Warning: Permanently added '[localhost]:30988' (ECDSA) to the list of known hosts. 2025/09/01 08:53:06 fuzzer started 2025/09/01 08:53:07 dialing manager at localhost:35473 syzkaller login: [ 51.583652] cgroup: Unknown subsys name 'net' [ 51.640729] cgroup: Unknown subsys name 'cpuset' [ 51.652664] cgroup: Unknown subsys name 'rlimit' 2025/09/01 08:53:17 syscalls: 2214 2025/09/01 08:53:17 code coverage: enabled 2025/09/01 08:53:17 comparison tracing: enabled 2025/09/01 08:53:17 extra coverage: enabled 2025/09/01 08:53:17 setuid sandbox: enabled 2025/09/01 08:53:17 namespace sandbox: enabled 2025/09/01 08:53:17 Android sandbox: enabled 2025/09/01 08:53:17 fault injection: enabled 2025/09/01 08:53:17 leak checking: enabled 2025/09/01 08:53:17 net packet injection: enabled 2025/09/01 08:53:17 net device setup: enabled 2025/09/01 08:53:17 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 08:53:17 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 08:53:17 USB emulation: enabled 2025/09/01 08:53:17 hci packet injection: enabled 2025/09/01 08:53:17 wifi device emulation: enabled 2025/09/01 08:53:17 802.15.4 emulation: enabled 2025/09/01 08:53:17 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 08:53:17 fetching corpus: 50, signal 25449/28692 (executing program) 2025/09/01 08:53:17 fetching corpus: 100, signal 36472/40868 (executing program) 2025/09/01 08:53:17 fetching corpus: 150, signal 43491/48906 (executing program) 2025/09/01 08:53:17 fetching corpus: 200, signal 51810/58027 (executing program) 2025/09/01 08:53:17 fetching corpus: 250, signal 54810/61974 (executing program) 2025/09/01 08:53:17 fetching corpus: 300, signal 60101/67916 (executing program) 2025/09/01 08:53:18 fetching corpus: 349, signal 63681/72189 (executing program) 2025/09/01 08:53:18 fetching corpus: 399, signal 65953/75232 (executing program) 2025/09/01 08:53:18 fetching corpus: 449, signal 69026/78921 (executing program) 2025/09/01 08:53:18 fetching corpus: 499, signal 74690/84700 (executing program) 2025/09/01 08:53:18 fetching corpus: 549, signal 77840/88167 (executing program) 2025/09/01 08:53:18 fetching corpus: 599, signal 79724/90503 (executing program) 2025/09/01 08:53:18 fetching corpus: 649, signal 81864/93023 (executing program) 2025/09/01 08:53:18 fetching corpus: 699, signal 84555/95912 (executing program) 2025/09/01 08:53:18 fetching corpus: 749, signal 86280/98016 (executing program) 2025/09/01 08:53:19 fetching corpus: 799, signal 89879/101472 (executing program) 2025/09/01 08:53:19 fetching corpus: 849, signal 92060/103710 (executing program) 2025/09/01 08:53:19 fetching corpus: 899, signal 93030/105070 (executing program) 2025/09/01 08:53:19 fetching corpus: 949, signal 97539/108891 (executing program) 2025/09/01 08:53:19 fetching corpus: 999, signal 99869/111076 (executing program) 2025/09/01 08:53:19 fetching corpus: 1049, signal 102152/113168 (executing program) 2025/09/01 08:53:19 fetching corpus: 1099, signal 103233/114403 (executing program) 2025/09/01 08:53:19 fetching corpus: 1149, signal 104626/115792 (executing program) 2025/09/01 08:53:19 fetching corpus: 1199, signal 106056/117132 (executing program) 2025/09/01 08:53:20 fetching corpus: 1249, signal 106968/118106 (executing program) 2025/09/01 08:53:20 fetching corpus: 1299, signal 107734/118963 (executing program) 2025/09/01 08:53:20 fetching corpus: 1349, signal 109920/120638 (executing program) 2025/09/01 08:53:20 fetching corpus: 1399, signal 111495/121943 (executing program) 2025/09/01 08:53:20 fetching corpus: 1449, signal 112432/122857 (executing program) 2025/09/01 08:53:20 fetching corpus: 1499, signal 113467/123764 (executing program) 2025/09/01 08:53:20 fetching corpus: 1549, signal 114518/124622 (executing program) 2025/09/01 08:53:21 fetching corpus: 1599, signal 117380/126387 (executing program) 2025/09/01 08:53:21 fetching corpus: 1649, signal 119206/127546 (executing program) 2025/09/01 08:53:21 fetching corpus: 1699, signal 120522/128396 (executing program) 2025/09/01 08:53:21 fetching corpus: 1749, signal 122045/129344 (executing program) 2025/09/01 08:53:21 fetching corpus: 1799, signal 123132/130012 (executing program) 2025/09/01 08:53:21 fetching corpus: 1849, signal 123899/130602 (executing program) 2025/09/01 08:53:21 fetching corpus: 1899, signal 124961/131256 (executing program) 2025/09/01 08:53:21 fetching corpus: 1949, signal 126241/131974 (executing program) 2025/09/01 08:53:21 fetching corpus: 1999, signal 127448/132614 (executing program) 2025/09/01 08:53:22 fetching corpus: 2049, signal 128096/133026 (executing program) 2025/09/01 08:53:22 fetching corpus: 2099, signal 129128/133531 (executing program) 2025/09/01 08:53:22 fetching corpus: 2149, signal 130144/134004 (executing program) 2025/09/01 08:53:22 fetching corpus: 2199, signal 130870/134332 (executing program) 2025/09/01 08:53:22 fetching corpus: 2249, signal 131571/134634 (executing program) 2025/09/01 08:53:22 fetching corpus: 2299, signal 132350/134927 (executing program) 2025/09/01 08:53:22 fetching corpus: 2349, signal 133076/135198 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135349 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135380 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135415 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135458 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135499 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135532 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135565 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135605 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135639 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135678 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135723 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135752 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135793 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135826 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135870 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135912 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135957 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/135996 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/136033 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/136035 (executing program) 2025/09/01 08:53:22 fetching corpus: 2381, signal 133435/136035 (executing program) 2025/09/01 08:53:24 starting 8 fuzzer processes 08:53:24 executing program 0: ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan4\x00'}) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, 0x0}, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, 0x0, 0x0) io_uring_setup(0x65d8, &(0x7f0000000b00)={0x0, 0x18f1, 0x20}) 08:53:24 executing program 1: setresuid(0xee01, 0xee00, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0}, &(0x7f0000008600)=0xc) setresuid(0x0, r2, 0x0) r3 = fcntl$dupfd(r0, 0x0, r0) linkat(r3, &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000) [ 69.032978] audit: type=1400 audit(1756716804.850:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:53:24 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:53:24 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsopen(&(0x7f0000000000)='nfs\x00', 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0xf, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 08:53:24 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r1, &(0x7f0000001840)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000003640)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0) 08:53:24 executing program 5: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0100", 0x3, 0x3a, 0x0, @dev, @mcast2, {[], @mld={0x0, 0x0, 0x0, 0x0, 0x0, @mcast2}}}}}}, 0x0) 08:53:24 executing program 3: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x13, &(0x7f00000001c0)=[{&(0x7f00000003c0)=""/4096, 0x1000}, {0x0}], 0x2) ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0xfffffffe}]) 08:53:24 executing program 6: timer_create(0x0, &(0x7f00000000c0)={0x0, 0x17}, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, r0+10000000}, {0x0, 0x3938700}}, 0x0) timer_delete(0x0) [ 70.211775] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.214288] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.217786] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.220128] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.223452] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.226662] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.229785] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.230888] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.235337] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.237305] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.408737] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.420311] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.422715] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.429408] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.435429] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.450717] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 70.456354] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 70.461222] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 70.463106] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 70.467501] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.468950] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 70.473868] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 70.474813] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 70.476714] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.477400] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 70.480870] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 70.488536] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 70.488542] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.493201] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 70.494584] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.495920] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 70.498847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 70.501168] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 70.503093] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 70.505456] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.512154] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 70.529399] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 70.530998] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 70.534774] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 70.548165] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 72.298361] Bluetooth: hci0: command tx timeout [ 72.298456] Bluetooth: hci1: command tx timeout [ 72.557120] Bluetooth: hci2: command tx timeout [ 72.557666] Bluetooth: hci6: command tx timeout [ 72.618211] Bluetooth: hci3: command tx timeout [ 72.619503] Bluetooth: hci5: command tx timeout [ 72.619956] Bluetooth: hci4: command tx timeout [ 72.876150] Bluetooth: hci7: command tx timeout [ 74.346118] Bluetooth: hci1: command tx timeout [ 74.346241] Bluetooth: hci0: command tx timeout [ 74.602224] Bluetooth: hci6: command tx timeout [ 74.602683] Bluetooth: hci2: command tx timeout [ 74.666200] Bluetooth: hci4: command tx timeout [ 74.666237] Bluetooth: hci5: command tx timeout [ 74.666660] Bluetooth: hci3: command tx timeout [ 74.922138] Bluetooth: hci7: command tx timeout [ 76.394263] Bluetooth: hci0: command tx timeout [ 76.394716] Bluetooth: hci1: command tx timeout [ 76.650179] Bluetooth: hci2: command tx timeout [ 76.651108] Bluetooth: hci6: command tx timeout [ 76.714186] Bluetooth: hci3: command tx timeout [ 76.715160] Bluetooth: hci5: command tx timeout [ 76.715551] Bluetooth: hci4: command tx timeout [ 76.971099] Bluetooth: hci7: command tx timeout [ 78.442165] Bluetooth: hci1: command tx timeout [ 78.442622] Bluetooth: hci0: command tx timeout [ 78.698216] Bluetooth: hci6: command tx timeout [ 78.698782] Bluetooth: