: 0 UID: 0 PID: 3930 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  105.213255] Tainted: [W]=WARN
[  105.213259] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  105.213267] Call Trace:
[  105.213271]  <TASK>
[  105.213276]  dump_stack_lvl+0xca/0x120
[  105.213307]  __lookup_object+0x94/0xb0
[  105.213325]  delete_object_full+0x27/0x70
[  105.213341]  free_percpu+0x30/0x1160
[  105.213364]  ? arch_uprobe_clear_state+0x16/0x140
[  105.213384]  futex_hash_free+0x38/0xc0
[  105.213399]  mmput+0x2d3/0x390
[  105.213418]  do_exit+0x79d/0x2970
[  105.213432]  ? signal_wake_up_state+0x85/0x120
[  105.213448]  ? zap_other_threads+0x2b9/0x3a0
[  105.213464]  ? __pfx_do_exit+0x10/0x10
[  105.213476]  ? do_group_exit+0x1c3/0x2a0
[  105.213490]  ? lock_release+0xc8/0x290
[  105.213507]  do_group_exit+0xd3/0x2a0
[  105.213521]  __x64_sys_exit_group+0x3e/0x50
[  105.213535]  x64_sys_call+0x18c5/0x18d0
[  105.213551]  do_syscall_64+0xbf/0x360
[  105.213563]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.213574] RIP: 0033:0x7fd748836b19
[  105.213584] Code: Unable to access opcode bytes at 0x7fd748836aef.
[  105.213589] RSP: 002b:00007ffe93185dd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  105.213600] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fd748836b19
[  105.213608] RDX: 00007fd7487e972b RSI: ffffffffffffffbc RDI: 0000000000000000
[  105.213615] RBP: 0000000000000000 R08: 0000001b2cf22b44 R09: 0000000000000000
[  105.213622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  105.213629] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe93185ec0
[  105.213644]  </TASK>
[  105.213648] kmemleak: Object (percpu) 0x607f1a639c48 (size 8):
[  105.213655] kmemleak:   comm "syz-executor.2", pid 3935, jiffies 4294771983
[  105.213662] kmemleak:   min_count = 1
[  105.213666] kmemleak:   count = 0
[  105.213669] kmemleak:   flags = 0x21
[  105.213673] kmemleak:   checksum = 0
[  105.213677] kmemleak:   backtrace:
[  105.213680]  pcpu_alloc_noprof+0x87a/0x1170
[  105.213695]  perf_trace_event_init+0x366/0xa10
[  105.213709]  perf_trace_init+0x1a4/0x2f0
[  105.213720]  perf_tp_event_init+0xa6/0x120
[  105.213736]  perf_try_init_event+0x140/0x9f0
[  105.213748]  perf_event_alloc.part.0+0x118e/0x45f0
[  105.213765]  __do_sys_perf_event_open+0x719/0x2c20
[  105.213777]  do_syscall_64+0xbf/0x360
[  105.213786]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
09:20:32 executing program 0:
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
write$selinux_attr(r0, &(0x7f0000000040)='system_u:object_r:smartcard_device_t:s0\x00', 0x28)

09:20:32 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = dup2(r0, r1)
mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
ioctl$TCSBRKP(r2, 0x5437, 0x0)

09:20:32 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0)
pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000080), 0x0, 0x4)

09:20:32 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = epoll_create(0x2b)
r1 = epoll_create(0xdc)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))

09:20:32 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x45, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, 0x0)

09:20:32 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = epoll_create(0x2b)
r1 = epoll_create(0xdc)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))

09:20:32 executing program 7:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0x5)
setuid(r1)
r2 = msgget$private(0x0, 0x0)
msgctl$MSG_STAT(r2, 0xb, 0x0)

09:20:32 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)=@v3, 0x18, 0x0)
listxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=""/17, 0x11)

[  105.327723] audit: type=1401 audit(1756459232.840:12): op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:kernel_t:s0 newcontext=system_u:object_r:smartcard_device_t:s0
09:20:32 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = epoll_create(0x2b)
r1 = epoll_create(0xdc)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))

09:20:32 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = dup2(r0, r1)
mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
ioctl$TCSBRKP(r2, 0x5437, 0x0)

09:20:32 executing program 0:
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
write$selinux_attr(r0, &(0x7f0000000040)='system_u:object_r:smartcard_device_t:s0\x00', 0x28)

09:20:32 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0))

09:20:32 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x45, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, 0x0)

09:20:32 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)=@v3, 0x18, 0x0)
listxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=""/17, 0x11)

09:20:32 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@aname={'aname', 0x3d, 'wfdno\xbf\x05\x9b\x18\xf7P\xfcR\x0e\xb9\f\xf9*\xc2\xb0\xb1O\xbd`O\x11\xe2SRr0L\x8a\xf5GY\xf1c\b\x8a\xd0\xa2\x95<?[\xe5\xb8\x9f](\x1bX\xca\xe1\x86\xdd`\xfd;\"\xce0{-\x80\x8dT\xa4\x11\x7f\xe7\xfc\bY\x8fa\xcd%s\x11\xa8\xd4\xee\x981(\xa40\xb9\xe9\x13{z\x94\x98\xa2/X\xa2\x0f\xde@\xf9p\xf3\x02!\xc6\xbd\xf7\xe90?\xa5z\xc9\xf0\xdf\xfa\x1bM\xb4\x9d\x18\x1a\xb2\x13\xe4\x17\x99\xc2\xb0|\x10^\x81g\x8df\xbev\xa9\x7f\xb3V\xb3+\xda\xa9\xb2\x94]\xa181\x89\xde\xc6\xa7\xfb\x02+\v3\r\x1et\xf0N/a\x9b\x0f\x93\xd70\xd4b\xa7\xc1\xa4\xd6\xe6hg|\x97\xc6\xfa\x18\xe0P\x1d'}}, {@uname={'uname', 0x3d, '9p\x00'}}, {@loose}, {@mmap}]}})

09:20:32 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0x14}, {0x6}]})

09:20:32 executing program 6:
socketpair(0x0, 0x80e, 0x0, &(0x7f0000000000))

[  105.506816] audit: type=1326 audit(1756459233.019:13): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3958 comm="syz-executor.7" exe="/syz-executor.7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5e16cd1b19 code=0x0
[  105.517465] audit: type=1401 audit(1756459233.029:14): op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:kernel_t:s0 newcontext=system_u:object_r:smartcard_device_t:s0
09:20:33 executing program 6:
socketpair(0x0, 0x80e, 0x0, &(0x7f0000000000))

09:20:33 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x60, 0x2, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x9}, [@CTA_PROTOINFO={0x10, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0xc, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_STATE={0x5}]}}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}]}]}, 0x60}}, 0x0)

09:20:33 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)=@v3, 0x18, 0x0)
listxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=""/17, 0x11)

09:20:33 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0))

09:20:33 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = dup2(r0, r1)
mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
ioctl$TCSBRKP(r2, 0x5437, 0x0)

09:20:33 executing program 6:
socketpair(0x0, 0x80e, 0x0, &(0x7f0000000000))

09:20:33 executing program 5:
clock_adjtime(0x0, &(0x7f0000000b00)={0x97d0})

