Warning: Permanently added '[localhost]:53591' (ECDSA) to the list of known hosts.
2025/08/29 09:06:48 fuzzer started
2025/08/29 09:06:48 dialing manager at localhost:43077
syzkaller login: [   51.252107] cgroup: Unknown subsys name 'net'
[   51.331492] cgroup: Unknown subsys name 'cpuset'
[   51.365103] cgroup: Unknown subsys name 'rlimit'
2025/08/29 09:06:59 syscalls: 2214
2025/08/29 09:06:59 code coverage: enabled
2025/08/29 09:06:59 comparison tracing: enabled
2025/08/29 09:06:59 extra coverage: enabled
2025/08/29 09:06:59 setuid sandbox: enabled
2025/08/29 09:06:59 namespace sandbox: enabled
2025/08/29 09:06:59 Android sandbox: enabled
2025/08/29 09:06:59 fault injection: enabled
2025/08/29 09:06:59 leak checking: enabled
2025/08/29 09:06:59 net packet injection: enabled
2025/08/29 09:06:59 net device setup: enabled
2025/08/29 09:06:59 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 09:06:59 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 09:06:59 USB emulation: enabled
2025/08/29 09:06:59 hci packet injection: enabled
2025/08/29 09:06:59 wifi device emulation: enabled
2025/08/29 09:06:59 802.15.4 emulation: enabled
2025/08/29 09:06:59 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 09:06:59 fetching corpus: 50, signal 24524/27808 (executing program)
2025/08/29 09:06:59 fetching corpus: 100, signal 34898/39336 (executing program)
2025/08/29 09:06:59 fetching corpus: 150, signal 41343/46868 (executing program)
2025/08/29 09:07:00 fetching corpus: 200, signal 48055/54415 (executing program)
2025/08/29 09:07:00 fetching corpus: 250, signal 54180/61260 (executing program)
2025/08/29 09:07:00 fetching corpus: 300, signal 57603/65516 (executing program)
2025/08/29 09:07:00 fetching corpus: 350, signal 62867/71301 (executing program)
2025/08/29 09:07:00 fetching corpus: 400, signal 68396/77142 (executing program)
2025/08/29 09:07:00 fetching corpus: 450, signal 71903/81112 (executing program)
2025/08/29 09:07:00 fetching corpus: 500, signal 74399/84138 (executing program)
2025/08/29 09:07:00 fetching corpus: 550, signal 76939/87085 (executing program)
2025/08/29 09:07:00 fetching corpus: 600, signal 80567/90851 (executing program)
2025/08/29 09:07:00 fetching corpus: 650, signal 82789/93370 (executing program)
2025/08/29 09:07:01 fetching corpus: 700, signal 85255/96036 (executing program)
2025/08/29 09:07:01 fetching corpus: 750, signal 87286/98286 (executing program)
2025/08/29 09:07:01 fetching corpus: 800, signal 89280/100416 (executing program)
2025/08/29 09:07:01 fetching corpus: 850, signal 90594/101993 (executing program)
2025/08/29 09:07:01 fetching corpus: 900, signal 93240/104609 (executing program)
2025/08/29 09:07:01 fetching corpus: 950, signal 95864/107068 (executing program)
2025/08/29 09:07:01 fetching corpus: 1000, signal 98336/109402 (executing program)
2025/08/29 09:07:01 fetching corpus: 1050, signal 99505/110734 (executing program)
2025/08/29 09:07:02 fetching corpus: 1100, signal 100928/112150 (executing program)
2025/08/29 09:07:02 fetching corpus: 1150, signal 102420/113600 (executing program)
2025/08/29 09:07:02 fetching corpus: 1200, signal 103996/115051 (executing program)
2025/08/29 09:07:02 fetching corpus: 1250, signal 106001/116737 (executing program)
2025/08/29 09:07:02 fetching corpus: 1300, signal 107618/118054 (executing program)
2025/08/29 09:07:02 fetching corpus: 1350, signal 108872/119242 (executing program)
2025/08/29 09:07:02 fetching corpus: 1400, signal 110144/120338 (executing program)
2025/08/29 09:07:02 fetching corpus: 1450, signal 111607/121470 (executing program)
2025/08/29 09:07:03 fetching corpus: 1500, signal 112907/122516 (executing program)
2025/08/29 09:07:03 fetching corpus: 1550, signal 114131/123563 (executing program)
2025/08/29 09:07:03 fetching corpus: 1600, signal 115296/124448 (executing program)
2025/08/29 09:07:03 fetching corpus: 1650, signal 116174/125110 (executing program)
2025/08/29 09:07:03 fetching corpus: 1700, signal 116827/125695 (executing program)
2025/08/29 09:07:03 fetching corpus: 1750, signal 117611/126325 (executing program)
2025/08/29 09:07:03 fetching corpus: 1800, signal 119659/127591 (executing program)
2025/08/29 09:07:03 fetching corpus: 1850, signal 120551/128296 (executing program)
2025/08/29 09:07:03 fetching corpus: 1900, signal 121659/128957 (executing program)
2025/08/29 09:07:04 fetching corpus: 1950, signal 122570/129545 (executing program)
2025/08/29 09:07:04 fetching corpus: 2000, signal 123585/130119 (executing program)
2025/08/29 09:07:04 fetching corpus: 2050, signal 124666/130716 (executing program)
2025/08/29 09:07:04 fetching corpus: 2100, signal 125482/131153 (executing program)
2025/08/29 09:07:04 fetching corpus: 2150, signal 126056/131456 (executing program)
2025/08/29 09:07:04 fetching corpus: 2200, signal 127115/132027 (executing program)
2025/08/29 09:07:04 fetching corpus: 2250, signal 128082/132408 (executing program)
2025/08/29 09:07:04 fetching corpus: 2300, signal 128929/132761 (executing program)
2025/08/29 09:07:05 fetching corpus: 2350, signal 129521/133000 (executing program)
2025/08/29 09:07:05 fetching corpus: 2400, signal 130172/133254 (executing program)
2025/08/29 09:07:05 fetching corpus: 2450, signal 130819/133466 (executing program)
2025/08/29 09:07:05 fetching corpus: 2500, signal 131629/133734 (executing program)
2025/08/29 09:07:05 fetching corpus: 2529, signal 132027/133847 (executing program)
2025/08/29 09:07:05 fetching corpus: 2529, signal 132027/133891 (executing program)
2025/08/29 09:07:05 fetching corpus: 2529, signal 132027/133928 (executing program)
2025/08/29 09:07:05 fetching corpus: 2529, signal 132027/133978 (executing program)
2025/08/29 09:07:05 fetching corpus: 2529, signal 132027/134008 (executing program)
2025/08/29 09:07:05 fetching corpus: 2529, signal 132027/134042 (executing program)
2025/08/29 09:07:05 fetching corpus: 2529, signal 132027/134081 (executing program)
2025/08/29 09:07:05 fetching corpus: 2529, signal 132027/134118 (executing program)
2025/08/29 09:07:05 fetching corpus: 2529, signal 132027/134158 (executing program)
2025/08/29 09:07:05 fetching corpus: 2529, signal 132027/134192 (executing program)
2025/08/29 09:07:05 fetching corpus: 2529, signal 132027/134238 (executing program)
2025/08/29 09:07:05 fetching corpus: 2529, signal 132027/134262 (executing program)
2025/08/29 09:07:05 fetching corpus: 2529, signal 132027/134300 (executing program)
2025/08/29 09:07:05 fetching corpus: 2529, signal 132027/134320 (executing program)
2025/08/29 09:07:05 fetching corpus: 2529, signal 132027/134320 (executing program)
2025/08/29 09:07:07 starting 8 fuzzer processes
09:07:07 executing program 0:
mq_notify(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, @thr={0x0, 0x0}})

09:07:07 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, 0x0)

09:07:07 executing program 6:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
r2 = getpgid(0x0)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000000)={r3})

09:07:07 executing program 7:
openat2(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x100}, 0x18)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_SETVESABLANK(r0, 0x541c, &(0x7f0000000040)=0x2)

09:07:07 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x29, 0x1f, &(0x7f0000000100), 0x4)

09:07:07 executing program 3:
clone3(&(0x7f0000000300)={0x0, &(0x7f0000000000), &(0x7f0000000200), &(0x7f0000000080), {}, &(0x7f00000000c0)=""/112, 0xffffffffffffffbb, &(0x7f0000000140)=""/174, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6}, 0x58)

[   69.717686] audit: type=1400 audit(1756458427.611:7): avc:  denied  { execmem } for  pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
09:07:07 executing program 4:
getresgid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0))

09:07:07 executing program 5:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010", 0x4c, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[])
unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0)

[   70.854641] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   70.857859] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   70.859884] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   70.865493] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   70.868859] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   71.044961] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   71.047911] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   71.049759] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   71.053746] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   71.056584] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   71.118215] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   71.120080] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   71.122147] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   71.126828] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   71.128445] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   71.133277] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   71.135690] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   71.137829] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   71.139099] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   71.152452] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   71.153887] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   71.163824] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   71.167262] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   71.173402] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   71.174121] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   71.178748] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   71.184124] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   71.187934] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   71.189866] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   71.198656] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   71.210102] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   71.211306] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   71.215902] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   71.222071] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   71.223351] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   71.235814] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   71.237012] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   71.240355] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   71.252146] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   71.258377] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   72.887929] Bluetooth: hci0: command tx timeout
[   73.079628] Bluetooth: hci1: command tx timeout
[   73.208579] Bluetooth: hci4: command tx timeout
[   73.273546] Bluetooth: hci7: command tx timeout
[   73.273587] Bluetooth: hci3: command tx timeout
[   73.274196] Bluetooth: hci6: command tx timeout
[   73.337539] Bluetooth: hci5: command tx timeout
[   73.338136] Bluetooth: hci2: command tx timeout
[   74.935955] Bluetooth: hci0: command tx timeout
[   75.127716] Bluetooth: hci1: command tx timeout
[   75.255765] Bluetooth: hci4: command tx timeout
[   75.319714] Bluetooth: hci6: command tx timeout
[   75.320147] Bluetooth: hci3: command tx timeout
[   75.321563] Bluetooth: hci7: command tx timeout
[   75.383637] Bluetooth: hci2: command tx timeout
[   75.384096] Bluetooth: hci5: command tx timeout
[   76.983580] Bluetooth: hci0: command tx timeout
[   77.176639] Bluetooth: hci1: command tx timeout
[   77.303554] Bluetooth: hci4: command tx timeout
[   77.367581] Bluetooth: hci7: command tx timeout
[   77.368633] Bluetooth: hci6: command tx timeout
[   77.368793] Bluetooth: hci3: command tx timeout
[   77.431639] Bluetooth: hci5: command tx timeout
[   77.432070] Bluetooth: hci2: command tx timeout
[   79.031620] Bluetooth: hci0: command tx timeout
[   79.223581] Bluetooth: hci1: command tx timeout
[   79.351748] Bluetooth: hci4: command tx timeout
[   79.416700] Bluetooth: hci6: command tx timeout
[   79.417131] Bluetooth: hci3: command tx timeout
[   79.418583] Bluetooth: hci7: command tx timeout
[   79.479561] Bluetooth: hci2: command tx timeout
[   79.479604] Bluetooth: hci5: command tx timeout
[  106.953433] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.954537] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.129777] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.130398] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.282147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.283452] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.533845] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.534941] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.646723] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.647353] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:07:45 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, 0x0)