hci2: command tx timeout [ 78.764238] Bluetooth: hci5: command tx timeout [ 78.764665] Bluetooth: hci4: command tx timeout [ 78.765050] Bluetooth: hci3: command tx timeout [ 79.018182] Bluetooth: hci7: command tx timeout [ 104.762889] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.763584] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.867535] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.868148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.994515] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.995127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.197109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.197740] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.275724] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.276380] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.331746] audit: type=1400 audit(1756716841.148:8): avc: denied { open } for pid=3708 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 105.339377] audit: type=1400 audit(1756716841.148:9): avc: denied { kernel } for pid=3708 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 105.467508] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.468391] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.795459] loop3: detected capacity change from 0 to 32767 08:54:01 executing program 1: setresuid(0xee01, 0xee00, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0}, &(0x7f0000008600)=0xc) setresuid(0x0, r2, 0x0) r3 = fcntl$dupfd(r0, 0x0, r0) linkat(r3, &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000) [ 106.249269] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.249919] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.377744] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.378883] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.170432] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.171017] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.225976] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.227095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.405926] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.406820] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.414281] kmemleak: Found object by alias at 0x607f1a63646c [ 107.414302] CPU: 0 UID: 0 PID: 3884 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 107.414321] Tainted: [W]=WARN [ 107.414325] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 107.414332] Call Trace: [ 107.414336] [ 107.414341] dump_stack_lvl+0xca/0x120 [ 107.414377] __lookup_object+0x94/0xb0 [ 107.414396] delete_object_full+0x27/0x70 [ 107.414413] free_percpu+0x30/0x1160 [ 107.414430] ? arch_uprobe_clear_state+0x16/0x140 [ 107.414451] futex_hash_free+0x38/0xc0 [ 107.414466] mmput+0x2d3/0x390 [ 107.414485] do_exit+0x79d/0x2970 [ 107.414499] ? lock_release+0xc8/0x290 [ 107.414517] ? __pfx_do_exit+0x10/0x10 [ 107.414532] ? find_held_lock+0x2b/0x80 [ 107.414549] ? get_signal+0x835/0x2340 [ 107.414570] do_group_exit+0xd3/0x2a0 [ 107.414586] get_signal+0x2315/0x2340 [ 107.414606] ? _raw_spin_unlock_irq+0x23/0x40 [ 107.414625] ? __pfx_get_signal+0x10/0x10 [ 107.414641] ? do_futex+0x135/0x370 [ 107.414655] ? __pfx_do_futex+0x10/0x10 [ 107.414671] arch_do_signal_or_restart+0x80/0x790 [ 107.414689] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 107.414706] ? __x64_sys_futex+0x1c9/0x4d0 [ 107.414719] ? __x64_sys_futex+0x1d2/0x4d0 [ 107.414732] ? __pfx___x64_sys_timer_create+0x10/0x10 [ 107.414750] ? __pfx___x64_sys_futex+0x10/0x10 [ 107.414769] exit_to_user_mode_loop+0x8b/0x110 [ 107.414783] do_syscall_64+0x2f7/0x360 [ 107.414797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.414809] RIP: 0033:0x7f994c037b19 [ 107.414818] Code: Unable to access opcode bytes at 0x7f994c037aef. [ 107.414824] RSP: 002b:00007f99495ad218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 107.414836] RAX: 0000000000000000 RBX: 00007f994c14af68 RCX: 00007f994c037b19 [ 107.414844] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f994c14af68 [ 107.414851] RBP: 00007f994c14af60 R08: 0000000000000000 R09: 0000000000000000 [ 107.414859] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f994c14af6c [ 107.414866] R13: 00007ffee325c46f R14: 00007f99495ad300 R15: 0000000000022000 [ 107.414882] [ 107.414886] kmemleak: Object (percpu) 0x607f1a636468 (size 8): [ 107.414893] kmemleak: comm "syz-executor.0", pid 274, jiffies 4294772005 [ 107.414901] kmemleak: min_count = 1 [ 107.414905] kmemleak: count = 0 [ 107.414909] kmemleak: flags = 0x21 [ 107.414913] kmemleak: checksum = 0 [ 107.414917] kmemleak: backtrace: [ 107.414921] pcpu_alloc_noprof+0x87a/0x1170 [ 107.414936] __alloc_workqueue+0x74b/0x1820 [ 107.414954] alloc_workqueue_noprof+0xc7/0x200 [ 107.414964] ieee80211_register_hw+0x1ec5/0x3e00 [ 107.414978] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 107.414992] hwsim_new_radio_nl+0xb0d/0x1250 [ 107.415004] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 107.415017] genl_rcv_msg+0x532/0x7e0 [ 107.415027] netlink_rcv_skb+0x147/0x430 [ 107.415044] genl_rcv+0x28/0x40 [ 107.415053] netlink_unicast+0x5a7/0x870 [ 107.415069] netlink_sendmsg+0x8ac/0xd80 [ 107.415085] __sys_sendto+0x506/0x570 [ 107.415100] __x64_sys_sendto+0xe1/0x1c0 [ 107.415114] do_syscall_64+0xbf/0x360 [ 107.415124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.506875] kmemleak: Cannot insert 0x607f1a63646c into the object search tree (overlaps existing) [ 107.506894] CPU: 1 UID: 0 PID: 284 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 107.506913] Tainted: [W]=WARN [ 107.506917] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 107.506925] Call Trace: [ 107.506929] [ 107.506934] dump_stack_lvl+0xca/0x120 [ 107.506969] __link_object+0x190/0x210 [ 107.506989] __create_object+0x48/0x80 [ 107.507008] pcpu_alloc_noprof+0x87a/0x1170 [ 107.507035] alloc_netdev_mqs+0x131/0x1360 [ 107.507058] ? __pfx_ieee80211_if_setup+0x10/0x10 [ 107.507080] ieee80211_if_add+0x1d9/0x1510 [ 107.507101] ? ieee80211_init_rate_ctrl_alg+0x83/0x650 [ 107.507116] ieee80211_register_hw+0x3538/0x3e00 [ 107.507140] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 107.507155] ? net_generic+0x25/0x2a0 [ 107.507175] ? find_held_lock+0x2b/0x80 [ 107.507197] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 107.507214] ? __hrtimer_setup+0x1a4/0x2c0 [ 107.507236] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 107.507260] ? __nla_validate_parse+0x2e6/0x2880 [ 107.507279] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 107.507299] hwsim_new_radio_nl+0xb0d/0x1250 [ 107.507312] ? kasan_save_track+0x14/0x30 [ 107.507330] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 107.507350] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bc/0x290 [ 107.507365] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 107.507383] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 107.507396] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 107.507416] ? security_capable+0x2f/0x90 [ 107.507433] ? ns_capable+0xe2/0x120 [ 107.507454] genl_rcv_msg+0x532/0x7e0 [ 107.507469] ? __pfx_genl_rcv_msg+0x10/0x10 [ 107.507482] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 107.507500] ? __lock_acquire+0x694/0x1b70 [ 107.507516] netlink_rcv_skb+0x147/0x430 [ 107.507536] ? __pfx_genl_rcv_msg+0x10/0x10 [ 107.507549] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 107.507575] ? netlink_deliver_tap+0x1ae/0xce0 [ 107.507592] ? selinux_netlink_send+0x507/0x880 [ 107.507606] ? is_vmalloc_addr+0x86/0xa0 [ 107.507628] genl_rcv+0x28/0x40 [ 107.507638] netlink_unicast+0x5a7/0x870 [ 107.507660] ? __pfx_netlink_unicast+0x10/0x10 [ 107.507685] netlink_sendmsg+0x8ac/0xd80 [ 107.507707] ? __pfx_netlink_sendmsg+0x10/0x10 [ 107.507732] __sys_sendto+0x506/0x570 [ 107.507752] ? __pfx___sys_sendto+0x10/0x10 [ 107.507782] ? fput_close_sync+0x114/0x240 [ 107.507800] ? __pfx_fput_close_sync+0x10/0x10 [ 107.507816] ? dnotify_flush+0x79/0x4c0 [ 107.507833] __x64_sys_sendto+0xe1/0x1c0 [ 107.507849] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 107.507864] do_syscall_64+0xbf/0x360 [ 107.507878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.507891] RIP: 0033:0x7feccce258ac [ 107.507901] Code: fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 20 fb ff ff 48 8b [ 107.507913] RSP: 002b:00007ffde0d39c40 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 107.507925] RAX: ffffffffffffffda RBX: 00007feccdebe320 RCX: 00007feccce258ac [ 107.507933] RDX: 0000000000000024 RSI: 00007feccdebe370 RDI: 0000000000000003 [ 107.507941] RBP: 0000000000000000 R08: 00007ffde0d39c94 R09: 000000000000000c [ 107.507948] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 107.507955] R13: 00007feccdebe370 R14: 0000000000000003 R15: 0000000000000000 [ 107.507972] [ 107.508901] kmemleak: Kernel memory leak detector disabled [ 107.508906] kmemleak: Object (percpu) 0x607f1a636468 (size 8): [ 107.508913] kmemleak: comm "syz-executor.0", pid 274, jiffies 4294772005 [ 107.508921] kmemleak: min_count = 1 [ 107.508925] kmemleak: count = 0 [ 107.508929] kmemleak: flags = 0x21 [ 107.508933] kmemleak: checksum = 0 [ 107.508937] kmemleak: backtrace: [ 107.508941] pcpu_alloc_noprof+0x87a/0x1170 [ 107.508957] __alloc_workqueue+0x74b/0x1820 [ 107.508976] alloc_workqueue_noprof+0xc7/0x200 [ 107.508986] ieee80211_register_hw+0x1ec5/0x3e00 [ 107.508998] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 107.509010] hwsim_new_radio_nl+0xb0d/0x1250 [ 107.509022] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 107.509033] genl_rcv_msg+0x532/0x7e0 [ 107.509042] netlink_rcv_skb+0x147/0x430 [ 107.509059] genl_rcv+0x28/0x40 [ 107.509068] netlink_unicast+0x5a7/0x870 [ 107.509084] netlink_sendmsg+0x8ac/0xd80 [ 107.509100] __sys_sendto+0x506/0x570 [ 107.509114] __x64_sys_sendto+0xe1/0x1c0 [ 107.509129] do_syscall_64+0xbf/0x360 [ 107.509138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.560950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.562173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.580887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.581623] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.606329] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.606928] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.635619] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.636414] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.659938] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.660580] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:54:03 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r1, &(0x7f0000001840)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000003640)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0) 08:54:03 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsopen(&(0x7f0000000000)='nfs\x00', 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0xf, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 08:54:03 executing program 6: timer_create(0x0, &(0x7f00000000c0)={0x0, 0x17}, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, r0+10000000}, {0x0, 0x3938700}}, 0x0) timer_delete(0x0) 08:54:03 executing program 5: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0100", 0x3, 0x3a, 0x0, @dev, @mcast2, {[], @mld={0x0, 0x0, 0x0, 0x0, 0x0, @mcast2}}}}}}, 0x0) 08:54:03 executing program 1: setresuid(0xee01, 0xee00, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0}, &(0x7f0000008600)=0xc) setresuid(0x0, r2, 0x0) r3 = fcntl$dupfd(r0, 0x0, r0) linkat(r3, &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000) 08:54:03 executing program 3: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x13, &(0x7f00000001c0)=[{&(0x7f00000003c0)=""/4096, 0x1000}, {0x0}], 0x2) ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0xfffffffe}]) 08:54:03 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:54:03 executing program 0: ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan4\x00'}) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, 0x0}, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, 