09:20:33 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0))

09:20:33 executing program 6:
socketpair(0x0, 0x80e, 0x0, &(0x7f0000000000))

09:20:33 executing program 5:
clock_adjtime(0x0, &(0x7f0000000b00)={0x97d0})

09:20:33 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0))

09:20:33 executing program 4:
r0 = syz_open_procfs$userns(0x0, &(0x7f0000000080))
ioctl$NS_GET_OWNER_UID(r0, 0xb703, 0x0)

09:20:33 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x60, 0x2, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x9}, [@CTA_PROTOINFO={0x10, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0xc, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_STATE={0x5}]}}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}]}]}, 0x60}}, 0x0)

09:20:33 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@aname={'aname', 0x3d, 'wfdno\xbf\x05\x9b\x18\xf7P\xfcR\x0e\xb9\f\xf9*\xc2\xb0\xb1O\xbd`O\x11\xe2SRr0L\x8a\xf5GY\xf1c\b\x8a\xd0\xa2\x95<?[\xe5\xb8\x9f](\x1bX\xca\xe1\x86\xdd`\xfd;\"\xce0{-\x80\x8dT\xa4\x11\x7f\xe7\xfc\bY\x8fa\xcd%s\x11\xa8\xd4\xee\x981(\xa40\xb9\xe9\x13{z\x94\x98\xa2/X\xa2\x0f\xde@\xf9p\xf3\x02!\xc6\xbd\xf7\xe90?\xa5z\xc9\xf0\xdf\xfa\x1bM\xb4\x9d\x18\x1a\xb2\x13\xe4\x17\x99\xc2\xb0|\x10^\x81g\x8df\xbev\xa9\x7f\xb3V\xb3+\xda\xa9\xb2\x94]\xa181\x89\xde\xc6\xa7\xfb\x02+\v3\r\x1et\xf0N/a\x9b\x0f\x93\xd70\xd4b\xa7\xc1\xa4\xd6\xe6hg|\x97\xc6\xfa\x18\xe0P\x1d'}}, {@uname={'uname', 0x3d, '9p\x00'}}, {@loose}, {@mmap}]}})

09:20:33 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0x14}, {0x6}]})

09:20:33 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)=@v3, 0x18, 0x0)
listxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=""/17, 0x11)

[  105.829966] audit: type=1326 audit(1756459233.343:15): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3994 comm="syz-executor.7" exe="/syz-executor.7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5e16cd1b19 code=0x0
09:20:33 executing program 6:
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_DEL_FROM_ACCEPT_LIST={{0x9}, 0x40}}}, 0x7)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_move_chan_rsp={{0xf, 0x3, 0x4}, {0x4, 0x9}}]}}, 0x11)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x41c}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="03c800a23b9d1d50823db5e2e45988439ba596412882a4a358c2aadd49ebbc0ac108037fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"], 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0xf}, {0x8, 0x2, [{0xc8, 0x8001, 0x2}, {0xc8, 0x3, 0x3f}]}}}, 0x12)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x120, 0xa00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="371337cfa3139f00000000ff78856d451224038c293def2129b762617306025dc3ab02fefdc8c81e99c9432b4d763185f3798ea45a000000807a2997604e26d27d4fbe5367b47a6abe08e052100b78407f797ddf1677b6ca78623a60e86aa735eafc950014d31476d3c19ab92ba9bf1e12da13b50d629cacccc89b1000"/134])
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0x54df1abb4fd15e78)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

09:20:33 executing program 4:
r0 = syz_open_procfs$userns(0x0, &(0x7f0000000080))
ioctl$NS_GET_OWNER_UID(r0, 0xb703, 0x0)

09:20:33 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x60, 0x2, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x9}, [@CTA_PROTOINFO={0x10, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0xc, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_STATE={0x5}]}}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}]}]}, 0x60}}, 0x0)

[  105.897253] Bluetooth: Unexpected continuation frame (len 12)
[  105.941236] kmemleak: Found object by alias at 0x607f1a639c4c
[  105.941259] CPU: 0 UID: 0 PID: 4003 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  105.941285] Tainted: [W]=WARN
[  105.941290] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  105.941300] Call Trace:
[  105.941306]  <TASK>
[  105.941312]  dump_stack_lvl+0xca/0x120
[  105.941351]  __lookup_object+0x94/0xb0
[  105.941375]  delete_object_full+0x27/0x70
[  105.941398]  free_percpu+0x30/0x1160
[  105.941421]  ? arch_uprobe_clear_state+0x16/0x140
[  105.941450]  futex_hash_free+0x38/0xc0
[  105.941469]  mmput+0x2d3/0x390
[  105.941496]  do_exit+0x79d/0x2970
[  105.941515]  ? signal_wake_up_state+0x85/0x120
[  105.941538]  ? zap_other_threads+0x2b9/0x3a0
[  105.941560]  ? __pfx_do_exit+0x10/0x10
[  105.941579]  ? do_group_exit+0x1c3/0x2a0
[  105.941598]  ? lock_release+0xc8/0x290
[  105.941622]  do_group_exit+0xd3/0x2a0
[  105.941644]  __x64_sys_exit_group+0x3e/0x50
[  105.941664]  x64_sys_call+0x18c5/0x18d0
[  105.941686]  do_syscall_64+0xbf/0x360
[  105.941703]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.941719] RIP: 0033:0x7fd748836b19
[  105.941732] Code: Unable to access opcode bytes at 0x7fd748836aef.
[  105.941739] RSP: 002b:00007ffe93185dd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  105.941756] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fd748836b19
[  105.941767] RDX: 00007fd7487e972b RSI: ffffffffffffffbc RDI: 0000000000000000
[  105.941777] RBP: 0000000000000000 R08: 0000001b2cf2001c R09: 0000000000000000
[  105.941787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  105.941797] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe93185ec0
[  105.941819]  </TASK>
[  105.941824] kmemleak: Object (percpu) 0x607f1a639c48 (size 8):
[  105.941834] kmemleak:   comm "syz-executor.3", pid 4002, jiffies 4294772637
[  105.941844] kmemleak:   min_count = 1
[  105.941850] kmemleak:   count = 0
[  105.941855] kmemleak:   flags = 0x21
[  105.941860] kmemleak:   checksum = 0
[  105.941866] kmemleak:   backtrace:
[  105.941870]  pcpu_alloc_noprof+0x87a/0x1170
[  105.941892]  perf_trace_event_init+0x366/0xa10
[  105.941911]  perf_trace_init+0x1a4/0x2f0
[  105.941928]  perf_tp_event_init+0xa6/0x120
[  105.941950]  perf_try_init_event+0x140/0x9f0
[  105.941968]  perf_event_alloc.part.0+0x118e/0x45f0
[  105.941992]  __do_sys_perf_event_open+0x719/0x2c20
[  105.942009]  do_syscall_64+0xbf/0x360
[  105.942022]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.965063] Bluetooth: Unexpected continuation frame (len 12)
09:20:33 executing program 4:
r0 = syz_open_procfs$userns(0x0, &(0x7f0000000080))
ioctl$NS_GET_OWNER_UID(r0, 0xb703, 0x0)