09:07:45 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, 0x0)

09:07:45 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, 0x0)

[  107.873552] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.874181] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:07:45 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$get_security(0x11, r0, &(0x7f0000000040), 0x0)

[  107.942694] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.943299] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:07:45 executing program 4:
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="045084200ca69b1b09"], 0x9)
syz_emit_vhci(&(0x7f0000000ac0)=ANY=[@ANYBLOB="02c9a036013201010003000800fb020500cbfd3f000d1f0800ac8504003f00090010ff040003000004111f020005000b40a2000800ec0c32226549a2f915f4838a6dbbd35296187369d7fca7001fb0782b552225c87836e3189475ff90fb40d0cd4e0e9cf0fac7a7909f60a47492021783eba6084ac1f7cb8370c6266732adc7e04678a0ae51dc8131e3dea69f41ccd97574a4f21abf304140e8c77412f9f17044966389d8e1a6739ed8dd418590c8908f163213c3770bb099d944d92d557322a93e55fee4ce0dffdf09f64b4e78d4da8c35b1af1210080400010080000c01050000200700000cab0500000107000505e64800fcff050004000610060109000200000009000000010000000102020006103f00010401000100f30100000200000001020200061022001adb0200000006000000d301000001020000c3a64dbb9ec4c01965271a83417d15bfc9b052fd6d5f82dfab5772575f90bc5b51967a798b82e3ee2cd7f9a83b9543388d7c4d4f53d6187ed01c5b4f47222de7372c73aaa4027ccb00e6e57da3f1b8b91677c563ece473acca"], 0x13b)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040f06000000043ac4debc30e49132f03f69f05ead03007af7d6bdedbbb6a7e80406b69b4e386f5e43bdaf3fe440b9ce9b7c909181e07903b80a0dfc69cc27ed84e71757c4e1c736c0b5dfb02e254c56840b0d4e95dde1e08ff844bc42d62e1086222b5f1ecd155e0b7fe7ef4a7158d452d92fcde3ba282e82b42def15ef7c1af96806f837f8068e08dccbd8edbd4aa3efa300"/157], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x408000, 0x0)
syz_emit_vhci(&(0x7f0000000440)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa2}, "3b9d1d50823db5e2e49ba1f7c2a596412882a4a358c2aadd49ebbc0ac1086a7fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"}, 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000740)=ANY=[@ANYBLOB="fd7ea2ae431801ca0fe5d5c51f9d4dfcb43d73de5b3dac2d50f528007eb52b8ecdef2d4fa6910711f969346060f1a2750350be4a656348f24f00f5b33119828ef18a5ed3d65488539f7db93908d9b0a695193951648af11df5f28807f2a4224beee75beb63bd391060f79d40d284cd75d9581334fb07"], 0xa)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x1a1, 0x1a00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b02008000"], 0xf)
syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x8c}, "b85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd67517df18abe884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3"}, 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

09:07:45 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$get_security(0x11, r0, &(0x7f0000000040), 0x0)

[  108.031891] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.032490] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:07:45 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$get_security(0x11, r0, &(0x7f0000000040), 0x0)

[  108.082124] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.082781] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:07:46 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$get_security(0x11, r0, &(0x7f0000000040), 0x0)

[  108.199784] audit: type=1400 audit(1756458466.092:8): avc:  denied  { open } for  pid=3890 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  108.210783] audit: type=1400 audit(1756458466.093:9): avc:  denied  { kernel } for  pid=3890 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  108.235000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.235607] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.269218] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.269916] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.299841] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.300443] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.320810] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.321399] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.371792] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.372438] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.398088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.398813] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.441572] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.442203] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.569282] loop5: detected capacity change from 0 to 6
[  108.598742] FAT-fs (loop5): Directory bread(block 6) failed
[  108.599264] FAT-fs (loop5): Directory bread(block 7) failed
[  108.600159] FAT-fs (loop5): Directory bread(block 8) failed
[  108.600680] FAT-fs (loop5): Directory bread(block 9) failed
[  108.608615] FAT-fs (loop5): error, corrupted directory (invalid entries)
[  108.609244] FAT-fs (loop5): Filesystem has been set read-only
09:07:46 executing program 0:
mq_notify(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, @thr={0x0, 0x0}})

09:07:46 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x29, 0x1f, &(0x7f0000000100), 0x4)

09:07:46 executing program 5:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010", 0x4c, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[])
unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0)

09:07:46 executing program 3:
clone3(&(0x7f0000000300)={0x0, &(0x7f0000000000), &(0x7f0000000200), &(0x7f0000000080), {}, &(0x7f00000000c0)=""/112, 0xffffffffffffffbb, &(0x7f0000000140)=""/174, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6}, 0x58)

09:07:46 executing program 7:
openat2(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x100}, 0x18)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_SETVESABLANK(r0, 0x541c, &(0x7f0000000040)=0x2)

09:07:46 executing program 4:
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="045084200ca69b1b09"], 0x9)
syz_emit_vhci(&(0x7f0000000ac0)=ANY=[@ANYBLOB="02c9a036013201010003000800fb020500cbfd3f000d1f0800ac8504003f00090010ff040003000004111f020005000b40a2000800ec0c32226549a2f915f4838a6dbbd35296187369d7fca7001fb0782b552225c87836e3189475ff90fb40d0cd4e0e9cf0fac7a7909f60a47492021783eba6084ac1f7cb8370c6266732adc7e04678a0ae51dc8131e3dea69f41ccd97574a4f21abf304140e8c77412f9f17044966389d8e1a6739ed8dd418590c8908f163213c3770bb099d944d92d557322a93e55fee4ce0dffdf09f64b4e78d4da8c35b1af1210080400010080000c01050000200700000cab0500000107000505e64800fcff050004000610060109000200000009000000010000000102020006103f00010401000100f30100000200000001020200061022001adb0200000006000000d301000001020000c3a64dbb9ec4c01965271a83417d15bfc9b052fd6d5f82dfab5772575f90bc5b51967a798b82e3ee2cd7f9a83b9543388d7c4d4f53d6187ed01c5b4f47222de7372c73aaa4027ccb00e6e57da3f1b8b91677c563ece473acca"], 0x13b)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040f06000000043ac4debc30e49132f03f69f05ead03007af7d6bdedbbb6a7e80406b69b4e386f5e43bdaf3fe440b9ce9b7c909181e07903b80a0dfc69cc27ed84e71757c4e1c736c0b5dfb02e254c56840b0d4e95dde1e08ff844bc42d62e1086222b5f1ecd155e0b7fe7ef4a7158d452d92fcde3ba282e82b42def15ef7c1af96806f837f8068e08dccbd8edbd4aa3efa300"/157], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x408000, 0x0)
syz_emit_vhci(&(0x7f0000000440)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa2}, "3b9d1d50823db5e2e49ba1f7c2a596412882a4a358c2aadd49ebbc0ac1086a7fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"}, 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000740)=ANY=[@ANYBLOB="fd7ea2ae431801ca0fe5d5c51f9d4dfcb43d73de5b3dac2d50f528007eb52b8ecdef2d4fa6910711f969346060f1a2750350be4a656348f24f00f5b33119828ef18a5ed3d65488539f7db93908d9b0a695193951648af11df5f28807f2a4224beee75beb63bd391060f79d40d284cd75d9581334fb07"], 0xa)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x1a1, 0x1a00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b02008000"], 0xf)
syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x8c}, "b85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd67517df18abe884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3"}, 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

09:07:46 executing program 1:
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="045084200ca69b1b09"], 0x9)
syz_emit_vhci(&(0x7f0000000ac0)=ANY=[@ANYBLOB="02c9a036013201010003000800fb020500cbfd3f000d1f0800ac8504003f00090010ff040003000004111f020005000b40a2000800ec0c32226549a2f915f4838a6dbbd35296187369d7fca7001fb0782b552225c87836e3189475ff90fb40d0cd4e0e9cf0fac7a7909f60a47492021783eba6084ac1f7cb8370c6266732adc7e04678a0ae51dc8131e3dea69f41ccd97574a4f21abf304140e8c77412f9f17044966389d8e1a6739ed8dd418590c8908f163213c3770bb099d944d92d557322a93e55fee4ce0dffdf09f64b4e78d4da8c35b1af1210080400010080000c01050000200700000cab0500000107000505e64800fcff050004000610060109000200000009000000010000000102020006103f00010401000100f30100000200000001020200061022001adb0200000006000000d301000001020000c3a64dbb9ec4c01965271a83417d15bfc9b052fd6d5f82dfab5772575f90bc5b51967a798b82e3ee2cd7f9a83b9543388d7c4d4f53d6187ed01c5b4f47222de7372c73aaa4027ccb00e6e57da3f1b8b91677c563ece473acca"], 0x13b)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040f06000000043ac4debc30e49132f03f69f05ead03007af7d6bdedbbb6a7e80406b69b4e386f5e43bdaf3fe440b9ce9b7c909181e07903b80a0dfc69cc27ed84e71757c4e1c736c0b5dfb02e254c56840b0d4e95dde1e08ff844bc42d62e1086222b5f1ecd155e0b7fe7ef4a7158d452d92fcde3ba282e82b42def15ef7c1af96806f837f8068e08dccbd8edbd4aa3efa300"/157], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x408000, 0x0)
syz_emit_vhci(&(0x7f0000000440)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa2}, "3b9d1d50823db5e2e49ba1f7c2a596412882a4a358c2aadd49ebbc0ac1086a7fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"}, 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000740)=ANY=[@ANYBLOB="fd7ea2ae431801ca0fe5d5c51f9d4dfcb43d73de5b3dac2d50f528007eb52b8ecdef2d4fa6910711f969346060f1a2750350be4a656348f24f00f5b33119828ef18a5ed3d65488539f7db93908d9b0a695193951648af11df5f28807f2a4224beee75beb63bd391060f79d40d284cd75d9581334fb07"], 0xa)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x1a1, 0x1a00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b02008000"], 0xf)
syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x8c}, "b85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd67517df18abe884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3"}, 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

09:07:46 executing program 6:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
r2 = getpgid(0x0)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000000)={r3})

[  108.746979] loop5: detected capacity change from 0 to 6
[  108.777602] FAT-fs (loop5): Directory bread(block 6) failed
[  108.778102] FAT-fs (loop5): Directory bread(block 7) failed
[  108.782796] FAT-fs (loop5): Directory bread(block 8) failed
[  108.796640] FAT-fs (loop5): Directory bread(block 9) failed
[  108.800032] FAT-fs (loop5): error, corrupted directory (invalid entries)
[  108.800644] FAT-fs (loop5): Filesystem has been set read-only
09:07:46 executing program 0:
mq_notify(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, @thr={0x0, 0x0}})

09:07:46 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x29, 0x1f, &(0x7f0000000100), 0x4)

09:07:46 executing program 6:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
r2 = getpgid(0x0)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000000)={r3})