0x0, 0x0) io_uring_setup(0x65d8, &(0x7f0000000b00)={0x0, 0x18f1, 0x20}) 08:54:03 executing program 5: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0100", 0x3, 0x3a, 0x0, @dev, @mcast2, {[], @mld={0x0, 0x0, 0x0, 0x0, 0x0, @mcast2}}}}}}, 0x0) 08:54:03 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r1, &(0x7f0000001840)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000003640)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0) 08:54:03 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsopen(&(0x7f0000000000)='nfs\x00', 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0xf, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 08:54:03 executing program 1: setresuid(0xee01, 0xee00, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0}, &(0x7f0000008600)=0xc) setresuid(0x0, r2, 0x0) r3 = fcntl$dupfd(r0, 0x0, r0) linkat(r3, &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000) [ 107.843249] kmemleak: Found object by alias at 0x607f1a63646c [ 107.843269] CPU: 1 UID: 0 PID: 3920 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 107.843287] Tainted: [W]=WARN [ 107.843291] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 107.843298] Call Trace: [ 107.843302] [ 107.843307] dump_stack_lvl+0xca/0x120 [ 107.843331] __lookup_object+0x94/0xb0 [ 107.843348] delete_object_full+0x27/0x70 [ 107.843365] free_percpu+0x30/0x1160 [ 107.843382] ? arch_uprobe_clear_state+0x16/0x140 [ 107.843402] futex_hash_free+0x38/0xc0 [ 107.843416] mmput+0x2d3/0x390 [ 107.843435] do_exit+0x79d/0x2970 [ 107.843449] ? lock_release+0xc8/0x290 [ 107.843464] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 107.843477] ? __pfx_do_exit+0x10/0x10 [ 107.843491] ? find_held_lock+0x2b/0x80 [ 107.843509] ? get_signal+0x835/0x2340 [ 107.843529] do_group_exit+0xd3/0x2a0 [ 107.843544] get_signal+0x2315/0x2340 [ 107.843567] ? __pfx_get_signal+0x10/0x10 [ 107.843584] ? do_futex+0x135/0x370 [ 107.843598] ? __pfx_do_futex+0x10/0x10 [ 107.843613] arch_do_signal_or_restart+0x80/0x790 [ 107.843631] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 107.843648] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 107.843661] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 107.843674] ? __pfx___x64_sys_futex+0x10/0x10 [ 107.843687] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 107.843703] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 107.843719] exit_to_user_mode_loop+0x8b/0x110 [ 107.843732] do_syscall_64+0x2f7/0x360 [ 107.843745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.843757] RIP: 0033:0x7f994c037b19 [ 107.843766] Code: Unable to access opcode bytes at 0x7f994c037aef. [ 107.843771] RSP: 002b:00007f99495ad218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 107.843783] RAX: fffffffffffffe00 RBX: 00007f994c14af68 RCX: 00007f994c037b19 [ 107.843791] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f994c14af68 [ 107.843798] RBP: 00007f994c14af60 R08: 0000000000000000 R09: 0000000000000000 [ 107.843805] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f994c14af6c [ 107.843812] R13: 00007ffee325c46f R14: 00007f99495ad300 R15: 0000000000022000 [ 107.843827] [ 107.843831] kmemleak: Object (percpu) 0x607f1a636468 (size 8): [ 107.843838] kmemleak: comm "syz-executor.0", pid 274, jiffies 4294772005 [ 107.843845] kmemleak: min_count = 1 [ 107.843849] kmemleak: count = 0 [ 107.843852] kmemleak: flags = 0x21 [ 107.843856] kmemleak: checksum = 0 [ 107.843860] kmemleak: backtrace: [ 107.843863] pcpu_alloc_noprof+0x87a/0x1170 [ 107.843878] __alloc_workqueue+0x74b/0x1820 [ 107.843896] alloc_workqueue_noprof+0xc7/0x200 [ 107.843905] ieee80211_register_hw+0x1ec5/0x3e00 [ 107.843918] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 107.843931] hwsim_new_radio_nl+0xb0d/0x1250 [ 107.843943] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 107.843955] genl_rcv_msg+0x532/0x7e0 [ 107.843965] netlink_rcv_skb+0x147/0x430 [ 107.843981] genl_rcv+0x28/0x40 [ 107.843990] netlink_unicast+0x5a7/0x870 [ 107.844006] netlink_sendmsg+0x8ac/0xd80 [ 107.844022] __sys_sendto+0x506/0x570 [ 107.844037] __x64_sys_sendto+0xe1/0x1c0 [ 107.844056] do_syscall_64+0xbf/0x360 [ 107.844066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.011287] loop3: detected capacity change from 0 to 32767 08:54:03 executing program 0: ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan4\x00'}) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, 0x0}, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, 0x0, 0x0) io_uring_setup(0x65d8, &(0x7f0000000b00)={0x0, 0x18f1, 0x20}) 08:54:03 executing program 6: timer_create(0x0, &(0x7f00000000c0)={0x0, 0x17}, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, r0+10000000}, {0x0, 0x3938700}}, 0x0) timer_delete(0x0) 08:54:03 executing program 5: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0100", 0x3, 0x3a, 0x0, @dev, @mcast2, {[], @mld={0x0, 0x0, 0x0, 0x0, 0x0, @mcast2}}}}}}, 0x0) 08:54:03 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsopen(&(0x7f0000000000)='nfs\x00', 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0xf, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 08:54:03 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r1, &(0x7f0000001840)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000003640)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0) 08:54:03 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:54:03 executing program 1: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:54:03 executing program 3: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x13, &(0x7f00000001c0)=[{&(0x7f00000003c0)=""/4096, 0x1000}, {0x0}], 0x2) ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0xfffffffe}]) [ 108.123245] kmemleak: Found object by alias at 0x607f1a63646c [ 108.123265] CPU: 0 UID: 0 PID: 3944 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 108.123286] Tainted: [W]=WARN [ 108.123290] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.123298] Call Trace: [ 108.123302] [ 108.123307] dump_stack_lvl+0xca/0x120 [ 108.123339] __lookup_object+0x94/0xb0 [ 108.123358] delete_object_full+0x27/0x70 [ 108.123375] free_percpu+0x30/0x1160 [ 108.123392] ? arch_uprobe_clear_state+0x16/0x140 [ 108.123413] futex_hash_free+0x38/0xc0 [ 108.123428] mmput+0x2d3/0x390 [ 108.123447] do_exit+0x79d/0x2970 [ 108.123464] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 108.123479] ? __pfx_do_exit+0x10/0x10 [ 108.123493] ? find_held_lock+0x2b/0x80 [ 108.123511] ? get_signal+0x835/0x2340 [ 108.123532] do_group_exit+0xd3/0x2a0 [ 108.123547] get_signal+0x2315/0x2340 [ 108.123565] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 108.123581] ? __pfx_get_signal+0x10/0x10 [ 108.123598] ? __schedule+0xe91/0x3590 [ 108.123620] arch_do_signal_or_restart+0x80/0x790 [ 108.123638] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 108.123655] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 108.123668] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 108.123681] ? __pfx___x64_sys_futex+0x10/0x10 [ 108.123694] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 108.123715] exit_to_user_mode_loop+0x8b/0x110 [ 108.123729] do_syscall_64+0x2f7/0x360 [ 108.123742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.123754] RIP: 0033:0x7f994c037b19 [ 108.123764] Code: Unable to access opcode bytes at 0x7f994c037aef. [ 108.123770] RSP: 002b:00007f99495ad218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 108.123781] RAX: 0000000000000001 RBX: 00007f994c14af68 RCX: 00007f994c037b19 [ 108.123789] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f994c14af6c [ 108.123797] RBP: 00007f994c14af60 R08: 000000000000000e R09: 0000000000000000 [ 108.123804] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f994c14af6c [ 108.123811] R13: 00007ffee325c46f R14: 00007f99495ad300 R15: 0000000000022000 [ 108.123827] [ 108.123831] kmemleak: Object (percpu) 0x607f1a636468 (size 8): [ 108.123838] kmemleak: comm "syz-executor.0", pid 274, jiffies 4294772005 [ 108.123845] kmemleak: min_count = 1 [ 108.123849] kmemleak: count = 0 [ 108.123853] kmemleak: flags = 0x21 [ 108.123857] kmemleak: checksum = 0 [ 108.123861] kmemleak: backtrace: [ 108.123864] pcpu_alloc_noprof+0x87a/0x1170 [ 108.123880] __alloc_workqueue+0x74b/0x1820 [ 108.123898] alloc_workqueue_noprof+0xc7/0x200 [ 108.123908] ieee80211_register_hw+0x1ec5/0x3e00 [ 108.123921] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 108.123935] hwsim_new_radio_nl+0xb0d/0x1250 [ 108.123947] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 108.123959] genl_rcv_msg+0x532/0x7e0 [ 108.123970] netlink_rcv_skb+0x147/0x430 [ 108.123987] genl_rcv+0x28/0x40 [ 108.123995] netlink_unicast+0x5a7/0x870 [ 108.124011] netlink_sendmsg+0x8ac/0xd80 [ 108.124027] __sys_sendto+0x506/0x570 [ 108.124043] __x64_sys_sendto+0xe1/0x1c0 [ 108.124057] do_syscall_64+0xbf/0x360 [ 108.124067] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:54:03 executing program 0: ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan4\x00'}) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, 0x0}, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, 0x0, 0x0) io_uring_setup(0x65d8, &(0x7f0000000b00)={0x0, 0x18f1, 0x20}) 08:54:04 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:54:04 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:54:04 executing program 7: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:54:04 executing program 1: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:54:04 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:54:04 executing program 6: timer_create(0x0, &(0x7f00000000c0)={0x0, 0x17}, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, r0+10000000}, {0x0, 0x3938700}}, 0x0) timer_delete(0x0) 08:54:04 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:54:04 executing program 0: timer_create(0x0, &(0x7f00000000c0)={0x0, 0x17}, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, r0+10000000}, {0x0, 0x3938700}}, 0x0) timer_delete(0x0) 08:54:04 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) [ 108.329055] kmemleak: Found object by alias at 0x607f1a63646c [ 108.329075] CPU: 1 UID: 0 PID: 3968 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 108.329093] Tainted: [W]=WARN [ 108.329097] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.329103] Call Trace: [ 108.329107] [ 108.329112] dump_stack_lvl+0xca/0x120 [ 108.329135] __lookup_object+0x94/0xb0 [ 108.329152] delete_object_full+0x27/0x70 [ 108.329169] free_percpu+0x30/0x1160 [ 108.329186] ? arch_uprobe_clear_state+0x16/0x140 [ 108.329206] futex_hash_free+0x38/0xc0 [ 108.329220] mmput+0x2d3/0x390 [ 108.329239] do_exit+0x79d/0x2970 [ 108.329253] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 108.329266] ? zap_other_threads+0x2b9/0x3a0 [ 108.329283] ? __pfx_do_exit+0x10/0x10 [ 108.329296] ? do_group_exit+0x1c3/0x2a0 [ 108.329311] ? _raw_spin_unlock_irq+0x23/0x40 [ 108.329330] do_group_exit+0xd3/0x2a0 [ 108.329345] __x64_sys_exit_group+0x3e/0x50 [ 108.329359] x64_sys_call+0x18c5/0x18d0 [ 108.329375] do_syscall_64+0xbf/0x360 [ 108.329387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.329399] RIP: 0033:0x7f994c037b19 [ 108.329408] Code: Unable to access opcode bytes at 0x7f994c037aef. [ 108.329413] RSP: 002b:00007ffee325c698 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 108.329425] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f994c037b19 [ 108.329432] RDX: 00007f994bfea72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 108.329440] RBP: 0000000000000000 R08: 0000001b2d220a18 R09: 0000000000000000 [ 108.329446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.329453] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffee325c780 [ 108.329469] [ 108.329472] kmemleak: Object (percpu) 0x607f1a636468 (size 8): [ 108.329479] kmemleak: comm "syz-executor.0", pid 274, jiffies 4294772005 [ 108.329486] kmemleak: min_count = 1 [ 108.329490] kmemleak: count = 0 [ 108.329494] kmemleak: flags = 0x21 [ 108.329497] kmemleak: checksum = 0 [ 108.329501] kmemleak: backtrace: [ 108.329504] pcpu_alloc_noprof+0x87a/0x1170 [ 108.329520] __alloc_workqueue+0x74b/0x1820 [ 108.329537] alloc_workqueue_noprof+0xc7/0x200 [ 108.329555] ieee80211_register_hw+0x1ec5/0x3e00 [ 108.329568] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 108.329581] hwsim_new_radio_nl+0xb0d/0x1250 [ 108.329593] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 108.329605] genl_rcv_msg+0x532/0x7e0 [ 108.329614] netlink_rcv_skb+0x147/0x430 [ 108.329631] genl_rcv+0x28/0x40 [ 108.329640] netlink_unicast+0x5a7/0x870 [ 108.329656] netlink_sendmsg+0x8ac/0xd80 [ 108.329672] __sys_sendto+0x506/0x570 [ 108.329686] __x64_sys_sendto+0xe1/0x1c0 [ 108.329701] do_syscall_64+0xbf/0x360 [ 108.329710] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:54:04 executing program 0: timer_create(0x0, &(0x7f00000000c0)={0x0, 0x17}, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, r0+10000000}, {0x0, 0x3938700}}, 0x0) timer_delete(0x0) [ 108.471239] loop3: detected capacity change from 0 to 32767 08:54:04 executing program 3: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x13, &(0x7f00000001c0)=[{&(0x7f00000003c0)=""/4096, 0x1000}, {0x0}], 0x2) ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0xfffffffe}]) 08:54:04 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:54:04 executing program 0: timer_create(0x0, &(0x7f00000000c0)={0x0, 0x17}, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, r0+10000000}, {0x0, 0x3938700}}, 0x0) timer_delete(0x0) 08:54:04 executing program 4: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x13, &(0x7f00000001c0)=[{&(0x7f00000003c0)=""/4096, 0x1000}, {0x0}], 0x2) ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0xfffffffe}]) 08:54:04 executing program 6: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x13, &(0x7f00000001c0)=[{&(0x7f00000003c0)=""/4096, 0x1000}, {0x0}], 0x2) ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0xfffffffe}]) 08:54:04 executing program 5: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:54:04 executing program 7: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:54:04 executing program 1: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:54:04 executing program 0: setresuid(0xee01, 0xee00, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0}, &(0x7f0000008600)=0xc) setresuid(0x0, r2, 0x0) r3 = fcntl$dupfd(r0, 0x0, r0) linkat(r3, &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000) 08:54:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000100)={0x0, {{0x2, 0x0, @broadcast}}, {{0x2, 0x0, @remote}}}, 0x108) 08:54:04 executing program 7: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="3dd58fe2f28bcdffd085119b6910c7cd64f01b6d909e03d1c9ff903be56a124922bdef31053949d2dbb9070ec3e864156456d68102513a4f17b9f01c10e425ae1ac32f21f349210cff27a9a60ecdfa1f87d31c696732437bf884c2b8d088fbc0e7cbf642985013c75f8a20bbc4ec9a04ff0da701a41ae8096363f043cf4fedb7b875bf3de17676890cfa9d18a5fbbbc42f3be589d540513dce650871a83fc7df830259651ee4c7d0f379c09db55847ce9270b5229b15fa13ba107400", 0xfffff, r0) perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffedd, 0xf0, 0xde, 0x5, 0x10, 0x0, 0x3f, 0x80138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8, 0x7}, 0x1200, 0x0, 0x80000001, 0x9, 0x3, 0x3fc, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:54:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000100)={0x0, {{0x2, 0x0, @broadcast}}, {{0x2, 0x0, @remote}}}, 0x108) 08:54:04 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgget(0x0, 0x2c8) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000440)={'wlan1\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)={0x1c, r3, 0x1, 0x0, 0x0, {{0x30}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) 08:54:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000100)={0x0, {{0x2, 0x0, @broadcast}}, {{0x2, 0x0, @remote}}}, 0x108) 08:54:04 executing program 7: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ff", 0x26, 0x1e0}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010000ee870325132510000e870325103", 0x5b, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8982, 0x0) [ 108.798973] loop7: detected capacity change from 0 to 6 [ 108.824661] FAT-fs (loop7): Directory bread(block 6) failed [ 108.826517] FAT-fs (loop7): Directory bread(block 7) failed [ 108.831244] FAT-fs (loop7): Directory bread(block 8) failed [ 108.832207] FAT-fs (loop7): Directory bread(block 9) failed [ 108.844406] FAT-fs (loop7): Directory bread(block 138) failed [ 108.844948] FAT-fs (loop7): Directory bread(block 139) failed [ 108.848350] FAT-fs (loop7): Directory bread(block 140) failed [ 108.849662] FAT-fs (loop7): Directory bread(block 141) failed [ 108.851322] FAT-fs (loop7): Directory bread(block 142) failed [ 108.853125] FAT-fs (loop7): Directory bread(block 143) failed [ 108.859376] FAT-fs (loop7): error, corrupted directory (invalid entries) [ 108.859933] FAT-fs (loop7): Filesystem has been set read-only [ 108.966088] loop4: detected capacity change from 0 to 32767 [ 109.180738] loop6: detected capacity change from 0 to 32767 [ 109.209835] loop3: detected capacity change from 0 to 32767 [ 109.310449] kmemleak: Found object by alias at 0x607f1a63646c [ 109.310480] CPU: 0 UID: 0 PID: 3994 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 109.310514] Tainted: [W]=WARN [ 109.310521] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.310534] Call Trace: [ 109.310541] [ 109.310550] dump_stack_lvl+0xca/0x120 [ 109.310599] __lookup_object+0x94/0xb0 [ 109.310631] delete_object_full+0x27/0x70 [ 109.310662] free_percpu+0x30/0x1160 [ 109.310693] ? arch_uprobe_clear_state+0x16/0x140 [ 109.310730] futex_hash_free+0x38/0xc0 [ 109.310757] mmput+0x2d3/0x390 [ 109.310791] do_exit+0x79d/0x2970 [ 109.310821] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 109.310847] ? __pfx_do_exit+0x10/0x10 [ 109.310873] ? find_held_lock+0x2b/0x80 [ 109.310907] ? get_signal+0x835/0x2340 [ 109.310943] do_group_exit+0xd3/0x2a0 [ 109.310971] get_signal+0x2315/0x2340 [ 109.311005] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 109.311035] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 109.311071] ? __pfx_get_signal+0x10/0x10 [ 109.311102] ? do_futex+0x135/0x370 [ 109.311128] ? __pfx_do_futex+0x10/0x10 [ 109.311156] arch_do_signal_or_restart+0x80/0x790 [ 109.311189] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 109.311221] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 109.311245] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 109.311266] ? fput_close_sync+0x114/0x240 [ 109.311297] ? __pfx___x64_sys_futex+0x10/0x10 [ 109.311321] ? __pfx_fput_close_sync+0x10/0x10 [ 109.311351] ? xfd_validate_state+0x55/0x180 [ 109.311389] exit_to_user_mode_loop+0x8b/0x110 [ 109.311413] do_syscall_64+0x2f7/0x360 [ 109.311437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.311459] RIP: 0033:0x7f994c037b19 [ 109.311475] Code: Unable to access opcode bytes at 0x7f994c037aef. [ 109.311485] RSP: 002b:00007f99495ad218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 109.311506] RAX: fffffffffffffe00 RBX: 00007f994c14af68 RCX: 00007f994c037b19 [ 109.311521] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f994c14af68 [ 109.311534] RBP: 00007f994c14af60 R08: 0000000000000000 R09: 0000000000000000 [ 109.311547] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f994c14af6c [ 109.311560] R13: 00007ffee325c46f R14: 00007f99495ad300 R15: 0000000000022000 [ 109.311589] [ 109.311596] kmemleak: Object (percpu) 0x607f1a636468 (size 8): [ 109.311608] kmemleak: comm "syz-executor.0", pid 274, jiffies 4294772005 [ 109.311622] kmemleak: min_count = 1 [ 109.311629] kmemleak: count = 0 [ 109.311636] kmemleak: flags = 0x21 [ 109.311643] kmemleak: checksum = 0 [ 109.311650] kmemleak: backtrace: [ 109.311656] pcpu_alloc_noprof+0x87a/0x1170 [ 109.311685] __alloc_workqueue+0x74b/0x1820 [ 109.311718] alloc_workqueue_noprof+0xc7/0x200 [ 109.311735] ieee80211_register_hw+0x1ec5/0x3e00 [ 109.311758] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 109.311783] hwsim_new_radio_nl+0xb0d/0x1250 [ 109.311804] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 109.311826] genl_rcv_msg+0x532/0x7e0 [ 109.311844] netlink_rcv_skb+0x147/0x430 [ 109.311875] genl_rcv+0x28/0x40 [ 109.311892] netlink_unicast+0x5a7/0x870 [ 109.311921] netlink_sendmsg+0x8ac/0xd80 [ 109.311951] __sys_sendto+0x506/0x570 [ 109.311979] __x64_sys_sendto+0xe1/0x1c0 [ 109.312005] do_syscall_64+0xbf/0x360 [ 109.312023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.401332] kmemleak: Found object by alias at 0x607f1a63646c [ 109.401362] CPU: 0 UID: 0 PID: 14 Comm: ksoftirqd/0 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 109.401398] Tainted: [W]=WARN [ 109.401406] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.401418] Call Trace: [ 109.401425] [ 109.401434] dump_stack_lvl+0xca/0x120 [ 109.401475] __lookup_object+0x94/0xb0 [ 109.401506] delete_object_full+0x27/0x70 [ 109.401538] free_percpu+0x30/0x1160 [ 109.401589] percpu_counter_destroy_many+0x188/0x2b0 [ 109.401626] free_uid+0x1af/0x1f0 [ 109.401649] ? __pfx_free_uid+0x10/0x10 [ 109.401669] ? security_cred_free+0x70/0xe0 [ 109.401700] put_cred_rcu+0x1ac/0x3a0 [ 109.401728] ? rcu_core+0x7c3/0x1800 [ 109.401754] rcu_core+0x7c8/0x1800 [ 109.401790] ? __pfx_rcu_core+0x10/0x10 [ 109.401817] ? __pfx___schedule+0x10/0x10 [ 109.401855] ? __pfx_run_ksoftirqd+0x10/0x10 [ 109.401895] handle_softirqs+0x1b1/0x770 [ 109.401937] ? __pfx_run_ksoftirqd+0x10/0x10 [ 109.401972] ? smpboot_thread_fn+0x371/0x9d0 [ 109.402007] run_ksoftirqd+0x2e/0x60 [ 109.402041] smpboot_thread_fn+0x41d/0x9d0 [ 109.402085] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 109.402123] kthread+0x3c8/0x740 [ 109.402148] ? __pfx_kthread+0x10/0x10 [ 109.402172] ? ret_from_fork+0x23/0x430 [ 109.402208] ? lock_release+0xc8/0x290 [ 109.402236] ? __pfx_kthread+0x10/0x10 [ 109.402263] ret_from_fork+0x34b/0x430 [ 109.402297] ? __pfx_kthread+0x10/0x10 [ 109.402322] ret_from_fork_asm+0x1a/0x30 [ 109.402368] [ 109.402375] kmemleak: Object (percpu) 0x607f1a636468 (size 8): [ 109.402388] kmemleak: comm "syz-executor.0", pid 274, jiffies 4294772005 [ 109.402402] kmemleak: min_count = 1 [ 109.402410] kmemleak: count = 0 [ 109.402417] kmemleak: flags = 0x21 [ 109.402425] kmemleak: checksum = 0 [ 109.402432] kmemleak: backtrace: [ 109.402438] pcpu_alloc_noprof+0x87a/0x1170 [ 109.402469] __alloc_workqueue+0x74b/0x1820 [ 109.402504] alloc_workqueue_noprof+0xc7/0x200 [ 109.402523] ieee80211_register_hw+0x1ec5/0x3e00 [ 109.402547] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 109.402572] hwsim_new_radio_nl+0xb0d/0x1250 [ 109.402595] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 109.402617] genl_rcv_msg+0x532/0x7e0 [ 109.402637] netlink_rcv_skb+0x147/0x430 [ 109.402670] genl_rcv+0x28/0x40 [ 109.402687] netlink_unicast+0x5a7/0x870 [ 109.402719] netlink_sendmsg+0x8ac/0xd80 [ 109.402752] __sys_sendto+0x506/0x570 [ 109.402780] __x64_sys_sendto+0xe1/0x1c0 [ 109.402809] do_syscall_64+0xbf/0x360 [ 109.402828] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:54:05 executing program 0: setresuid(0xee01, 0xee00, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0}, &(0x7f0000008600)=0xc) setresuid(0x0, r2, 0x0) r3 = fcntl$dupfd(r0, 0x0, r0) linkat(r3, &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000) 08:54:05 executing program 5: r0 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0xa, r0, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000800)='\x00') 08:54:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000100)={0x0, {{0x2, 0x0, @broadcast}}, {{0x2, 0x0, @remote}}}, 0x108) 08:54:05 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgget(0x0, 0x2c8) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000440)={'wlan1\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)={0x1c, r3, 0x1, 0x0, 0x0, {{0x30}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) 08:54:05 executing program 