Warning: Permanently added '[localhost]:55389' (ECDSA) to the list of known hosts. 2025/09/01 09:01:09 fuzzer started 2025/09/01 09:01:10 dialing manager at localhost:35473 syzkaller login: [ 51.473870] cgroup: Unknown subsys name 'net' [ 51.524572] cgroup: Unknown subsys name 'cpuset' [ 51.537945] cgroup: Unknown subsys name 'rlimit' 2025/09/01 09:01:21 syscalls: 2214 2025/09/01 09:01:21 code coverage: enabled 2025/09/01 09:01:21 comparison tracing: enabled 2025/09/01 09:01:21 extra coverage: enabled 2025/09/01 09:01:21 setuid sandbox: enabled 2025/09/01 09:01:21 namespace sandbox: enabled 2025/09/01 09:01:21 Android sandbox: enabled 2025/09/01 09:01:21 fault injection: enabled 2025/09/01 09:01:21 leak checking: enabled 2025/09/01 09:01:21 net packet injection: enabled 2025/09/01 09:01:21 net device setup: enabled 2025/09/01 09:01:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 09:01:21 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 09:01:21 USB emulation: enabled 2025/09/01 09:01:21 hci packet injection: enabled 2025/09/01 09:01:21 wifi device emulation: enabled 2025/09/01 09:01:21 802.15.4 emulation: enabled 2025/09/01 09:01:21 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 09:01:21 fetching corpus: 46, signal 21320/24705 (executing program) 2025/09/01 09:01:21 fetching corpus: 96, signal 32395/37035 (executing program) 2025/09/01 09:01:21 fetching corpus: 146, signal 38805/44658 (executing program) 2025/09/01 09:01:22 fetching corpus: 196, signal 49176/55749 (executing program) 2025/09/01 09:01:22 fetching corpus: 246, signal 54637/62031 (executing program) 2025/09/01 09:01:22 fetching corpus: 296, signal 57967/66299 (executing program) 2025/09/01 09:01:22 fetching corpus: 346, signal 63514/72484 (executing program) 2025/09/01 09:01:22 fetching corpus: 396, signal 66495/76218 (executing program) 2025/09/01 09:01:22 fetching corpus: 446, signal 70698/80884 (executing program) 2025/09/01 09:01:22 fetching corpus: 496, signal 74197/84833 (executing program) 2025/09/01 09:01:22 fetching corpus: 546, signal 77645/88653 (executing program) 2025/09/01 09:01:23 fetching corpus: 596, signal 80010/91506 (executing program) 2025/09/01 09:01:23 fetching corpus: 646, signal 82206/94194 (executing program) 2025/09/01 09:01:23 fetching corpus: 696, signal 83510/96088 (executing program) 2025/09/01 09:01:23 fetching corpus: 746, signal 85462/98374 (executing program) 2025/09/01 09:01:23 fetching corpus: 796, signal 86461/99970 (executing program) 2025/09/01 09:01:23 fetching corpus: 846, signal 88073/101917 (executing program) 2025/09/01 09:01:23 fetching corpus: 896, signal 90897/104780 (executing program) 2025/09/01 09:01:23 fetching corpus: 946, signal 93245/107225 (executing program) 2025/09/01 09:01:23 fetching corpus: 996, signal 94805/108979 (executing program) 2025/09/01 09:01:24 fetching corpus: 1046, signal 96018/110552 (executing program) 2025/09/01 09:01:24 fetching corpus: 1096, signal 99428/113557 (executing program) 2025/09/01 09:01:24 fetching corpus: 1146, signal 101146/115371 (executing program) 2025/09/01 09:01:24 fetching corpus: 1196, signal 103016/117206 (executing program) 2025/09/01 09:01:24 fetching corpus: 1246, signal 103742/118216 (executing program) 2025/09/01 09:01:24 fetching corpus: 1296, signal 104876/119527 (executing program) 2025/09/01 09:01:24 fetching corpus: 1346, signal 106702/121192 (executing program) 2025/09/01 09:01:24 fetching corpus: 1396, signal 107712/122316 (executing program) 2025/09/01 09:01:24 fetching corpus: 1446, signal 108799/123487 (executing program) 2025/09/01 09:01:24 fetching corpus: 1496, signal 110281/124895 (executing program) 2025/09/01 09:01:25 fetching corpus: 1546, signal 111911/126293 (executing program) 2025/09/01 09:01:25 fetching corpus: 1596, signal 113324/127520 (executing program) 2025/09/01 09:01:25 fetching corpus: 1646, signal 114658/128670 (executing program) 2025/09/01 09:01:25 fetching corpus: 1696, signal 115391/129451 (executing program) 2025/09/01 09:01:25 fetching corpus: 1746, signal 116688/130470 (executing program) 2025/09/01 09:01:25 fetching corpus: 1796, signal 117924/131500 (executing program) 2025/09/01 09:01:25 fetching corpus: 1846, signal 118751/132283 (executing program) 2025/09/01 09:01:25 fetching corpus: 1896, signal 119257/132899 (executing program) 2025/09/01 09:01:26 fetching corpus: 1946, signal 120102/133635 (executing program) 2025/09/01 09:01:26 fetching corpus: 1996, signal 121335/134554 (executing program) 2025/09/01 09:01:26 fetching corpus: 2046, signal 123886/135932 (executing program) 2025/09/01 09:01:26 fetching corpus: 2096, signal 125616/136985 (executing program) 2025/09/01 09:01:26 fetching corpus: 2146, signal 127042/137774 (executing program) 2025/09/01 09:01:26 fetching corpus: 2196, signal 127846/138304 (executing program) 2025/09/01 09:01:26 fetching corpus: 2246, signal 128771/138921 (executing program) 2025/09/01 09:01:26 fetching corpus: 2296, signal 129512/139376 (executing program) 2025/09/01 09:01:27 fetching corpus: 2346, signal 130425/139877 (executing program) 2025/09/01 09:01:27 fetching corpus: 2396, signal 131043/140335 (executing program) 2025/09/01 09:01:27 fetching corpus: 2446, signal 131594/140704 (executing program) 2025/09/01 09:01:27 fetching corpus: 2496, signal 132213/141042 (executing program) 2025/09/01 09:01:27 fetching corpus: 2546, signal 133889/141664 (executing program) 2025/09/01 09:01:27 fetching corpus: 2596, signal 134680/142010 (executing program) 2025/09/01 09:01:27 fetching corpus: 2646, signal 135748/142427 (executing program) 2025/09/01 09:01:27 fetching corpus: 2696, signal 136590/142732 (executing program) 2025/09/01 09:01:27 fetching corpus: 2746, signal 138105/143153 (executing program) 2025/09/01 09:01:27 fetching corpus: 2796, signal 138987/143416 (executing program) 2025/09/01 09:01:28 fetching corpus: 2846, signal 139894/143660 (executing program) 2025/09/01 09:01:28 fetching corpus: 2896, signal 140813/143888 (executing program) 2025/09/01 09:01:28 fetching corpus: 2946, signal 141473/144050 (executing program) 2025/09/01 09:01:28 fetching corpus: 2996, signal 142105/144222 (executing program) 2025/09/01 09:01:28 fetching corpus: 3002, signal 142130/144258 (executing program) 2025/09/01 09:01:28 fetching corpus: 3002, signal 142130/144296 (executing program) 2025/09/01 09:01:28 fetching corpus: 3002, signal 142130/144330 (executing program) 2025/09/01 09:01:28 fetching corpus: 3002, signal 142130/144359 (executing program) 2025/09/01 09:01:28 fetching corpus: 3002, signal 142130/144403 (executing program) 2025/09/01 09:01:28 fetching corpus: 3002, signal 142130/144447 (executing program) 2025/09/01 09:01:28 fetching corpus: 3002, signal 142130/144482 (executing program) 2025/09/01 09:01:28 fetching corpus: 3002, signal 142130/144518 (executing program) 2025/09/01 09:01:28 fetching corpus: 3002, signal 142130/144560 (executing program) 2025/09/01 09:01:28 fetching corpus: 3002, signal 142130/144599 (executing program) 2025/09/01 09:01:28 fetching corpus: 3002, signal 142130/144604 (executing program) 2025/09/01 09:01:28 fetching corpus: 3002, signal 142130/144604 (executing program) 2025/09/01 09:01:30 starting 8 fuzzer processes 09:01:30 executing program 0: pkey_mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000001, 0xffffffffffffffff) 09:01:30 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_trie\x00') pread64(r0, &(0x7f0000000300)=""/4096, 0x1000, 0x20) 09:01:30 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0xff) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x12) 