09:07:46 executing program 7:
openat2(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x100}, 0x18)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_SETVESABLANK(r0, 0x541c, &(0x7f0000000040)=0x2)

09:07:46 executing program 3:
clone3(&(0x7f0000000300)={0x0, &(0x7f0000000000), &(0x7f0000000200), &(0x7f0000000080), {}, &(0x7f00000000c0)=""/112, 0xffffffffffffffbb, &(0x7f0000000140)=""/174, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6}, 0x58)

09:07:46 executing program 1:
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="045084200ca69b1b09"], 0x9)
syz_emit_vhci(&(0x7f0000000ac0)=ANY=[@ANYBLOB="02c9a036013201010003000800fb020500cbfd3f000d1f0800ac8504003f00090010ff040003000004111f020005000b40a2000800ec0c32226549a2f915f4838a6dbbd35296187369d7fca7001fb0782b552225c87836e3189475ff90fb40d0cd4e0e9cf0fac7a7909f60a47492021783eba6084ac1f7cb8370c6266732adc7e04678a0ae51dc8131e3dea69f41ccd97574a4f21abf304140e8c77412f9f17044966389d8e1a6739ed8dd418590c8908f163213c3770bb099d944d92d557322a93e55fee4ce0dffdf09f64b4e78d4da8c35b1af1210080400010080000c01050000200700000cab0500000107000505e64800fcff050004000610060109000200000009000000010000000102020006103f00010401000100f30100000200000001020200061022001adb0200000006000000d301000001020000c3a64dbb9ec4c01965271a83417d15bfc9b052fd6d5f82dfab5772575f90bc5b51967a798b82e3ee2cd7f9a83b9543388d7c4d4f53d6187ed01c5b4f47222de7372c73aaa4027ccb00e6e57da3f1b8b91677c563ece473acca"], 0x13b)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040f06000000043ac4debc30e49132f03f69f05ead03007af7d6bdedbbb6a7e80406b69b4e386f5e43bdaf3fe440b9ce9b7c909181e07903b80a0dfc69cc27ed84e71757c4e1c736c0b5dfb02e254c56840b0d4e95dde1e08ff844bc42d62e1086222b5f1ecd155e0b7fe7ef4a7158d452d92fcde3ba282e82b42def15ef7c1af96806f837f8068e08dccbd8edbd4aa3efa300"/157], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x408000, 0x0)
syz_emit_vhci(&(0x7f0000000440)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa2}, "3b9d1d50823db5e2e49ba1f7c2a596412882a4a358c2aadd49ebbc0ac1086a7fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"}, 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000740)=ANY=[@ANYBLOB="fd7ea2ae431801ca0fe5d5c51f9d4dfcb43d73de5b3dac2d50f528007eb52b8ecdef2d4fa6910711f969346060f1a2750350be4a656348f24f00f5b33119828ef18a5ed3d65488539f7db93908d9b0a695193951648af11df5f28807f2a4224beee75beb63bd391060f79d40d284cd75d9581334fb07"], 0xa)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x1a1, 0x1a00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b02008000"], 0xf)
syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x8c}, "b85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd67517df18abe884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3"}, 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

09:07:46 executing program 5:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010", 0x4c, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[])
unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0)

09:07:46 executing program 4:
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="045084200ca69b1b09"], 0x9)
syz_emit_vhci(&(0x7f0000000ac0)=ANY=[@ANYBLOB="02c9a036013201010003000800fb020500cbfd3f000d1f0800ac8504003f00090010ff040003000004111f020005000b40a2000800ec0c32226549a2f915f4838a6dbbd35296187369d7fca7001fb0782b552225c87836e3189475ff90fb40d0cd4e0e9cf0fac7a7909f60a47492021783eba6084ac1f7cb8370c6266732adc7e04678a0ae51dc8131e3dea69f41ccd97574a4f21abf304140e8c77412f9f17044966389d8e1a6739ed8dd418590c8908f163213c3770bb099d944d92d557322a93e55fee4ce0dffdf09f64b4e78d4da8c35b1af1210080400010080000c01050000200700000cab0500000107000505e64800fcff050004000610060109000200000009000000010000000102020006103f00010401000100f30100000200000001020200061022001adb0200000006000000d301000001020000c3a64dbb9ec4c01965271a83417d15bfc9b052fd6d5f82dfab5772575f90bc5b51967a798b82e3ee2cd7f9a83b9543388d7c4d4f53d6187ed01c5b4f47222de7372c73aaa4027ccb00e6e57da3f1b8b91677c563ece473acca"], 0x13b)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040f06000000043ac4debc30e49132f03f69f05ead03007af7d6bdedbbb6a7e80406b69b4e386f5e43bdaf3fe440b9ce9b7c909181e07903b80a0dfc69cc27ed84e71757c4e1c736c0b5dfb02e254c56840b0d4e95dde1e08ff844bc42d62e1086222b5f1ecd155e0b7fe7ef4a7158d452d92fcde3ba282e82b42def15ef7c1af96806f837f8068e08dccbd8edbd4aa3efa300"/157], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x408000, 0x0)
syz_emit_vhci(&(0x7f0000000440)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa2}, "3b9d1d50823db5e2e49ba1f7c2a596412882a4a358c2aadd49ebbc0ac1086a7fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"}, 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000740)=ANY=[@ANYBLOB="fd7ea2ae431801ca0fe5d5c51f9d4dfcb43d73de5b3dac2d50f528007eb52b8ecdef2d4fa6910711f969346060f1a2750350be4a656348f24f00f5b33119828ef18a5ed3d65488539f7db93908d9b0a695193951648af11df5f28807f2a4224beee75beb63bd391060f79d40d284cd75d9581334fb07"], 0xa)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x1a1, 0x1a00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b02008000"], 0xf)
syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x8c}, "b85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd67517df18abe884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3"}, 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

[  108.918106] loop5: detected capacity change from 0 to 6
[  108.927886] kmemleak: Found object by alias at 0x607f1a639320
[  108.927902] CPU: 1 UID: 0 PID: 3933 Comm: syz-executor.3 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  108.927919] Tainted: [W]=WARN
[  108.927923] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  108.927931] Call Trace:
[  108.927935]  <TASK>
[  108.927939]  dump_stack_lvl+0xca/0x120
[  108.927968]  __lookup_object+0x94/0xb0
[  108.927986]  delete_object_full+0x27/0x70
[  108.928002]  free_percpu+0x30/0x1160
[  108.928018]  ? arch_uprobe_clear_state+0x16/0x140
[  108.928038]  futex_hash_free+0x38/0xc0
[  108.928053]  mmput+0x2d3/0x390
[  108.928072]  do_exit+0x79d/0x2970
[  108.928093]  ? __pfx_do_exit+0x10/0x10
[  108.928107]  ? find_held_lock+0x2b/0x80
[  108.928125]  ? get_signal+0x835/0x2340
[  108.928145]  do_group_exit+0xd3/0x2a0
[  108.928159]  get_signal+0x2315/0x2340
[  108.928177]  ? put_task_stack+0xd2/0x240
[  108.928191]  ? __pfx_get_signal+0x10/0x10
[  108.928207]  ? __schedule+0xe91/0x3590
[  108.928227]  arch_do_signal_or_restart+0x80/0x790
[  108.928245]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  108.928261]  ? __x64_sys_futex+0x1c9/0x4d0
[  108.928273]  ? __x64_sys_futex+0x1d2/0x4d0
[  108.928286]  ? exc_page_fault+0xb0/0x180
[  108.928303]  ? __pfx___x64_sys_futex+0x10/0x10
[  108.928321]  exit_to_user_mode_loop+0x8b/0x110
[  108.928334]  do_syscall_64+0x2f7/0x360
[  108.928346]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.928358] RIP: 0033:0x7fca0bc07b19
[  108.928367] Code: Unable to access opcode bytes at 0x7fca0bc07aef.
[  108.928373] RSP: 002b:00007fca0917d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  108.928384] RAX: 0000000000000001 RBX: 00007fca0bd1af68 RCX: 00007fca0bc07b19
[  108.928391] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fca0bd1af6c
[  108.928398] RBP: 00007fca0bd1af60 R08: 0000000000000016 R09: 0000000000000000
[  108.928406] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fca0bd1af6c
[  108.928413] R13: 00007ffc1aea8e7f R14: 00007fca0917d300 R15: 0000000000022000
[  108.928429]  </TASK>
[  108.928433] kmemleak: Object (percpu) 0x607f1a63931c (size 8):
[  108.928439] kmemleak:   comm "syz-executor.1", pid 3938, jiffies 4294775786
[  108.928446] kmemleak:   min_count = 1
[  108.928450] kmemleak:   count = 0
[  108.928454] kmemleak:   flags = 0x21
[  108.928458] kmemleak:   checksum = 0
[  108.928461] kmemleak:   backtrace:
[  108.928465]  pcpu_alloc_noprof+0x87a/0x1170
[  108.928480]  alloc_vfsmnt+0x135/0x6e0
[  108.928493]  vfs_create_mount.part.0+0x40/0x440
[  108.928508]  fc_mount_longterm+0x126/0x160
[  108.928525]  mq_init_ns+0x42e/0x630
[  108.928535]  copy_ipcs+0x38d/0x630
[  108.928544]  create_new_namespaces+0x210/0xab0
[  108.928560]  copy_namespaces+0x45c/0x580
[  108.928575]  copy_process+0x2649/0x73c0
[  108.928585]  kernel_clone+0xea/0x7f0
[  108.928594]  __do_sys_clone+0xce/0x120
[  108.928604]  do_syscall_64+0xbf/0x360
[  108.928613]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
09:07:46 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x29, 0x1f, &(0x7f0000000100), 0x4)