09:20:33 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0x14}, {0x6}]})

09:20:33 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x60, 0x2, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x9}, [@CTA_PROTOINFO={0x10, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0xc, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_STATE={0x5}]}}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}]}]}, 0x60}}, 0x0)

09:20:33 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@aname={'aname', 0x3d, 'wfdno\xbf\x05\x9b\x18\xf7P\xfcR\x0e\xb9\f\xf9*\xc2\xb0\xb1O\xbd`O\x11\xe2SRr0L\x8a\xf5GY\xf1c\b\x8a\xd0\xa2\x95<?[\xe5\xb8\x9f](\x1bX\xca\xe1\x86\xdd`\xfd;\"\xce0{-\x80\x8dT\xa4\x11\x7f\xe7\xfc\bY\x8fa\xcd%s\x11\xa8\xd4\xee\x981(\xa40\xb9\xe9\x13{z\x94\x98\xa2/X\xa2\x0f\xde@\xf9p\xf3\x02!\xc6\xbd\xf7\xe90?\xa5z\xc9\xf0\xdf\xfa\x1bM\xb4\x9d\x18\x1a\xb2\x13\xe4\x17\x99\xc2\xb0|\x10^\x81g\x8df\xbev\xa9\x7f\xb3V\xb3+\xda\xa9\xb2\x94]\xa181\x89\xde\xc6\xa7\xfb\x02+\v3\r\x1et\xf0N/a\x9b\x0f\x93\xd70\xd4b\xa7\xc1\xa4\xd6\xe6hg|\x97\xc6\xfa\x18\xe0P\x1d'}}, {@uname={'uname', 0x3d, '9p\x00'}}, {@loose}, {@mmap}]}})

09:20:33 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = dup3(r1, r2, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x3, &(0x7f0000000040)={'filter\x00', 0x2, [{}, {}]}, 0x48)
ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000080))
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, @rand_addr=' \x01\x00', 0x0, 0x5, 0x0, 0x0, 0x0, 0x80280})

[  106.063074] audit: type=1326 audit(1756459233.572:16): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4018 comm="syz-executor.7" exe="/syz-executor.7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5e16cd1b19 code=0x0
09:20:33 executing program 1:
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000000), &(0x7f0000000040)=0x4)

09:20:33 executing program 1:
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_DEL_FROM_ACCEPT_LIST={{0x9}, 0x40}}}, 0x7)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_move_chan_rsp={{0xf, 0x3, 0x4}, {0x4, 0x9}}]}}, 0x11)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x41c}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="03c800a23b9d1d50823db5e2e45988439ba596412882a4a358c2aadd49ebbc0ac108037fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"], 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0xf}, {0x8, 0x2, [{0xc8, 0x8001, 0x2}, {0xc8, 0x3, 0x3f}]}}}, 0x12)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x120, 0xa00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="371337cfa3139f00000000ff78856d451224038c293def2129b762617306025dc3ab02fefdc8c81e99c9432b4d763185f3798ea45a000000807a2997604e26d27d4fbe5367b47a6abe08e052100b78407f797ddf1677b6ca78623a60e86aa735eafc950014d31476d3c19ab92ba9bf1e12da13b50d629cacccc89b1000"/134])
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0x54df1abb4fd15e78)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

09:20:33 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = dup3(r1, r2, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x3, &(0x7f0000000040)={'filter\x00', 0x2, [{}, {}]}, 0x48)
ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000080))
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, @rand_addr=' \x01\x00', 0x0, 0x5, 0x0, 0x0, 0x0, 0x80280})

09:20:33 executing program 5:
clock_adjtime(0x0, &(0x7f0000000b00)={0x97d0})

09:20:33 executing program 4:
r0 = syz_open_procfs$userns(0x0, &(0x7f0000000080))
ioctl$NS_GET_OWNER_UID(r0, 0xb703, 0x0)

09:20:33 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0x14}, {0x6}]})

09:20:33 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@aname={'aname', 0x3d, 'wfdno\xbf\x05\x9b\x18\xf7P\xfcR\x0e\xb9\f\xf9*\xc2\xb0\xb1O\xbd`O\x11\xe2SRr0L\x8a\xf5GY\xf1c\b\x8a\xd0\xa2\x95<?[\xe5\xb8\x9f](\x1bX\xca\xe1\x86\xdd`\xfd;\"\xce0{-\x80\x8dT\xa4\x11\x7f\xe7\xfc\bY\x8fa\xcd%s\x11\xa8\xd4\xee\x981(\xa40\xb9\xe9\x13{z\x94\x98\xa2/X\xa2\x0f\xde@\xf9p\xf3\x02!\xc6\xbd\xf7\xe90?\xa5z\xc9\xf0\xdf\xfa\x1bM\xb4\x9d\x18\x1a\xb2\x13\xe4\x17\x99\xc2\xb0|\x10^\x81g\x8df\xbev\xa9\x7f\xb3V\xb3+\xda\xa9\xb2\x94]\xa181\x89\xde\xc6\xa7\xfb\x02+\v3\r\x1et\xf0N/a\x9b\x0f\x93\xd70\xd4b\xa7\xc1\xa4\xd6\xe6hg|\x97\xc6\xfa\x18\xe0P\x1d'}}, {@uname={'uname', 0x3d, '9p\x00'}}, {@loose}, {@mmap}]}})

09:20:33 executing program 6:
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_DEL_FROM_ACCEPT_LIST={{0x9}, 0x40}}}, 0x7)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_move_chan_rsp={{0xf, 0x3, 0x4}, {0x4, 0x9}}]}}, 0x11)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x41c}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="03c800a23b9d1d50823db5e2e45988439ba596412882a4a358c2aadd49ebbc0ac108037fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"], 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0xf}, {0x8, 0x2, [{0xc8, 0x8001, 0x2}, {0xc8, 0x3, 0x3f}]}}}, 0x12)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x120, 0xa00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="371337cfa3139f00000000ff78856d451224038c293def2129b762617306025dc3ab02fefdc8c81e99c9432b4d763185f3798ea45a000000807a2997604e26d27d4fbe5367b47a6abe08e052100b78407f797ddf1677b6ca78623a60e86aa735eafc950014d31476d3c19ab92ba9bf1e12da13b50d629cacccc89b1000"/134])
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0x54df1abb4fd15e78)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

[  106.230013] Bluetooth: Unexpected continuation frame (len 12)
09:20:33 executing program 0:
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_DEL_FROM_ACCEPT_LIST={{0x9}, 0x40}}}, 0x7)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_move_chan_rsp={{0xf, 0x3, 0x4}, {0x4, 0x9}}]}}, 0x11)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x41c}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="03c800a23b9d1d50823db5e2e45988439ba596412882a4a358c2aadd49ebbc0ac108037fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"], 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0xf}, {0x8, 0x2, [{0xc8, 0x8001, 0x2}, {0xc8, 0x3, 0x3f}]}}}, 0x12)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x120, 0xa00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="371337cfa3139f00000000ff78856d451224038c293def2129b762617306025dc3ab02fefdc8c81e99c9432b4d763185f3798ea45a000000807a2997604e26d27d4fbe5367b47a6abe08e052100b78407f797ddf1677b6ca78623a60e86aa735eafc950014d31476d3c19ab92ba9bf1e12da13b50d629cacccc89b1000"/134])
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0x54df1abb4fd15e78)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

