Warning: Permanently added '[localhost]:32698' (ECDSA) to the list of known hosts. 2025/08/29 08:58:15 fuzzer started 2025/08/29 08:58:16 dialing manager at localhost:43077 syzkaller login: [ 56.251557] cgroup: Unknown subsys name 'net' [ 56.342815] cgroup: Unknown subsys name 'cpuset' [ 56.382839] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:58:26 syscalls: 2214 2025/08/29 08:58:26 code coverage: enabled 2025/08/29 08:58:26 comparison tracing: enabled 2025/08/29 08:58:26 extra coverage: enabled 2025/08/29 08:58:26 setuid sandbox: enabled 2025/08/29 08:58:26 namespace sandbox: enabled 2025/08/29 08:58:26 Android sandbox: enabled 2025/08/29 08:58:26 fault injection: enabled 2025/08/29 08:58:26 leak checking: enabled 2025/08/29 08:58:26 net packet injection: enabled 2025/08/29 08:58:26 net device setup: enabled 2025/08/29 08:58:26 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:58:26 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:58:26 USB emulation: enabled 2025/08/29 08:58:26 hci packet injection: enabled 2025/08/29 08:58:26 wifi device emulation: enabled 2025/08/29 08:58:26 802.15.4 emulation: enabled 2025/08/29 08:58:26 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:58:26 fetching corpus: 50, signal 24163/27426 (executing program) 2025/08/29 08:58:26 fetching corpus: 100, signal 35377/39766 (executing program) 2025/08/29 08:58:26 fetching corpus: 150, signal 44255/49526 (executing program) 2025/08/29 08:58:26 fetching corpus: 200, signal 53248/59156 (executing program) 2025/08/29 08:58:26 fetching corpus: 250, signal 56834/63629 (executing program) 2025/08/29 08:58:27 fetching corpus: 300, signal 59107/66764 (executing program) 2025/08/29 08:58:27 fetching corpus: 350, signal 62120/70482 (executing program) 2025/08/29 08:58:27 fetching corpus: 400, signal 65058/74049 (executing program) 2025/08/29 08:58:27 fetching corpus: 450, signal 68051/77572 (executing program) 2025/08/29 08:58:27 fetching corpus: 500, signal 72588/82315 (executing program) 2025/08/29 08:58:27 fetching corpus: 550, signal 75236/85348 (executing program) 2025/08/29 08:58:27 fetching corpus: 600, signal 77380/87850 (executing program) 2025/08/29 08:58:27 fetching corpus: 650, signal 80082/90837 (executing program) 2025/08/29 08:58:27 fetching corpus: 700, signal 84514/95012 (executing program) 2025/08/29 08:58:28 fetching corpus: 750, signal 86231/96999 (executing program) 2025/08/29 08:58:28 fetching corpus: 800, signal 88502/99448 (executing program) 2025/08/29 08:58:28 fetching corpus: 850, signal 90704/101668 (executing program) 2025/08/29 08:58:28 fetching corpus: 900, signal 92360/103434 (executing program) 2025/08/29 08:58:28 fetching corpus: 950, signal 95801/106342 (executing program) 2025/08/29 08:58:28 fetching corpus: 1000, signal 96798/107524 (executing program) 2025/08/29 08:58:28 fetching corpus: 1050, signal 98675/109302 (executing program) 2025/08/29 08:58:28 fetching corpus: 1100, signal 100632/111082 (executing program) 2025/08/29 08:58:29 fetching corpus: 1150, signal 102162/112452 (executing program) 2025/08/29 08:58:29 fetching corpus: 1200, signal 103700/113838 (executing program) 2025/08/29 08:58:29 fetching corpus: 1250, signal 105065/115069 (executing program) 2025/08/29 08:58:29 fetching corpus: 1300, signal 106478/116289 (executing program) 2025/08/29 08:58:29 fetching corpus: 1350, signal 107769/117379 (executing program) 2025/08/29 08:58:29 fetching corpus: 1400, signal 109474/118652 (executing program) 2025/08/29 08:58:29 fetching corpus: 1450, signal 111125/119837 (executing program) 2025/08/29 08:58:30 fetching corpus: 1500, signal 112204/120682 (executing program) 2025/08/29 08:58:30 fetching corpus: 1550, signal 113898/121834 (executing program) 2025/08/29 08:58:30 fetching corpus: 1600, signal 114387/122326 (executing program) 2025/08/29 08:58:30 fetching corpus: 1650, signal 115280/123024 (executing program) 2025/08/29 08:58:30 fetching corpus: 1700, signal 116521/123805 (executing program) 2025/08/29 08:58:30 fetching corpus: 1750, signal 117687/124537 (executing program) 2025/08/29 08:58:30 fetching corpus: 1800, signal 118547/125075 (executing program) 2025/08/29 08:58:30 fetching corpus: 1850, signal 119603/125734 (executing program) 2025/08/29 08:58:31 fetching corpus: 1900, signal 120674/126493 (executing program) 2025/08/29 08:58:31 fetching corpus: 1950, signal 121566/127003 (executing program) 2025/08/29 08:58:31 fetching corpus: 2000, signal 122528/127476 (executing program) 2025/08/29 08:58:31 fetching corpus: 2050, signal 123731/128048 (executing program) 2025/08/29 08:58:31 fetching corpus: 2100, signal 124377/128371 (executing program) 2025/08/29 08:58:31 fetching corpus: 2150, signal 125498/128963 (executing program) 2025/08/29 08:58:31 fetching corpus: 2200, signal 126332/129288 (executing program) 2025/08/29 08:58:31 fetching corpus: 2250, signal 127189/129592 (executing program) 2025/08/29 08:58:31 fetching corpus: 2300, signal 128100/129940 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130048 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130092 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130116 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130152 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130191 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130228 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130259 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130292 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130324 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130357 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130383 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130426 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130468 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130499 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130532 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130562 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130571 (executing program) 2025/08/29 08:58:32 fetching corpus: 2311, signal 128350/130571 (executing program) 2025/08/29 08:58:34 starting 8 fuzzer processes 08:58:34 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/drivers\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8001) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f00000003c0)='./file0\x00', 0x0) 08:58:34 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x28, r1, 0x4bf6101148718a15, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}}, 0x0) 08:58:34 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:58:34 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000080)={0x8b}, &(0x7f00000000c0), 0x0) 08:58:34 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r1 = dup(r0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) 08:58:34 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f00000001c0)={0x1f, 0xffff, 0x2}, 0x6) [ 74.153691] audit: type=1400 audit(1756457914.114:7): avc: denied { execmem } for pid=271 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:58:34 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r1, 0x0) ioctl$sock_bt_hci(r0, 0x800448d3, &(0x7f0000000240)) 08:58:34 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x49, &(0x7f0000000000)=0x3, 0x4) [ 75.304339] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.308843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.312262] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.316730] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.319249] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.321762] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.324697] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.331273] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.342923] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.349919] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.368318] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.370704] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.372222] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.376201] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.378319] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.429192] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.442340] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 75.444515] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.446293] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.451165] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 75.463716] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 75.477209] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.484602] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 75.487941] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 75.490491] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 75.534454] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 