7: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ff", 0x26, 0x1e0}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010000ee870325132510000e870325103", 0x5b, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8982, 0x0) 08:54:05 executing program 6: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x13, &(0x7f00000001c0)=[{&(0x7f00000003c0)=""/4096, 0x1000}, {0x0}], 0x2) ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0xfffffffe}]) 08:54:05 executing program 4: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x13, &(0x7f00000001c0)=[{&(0x7f00000003c0)=""/4096, 0x1000}, {0x0}], 0x2) ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0xfffffffe}]) [ 109.454857] loop7: detected capacity change from 0 to 6 08:54:05 executing program 0: setresuid(0xee01, 0xee00, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0}, &(0x7f0000008600)=0xc) setresuid(0x0, r2, 0x0) r3 = fcntl$dupfd(r0, 0x0, r0) linkat(r3, &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000) 08:54:05 executing program 5: r0 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0xa, r0, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000800)='\x00') [ 109.491259] FAT-fs (loop7): Directory bread(block 6) failed [ 109.492241] FAT-fs (loop7): Directory bread(block 7) failed [ 109.493489] FAT-fs (loop7): Directory bread(block 8) failed [ 109.494371] FAT-fs (loop7): Directory bread(block 9) failed [ 109.505828] FAT-fs (loop7): Directory bread(block 138) failed [ 109.506971] FAT-fs (loop7): Directory bread(block 139) failed [ 109.509117] FAT-fs (loop7): Directory bread(block 140) failed [ 109.510413] FAT-fs (loop7): Directory bread(block 141) failed [ 109.512546] FAT-fs (loop7): Directory bread(block 142) failed [ 109.513454] FAT-fs (loop7): Directory bread(block 143) failed [ 109.515245] FAT-fs (loop7): error, corrupted directory (invalid entries) [ 109.516242] FAT-fs (loop7): Filesystem has been set read-only 08:54:05 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgget(0x0, 0x2c8) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000440)={'wlan1\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)={0x1c, r3, 0x1, 0x0, 0x0, {{0x30}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) 08:54:05 executing program 5: r0 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0xa, r0, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000800)='\x00') 08:54:05 executing program 7: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ff", 0x26, 0x1e0}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010000ee870325132510000e870325103", 0x5b, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8982, 0x0) [ 109.571565] kmemleak: Found object by alias at 0x607f1a63646c [ 109.571582] CPU: 1 UID: 0 PID: 3889 Comm: kworker/1:3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 109.571600] Tainted: [W]=WARN [ 109.571603] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.571611] Workqueue: events destroy_super_work [ 109.571634] Call Trace: [ 109.571638] [ 109.571643] dump_stack_lvl+0xca/0x120 [ 109.571664] __lookup_object+0x94/0xb0 [ 109.571681] delete_object_full+0x27/0x70 [ 109.571697] free_percpu+0x30/0x1160 [ 109.571718] percpu_free_rwsem+0x53/0xa0 [ 109.571736] destroy_super_work+0xe3/0x150 [ 109.571755] process_one_work+0x8e1/0x19c0 [ 109.571776] ? __pfx_process_one_work+0x10/0x10 [ 109.571790] ? move_linked_works+0x172/0x270 [ 109.571810] ? assign_work+0x196/0x240 [ 109.571826] worker_thread+0x67e/0xe90 [ 109.571840] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 109.571857] ? __pfx_worker_thread+0x10/0x10 [ 109.571872] kthread+0x3c8/0x740 [ 109.571885] ? __pfx_kthread+0x10/0x10 [ 109.571897] ? ret_from_fork+0x23/0x430 [ 109.571916] ? lock_release+0xc8/0x290 [ 109.571930] ? __pfx_kthread+0x10/0x10 [ 109.571943] ret_from_fork+0x34b/0x430 [ 109.571960] ? __pfx_kthread+0x10/0x10 [ 109.571973] ret_from_fork_asm+0x1a/0x30 [ 109.571997] [ 109.572001] kmemleak: Object (percpu) 0x607f1a636468 (size 8): [ 109.572008] kmemleak: comm "syz-executor.0", pid 274, jiffies 4294772005 [ 109.572015] kmemleak: min_count = 1 [ 109.572018] kmemleak: count = 0 [ 109.572022] kmemleak: flags = 0x21 [ 109.572026] kmemleak: checksum = 0 [ 109.572029] kmemleak: backtrace: [ 109.572033] pcpu_alloc_noprof+0x87a/0x1170 [ 109.572049] __alloc_workqueue+0x74b/0x1820 [ 109.572071] alloc_workqueue_noprof+0xc7/0x200 [ 109.572080] ieee80211_register_hw+0x1ec5/0x3e00 [ 109.572093] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 109.572106] hwsim_new_radio_nl+0xb0d/0x1250 [ 109.572118] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 109.572129] genl_rcv_msg+0x532/0x7e0 [ 109.572139] netlink_rcv_skb+0x147/0x430 [ 109.572156] genl_rcv+0x28/0x40 [ 109.572165] netlink_unicast+0x5a7/0x870 [ 109.572181] netlink_sendmsg+0x8ac/0xd80 [ 109.572197] __sys_sendto+0x506/0x570 [ 109.572212] __x64_sys_sendto+0xe1/0x1c0 [ 109.572226] do_syscall_64+0xbf/0x360 [ 109.572236] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:54:05 executing program 3: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ff", 0x26, 0x1e0}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010000ee870325132510000e870325103", 0x5b, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8982, 0x0) 08:54:05 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ff", 0x26, 0x1e0}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010000ee870325132510000e870325103", 0x5b, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8982, 0x0) 08:54:05 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) [ 109.622156] loop7: detected capacity change from 0 to 6 [ 109.630208] loop3: detected capacity change from 0 to 6 [ 109.631255] FAT-fs (loop7): Directory bread(block 6) failed [ 109.631757] FAT-fs (loop7): Directory bread(block 7) failed [ 109.632565] FAT-fs (loop7): Directory bread(block 8) failed [ 109.633030] FAT-fs (loop7): Directory bread(block 9) failed [ 109.635471] loop2: detected capacity change from 0 to 6 [ 109.645585] FAT-fs (loop7): Directory bread(block 138) failed [ 109.651517] FAT-fs (loop3): Directory bread(block 6) failed [ 109.652471] FAT-fs (loop3): Directory bread(block 7) failed [ 109.655126] FAT-fs (loop7): Directory bread(block 139) failed [ 109.655716] FAT-fs (loop7): Directory bread(block 140) failed [ 109.656394] FAT-fs (loop3): Directory bread(block 8) failed [ 109.656441] FAT-fs (loop3): Directory bread(block 9) failed [ 109.657655] Oops: general protection fault, probably for non-canonical address 0xdffffc0003c93980: 0000 [#1] SMP KASAN NOPTI [ 109.659375] KASAN: probably user-memory-access in range [0x000000001e49cc00-0x000000001e49cc07] [ 109.660629] CPU: 0 UID: 0 PID: 4048 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 109.664088] FAT-fs (loop7): Directory bread(block 141) failed [ 109.666670] Tainted: [W]=WARN [ 109.666680] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.670212] RIP: 0010:__queue_work+0x202/0x1240 [ 109.670912] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 109.673514] RSP: 0018:ffff888015ba7168 EFLAGS: 00010012 [ 109.674252] FAT-fs (loop7): Directory bread(block 142) failed [ 109.674294] RAX: 0000000003c93980 RBX: ffff888040b73c18 RCX: ffffc9000b644000 [ 109.674762] FAT-fs (loop7): Directory bread(block 143) failed [ 109.675769] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 109.675786] RBP: 000000001e49cc00 R08: 0000000000000001 R09: fffffbfff0f128f4 [ 109.678281] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 109.679313] R13: 0000000000000001 R14: 0000000000000000 R15: ffff88803958d800 [ 109.680357] FS: 00007f2605602700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 109.681376] FAT-fs (loop7): error, corrupted directory (invalid entries) [ 109.681518] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.682078] FAT-fs (loop7): Filesystem has been set read-only [ 109.682883] CR2: 0000000020420000 CR3: 000000001de1f000 CR4: 0000000000350ef0 [ 109.684366] Call Trace: [ 109.684747] [ 109.685087] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 109.685787] queue_work_on+0xd0/0xe0 [ 109.686345] loop_queue_rq+0x5c8/0x1180 [ 109.686943] __blk_mq_issue_directly+0xd5/0x260 [ 109.687636] ? __pfx___blk_mq_issue_directly+0x10/0x10 [ 109.688408] ? bdev_count_inflight_rw.part.0+0x5f/0x380 [ 109.689211] blk_mq_request_issue_directly+0x11c/0x1e0 [ 109.689976] blk_mq_issue_direct+0x192/0x640 [ 109.690628] blk_mq_dispatch_queue_requests+0x4b0/0x7c0 [ 109.691403] blk_mq_flush_plug_list+0x1ec/0x5b0 [ 109.692087] ? read_tsc+0x9/0x20 [ 109.692609] ? ktime_get+0x16d/0x270 [ 109.693163] ? trace_block_plug+0x149/0x1b0 [ 109.693807] ? blk_add_rq_to_plug+0x234/0x550 [ 109.694472] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 109.695227] ? blk_mq_submit_bio+0x4fd/0x2220 [ 109.695894] __blk_flush_plug+0x25c/0x460 [ 109.696499] ? __pfx___blk_flush_plug+0x10/0x10 [ 109.697190] ? bio_associate_blkg_from_css+0x4fe/0x1380 [ 109.697976] __submit_bio+0x480/0x5b0 [ 109.698536] ? __pfx___submit_bio+0x10/0x10 [ 109.699173] ? read_tsc+0x9/0x20 [ 109.699689] ? ktime_get+0x16d/0x270 [ 109.700245] submit_bio_noacct_nocheck+0x68e/0xcb0 [ 109.700955] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 109.701755] submit_bio_noacct+0x359/0x1350 [ 109.702387] __bread_gfp+0x18b/0x3c0 [ 109.702947] fat__get_entry+0x4c0/0x8e0 [ 109.703535] ? lock_acquire+0x15e/0x2f0 [ 109.704118] ? __pfx_fat__get_entry+0x10/0x10 [ 109.704778] ? lock_is_held_type+0x9e/0x120 [ 109.705423] ? __lock_acquire+0xc65/0x1b70 [ 109.706053] fat_get_short_entry+0x13f/0x2f0 [ 109.706707] fat_subdirs+0xa8/0x180 [ 109.707246] ? __pfx_fat_subdirs+0x10/0x10 [ 109.707864] ? inode_set_ctime_to_ts+0x11b/0x380 [ 109.708562] ? __pfx_inode_set_ctime_to_ts+0x10/0x10 [ 109.709316] ? _raw_spin_unlock+0x1e/0x40 [ 109.709948] fat_fill_super+0x2506/0x3fd0 [ 109.710571] ? __pfx_fat_fill_super+0x10/0x10 [ 109.711246] ? __pfx_snprintf+0x10/0x10 [ 109.711838] ? find_held_lock+0x2b/0x80 [ 109.712424] ? set_blocksize+0x1b4/0x470 [ 109.713022] ? lock_release+0xc8/0x290 [ 109.713602] ? sb_set_blocksize+0x177/0x1c0 [ 109.714228] ? setup_bdev_super+0x31f/0x6e0 [ 109.714871] get_tree_bdev_flags+0x38a/0x620 [ 109.715516] ? __pfx_vfat_fill_super+0x10/0x10 [ 109.716182] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 109.716891] ? cap_capable+0xdb/0x3b0 [ 109.717457] ? security_capable+0x2f/0x90 [ 109.718073] vfs_get_tree+0x93/0x340 [ 109.718632] path_mount+0x132d/0x1dd0 [ 109.719206] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 109.719965] ? __pfx_path_mount+0x10/0x10 [ 109.720571] ? kmem_cache_free+0x2a1/0x540 [ 109.721191] ? putname.part.0+0x11b/0x160 [ 109.721811] ? getname_flags.part.0+0x1c6/0x540 [ 109.722494] ? putname.part.0+0x11b/0x160 [ 109.723105] __x64_sys_mount+0x27b/0x300 [ 109.723697] ? __pfx___x64_sys_mount+0x10/0x10 [ 109.724369] do_syscall_64+0xbf/0x360 [ 109.724932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.725692] RIP: 0033:0x7f260808e04a [ 109.726250] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 109.728836] RSP: 002b:00007f2605601fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 109.729929] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f260808e04a [ 109.730954] RDX: 0000000020000000 RSI: 0000000020000280 RDI: 00007f2605602000 [ 109.731969] RBP: 00007f2605602040 R08: 00007f2605602040 R09: 0000000020000000 [ 109.732987] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 109.734019] R13: 0000000020000280 R14: 00007f2605602000 R15: 0000000020010d00 [ 109.735053] [ 109.735401] Modules linked in: [ 109.735876] ---[ end trace 0000000000000000 ]--- [ 109.736550] RIP: 0010:__queue_work+0x202/0x1240 [ 109.737233] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 109.739836] RSP: 0018:ffff888015ba7168 EFLAGS: 00010012 [ 109.740594] RAX: 0000000003c93980 RBX: ffff888040b73c18 RCX: ffffc9000b644000 [ 109.741624] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 109.742646] RBP: 000000001e49cc00 R08: 0000000000000001 R09: fffffbfff0f128f4 [ 109.743668] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 