09:01:30 executing program 7: r0 = epoll_create1(0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0x541b, 0x0) 09:01:30 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getgroups(0x1, &(0x7f0000000080)=[0xffffffffffffffff]) getgroups(0x2, &(0x7f0000000240)=[r0, r0]) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x1ff) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f00000002c0)=0xc) getresgid(&(0x7f00000003c0)=0x0, &(0x7f0000000400), &(0x7f0000000440)) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001240)={0x1c, r6, 0x5, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_QOS_MAP(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r6, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_QOS_MAP={0x12, 0xc7, {[{0x9, 0x1}, {0x5c, 0x1}, {0x0, 0x4}], "df5f66ca4f0ec51d"}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x850) r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001340), 0x3, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r7, 0x80083313, &(0x7f0000000000)) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r7, 0xf502, 0x0) getgroups(0x6, &(0x7f0000000480)=[r0, r0, r1, 0xee01, r2, r3]) 09:01:30 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x21, &(0x7f0000000000)="92f46193", 0x4) sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @local}, 0x1c, 0x0}}, {{&(0x7f0000000080)={0xa, 0x4e23, 0x9c9, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c, 0x0}}], 0x2, 0x0) 09:01:30 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ustat(0x2, &(0x7f0000000000)) 09:01:30 executing program 4: keyctl$KEYCTL_PKEY_ENCRYPT(0xc, 0x0, &(0x7f0000000280)={'enc=', 'raw', ' hash=', {'cbcmac(aes)\x00'}}, 0x0, 0x0) [ 72.135727] audit: type=1400 audit(1756717290.876:7): avc: denied { execmem } for pid=275 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 73.263498] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.268822] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.271035] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.279012] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.281965] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.334714] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 73.336963] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 73.339260] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 73.343439] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 73.346861] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.402113] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.419120] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.420861] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 73.425011] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 73.426986] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 73.429576] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.432506] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 73.437600] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 73.445608] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.450179] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 73.455670] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.460650] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 73.462265] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 73.467535] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 73.471983] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 73.473707] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 73.476219] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 73.477764] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 73.479095] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 73.479840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.482544] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 73.487674] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 73.491473] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 73.492787] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 73.505713] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 73.510010] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 73.513807] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 73.528959] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 73.532106] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 73.535677] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 75.355846] Bluetooth: hci0: command tx timeout [ 75.418439] Bluetooth: hci1: command tx timeout [ 75.546465] Bluetooth: hci2: command tx timeout [ 75.547134] Bluetooth: hci3: command tx timeout [ 75.611512] Bluetooth: hci7: command tx timeout [ 75.612042] Bluetooth: hci5: command tx timeout [ 75.613588] Bluetooth: hci4: command tx timeout [ 75.613717] Bluetooth: hci6: command tx timeout [ 77.403347] Bluetooth: hci0: command tx timeout [ 77.469328] Bluetooth: hci1: command tx timeout [ 77.595476] Bluetooth: hci2: command tx timeout [ 77.595929] Bluetooth: hci3: command tx timeout [ 77.658377] Bluetooth: hci6: command tx timeout [ 77.658439] Bluetooth: hci5: command tx timeout [ 77.658838] Bluetooth: hci4: command tx timeout [ 77.659270] Bluetooth: hci7: command tx timeout [ 79.450369] Bluetooth: hci0: command tx timeout [ 79.514444] Bluetooth: hci1: command tx timeout [ 79.642455] Bluetooth: hci3: command tx timeout [ 79.642889] Bluetooth: hci2: command tx timeout [ 79.706380] Bluetooth: hci4: command tx timeout [ 79.706834] Bluetooth: hci5: command tx timeout [ 79.707412] Bluetooth: hci6: command tx timeout [ 79.707848] Bluetooth: hci7: command tx timeout [ 81.499501] Bluetooth: hci0: command tx timeout [ 81.564404] Bluetooth: hci1: command tx timeout [ 81.690372] Bluetooth: hci2: command tx timeout [ 81.690766] Bluetooth: hci3: command tx timeout [ 81.754396] Bluetooth: hci5: command tx timeout [ 81.754784] Bluetooth: hci7: command tx timeout [ 81.755147] Bluetooth: hci6: command tx timeout [ 81.755812] Bluetooth: hci4: command tx timeout [ 109.558805] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.559558] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.698677] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.699343] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.207537] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.208168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.368342] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.368992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.526645] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.527272] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.712024] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.713455] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.766855] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.768016] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.874110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.874770] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.183087] audit: type=1400 audit(1756717329.922:8): avc: denied { open } for pid=3874 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.187331] audit: type=1400 audit(1756717329.922:9): avc: denied { kernel } for pid=3874 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.228880] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 111.232203] random: crng reseeded on system resumption [ 111.236783] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.237427] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.282860] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.283717] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.309246] random: crng reseeded on system resumption [ 111.325614] syz-executor.2 (3876) used greatest stack depth: 23360 bytes left [ 111.329831] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.330502] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.367933] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.368668] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.395965] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.396810] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.422983] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.423634] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.470155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.471051] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.554087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.554880] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:02:10 executing program 0: pkey_mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000001, 0xffffffffffffffff) 09:02:10 executing program 7: r0 = epoll_create1(0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0x541b, 0x0) 09:02:10 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x21, &(0x7f0000000000)="92f46193", 0x4) sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @local}, 0x1c, 0x0}}, {{&(0x7f0000000080)={0xa, 0x4e23, 0x9c9, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c, 0x0}}], 0x2, 0x0) 09:02:10 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ustat(0x2, &(0x7f0000000000)) 09:02:10 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getgroups(0x1, &(0x7f0000000080)=[0xffffffffffffffff]) getgroups(0x2, &(0x7f0000000240)=[r0, r0]) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x1ff) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f00000002c0)=0xc) getresgid(&(0x7f00000003c0)=0x0, &(0x7f0000000400), &(0x7f0000000440)) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001240)={0x1c, r6, 0x5, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_QOS_MAP(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r6, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_QOS_MAP={0x12, 0xc7, {[{0x9, 0x1}, {0x5c, 0x1}, {0x0, 0x4}], "df5f66ca4f0ec51d"}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x850) r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001340), 0x3, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r7, 0x80083313, &(0x7f0000000000)) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r7, 0xf502, 0x0) getgroups(0x6, &(0x7f0000000480)=[r0, r0, r1, 0xee01, r2, r3]) 09:02:10 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0xff) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x12) 09:02:10 executing program 4: keyctl$KEYCTL_PKEY_ENCRYPT(0xc, 0x0, &(0x7f0000000280)={'enc=', 'raw', ' hash=', {'cbcmac(aes)\x00'}}, 0x0, 0x0) 09:02:10 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_trie\x00') pread64(r0, &(0x7f0000000300)=""/4096, 0x1000, 0x20) [ 111.799259] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 111.807906] random: crng reseeded on system resumption 09:02:10 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_trie\x00') pread64(r0, &(0x7f0000000300)=""/4096, 0x1000, 0x20) 09:02:10 executing program 7: r0 = epoll_create1(0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0x541b, 0x0) 09:02:10 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ustat(0x2, &(0x7f0000000000)) 09:02:10 executing program 4: keyctl$KEYCTL_PKEY_ENCRYPT(0xc, 0x0, &(0x7f0000000280)={'enc=', 'raw', ' hash=', {'cbcmac(aes)\x00'}}, 0x0, 0x0) 09:02:10 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x21, &(0x7f0000000000)="92f46193", 0x4) sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @local}, 0x1c, 0x0}}, {{&(0x7f0000000080)={0xa, 0x4e23, 0x9c9, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c, 0x0}}], 0x2, 0x0) 09:02:10 executing program 0: pkey_mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000001, 0xffffffffffffffff) 09:02:10 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0xff) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x12) 09:02:10 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getgroups(0x1, &(0x7f0000000080)=[0xffffffffffffffff]) getgroups(0x2, &(0x7f0000000240)=[r0, r0]) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x1ff) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f00000002c0)=0xc) getresgid(&(0x7f00000003c0)=0x0, &(0x7f0000000400), &(0x7f0000000440)) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001240)={0x1c, r6, 0x5, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_QOS_MAP(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r6, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_QOS_MAP={0x12, 0xc7, {[{0x9, 0x1}, {0x5c, 0x1}, {0x0, 0x4}], "df5f66ca4f0ec51d"}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x850) r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001340), 0x3, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r7, 0x80083313, &(0x7f0000000000)) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r7, 0xf502, 0x0) getgroups(0x6, &(0x7f0000000480)=[r0, r0, r1, 0xee01, r2, r3]) 09:02:10 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ustat(0x2, &(0x7f0000000000)) 09:02:10 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x21, &(0x7f0000000000)="92f46193", 0x4) sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @local}, 0x1c, 0x0}}, {{&(0x7f0000000080)={0xa, 0x4e23, 0x9c9, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c, 0x0}}], 0x2, 0x0) 09:02:10 executing program 4: keyctl$KEYCTL_PKEY_ENCRYPT(0xc, 0x0, &(0x7f0000000280)={'enc=', 'raw', ' hash=', {'cbcmac(aes)\x00'}}, 0x0, 0x0) 09:02:10 executing program 7: r0 = epoll_create1(0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0x541b, 0x0) [ 111.972194] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 111.990866] random: crng reseeded on system resumption 09:02:10 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_trie\x00') pread64(r0, &(0x7f0000000300)=""/4096, 0x1000, 0x20) 09:02:10 executing program 0: pkey_mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000001, 0xffffffffffffffff) 09:02:10 executing program 5: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0xff) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x12) 09:02:10 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0xff) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x12) 09:02:10 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getgroups(0x1, &(0x7f0000000080)=[0xffffffffffffffff]) getgroups(0x2, &(0x7f0000000240)=[r0, r0]) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x1ff) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f00000002c0)=0xc) getresgid(&(0x7f00000003c0)=0x0, &(0x7f0000000400), &(0x7f0000000440)) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001240)={0x1c, r6, 0x5, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_QOS_MAP(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r6, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_QOS_MAP={0x12, 0xc7, {[{0x9, 0x1}, {0x5c, 0x1}, {0x0, 0x4}], "df5f66ca4f0ec51d"}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x850) r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001340), 0x3, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r7, 0x80083313, &(0x7f0000000000)) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r7, 0xf502, 0x0) getgroups(0x6, &(0x7f0000000480)=[r0, r0, r1, 0xee01, r2, r3]) 09:02:10 