75.543453] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 75.545198] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 75.547250] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 75.552851] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 75.555888] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 75.558201] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 75.565855] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 75.577312] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 75.578748] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 75.597830] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 75.602222] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 75.606187] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 75.613046] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 75.630895] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 77.337027] Bluetooth: hci0: command tx timeout [ 77.402611] Bluetooth: hci1: command tx timeout [ 77.464679] Bluetooth: hci2: command tx timeout [ 77.529618] Bluetooth: hci3: command tx timeout [ 77.592643] Bluetooth: hci4: command tx timeout [ 77.658654] Bluetooth: hci5: command tx timeout [ 77.720669] Bluetooth: hci6: command tx timeout [ 77.721232] Bluetooth: hci7: command tx timeout [ 79.385081] Bluetooth: hci0: command tx timeout [ 79.448987] Bluetooth: hci1: command tx timeout [ 79.512689] Bluetooth: hci2: command tx timeout [ 79.576761] Bluetooth: hci3: command tx timeout [ 79.640958] Bluetooth: hci4: command tx timeout [ 79.704898] Bluetooth: hci5: command tx timeout [ 79.769205] Bluetooth: hci7: command tx timeout [ 79.769977] Bluetooth: hci6: command tx timeout [ 81.432649] Bluetooth: hci0: command tx timeout [ 81.496814] Bluetooth: hci1: command tx timeout [ 81.560886] Bluetooth: hci2: command tx timeout [ 81.624735] Bluetooth: hci3: command tx timeout [ 81.688681] Bluetooth: hci4: command tx timeout [ 81.752639] Bluetooth: hci5: command tx timeout [ 81.818652] Bluetooth: hci7: command tx timeout [ 81.819435] Bluetooth: hci6: command tx timeout [ 83.480820] Bluetooth: hci0: command tx timeout [ 83.544860] Bluetooth: hci1: command tx timeout [ 83.608693] Bluetooth: hci2: command tx timeout [ 83.672670] Bluetooth: hci3: command tx timeout [ 83.736930] Bluetooth: hci4: command tx timeout [ 83.801188] Bluetooth: hci5: command tx timeout [ 83.864761] Bluetooth: hci6: command tx timeout [ 83.865556] Bluetooth: hci7: command tx timeout [ 113.318188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.318901] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.482361] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.483043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.613016] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.613675] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.705508] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.706344] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.777228] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.778645] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.831110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.832204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.876869] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.877486] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.947118] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.947759] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.013146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.013781] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.060053] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.060659] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.095686] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.096338] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.141884] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.142484] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.159537] audit: type=1326 audit(1756457954.120:8): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3865 comm="syz-executor.7" exe="/syz-executor.7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb391206b19 code=0x0 [ 114.196961] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.197592] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:59:14 executing program 3: modify_ldt$write2(0x11, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10) 08:59:14 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r1, 0x0) ioctl$sock_bt_hci(r0, 0x800448d3, &(0x7f0000000240)) [ 114.270790] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 08:59:14 executing program 3: modify_ldt$write2(0x11, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10) [ 114.303990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.304641] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:59:14 executing program 3: modify_ldt$write2(0x11, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10) 08:59:14 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r1, 0x0) ioctl$sock_bt_hci(r0, 0x800448d3, &(0x7f0000000240)) 08:59:14 executing program 3: modify_ldt$write2(0x11, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10) 08:59:14 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x28, r1, 0x4bf6101148718a15, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}}, 0x0) [ 114.376493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.377118] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:59:14 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r1, 0x0) ioctl$sock_bt_hci(r0, 0x800448d3, &(0x7f0000000240)) [ 114.461375] audit: type=1400 audit(1756457954.421:9): avc: denied { open } for pid=3895 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 114.467002] audit: type=1400 audit(1756457954.421:10): avc: denied { kernel } for pid=3895 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 114.477683] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.478284] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.992610] audit: type=1326 audit(1756457954.953:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3865 comm="syz-executor.7" exe="/syz-executor.7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb391206b19 code=0x0 08:59:15 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:59:15 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r1 = dup(r0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) 08:59:15 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000080)={0x8b}, &(0x7f00000000c0), 0x0) 08:59:15 executing program 3: recvmmsg(0xffffffffffffffff, &(0x7f0000001880), 0x0, 0x10020, &(0x7f00000018c0)={0x77359400}) bind$bt_sco(0xffffffffffffffff, &(0x7f0000001880)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2118}, 0x0, 0x1, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0x80000}]) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000001900), 0x2, &(0x7f0000001980)) 08:59:15 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x49, &(0x7f0000000000)=0x3, 0x4) 08:59:15 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x28, r1, 0x4bf6101148718a15, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}}, 0x0) 08:59:15 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto(r0, &(0x7f0000000180)="33573f98", 0x4, 0x0, &(0x7f00000001c0)=@l2tp6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}, 0x100}, 0x80) 08:59:15 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/drivers\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8001) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f00000003c0)='./file0\x00', 0x0) [ 115.116639] audit: type=1326 audit(1756457955.077:12): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3932 comm="syz-executor.7" exe="/syz-executor.7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb391206b19 code=0x0 [ 115.172351] loop3: detected capacity change from 0 to 1024 08:59:15 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/drivers\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8001) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f00000003c0)='./file0\x00', 0x0) 08:59:15 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000080)={0x8b}, &(0x7f00000000c0), 0x0) 08:59:15 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:59:15 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r1 = dup(r0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) 08:59:15 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x28, r1, 0x4bf6101148718a15, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}}, 0x0) 08:59:15 executing program 3: recvmmsg(0xffffffffffffffff, &(0x7f0000001880), 0x0, 0x10020, &(0x7f00000018c0)={0x77359400}) bind$bt_sco(0xffffffffffffffff, &(0x7f0000001880)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2118}, 0x0, 0x1, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0x80000}]) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000001900), 