[  106.248660] audit: type=1326 audit(1756459233.761:17): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4033 comm="syz-executor.7" exe="/syz-executor.7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5e16cd1b19 code=0x0
[  106.269479] Bluetooth: Unexpected continuation frame (len 12)
[  106.297534] Bluetooth: Unexpected continuation frame (len 12)
09:20:33 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = dup3(r1, r2, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x3, &(0x7f0000000040)={'filter\x00', 0x2, [{}, {}]}, 0x48)
ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000080))
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, @rand_addr=' \x01\x00', 0x0, 0x5, 0x0, 0x0, 0x0, 0x80280})

[  106.332158] kmemleak: Found object by alias at 0x607f1a639c4c
[  106.332179] CPU: 0 UID: 0 PID: 4032 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  106.332206] Tainted: [W]=WARN
[  106.332211] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  106.332222] Call Trace:
[  106.332227]  <TASK>
[  106.332234]  dump_stack_lvl+0xca/0x120
[  106.332267]  __lookup_object+0x94/0xb0
[  106.332293]  delete_object_full+0x27/0x70
[  106.332318]  free_percpu+0x30/0x1160
[  106.332342]  ? arch_uprobe_clear_state+0x16/0x140
[  106.332377]  futex_hash_free+0x38/0xc0
[  106.332398]  mmput+0x2d3/0x390
[  106.332425]  do_exit+0x79d/0x2970
[  106.332445]  ? signal_wake_up_state+0x85/0x120
[  106.332467]  ? zap_other_threads+0x2b9/0x3a0
[  106.332490]  ? __pfx_do_exit+0x10/0x10
[  106.332509]  ? do_group_exit+0x1c3/0x2a0
[  106.332528]  ? lock_release+0xc8/0x290
[  106.332553]  do_group_exit+0xd3/0x2a0
[  106.332575]  __x64_sys_exit_group+0x3e/0x50
[  106.332595]  x64_sys_call+0x18c5/0x18d0
[  106.332617]  do_syscall_64+0xbf/0x360
[  106.332634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.332651] RIP: 0033:0x7fd748836b19
[  106.332663] Code: Unable to access opcode bytes at 0x7fd748836aef.
[  106.332671] RSP: 002b:00007ffe93185dd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  106.332687] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fd748836b19
[  106.332698] RDX: 00007fd7487e972b RSI: ffffffffffffffbc RDI: 0000000000000000
[  106.332708] RBP: 0000000000000000 R08: 0000001b2cf2001c R09: 0000000000000000
[  106.332718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.332728] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe93185ec0
[  106.332751]  </TASK>
[  106.332757] kmemleak: Object (percpu) 0x607f1a639c48 (size 8):
[  106.332766] kmemleak:   comm "syz-executor.6", pid 4034, jiffies 4294773037
[  106.332777] kmemleak:   min_count = 1
[  106.332782] kmemleak:   count = 0
[  106.332787] kmemleak:   flags = 0x21
[  106.332793] kmemleak:   checksum = 0
[  106.332798] kmemleak:   backtrace:
[  106.332803]  pcpu_alloc_noprof+0x87a/0x1170
[  106.332835]  xfrm_state_init+0x1a5/0x640
[  106.332860]  xfrm_net_init+0x1a3/0xb20
[  106.332875]  ops_init+0x1e1/0x650
[  106.332901]  setup_net+0x10d/0x320
[  106.332923]  copy_net_ns+0x2e3/0x650
[  106.332936]  create_new_namespaces+0x3f6/0xab0
[  106.332960]  copy_namespaces+0x45c/0x580
[  106.332982]  copy_process+0x2649/0x73c0
[  106.332996]  kernel_clone+0xea/0x7f0
[  106.333011]  __do_sys_clone+0xce/0x120
[  106.333025]  do_syscall_64+0xbf/0x360
[  106.333037]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.367767] kmemleak: Cannot insert 0x607f1a639c4c into the object search tree (overlaps existing)
[  106.367787] CPU: 0 UID: 0 PID: 4043 Comm: syz-executor.0 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  106.367813] Tainted: [W]=WARN
[  106.367818] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  106.367828] Call Trace:
[  106.367833]  <TASK>
[  106.367839]  dump_stack_lvl+0xca/0x120
[  106.367868]  __link_object+0x190/0x210
[  106.367892]  __create_object+0x48/0x80
[  106.367918]  pcpu_alloc_noprof+0x87a/0x1170
[  106.367951]  __percpu_init_rwsem+0x2d/0x160
[  106.367975]  ? security_sb_alloc+0x75/0x140
[  106.368000]  alloc_super+0x29e/0xb80
[  106.368023]  sget_fc+0xfe/0xb80
[  106.368039]  ? __pfx_set_anon_super_fc+0x10/0x10
[  106.368069]  ? __pfx_mqueue_fill_super+0x10/0x10
[  106.368094]  get_tree_nodev+0x28/0x190
[  106.368113]  mqueue_get_tree+0xf6/0x140
[  106.368138]  vfs_get_tree+0x93/0x340
[  106.368164]  fc_mount_longterm+0x18/0x160
[  106.368190]  mq_init_ns+0x42e/0x630
[  106.368209]  copy_ipcs+0x38d/0x630
[  106.368224]  ? copy_utsname+0xae/0x470
[  106.368246]  create_new_namespaces+0x210/0xab0
[  106.368272]  ? security_capable+0x2f/0x90
[  106.368296]  copy_namespaces+0x45c/0x580
[  106.368324]  copy_process+0x2649/0x73c0
[  106.368341]  ? __lock_acquire+0x694/0x1b70
[  106.368378]  ? __pfx_copy_process+0x10/0x10
[  106.368396]  ? __lock_acquire+0xc65/0x1b70
[  106.368427]  kernel_clone+0xea/0x7f0
[  106.368444]  ? finish_task_switch.isra.0+0x201/0x840
[  106.368474]  ? __pfx_kernel_clone+0x10/0x10
[  106.368494]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  106.368514]  ? finish_task_switch.isra.0+0x206/0x840
[  106.368544]  ? trace_sched_exit_tp+0xbf/0x100
[  106.368569]  ? __schedule+0xe91/0x3590
[  106.368595]  __do_sys_clone+0xce/0x120
[  106.368613]  ? __pfx___do_sys_clone+0x10/0x10
[  106.368631]  ? __pfx___schedule+0x10/0x10
[  106.368665]  ? syscall_user_dispatch+0x78/0x140
[  106.368692]  do_syscall_64+0xbf/0x360
[  106.368709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.368726] RIP: 0033:0x7fe1b1c93b19
[  106.368739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  106.368756] RSP: 002b:00007fe1af209188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  106.368773] RAX: ffffffffffffffda RBX: 00007fe1b1da6f60 RCX: 00007fe1b1c93b19
[  106.368785] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 000000004c01f900
[  106.368795] RBP: 00007fe1b1cedf6d R08: 0000000000000000 R09: 0000000000000000
[  106.368806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  106.368825] R13: 00007ffd335ace7f R14: 00007fe1af209300 R15: 0000000000022000
[  106.368849]  </TASK>
[  106.369394] kmemleak: Kernel memory leak detector disabled
[  106.369400] kmemleak: Object (percpu) 0x607f1a639c48 (size 8):
[  106.369411] kmemleak:   comm "syz-executor.6", pid 4034, jiffies 4294773037
[  106.369421] kmemleak:   min_count = 1
[  106.369427] kmemleak:   count = 0
[  106.369433] kmemleak:   flags = 0x21
[  106.369439] kmemleak:   checksum = 0
[  106.369444] kmemleak:   backtrace:
[  106.369449]  pcpu_alloc_noprof+0x87a/0x1170
[  106.369472]  xfrm_state_init+0x1a5/0x640
[  106.369496]  xfrm_net_init+0x1a3/0xb20
[  106.369512]  ops_init+0x1e1/0x650
[  106.369535]  setup_net+0x10d/0x320
[  106.369559]  copy_net_ns+0x2e3/0x650
[  106.369572]  create_new_namespaces+0x3f6/0xab0
[  106.369596]  copy_namespaces+0x45c/0x580
[  106.369619]  copy_process+0x2649/0x73c0
[  106.369634]  kernel_clone+0xea/0x7f0
[  106.369649]  __do_sys_clone+0xce/0x120
[  106.369664]  do_syscall_64+0xbf/0x360
[  106.369677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
09:20:33 executing program 5:
clock_adjtime(0x0, &(0x7f0000000b00)={0x97d0})