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getgroups(0x1, &(0x7f0000000080)=[0xffffffffffffffff]) getgroups(0x2, &(0x7f0000000240)=[r0, r0]) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x1ff) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f00000002c0)=0xc) getresgid(&(0x7f00000003c0)=0x0, &(0x7f0000000400), &(0x7f0000000440)) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001240)={0x1c, r6, 0x5, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_QOS_MAP(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r6, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_QOS_MAP={0x12, 0xc7, {[{0x9, 0x1}, {0x5c, 0x1}, {0x0, 0x4}], "df5f66ca4f0ec51d"}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x850) r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001340), 0x3, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r7, 0x80083313, &(0x7f0000000000)) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r7, 0xf502, 0x0) getgroups(0x6, &(0x7f0000000480)=[r0, r0, r1, 0xee01, r2, r3]) 09:02:10 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x7, &(0x7f0000000200)=0x5, 0x4) 09:02:10 executing program 3: r0 = epoll_create1(0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0x541b, 0x0) [ 112.120674] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 09:02:10 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0xff) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x12) [ 112.132939] random: crng reseeded on system resumption 09:02:10 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x0, 0x1}}) 09:02:10 executing program 3: r0 = epoll_create1(0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0x541b, 0x0) 09:02:10 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x7, &(0x7f0000000200)=0x5, 0x4) 09:02:10 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x0, 0x1}}) 09:02:10 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getgroups(0x1, &(0x7f0000000080)=[0xffffffffffffffff]) getgroups(0x2, &(0x7f0000000240)=[r0, r0]) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x1ff) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f00000002c0)=0xc) getresgid(&(0x7f00000003c0)=0x0, &(0x7f0000000400), &(0x7f0000000440)) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001240)={0x1c, r6, 0x5, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_QOS_MAP(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r6, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_QOS_MAP={0x12, 0xc7, {[{0x9, 0x1}, {0x5c, 0x1}, {0x0, 0x4}], "df5f66ca4f0ec51d"}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x850) r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001340), 0x3, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r7, 0x80083313, &(0x7f0000000000)) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r7, 0xf502, 0x0) getgroups(0x6, &(0x7f0000000480)=[r0, r0, r1, 0xee01, r2, r3]) 09:02:10 executing program 3: r0 = epoll_create1(0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0x541b, 0x0) 09:02:10 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x7, &(0x7f0000000200)=0x5, 0x4) 09:02:10 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0xff) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x12) 09:02:10 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001180)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000007ec0)=[{{0x0, 0x0, &(0x7f00000026c0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}}], 0x1, 0x0) 09:02:10 executing program 1: recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0xb04e8cd8962a80d3, 0x0) 09:02:11 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x0, 0x1}}) [ 112.314002] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 112.329186] random: crng reseeded on system resumption 09:02:11 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_script(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="2321202e2f66696c6531200a9138340d892bce249e3a268138314f4cab476785bc627c39c5b45cc211396b3dce"], 0xc) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0, 0x0) 09:02:11 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x0, 0x1}}) 09:02:11 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x7, &(0x7f0000000200)=0x5, 0x4) 09:02:11 executing program 1: recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0xb04e8cd8962a80d3, 0x0) 09:02:11 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001180)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000007ec0)=[{{0x0, 0x0, &(0x7f00000026c0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}}], 0x1, 0x0) [ 112.382115] process 'syz-executor.3' launched './file1' with NULL argv: empty string added 09:02:11 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getgroups(0x1, &(0x7f0000000080)=[0xffffffffffffffff]) getgroups(0x2, &(0x7f0000000240)=[r0, r0]) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x1ff) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f00000002c0)=0xc) getresgid(&(0x7f00000003c0)=0x0, &(0x7f0000000400), &(0x7f0000000440)) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001240)={0x1c, r6, 0x5, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_QOS_MAP(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r6, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_QOS_MAP={0x12, 0xc7, {[{0x9, 0x1}, {0x5c, 0x1}, {0x0, 0x4}], "df5f66ca4f0ec51d"}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x850) r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001340), 0x3, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r7, 0x80083313, &(0x7f0000000000)) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r7, 0xf502, 0x0) getgroups(0x6, &(0x7f0000000480)=[r0, r0, r1, 0xee01, r2, r3]) 09:02:11 executing program 6: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') [ 112.438991] audit: type=1400 audit(1756717331.179:10): avc: denied { watch_reads } for pid=3990 comm="syz-executor.6" path="/syzkaller-testdir040644610/syzkaller.Y0tTGt/7" dev="sda" ino=15970 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1 09:02:11 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001180)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000007ec0)=[{{0x0, 0x0, &(0x7f00000026c0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}}], 0x1, 0x0) 09:02:11 executing program 1: recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0xb04e8cd8962a80d3, 0x0) 09:02:11 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x0, 0x1}}) 09:02:11 executing program 7: clock_gettime(0x8, &(0x7f0000000000)) [ 112.461252] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 112.477847] random: crng reseeded on system resumption 09:02:11 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001180)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000007ec0)=[{{0x0, 0x0, &(0x7f00000026c0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}}], 0x1, 0x0) 09:02:11 executing program 6: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 09:02:11 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x0, 0x1}}) 09:02:11 executing program 7: clock_gettime(0x8, &(0x7f0000000000)) 09:02:11 executing program 1: recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0xb04e8cd8962a80d3, 0x0) 09:02:11 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000040)={{0x0, 0x1}}) 09:02:11 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) arch_prctl$ARCH_GET_GS(0x1024, &(0x7f0000000140)) 09:02:11 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_script(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="2321202e2f66696c6531200a9138340d892bce249e3a268138314f4cab476785bc627c39c5b45cc211396b3dce"], 0xc) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0, 0x0) 09:02:11 executing program 7: clock_gettime(0x8, &(0x7f0000000000)) 09:02:11 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) arch_prctl$ARCH_GET_GS(0x1024, &(0x7f0000000140)) 