0x2, &(0x7f0000001980)) 08:59:15 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto(r0, &(0x7f0000000180)="33573f98", 0x4, 0x0, &(0x7f00000001c0)=@l2tp6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}, 0x100}, 0x80) 08:59:15 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x49, &(0x7f0000000000)=0x3, 0x4) [ 116.001470] audit: type=1326 audit(1756457955.962:13): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3947 comm="syz-executor.7" exe="/syz-executor.7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb391206b19 code=0x0 08:59:15 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto(r0, &(0x7f0000000180)="33573f98", 0x4, 0x0, &(0x7f00000001c0)=@l2tp6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}, 0x100}, 0x80) 08:59:15 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r1 = dup(r0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) [ 116.046184] loop3: detected capacity change from 0 to 1024 08:59:16 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x49, &(0x7f0000000000)=0x3, 0x4) 08:59:16 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/drivers\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8001) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f00000003c0)='./file0\x00', 0x0) [ 116.157049] kmemleak: Found object by alias at 0x607f1a639c9c [ 116.157070] CPU: 1 UID: 0 PID: 3967 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.157088] Tainted: [W]=WARN [ 116.157092] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.157100] Call Trace: [ 116.157104] [ 116.157109] dump_stack_lvl+0xca/0x120 [ 116.157139] __lookup_object+0x94/0xb0 [ 116.157157] delete_object_full+0x27/0x70 [ 116.157173] free_percpu+0x30/0x1160 [ 116.157189] ? arch_uprobe_clear_state+0x16/0x140 [ 116.157209] futex_hash_free+0x38/0xc0 [ 116.157224] mmput+0x2d3/0x390 [ 116.157244] do_exit+0x79d/0x2970 [ 116.157257] ? lock_release+0xc8/0x290 [ 116.157273] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 116.157294] ? __pfx_do_exit+0x10/0x10 [ 116.157307] ? find_held_lock+0x2b/0x80 [ 116.157324] ? get_signal+0x835/0x2340 [ 116.157345] do_group_exit+0xd3/0x2a0 [ 116.157359] get_signal+0x2315/0x2340 [ 116.157377] ? __pfx_sk_setsockopt+0x10/0x10 [ 116.157397] ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10 [ 116.157415] ? __pfx_get_signal+0x10/0x10 [ 116.157431] ? do_futex+0x135/0x370 [ 116.157444] ? __pfx_do_futex+0x10/0x10 [ 116.157459] arch_do_signal_or_restart+0x80/0x790 [ 116.157477] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 116.157493] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 116.157513] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 116.157532] ? __pfx___x64_sys_futex+0x10/0x10 [ 116.157546] ? __sys_setsockopt+0x13f/0x1a0 [ 116.157570] exit_to_user_mode_loop+0x8b/0x110 [ 116.157583] do_syscall_64+0x2f7/0x360 [ 116.157596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.157608] RIP: 0033:0x7f5735243b19 [ 116.157617] Code: Unable to access opcode bytes at 0x7f5735243aef. [ 116.157622] RSP: 002b:00007f57327b9218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 116.157634] RAX: fffffffffffffe00 RBX: 00007f5735356f68 RCX: 00007f5735243b19 [ 116.157641] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5735356f68 [ 116.157649] RBP: 00007f5735356f60 R08: 0000000000000000 R09: 0000000000000000 [ 116.157656] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5735356f6c [ 116.157663] R13: 00007ffebdef9d3f R14: 00007f57327b9300 R15: 0000000000022000 [ 116.157678] [ 116.157682] kmemleak: Object (percpu) 0x607f1a639c98 (size 8): [ 116.157689] kmemleak: comm "syz-executor.6", pid 3957, jiffies 4294783001 [ 116.157696] kmemleak: min_count = 1 [ 116.157700] kmemleak: count = 0 [ 116.157703] kmemleak: flags = 0x21 [ 116.157707] kmemleak: checksum = 0 [ 116.157711] kmemleak: backtrace: [ 116.157715] pcpu_alloc_noprof+0x87a/0x1170 [ 116.157729] alloc_vfsmnt+0x135/0x6e0 [ 116.157743] clone_mnt+0x6c/0xb70 [ 116.157757] copy_tree+0x34b/0xaf0 [ 116.157767] copy_mnt_ns+0x1ab/0xab0 [ 116.157777] create_new_namespaces+0xd6/0xab0 [ 116.157794] copy_namespaces+0x45c/0x580 [ 116.157809] copy_process+0x2649/0x73c0 [ 116.157819] kernel_clone+0xea/0x7f0 [ 116.157828] __do_sys_clone3+0x1f5/0x280 [ 116.157838] do_syscall_64+0xbf/0x360 [ 116.157847] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:59:16 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto(r0, &(0x7f0000000180)="33573f98", 0x4, 0x0, &(0x7f00000001c0)=@l2tp6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}, 0x100}, 0x80) 08:59:16 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000001880), 0x0, 0x10020, &(0x7f00000018c0)={0x77359400}) bind$bt_sco(0xffffffffffffffff, &(0x7f0000001880)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2118}, 0x0, 0x1, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0x80000}]) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000001900), 0x2, &(0x7f0000001980)) 08:59:16 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000001880), 0x0, 0x10020, &(0x7f00000018c0)={0x77359400}) bind$bt_sco(0xffffffffffffffff, &(0x7f0000001880)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2118}, 0x0, 0x1, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0x80000}]) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000001900), 0x2, &(0x7f0000001980)) 08:59:16 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:59:16 executing program 3: recvmmsg(0xffffffffffffffff, &(0x7f0000001880), 0x0, 0x10020, &(0x7f00000018c0)={0x77359400}) bind$bt_sco(0xffffffffffffffff, &(0x7f0000001880)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2118}, 0x0, 0x1, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0x80000}]) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000001900), 0x2, &(0x7f0000001980)) 08:59:16 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/drivers\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8001) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f00000003c0)='./file0\x00', 0x0) 08:59:16 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000080)={0x8b}, &(0x7f00000000c0), 0x0) 08:59:16 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000080)={0x8b}, &(0x7f00000000c0), 0x0) [ 116.883913] audit: type=1326 audit(1756457956.844:14): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3972 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f17371b8b19 code=0x0 [ 116.896702] audit: type=1326 audit(1756457956.857:15): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3983 comm="syz-executor.7" exe="/syz-executor.7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb391206b19 code=0x0 [ 116.905302] loop3: detected capacity change from 0 to 1024 [ 116.911754] loop2: detected capacity change from 0 to 1024 [ 116.923298] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI [ 116.924180] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 116.924797] CPU: 0 UID: 0 PID: 3984 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.926328] Tainted: [W]=WARN [ 116.927135] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.928860] RIP: 0010:__queue_work+0x202/0x1240 [ 116.929864] Code: 48 8b 6d 00 e8 4f 9e 79 03 31 ff 41 89 c5 89 c6 e8 93 f3 31 00 45 85 ed 0f 85 e1 05 00 00 e8 55 f8 31 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 116.934262] RSP: 0018:ffff8880463ceec0 EFLAGS: 00010056 [ 116.934691] RAX: 0000000000000000 RBX: ffff88800cb3ca18 RCX: ffffc90009439000 [ 116.935247] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 116.935800] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f11ef4 [ 116.936353] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 116.936929] R13: 0000000000000001 R14: 0000000000000000 R15: ffff88801b965000 [ 116.937598] FS: 00007f61beff4700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 116.938303] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.938766] CR2: 00007f8f2c290498 CR3: 00000000447ab000 CR4: 0000000000350ef0 [ 116.939328] Call Trace: [ 116.939538] [ 116.939722] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 116.940105] queue_work_on+0xd0/0xe0 [ 116.940411] loop_queue_rq+0x5c8/0x1180 [ 116.940738] __blk_mq_issue_directly+0xd5/0x260 [ 116.941120] ? __pfx___blk_mq_issue_directly+0x10/0x10 [ 116.941543] ? bdev_count_inflight_rw.part.0+0x5f/0x380 [ 116.941968] blk_mq_request_issue_directly+0x11c/0x1e0 [ 116.942392] blk_mq_issue_direct+0x192/0x640 [ 116.942749] blk_mq_dispatch_queue_requests+0x4b0/0x7c0 [ 116.943174] blk_mq_flush_plug_list+0x1ec/0x5b0 [ 116.943548] ? read_tsc+0x9/0x20 [ 116.943830] ? ktime_get+0x16d/0x270 [ 116.944138] ? trace_block_plug+0x149/0x1b0 [ 116.944485] ? blk_add_rq_to_plug+0x234/0x550 [ 116.944846] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 116.945258] ? blk_mq_submit_bio+0x4fd/0x2220 [ 116.945620] __blk_flush_plug+0x25c/0x460 [ 116.945952] ? __pfx___blk_flush_plug+0x10/0x10 [ 116.946331] __submit_bio+0x480/0x5b0 [ 