[  108.951926] kmemleak: Cannot insert 0x607f1a639320 into the object search tree (overlaps existing)
[  108.951939] CPU: 1 UID: 0 PID: 3944 Comm: syz-executor.4 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  108.951956] Tainted: [W]=WARN
[  108.951960] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  108.951966] Call Trace:
[  108.951970]  <TASK>
[  108.951974]  dump_stack_lvl+0xca/0x120
[  108.951994]  __link_object+0x190/0x210
[  108.952010]  __create_object+0x48/0x80
[  108.952027]  pcpu_alloc_noprof+0x87a/0x1170
[  108.952050]  __percpu_init_rwsem+0x2d/0x160
[  108.952065]  ? security_sb_alloc+0x75/0x140
[  108.952082]  alloc_super+0x29e/0xb80
[  108.952098]  sget_fc+0xfe/0xb80
[  108.952109]  ? __pfx_set_anon_super_fc+0x10/0x10
[  108.952129]  ? __pfx_mqueue_fill_super+0x10/0x10
[  108.952147]  get_tree_nodev+0x28/0x190
[  108.952159]  mqueue_get_tree+0xf6/0x140
[  108.952176]  vfs_get_tree+0x93/0x340
[  108.952194]  fc_mount_longterm+0x18/0x160
[  108.952210]  mq_init_ns+0x42e/0x630
[  108.952223]  copy_ipcs+0x38d/0x630
[  108.952233]  ? copy_utsname+0xae/0x470
[  108.952248]  create_new_namespaces+0x210/0xab0
[  108.952266]  ? security_capable+0x2f/0x90
[  108.952282]  copy_namespaces+0x45c/0x580
[  108.952301]  copy_process+0x2649/0x73c0
[  108.952317]  ? __lock_acquire+0x694/0x1b70
[  108.952337]  ? __pfx_copy_process+0x10/0x10
[  108.952349]  ? __lock_acquire+0xc65/0x1b70
[  108.952370]  kernel_clone+0xea/0x7f0
[  108.952382]  ? finish_task_switch.isra.0+0x201/0x840
[  108.952402]  ? __pfx_kernel_clone+0x10/0x10
[  108.952416]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  108.952429]  ? finish_task_switch.isra.0+0x206/0x840
[  108.952450]  ? trace_sched_exit_tp+0xbf/0x100
[  108.952466]  ? __schedule+0xe91/0x3590
[  108.952483]  __do_sys_clone+0xce/0x120
[  108.952495]  ? __pfx___do_sys_clone+0x10/0x10
[  108.952507]  ? __pfx___schedule+0x10/0x10
[  108.952530]  ? syscall_user_dispatch+0x78/0x140
[  108.952548]  do_syscall_64+0xbf/0x360
[  108.952559]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.952570] RIP: 0033:0x7fb08ee3bb19
[  108.952579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  108.952591] RSP: 002b:00007fb08c3b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  108.952603] RAX: ffffffffffffffda RBX: 00007fb08ef4ef60 RCX: 00007fb08ee3bb19
[  108.952611] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 000000004c01f900
[  108.952618] RBP: 00007fb08ee95f6d R08: 0000000000000000 R09: 0000000000000000
[  108.952626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  108.952633] R13: 00007fff5d7b94cf R14: 00007fb08c3b1300 R15: 0000000000022000
[  108.952649]  </TASK>
[  108.953355] kmemleak: Kernel memory leak detector disabled
[  108.953362] kmemleak: Object (percpu) 0x607f1a63931c (size 8):
[  108.953369] kmemleak:   comm "syz-executor.1", pid 3938, jiffies 4294775786
[  108.953377] kmemleak:   min_count = 1
[  108.953381] kmemleak:   count = 0
[  108.953385] kmemleak:   flags = 0x21
[  108.953389] kmemleak:   checksum = 0
[  108.953394] kmemleak:   backtrace:
[  108.953397]  pcpu_alloc_noprof+0x87a/0x1170
[  108.953414]  alloc_vfsmnt+0x135/0x6e0
[  108.953426]  vfs_create_mount.part.0+0x40/0x440
[  108.953440]  fc_mount_longterm+0x126/0x160
[  108.953454]  mq_init_ns+0x42e/0x630
[  108.953462]  copy_ipcs+0x38d/0x630
[  108.953471]  create_new_namespaces+0x210/0xab0
[  108.953486]  copy_namespaces+0x45c/0x580
[  108.953500]  copy_process+0x2649/0x73c0
[  108.953510]  kernel_clone+0xea/0x7f0
[  108.953520]  __do_sys_clone+0xce/0x120
[  108.953529]  do_syscall_64+0xbf/0x360
[  108.953538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
09:07:46 executing program 3:
clone3(&(0x7f0000000300)={0x0, &(0x7f0000000000), &(0x7f0000000200), &(0x7f0000000080), {}, &(0x7f00000000c0)=""/112, 0xffffffffffffffbb, &(0x7f0000000140)=""/174, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6}, 0x58)

09:07:46 executing program 0:
mq_notify(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, @thr={0x0, 0x0}})

[  109.012712] FAT-fs (loop5): Directory bread(block 6) failed
[  109.013200] FAT-fs (loop5): Directory bread(block 7) failed
[  109.015205] FAT-fs (loop5): Directory bread(block 8) failed
[  109.015813] FAT-fs (loop5): Directory bread(block 9) failed
[  109.040617] ------------[ cut here ]------------
[  109.041214] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#0: kworker/0:2/63
[  109.042110] Modules linked in:
[  109.042446] CPU: 0 UID: 0 PID: 63 Comm: kworker/0:2 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  109.044532] Tainted: [W]=WARN
[  109.047249] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  109.048046] Workqueue: events free_ipc
[  109.048372] RIP: 0010:mntput_no_expire+0x78e/0xbe0
[  109.048906] Code: 05 16 42 81 04 01 e8 31 f8 91 ff e9 41 fc ff ff e8 b7 50 b4 ff 31 ff 44 89 ee e8 dd 4b b4 ff 45 85 ed 79 09 e8 a3 50 b4 ff 90 <0f> 0b 90 e8 9a 50 b4 ff e8 75 f6 fb 02 31 ff 89 c5 89 c6 e8 ba 4b
[  109.050417] RSP: 0018:ffff88800eecfb48 EFLAGS: 00010293
[  109.050944] RAX: 0000000000000000 RBX: 1ffff11001dd9f6e RCX: ffffffff81bf96d3
[  109.051649] RDX: ffff88800a659b80 RSI: ffffffff81bf96dd RDI: 0000000000000005
[  109.052209] RBP: ffff888015f9d180 R08: 0000000000000001 R09: 0000000000000000
[  109.052909] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff88800eecfbb0
[  109.053467] R13: 00000000ffffffff R14: 0000000000000001 R15: 0000000000000000
[  109.054043] FS:  0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  109.054692] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  109.055152] CR2: 0000555575e21c58 CR3: 000000003e642000 CR4: 0000000000350ef0
[  109.055729] Call Trace:
[  109.055940]  <TASK>
[  109.056126]  ? __pfx_mntput_no_expire+0x10/0x10
[  109.056525]  ? lock_is_held_type+0x9e/0x120
[  109.056894]  mntput+0x6b/0x90
[  109.057160]  free_ipc+0x179/0x2b0
[  109.057442]  process_one_work+0x8e1/0x19c0
[  109.057807]  ? __pfx_process_one_work+0x10/0x10
[  109.058184]  ? move_linked_works+0x172/0x270
[  109.058565]  ? assign_work+0x196/0x240
[  109.058883]  worker_thread+0x67e/0xe90
[  109.059202]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  109.059645]  ? __pfx_worker_thread+0x10/0x10
[  109.060002]  kthread+0x3c8/0x740
[  109.060292]  ? __pfx_kthread+0x10/0x10
[  109.060622]  ? ret_from_fork+0x23/0x430
[  109.060962]  ? lock_release+0xc8/0x290
[  109.061280]  ? __pfx_kthread+0x10/0x10
[  109.061613]  ret_from_fork+0x34b/0x430
[  109.061933]  ? __pfx_kthread+0x10/0x10
[  109.062247]  ret_from_fork_asm+0x1a/0x30
[  109.062603]  </TASK>
[  109.062795] irq event stamp: 10147
[  109.063078] hardirqs last  enabled at (10155): [<ffffffff81541b18>] __up_console_sem+0x78/0x80
[  109.063786] hardirqs last disabled at (10164): [<ffffffff81541afd>] __up_console_sem+0x5d/0x80
[  109.064464] softirqs last  enabled at (9908): [<ffffffff813bafcc>] handle_softirqs+0x50c/0x770
[  109.065170] softirqs last disabled at (9849): [<ffffffff813bb364>] __irq_exit_rcu+0xc4/0x100
[  109.065852] ---[ end trace 0000000000000000 ]---
09:07:47 executing program 5:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010", 0x4c, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[])
unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0)

09:07:47 executing program 1:
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="045084200ca69b1b09"], 0x9)
syz_emit_vhci(&(0x7f0000000ac0)=ANY=[@ANYBLOB="02c9a036013201010003000800fb020500cbfd3f000d1f0800ac8504003f00090010ff040003000004111f020005000b40a2000800ec0c32226549a2f915f4838a6dbbd35296187369d7fca7001fb0782b552225c87836e3189475ff90fb40d0cd4e0e9cf0fac7a7909f60a47492021783eba6084ac1f7cb8370c6266732adc7e04678a0ae51dc8131e3dea69f41ccd97574a4f21abf304140e8c77412f9f17044966389d8e1a6739ed8dd418590c8908f163213c3770bb099d944d92d557322a93e55fee4ce0dffdf09f64b4e78d4da8c35b1af1210080400010080000c01050000200700000cab0500000107000505e64800fcff050004000610060109000200000009000000010000000102020006103f00010401000100f30100000200000001020200061022001adb0200000006000000d301000001020000c3a64dbb9ec4c01965271a83417d15bfc9b052fd6d5f82dfab5772575f90bc5b51967a798b82e3ee2cd7f9a83b9543388d7c4d4f53d6187ed01c5b4f47222de7372c73aaa4027ccb00e6e57da3f1b8b91677c563ece473acca"], 0x13b)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040f06000000043ac4debc30e49132f03f69f05ead03007af7d6bdedbbb6a7e80406b69b4e386f5e43bdaf3fe440b9ce9b7c909181e07903b80a0dfc69cc27ed84e71757c4e1c736c0b5dfb02e254c56840b0d4e95dde1e08ff844bc42d62e1086222b5f1ecd155e0b7fe7ef4a7158d452d92fcde3ba282e82b42def15ef7c1af96806f837f8068e08dccbd8edbd4aa3efa300"/157], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x408000, 0x0)
syz_emit_vhci(&(0x7f0000000440)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa2}, "3b9d1d50823db5e2e49ba1f7c2a596412882a4a358c2aadd49ebbc0ac1086a7fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"}, 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000740)=ANY=[@ANYBLOB="fd7ea2ae431801ca0fe5d5c51f9d4dfcb43d73de5b3dac2d50f528007eb52b8ecdef2d4fa6910711f969346060f1a2750350be4a656348f24f00f5b33119828ef18a5ed3d65488539f7db93908d9b0a695193951648af11df5f28807f2a4224beee75beb63bd391060f79d40d284cd75d9581334fb07"], 0xa)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x1a1, 0x1a00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b02008000"], 0xf)
syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x8c}, "b85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd67517df18abe884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3"}, 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

09:07:47 executing program 6:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
r2 = getpgid(0x0)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000000)={r3})

09:07:47 executing program 7:
openat2(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x100}, 0x18)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_SETVESABLANK(r0, 0x541c, &(0x7f0000000040)=0x2)

09:07:47 executing program 0:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
r2 = getpgid(0x0)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000000)={r3})