09:02:11 executing program 6: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 09:02:11 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0x0) mmap(&(0x7f0000ff8000/0x8000)=nil, 0x8000, 0x0, 0x12, r0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0) 09:02:11 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004f80)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000100)="339a99743f4231b67608ac44af744a51a716bbd6fe79f103807d022e1ebb7698441aa442854a520082cd1728b5647335d0f9ea526906ac1a05d13f094ff4613b3026e8ece8ab5d6c199ac8d0ced8daa4dfe34a307e13be36a4abc29acb2ab40722c1326e7a6351f79ab5e898d203b612487d938bfcd2bee4551441539863a75928a217eea4767e17165028485178898a0f4d70ec13965c8948432e36f91b7206393fdda3a0e07d1ba6637a0a13fb52eb77d7c74c73d60102d7715cc7a52f19dd3778fe22c4187fcfc42173619c97e4bac2f2b543e1aa6b58503174f020df9478786c0670c3a40c2ef532b0102b2cce4a071e900e9137bc1d64c48a81746a6e491b576a84a1b857b43b08140bb5bb5e11c97d1ee2a12279b61c095cb7e8f05b0d405fd1c580dd48e7979155944420f0bb00710457ebd25277c72c82f6f9cdb8f98c3614ea3af96c36e08b4cf6ac29746966950499fb42b8e49e7170f7de2efff1aa7a505748281d9e987e2edce01baec3e9320348f3c284cd4eb126fb7bf7f3a9c3faf1a0daa7c3307bcd3ac1102689f371a6d65a97cb8d2407c49fc847cb86522e95995705179b142051287a0934c31249ccdddecbb2ffe5566550a52dcababe0eee11a379b35462d57103af4814539e9283b65f451161e077fb34653322de24a3f1d1332a52bfb85cc47c9cb8b45d72bea38494e5678d4516262d1072870587411e03d659bfffcf16fc3bfca477e1c252de2c3c845039c72e1e247d3063", 0x21e}, {&(0x7f0000001100), 0xf00}, {0x0, 0x2}], 0x3}}], 0x1, 0x8000015) sendmmsg$inet6(r0, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f00000000c0), 0x1}}], 0x400000000000168, 0x0) 09:02:11 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x31, 0x3a]}}}}]}) [ 112.701404] kmemleak: Found object by alias at 0x607f1a63e964 [ 112.701428] CPU: 1 UID: 0 PID: 4015 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 112.701447] Tainted: [W]=WARN [ 112.701450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 112.701462] Call Trace: [ 112.701466] [ 112.701471] dump_stack_lvl+0xca/0x120 [ 112.701496] __lookup_object+0x94/0xb0 [ 112.701514] delete_object_full+0x27/0x70 [ 112.701531] free_percpu+0x30/0x1160 [ 112.701548] ? arch_uprobe_clear_state+0x16/0x140 [ 112.701568] futex_hash_free+0x38/0xc0 [ 112.701583] mmput+0x2d3/0x390 [ 112.701602] do_exit+0x79d/0x2970 [ 112.701616] ? signal_wake_up_state+0x85/0x120 [ 112.701632] ? zap_other_threads+0x2b9/0x3a0 [ 112.701649] ? __pfx_do_exit+0x10/0x10 [ 112.701662] ? do_group_exit+0x1c3/0x2a0 [ 112.701675] ? lock_release+0xc8/0x290 [ 112.701692] do_group_exit+0xd3/0x2a0 [ 112.701707] __x64_sys_exit_group+0x3e/0x50 [ 112.701721] x64_sys_call+0x18c5/0x18d0 [ 112.701737] do_syscall_64+0xbf/0x360 [ 112.701750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.701761] RIP: 0033:0x7f22d7339b19 [ 112.701770] Code: Unable to access opcode bytes at 0x7f22d7339aef. [ 112.701775] RSP: 002b:00007ffd44162118 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 112.701787] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f22d7339b19 [ 112.701795] RDX: 00007f22d72ec72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 112.701802] RBP: 0000000000000000 R08: 0000001b2d223aa4 R09: 0000000000000000 [ 112.701809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.701816] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd44162200 [ 112.701831] [ 112.701835] kmemleak: Object (percpu) 0x607f1a63e960 (size 8): [ 112.701842] kmemleak: comm "syz-executor.1", pid 4023, jiffies 4294779617 [ 112.701849] kmemleak: min_count = 1 [ 112.701853] kmemleak: count = 0 [ 112.701856] kmemleak: flags = 0x21 [ 112.701860] kmemleak: checksum = 0 [ 112.701864] kmemleak: backtrace: [ 112.701867] pcpu_alloc_noprof+0x87a/0x1170 [ 112.701883] perf_trace_event_init+0x366/0xa10 [ 112.701897] perf_trace_init+0x1a4/0x2f0 [ 112.701910] perf_tp_event_init+0xa6/0x120 [ 112.701926] perf_try_init_event+0x140/0x9f0 [ 112.701939] perf_event_alloc.part.0+0x118e/0x45f0 [ 112.701956] __do_sys_perf_event_open+0x719/0x2c20 [ 112.701969] do_syscall_64+0xbf/0x360 [ 112.701979] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:02:11 executing program 7: clock_gettime(0x8, &(0x7f0000000000)) [ 112.780252] tmpfs: Bad value for 'mpol' [ 112.798285] tmpfs: Bad value for 'mpol' 09:02:11 executing program 6: r0 = inotify_init() creat(&(0x7f0000000140)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0xd4000a8b) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 09:02:11 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004f80)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000100)="339a99743f4231b67608ac44af744a51a716bbd6fe79f103807d022e1ebb7698441aa442854a520082cd1728b5647335d0f9ea526906ac1a05d13f094ff4613b3026e8ece8ab5d6c199ac8d0ced8daa4dfe34a307e13be36a4abc29acb2ab40722c1326e7a6351f79ab5e898d203b612487d938bfcd2bee4551441539863a75928a217eea4767e17165028485178898a0f4d70ec13965c8948432e36f91b7206393fdda3a0e07d1ba6637a0a13fb52eb77d7c74c73d60102d7715cc7a52f19dd3778fe22c4187fcfc42173619c97e4bac2f2b543e1aa6b58503174f020df9478786c0670c3a40c2ef532b0102b2cce4a071e900e9137bc1d64c48a81746a6e491b576a84a1b857b43b08140bb5bb5e11c97d1ee2a12279b61c095cb7e8f05b0d405fd1c580dd48e7979155944420f0bb00710457ebd25277c72c82f6f9cdb8f98c3614ea3af96c36e08b4cf6ac29746966950499fb42b8e49e7170f7de2efff1aa7a505748281d9e987e2edce01baec3e9320348f3c284cd4eb126fb7bf7f3a9c3faf1a0daa7c3307bcd3ac1102689f371a6d65a97cb8d2407c49fc847cb86522e95995705179b142051287a0934c31249ccdddecbb2ffe5566550a52dcababe0eee11a379b35462d57103af4814539e9283b65f451161e077fb34653322de24a3f1d1332a52bfb85cc47c9cb8b45d72bea38494e5678d4516262d1072870587411e03d659bfffcf16fc3bfca477e1c252de2c3c845039c72e1e247d3063", 0x21e}, {&(0x7f0000001100), 0xf00}, {0x0, 0x2}], 0x3}}], 0x1, 0x8000015) sendmmsg$inet6(r0, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f00000000c0), 0x1}}], 0x400000000000168, 0x0) 09:02:11 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_script(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="2321202e2f66696c6531200a9138340d892bce249e3a268138314f4cab476785bc627c39c5b45cc211396b3dce"], 0xc) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0, 0x0) 09:02:11 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0x0) mmap(&(0x7f0000ff8000/0x8000)=nil, 0x8000, 0x0, 0x12, r0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0) 09:02:11 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0x0) mmap(&(0x7f0000ff8000/0x8000)=nil, 0x8000, 0x0, 0x12, r0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0) 09:02:11 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) arch_prctl$ARCH_GET_GS(0x1024, &(0x7f0000000140)) 09:02:11 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x31, 0x3a]}}}}]}) 09:02:11 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) [ 112.900406] tmpfs: Bad value for 'mpol' 09:02:11 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0x0) mmap(&(0x7f0000ff8000/0x8000)=nil, 0x8000, 0x0, 0x12, r0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0) 09:02:11 