116.946638] ? __pfx___submit_bio+0x10/0x10 [ 116.946981] ? read_tsc+0x9/0x20 [ 116.947259] ? ktime_get+0x16d/0x270 [ 116.947566] submit_bio_noacct_nocheck+0x68e/0xcb0 [ 116.947956] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 116.948397] submit_bio_noacct+0x359/0x1350 [ 116.948742] block_read_full_folio+0x457/0x760 [ 116.949114] ? __pfx_blkdev_get_block+0x10/0x10 [ 116.949491] ? __pfx_blkdev_read_folio+0x10/0x10 [ 116.949868] filemap_read_folio+0x4a/0x1e0 [ 116.950214] do_read_cache_folio+0x1d6/0x500 [ 116.950582] ? __pfx_blkdev_read_folio+0x10/0x10 [ 116.950972] read_part_sector+0xd1/0x2f0 [ 116.951306] read_lba+0x1b8/0x380 [ 116.951602] ? __kmalloc_cache_noprof+0x26f/0x690 [ 116.952000] ? __pfx_read_lba+0x10/0x10 [ 116.952333] efi_partition+0x281/0x28e0 [ 116.952666] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 116.953120] ? kmemleak_vmalloc+0x60/0xa0 [ 116.953456] ? __asan_memcpy+0x3d/0x60 [ 116.953772] ? vsnprintf+0x33a/0x1160 [ 116.954087] ? __pfx_efi_partition+0x10/0x10 [ 116.954459] ? snprintf+0xbe/0x100 [ 116.954757] ? __pfx_snprintf+0x10/0x10 [ 116.955084] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 116.955466] ? trace_kmalloc+0x1f/0xb0 [ 116.955785] ? __pfx_efi_partition+0x10/0x10 [ 116.956151] bdev_disk_changed+0x78b/0x1440 [ 116.956504] ? __pfx___mutex_lock+0x10/0x10 [ 116.956859] ? __pfx_bdev_disk_changed+0x10/0x10 [ 116.957243] ? find_held_lock+0x2b/0x80 [ 116.957571] ? loop_set_status+0x5bb/0xa80 [ 116.957917] loop_reread_partitions+0x70/0x140 [ 116.958299] loop_set_status+0x697/0xa80 [ 116.958634] lo_ioctl+0x17b/0x1c70 [ 116.958929] ? __pfx_lo_ioctl+0x10/0x10 [ 116.959255] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 116.959674] ? blkdev_common_ioctl+0x1cd/0x21d0 [ 116.959812] loop2: detected capacity change from 0 to 1024 [ 116.960054] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 116.960924] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 116.961338] ? do_vfs_ioctl+0x125/0x1470 [ 116.961675] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 116.962025] ? ioctl_has_perm.constprop.0.isra.0+0x331/0x4e0 [ 116.962497] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 116.962998] ? percpu_is_read_locked+0x104/0x1d0 [ 116.963378] ? __fget_files+0x34/0x3b0 [ 116.963689] ? find_held_lock+0x2b/0x80 [ 116.964022] ? __fget_files+0x203/0x3b0 [ 116.964342] ? __pfx_lo_ioctl+0x10/0x10 [ 116.964666] blkdev_ioctl+0x27c/0x6c0 [ 116.964989] ? __pfx_blkdev_ioctl+0x10/0x10 [ 116.965343] ? selinux_file_ioctl+0xb9/0x280 [ 116.965699] ? __pfx_blkdev_ioctl+0x10/0x10 [ 116.966050] __x64_sys_ioctl+0x18f/0x210 [ 116.966387] do_syscall_64+0xbf/0x360 [ 116.966696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.967101] RIP: 0033:0x7f61c1a7e8d7 [ 116.967396] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 116.968803] RSP: 002b:00007f61beff3ef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 116.969391] RAX: ffffffffffffffda RBX: 00007f61beff3f40 RCX: 00007f61c1a7e8d7 [ 116.969946] RDX: 00007f61beff4050 RSI: 0000000000004c04 RDI: 0000000000000005 [ 116.970509] RBP: 00007f61c1ad8f6d R08: 0000000000000000 R09: 0000000000000000 [ 116.971063] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f61beff4050 [ 116.971621] R13: 00007ffc99f6195f R14: 00007f61beff4300 R15: 0000000000022000 [ 116.972178] [ 116.972368] Modules linked in: [ 116.972630] ---[ end trace 0000000000000000 ]--- [ 116.972999] RIP: 0010:__queue_work+0x202/0x1240 [ 116.973370] Code: 48 8b 6d 00 e8 4f 9e 79 03 31 ff 41 89 c5 89 c6 e8 93 f3 31 00 45 85 ed 0f 85 e1 05 00 00 e8 55 f8 31 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 116.974794] RSP: 0018:ffff8880463ceec0 EFLAGS: 00010056 [ 116.975210] RAX: 0000000000000000 RBX: ffff88800cb3ca18 RCX: ffffc90009439000 [ 116.975772] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 116.976327] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f11ef4 [ 116.976883] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 116.977435] R13: 0000000000000001 R14: 0000000000000000 R15: ffff88801b965000 [ 116.977996] FS: 00007f61beff4700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 116.978630] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.979087] CR2: 00007f8f2c290498 CR3: 00000000447ab000 CR4: 0000000000350ef0 [ 116.979643] note: syz-executor.3[3984] exited with irqs disabled [ 116.980224] note: syz-executor.3[3984] exited with preempt_count 1 08:59:16 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000001880), 0x0, 0x10020, &(0x7f00000018c0)={0x77359400}) bind$bt_sco(0xffffffffffffffff, &(0x7f0000001880)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2118}, 0x0, 0x1, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0x80000}]) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000001900), 0x2, &(0x7f0000001980)) [ 116.981408] ------------[ cut here ]------------ [ 116.981827] WARNING: kernel/exit.c:898 at do_exit+0x1c36/0x2970, CPU#0: syz-executor.3/3984 [ 116.982498] Modules linked in: [ 116.982790] CPU: 0 UID: 0 PID: 3984 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.983749] Tainted: [D]=DIE, [W]=WARN [ 116.984052] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 08:59:16 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 116.984722] RIP: 0010:do_exit+0x1c36/0x2970 [ 116.985361] Code: 96 0a 00 00 c7 43 18 00 00 00 00 e9 21 e6 ff ff e8 bf a4 38 00 bf 02 24 00 00 e8 f5 ab 0b 00 e9 41 ff ff ff e8 ab a4 38 00 90 <0f> 0b 90 e9 87 e4 ff ff e8 9d a4 38 00 4c 89 e6 bf 05 06 00 00 e8 [ 116.986825] RSP: 0018:ffff8880463cfe40 EFLAGS: 00010246 [ 116.987249] RAX: 0000000000040000 RBX: 0000000000000200 RCX: ffffc90009439000 [ 116.987839] RDX: 0000000000040000 RSI: ffffffff813b42d5 RDI: ffff8880440911e8 [ 116.988405] RBP: ffff888044090000 R08: 0000000000000001 R09: fffffbfff0f11cd8 [ 116.988985] R10: 0000000000000200 R11: 0000000000000001 R12: 000000000000000b [ 116.989547] R13: 0000000000002710 R14: dffffc0000000000 R15: 0000000000000000 [ 116.990129] FS: 00007f61beff4700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 116.990791] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.991022] kmemleak: Found object by alias at 0x607f1a639c9c [ 116.991040] CPU: 1 UID: 0 PID: 3975 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.991060] Tainted: [D]=DIE, [W]=WARN [ 116.991064] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.991072] Call Trace: [ 116.991076] [ 116.991081] dump_stack_lvl+0xca/0x120 [ 116.991111] __lookup_object+0x94/0xb0 [ 116.991129] delete_object_full+0x27/0x70 [ 116.991145] free_percpu+0x30/0x1160 [ 116.991162] ? arch_uprobe_clear_state+0x16/0x140 [ 116.991180] futex_hash_free+0x38/0xc0 08:59:16 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/drivers\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8001) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f00000003c0)='./file0\x00', 0x0) [ 116.991195] mmput+0x2d3/0x390 [ 116.991214] do_exit+0x79d/0x2970 [ 116.991227] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 116.991248] ? zap_other_threads+0x2b9/0x3a0 [ 116.991271] ? __pfx_do_exit+0x10/0x10 [ 116.991284] ? do_group_exit+0x1c3/0x2a0 [ 116.991297] ? _raw_spin_unlock_irq+0x23/0x40 [ 116.991314] do_group_exit+0xd3/0x2a0 [ 116.991327] __x64_sys_exit_group+0x3e/0x50 [ 116.991341] x64_sys_call+0x18c5/0x18d0 [ 116.991357] do_syscall_64+0xbf/0x360 [ 116.991368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.991380] RIP: 0033:0x7f5735243b19 [ 116.991389] Code: Unable to access opcode bytes at 0x7f5735243aef. [ 116.991394] RSP: 002b:00007ffebdef9f68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 116.991406] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f5735243b19 [ 116.991414] RDX: 00007f57351f672b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 116.991421] RBP: 0000000000000000 R08: 0000001b2d52a450 R09: 0000000000000000 [ 116.991429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.991436] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffebdefa050 [ 116.991447] [ 116.991451] kmemleak: Object (percpu) 0x607f1a639c98 (size 8): [ 116.991458] kmemleak: comm "syz-executor.2", pid 3981, jiffies 4294783773 [ 116.991465] kmemleak: min_count = 1 [ 116.991469] kmemleak: count = 0 [ 116.991473] kmemleak: flags = 0x21 [ 116.991476] kmemleak: checksum = 0 [ 116.991480] kmemleak: backtrace: [ 116.991484] pcpu_alloc_noprof+0x87a/0x1170 [ 116.991499] percpu_ref_init+0x37/0x400 [ 116.991517] blkg_alloc+0xe9/0x7d0 [ 116.991530] blkg_create+0xe08/0x1420 [ 116.991542] bio_associate_blkg_from_css+0xe06/0x1380 [ 116.991555] bio_associate_blkg+0x10e/0x2a0 [ 116.991568] bio_init+0x2dd/0x570 [ 116.991581] bio_alloc_bioset+0x2cf/0x8c0 [ 116.991595] submit_bh_wbc+0x286/0x720 [ 116.991612] block_read_full_folio+0x457/0x760 [ 116.991623] filemap_read_folio+0x4a/0x1e0 [ 116.991640] do_read_cache_folio+0x1d6/0x500 [ 116.991650] read_part_sector+0xd1/0x2f0 [ 116.991665] read_lba+0x1b8/0x380 [ 116.991679] efi_partition+0x281/0x28e0 [ 116.991694] bdev_disk_changed+0x78b/0x1440 [ 117.013231] CR2: 00007f8f2c290498 CR3: 00000000447ab000 CR4: 0000000000350ef0 [ 117.013815] Call Trace: [ 117.014029] [ 117.014213] ? _printk+0xbe/0xf0 [ 117.014499] ? __pfx__printk+0x10/0x10 [ 117.014834] ? __pfx_do_exit+0x10/0x10 [ 117.015156] make_task_dead+0x174/0x3b0 [ 117.015476] ? do_syscall_64+0xbf/0x360 [ 117.015812] rewind_stack_and_make_dead+0x16/0x20 [ 117.016207] RIP: 0033:0x7f61c1a7e8d7 [ 117.016513] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.017954] RSP: 002b:00007f61beff3ef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 117.018582] RAX: ffffffffffffffda RBX: 00007f61beff3f40 RCX: 00007f61c1a7e8d7 [ 117.019142] RDX: 00007f61beff4050 RSI: 0000000000004c04 RDI: 0000000000000005 [ 117.019723] RBP: 00007f61c1ad8f6d R08: 0000000000000000 R09: 0000000000000000 [ 117.020284] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f61beff4050 [ 117.020297] kmemleak: Found object by alias at 0x607f1a639c9c [ 117.020312] CPU: 1 UID: 0 PID: 3994 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.020332] Tainted: [D]=DIE, [W]=WARN [ 117.020336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.020342] Call Trace: [ 117.020346] [ 117.020349] dump_stack_lvl+0xca/0x120 08:59:16 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/drivers\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8001) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f00000003c0)='./file0\x00', 0x0) [ 117.020372] __lookup_object+0x94/0xb0 [ 117.020387] delete_object_full+0x27/0x70 [ 117.020402] free_percpu+0x30/0x1160 [ 117.020416] ? arch_uprobe_clear_state+0x16/0x140 [ 117.020433] futex_hash_free+0x38/0xc0 [ 117.020446] mmput+0x2d3/0x390 [ 117.020463] do_exit+0x79d/0x2970 [ 117.020476] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 117.020495] ? zap_other_threads+0x2b9/0x3a0 [ 117.020511] ? __pfx_do_exit+0x10/0x10 [ 117.020524] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 117.020541] ? _raw_spin_unlock_irq+0x23/0x40 [ 117.020561] do_group_exit+0xd3/0x2a0 [ 117.020575] __x64_sys_exit_group+0x3e/0x50 [ 117.020588] x64_sys_call+0x18c5/0x18d0 [ 117.020603] do_syscall_64+0xbf/0x360 [ 117.020613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.020625] RIP: 0033:0x7f5735243b19 [ 117.020633] Code: Unable to access opcode bytes at 0x7f5735243aef. [ 117.020638] RSP: 002b:00007ffebdef9f68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 117.020649] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f5735243b19 [ 117.020657] RDX: 00007f57351f672b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 117.020664] RBP: 0000000000000000 R08: 0000001b2d529678 R09: 0000000000000000 [ 117.020671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.020678] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffebdefa050 [ 117.020689] [ 117.020692] kmemleak: Object (percpu) 0x607f1a639c98 (size 8): [ 117.020699] kmemleak: comm "syz-executor.2", pid 3981, jiffies 4294783773 [ 117.020706] kmemleak: min_count = 1 [ 117.020710] kmemleak: count = 0 [ 117.020714] kmemleak: flags = 0x21 [ 117.020717] kmemleak: checksum = 0 [ 117.020721] kmemleak: backtrace: [ 117.020724] pcpu_alloc_noprof+0x87a/0x1170 [ 117.020739] percpu_ref_init+0x37/0x400 [ 117.020756] blkg_alloc+0xe9/0x7d0 [ 117.020767] blkg_create+0xe08/0x1420 [ 117.020779] bio_associate_blkg_from_css+0xe06/0x1380 [ 117.020792] bio_associate_blkg+0x10e/0x2a0 [ 117.020805] bio_init+0x2dd/0x570 [ 117.020816] bio_alloc_bioset+0x2cf/0x8c0 [ 117.020830] submit_bh_wbc+0x286/0x720 [ 117.020844] block_read_full_folio+0x457/0x760 [ 117.020857] filemap_read_folio+0x4a/0x1e0 [ 117.020873] do_read_cache_folio+0x1d6/0x500 [ 117.020882] read_part_sector+0xd1/0x2f0 [ 117.020898] read_lba+0x1b8/0x380 [ 117.020912] efi_partition+0x281/0x28e0 [ 117.020926] bdev_disk_changed+0x78b/0x1440 [ 117.039712] kmemleak: Found object by alias at 0x607f1a639c9c [ 117.039724] CPU: 1 UID: 0 PID: 3997 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.039742] Tainted: [D]=DIE, [W]=WARN [ 117.039746] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.039751] Call Trace: [ 117.039755] [ 117.039758] dump_stack_lvl+0xca/0x120 [ 117.039776] __lookup_object+0x94/0xb0 [ 117.039790] delete_object_full+0x27/0x70 [ 117.039804] free_percpu+0x30/0x1160 [ 117.039818] ? arch_uprobe_clear_state+0x16/0x140 [ 117.039834] futex_hash_free+0x38/0xc0 [ 117.039845] mmput+0x2d3/0x390 [ 117.039862] do_exit+0x79d/0x2970 [ 117.039874] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 117.039892] ? zap_other_threads+0x2b9/0x3a0 [ 117.039907] ? __pfx_do_exit+0x10/0x10 [ 117.039918] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 117.039934] ? _raw_spin_unlock_irq+0x23/0x40 [ 117.039948] do_group_exit+0xd3/0x2a0 [ 117.039961] __x64_sys_exit_group+0x3e/0x50 [ 117.039974] x64_sys_call+0x18c5/0x18d0 [ 117.039988] do_syscall_64+0xbf/0x360 [ 117.039998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.040009] RIP: 0033:0x7f5735243b19 [ 117.040017] Code: Unable to access opcode bytes at 0x7f5735243aef. [ 117.040022] RSP: 002b:00007ffebdef9f68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 117.040032] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f5735243b19 [ 117.040039] RDX: 00007f57351f672b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 117.040046] RBP: 0000000000000000 R08: 0000001b2d52908c R09: 0000000000000000 08:59:17 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 117.040053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.040059] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffebdefa050 [ 117.040070] [ 117.040073] kmemleak: Object (percpu) 0x607f1a639c98 (size 8): [ 117.040079] kmemleak: comm "syz-executor.2", pid 3981, jiffies 4294783773 [ 117.040086] kmemleak: min_count = 1 [ 117.040090] kmemleak: count = 0 [ 117.040093] kmemleak: flags = 0x21 [ 117.040097] kmemleak: checksum = 0 [ 117.040100] kmemleak: backtrace: [ 117.040103] pcpu_alloc_noprof+0x87a/0x1170 [ 117.040117] percpu_ref_init+0x37/0x400 [ 117.040133] blkg_alloc+0xe9/0x7d0 [ 117.040143] blkg_create+0xe08/0x1420 [ 117.040155] bio_associate_blkg_from_css+0xe06/0x1380 [ 117.040168] bio_associate_blkg+0x10e/0x2a0 [ 117.040180] bio_init+0x2dd/0x570 [ 117.040191] bio_alloc_bioset+0x2cf/0x8c0 [ 117.040205] submit_bh_wbc+0x286/0x720 [ 117.040219] block_read_full_folio+0x457/0x760 [ 117.040229] filemap_read_folio+0x4a/0x1e0 [ 117.040244] do_read_cache_folio+0x1d6/0x500 [ 117.040253] read_part_sector+0xd1/0x2f0 [ 117.040267] read_lba+0x1b8/0x380 [ 117.040281] efi_partition+0x281/0x28e0 [ 117.040295] bdev_disk_changed+0x78b/0x1440 [ 117.066146] R13: 00007ffc99f6195f R14: 00007f61beff4300 R15: 0000000000022000 [ 117.066735] [ 117.066930] irq event stamp: 3154 [ 117.067201] hardirqs last enabled at (3153): [] ktime_get+0x1c7/0x270 [ 117.067858] hardirqs last disabled at (3154): [] _raw_spin_lock_irq+0x42/0x50 [ 117.068544] softirqs last enabled at (3136): [] handle_softirqs+0x50c/0x770 [ 117.069239] softirqs last disabled at (2905): [] __irq_exit_rcu+0xc4/0x100 [ 117.069923] ---[ end trace 0000000000000000 ]--- [ 117.070300] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 117.071012] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3984, name: syz-executor.3 [ 117.071690] preempt_count: 0, expected: 0 [ 117.072012] RCU nest depth: 2, expected: 0 [ 117.072339] INFO: lockdep is turned off. [ 117.072679] CPU: 0 UID: 0 PID: 3984 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.072699] Tainted: [D]=DIE, [W]=WARN [ 117.072703] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.072710] Call Trace: [ 117.072713] [ 117.072718] dump_stack_lvl+0xfa/0x120 [ 117.072740] __might_resched+0x2f3/0x510 [ 117.072754] exit_signals+0x25/0x940 [ 117.072773] do_exit+0x2db/0x2970 [ 117.072786] ? _printk+0xbe/0xf0 [ 117.072797] ? __pfx__printk+0x10/0x10 [ 117.072810] ? __pfx_do_exit+0x10/0x10 [ 117.072825] make_task_dead+0x174/0x3b0 [ 117.072837] ? do_syscall_64+0xbf/0x360 [ 117.072847] rewind_stack_and_make_dead+0x16/0x20 [ 117.072862] RIP: 0033:0x7f61c1a7e8d7 [ 117.072871] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.072881] RSP: 002b:00007f61beff3ef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 117.072892] RAX: ffffffffffffffda RBX: 00007f61beff3f40 RCX: 00007f61c1a7e8d7 [ 117.072900] RDX: 00007f61beff4050 RSI: 0000000000004c04 RDI: 0000000000000005 [ 117.072907] RBP: 00007f61c1ad8f6d R08: 0000000000000000 R09: 0000000000000000 [ 117.072913] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f61beff4050 [ 117.072920] R13: 00007ffc99f6195f R14: 00007f61beff4300 R15: 0000000000022000 [ 117.072931] [ 117.081285] loop1: detected capacity change from 0 to 1024 [ 117.118193] kmemleak: Cannot insert 0x607f1a639c9c into the object search tree (overlaps existing) [ 117.118212] CPU: 0 UID: 0 PID: 3992 