09:07:47 executing program 4:
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="045084200ca69b1b09"], 0x9)
syz_emit_vhci(&(0x7f0000000ac0)=ANY=[@ANYBLOB="02c9a036013201010003000800fb020500cbfd3f000d1f0800ac8504003f00090010ff040003000004111f020005000b40a2000800ec0c32226549a2f915f4838a6dbbd35296187369d7fca7001fb0782b552225c87836e3189475ff90fb40d0cd4e0e9cf0fac7a7909f60a47492021783eba6084ac1f7cb8370c6266732adc7e04678a0ae51dc8131e3dea69f41ccd97574a4f21abf304140e8c77412f9f17044966389d8e1a6739ed8dd418590c8908f163213c3770bb099d944d92d557322a93e55fee4ce0dffdf09f64b4e78d4da8c35b1af1210080400010080000c01050000200700000cab0500000107000505e64800fcff050004000610060109000200000009000000010000000102020006103f00010401000100f30100000200000001020200061022001adb0200000006000000d301000001020000c3a64dbb9ec4c01965271a83417d15bfc9b052fd6d5f82dfab5772575f90bc5b51967a798b82e3ee2cd7f9a83b9543388d7c4d4f53d6187ed01c5b4f47222de7372c73aaa4027ccb00e6e57da3f1b8b91677c563ece473acca"], 0x13b)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040f06000000043ac4debc30e49132f03f69f05ead03007af7d6bdedbbb6a7e80406b69b4e386f5e43bdaf3fe440b9ce9b7c909181e07903b80a0dfc69cc27ed84e71757c4e1c736c0b5dfb02e254c56840b0d4e95dde1e08ff844bc42d62e1086222b5f1ecd155e0b7fe7ef4a7158d452d92fcde3ba282e82b42def15ef7c1af96806f837f8068e08dccbd8edbd4aa3efa300"/157], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x408000, 0x0)
syz_emit_vhci(&(0x7f0000000440)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa2}, "3b9d1d50823db5e2e49ba1f7c2a596412882a4a358c2aadd49ebbc0ac1086a7fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"}, 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000740)=ANY=[@ANYBLOB="fd7ea2ae431801ca0fe5d5c51f9d4dfcb43d73de5b3dac2d50f528007eb52b8ecdef2d4fa6910711f969346060f1a2750350be4a656348f24f00f5b33119828ef18a5ed3d65488539f7db93908d9b0a695193951648af11df5f28807f2a4224beee75beb63bd391060f79d40d284cd75d9581334fb07"], 0xa)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x1a1, 0x1a00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b02008000"], 0xf)
syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x8c}, "b85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd67517df18abe884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3"}, 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

[  109.147236] loop5: detected capacity change from 0 to 6
09:07:47 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
r2 = getpgid(0x0)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000000)={r3})

09:07:47 executing program 2:
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="045084200ca69b1b09"], 0x9)
syz_emit_vhci(&(0x7f0000000ac0)=ANY=[@ANYBLOB="02c9a036013201010003000800fb020500cbfd3f000d1f0800ac8504003f00090010ff040003000004111f020005000b40a2000800ec0c32226549a2f915f4838a6dbbd35296187369d7fca7001fb0782b552225c87836e3189475ff90fb40d0cd4e0e9cf0fac7a7909f60a47492021783eba6084ac1f7cb8370c6266732adc7e04678a0ae51dc8131e3dea69f41ccd97574a4f21abf304140e8c77412f9f17044966389d8e1a6739ed8dd418590c8908f163213c3770bb099d944d92d557322a93e55fee4ce0dffdf09f64b4e78d4da8c35b1af1210080400010080000c01050000200700000cab0500000107000505e64800fcff050004000610060109000200000009000000010000000102020006103f00010401000100f30100000200000001020200061022001adb0200000006000000d301000001020000c3a64dbb9ec4c01965271a83417d15bfc9b052fd6d5f82dfab5772575f90bc5b51967a798b82e3ee2cd7f9a83b9543388d7c4d4f53d6187ed01c5b4f47222de7372c73aaa4027ccb00e6e57da3f1b8b91677c563ece473acca"], 0x13b)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040f06000000043ac4debc30e49132f03f69f05ead03007af7d6bdedbbb6a7e80406b69b4e386f5e43bdaf3fe440b9ce9b7c909181e07903b80a0dfc69cc27ed84e71757c4e1c736c0b5dfb02e254c56840b0d4e95dde1e08ff844bc42d62e1086222b5f1ecd155e0b7fe7ef4a7158d452d92fcde3ba282e82b42def15ef7c1af96806f837f8068e08dccbd8edbd4aa3efa300"/157], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x408000, 0x0)
syz_emit_vhci(&(0x7f0000000440)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa2}, "3b9d1d50823db5e2e49ba1f7c2a596412882a4a358c2aadd49ebbc0ac1086a7fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"}, 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000740)=ANY=[@ANYBLOB="fd7ea2ae431801ca0fe5d5c51f9d4dfcb43d73de5b3dac2d50f528007eb52b8ecdef2d4fa6910711f969346060f1a2750350be4a656348f24f00f5b33119828ef18a5ed3d65488539f7db93908d9b0a695193951648af11df5f28807f2a4224beee75beb63bd391060f79d40d284cd75d9581334fb07"], 0xa)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x1a1, 0x1a00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b02008000"], 0xf)
syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x8c}, "b85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd67517df18abe884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3"}, 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

[  109.155289] FAT-fs (loop5): Directory bread(block 6) failed
[  109.155815] FAT-fs (loop5): Directory bread(block 7) failed
[  109.156366] FAT-fs (loop5): Directory bread(block 8) failed
[  109.159606] FAT-fs (loop5): Directory bread(block 9) failed
[  109.165643] FAT-fs (loop5): error, corrupted directory (invalid entries)
[  109.166200] FAT-fs (loop5): Filesystem has been set read-only
09:07:47 executing program 0:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
r2 = getpgid(0x0)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000000)={r3})

09:07:47 executing program 7:
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="045084200ca69b1b09"], 0x9)
syz_emit_vhci(&(0x7f0000000ac0)=ANY=[@ANYBLOB="02c9a036013201010003000800fb020500cbfd3f000d1f0800ac8504003f00090010ff040003000004111f020005000b40a2000800ec0c32226549a2f915f4838a6dbbd35296187369d7fca7001fb0782b552225c87836e3189475ff90fb40d0cd4e0e9cf0fac7a7909f60a47492021783eba6084ac1f7cb8370c6266732adc7e04678a0ae51dc8131e3dea69f41ccd97574a4f21abf304140e8c77412f9f17044966389d8e1a6739ed8dd418590c8908f163213c3770bb099d944d92d557322a93e55fee4ce0dffdf09f64b4e78d4da8c35b1af1210080400010080000c01050000200700000cab0500000107000505e64800fcff050004000610060109000200000009000000010000000102020006103f00010401000100f30100000200000001020200061022001adb0200000006000000d301000001020000c3a64dbb9ec4c01965271a83417d15bfc9b052fd6d5f82dfab5772575f90bc5b51967a798b82e3ee2cd7f9a83b9543388d7c4d4f53d6187ed01c5b4f47222de7372c73aaa4027ccb00e6e57da3f1b8b91677c563ece473acca"], 0x13b)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040f06000000043ac4debc30e49132f03f69f05ead03007af7d6bdedbbb6a7e80406b69b4e386f5e43bdaf3fe440b9ce9b7c909181e07903b80a0dfc69cc27ed84e71757c4e1c736c0b5dfb02e254c56840b0d4e95dde1e08ff844bc42d62e1086222b5f1ecd155e0b7fe7ef4a7158d452d92fcde3ba282e82b42def15ef7c1af96806f837f8068e08dccbd8edbd4aa3efa300"/157], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x408000, 0x0)
syz_emit_vhci(&(0x7f0000000440)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa2}, "3b9d1d50823db5e2e49ba1f7c2a596412882a4a358c2aadd49ebbc0ac1086a7fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"}, 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000740)=ANY=[@ANYBLOB="fd7ea2ae431801ca0fe5d5c51f9d4dfcb43d73de5b3dac2d50f528007eb52b8ecdef2d4fa6910711f969346060f1a2750350be4a656348f24f00f5b33119828ef18a5ed3d65488539f7db93908d9b0a695193951648af11df5f28807f2a4224beee75beb63bd391060f79d40d284cd75d9581334fb07"], 0xa)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x1a1, 0x1a00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b02008000"], 0xf)
syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x8c}, "b85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd67517df18abe884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3"}, 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

09:07:47 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
r2 = getpgid(0x0)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000000)={r3})

09:07:47 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prlimit64(0x0, 0x0, 0x0, 0x0)

09:07:47 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prlimit64(0x0, 0x0, 0x0, 0x0)

09:07:47 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
r2 = getpgid(0x0)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000000)={r3})

09:07:47 executing program 0:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
r2 = getpgid(0x0)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000000)={r3})

09:07:47 executing program 5:
r0 = timerfd_create(0x8, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setresuid(0x0, r1, 0x0)
timerfd_settime(r0, 0x0, &(0x7f0000000040)={{0x77359400}}, 0x0)

09:07:47 executing program 5:
r0 = timerfd_create(0x8, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setresuid(0x0, r1, 0x0)
timerfd_settime(r0, 0x0, &(0x7f0000000040)={{0x77359400}}, 0x0)

09:07:47 executing program 2:
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="045084200ca69b1b09"], 0x9)
syz_emit_vhci(&(0x7f0000000ac0)=ANY=[@ANYBLOB="02c9a036013201010003000800fb020500cbfd3f000d1f0800ac8504003f00090010ff040003000004111f020005000b40a2000800ec0c32226549a2f915f4838a6dbbd35296187369d7fca7001fb0782b552225c87836e3189475ff90fb40d0cd4e0e9cf0fac7a7909f60a47492021783eba6084ac1f7cb8370c6266732adc7e04678a0ae51dc8131e3dea69f41ccd97574a4f21abf304140e8c77412f9f17044966389d8e1a6739ed8dd418590c8908f163213c3770bb099d944d92d557322a93e55fee4ce0dffdf09f64b4e78d4da8c35b1af1210080400010080000c01050000200700000cab0500000107000505e64800fcff050004000610060109000200000009000000010000000102020006103f00010401000100f30100000200000001020200061022001adb0200000006000000d301000001020000c3a64dbb9ec4c01965271a83417d15bfc9b052fd6d5f82dfab5772575f90bc5b51967a798b82e3ee2cd7f9a83b9543388d7c4d4f53d6187ed01c5b4f47222de7372c73aaa4027ccb00e6e57da3f1b8b91677c563ece473acca"], 0x13b)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040f06000000043ac4debc30e49132f03f69f05ead03007af7d6bdedbbb6a7e80406b69b4e386f5e43bdaf3fe440b9ce9b7c909181e07903b80a0dfc69cc27ed84e71757c4e1c736c0b5dfb02e254c56840b0d4e95dde1e08ff844bc42d62e1086222b5f1ecd155e0b7fe7ef4a7158d452d92fcde3ba282e82b42def15ef7c1af96806f837f8068e08dccbd8edbd4aa3efa300"/157], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x408000, 0x0)
syz_emit_vhci(&(0x7f0000000440)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa2}, "3b9d1d50823db5e2e49ba1f7c2a596412882a4a358c2aadd49ebbc0ac1086a7fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"}, 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000740)=ANY=[@ANYBLOB="fd7ea2ae431801ca0fe5d5c51f9d4dfcb43d73de5b3dac2d50f528007eb52b8ecdef2d4fa6910711f969346060f1a2750350be4a656348f24f00f5b33119828ef18a5ed3d65488539f7db93908d9b0a695193951648af11df5f28807f2a4224beee75beb63bd391060f79d40d284cd75d9581334fb07"], 0xa)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x1a1, 0x1a00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b02008000"], 0xf)
syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x8c}, "b85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd67517df18abe884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3"}, 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