09:20:33 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = dup3(r1, r2, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x3, &(0x7f0000000040)={'filter\x00', 0x2, [{}, {}]}, 0x48)
ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000080))
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, @rand_addr=' \x01\x00', 0x0, 0x5, 0x0, 0x0, 0x0, 0x80280})

09:20:33 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = dup3(r1, r2, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x3, &(0x7f0000000040)={'filter\x00', 0x2, [{}, {}]}, 0x48)
ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000080))
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, @rand_addr=' \x01\x00', 0x0, 0x5, 0x0, 0x0, 0x0, 0x80280})

[  106.489828] kmemleak: Found object by alias at 0x607f1a639c4c
[  106.489848] CPU: 1 UID: 0 PID: 4047 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  106.489866] Tainted: [W]=WARN
[  106.489870] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  106.489877] Call Trace:
[  106.489881]  <TASK>
[  106.489885]  dump_stack_lvl+0xca/0x120
[  106.489911]  __lookup_object+0x94/0xb0
[  106.489928]  delete_object_full+0x27/0x70
[  106.489944]  free_percpu+0x30/0x1160
[  106.489960]  ? arch_uprobe_clear_state+0x16/0x140
[  106.489980]  futex_hash_free+0x38/0xc0
[  106.489994]  mmput+0x2d3/0x390
[  106.490013]  do_exit+0x79d/0x2970
[  106.490035]  ? __pfx_do_exit+0x10/0x10
[  106.490049]  ? find_held_lock+0x2b/0x80
[  106.490066]  ? get_signal+0x835/0x2340
[  106.490086]  do_group_exit+0xd3/0x2a0
[  106.490101]  get_signal+0x2315/0x2340
[  106.490118]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  106.490135]  ? __pfx_get_signal+0x10/0x10
[  106.490151]  ? do_futex+0x135/0x370
[  106.490164]  ? __pfx_do_futex+0x10/0x10
[  106.490179]  arch_do_signal_or_restart+0x80/0x790
[  106.490197]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  106.490213]  ? __x64_sys_futex+0x1c9/0x4d0
[  106.490225]  ? __x64_sys_futex+0x1d2/0x4d0
[  106.490239]  ? __pfx___x64_sys_futex+0x10/0x10
[  106.490253]  ? xfd_validate_state+0x55/0x180
[  106.490274]  exit_to_user_mode_loop+0x8b/0x110
[  106.490287]  do_syscall_64+0x2f7/0x360
[  106.490299]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.490311] RIP: 0033:0x7fd748836b19
[  106.490320] Code: Unable to access opcode bytes at 0x7fd748836aef.
[  106.490326] RSP: 002b:00007fd745dac218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  106.490337] RAX: fffffffffffffe00 RBX: 00007fd748949f68 RCX: 00007fd748836b19
[  106.490345] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd748949f68
[  106.490352] RBP: 00007fd748949f60 R08: 0000000000000000 R09: 0000000000000000
[  106.490359] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd748949f6c
[  106.490366] R13: 00007ffe93185baf R14: 00007fd745dac300 R15: 0000000000022000
[  106.490384]  </TASK>
[  106.490388] kmemleak: Object (percpu) 0x607f1a639c48 (size 8):
[  106.490394] kmemleak:   comm "syz-executor.6", pid 4034, jiffies 4294773037
[  106.490402] kmemleak:   min_count = 1
[  106.490406] kmemleak:   count = 0
[  106.490409] kmemleak:   flags = 0x21
[  106.490413] kmemleak:   checksum = 0
[  106.490417] kmemleak:   backtrace:
[  106.490420]  pcpu_alloc_noprof+0x87a/0x1170
[  106.490435]  xfrm_state_init+0x1a5/0x640
[  106.490453]  xfrm_net_init+0x1a3/0xb20
[  106.490464]  ops_init+0x1e1/0x650
[  106.490481]  setup_net+0x10d/0x320
[  106.490496]  copy_net_ns+0x2e3/0x650
[  106.490504]  create_new_namespaces+0x3f6/0xab0
[  106.490521]  copy_namespaces+0x45c/0x580
[  106.490535]  copy_process+0x2649/0x73c0
[  106.490545]  kernel_clone+0xea/0x7f0
[  106.490555]  __do_sys_clone+0xce/0x120
[  106.490565]  do_syscall_64+0xbf/0x360
[  106.490574]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
09:20:34 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = dup3(r1, r2, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x3, &(0x7f0000000040)={'filter\x00', 0x2, [{}, {}]}, 0x48)
ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000080))
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, @rand_addr=' \x01\x00', 0x0, 0x5, 0x0, 0x0, 0x0, 0x80280})

09:20:34 executing program 7:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = dup3(r1, r2, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x3, &(0x7f0000000040)={'filter\x00', 0x2, [{}, {}]}, 0x48)
ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000080))
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, @rand_addr=' \x01\x00', 0x0, 0x5, 0x0, 0x0, 0x0, 0x80280})

09:20:34 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = dup3(r1, r2, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x3, &(0x7f0000000040)={'filter\x00', 0x2, [{}, {}]}, 0x48)
ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000080))
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, @rand_addr=' \x01\x00', 0x0, 0x5, 0x0, 0x0, 0x0, 0x80280})