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.118233] Tainted: [D]=DIE, [W]=WARN [ 117.118238] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.118245] Call Trace: [ 117.118249] [ 117.118254] dump_stack_lvl+0xca/0x120 [ 117.118285] __link_object+0x190/0x210 [ 117.118303] __create_object+0x48/0x80 [ 117.118319] pcpu_alloc_noprof+0x87a/0x1170 [ 117.118339] __percpu_counter_init_many+0x44/0x360 [ 117.118355] ? __pfx_xfrm6_net_init+0x10/0x10 [ 117.118374] xfrm6_net_init+0x4e/0x1a0 [ 117.118390] ? __pfx_xfrm6_net_init+0x10/0x10 [ 117.118407] ops_init+0x1e1/0x650 [ 117.118431] setup_net+0x10d/0x320 [ 117.118447] ? lockdep_init_map_type+0x4b/0x240 [ 117.118463] ? __pfx_setup_net+0x10/0x10 [ 117.118480] ? __raw_spin_lock_init+0x3a/0x110 [ 117.118496] ? debug_mutex_init+0x37/0x70 [ 117.118515] copy_net_ns+0x2e3/0x650 [ 117.118526] create_new_namespaces+0x3f6/0xab0 [ 117.118547] copy_namespaces+0x45c/0x580 [ 117.118564] copy_process+0x2649/0x73c0 [ 117.118577] ? lock_release+0x1c7/0x290 [ 117.118593] ? __pfx_copy_process+0x10/0x10 [ 117.118605] ? __might_fault+0xe0/0x190 [ 117.118620] ? _copy_from_user+0x5b/0xd0 [ 117.118636] kernel_clone+0xea/0x7f0 [ 117.118648] ? __pfx_kernel_clone+0x10/0x10 [ 117.118662] ? __pfx_futex_wake+0x10/0x10 [ 117.118681] __do_sys_clone3+0x1f5/0x280 [ 117.118692] ? __pfx___do_sys_clone3+0x10/0x10 [ 117.118704] ? __create_object+0x59/0x80 [ 117.118724] ? __x64_sys_futex+0x1c9/0x4d0 [ 117.118737] ? __x64_sys_futex+0x1d2/0x4d0 [ 117.118750] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 117.118771] ? __pfx___x64_sys_futex+0x10/0x10 [ 117.118784] ? selinux_file_fcntl+0x92/0x170 [ 117.118797] ? xfd_validate_state+0x55/0x180 [ 117.118817] do_syscall_64+0xbf/0x360 [ 117.118829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.118841] RIP: 0033:0x7f4c9927eb19 [ 117.118851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.118863] RSP: 002b:00007f4c967f4188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 117.118875] RAX: ffffffffffffffda RBX: 00007f4c99391f60 RCX: 00007f4c9927eb19 [ 117.118883] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200002c0 [ 117.118890] RBP: 00007f4c992d8f6d R08: 0000000000000000 R09: 0000000000000000 [ 117.118898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.118905] R13: 00007fff2c53bfff R14: 00007f4c967f4300 R15: 0000000000022000 [ 117.118916] [ 117.118925] kmemleak: Kernel memory leak detector disabled [ 117.118929] kmemleak: Object (percpu) 0x607f1a639c98 (size 8): [ 117.118936] kmemleak: comm "syz-executor.2", pid 3981, jiffies 4294783773 [ 117.118943] kmemleak: min_count = 1 [ 117.118947] kmemleak: count = 0 [ 117.118951] kmemleak: flags = 0x21 [ 117.118955] kmemleak: checksum = 0 [ 117.118959] kmemleak: backtrace: [ 117.118962] pcpu_alloc_noprof+0x87a/0x1170 [ 117.118978] percpu_ref_init+0x37/0x400 [ 117.118996] blkg_alloc+0xe9/0x7d0 [ 117.119009] blkg_create+0xe08/0x1420 [ 117.119021] bio_associate_blkg_from_css+0xe06/0x1380 [ 117.119035] bio_associate_blkg+0x10e/0x2a0 [ 117.119048] bio_init+0x2dd/0x570 [ 117.119061] bio_alloc_bioset+0x2cf/0x8c0 [ 117.119076] submit_bh_wbc+0x286/0x720 [ 117.119092] block_read_full_folio+0x457/0x760 [ 117.119104] filemap_read_folio+0x4a/0x1e0 [ 117.119121] do_read_cache_folio+0x1d6/0x500 [ 117.119131] read_part_sector+0xd1/0x2f0 [ 117.119147] read_lba+0x1b8/0x380 [ 117.119162] efi_partition+0x281/0x28e0 [ 117.119177] bdev_disk_changed+0x78b/0x1440 [ 117.190067] kmemleak: Found object by alias at 0x607f1a638f0c [ 117.190085] CPU: 1 UID: 0 PID: 3999 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.190105] Tainted: [D]=DIE, [W]=WARN [ 117.190109] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.190117] Call Trace: [ 117.190121] [ 117.190126] dump_stack_lvl+0xca/0x120 [ 117.190155] __lookup_object+0x94/0xb0 [ 117.190172] delete_object_full+0x27/0x70 [ 117.190188] free_percpu+0x30/0x1160 [ 117.190205] ? arch_uprobe_clear_state+0x16/0x140 [ 117.190223] futex_hash_free+0x38/0xc0 [ 117.190237] mmput+0x2d3/0x390 [ 117.190255] do_exit+0x79d/0x2970 [ 117.190269] ? lock_release+0x1c7/0x290 [ 117.190294] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 117.190315] ? __pfx_do_exit+0x10/0x10 [ 117.190328] ? do_raw_spin_lock+0x123/0x260 [ 117.190343] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 117.190359] do_group_exit+0xd3/0x2a0 [ 117.190372] get_signal+0x2315/0x2340 [ 117.190392] ? __pfx___sched_setaffinity+0x10/0x10 [ 117.190407] ? __pfx_get_signal+0x10/0x10 [ 117.190424] ? do_futex+0x135/0x370 [ 117.190436] ? __pfx_do_futex+0x10/0x10 [ 117.190449] arch_do_signal_or_restart+0x80/0x790 [ 117.190467] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 117.190482] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 117.190501] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 117.190520] ? __pfx___x64_sys_futex+0x10/0x10 [ 117.190532] ? __x64_sys_sched_setaffinity+0x10c/0x140 [ 117.190546] ? xfd_validate_state+0x55/0x180 [ 117.190568] exit_to_user_mode_loop+0x8b/0x110 [ 117.190581] do_syscall_64+0x2f7/0x360 [ 117.190592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.190605] RIP: 0033:0x7f4c9927eb19 [ 117.190614] Code: Unable to access opcode bytes at 0x7f4c9927eaef. [ 117.190619] RSP: 002b:00007f4c967d3218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.190630] RAX: fffffffffffffe00 RBX: 00007f4c99392028 RCX: 00007f4c9927eb19 [ 117.190638] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4c99392028 [ 117.190645] RBP: 00007f4c99392020 R08: 0000000000000000 R09: 0000000000000000 [ 117.190652] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c9939202c [ 117.190660] R13: 00007fff2c53bfff R14: 00007f4c967d3300 R15: 0000000000022000 [ 117.190670] [ 117.190674] kmemleak: Object (percpu) 0x607f1a638f08 (size 8): [ 117.190681] kmemleak: comm "syz-executor.2", pid 3981, jiffies 4294783765 [ 117.190688] kmemleak: min_count = 1 [ 117.190692] kmemleak: count = 0 [ 117.190696] kmemleak: flags = 0x21 [ 117.190699] kmemleak: checksum = 0 [ 117.190703] kmemleak: backtrace: [ 117.190707] pcpu_alloc_noprof+0x87a/0x1170 [ 117.190721] __alloc_workqueue+0x74b/0x1820 [ 117.190739] alloc_workqueue_noprof+0xc7/0x200 [ 117.190748] loop_configure+0xf73/0x1590 [ 117.190762] lo_ioctl+0x66d/0x1c70 [ 117.190774] blkdev_ioctl+0x27c/0x6c0 [ 117.190792] __x64_sys_ioctl+0x18f/0x210 [ 117.190807] do_syscall_64+0xbf/0x360 [ 117.190816] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:59:17 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000001880), 0x0, 0x10020, &(0x7f00000018c0)={0x77359400}) bind$bt_sco(0xffffffffffffffff, &(0x7f0000001880)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2118}, 0x0, 0x1, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0x80000}]) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000001900), 0x2, &(0x7f0000001980)) [ 117.232926] kmemleak: Found object by alias at 0x607f1a639c9c [ 117.232941] CPU: 1 UID: 0 PID: 11 Comm: kworker/u8:0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.232959] Tainted: [D]=DIE, [W]=WARN [ 117.232962] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.232971] Workqueue: netns cleanup_net [ 117.232986] Call Trace: [ 117.232989] [ 117.232993] dump_stack_lvl+0xca/0x120 [ 117.233011] __lookup_object+0x94/0xb0 [ 117.233026] delete_object_full+0x27/0x70 [ 117.233041] free_percpu+0x30/0x1160 [ 117.233055] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 117.233071] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 117.233083] percpu_counter_destroy_many+0x188/0x2b0 [ 117.233099] ? __pfx_xfrm6_net_exit+0x10/0x10 [ 117.233117] ops_undo_list+0x2d5/0xa50 [ 117.233139] ? __pfx_ops_undo_list+0x10/0x10 [ 117.233155] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 117.233170] ? lock_release+0x1c7/0x290 [ 117.233182] ? idr_destroy+0x62/0x2c0 [ 117.233197] cleanup_net+0x38d/0x770 [ 117.233206] ? finish_task_switch.isra.0+0x206/0x840 [ 117.233225] ? __pfx_cleanup_net+0x10/0x10 [ 117.233235] ? lock_acquire+0x18c/0x2f0 [ 117.233249] process_one_work+0x8e1/0x19c0 [ 117.233265] ? __pfx_process_one_work+0x10/0x10 [ 117.233278] ? move_linked_works+0x172/0x270 [ 117.233296] ? assign_work+0x196/0x240 [ 117.233309] worker_thread+0x67e/0xe90 [ 117.233322] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 117.233334] ? __pfx_worker_thread+0x10/0x10 [ 117.233347] kthread+0x3c8/0x740 [ 117.233359] ? __pfx_kthread+0x10/0x10 [ 117.233370] ? ret_from_fork+0x23/0x430 [ 117.233388] ? lock_release+0xc8/0x290 [ 117.233400] ? __pfx_kthread+0x10/0x10 [ 117.233411] ret_from_fork+0x34b/0x430 [ 117.233427] ? __pfx_kthread+0x10/0x10 [ 117.233438] ret_from_fork_asm+0x1a/0x30 [ 117.233456] [ 117.233460] kmemleak: Object (percpu) 0x607f1a639c98 (size 8): [ 117.233467] kmemleak: comm "syz-executor.2", pid 3981, jiffies 4294783773 [ 117.233474] kmemleak: min_count = 1 [ 117.233478] kmemleak: count = 0 [ 117.233481] kmemleak: flags = 0x21 [ 117.233485] kmemleak: checksum = 