109.744682] R13: 0000000000000001 R14: 0000000000000000 R15: ffff88803958d800 [ 109.745715] FS: 00007f2605602700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 109.746867] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.747712] CR2: 0000000020420000 CR3: 000000001de1f000 CR4: 0000000000350ef0 [ 109.748742] note: syz-executor.2[4048] exited with irqs disabled [ 109.750187] note: syz-executor.2[4048] exited with preempt_count 1 [ 109.751655] ------------[ cut here ]------------ [ 109.752371] WARNING: kernel/exit.c:898 at do_exit+0x1c36/0x2970, CPU#0: syz-executor.2/4048 [ 109.753622] Modules linked in: [ 109.754125] CPU: 0 UID: 0 PID: 4048 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 109.755857] Tainted: [D]=DIE, [W]=WARN [ 109.756438] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.757650] RIP: 0010:do_exit+0x1c36/0x2970 [ 109.758310] Code: 96 0a 00 00 c7 43 18 00 00 00 00 e9 21 e6 ff ff e8 ef b3 38 00 bf 02 24 00 00 e8 f5 ab 0b 00 e9 41 ff ff ff e8 db b3 38 00 90 <0f> 0b 90 e9 87 e4 ff ff e8 cd b3 38 00 4c 89 e6 bf 05 06 00 00 e8 [ 109.760940] RSP: 0018:ffff888015ba7e40 EFLAGS: 00010246 [ 109.761743] RAX: 0000000000040000 RBX: 0000000000000200 RCX: ffffc9000b644000 [ 109.762798] RDX: 0000000000040000 RSI: ffffffff813b42d5 RDI: ffff88801789e468 [ 109.763838] RBP: ffff88801789d280 R08: 0000000000000001 R09: fffffbfff0f126d8 [ 109.764896] R10: 0000000000000200 R11: 0000000000000001 R12: 000000000000000b [ 109.765949] R13: 0000000000002710 R14: dffffc0003c93980 R15: 0000000000000000 [ 109.766999] FS: 00007f2605602700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 109.768190] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.769032] CR2: 0000000020420000 CR3: 000000001de1f000 CR4: 0000000000350ef0 [ 109.770120] Call Trace: [ 109.770529] [ 109.770907] ? _printk+0xbe/0xf0 [ 109.771485] ? __pfx__printk+0x10/0x10 [ 109.772110] ? __pfx_do_exit+0x10/0x10 [ 109.772698] make_task_dead+0x174/0x3b0 [ 109.773314] ? do_syscall_64+0xbf/0x360 [ 109.773927] rewind_stack_and_make_dead+0x16/0x20 [ 109.774681] RIP: 0033:0x7f260808e04a [ 109.775253] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 109.777916] RSP: 002b:00007f2605601fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 109.779044] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f260808e04a [ 109.780129] RDX: 0000000020000000 RSI: 0000000020000280 RDI: 00007f2605602000 [ 109.781202] RBP: 00007f2605602040 R08: 00007f2605602040 R09: 0000000020000000 [ 109.782284] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 109.783367] R13: 0000000020000280 R14: 00007f2605602000 R15: 0000000020010d00 [ 109.784452] [ 109.784815] irq event stamp: 438 [ 109.785334] hardirqs last enabled at (437): [] ktime_get+0x1c7/0x270 [ 109.786544] hardirqs last disabled at (438): [] _raw_spin_lock_irq+0x42/0x50 [ 109.787833] softirqs last enabled at (408): [] handle_softirqs+0x50c/0x770 [ 109.789125] softirqs last disabled at (401): [] __irq_exit_rcu+0xc4/0x100 [ 109.790371] ---[ end trace 0000000000000000 ]--- [ 109.791085] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 109.792409] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4048, name: syz-executor.2 [ 109.793666] preempt_count: 0, expected: 0 [ 109.794319] RCU nest depth: 2, expected: 0 [ 109.794938] INFO: lockdep is turned off. [ 109.795560] CPU: 0 UID: 0 PID: 4048 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 109.795595] Tainted: [D]=DIE, [W]=WARN [ 109.795602] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.795614] Call Trace: [ 109.795621] [ 109.795629] dump_stack_lvl+0xfa/0x120 [ 109.795671] __might_resched+0x2f3/0x510 [ 109.795697] exit_signals+0x25/0x940 [ 109.795732] do_exit+0x2db/0x2970 [ 109.795756] ? _printk+0xbe/0xf0 [ 109.795780] ? __pfx__printk+0x10/0x10 [ 109.795805] ? __pfx_do_exit+0x10/0x10 [ 109.795836] make_task_dead+0x174/0x3b0 [ 109.795864] ? do_syscall_64+0xbf/0x360 [ 109.795886] rewind_stack_and_make_dead+0x16/0x20 [ 109.795916] RIP: 0033:0x7f260808e04a [ 109.795931] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 109.795951] RSP: 002b:00007f2605601fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 109.795972] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f260808e04a [ 109.795986] RDX: 0000000020000000 RSI: 0000000020000280 RDI: 00007f2605602000 [ 109.796000] RBP: 00007f2605602040 R08: 00007f2605602040 R09: 0000000020000000 [ 109.796014] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 109.796027] R13: 0000000020000280 R14: 00007f2605602000 R15: 0000000020010d00 [ 109.796050] [ 109.829766] FAT-fs (loop3): Directory bread(block 138) failed [ 109.830690] FAT-fs (loop3): Directory bread(block 139) failed [ 109.831872] loop4: detected capacity change from 0 to 32767 [ 109.832236] FAT-fs (loop3): Directory bread(block 140) failed [ 109.833597] FAT-fs (loop3): Directory bread(block 141) failed [ 109.835883] FAT-fs (loop3): Directory bread(block 142) failed [ 109.836988] FAT-fs (loop3): Directory bread(block 143) failed [ 109.844135] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 109.844715] FAT-fs (loop3): Filesystem has been set read-only [ 109.929227] loop3: detected capacity change from 0 to 6 [ 109.934383] FAT-fs (loop3): Directory bread(block 6) failed [ 109.934851] FAT-fs (loop3): Directory bread(block 7) failed [ 109.940853] FAT-fs (loop3): Directory bread(block 8) failed [ 109.941342] FAT-fs (loop3): Directory bread(block 9) failed [ 109.951837] FAT-fs (loop3): Directory bread(block 138) failed [ 109.961968] FAT-fs (loop3): Directory bread(block 139) failed [ 109.962474] FAT-fs (loop3): Directory bread(block 140) failed [ 109.962942] FAT-fs (loop3): Directory bread(block 141) failed [ 109.964560] FAT-fs (loop3): Directory bread(block 142) failed [ 109.965035] FAT-fs (loop3): Directory bread(block 143) failed [ 109.968150] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 109.968691] FAT-fs (loop3): Filesystem has been set read-only [ 109.968710] loop6: detected capacity change from 0 to 32767 08:54:05 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 08:54:05 executing program 7: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ff", 0x26, 0x1e0}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010000ee870325132510000e870325103", 0x5b, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8982, 0x0) 08:54:05 executing program 5: r0 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0xa, r0, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000800)='\x00') 08:54:05 executing program 3: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ff", 0x26, 0x1e0}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010000ee870325132510000e870325103", 0x5b, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8982, 0x0) [ 110.006758] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#2] SMP KASAN NOPTI [ 110.007700] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 110.008306] CPU: 1 UID: 0 PID: 4029 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 110.009245] Tainted: [D]=DIE, [W]=WARN [ 110.009552] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.010215] RIP: 0010:__queue_work+0x202/0x1240 [ 110.010604] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 110.012034] RSP: 0018:ffff888045e16ec0 EFLAGS: 00010056 [ 110.012459] RAX: 0000000000000000 RBX: ffff88800eb9b418 RCX: ffffc90005e18000 [ 110.013021] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 110.013588] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff0f128f4 [ 110.014149] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 110.014708] R13: 0000000000000000 R14: 0000000000000001 R15: ffff88804565d800 [ 110.015271] FS: 00007fb478b3f700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 110.015933] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.016411] CR2: 00007fb2be1fb000 CR3: 000000001dd61000 CR4: 0000000000350ef0 [ 110.016995] Call Trace: [ 110.017212] [ 110.017397] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 110.017792] queue_work_on+0xd0/0xe0 [ 110.018103] loop_queue_rq+0x5c8/0x1180 [ 110.018435] __blk_mq_issue_directly+0xd5/0x260 [ 110.018822] ? __pfx___blk_mq_issue_directly+0x10/0x10 [ 110.019251] ? blk_mq_put_tag+0x101/0x160 [ 110.019590] ? bdev_count_inflight_rw.part.0+0x5f/0x380 [ 110.020020] blk_mq_request_issue_directly+0x11c/0x1e0 [ 110.020441] blk_mq_issue_direct+0x192/0x640 [ 110.020800] ? __blk_mq_alloc_requests+0xa16/0x15a0 [ 110.021214] blk_mq_dispatch_queue_requests+0x4b0/0x7c0 [ 110.021652] blk_mq_flush_plug_list+0x1ec/0x5b0 [ 110.022029] ? read_tsc+0x9/0x20 [ 110.022320] ? ktime_get+0x16d/0x270 [ 110.022628] ? trace_block_plug+0x149/0x1b0 [ 110.022979] ? blk_add_rq_to_plug+0x234/0x550 [ 110.023344] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 110.023764] ? blk_mq_submit_bio+0x4fd/0x2220 [ 110.024132] __blk_flush_plug+0x25c/0x460 [ 110.024470] ? __pfx___blk_flush_plug+0x10/0x10 [ 110.024846] ? __pfx_perf_trace_lock+0x10/0x10 [ 110.025223] __submit_bio+0x480/0x5b0 [ 110.025533] ? __pfx___submit_bio+0x10/0x10 [ 110.025886] ? submit_bio_noacct_nocheck+0x353/0xcb0 [ 110.026396] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 110.026822] ? read_tsc+0x9/0x20 [ 110.027103] ? ktime_get+0x16d/0x270 [ 110.027411] submit_bio_noacct_nocheck+0x68e/0xcb0 [ 110.027806] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 110.028245] ? __pfx_bio_alloc_bioset+0x10/0x10 [ 110.028638] submit_bio_noacct+0x359/0x1350 [ 110.028995] block_read_full_folio+0x457/0x760 [ 110.029374] ? __pfx_blkdev_get_block+0x10/0x10 [ 110.029779] ? __pfx_blkdev_read_folio+0x10/0x10 [ 110.030163] filemap_read_folio+0x4a/0x1e0 [ 110.030514] do_read_cache_folio+0x1d6/0x500 [ 110.030871] ? __pfx_blkdev_read_folio+0x10/0x10 [ 110.031266] read_part_sector+0xd1/0x2f0 [ 110.031615] read_lba+0x1b8/0x380 [ 110.031922] ? __kmalloc_cache_noprof+0x26f/0x690 [ 110.032327] ? __pfx_read_lba+0x10/0x10 [ 110.032669] efi_partition+0x281/0x28e0 [ 110.033007] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 110.033472] ? __asan_memcpy+0x3d/0x60 [ 110.033802] ? vsnprintf+0x33a/0x1160 [ 110.034134] ? __pfx_efi_partition+0x10/0x10 [ 110.034521] ? snprintf+0xbe/0x100 [ 110.034836] ? __pfx_snprintf+0x10/0x10 [ 110.035170] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 110.035563] ? trace_kmalloc+0x1f/0xb0 [ 110.035896] ? __pfx_efi_partition+0x10/0x10 [ 110.036279] bdev_disk_changed+0x78b/0x1440 [ 110.036643] ? __pfx___mutex_lock+0x10/0x10 [ 110.037008] ? __pfx_bdev_disk_changed+0x10/0x10 [ 110.037399] ? loop_set_status+0x5bb/0xa80 [ 110.037759] loop_reread_partitions+0x70/0x140 [ 110.038132] loop_set_status+0x697/0xa80 [ 110.038465] lo_ioctl+0x17b/0x1c70 [ 110.038763] ? __pfx_lo_ioctl+0x10/0x10 [ 110.039096] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 110.039473] ? lock_acquire+0x18c/0x2f0 [ 110.039799] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 110.040218] ? blkdev_common_ioctl+0x1cd/0x21d0 [ 110.040592] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 110.040985] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 110.041404] ? do_vfs_ioctl+0x125/0x1470 [ 110.041785] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 110.042146] ? ioctl_has_perm.constprop.0.isra.0+0x331/0x4e0 [ 110.042645] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 110.043159] ? __pfx_do_sys_openat2+0x10/0x10 [ 110.043528] ? __fget_files+0x11b/0x3b0 [ 110.043854] ? __pfx_lo_ioctl+0x10/0x10 [ 110.044193] blkdev_ioctl+0x27c/0x6c0 [ 110.044518] ? __pfx_blkdev_ioctl+0x10/0x10 [ 110.044874] ? selinux_file_ioctl+0xb9/0x280 [ 110.045250] ? __pfx_blkdev_ioctl+0x10/0x10 [ 110.045611] __x64_sys_ioctl+0x18f/0x210 [ 110.045957] do_syscall_64+0xbf/0x360 [ 110.046277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.046712] RIP: 0033:0x7fb47b5c98d7 [ 110.047026] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 110.048466] RSP: 002b:00007fb478b3eef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 110.049066] RAX: ffffffffffffffda RBX: 00007fb478b3ef40 RCX: 00007fb47b5c98d7 [ 