09:20:34 executing program 6:
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_DEL_FROM_ACCEPT_LIST={{0x9}, 0x40}}}, 0x7)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_move_chan_rsp={{0xf, 0x3, 0x4}, {0x4, 0x9}}]}}, 0x11)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x41c}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="03c800a23b9d1d50823db5e2e45988439ba596412882a4a358c2aadd49ebbc0ac108037fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"], 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0xf}, {0x8, 0x2, [{0xc8, 0x8001, 0x2}, {0xc8, 0x3, 0x3f}]}}}, 0x12)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x120, 0xa00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="371337cfa3139f00000000ff78856d451224038c293def2129b762617306025dc3ab02fefdc8c81e99c9432b4d763185f3798ea45a000000807a2997604e26d27d4fbe5367b47a6abe08e052100b78407f797ddf1677b6ca78623a60e86aa735eafc950014d31476d3c19ab92ba9bf1e12da13b50d629cacccc89b1000"/134])
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0x54df1abb4fd15e78)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

[  106.597440] Bluetooth: Unexpected continuation frame (len 12)
09:20:34 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)

09:20:34 executing program 1:
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_DEL_FROM_ACCEPT_LIST={{0x9}, 0x40}}}, 0x7)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_move_chan_rsp={{0xf, 0x3, 0x4}, {0x4, 0x9}}]}}, 0x11)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x41c}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="03c800a23b9d1d50823db5e2e45988439ba596412882a4a358c2aadd49ebbc0ac108037fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"], 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0xf}, {0x8, 0x2, [{0xc8, 0x8001, 0x2}, {0xc8, 0x3, 0x3f}]}}}, 0x12)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x120, 0xa00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="371337cfa3139f00000000ff78856d451224038c293def2129b762617306025dc3ab02fefdc8c81e99c9432b4d763185f3798ea45a000000807a2997604e26d27d4fbe5367b47a6abe08e052100b78407f797ddf1677b6ca78623a60e86aa735eafc950014d31476d3c19ab92ba9bf1e12da13b50d629cacccc89b1000"/134])
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0x54df1abb4fd15e78)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

09:20:34 executing program 7:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = dup3(r1, r2, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x3, &(0x7f0000000040)={'filter\x00', 0x2, [{}, {}]}, 0x48)
ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000080))
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, @rand_addr=' \x01\x00', 0x0, 0x5, 0x0, 0x0, 0x0, 0x80280})

09:20:34 executing program 6:
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_DEL_FROM_ACCEPT_LIST={{0x9}, 0x40}}}, 0x7)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_move_chan_rsp={{0xf, 0x3, 0x4}, {0x4, 0x9}}]}}, 0x11)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x41c}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="03c800a23b9d1d50823db5e2e45988439ba596412882a4a358c2aadd49ebbc0ac108037fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"], 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0xf}, {0x8, 0x2, [{0xc8, 0x8001, 0x2}, {0xc8, 0x3, 0x3f}]}}}, 0x12)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x120, 0xa00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="371337cfa3139f00000000ff78856d451224038c293def2129b762617306025dc3ab02fefdc8c81e99c9432b4d763185f3798ea45a000000807a2997604e26d27d4fbe5367b47a6abe08e052100b78407f797ddf1677b6ca78623a60e86aa735eafc950014d31476d3c19ab92ba9bf1e12da13b50d629cacccc89b1000"/134])
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0x54df1abb4fd15e78)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

09:20:34 executing program 0:
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_DEL_FROM_ACCEPT_LIST={{0x9}, 0x40}}}, 0x7)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_move_chan_rsp={{0xf, 0x3, 0x4}, {0x4, 0x9}}]}}, 0x11)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x41c}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="03c800a23b9d1d50823db5e2e45988439ba596412882a4a358c2aadd49ebbc0ac108037fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"], 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0xf}, {0x8, 0x2, [{0xc8, 0x8001, 0x2}, {0xc8, 0x3, 0x3f}]}}}, 0x12)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x120, 0xa00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="371337cfa3139f00000000ff78856d451224038c293def2129b762617306025dc3ab02fefdc8c81e99c9432b4d763185f3798ea45a000000807a2997604e26d27d4fbe5367b47a6abe08e052100b78407f797ddf1677b6ca78623a60e86aa735eafc950014d31476d3c19ab92ba9bf1e12da13b50d629cacccc89b1000"/134])
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0x54df1abb4fd15e78)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

09:20:34 executing program 5:
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x20000004})
epoll_pwait(r1, &(0x7f0000001340)=[{}], 0x1, 0x0, 0x0, 0x0)
epoll_pwait2(r1, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0)

09:20:34 executing program 3:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
connect$bt_l2cap(r0, &(0x7f0000001b00)={0x1f, 0x0, @fixed}, 0xe)

09:20:34 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
dup2(0xffffffffffffffff, r0)
perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000040))

[  106.740808] Bluetooth: Unexpected continuation frame (len 12)
[  106.746972] Bluetooth: Unexpected continuation frame (len 12)
[  106.763467] Bluetooth: Unexpected continuation frame (len 12)
09:20:34 executing program 7:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = dup3(r1, r2, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x3, &(0x7f0000000040)={'filter\x00', 0x2, [{}, {}]}, 0x48)
ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000080))
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, @rand_addr=' \x01\x00', 0x0, 0x5, 0x0, 0x0, 0x0, 0x80280})

09:20:34 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)

09:20:34 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)

09:20:34 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
dup2(0xffffffffffffffff, r0)
perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000040))

09:20:34 executing program 5:
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x20000004})
epoll_pwait(r1, &(0x7f0000001340)=[{}], 0x1, 0x0, 0x0, 0x0)
epoll_pwait2(r1, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0)

09:20:34 executing program 7:
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x20000004})
epoll_pwait(r1, &(0x7f0000001340)=[{}], 0x1, 0x0, 0x0, 0x0)
epoll_pwait2(r1, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0)

09:20:34 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)

09:20:34 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)

09:20:34 executing program 0:
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_DEL_FROM_ACCEPT_LIST={{0x9}, 0x40}}}, 0x7)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_move_chan_rsp={{0xf, 0x3, 0x4}, {0x4, 0x9}}]}}, 0x11)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x41c}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="03c800a23b9d1d50823db5e2e45988439ba596412882a4a358c2aadd49ebbc0ac108037fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"], 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0xf}, {0x8, 0x2, [{0xc8, 0x8001, 0x2}, {0xc8, 0x3, 0x3f}]}}}, 0x12)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x120, 0xa00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="371337cfa3139f00000000ff78856d451224038c293def2129b762617306025dc3ab02fefdc8c81e99c9432b4d763185f3798ea45a000000807a2997604e26d27d4fbe5367b47a6abe08e052100b78407f797ddf1677b6ca78623a60e86aa735eafc950014d31476d3c19ab92ba9bf1e12da13b50d629cacccc89b1000"/134])
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0x54df1abb4fd15e78)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

[  107.015986] Bluetooth: Unexpected continuation frame (len 12)
09:20:34 executing program 1:
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_DEL_FROM_ACCEPT_LIST={{0x9}, 0x40}}}, 0x7)
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_move_chan_rsp={{0xf, 0x3, 0x4}, {0x4, 0x9}}]}}, 0x11)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x41c}}}, 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="03c800a23b9d1d50823db5e2e45988439ba596412882a4a358c2aadd49ebbc0ac108037fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"], 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_blocks={{0x48, 0xf}, {0x8, 0x2, [{0xc8, 0x8001, 0x2}, {0xc8, 0x3, 0x3f}]}}}, 0x12)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x120, 0xa00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="371337cfa3139f00000000ff78856d451224038c293def2129b762617306025dc3ab02fefdc8c81e99c9432b4d763185f3798ea45a000000807a2997604e26d27d4fbe5367b47a6abe08e052100b78407f797ddf1677b6ca78623a60e86aa735eafc950014d31476d3c19ab92ba9bf1e12da13b50d629cacccc89b1000"/134])
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0x54df1abb4fd15e78)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