[  109.393804] ------------[ cut here ]------------
[  109.394269] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#1: kworker/1:4/312
[  109.395165] Modules linked in:
[  109.395442] CPU: 1 UID: 0 PID: 312 Comm: kworker/1:4 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  109.396559] Tainted: [W]=WARN
[  109.396816] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  109.397481] Workqueue: events free_ipc
[  109.397980] RIP: 0010:mntput_no_expire+0x78e/0xbe0
[  109.398387] Code: 05 16 42 81 04 01 e8 31 f8 91 ff e9 41 fc ff ff e8 b7 50 b4 ff 31 ff 44 89 ee e8 dd 4b b4 ff 45 85 ed 79 09 e8 a3 50 b4 ff 90 <0f> 0b 90 e8 9a 50 b4 ff e8 75 f6 fb 02 31 ff 89 c5 89 c6 e8 ba 4b
[  109.399836] RSP: 0018:ffff88804215fb48 EFLAGS: 00010293
[  109.400265] RAX: 0000000000000000 RBX: 1ffff1100842bf6e RCX: ffffffff81bf96d3
[  109.400882] RDX: ffff88804212b700 RSI: ffffffff81bf96dd RDI: 0000000000000005
[  109.401457] RBP: ffff888015f9d500 R08: 0000000000000001 R09: 0000000000000000
[  109.402052] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff88804215fbb0
[  109.402649] R13: 00000000ffffffff R14: 0000000000000001 R15: 0000000000000000
[  109.403227] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  109.403897] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  109.404371] CR2: 00007ffed2826ec8 CR3: 000000000e465000 CR4: 0000000000350ef0
[  109.404978] Call Trace:
[  109.405195]  <TASK>
[  109.405387]  ? __pfx_mntput_no_expire+0x10/0x10
[  109.405793]  ? lock_is_held_type+0x9e/0x120
[  109.406162]  mntput+0x6b/0x90
[  109.406430]  free_ipc+0x179/0x2b0
[  109.406741]  process_one_work+0x8e1/0x19c0
[  109.407109]  ? __pfx_process_one_work+0x10/0x10
[  109.407525]  ? move_linked_works+0x172/0x270
[  109.407901]  ? assign_work+0x196/0x240
[  109.408224]  worker_thread+0x67e/0xe90
[  109.408573]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  109.409017]  ? __pfx_worker_thread+0x10/0x10
[  109.409387]  kthread+0x3c8/0x740
[  109.409692]  ? __pfx_kthread+0x10/0x10
[  109.410018]  ? ret_from_fork+0x23/0x430
[  109.410352]  ? lock_release+0xc8/0x290
[  109.410699]  ? __pfx_kthread+0x10/0x10
[  109.411027]  ret_from_fork+0x34b/0x430
[  109.411352]  ? __pfx_kthread+0x10/0x10
[  109.411695]  ret_from_fork_asm+0x1a/0x30
[  109.412047]  </TASK>
[  109.412241] irq event stamp: 8277
[  109.412541] hardirqs last  enabled at (8287): [<ffffffff81541b18>] __up_console_sem+0x78/0x80
[  109.413233] hardirqs last disabled at (8294): [<ffffffff81541afd>] __up_console_sem+0x5d/0x80
[  109.413938] softirqs last  enabled at (8156): [<ffffffff813bafcc>] handle_softirqs+0x50c/0x770
[  109.414662] softirqs last disabled at (8141): [<ffffffff813bb364>] __irq_exit_rcu+0xc4/0x100
[  109.415340] ---[ end trace 0000000000000000 ]---
09:07:47 executing program 7:
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="045084200ca69b1b09"], 0x9)
syz_emit_vhci(&(0x7f0000000ac0)=ANY=[@ANYBLOB="02c9a036013201010003000800fb020500cbfd3f000d1f0800ac8504003f00090010ff040003000004111f020005000b40a2000800ec0c32226549a2f915f4838a6dbbd35296187369d7fca7001fb0782b552225c87836e3189475ff90fb40d0cd4e0e9cf0fac7a7909f60a47492021783eba6084ac1f7cb8370c6266732adc7e04678a0ae51dc8131e3dea69f41ccd97574a4f21abf304140e8c77412f9f17044966389d8e1a6739ed8dd418590c8908f163213c3770bb099d944d92d557322a93e55fee4ce0dffdf09f64b4e78d4da8c35b1af1210080400010080000c01050000200700000cab0500000107000505e64800fcff050004000610060109000200000009000000010000000102020006103f00010401000100f30100000200000001020200061022001adb0200000006000000d301000001020000c3a64dbb9ec4c01965271a83417d15bfc9b052fd6d5f82dfab5772575f90bc5b51967a798b82e3ee2cd7f9a83b9543388d7c4d4f53d6187ed01c5b4f47222de7372c73aaa4027ccb00e6e57da3f1b8b91677c563ece473acca"], 0x13b)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040f06000000043ac4debc30e49132f03f69f05ead03007af7d6bdedbbb6a7e80406b69b4e386f5e43bdaf3fe440b9ce9b7c909181e07903b80a0dfc69cc27ed84e71757c4e1c736c0b5dfb02e254c56840b0d4e95dde1e08ff844bc42d62e1086222b5f1ecd155e0b7fe7ef4a7158d452d92fcde3ba282e82b42def15ef7c1af96806f837f8068e08dccbd8edbd4aa3efa300"/157], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x408000, 0x0)
syz_emit_vhci(&(0x7f0000000440)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa2}, "3b9d1d50823db5e2e49ba1f7c2a596412882a4a358c2aadd49ebbc0ac1086a7fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"}, 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000740)=ANY=[@ANYBLOB="fd7ea2ae431801ca0fe5d5c51f9d4dfcb43d73de5b3dac2d50f528007eb52b8ecdef2d4fa6910711f969346060f1a2750350be4a656348f24f00f5b33119828ef18a5ed3d65488539f7db93908d9b0a695193951648af11df5f28807f2a4224beee75beb63bd391060f79d40d284cd75d9581334fb07"], 0xa)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x1a1, 0x1a00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b02008000"], 0xf)
syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x8c}, "b85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd67517df18abe884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3"}, 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

09:07:47 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prlimit64(0x0, 0x0, 0x0, 0x0)

09:07:47 executing program 5:
r0 = timerfd_create(0x8, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setresuid(0x0, r1, 0x0)
timerfd_settime(r0, 0x0, &(0x7f0000000040)={{0x77359400}}, 0x0)

09:07:47 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg(r0, &(0x7f00000001c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000180)=[{&(0x7f0000000080)="ec25aff3", 0x3}, {0x0, 0x4000}], 0x2}, 0x0)

09:07:47 executing program 1:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8001)

09:07:47 executing program 2:
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="045084200ca69b1b09"], 0x9)
syz_emit_vhci(&(0x7f0000000ac0)=ANY=[@ANYBLOB="02c9a036013201010003000800fb020500cbfd3f000d1f0800ac8504003f00090010ff040003000004111f020005000b40a2000800ec0c32226549a2f915f4838a6dbbd35296187369d7fca7001fb0782b552225c87836e3189475ff90fb40d0cd4e0e9cf0fac7a7909f60a47492021783eba6084ac1f7cb8370c6266732adc7e04678a0ae51dc8131e3dea69f41ccd97574a4f21abf304140e8c77412f9f17044966389d8e1a6739ed8dd418590c8908f163213c3770bb099d944d92d557322a93e55fee4ce0dffdf09f64b4e78d4da8c35b1af1210080400010080000c01050000200700000cab0500000107000505e64800fcff050004000610060109000200000009000000010000000102020006103f00010401000100f30100000200000001020200061022001adb0200000006000000d301000001020000c3a64dbb9ec4c01965271a83417d15bfc9b052fd6d5f82dfab5772575f90bc5b51967a798b82e3ee2cd7f9a83b9543388d7c4d4f53d6187ed01c5b4f47222de7372c73aaa4027ccb00e6e57da3f1b8b91677c563ece473acca"], 0x13b)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040f06000000043ac4debc30e49132f03f69f05ead03007af7d6bdedbbb6a7e80406b69b4e386f5e43bdaf3fe440b9ce9b7c909181e07903b80a0dfc69cc27ed84e71757c4e1c736c0b5dfb02e254c56840b0d4e95dde1e08ff844bc42d62e1086222b5f1ecd155e0b7fe7ef4a7158d452d92fcde3ba282e82b42def15ef7c1af96806f837f8068e08dccbd8edbd4aa3efa300"/157], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x408000, 0x0)
syz_emit_vhci(&(0x7f0000000440)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa2}, "3b9d1d50823db5e2e49ba1f7c2a596412882a4a358c2aadd49ebbc0ac1086a7fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"}, 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000740)=ANY=[@ANYBLOB="fd7ea2ae431801ca0fe5d5c51f9d4dfcb43d73de5b3dac2d50f528007eb52b8ecdef2d4fa6910711f969346060f1a2750350be4a656348f24f00f5b33119828ef18a5ed3d65488539f7db93908d9b0a695193951648af11df5f28807f2a4224beee75beb63bd391060f79d40d284cd75d9581334fb07"], 0xa)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x1a1, 0x1a00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b02008000"], 0xf)
syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x8c}, "b85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd67517df18abe884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3"}, 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

09:07:47 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r0, 0x6, 0x2d, 0x0, &(0x7f0000000240))

09:07:47 executing program 3:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040), 0xe)
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4)

09:07:47 executing program 5:
r0 = timerfd_create(0x8, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setresuid(0x0, r1, 0x0)
timerfd_settime(r0, 0x0, &(0x7f0000000040)={{0x77359400}}, 0x0)

09:07:47 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg(r0, &(0x7f00000001c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000180)=[{&(0x7f0000000080)="ec25aff3", 0x3}, {0x0, 0x4000}], 0x2}, 0x0)

09:07:47 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r0, 0x6, 0x2d, 0x0, &(0x7f0000000240))

09:07:47 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prlimit64(0x0, 0x0, 0x0, 0x0)

09:07:47 executing program 3:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040), 0xe)
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4)

09:07:47 executing program 5:
prctl$PR_GET_ENDIAN(0x4d, 0x0)

09:07:47 executing program 1:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8001)

09:07:47 executing program 1:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8001)

09:07:47 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r0, 0x6, 0x2d, 0x0, &(0x7f0000000240))

09:07:47 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8001)

09:07:47 executing program 3:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040), 0xe)
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4)

09:07:47 executing program 5:
prctl$PR_GET_ENDIAN(0x4d, 0x0)

09:07:47 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg(r0, &(0x7f00000001c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000180)=[{&(0x7f0000000080)="ec25aff3", 0x3}, {0x0, 0x4000}], 0x2}, 0x0)