110.049639] RDX: 00007fb478b3f050 RSI: 0000000000004c04 RDI: 0000000000000006 [ 110.050202] RBP: 00007fb47b623f6d R08: 0000000000000000 R09: 0000000000000000 [ 110.050767] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fb478b3f050 [ 110.051329] R13: 00007ffd8c04b1cf R14: 00007fb478b3f300 R15: 0000000000022000 [ 110.051899] [ 110.052091] Modules linked in: [ 110.052355] ---[ end trace 0000000000000000 ]--- [ 110.052731] RIP: 0010:__queue_work+0x202/0x1240 [ 110.053107] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 110.054545] RSP: 0018:ffff888015ba7168 EFLAGS: 00010012 [ 110.054968] RAX: 0000000003c93980 RBX: ffff888040b73c18 RCX: ffffc9000b644000 [ 110.055530] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 110.056092] RBP: 000000001e49cc00 R08: 0000000000000001 R09: fffffbfff0f128f4 [ 110.056655] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 110.057238] R13: 0000000000000001 R14: 0000000000000000 R15: ffff88803958d800 [ 110.057833] FS: 00007fb478b3f700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 110.058490] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.058953] CR2: 00007fb2be1fb000 CR3: 000000001dd61000 CR4: 0000000000350ef0 [ 110.059522] note: syz-executor.4[4029] exited with irqs disabled [ 110.060205] note: syz-executor.4[4029] exited with preempt_count 1 [ 110.060757] ------------[ cut here ]------------ [ 110.061830] WARNING: kernel/exit.c:898 at do_exit+0x1c36/0x2970, CPU#1: syz-executor.4/4029 [ 110.063249] Modules linked in: [ 110.063533] CPU: 1 UID: 0 PID: 4029 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 110.064643] Tainted: [D]=DIE, [W]=WARN [ 110.064976] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.065803] RIP: 0010:do_exit+0x1c36/0x2970 [ 110.066277] Code: 96 0a 00 00 c7 43 18 00 00 00 00 e9 21 e6 ff ff e8 ef b3 38 00 bf 02 24 00 00 e8 f5 ab 0b 00 e9 41 ff ff ff e8 db b3 38 00 90 <0f> 0b 90 e9 87 e4 ff ff e8 cd b3 38 00 4c 89 e6 bf 05 06 00 00 e8 [ 110.067899] RSP: 0018:ffff888045e17e40 EFLAGS: 00010246 [ 110.068444] RAX: 0000000000040000 RBX: 0000000000000200 RCX: ffffc90005e18000 [ 110.069009] RDX: 0000000000040000 RSI: ffffffff813b42d5 RDI: ffff8880437ae468 [ 110.069689] RBP: ffff8880437ad280 R08: 0000000000000001 R09: fffffbfff0f126d8 [ 110.070404] R10: 0000000000000200 R11: 0000000000000001 R12: 000000000000000b [ 110.071129] R13: 0000000000002710 R14: dffffc0000000000 R15: 0000000000000000 [ 110.071699] FS: 00007fb478b3f700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 110.072482] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.072947] CR2: 00007fb2be1fb000 CR3: 000000001dd61000 CR4: 0000000000350ef0 [ 110.073668] Call Trace: [ 110.073881] [ 110.074171] ? _printk+0xbe/0xf0 [ 110.074456] ? __pfx__printk+0x10/0x10 [ 110.074775] ? __pfx_do_exit+0x10/0x10 [ 110.075210] make_task_dead+0x174/0x3b0 [ 110.075540] ? do_syscall_64+0xbf/0x360 [ 110.075862] rewind_stack_and_make_dead+0x16/0x20 [ 110.076378] RIP: 0033:0x7fb47b5c98d7 [ 110.076679] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 110.078269] RSP: 002b:00007fb478b3eef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 110.078908] RAX: ffffffffffffffda RBX: 00007fb478b3ef40 RCX: 00007fb47b5c98d7 [ 110.079640] RDX: 00007fb478b3f050 RSI: 0000000000004c04 RDI: 0000000000000006 [ 110.080343] RBP: 00007fb47b623f6d R08: 0000000000000000 R09: 0000000000000000 [ 110.080911] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fb478b3f050 [ 110.081603] R13: 00007ffd8c04b1cf R14: 00007fb478b3f300 R15: 0000000000022000 08:54:05 executing program 3: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8fffffff0ff", 0x26, 0x1e0}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010000ee870325132510000e870325103", 0x5b, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8982, 0x0) [ 110.082319] [ 110.082764] irq event stamp: 18340 [ 110.083180] hardirqs last enabled at (18339): [] irqentry_exit+0x3b/0x90 [ 110.084023] hardirqs last disabled at (18340): [] __schedule+0x16dd/0x3590 [ 110.084812] softirqs last enabled at (18334): [] handle_softirqs+0x50c/0x770 [ 110.085642] softirqs last disabled at (18325): [] __irq_exit_rcu+0xc4/0x100 [ 110.086455] ---[ end trace 0000000000000000 ]--- [ 110.094172] kmemleak: Found object by alias at 0x607f1a63646c [ 110.094185] CPU: 1 UID: 0 PID: 3889 Comm: kworker/1:3 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 110.094204] Tainted: [D]=DIE, [W]=WARN [ 110.094208] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.094216] Workqueue: events destroy_super_work [ 110.094237] Call Trace: [ 110.094240] [ 110.094244] dump_stack_lvl+0xca/0x120 [ 110.094266] __lookup_object+0x94/0xb0 [ 110.094283] delete_object_full+0x27/0x70 [ 110.094299] free_percpu+0x30/0x1160 [ 110.094317] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 110.094332] percpu_free_rwsem+0x53/0xa0 [ 110.094349] destroy_super_work+0xe3/0x150 [ 110.094367] process_one_work+0x8e1/0x19c0 [ 110.094385] ? __pfx_process_one_work+0x10/0x10 [ 110.094399] ? move_linked_works+0x172/0x270 [ 110.094419] ? assign_work+0x196/0x240 [ 110.094433] worker_thread+0x67e/0xe90 [ 110.094447] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 110.094461] ? __pfx_worker_thread+0x10/0x10 [ 110.094476] kthread+0x3c8/0x740 [ 110.094489] ? __pfx_kthread+0x10/0x10 [ 110.094501] ? ret_from_fork+0x23/0x430 [ 110.094519] ? lock_release+0xc8/0x290 [ 110.094533] ? __pfx_kthread+0x10/0x10 [ 110.094545] ret_from_fork+0x34b/0x430 [ 110.094562] ? __pfx_kthread+0x10/0x10 [ 110.094574] ret_from_fork_asm+0x1a/0x30 [ 110.094595] [ 110.094599] kmemleak: Object (percpu) 0x607f1a636468 (size 8): [ 110.094606] kmemleak: comm "syz-executor.0", pid 274, jiffies 4294772005 [ 110.094614] kmemleak: min_count = 1 [ 110.094617] kmemleak: count = 0 [ 110.094621] kmemleak: flags = 0x21 [ 110.094625] kmemleak: checksum = 0 [ 110.094629] kmemleak: backtrace: [ 110.094632] pcpu_alloc_noprof+0x87a/0x1170 [ 110.094648] __alloc_workqueue+0x74b/0x1820 [ 110.094665] alloc_workqueue_noprof+0xc7/0x200 [ 110.094675] ieee80211_register_hw+0x1ec5/0x3e00 [ 110.094689] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 110.094704] hwsim_new_radio_nl+0xb0d/0x1250 [ 110.094715] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 110.094728] genl_rcv_msg+0x532/0x7e0 [ 110.094738] netlink_rcv_skb+0x147/0x430 [ 110.094756] genl_rcv+0x28/0x40 [ 110.094765] netlink_unicast+0x5a7/0x870 [ 110.094781] netlink_sendmsg+0x8ac/0xd80 [ 110.094797] __sys_sendto+0x506/0x570 [ 110.094813] __x64_sys_sendto+0xe1/0x1c0 [ 110.094828] do_syscall_64+0xbf/0x360 [ 110.094838] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:54:05 executing program 5: open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$mouse(&(0x7f0000000600), 0x80000001, 0x0) syz_mount_image$tmpfs(&(0x7f0000000680), &(0x7f00000006c0)='./file0\x00', 0x0, 0x4, &(0x7f0000001ac0)=[{&(0x7f0000000700)="db64df61c4fcadbd794b5b81c485b08ea37d230f434c1701ddc6827a71472805c0ef7c4414bb6762c12100892dad43a1341ee1c9656f96117de457b7867bd50e46c026064c19ea4942da01ee30bd21790ff4ad1e48d69ee7fa454c57006d4e1579b127a37f41ac6b64c1a15fd1137ee7d65d4cdbb3da97", 0x77, 0xd1}, {&(0x7f0000000780)="8f47208f91776a3b91a9eaabc72c60d47cfa58c98d", 0x15, 0x2}, {&(0x7f0000000880)="75cfac141bbc3553e46b0da4afaa91edab33f0f6b998b6cad0aed4130b64dfe32a9c2e391c1250e5d9ba861bf3d5901e704bcd5fb7905432ac1b00697942bdff17885d0c75dbc5cec64093d5cfed5644b9224375932dcfe9388b98a35e01396b0bfa36e86d54970e397568a71fffa76543ff8582b4548dd17902b67d57b34f882041409709c113f14dfa2d5423988fbbefa2584358ac1e2d57a24161c5ffc6ace171c846c3a3d7363dc0cb7b45f0c95636f1761cab135fca1773386f349b08324b82f2a8193b5737fb0f7a7d9203cd11399b23f087a6d08c821b943b1fe1980f6c05c2e2f471aed43570cb7d9a139396c72a62b2578cd0296e5aa026298e69bb42a87fe9cfadf9f7884b7f56eae789b1c6cf0e46ddb3367b38014105930c140fc8101252bbb54573431c0955d890156e87a8c03e7d682a51c3a03d018d3bfe96de60c7127372f7b6f4cd1c899727865e3336692772e572d64baa974b5b4ac3648a79484ac2ac17182c138d87d41c22b27affa7553043f37f097ec1bfa78d4ebcdef4272902f500f8353ba3154e6a32375f7e8e1b4ae45869c382c25b25412f0f64670466c19047ae747831d2d92f3b5856cb1c8f7224785430968a59288e80caeeea6d3f1e74db84427aa4e9a2512759e889809566167f4294983aa2c21b820f98c8ee852095300dfe8d38d1450262cdd98c12b0149343d6c4f16e07faa6411dede29ccf84fc91e55e32e03356395ba60fb69c7e57054c628296bdfeaadad6613f752689b80858d9b97f8958762f91e9d54fa2116f217d2f1b2a23db4c8da66f81e7f2f5de488f3b74f5213a67d3c237ad2cf1816b879a22360ea6978bece5fb2edf4b84e3a7395742594f47f6ec386e987b7001e27876e8c7002798ebb3004d4fa939c3688129cc3a909ab49538abbe08ac53deb95628ac1435a51d570c694abfbd8b04f70fb21ea9575791487c85e832a7dc9793907a803a0d1b8fd4129a46528cb389e40a33b1c9993da959cff3c4c9736d2293ab455486f8f7fb9df2da479b28208a567a08cc3cc2ed5d3a52d671b1f10b47323ec288af3feffdd00caf433fa2d2d654ecc98196906db4f7c4fc780e63fe48e2e3c6a85997a114cf5f6ca628025eb6b9ae3c4772fc14500177ec0ffc6266ae2f8995daf44dbba8390e3ffeef983297821df5b3a0e6a8beefe0236e9ae3994981af71fd96151c4bc8d08e05df2d15c12f647e236db565917e149eaccb3d2629381a227159845fe2530afc007eabcd2bb728ecba04d155ff29002287f50fe7b62c93d3ed6c779128f093ce8a1ecfbec751b00d1c7930bf3d44de6b9d8029e4fde96ae6fec941a3b3dc0ce110627af19f43aaa9a693c794efacf6c51546fae1e4cdd8893c308a58e436a78cd2b8f19c6f1794a47a902a0d4666cf293ac529446b6eafe3cc4fff1d129e69623ad8b557cdd879ed3700e012c82c0b64050f5c3245facc40fa1720ea9543788eea637ca31dbcbe680822fe804466f6b95430a997c5cd39f1d1e0ac9fd76b848684d8ebe78643609693682c1f01aa9cdc198a0249462ac6f4baa40feea36431fe115036b31e451395d02f7649728423769ebb7cab6dc67bc701b92bb40f6c5576dd21f2c6de3290f3dcf1e2dcd512e5f3d15021bc3c4d345807e528ada28cd070a36fe804c6febbce48e28eb2f8fbb2cb7bb71051294eebd3432b1fc84a292ada997dccadc8a422c128571988999f147a798bd27bd417b99370a7bb5f80a3ac4314be7fbd4966f6a4c4cdca3fed1ce266947e0ccf56c63f40b9b035486552d019e8f7512d3b7a20ce8d23a790668e235294e2b54deb5d52fa27441c70e6dbc752b792c3e616502d7e099354ca4365373d575ed19e37c80113ef001afa1e36413d547d5033ee3fd5062e93cd09d92a42f53875e4321ac506e846d3572aef0d59df1bbb5dd89d32f4478a4b12c3e66760a90c744f7e96020bbcef68d18b18d1f1ca9fa01a33651c03c339fecd7bb6865864734087a0f567c76be72aac8a16e451e3e36a82b83f5a42e8f8ee8de79c83b03e0a870932867670b9655dffda7ac98ab8aba8cdd1808ecd0e40f990b1465fc8d7a5d7a3f5e6e2c7941aacb7fcdca39b15f92459fe33fc04749842fdba8981c6343923a635e9dc39e4113b5ef22f81ea6c84643dd42106d35cbaea6f728d43be6e9a12db4e17a5601e98cec75a6c726f33b40fd355909606f98eeed80c1cdda0dc98b173a7b3efda69ae94ec3900ebf109f548fa40b5cb6d7ca31a0e6060ed5f7b037ec2bca29d23a1552db0e0a7438c7dceeecdb10a93b23ee926e52056fb725fee78eda2d26a72ef5eab35a7065ef54b0d88186c3a546a14dfede815f20e8b45fa4837e0009e0dd4a4e59da4e73a0ddd3d5e280ee456fe5ad31449ae35b2c16a6ee5b3c8e3054efd8d07dc304bcd81c18f403a2778990b40e9dca7715f9e40287428543a98fb55cec76caea01d9bd5a6f8979d822776d5a385fd898c0ec2976d651ae1964b68550b59c1efa04759f169a322286c33a5ab81c7a0ed57eee24d662395b566220cda1787dab2ba9cb81d58eb66bfa4f23a678976b15760fa81ece9bf868ba86c4a2977a1494e58b0c921b49a186ebd0eaa949e3679d4da56e351868702185106f50c262cd96273b23107487254abfd36c26cb1c5fdbd166fcb95215f843bb80f5d8dd9820697ccfb1e4e29f1b15e04f2ffe97c82b375790c3d9b4da9de264f353c675915f9e7064b334cdfc34b7c2520d6a43c6772ee76ce29304653219142d3eb3f442d2b3e38bb8f92dd25cbbd51fbd74cd9489fcbc297ac778e36dfbfd0298356faa8ba67c0435068dfc88f5bb9569bbf8ecc95e76527750049e7803893eaeee1bdcd3288a07160a57ad8e8d320f18d504dfae6a88b23f798fcf1ac54afe2a45e11dfc67b6820789bf80ef06635f5f01b1a11188bf819648fc32f8f5ca686bace82362dad34039696e50d1884bea571bec1b99e03d7d976fd5bd8404d589a478ea5d9956c045b4150d6eac4d63957da52c6109b4bf0b7719fa15a4ea2c3a397e104808c582a88dfff493133d9cc4f16571cc75b13b4a99bfae7db655912f3cc6998116fed7665fe479196a41fdc1ba2b80a73235948f4abae505d85071ec34477f969175296ba5ba6fe3420d39cd68529296b134b95342eee8155136e8fbc6ec6ab857d47d2218cf784164e4bf925939835e791cf59cfce966228ff6f5c57646f63746a3acf9f34533ea70f8e1ce9e949b5d216e0be5232cb145f8bb1b626408bdd55d717f358a5b8273c2bd3cc49eee548ed8737da0760a00f21622bfe314abfe387bfb9a894ef0b875bcc12831d5c5d547fbfbabcf69b03fb00efafcf27fa7d