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004f80)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000100)="339a99743f4231b67608ac44af744a51a716bbd6fe79f103807d022e1ebb7698441aa442854a520082cd1728b5647335d0f9ea526906ac1a05d13f094ff4613b3026e8ece8ab5d6c199ac8d0ced8daa4dfe34a307e13be36a4abc29acb2ab40722c1326e7a6351f79ab5e898d203b612487d938bfcd2bee4551441539863a75928a217eea4767e17165028485178898a0f4d70ec13965c8948432e36f91b7206393fdda3a0e07d1ba6637a0a13fb52eb77d7c74c73d60102d7715cc7a52f19dd3778fe22c4187fcfc42173619c97e4bac2f2b543e1aa6b58503174f020df9478786c0670c3a40c2ef532b0102b2cce4a071e900e9137bc1d64c48a81746a6e491b576a84a1b857b43b08140bb5bb5e11c97d1ee2a12279b61c095cb7e8f05b0d405fd1c580dd48e7979155944420f0bb00710457ebd25277c72c82f6f9cdb8f98c3614ea3af96c36e08b4cf6ac29746966950499fb42b8e49e7170f7de2efff1aa7a505748281d9e987e2edce01baec3e9320348f3c284cd4eb126fb7bf7f3a9c3faf1a0daa7c3307bcd3ac1102689f371a6d65a97cb8d2407c49fc847cb86522e95995705179b142051287a0934c31249ccdddecbb2ffe5566550a52dcababe0eee11a379b35462d57103af4814539e9283b65f451161e077fb34653322de24a3f1d1332a52bfb85cc47c9cb8b45d72bea38494e5678d4516262d1072870587411e03d659bfffcf16fc3bfca477e1c252de2c3c845039c72e1e247d3063", 0x21e}, {&(0x7f0000001100), 0xf00}, {0x0, 0x2}], 0x3}}], 0x1, 0x8000015) sendmmsg$inet6(r0, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f00000000c0), 0x1}}], 0x400000000000168, 0x0) 09:02:11 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0x0) mmap(&(0x7f0000ff8000/0x8000)=nil, 0x8000, 0x0, 0x12, r0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0) 09:02:11 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) arch_prctl$ARCH_GET_GS(0x1024, &(0x7f0000000140)) 09:02:11 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa006}, 0x4) syz_emit_ethernet(0xfdef, &(0x7f0000000280)={@local, @remote, @val={@void}, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x3, 0x0, 0x6, 0x0, @loopback, @dev}, @payload_conn={{{0x18, 0x0, 0x0, 0x0, 0x0, 0x6}}}}}}}, 0x0) [ 113.002363] kmemleak: Found object by alias at 0x607f1a63e964 [ 113.002385] CPU: 0 UID: 0 PID: 4049 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.002403] Tainted: [W]=WARN [ 113.002407] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.002415] Call Trace: [ 113.002419] [ 113.002424] dump_stack_lvl+0xca/0x120 [ 113.002450] __lookup_object+0x94/0xb0 [ 113.002468] delete_object_full+0x27/0x70 [ 113.002484] free_percpu+0x30/0x1160 [ 113.002502] ? arch_uprobe_clear_state+0x16/0x140 [ 113.002522] futex_hash_free+0x38/0xc0 [ 113.002537] mmput+0x2d3/0x390 [ 113.002556] do_exit+0x79d/0x2970 [ 113.002574] ? __pfx_do_exit+0x10/0x10 [ 113.002588] ? find_held_lock+0x2b/0x80 [ 113.002607] ? get_signal+0x835/0x2340 [ 113.002627] do_group_exit+0xd3/0x2a0 [ 113.002642] get_signal+0x2315/0x2340 [ 113.002659] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 113.002680] ? __pfx_get_signal+0x10/0x10 [ 113.002702] arch_do_signal_or_restart+0x80/0x790 [ 113.002720] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 113.002741] ? fput+0xc5/0x100 [ 113.002756] ? __sys_setsockopt+0x13f/0x1a0 [ 113.002778] exit_to_user_mode_loop+0x8b/0x110 [ 113.002791] do_syscall_64+0x2f7/0x360 [ 113.002804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.002816] RIP: 0033:0x7f22d7339b19 [ 113.002825] Code: Unable to access opcode bytes at 0x7f22d7339aef. [ 113.002830] RSP: 002b:00007f22d48af188 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 113.002843] RAX: 0000000000000000 RBX: 00007f22d744cf60 RCX: 00007f22d7339b19 [ 113.002850] RDX: 000000000000002e RSI: 0000000000000029 RDI: 0000000000000003 [ 113.002857] RBP: 00007f22d7393f6d R08: 0000000000000108 R09: 0000000000000000 [ 113.002864] R10: 0000000020002680 R11: 0000000000000246 R12: 0000000000000000 [ 113.002871] R13: 00007ffd44161eef R14: 00007f22d48af300 R15: 0000000000022000 [ 113.002886] [ 113.002890] kmemleak: Object (percpu) 0x607f1a63e960 (size 8): [ 113.002897] kmemleak: comm "syz-executor.7", pid 4058, jiffies 4294779904 [ 113.002904] kmemleak: min_count = 1 [ 113.002908] kmemleak: count = 0 [ 113.002912] kmemleak: flags = 0x21 [ 113.002916] kmemleak: checksum = 0 [ 113.002919] kmemleak: backtrace: [ 113.002923] pcpu_alloc_noprof+0x87a/0x1170 [ 113.002939] perf_trace_event_init+0x366/0xa10 [ 113.002953] perf_trace_init+0x1a4/0x2f0 [ 113.002965] perf_tp_event_init+0xa6/0x120 [ 113.002982] perf_try_init_event+0x140/0x9f0 [ 113.002995] perf_event_alloc.part.0+0x118e/0x45f0 [ 113.003012] __do_sys_perf_event_open+0x719/0x2c20 [ 113.003025] do_syscall_64+0xbf/0x360 [ 113.003035] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:02:11 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) 09:02:11 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_script(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="2321202e2f66696c6531200a9138340d892bce249e3a268138314f4cab476785bc627c39c5b45cc211396b3dce"], 0xc) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0, 0x0) 09:02:11 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) 09:02:11 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0x0) mmap(&(0x7f0000ff8000/0x8000)=nil, 0x8000, 0x0, 0x12, r0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0) 09:02:11 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa006}, 0x4) syz_emit_ethernet(0xfdef, &(0x7f0000000280)={@local, @remote, @val={@void}, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x3, 0x0, 0x6, 0x0, @loopback, @dev}, @payload_conn={{{0x18, 0x0, 0x0, 0x0, 0x0, 0x6}}}}}}}, 0x0) 09:02:11 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x31, 0x3a]}}}}]}) 09:02:11 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000c00), 0x0, 0x0) mmap(&(0x7f0000ff8000/0x8000)=nil, 0x8000, 0x0, 0x12, r0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0) 09:02:11 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004f80)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000100)="339a99743f4231b67608ac44af744a51a716bbd6fe79f103807d022e1ebb7698441aa442854a520082cd1728b5647335d0f9ea526906ac1a05d13f094ff4613b3026e8ece8ab5d6c199ac8d0ced8daa4dfe34a307e13be36a4abc29acb2ab40722c1326e7a6351f79ab5e898d203b612487d938bfcd2bee4551441539863a75928a217eea4767e17165028485178898a0f4d70ec13965c8948432e36f91b7206393fdda3a0e07d1ba6637a0a13fb52eb77d7c74c73d60102d7715cc7a52f19dd3778fe22c4187fcfc42173619c97e4bac2f2b543e1aa6b58503174f020df9478786c0670c3a40c2ef532b0102b2cce4a071e900e9137bc1d64c48a81746a6e491b576a84a1b857b43b08140bb5bb5e11c97d1ee2a12279b61c095cb7e8f05b0d405fd1c580dd48e7979155944420f0bb00710457ebd25277c72c82f6f9cdb8f98c3614ea3af96c36e08b4cf6ac29746966950499fb42b8e49e7170f7de2efff1aa7a505748281d9e987e2edce01baec3e9320348f3c284cd4eb126fb7bf7f3a9c3faf1a0daa7c3307bcd3ac1102689f371a6d65a97cb8d2407c49fc847cb86522e95995705179b142051287a0934c31249ccdddecbb2ffe5566550a52dcababe0eee11a379b35462d57103af4814539e9283b65f451161e077fb34653322de24a3f1d1332a52bfb85cc47c9cb8b45d72bea38494e5678d4516262d1072870587411e03d659bfffcf16fc3bfca477e1c252de2c3c845039c72e1e247d3063", 0x21e}, {&(0x7f0000001100), 0xf00}, {0x0, 0x2}], 0x3}}], 0x1, 0x8000015) sendmmsg$inet6(r0, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f00000000c0), 0x1}}], 0x400000000000168, 0x0) [ 113.133054] tmpfs: Bad value for 'mpol' 09:02:11 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa006}, 0x4) syz_emit_ethernet(0xfdef, &(0x7f0000000280)={@local, @remote, @val={@void}, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x3, 0x0, 0x6, 0x0, @loopback, @dev}, @payload_conn={{{0x18, 0x0, 0x0, 0x0, 0x0, 0x6}}}}}}}, 0x0) 09:02:11 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x31, 0x3a]}}}}]}) 09:02:11 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) 09:02:11 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) 09:02:12 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)={0x14, 0x0, 0x123}, 0x14}}, 0x0) 09:02:12 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) 09:02:12 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) [ 113.291153] tmpfs: Bad value for 'mpol' 09:02:12 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000b40)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000540), 