09:07:47 executing program 7:
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="045084200ca69b1b09"], 0x9)
syz_emit_vhci(&(0x7f0000000ac0)=ANY=[@ANYBLOB="02c9a036013201010003000800fb020500cbfd3f000d1f0800ac8504003f00090010ff040003000004111f020005000b40a2000800ec0c32226549a2f915f4838a6dbbd35296187369d7fca7001fb0782b552225c87836e3189475ff90fb40d0cd4e0e9cf0fac7a7909f60a47492021783eba6084ac1f7cb8370c6266732adc7e04678a0ae51dc8131e3dea69f41ccd97574a4f21abf304140e8c77412f9f17044966389d8e1a6739ed8dd418590c8908f163213c3770bb099d944d92d557322a93e55fee4ce0dffdf09f64b4e78d4da8c35b1af1210080400010080000c01050000200700000cab0500000107000505e64800fcff050004000610060109000200000009000000010000000102020006103f00010401000100f30100000200000001020200061022001adb0200000006000000d301000001020000c3a64dbb9ec4c01965271a83417d15bfc9b052fd6d5f82dfab5772575f90bc5b51967a798b82e3ee2cd7f9a83b9543388d7c4d4f53d6187ed01c5b4f47222de7372c73aaa4027ccb00e6e57da3f1b8b91677c563ece473acca"], 0x13b)
syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040f06000000043ac4debc30e49132f03f69f05ead03007af7d6bdedbbb6a7e80406b69b4e386f5e43bdaf3fe440b9ce9b7c909181e07903b80a0dfc69cc27ed84e71757c4e1c736c0b5dfb02e254c56840b0d4e95dde1e08ff844bc42d62e1086222b5f1ecd155e0b7fe7ef4a7158d452d92fcde3ba282e82b42def15ef7c1af96806f837f8068e08dccbd8edbd4aa3efa300"/157], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x408000, 0x0)
syz_emit_vhci(&(0x7f0000000440)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa2}, "3b9d1d50823db5e2e49ba1f7c2a596412882a4a358c2aadd49ebbc0ac1086a7fd8d8a2ce0e22630aca0a5a00a708b5785800dc05cbd28b2f73d04ea40222b037b3f53c82bee4a2c5a30c7afbe4259ace371f82e3a651cf064f90a3b1d64cee29c1e1c666def7bc6ee3c62ffbbfa31f6b97f5ea0a3dd6597d746320e598031b2cceddb4adc829a1ee1c1119d4eb41939be2f9c119b1c38aef5742e35b2b5de861e4da"}, 0xa6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c900009e14e837273701de118d8aad382a2ee9f865767a450b0ce0497a1c7e0977a673802bf56b874c3aea0b1fe4876f06be57ef79f965a7f1cd1fe1bf9d46e29255c8a58c47488ca00c00eba31c89ba1c40cc01a08ed8d37aee0b442f5785ab6dc4342378839eccb5677f44a43dbfcc9bb9375ab873a1cd04b29c15780d1823f686e4bdb209c750cade7ba758bd4f6520c2fd1f9d427d54142daacb9c16270cfa6d8599d58c72f2a4629f75fb238c3929315cca3b888643088fe02670d8c07a5a06e7e8d1ee8ff9a20b5da168f7d6737e0a5d0583471a33fad62a4e3f0a01c8a65466d810ef3d82a57e4c196a2ea8f477fb59036f1e1616cfaa68735835dfdd644f144f4d78da2edb3a32707d1816baa4c603a978c9446174a83b460b157556bfb4dd1204f0aead"], 0x54)
getdents64(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c)
syz_emit_vhci(&(0x7f0000000740)=ANY=[@ANYBLOB="fd7ea2ae431801ca0fe5d5c51f9d4dfcb43d73de5b3dac2d50f528007eb52b8ecdef2d4fa6910711f969346060f1a2750350be4a656348f24f00f5b33119828ef18a5ed3d65488539f7db93908d9b0a695193951648af11df5f28807f2a4224beee75beb63bd391060f79d40d284cd75d9581334fb07"], 0xa)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x1a1, 0x1a00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c9e00a8da2fc2600131b02008000"], 0xf)
syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x8c}, "b85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6bd67517df18abe884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf21b034e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3"}, 0x90)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

09:07:47 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x6}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000006140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

09:07:47 executing program 5:
prctl$PR_GET_ENDIAN(0x4d, 0x0)

09:07:47 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r0, 0x6, 0x2d, 0x0, &(0x7f0000000240))

09:07:47 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg(r0, &(0x7f00000001c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000180)=[{&(0x7f0000000080)="ec25aff3", 0x3}, {0x0, 0x4000}], 0x2}, 0x0)

09:07:47 executing program 3:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040), 0xe)
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4)

09:07:47 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x6}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000006140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

09:07:47 executing program 1:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8001)

09:07:47 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8001)

09:07:47 executing program 5:
prctl$PR_GET_ENDIAN(0x4d, 0x0)

09:07:47 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
process_vm_readv(0x0, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/132, 0x84}], 0x1000000000000092, &(0x7f0000000680)=[{&(0x7f0000000800)=""/102400, 0x19000}], 0x1, 0x0)

09:07:47 executing program 0:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_CHECKPOINT(r0, 0x8008662c, &(0x7f0000000000)=0x1)

09:07:47 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDGKBDIACR(r0, 0x4b4b, &(0x7f00000014c0)=""/4096)

09:07:47 executing program 7:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000140)={0x0, 0x0, 0x1e00, 0x0, 0x0, "7cacc37b4a9fd591bc7dde22c61ccb0d5b569b"})

09:07:47 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x6}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000006140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

09:07:47 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_RADAR_DETECT(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, r1, 0x703, 0x0, 0x0, {{0x2}, {@void, @val={0xc, 0x99, {0x80000}}}}}, 0x20}}, 0x0)

09:07:47 executing program 0:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_CHECKPOINT(r0, 0x8008662c, &(0x7f0000000000)=0x1)

09:07:47 executing program 7:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000140)={0x0, 0x0, 0x1e00, 0x0, 0x0, "7cacc37b4a9fd591bc7dde22c61ccb0d5b569b"})

09:07:47 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDGKBDIACR(r0, 0x4b4b, &(0x7f00000014c0)=""/4096)

09:07:47 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
process_vm_readv(0x0, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/132, 0x84}], 0x1000000000000092, &(0x7f0000000680)=[{&(0x7f0000000800)=""/102400, 0x19000}], 0x1, 0x0)

09:07:47 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8001)

09:07:47 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
process_vm_readv(0x0, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/132, 0x84}], 0x1000000000000092, &(0x7f0000000680)=[{&(0x7f0000000800)=""/102400, 0x19000}], 0x1, 0x0)