1882a93e4a30cbe0a07d01ad81fe46c95546c7ec5ae7a9a8736ba02bf94632f2d9a0c355e8a8d5c98b081af295fd0a2158b5d7ed52ab75c8bed0bcdb4616788df86516b3c47dcb5095ff4a2267bc876aa012e549435ab684cf94aef526d227c9e5e4d6970c79fcf420a409833de12ff53df7272ec1624f7d068370d9e2fa645fab2f02e046b38258e033b417608fa5ea495efbf75410bddaa1623d9d81368cedad2ece981b8d1bae59ada4258f32fba0d7d663e109f8cf7ba66039526107292d77e0104f9c4de50ff1df1dddac8d731ad37d219aaea0d033ee06fbfcfd509fe88e0255477b2a6f40699e7d1c829af1d98c786e24e01e9538f2079360fc72ff192b8708602b1c9c15dbe4d310a05d774877fe2a346141c9c7d14dd1b090255d57a81cc2300dd382a2b664d1d520ea614c03f22bbb6f4d3798f81a64c1784fcc8d5786630cf0e8415bd6d7557a80b7d53a479668ed8d3a7a2628d54da3bdaf4b2d44367eeaa485aa8c6f946be84d0024edda812fc64e7d199d4f6f47cd26d5c23375ca4f51b6a06199ae395c3c28f85180270642b68ae2ae6933458cc60a2df93efcb84b725c52574e70458119b824ef9761d187168dc73b6b0bdfb5c2e8d3aaf509ef28f99b659fceafc633d528e73152988b2ca683cb3c6665044dad991a541e9f51c4f3bb3b97544a3c52f52191e8d4d01fd2af164ac1d268680ed973e60a554df6b33dc41571d3e00296b04ae5bbb4eb4168c6b25ee7b07567958936e1e8559e4e161e8d07faf004fd219df97e0ba5452f539c376d7392c31990d0076ba944d3c3acd4505e58bef3c42de8ded4ad210c17401f028bec3d5bc58724a27b34edbcf0d5b31e591b1aa32a83cea10378a1730c23d9d14e2d1ef80fbf652f7ff2fe8d9dd7186e2446a4a66a61ddca31f61be94db7a1fd2c6920696b15a253a1864ae53dba0733553243697e68f48391989a50e2028fcc12d726e31f3ba7ebe0edd47b3768949089bb5c101562f2a317c8e8ec311dea5ceae2a55220a016d08d46dc819b6b735906231c99191bae3c3f059e7d9a481803781639b788dad32cae7f96029eb8ed3c31f81b800c8e9e0c6f86e12bb0d7bc36949017331954f7b873133395fc910413986dd88f92454117aafbbcd2bfe8c4be5d3ae9f700fa1eed986799a79a77cfc7a7aedc314035126bf84435bd42e88cf2e5964bc68725295bddeed8a914776c3c9fa1c8222ed5278219c3acece72536f5e720ed6774da14f4fe5b21bd353d30ac53f0e482cae5e04f90ccf6f0b9594665a5bc3ebf0b2bda2d97be4ea14d59a88a3f873ff7bfe5965a29dbcee14e2b4842ae7b5b19b62125a4cebeddd0cecca714769f46ba4e0888a810cdc856abfeb711a9270acb57e289c8664b3eb23c83d48bbd8491dfae5cc80e220d6de3c452f5550770576226df26db367d0157c80ca46b5ac7867f39a293f71b46e0678ab545b4779d04fa35cf7671b76490d153aa7221d66340de66ef7ddfe9c5acbec1a215d050fed3dddd3fdf5c6cc99a0d97b2a40056b285264af51cb0d66c37b87a4a8d19887a16453f1aa9f8754d922b7080aca263b8774d5c386f0f1791da1a11da2aca244f1630b7b70c086b6f61fa0205b23eefd825eb8912d392ffa4a15111d2749e20e5b3fd129aec4cf8d4a0b99d8da9a5be64b003ecf409afdab9cb65e26d5c34777de2047ee388118e1697beb60149a15dc91e859c84c2291c6f32eaf4a89df5429497567ab337089b0e5b662dc46cdc574ecd752d35adbbbe81358b6ade8000f4ddeefcf451b069956cf3ab9dcb864a884ad9d5ca1a62b774d1cde35958d9b74281aaa5bae18e73e5f0c118d01e46ce70d4ad1a5d28728e3aa051c1ef3e065d047cb5607e7cbf0b25c547472934fc1bf36d98ecf88b7c1e610a463555b0b51d168f690d001e21cb2f6c6fd5716786bf12a3fa22d4dd27187f577842032cb741337beb90a254f0e2234a27d6ab16eec238fddfa875f9cfb604274221e3c7c41079d8d025e5a7006cf9984c3cc8e0991b4cfd17f4332506e5912d92e2a129808e3c0a2b3828164fe69db362e0dd4ea9fcd5409f10daa666a1d53a037fe4edf631c24b309360b079c1843e2d68272455f1e52617623b5a02c7d491fe15bf73291299960dd9a0076245790d2282e51268c08733d5ade28babd944634e41d6e50d34c6e4648ff6efbf307651a19cb0006c4f57893cf8ae43899e41ad466d16882feff67ba005fce7f0d9da79538d45c3c9c3e2965b63bd468be11893a90c9a1f8a038c4bcfbecb1e67b29b63620f42fa1b10e49d0ea2af94163d110fd4f98bb61cfe5c179e30f14b4fde7d1029cced764e8da4735952802034d9a8cf08e878c0e63fc10bdabce854553b7f9e34d9d387c81ac2fefe1a1b", 0x1000, 0x80000001}, {0x0}], 0x882400, &(0x7f0000001b80)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}, {@huge_always}]}) lremovexattr(0x0, &(0x7f0000004940)=@known='user.incfs.metadata\x00') [ 110.126398] kmemleak: Automatic memory scanning thread ended [ 110.154744] loop5: detected capacity change from 0 to 264192 [ 110.172571] loop5: detected capacity change from 0 to 264192 [ 110.293251] ================================================================== [ 110.294267] BUG: KASAN: slab-use-after-free in __mutex_lock+0xc72/0x1020 [ 110.295185] Read of size 4 at addr ffff8880437ad2b4 by task syz-executor.4/283 [ 110.296140] [ 110.296384] CPU: 0 UID: 0 PID: 283 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 110.296418] Tainted: [D]=DIE, [W]=WARN [ 110.296425] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.296437] Call Trace: [ 110.296444] [ 110.296452] dump_stack_lvl+0xca/0x120 [ 110.296485] print_report+0xcb/0x610 [ 110.296514] ? __virt_addr_valid+0x100/0x5d0 [ 110.296547] ? __mutex_lock+0xc72/0x1020 [ 110.296578] ? __mutex_lock+0xc72/0x1020 [ 110.296609] kasan_report+0xca/0x100 [ 110.296638] ? __mutex_lock+0xc72/0x1020 [ 110.296674] __mutex_lock+0xc72/0x1020 [ 110.296705] ? bdev_open+0x3e9/0xe40 [ 110.296726] ? find_inode_fast+0x261/0x610 [ 110.296754] ? __pfx___mutex_lock+0x10/0x10 [ 110.296790] ? __pfx_ilookup+0x10/0x10 [ 110.296816] ? _atomic_dec_and_lock+0x96/0x110 [ 110.296847] ? disk_block_events+0x21/0x140 [ 110.296870] bdev_open+0x3e9/0xe40 [ 110.296891] ? iput+0x62/0x80 [ 110.296917] blkdev_open+0x277/0x400 [ 110.296943] do_dentry_open+0x71c/0x1420 [ 110.296967] ? __pfx_blkdev_open+0x10/0x10 [ 110.296995] vfs_open+0x82/0x3f0 [ 110.297022] ? may_open+0x1f3/0x420 [ 110.297053] path_openat+0x1c3f/0x2880 [ 110.297081] ? __pfx_path_openat+0x10/0x10 [ 110.297102] ? __kasan_slab_free+0x3f/0x50 [ 110.297128] ? kmem_cache_free+0x2a1/0x540 [ 110.297149] ? __pfx_perf_trace_lock+0x10/0x10 [ 110.297173] ? xas_start+0x14e/0x710 [ 110.297195] do_filp_open+0x1e8/0x450 [ 110.297217] ? __pfx_do_filp_open+0x10/0x10 [ 110.297246] ? alloc_fd+0x2c1/0x560 [ 110.297265] ? lock_release+0x1c7/0x290 [ 110.297292] ? alloc_fd+0x2c1/0x560 [ 110.297316] do_sys_openat2+0x104/0x1b0 [ 110.297345] ? __pfx_do_sys_openat2+0x10/0x10 [ 110.297377] ? putname.part.0+0x11b/0x160 [ 110.297408] __x64_sys_openat+0x142/0x200 [ 110.297438] ? __pfx___x64_sys_openat+0x10/0x10 [ 110.297476] do_syscall_64+0xbf/0x360 [ 110.297497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.297518] RIP: 0033:0x7fb47b57ca04 [ 110.297534] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 110.297554] RSP: 002b:00007ffd8c04b3a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 110.297584] RAX: ffffffffffffffda RBX: 00007ffd8c04b4a0 RCX: 00007fb47b57ca04 [ 110.297598] RDX: 0000000000000002 RSI: 00007ffd8c04b4e0 RDI: 00000000ffffff9c [ 110.297611] RBP: 00007ffd8c04b4e0 R08: 0000000000000000 R09: 00007ffd8c04b2b0 [ 110.297624] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 110.297637] R13: 0000000000000000 R14: 0000000000000006 R15: 00007ffd8c04b4e0 [ 110.297659] [ 110.297666] [ 110.330926] Allocated by task 4025: [ 110.331407] kasan_save_stack+0x24/0x50 [ 110.331947] kasan_save_track+0x14/0x30 [ 110.332487] __kasan_slab_alloc+0x59/0x70 [ 110.333043] kmem_cache_alloc_node_noprof+0x21a/0x690 [ 110.333740] copy_process+0x461/0x73c0 [ 110.334267] kernel_clone+0xea/0x7f0 [ 110.334762] __do_sys_clone+0xce/0x120 [ 110.335281] do_syscall_64+0xbf/0x360 [ 110.335798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.336484] [ 110.336715] Freed by task 22: [ 110.337136] kasan_save_stack+0x24/0x50 [ 110.337673] kasan_save_track+0x14/0x30 [ 110.338203] __kasan_save_free_info+0x3a/0x60 [ 110.338813] __kasan_slab_free+0x3f/0x50 [ 110.339359] kmem_cache_free+0x2a1/0x540 [ 110.339899] rcu_core+0x7c8/0x1800 [ 110.340378] handle_softirqs+0x1b1/0x770 [ 110.340931] run_ksoftirqd+0x2e/0x60 [ 110.341434] smpboot_thread_fn+0x41d/0x9d0 [ 110.342023] kthread+0x3c8/0x740 [ 110.342477] ret_from_fork+0x34b/0x430 [ 110.343132] ret_from_fork_asm+0x1a/0x30 [ 110.343679] [ 110.343916] Last potentially related work creation: [ 110.344568] kasan_save_stack+0x24/0x50 [ 110.345114] kasan_record_aux_stack+0x89/0xa0 [ 110.345722] __call_rcu_common.constprop.0+0x70/0x960 [ 110.346425] delayed_put_task_struct+0xde/0x260 [ 110.347052] rcu_core+0x7c8/0x1800 [ 110.347536] handle_softirqs+0x1b1/0x770 [ 110.348090] __irq_exit_rcu+0xc4/0x100 [ 110.348633] irq_exit_rcu+0x9/0x20 [ 110.349118] sysvec_apic_timer_interrupt+0x70/0x80 [ 110.349788] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 110.350492] [ 110.350726] Second to last potentially related work creation: [ 110.351494] kasan_save_stack+0x24/0x50 [ 110.352035] kasan_record_aux_stack+0x89/0xa0 [ 110.352640] __call_rcu_common.constprop.0+0x70/0x960 [ 110.353333] put_task_struct_rcu_user+0x75/0xc0 [ 110.353970] __schedule+0xe86/0x3590 [ 110.354479] schedule+0xdb/0x390 [ 110.354950] worker_thread+0x156/0xe90 [ 110.355479] kthread+0x3c8/0x740 [ 110.355945] ret_from_fork+0x34b/0x430 [ 110.356476] ret_from_fork_asm+0x1a/0x30 [ 110.357018] [ 110.357249] The buggy address belongs to the object at ffff8880437ad280 [ 110.357249] which belongs to the cache task_struct of size 6784 [ 110.358858] The buggy address is located 52 bytes inside of [ 110.358858] freed 6784-byte region [ffff8880437ad280, ffff8880437aed00) [ 110.360409] [ 110.360640] The buggy address belongs to the physical page: [ 110.361369] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x437a8 [ 110.362381] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 110.363360] memcg:ffff888043865c01 [ 110.363816] flags: 0x100000000000040(head|node=0|zone=1) [ 110.364510] page_type: f5(slab) [ 110.364948] raw: 0100000000000040 ffff888008ff7640 dead000000000100 dead000000000122 [ 110.365943] raw: 0000000000000000 0000000000040004 00000000f5000000 ffff888043865c01 [ 110.366935] head: 0100000000000040 ffff888008ff7640 dead000000000100 dead000000000122 [ 110.367934] head: 0000000000000000 0000000000040004 00000000f5000000 ffff888043865c01 [ 110.368945] head: 0100000000000003 ffffea00010dea01 00000000ffffffff 00000000ffffffff [ 110.369953] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 110.370962] page dumped because: kasan: bad access detected [ 110.371680] [ 110.371906] Memory state around the buggy address: [ 110.372533] ffff8880437ad180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 110.373456] ffff8880437ad200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 110.374389] >ffff8880437ad280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 110.375314] ^ [ 110.375940] ffff8880437ad300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 110.376869] ffff8880437ad380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 110.377796] ================================================================== VM DIAGNOSIS: 08:54:05 Registers: info registers vcpu 0 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888015ba6ac0 R8 =0000000000000000 R9 =ffffed1001727046 R10=0000000000000030 R11=552030203a555043 R12=0000000000000030 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f2605602700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe2c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020420000 CR3=000000001de1f000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=ffffffffffffffffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff XMM04=ffffffffffffffffffffffffffffffff XMM05=20202020202030454c4946ffffffff00 XMM06=00ffffffffffffffffffff0000fc000f XMM07=00300065006c00690066410000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000020415080 RCX=0000000000000010 RDX=0000000000000000 RSI=0000000020416000 RDI=ffff8880492ebf80 RBP=ffff888045e17da0 RSP=ffff888045e17a20 R8 =0000000000000001 R9 =ffffed100925d7ff R10=ffff8880492ebfff R11=0000000000000000 R12=ffff888045e17d98 R13=ffff8880492eb000 R14=0000000000001000 R15=dffffc0000000000 RIP=ffffffff81001280 RFL=00040046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fb478b3f700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe2300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020416000 CR3=000000001dd61000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000000000000000000000ffffffff XMM02=7463656a6e695f31313230385f7a7973 XMM03=ffffffff81be6a7effffffff81be6a53 XMM04=ffffffff81be6e89ffffffff81be6c9a XMM05=ffffffff81be6c1affffffff81be6be5 XMM06=ffffffff81be6bc8ffffffff81be6a7e XMM07=ffffffff81be6a53ffffffff81be6a0d XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000