0x0, &(0x7f0000000580)={[{@release_agent={'release_agent', 0x3d, './file0'}}, {@none}]}) 09:02:12 executing program 1: setresuid(0xee01, 0xee00, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setresuid(0x0, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) linkat(r1, &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000) 09:02:12 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa006}, 0x4) syz_emit_ethernet(0xfdef, &(0x7f0000000280)={@local, @remote, @val={@void}, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x3, 0x0, 0x6, 0x0, @loopback, @dev}, @payload_conn={{{0x18, 0x0, 0x0, 0x0, 0x0, 0x6}}}}}}}, 0x0) [ 113.349279] cgroup: Need name or subsystem set 09:02:12 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x1d, r0, 0x0, 0x0) 09:02:12 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000b40)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000540), 0x0, &(0x7f0000000580)={[{@release_agent={'release_agent', 0x3d, './file0'}}, {@none}]}) 09:02:12 executing program 1: setresuid(0xee01, 0xee00, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setresuid(0x0, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) linkat(r1, &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000) 09:02:12 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ppoll(&(0x7f0000000000)=[{r0}], 0x1, 0x0, 0x0, 0x0) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) 09:02:12 executing program 3: setresuid(0xee01, 0xee00, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setresuid(0x0, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) linkat(r1, &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000) 09:02:12 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) write$binfmt_aout(r0, 0x0, 0x0) 09:02:12 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpriority(0x1, 0x0) 09:02:12 executing program 6: semget(0x3, 0x0, 0x644) [ 113.462831] cgroup: Need name or subsystem set [ 113.463835] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 113.464737] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 113.465393] CPU: 0 UID: 0 PID: 4109 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.466272] Tainted: [W]=WARN [ 113.466846] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.468903] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.470116] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.474197] RSP: 0018:ffff888043e87600 EFLAGS: 00010212 [ 113.474593] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900096d5000 [ 113.475115] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 113.475640] RBP: ffff888043e87870 R08: ffff88806ce31340 R09: ffffe8ffffc16960 [ 113.476171] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 113.476691] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 113.477213] FS: 00007f22d48af700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 113.477800] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.478228] CR2: 00007f27d4503000 CR3: 000000001dc04000 CR4: 0000000000350ef0 [ 113.478756] Call Trace: [ 113.478951] [ 113.479134] ? __pfx_perf_tp_event+0x10/0x10 [ 113.479492] ? perf_trace_run_bpf_submit+0xef/0x180 [ 113.479869] perf_trace_run_bpf_submit+0xef/0x180 [ 113.480245] perf_trace_lock+0x337/0x5d0 [ 113.480558] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.480906] ? lock_acquire+0x15e/0x2f0 [ 113.481207] ? futex_ref_get+0x48/0x300 [ 113.481508] ? futex_ref_get+0x114/0x300 [ 113.481813] ? futex_hash+0x15c/0x390 [ 113.482102] lock_release+0x1ab/0x290 [ 113.482393] ? futex_hash+0x15c/0x390 [ 113.482679] futex_ref_get+0x119/0x300 [ 113.482972] ? futex_hash+0x15c/0x390 [ 113.483258] futex_hash+0x70/0x390 [ 113.483533] futex_wait_setup+0xae/0x550 [ 113.483846] __futex_wait+0x151/0x300 [ 113.484146] ? __pfx___futex_wait+0x10/0x10 [ 113.484474] ? __pfx_futex_wake_mark+0x10/0x10 [ 113.484829] futex_wait+0xde/0x380 [ 113.485104] ? __pfx_futex_wait+0x10/0x10 [ 113.485424] ? perf_trace_lock+0xb5/0x5d0 [ 113.485738] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 113.486128] do_futex+0x2ee/0x370 [ 113.486394] ? __pfx_do_futex+0x10/0x10 [ 113.486695] ? do_raw_spin_lock+0x123/0x260 [ 113.487024] __x64_sys_futex+0x1c9/0x4d0 [ 113.487332] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 113.487722] ? __pfx___x64_sys_futex+0x10/0x10 [ 113.488067] ? kcov_ioctl+0x386/0x6c0 [ 113.488368] ? fput+0x6a/0x100 [ 113.488623] do_syscall_64+0xbf/0x360 [ 113.488914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.489297] RIP: 0033:0x7f22d7339b19 [ 113.489577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.490899] RSP: 002b:00007f22d48af218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.491461] RAX: ffffffffffffffda RBX: 00007f22d744cf68 RCX: 00007f22d7339b19 [ 113.491984] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f22d744cf68 [ 113.492516] RBP: 00007f22d744cf60 R08: 00007f22d48af700 R09: 0000000000000000 [ 113.493039] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f22d744cf6c [ 113.493563] R13: 00007ffd44161eef R14: 00007f22d48af300 R15: 0000000000022000 [ 113.494093] [ 113.494271] Modules linked in: [ 113.494520] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 113.495444] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 113.496038] CPU: 1 UID: 0 PID: 4107 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.496974] Tainted: [D]=DIE, [W]=WARN [ 113.497276] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.497916] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.498298] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.499716] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 113.500143] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 113.500698] RDX: ffff888013bf1b80 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 113.501253] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16960 [ 113.501916] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 113.502450] R13: 000000000000002c R14: ffff88806cf31490 R15: dffffc0000000000 [ 113.502988] FS: 0000555592098400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 113.503592] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.504031] CR2: 0000555592099c18 CR3: 0000000043937000 CR4: 0000000000350ef0 [ 113.504572] Call Trace: [ 113.504772] [ 113.504947] ? __pfx_perf_tp_event+0x10/0x10 [ 113.505292] ? perf_trace_lock+0xb5/0x5d0 [ 113.505612] ? stack_depot_save_flags+0x2c/0xa20 [ 113.505980] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.506332] ? trace_rcu_utilization+0x26/0x190 [ 113.506695] ? rcu_sched_clock_irq+0x7a0/0x2b40 [ 113.507056] ? css_rstat_updated+0x1b8/0x4d0 [ 113.507401] ? perf_trace_lock+0xb5/0x5d0 [ 113.507719] ? perf_trace_lock+0xb5/0x5d0 [ 113.508038] ? kvm_sched_clock_read+0x16/0x30 [ 113.508391] ? sched_clock+0x37/0x60 [ 113.508682] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.509035] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.509388] ? __cgroup_account_cputime+0x88/0xc0 [ 113.509765] ? perf_trace_run_bpf_submit+0xef/0x180 [ 113.510149] perf_trace_run_bpf_submit+0xef/0x180 [ 113.510525] perf_trace_lock+0x337/0x5d0 [ 113.510839] ? do_raw_spin_lock+0x123/0x260 [ 113.511175] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.511531] ? clockevents_program_event+0x14f/0x360 [ 113.511922] ? hrtimer_interrupt+0x114/0x830 [ 113.512265] lock_release+0x1ab/0x290 [ 113.512562] ktime_get_update_offsets_now+0xab/0x3c0 [ 113.512951] ? hrtimer_interrupt+0x114/0x830 [ 113.513288] ? __pfx_lapic_next_deadline+0x10/0x10 [ 113.513668] hrtimer_interrupt+0x114/0x830 [ 113.513996] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 