[  109.884225] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI
[  109.885086] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  109.885681] CPU: 0 UID: 0 PID: 4072 Comm: syz-executor.6 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  109.886607] Tainted: [W]=WARN
[  109.886854] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  109.887460] RIP: 0010:perf_tp_event+0x175/0xe70
[  109.887818] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  109.889146] RSP: 0018:ffff8880447bf780 EFLAGS: 00010012
[  109.889538] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  109.890065] RDX: ffff88804459b700 RSI: ffffffff818995b7 RDI: 0000000000000191
[  109.890622] RBP: ffff8880447bf9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16318
[  109.891180] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  109.891737] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  109.892298] FS:  000055558bcf7400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  109.892931] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  109.893388] CR2: 0000001b2d223000 CR3: 000000004528b000 CR4: 0000000000350ef0
[  109.893950] Call Trace:
[  109.894150]  <TASK>
[  109.894324]  ? __free_insn_slot+0x630/0x640
[  109.894655]  ? __pfx_perf_tp_event+0x10/0x10
[  109.894988]  ? find_held_lock+0x2b/0x80
[  109.895292]  ? get_page_from_freelist+0x484/0x24b0
[  109.895661]  ? lock_release+0xc8/0x290
[  109.895973]  ? do_raw_spin_unlock+0x53/0x220
[  109.896328]  ? kasan_unpoison+0x27/0x60
[  109.896647]  ? __kasan_unpoison_pages+0x2f/0x40
[  109.897028]  ? get_page_from_freelist+0x194a/0x24b0
[  109.897429]  ? css_rstat_updated+0x1b8/0x4d0
[  109.897787]  ? __pfx_css_rstat_updated+0x10/0x10
[  109.898168]  ? lock_is_held_type+0x9e/0x120
[  109.898518]  ? perf_trace_run_bpf_submit+0xef/0x180
[  109.898915]  ? lock_is_held_type+0x9e/0x120
[  109.899263]  perf_trace_run_bpf_submit+0xef/0x180
[  109.899648]  perf_trace_preemptirq_template+0x259/0x430
[  109.900079]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  109.900547]  ? lock_is_held_type+0x9e/0x120
[  109.900902]  ? find_held_lock+0x2b/0x80
[  109.901223]  ? try_to_wake_up+0x8ae/0x11d0
[  109.901566]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  109.901967]  trace_irq_enable.constprop.0+0xa6/0x100
[  109.902370]  trace_hardirqs_on+0x26/0x40
[  109.902692]  _raw_spin_unlock_irqrestore+0x2c/0x50
[  109.903086]  try_to_wake_up+0x8ae/0x11d0
[  109.903414]  ? __pfx_try_to_wake_up+0x10/0x10
[  109.903777]  ? plist_del+0x122/0x270
[  109.904081]  ? find_held_lock+0x2b/0x80
[  109.904416]  ? futex_wake+0x474/0x540
[  109.904740]  wake_up_q+0xa1/0x130
[  109.905039]  futex_wake+0x47e/0x540
[  109.905340]  ? __pfx_futex_wake+0x10/0x10
[  109.905693]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  109.906136]  ? finish_task_switch.isra.0+0x206/0x840
[  109.906571]  do_futex+0x26d/0x370
[  109.906868]  ? __pfx_do_futex+0x10/0x10
[  109.907202]  ? __pfx___schedule+0x10/0x10
[  109.907554]  __x64_sys_futex+0x1c9/0x4d0
[  109.907893]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  109.908374]  ? __pfx___x64_sys_futex+0x10/0x10
[  109.908749]  do_syscall_64+0xbf/0x360
[  109.909074]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.909504] RIP: 0033:0x7f95efd90b19
[  109.909796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  109.911272] RSP: 002b:00007fff74b41af8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  109.911874] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f95efd90b19
[  109.912435] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f95efea3f68
[  109.913000] RBP: 00007f95efea3f60 R08: 00007f95efea00a0 R09: 0000000000000000
[  109.913557] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f95efea81a8
[  109.914116] R13: 00007fff74b41c00 R14: 00007f95efea3f60 R15: 000000000001acd1
[  109.914675]  </TASK>
[  109.914862] Modules linked in:
[  109.915121] ---[ end trace 0000000000000000 ]---
[  109.915125] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[  109.915490] RIP: 0010:perf_tp_event+0x175/0xe70
[  109.916330] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  109.916691] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  109.917339] CPU: 1 UID: 0 PID: 4083 Comm: syz-executor.7 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  109.918741] RSP: 0018:ffff8880447bf780 EFLAGS: 00010012
[  109.919599] Tainted: [D]=DIE, [W]=WARN
[  109.920005] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  109.920288] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  109.920847] RDX: ffff88804459b700 RSI: ffffffff818995b7 RDI: 0000000000000191
[  109.921446] RIP: 0010:perf_tp_event+0x175/0xe70
[  109.922003] RBP: ffff8880447bf9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16318
[  109.922344] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  109.922897] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  109.924216] RSP: 0018:ffff88804584f780 EFLAGS: 00010012
[  109.924770] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  109.924781] FS:  000055558bcf7400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  109.925169] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000540b000
[  109.925724] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  109.926305] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  109.926863] CR2: 0000001b2d223000 CR3: 000000004528b000 CR4: 0000000000350ef0
[  109.927285] RBP: ffff88804584f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16318
[  109.927841] note: syz-executor.6[4072] exited with irqs disabled
[  109.928356] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  109.929870] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  109.930394] FS:  00007f3ce79e1700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  109.930985] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  109.931413] CR2: 00007f3ce79e0d58 CR3: 0000000013aa5000 CR4: 0000000000350ef0
[  109.931941] Call Trace:
[  109.932137]  <TASK>
[  109.932309]  ? __mutex_unlock_slowpath+0x157/0x750
[  109.932689]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  109.933102]  ? __pfx_perf_tp_event+0x10/0x10
[  109.933483]  ? lock_release+0x1c7/0x290
[  109.933825]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  109.934247]  ? lock_acquire+0x18c/0x2f0
[  109.934554]  ? tty_kref_put+0x4f/0x1c0
[  109.934855]  ? lock_release+0x1c7/0x290
[  109.935155]  ? lock_acquire+0x18c/0x2f0
[  109.935456]  ? lock_acquire+0x18c/0x2f0
[  109.935763]  ? lock_release+0x1c7/0x290
[  109.936065]  ? __is_insn_slot_addr+0x140/0x290
[  109.936417]  ? kernel_text_address+0x5b/0xc0
[  109.936753]  ? __kernel_text_address+0xd/0x40
[  109.937102]  ? unwind_get_return_address+0x59/0xa0
[  109.937478]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  109.937887]  ? arch_stack_walk+0x9c/0xf0
[  109.938196]  ? perf_trace_run_bpf_submit+0xef/0x180
[  109.938576]  perf_trace_run_bpf_submit+0xef/0x180
[  109.938945]  perf_trace_preemptirq_template+0x259/0x430
[  109.939351]  ? trace_sched_set_need_resched_tp+0xd4/0x110
[  109.939769]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  109.940209]  ? __pfx___resched_curr+0x10/0x10
[  109.940552]  ? check_preempt_wakeup_fair+0x406/0x950
[  109.940942]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  109.941322]  trace_irq_enable.constprop.0+0xa6/0x100
[  109.941699]  trace_hardirqs_on+0x26/0x40
[  109.942002]  _raw_spin_unlock_irqrestore+0x2c/0x50
[  109.942372]  try_to_wake_up+0x8ae/0x11d0
[  109.942684]  ? __pfx_try_to_wake_up+0x10/0x10
[  109.943026]  ? plist_del+0x122/0x270
[  109.943311]  ? __futex_unqueue+0xda/0x1c0
[  109.943625]  wake_up_q+0xa1/0x130
[  109.943895]  futex_wake+0x47e/0x540
[  109.944180]  ? __pfx_futex_wake+0x10/0x10
[  109.944494]  ? kmem_cache_free+0x2a1/0x540
[  109.944811]  ? putname.part.0+0x11b/0x160
[  109.945134]  do_futex+0x26d/0x370
[  109.945400]  ? __pfx_do_futex+0x10/0x10
[  109.945720]  ? count_memcg_events+0x32b/0x420
[  109.946093]  __x64_sys_futex+0x1c9/0x4d0
[  109.946405]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  109.946845]  ? __x64_sys_openat+0x142/0x200
[  109.947174]  ? __pfx___x64_sys_futex+0x10/0x10
[  109.947521]  do_syscall_64+0xbf/0x360
[  109.947808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.948190] RIP: 0033:0x7f3cea46bb19
[  109.948467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  109.949799] RSP: 002b:00007f3ce79e1218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  109.950354] RAX: ffffffffffffffda RBX: 00007f3cea57ef68 RCX: 00007f3cea46bb19
[  109.950877] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3cea57ef6c
[  109.951398] RBP: 00007f3cea57ef60 R08: 000000000000000e R09: 0000000000000000
[  109.951920] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f3cea57ef6c
[  109.952441] R13: 00007ffffea19cdf R14: 00007f3ce79e1300 R15: 0000000000022000
[  109.952973]  </TASK>
[  109.953151] Modules linked in:
[  109.953395] ---[ end trace 0000000000000000 ]---
[  109.953397] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI
[  109.953741] RIP: 0010:perf_tp_event+0x175/0xe70
[  109.954606] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  109.954943] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  109.955530] CPU: 0 UID: 0 PID: 4072 Comm: syz-executor.6 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  109.956841] RSP: 0018:ffff8880447bf780 EFLAGS: 00010012
[  109.957753] Tainted: [D]=DIE, [W]=WARN
[  109.958138] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  109.958439] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  109.958955] RDX: ffff88804459b700 RSI: ffffffff818995b7 RDI: 0000000000000191
[  109.959590] RIP: 0010:perf_tp_event+0x175/0xe70
[  109.960105] RBP: ffff8880447bf9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16318
[  109.960464] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  109.960985] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  109.962391] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012
[  109.962907] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  109.962909] 
[  109.962919] FS:  00007f3ce79e1700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  109.963325] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  109.963843] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  109.963978] RDX: ffff88804459b700 RSI: ffffffff818995b7 RDI: 0000000000000191
[  109.964557] CR2: 00007f3ce79e0d58 CR3: 0000000013aa5000 CR4: 0000000000350ef0
[  109.965120] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc16318
[  109.965545] note: syz-executor.7[4083] exited with irqs disabled
[  109.966092] R10: 0000000000000000 R11: ffff88801d813c98 R12: dffffc0000000000
[  109.968079] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[  109.968604] FS:  000055558bcf7400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  109.969200] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  109.969629] CR2: 0000001b2d223000 CR3: 000000004528b000 CR4: 0000000000350ef0
[  109.970154] Call Trace:
[  109.970350]  <IRQ>
[  109.970519]  ? __pfx_perf_tp_event+0x10/0x10
[  109.970862]  ? enqueue_task_fair+0xded/0x1e00
[  109.971203]  ? check_preempt_wakeup_fair+0x6e/0x950
[  109.971578]  ? wakeup_preempt+0x140/0x2a0
[  109.971891]  ? lock_release+0x1c7/0x290
[  109.972190]  ? lock_release+0x1c7/0x290
[  109.972489]  ? do_raw_spin_unlock+0x53/0x220
[  109.972823]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  109.973215]  ? try_to_wake_up+0x8ae/0x11d0
[  109.973537]  ? do_raw_spin_lock+0x123/0x260
[  109.973868]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  109.974220]  ? perf_trace_run_bpf_submit+0xef/0x180
[  109.974594]  perf_trace_run_bpf_submit+0xef/0x180
[  109.974959]  perf_trace_preemptirq_template+0x259/0x430
[  109.975362]  ? read_tsc+0x9/0x20
[  109.975626]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  109.976067]  ? clockevents_program_event+0x135/0x360
[  109.976450]  ? tick_program_event+0xac/0x140
[  109.976780]  ? handle_softirqs+0x16e/0x770
[  109.977110]  trace_irq_enable.constprop.0+0xa6/0x100
[  109.977487]  trace_hardirqs_on+0x26/0x40
[  109.977790]  handle_softirqs+0x16e/0x770
[  109.978102]  __irq_exit_rcu+0xc4/0x100
[  109.978401]  irq_exit_rcu+0x9/0x20
[  109.978669]  sysvec_apic_timer_interrupt+0x70/0x80
[  109.979040]  </IRQ>
[  109.979212]  <TASK>
[  109.979384]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  109.979775] RIP: 0010:make_task_dead+0xa2/0x3b0
[  109.980127] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 <e8> b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[  109.981455] RSP: 0018:ffff8880447bff28 EFLAGS: 00000246
[  109.981848] RAX: 0000000000000001 RBX: ffff88804459b700 RCX: ffffffff817c2b86
[  109.982368] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[  109.982889] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[  109.983409] R10: ffffffff8643ac57 R11: 3838666666662052 R12: ffff88804459b700
[  109.983931] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000
[  109.984454]  ? trace_irq_enable.constprop.0+0x26/0x100
[  109.984851]  ? make_task_dead+0x214/0x3b0
[  109.985165]  ? make_task_dead+0x214/0x3b0
[  109.985474]  ? do_syscall_64+0xbf/0x360
[  109.985770]  rewind_stack_and_make_dead+0x16/0x20
[  109.986134] RIP: 0033:0x7f95efd90b19
[  109.986411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  109.987725] RSP: 002b:00007fff74b41af8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  109.988280] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f95efd90b19
[  109.988799] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f95efea3f68
[  109.989325] RBP: 00007f95efea3f60 R08: 00007f95efea00a0 R09: 0000000000000000
[  109.989845] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f95efea81a8
[  109.990364] R13: 00007fff74b41c00 R14: 00007f95efea3f60 R15: 000000000001acd1
[  109.990888]  </TASK>
[  109.991065] Modules linked in:
[  109.991309] ---[ end trace 0000000000000000 ]---
[  109.991311] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI
[  109.991655] RIP: 0010:perf_tp_event+0x175/0xe70
[  109.992511] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  109.992856] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  109.993529] CPU: 1 UID: 0 PID: 4083 Comm: syz-executor.7 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  109.994834] RSP: 0018:ffff8880447bf780 EFLAGS: 00010012
[  109.995753] Tainted: [D]=DIE, [W]=WARN
[  109.996137] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  109.996439] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  109.996960] RDX: ffff88804459b700 RSI: ffffffff818995b7 RDI: 0000000000000191
[  109.997597] RIP: 0010:perf_tp_event+0x175/0xe70
[  109.998113] RBP: ffff8880447bf9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16318
[  109.998475] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  109.998989] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  110.000398] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012
[  110.000920] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  110.001340] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  110.001857] FS:  000055558bcf7400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  110.002412] RDX: ffff888045839b80 RSI: ffffffff818995b7 RDI: 0000000100000190
[  110.002992] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  110.003544] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16318
[  110.003965] CR2: 0000001b2d223000 CR3: 000000004528b000 CR4: 0000000000350ef0
[  110.004517] R10: 0000000000000000 R11: ffff88801d68e898 R12: dffffc0000000000
[  110.005044] Kernel panic - not syncing: Fatal exception in interrupt
[  111.049141] Shutting down cpus with NMI
[  111.050119] Kernel Offset: disabled
[  111.050417] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
09:07:47  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88800eecf498
R8 =0000000000000001 R9 =ffffed1001dd9e89 R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=ffffffff88724190 R14=ffffffff88724140 R15=ffffffff88724400
RIP=ffffffff828e331d RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe2c00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555575e21c58 CR3=000000003e642000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=0000000000000100 RCX=ffffffff81b96dd8 RDX=ffff8880159c9b80
RSI=ffffffff81b96da3 RDI=0000000000000001 RBP=ffff888016ff7c48 RSP=ffff888016ff7bb8
R8 =0000000000000001 R9 =ffffffff81b964d3 R10=0000000000000001 R11=0000000000000001
R12=ffff888016ff7d24 R13=0000000000000787 R14=ffff888016ff7ce8 R15=0000000000000001
RIP=ffffffff81b96da5 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555561c74400 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe4400000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffed282762c CR3=0000000020d12000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000