[  107.073887] Bluetooth: Unexpected continuation frame (len 12)
[  107.576308] kmemleak: Automatic memory scanning thread ended
09:20:35 executing program 5:
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x20000004})
epoll_pwait(r1, &(0x7f0000001340)=[{}], 0x1, 0x0, 0x0, 0x0)
epoll_pwait2(r1, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0)

09:20:35 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)

09:20:35 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
dup2(0xffffffffffffffff, r0)
perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000040))

09:20:35 executing program 7:
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x20000004})
epoll_pwait(r1, &(0x7f0000001340)=[{}], 0x1, 0x0, 0x0, 0x0)
epoll_pwait2(r1, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0)

09:20:35 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)

09:20:35 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
dup2(0xffffffffffffffff, r0)
perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000040))

09:20:35 executing program 3:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
connect$bt_l2cap(r0, &(0x7f0000001b00)={0x1f, 0x0, @fixed}, 0xe)

09:20:35 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
dup2(0xffffffffffffffff, r0)
perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000040))

09:20:35 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
dup2(0xffffffffffffffff, r0)
perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000040))

09:20:35 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
dup2(0xffffffffffffffff, r0)
perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000040))

09:20:35 executing program 5:
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x20000004})
epoll_pwait(r1, &(0x7f0000001340)=[{}], 0x1, 0x0, 0x0, 0x0)
epoll_pwait2(r1, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0)

09:20:35 executing program 7:
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x20000004})
epoll_pwait(r1, &(0x7f0000001340)=[{}], 0x1, 0x0, 0x0, 0x0)
epoll_pwait2(r1, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0)

09:20:35 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
dup2(0xffffffffffffffff, r0)
perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000040))

09:20:35 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
dup2(0xffffffffffffffff, r0)
perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000040))

09:20:35 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
dup2(0xffffffffffffffff, r0)
perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000040))