113.514390] sysvec_apic_timer_interrupt+0x6b/0x80 [ 113.514770] [ 113.514946] [ 113.515122] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 113.515522] RIP: 0010:vsnprintf+0xfc/0x1160 [ 113.515856] Code: f7 d3 48 89 5c 24 20 48 c7 44 24 30 ff ff ff ff e8 79 95 ba fc 4c 89 fa 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 0f b6 04 02 <4c> 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 85 0e 00 00 41 0f b6 1f [ 113.517219] RSP: 0018:ffff88804534f4e0 EFLAGS: 00000212 [ 113.517620] RAX: 0000000000000000 RBX: ffff88804534f6c4 RCX: ffffffff84b960f6 [ 113.518156] RDX: 1ffffffff09840dc RSI: ffffffff84b96137 RDI: 0000000000000007 [ 113.518691] RBP: ffff88804534f5c8 R08: dffffc0000000032 R09: 0000000000000000 [ 113.519228] R10: 000000000000005c R11: 0000000000000000 R12: 0000000000000000 [ 113.519761] R13: 000000000000005c R14: ffffffff84c206e0 R15: ffffffff84c206e0 [ 113.520311] ? vsnprintf+0xa6/0x1160 [ 113.520604] ? vsnprintf+0xe7/0x1160 [ 113.520903] ? __pfx_vsnprintf+0x10/0x10 [ 113.521220] ? get_kernel_gp_address+0xc7/0x230 [ 113.521581] ? __pfx_get_kernel_gp_address+0x10/0x10 [ 113.521973] snprintf+0xbe/0x100 [ 113.522244] ? __pfx_snprintf+0x10/0x10 [ 113.522555] ? search_exception_tables+0x37/0x50 [ 113.522919] ? fixup_exception+0x10d/0xc00 [ 113.523250] exc_general_protection+0x319/0x330 [ 113.523614] asm_exc_general_protection+0x26/0x30 [ 113.523982] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.524347] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.525706] RSP: 0018:ffff88804534f800 EFLAGS: 00010212 [ 113.526109] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 113.526645] RDX: ffff888013bf1b80 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 113.527179] RBP: ffff88804534fa70 R08: ffff88806cf31340 R09: ffffe8ffffd16960 [ 113.527716] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 113.528255] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 113.528794] ? perf_tp_event+0x167/0xe70 [ 113.529113] ? arch_scale_cpu_capacity+0x17/0xa0 [ 113.529483] ? __pfx_perf_tp_event+0x10/0x10 [ 113.529823] ? __asan_memset+0x24/0x50 [ 113.530134] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.530485] ? __pfx___mutex_lock+0x10/0x10 [ 113.530821] ? perf_trace_lock+0xb5/0x5d0 [ 113.531143] ? kvm_sched_clock_read+0x16/0x30 [ 113.531490] ? sched_clock+0x37/0x60 [ 113.531781] ? sched_clock_cpu+0x6c/0x4e0 [ 113.532109] ? perf_trace_run_bpf_submit+0xef/0x180 [ 113.532493] perf_trace_run_bpf_submit+0xef/0x180 [ 113.532869] perf_trace_lock+0x337/0x5d0 [ 113.533182] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.533535] ? place_entity+0x300/0x410 [ 113.533843] ? __pfx_perf_trace_lock+0x10/0x10 [ 113.534195] ? enqueue_task_fair+0x43a/0x1e00 [ 113.534546] ? get_futex_key+0x592/0x14a0 [ 113.534863] ? futex_ref_get+0x114/0x300 [ 113.535174] ? futex_hash+0x15c/0x390 [ 113.535468] lock_release+0x1ab/0x290 [ 113.535765] ? futex_hash+0x15c/0x390 [ 113.536059] futex_ref_get+0x119/0x300 [ 113.536365] ? futex_hash+0x15c/0x390 [ 113.536657] futex_hash+0x70/0x390 [ 113.536935] futex_wake+0x143/0x540 [ 113.537222] ? put_pid+0x1f/0x30 [ 113.537486] ? kernel_clone+0x204/0x7f0 [ 113.537794] ? __pfx_futex_wake+0x10/0x10 [ 113.538115] ? __pfx_kernel_clone+0x10/0x10 [ 113.538448] ? perf_trace_lock+0xb5/0x5d0 [ 113.538768] ? __pfx___handle_mm_fault+0x10/0x10 [ 113.539139] do_futex+0x26d/0x370 [ 113.539412] ? __pfx_do_futex+0x10/0x10 [ 113.539719] ? __pfx___do_sys_clone+0x10/0x10 [ 113.540065] ? handle_mm_fault+0x590/0x9b0 [ 113.540399] __x64_sys_futex+0x1c9/0x4d0 [ 113.540715] ? __pfx___x64_sys_futex+0x10/0x10 [ 113.541070] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 113.541471] do_syscall_64+0xbf/0x360 [ 113.541766] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.542161] RIP: 0033:0x7f22c8887b19 [ 113.542446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.543806] RSP: 002b:00007fff0fc17f38 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.544382] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f22c8887b19 [ 113.544919] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f22c899af68 [ 113.545457] RBP: 00007f22c899af60 R08: 00007f22c5dfd700 R09: 0000000000000000 [ 113.545993] R10: 00007f22c5dfd700 R11: 0000000000000246 R12: 00007f22c899f060 [ 113.546530] R13: 00007fff0fc18040 R14: 00007f22c899af60 R15: 000000000001bad7 [ 113.547074] [ 113.547256] Modules linked in: [ 113.547509] ---[ end trace 0000000000000000 ]--- [ 113.547510] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 113.547866] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.548671] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 113.549017] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.549639] CPU: 0 UID: 0 PID: 4109 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.550990] RSP: 0018:ffff888043e87600 EFLAGS: 00010212 [ 113.551849] Tainted: [D]=DIE, [W]=WARN [ 113.552248] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900096d5000 [ 113.552528] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.553057] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 113.553650] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.554179] RBP: ffff888043e87870 R08: ffff88806ce31340 R09: ffffe8ffffc16960 [ 113.554519] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.555048] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 113.556360] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 113.556890] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 113.557277] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 113.557812] FS: 0000555592098400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 113.558322] RDX: ffff88801b9f9b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 113.558920] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.559430] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc16960 [ 113.559865] CR2: 0000555592099c18 CR3: 0000000043937000 CR4: 0000000000350ef0 [ 113.560383] R10: 0000000000000000 R11: ffff88806ce37018 R12: dffffc0000000000 [ 113.560915] Kernel panic - not syncing: Fatal exception in interrupt [ 114.603114] Shutting down cpus with NMI [ 114.604233] Kernel Offset: disabled [ 114.604525] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:02:12 Registers: info registers vcpu 0 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888043e86ef0 R8 =0000000000000000 R9 =ffffed100141e046 R10=0000000000000031 R11=0000000065646f43 R12=0000000000000031 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f22d48af700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe1600000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f27d4503000 CR3=000000001dc04000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f22d74207c000007f22d74207c8 XMM02=00007f22d74207e000007f22d74207c0 XMM03=00007f22d74207c800007f22d74207c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=fffffbfff0f0f609 RSI=0000000000000004 RDI=ffffffff8787b044 RBP=ffffffff8787b044 RSP=ffff88806cf08830 R8 =0000000000000000 R9 =fffffbfff0f0f608 R10=ffffffff8787b047 R11=202c746c75616620 R12=1ffff1100d9e1107 R13=0000000000000007 R14=fffffbfff0f0f608 R15=ffff88806cf08868 RIP=ffffffff84be3da0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555592098400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe2c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555592099c18 CR3=0000000043937000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f22c896e7c000007f22c896e7c8 XMM02=00007f22c896e7e000007f22c896e7c0 XMM03=00007f22c896e7c800007f22c896e7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000