[  107.862291] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[  107.863217] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  107.863915] CPU: 1 UID: 0 PID: 4135 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  107.864892] Tainted: [W]=WARN
[  107.865154] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  107.866419] RIP: 0010:perf_tp_event+0x175/0xe70
[  107.867519] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  107.871772] RSP: 0018:ffff8880462d7780 EFLAGS: 00010012
[  107.872988] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  107.874574] RDX: ffff88801959d280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  107.875151] RBP: ffff8880462d79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16c48
[  107.875730] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  107.876304] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  107.876890] FS:  0000555563cae400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  107.877544] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  107.878020] CR2: 0000001b2cf24000 CR3: 000000000e00f000 CR4: 0000000000350ef0
[  107.878596] Call Trace:
[  107.878810]  <TASK>
[  107.879001]  ? __ext4_journal_stop+0xe2/0x1f0
[  107.879383]  ? ext4_dirty_inode+0xf1/0x130
[  107.879736]  ? __mark_inode_dirty+0x1b7/0xd00
[  107.880115]  ? do_user_addr_fault+0x4fa/0xeb0
[  107.880494]  ? __pfx_perf_tp_event+0x10/0x10
[  107.880871]  ? __pfx_perf_trace_lock+0x10/0x10
[  107.881259]  ? jbd2_journal_dirty_metadata+0x1bf/0xdb0
[  107.881704]  ? perf_trace_lock+0xb5/0x5d0
[  107.882054]  ? find_held_lock+0x2b/0x80
[  107.882389]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  107.882877]  ? perf_trace_lock+0xb5/0x5d0
[  107.883218]  ? perf_trace_lock+0xb5/0x5d0
[  107.883568]  ? __pfx_perf_trace_lock+0x10/0x10
[  107.883953]  ? perf_trace_run_bpf_submit+0xef/0x180
[  107.884361]  ? __lock_acquire+0xc65/0x1b70
[  107.884720]  perf_trace_run_bpf_submit+0xef/0x180
[  107.885127]  perf_trace_preemptirq_template+0x259/0x430
[  107.885570]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  107.886055]  ? perf_trace_lock+0xb5/0x5d0
[  107.886402]  ? _raw_spin_lock_irqsave+0x53/0x60
[  107.886793]  trace_irq_disable.constprop.0+0xa6/0x100
[  107.887220]  _raw_spin_lock_irqsave+0x53/0x60
[  107.887594]  try_to_wake_up+0xa0/0x11d0
[  107.887934]  ? __pfx_try_to_wake_up+0x10/0x10
[  107.888316]  ? plist_del+0x122/0x270
[  107.888630]  ? find_held_lock+0x2b/0x80
[  107.888975]  ? futex_wake+0x474/0x540
[  107.889300]  wake_up_q+0xa1/0x130
[  107.889599]  futex_wake+0x47e/0x540
[  107.889906]  ? __pfx_futex_wake+0x10/0x10
[  107.890249]  ? __handle_mm_fault+0x753/0x3260
[  107.890631]  ? perf_trace_lock+0xb5/0x5d0
[  107.890979]  do_futex+0x26d/0x370
[  107.891275]  ? __pfx_do_futex+0x10/0x10
[  107.891607]  ? find_held_lock+0x2b/0x80
[  107.891943]  __x64_sys_futex+0x1c9/0x4d0
[  107.892280]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  107.892769]  ? __pfx___x64_sys_futex+0x10/0x10
[  107.893157]  do_syscall_64+0xbf/0x360
[  107.893486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.893911] RIP: 0033:0x7fd748836b19
[  107.894221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  107.895678] RSP: 002b:00007ffe93185c28 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  107.896298] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd748836b19
[  107.896883] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd748949f68
[  107.897459] RBP: 00007fd748949f60 R08: 00007fd7489460b0 R09: 0000000000000000
[  107.898035] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd74894e290
[  107.898611] R13: 00007ffe93185d30 R14: 00007fd748949f60 R15: 000000000001a4ba
[  107.899192]  </TASK>
[  107.899395] Modules linked in:
[  107.899670] ---[ end trace 0000000000000000 ]---
[  107.900052] RIP: 0010:perf_tp_event+0x175/0xe70
[  107.900441] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  107.901904] RSP: 0018:ffff8880462d7780 EFLAGS: 00010012
[  107.902343] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  107.902930] RDX: ffff88801959d280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  107.903512] RBP: ffff8880462d79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16c48
[  107.904085] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  107.904672] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  107.905251] FS:  0000555563cae400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  107.905901] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  107.906378] CR2: 0000001b2cf24000 CR3: 000000000e00f000 CR4: 0000000000350ef0
[  107.906962] note: syz-executor.5[4135] exited with irqs disabled
[  107.907510] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[  107.908422] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  107.909137] CPU: 1 UID: 0 PID: 4135 Comm: syz-executor.5 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  107.910109] Tainted: [D]=DIE, [W]=WARN
[  107.910422] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  107.911079] RIP: 0010:perf_tp_event+0x175/0xe70
[  107.911473] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  107.912953] RSP: 0018:ffff88806cf08ac0 EFLAGS: 00010012
[  107.913387] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  107.913959] RDX: ffff88801959d280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  107.914544] RBP: ffff88806cf08d30 R08: ffff88806cf313e8 R09: ffffe8ffffd16c48
[  107.915122] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  107.915697] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000
[  107.916277] FS:  0000555563cae400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  107.916939] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  107.917408] CR2: 0000001b2cf24000 CR3: 000000000e00f000 CR4: 0000000000350ef0
[  107.917984] Call Trace:
[  107.918198]  <IRQ>
[  107.918387]  ? perf_trace_lock+0xb5/0x5d0
[  107.918730]  ? __pfx_perf_tp_event+0x10/0x10
[  107.919104]  ? timerqueue_add+0x1c2/0x330
[  107.919457]  ? kvm_sched_clock_read+0x16/0x30
[  107.919836]  ? sched_clock+0x37/0x60
[  107.920154]  ? perf_trace_lock+0xb5/0x5d0
[  107.920494]  ? perf_trace_lock+0xb5/0x5d0
[  107.920847]  ? trace_pelt_se_tp+0xdf/0x130
[  107.921194]  ? __pfx_perf_trace_lock+0x10/0x10
[  107.921583]  ? __pfx_perf_trace_lock+0x10/0x10
[  107.921961]  ? place_entity+0x300/0x410
[  107.922290]  ? perf_event_task_tick+0x18b/0x360
[  107.922686]  ? lock_release+0x1c7/0x290
[  107.923021]  ? perf_trace_run_bpf_submit+0xef/0x180
[  107.923435]  ? sched_balance_trigger+0x1ac/0xcb0
[  107.923833]  perf_trace_run_bpf_submit+0xef/0x180
[  107.924235]  perf_trace_preemptirq_template+0x259/0x430
[  107.924676]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  107.925176]  ? perf_trace_lock+0xb5/0x5d0
[  107.925517]  ? clockevents_program_event+0x14f/0x360
[  107.925947]  ? irqentry_enter+0x2a/0x60
[  107.926276]  trace_irq_disable.constprop.0+0xa6/0x100
[  107.926701]  irqentry_enter+0x2a/0x60
[  107.927028]  sysvec_call_function_single+0x18/0xc0
[  107.927435]  asm_sysvec_call_function_single+0x1a/0x20
[  107.927858] RIP: 0010:handle_softirqs+0x174/0x770
[  107.928264] Code: c8 83 83 3c 0a 00 00 01 c7 44 24 20 0a 00 00 00 48 89 44 24 18 65 66 c7 05 0f 84 48 06 00 00 e8 42 80 40 00 fb bb ff ff ff ff <48> c7 c5 c0 c0 a0 85 41 0f bc de 83 c3 01 0f 85 9b 00 00 00 e9 8d
[  107.929742] RSP: 0018:ffff88806cf08f78 EFLAGS: 00000246
[  107.930178] RAX: 0000000000000001 RBX: 00000000ffffffff RCX: ffffffff817c2b86
[  107.930753] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813bac2e
[  107.931323] RBP: ffff8880462d7e78 R08: 0000000000000000 R09: 0000000000000000
[  107.931899] R10: ffffffff8643ac57 R11: ffff888016e2b498 R12: 0000000000000000
[  107.932472] R13: 0000000000000000 R14: 0000000000000082 R15: 0000000000000000
[  107.933060]  ? trace_irq_enable.constprop.0+0x26/0x100
[  107.933491]  ? handle_softirqs+0x16e/0x770
[  107.933844]  ? handle_softirqs+0x16e/0x770
[  107.934202]  __irq_exit_rcu+0xc4/0x100
[  107.934536]  irq_exit_rcu+0x9/0x20
[  107.934829]  sysvec_apic_timer_interrupt+0x70/0x80
[  107.935233]  </IRQ>
[  107.935430]  <TASK>
[  107.935621]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  107.936054] RIP: 0010:make_task_dead+0xa2/0x3b0
[  107.936443] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 <e8> b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[  107.937922] RSP: 0018:ffff8880462d7f28 EFLAGS: 00000246
[  107.938354] RAX: 0000000000000001 RBX: ffff88801959d280 RCX: ffffffff817c2b86
[  107.938937] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[  107.939515] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[  107.940091] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff88801959d280
[  107.940680] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[  107.941267]  ? trace_irq_enable.constprop.0+0x26/0x100
[  107.941694]  ? make_task_dead+0x214/0x3b0
[  107.942038]  ? make_task_dead+0x214/0x3b0
[  107.942385]  ? do_syscall_64+0xbf/0x360
[  107.942717]  rewind_stack_and_make_dead+0x16/0x20
[  107.943133] RIP: 0033:0x7fd748836b19
[  107.943440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  107.944911] RSP: 002b:00007ffe93185c28 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  107.945530] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd748836b19
[  107.946105] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd748949f68
[  107.946702] RBP: 00007fd748949f60 R08: 00007fd7489460b0 R09: 0000000000000000
[  107.947273] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd74894e290
[  107.947849] R13: 00007ffe93185d30 R14: 00007fd748949f60 R15: 000000000001a4ba
[  107.948429]  </TASK>
[  107.948625] Modules linked in:
[  107.948902] ---[ end trace 0000000000000000 ]---
[  107.949286] RIP: 0010:perf_tp_event+0x175/0xe70
[  107.949672] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  107.951145] RSP: 0018:ffff8880462d7780 EFLAGS: 00010012
[  107.951584] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  107.952163] RDX: ffff88801959d280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  107.952743] RBP: ffff8880462d79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16c48
[  107.953333] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  107.953911] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  107.954494] FS:  0000555563cae400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  107.955145] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  107.955621] CR2: 0000001b2cf24000 CR3: 000000000e00f000 CR4: 0000000000350ef0
[  107.956197] Kernel panic - not syncing: Fatal exception in interrupt
[  107.956899] Kernel Offset: disabled
[  107.957203] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
09:20:35  Registers:
info registers vcpu 0
RAX=c9e2b0c5ce2e1700 RBX=ffff888009c2f580 RCX=1ffff11008c59f41 RDX=ffff88801959b700
RSI=ffffffff819bd872 RDI=ffff88801959b718 RBP=0000000040000001 RSP=ffff8880462cf9e8
R8 =0000000000000000 R9 =ffffed1001385eb0 R10=0000000040000001 R11=0000000000000000
R12=ffff888009c2f500 R13=0000000040000001 R14=0000000000000001 R15=ffff88801959b700
RIP=ffffffff819bd88e RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe6300000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2cb25000 CR3=0000000038a8f000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880462d70f0
R8 =0000000000000000 R9 =ffffed1001800046 R10=0000000000000020 R11=3030303030302052
R12=0000000000000020 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555563cae400 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe4f00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2cf24000 CR3=000000000e00f000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000ff0000000000000000000000 XMM01=00000000010000000000000000000000
XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007fd74891d7c800007fd74891d7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000