0 [ 117.233488] kmemleak: backtrace: [ 117.233492] pcpu_alloc_noprof+0x87a/0x1170 [ 117.233506] percpu_ref_init+0x37/0x400 [ 117.233523] blkg_alloc+0xe9/0x7d0 [ 117.233535] blkg_create+0xe08/0x1420 [ 117.233547] bio_associate_blkg_from_css+0xe06/0x1380 [ 117.233560] bio_associate_blkg+0x10e/0x2a0 [ 117.233572] bio_init+0x2dd/0x570 [ 117.233585] bio_alloc_bioset+0x2cf/0x8c0 [ 117.233598] submit_bh_wbc+0x286/0x720 [ 117.233615] block_read_full_folio+0x457/0x760 [ 117.233625] filemap_read_folio+0x4a/0x1e0 [ 117.233642] do_read_cache_folio+0x1d6/0x500 [ 117.233651] read_part_sector+0xd1/0x2f0 [ 117.233666] read_lba+0x1b8/0x380 [ 117.233680] efi_partition+0x281/0x28e0 [ 117.233694] bdev_disk_changed+0x78b/0x1440 [ 117.255901] kmemleak: Found object by alias at 0x607f1a639c9c [ 117.255913] CPU: 1 UID: 0 PID: 4001 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.255930] Tainted: [D]=DIE, [W]=WARN [ 117.255934] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.255940] Call Trace: [ 117.255943] [ 117.255947] dump_stack_lvl+0xca/0x120 [ 117.255964] __lookup_object+0x94/0xb0 [ 117.255978] delete_object_full+0x27/0x70 [ 117.255992] free_percpu+0x30/0x1160 [ 117.256006] ? arch_uprobe_clear_state+0x16/0x140 [ 117.256023] futex_hash_free+0x38/0xc0 [ 117.256036] mmput+0x2d3/0x390 [ 117.256053] do_exit+0x79d/0x2970 [ 117.256065] ? lock_release+0x1c7/0x290 [ 117.256078] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 117.256097] ? __pfx_do_exit+0x10/0x10 [ 117.256109] ? do_raw_spin_lock+0x123/0x260 [ 117.256123] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 117.256139] do_group_exit+0xd3/0x2a0 [ 117.256152] get_signal+0x2315/0x2340 [ 117.256171] ? __pfx_get_signal+0x10/0x10 [ 117.256187] ? do_futex+0x135/0x370 [ 117.256200] ? __pfx_do_futex+0x10/0x10 [ 117.256212] arch_do_signal_or_restart+0x80/0x790 [ 117.256228] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 117.256244] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 117.256263] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 117.256282] ? __pfx___x64_sys_futex+0x10/0x10 [ 117.256295] ? xfd_validate_state+0x55/0x180 [ 117.256312] exit_to_user_mode_loop+0x8b/0x110 [ 117.256323] do_syscall_64+0x2f7/0x360 [ 117.256334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.256345] RIP: 0033:0x7f5735243b19 [ 117.256353] Code: Unable to access opcode bytes at 0x7f5735243aef. [ 117.256358] RSP: 002b:00007f57327b9218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.256369] RAX: fffffffffffffe00 RBX: 00007f5735356f68 RCX: 00007f5735243b19 [ 117.256376] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5735356f68 [ 117.256383] RBP: 00007f5735356f60 R08: 0000000000000000 R09: 0000000000000000 [ 117.256390] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5735356f6c [ 117.256397] R13: 00007ffebdef9d3f R14: 00007f57327b9300 R15: 0000000000022000 [ 117.256408] [ 117.256411] kmemleak: Object (percpu) 0x607f1a639c98 (size 8): [ 117.256417] kmemleak: comm "syz-executor.2", pid 3981, jiffies 4294783773 [ 117.256424] kmemleak: min_count = 1 [ 117.256428] kmemleak: count = 0 [ 117.256431] kmemleak: flags = 0x21 [ 117.256435] kmemleak: checksum = 0 [ 117.256439] kmemleak: backtrace: [ 117.256441] pcpu_alloc_noprof+0x87a/0x1170 [ 117.256456] percpu_ref_init+0x37/0x400 [ 117.256471] blkg_alloc+0xe9/0x7d0 [ 117.256482] blkg_create+0xe08/0x1420 [ 117.256493] bio_associate_blkg_from_css+0xe06/0x1380 [ 117.256506] bio_associate_blkg+0x10e/0x2a0 [ 117.256518] bio_init+0x2dd/0x570 [ 117.256529] bio_alloc_bioset+0x2cf/0x8c0 [ 117.256543] submit_bh_wbc+0x286/0x720 [ 117.256563] block_read_full_folio+0x457/0x760 [ 117.256573] filemap_read_folio+0x4a/0x1e0 [ 117.256587] do_read_cache_folio+0x1d6/0x500 [ 117.256597] read_part_sector+0xd1/0x2f0 [ 117.256611] read_lba+0x1b8/0x380 [ 117.256625] efi_partition+0x281/0x28e0 [ 117.256639] bdev_disk_changed+0x78b/0x1440 08:59:17 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000001880), 0x0, 0x10020, &(0x7f00000018c0)={0x77359400}) bind$bt_sco(0xffffffffffffffff, &(0x7f0000001880)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2118}, 0x0, 0x1, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0x80000}]) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000001900), 0x2, &(0x7f0000001980)) 08:59:17 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 117.310456] loop1: detected capacity change from 0 to 1024 [ 117.321102] loop2: detected capacity change from 0 to 1024 [ 117.327839] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#2] SMP KASAN NOPTI [ 117.328868] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 117.329481] CPU: 0 UID: 0 PID: 4016 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.330430] Tainted: [D]=DIE, [W]=WARN [ 117.330740] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.331386] RIP: 0010:__queue_work+0x202/0x1240 [ 117.331772] Code: 48 8b 6d 00 e8 4f 9e 79 03 31 ff 41 89 c5 89 c6 e8 93 f3 31 00 45 85 ed 0f 85 e1 05 00 00 e8 55 f8 31 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 117.333191] RSP: 0018:ffff88801655eec0 EFLAGS: 00010056 [ 117.333611] RAX: 0000000000000000 RBX: ffff88800d793a18 RCX: ffffc90006e26000 [ 117.334176] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 117.334749] RBP: 0000000000000001 R08: 0000000000000000 R09: fffffbfff0f11ef4 [ 117.335307] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 117.335872] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888045d07800 [ 117.336433] FS: 00007f9c0f078700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 117.337064] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.337525] CR2: 0000001b2d22b000 CR3: 000000000d778000 CR4: 0000000000350ef0 [ 117.338087] Call Trace: [ 117.338303] [ 117.338487] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 117.338866] queue_work_on+0xd0/0xe0 [ 117.339169] loop_queue_rq+0x5c8/0x1180 [ 117.339496] __blk_mq_issue_directly+0xd5/0x260 [ 117.339871] ? __pfx___blk_mq_issue_directly+0x10/0x10 [ 117.340289] ? blk_mq_put_tag+0x131/0x160 [ 117.340625] ? bdev_count_inflight_rw.part.0+0x5f/0x380 [ 117.341051] blk_mq_request_issue_directly+0x11c/0x1e0 [ 117.341464] blk_mq_issue_direct+0x192/0x640 [ 117.341817] ? __blk_mq_alloc_requests+0xa16/0x15a0 [ 117.342219] blk_mq_dispatch_queue_requests+0x4b0/0x7c0 [ 117.342651] blk_mq_flush_plug_list+0x1ec/0x5b0 [ 117.343024] ? read_tsc+0x9/0x20 [ 117.343306] ? ktime_get+0x16d/0x270 [ 117.343609] ? trace_block_plug+0x149/0x1b0 [ 117.343964] ? blk_add_rq_to_plug+0x234/0x550 [ 117.344322] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 117.344730] ? blk_mq_submit_bio+0x4fd/0x2220 [ 117.345093] __blk_flush_plug+0x25c/0x460 [ 117.345423] ? __pfx___blk_flush_plug+0x10/0x10 [ 117.345795] ? __pfx_css_rstat_updated+0x10/0x10 [ 117.346184] __submit_bio+0x480/0x5b0 [ 117.346497] ? __pfx___submit_bio+0x10/0x10 [ 117.346837] ? lock_acquire+0x18c/0x2f0 [ 117.347166] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 117.347580] ? read_tsc+0x9/0x20 [ 117.347856] ? ktime_get+0x16d/0x270 [ 117.348164] submit_bio_noacct_nocheck+0x68e/0xcb0 [ 117.348553] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 117.348982] ? __pfx_bio_alloc_bioset+0x10/0x10 [ 117.349361] submit_bio_noacct+0x359/0x1350 [ 117.349704] block_read_full_folio+0x457/0x760 [ 117.350073] ? __pfx_blkdev_get_block+0x10/0x10 [ 117.350455] ? __pfx_blkdev_read_folio+0x10/0x10 [ 117.350832] filemap_read_folio+0x4a/0x1e0 [ 117.351177] do_read_cache_folio+0x1d6/0x500 [ 117.351531] ? __pfx_blkdev_read_folio+0x10/0x10 [ 117.351910] read_part_sector+0xd1/0x2f0 [ 117.352240] read_lba+0x1b8/0x380 [ 117.352529] ? __kmalloc_cache_noprof+0x26f/0x690 [ 117.352919] ? __pfx_read_lba+0x10/0x10 [ 117.353245] efi_partition+0x281/0x28e0 [ 117.353572] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 117.354023] ? __asan_memcpy+0x3d/0x60 [ 117.354343] ? vsnprintf+0x33a/0x1160 [ 117.354658] ? __pfx_efi_partition+0x10/0x10 [ 117.355019] ? snprintf+0xbe/0x100 [ 117.355314] ? __pfx_snprintf+0x10/0x10 [ 117.355637] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 117.356020] ? trace_kmalloc+0x1f/0xb0 [ 117.356334] ? __pfx_efi_partition+0x10/0x10 [ 117.356692] bdev_disk_changed+0x78b/0x1440 [ 117.357047] ? __pfx___mutex_lock+0x10/0x10 [ 117.357399] ? __pfx_bdev_disk_changed+0x10/0x10 [ 117.357783] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 117.358195] loop_reread_partitions+0x70/0x140 [ 117.358571] loop_set_status+0x697/0xa80 [ 117.358901] lo_ioctl+0x17b/0x1c70 [ 117.359195] ? __pfx_lo_ioctl+0x10/0x10 [ 117.359518] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 117.359895] ? lock_acquire+0x18c/0x2f0 [ 117.360215] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 117.360627] ? blkdev_common_ioctl+0x1cd/0x21d0 [ 117.361008] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 117.361406] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 117.361814] ? do_vfs_ioctl+0x125/0x1470 [ 117.362143] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 117.362498] ? ioctl_has_perm.constprop.0.isra.0+0x331/0x4e0 [ 117.362956] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 117.363443] ? __pfx_do_sys_openat2+0x10/0x10 [ 117.363809] ? lock_acquire+0x18c/0x2f0 [ 117.364133] ? __pfx_lo_ioctl+0x10/0x10 [ 117.364453] blkdev_ioctl+0x27c/0x6c0 [ 117.364766] ? __pfx_blkdev_ioctl+0x10/0x10 [ 117.365116] ? selinux_file_ioctl+0xb9/0x280 [ 117.365470] ? __pfx_blkdev_ioctl+0x10/0x10 [ 117.365820] __x64_sys_ioctl+0x18f/0x210 [ 117.366148] do_syscall_64+0xbf/0x360 [ 117.366459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.366869] RIP: 0033:0x7f9c11b028d7 [ 117.367171] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.368582] RSP: 002b:00007f9c0f077ef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 117.369173] RAX: ffffffffffffffda RBX: 00007f9c0f077f40 RCX: 00007f9c11b028d7 [ 117.369729] RDX: 00007f9c0f078050 RSI: 0000000000004c04 RDI: 0000000000000005 [ 117.370290] RBP: 00007f9c11b5cf6d R08: 0000000000000000 R09: 0000000000000000 [ 117.370851] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f9c0f078050 [ 117.371404] R13: 00007ffc43bae9ef R14: 00007f9c0f078300 R15: 0000000000022000 [ 117.371964] [ 117.372152] Modules linked in: [ 117.372412] ---[ end trace 0000000000000000 ]--- [ 117.372782] RIP: 0010:__queue_work+0x202/0x1240 [ 117.373159] Code: 48 8b 6d 00 e8 4f 9e 79 03 31 ff 41 89 c5 89 c6 e8 93 f3 31 00 45 85 ed 0f 85 e1 05 00 00 e8 55 f8 31 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 117.374576] RSP: 0018:ffff8880463ceec0 EFLAGS: 00010056 [ 117.374989] RAX: 0000000000000000 RBX: ffff88800cb3ca18 RCX: ffffc90009439000 [ 117.375542] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 117.376103] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f11ef4 [ 117.376662] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 117.377214] R13: 0000000000000001 R14: 0000000000000000 R15: ffff88801b965000 [ 117.377768] FS: 00007f9c0f078700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 117.378400] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.378862] CR2: 0000001b2d22b000 CR3: 000000000d778000 CR4: 0000000000350ef0 [ 117.379422] note: syz-executor.2[4016] exited with irqs disabled [ 117.380094] note: syz-executor.2[4016] exited with preempt_count 1 [ 117.380902] ------------[ cut here ]------------ [ 117.381277] WARNING: kernel/exit.c:898 at do_exit+0x1c36/0x2970, CPU#0: syz-executor.2/4016 [ 117.382225] Modules linked in: [ 117.382644] CPU: 0 UID: 0 PID: 4016 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.383890] Tainted: [D]=DIE, [W]=WARN [ 117.384199] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.384947] RIP: 0010:do_exit+0x1c36/0x2970 [ 117.385302] Code: 96 0a 00 00 c7 43 18 00 00 00 00 e9 21 e6 ff ff e8 bf a4 38 00 bf 02 24 00 00 e8 f5 ab 0b 00 e9 41 ff ff ff e8 ab a4 38 00 90 <0f> 0b 90 e9 87 e4 ff ff e8 9d a4 38 00 4c 89 e6 bf 05 06 00 00 e8 [ 117.386881] RSP: 0018:ffff88801655fe40 EFLAGS: 00010246 [ 117.387429] RAX: 0000000000040000 RBX: 0000000000000200 RCX: ffffc90006e26000 [ 117.388127] RDX: 0000000000040000 RSI: ffffffff813b42d5 RDI: ffff8880167f2d68 [ 117.388920] RBP: ffff8880167f1b80 R08: 0000000000000001 R09: fffffbfff0f11cd8 [ 117.389675] R10: 0000000000000200 R11: 0000000000000001 R12: 000000000000000b [ 117.390318] R13: 0000000000002710 R14: dffffc0000000000 R15: 0000000000000000 [ 117.391066] FS: 00007f9c0f078700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 117.391781] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.392383] CR2: 0000001b2d22b000 CR3: 000000000d778000 CR4: 0000000000350ef0 [ 117.393070] Call Trace: [ 117.393338] [ 117.393585] ? _printk+0xbe/0xf0 [ 117.393933] ? __pfx__printk+0x10/0x10 [ 117.394337] ? __pfx_do_exit+0x10/0x10 [ 117.394801] make_task_dead+0x174/0x3b0 [ 117.395202] ? do_syscall_64+0xbf/0x360 [ 117.395648] rewind_stack_and_make_dead+0x16/0x20 [ 117.396191] RIP: 0033:0x7f9c11b028d7 [ 117.396591] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.398517] RSP: 002b:00007f9c0f077ef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 117.399198] RAX: ffffffffffffffda RBX: 00007f9c0f077f40 RCX: 00007f9c11b028d7 [ 117.399969] RDX: 00007f9c0f078050 RSI: 0000000000004c04 RDI: 0000000000000005 [ 117.400608] RBP: 00007f9c11b5cf6d R08: 0000000000000000 R09: 0000000000000000 [ 117.401331] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f9c0f078050 [ 117.402080] R13: 00007ffc43bae9ef R14: 00007f9c0f078300 R15: 0000000000022000 [ 117.402846] [ 117.403104] irq event stamp: 0 [ 117.403359] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 117.404050] hardirqs last disabled at (0): [] copy_process+0x1e08/0x73c0 [ 117.404778] softirqs last enabled at (0): [] copy_process+0x1e58/0x73c0 [ 117.405636] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 117.406193] ---[ end trace 0000000000000000 ]--- [ 117.470914] kmemleak: Found object by alias at 0x607f1a639c9c [ 117.470939] CPU: 1 UID: 0 PID: 11 Comm: kworker/u8:0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.470959] Tainted: [D]=DIE, [W]=WARN [ 117.470964] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.470972] Workqueue: netns cleanup_net [ 117.470991] Call Trace: [ 117.470995] [ 117.471000] dump_stack_lvl+0xca/0x120 [ 117.471022] __lookup_object+0x94/0xb0 [ 117.471038] delete_object_full+0x27/0x70 [ 117.471053] free_percpu+0x30/0x1160 [ 117.471071] ? xdp_rxq_info_unreg_mem_model+0x78/0x90 [ 117.471091] free_netdev+0x498/0x960 [ 117.471108] netdev_run_todo+0xab0/0xf80 [ 117.471126] ? __pfx_netdev_run_todo+0x10/0x10 [ 117.471142] ? rtnl_is_locked+0x15/0x20 [ 117.471154] ? unregister_netdevice_queue+0x17f/0x2e0 [ 117.471171] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 117.471189] default_device_exit_batch+0x6e8/0x920 [ 117.471208] ? __pfx_default_device_exit_batch+0x10/0x10 [ 117.471226] ? __pfx_default_device_exit_batch+0x10/0x10 [ 117.471244] ops_undo_list+0x34c/0xa50 [ 117.471267] ? __pfx_ops_undo_list+0x10/0x10 [ 117.471282] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 117.471299] ? lock_release+0x1c7/0x290 [ 117.471311] ? idr_destroy+0x62/0x2c0 [ 117.471326] cleanup_net+0x38d/0x770 [ 117.471336] ? finish_task_switch.isra.0+0x206/0x840 [ 117.471355] ? __pfx_cleanup_net+0x10/0x10 [ 117.471364] ? lock_acquire+0x18c/0x2f0 [ 117.471378] process_one_work+0x8e1/0x19c0 [ 117.471395] ? __pfx_process_one_work+0x10/0x10 [ 117.471408] ? move_linked_works+0x172/0x270 [ 117.471426] ? assign_work+0x196/0x240 [ 117.471438] worker_thread+0x67e/0xe90 [ 117.471451] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 117.471465] ? __pfx_worker_thread+0x10/0x10 [ 117.471478] kthread+0x3c8/0x740 [ 117.471490] ? __pfx_kthread+0x10/0x10 [ 117.471501] ? ret_from_fork+0x23/0x430 [ 117.471520] ? lock_release+0xc8/0x290 [ 117.471532] ? __pfx_kthread+0x10/0x10 [ 117.471543] ret_from_fork+0x34b/0x430 [ 117.471559] ? __pfx_kthread+0x10/0x10 [ 117.471570] ret_from_fork_asm+0x1a/0x30 [ 117.471588] [ 117.471592] kmemleak: Object (percpu) 0x607f1a639c98 (size 8): [ 117.471599] kmemleak: comm "syz-executor.2", pid 3981, jiffies 4294783773 [ 117.471607] kmemleak: min_count = 1 [ 117.471610] kmemleak: count = 0 [ 117.471614] kmemleak: flags = 0x21 [ 117.471618] kmemleak: checksum = 0 [ 117.471621] kmemleak: backtrace: [ 117.471625] pcpu_alloc_noprof+0x87a/0x1170 [ 117.471640] percpu_ref_init+0x37/0x400 [ 117.471657] blkg_alloc+0xe9/0x7d0 [ 117.471669] blkg_create+0xe08/0x1420 [ 117.471681] bio_associate_blkg_from_css+0xe06/0x1380 [ 117.471695] bio_associate_blkg+0x10e/0x2a0 [ 117.471707] bio_init+0x2dd/0x570 [ 117.471720] bio_alloc_bioset+0x2cf/0x8c0 [ 117.471734] submit_bh_wbc+0x286/0x720 [ 117.471750] block_read_full_folio+0x457/0x760 [ 117.471760] filemap_read_folio+0x4a/0x1e0 [ 117.471777] do_read_cache_folio+0x1d6/0x500 [ 117.471786] read_part_sector+0xd1/0x2f0 [ 117.471801] read_lba+0x1b8/0x380 [ 117.471815] efi_partition+0x281/0x28e0 [ 117.471829] bdev_disk_changed+0x78b/0x1440 [ 117.594569] kmemleak: Automatic memory scanning thread ended [ 117.752194] ================================================================== [ 117.752887] BUG: KASAN: slab-use-after-free in __mutex_lock+0xc72/0x1020 [ 117.753510] Read of size 4 at addr ffff888044090034 by task syz-executor.3/286 [ 117.754158] [ 117.754330] CPU: 1 UID: 0 PID: 286 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.754354] Tainted: [D]=DIE, [W]=WARN [ 117.754359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.754368] Call Trace: [ 117.754373] [ 117.754378] dump_stack_lvl+0xca/0x120 [ 117.754403] print_report+0xcb/0x610 [ 117.754422] ? __virt_addr_valid+0x100/0x5d0 [ 117.754444] ? __mutex_lock+0xc72/0x1020 [ 117.754462] ? __mutex_lock+0xc72/0x1020 [ 117.754480] kasan_report+0xca/0x100 [ 117.754497] ? __mutex_lock+0xc72/0x1020 [ 117.754517] __mutex_lock+0xc72/0x1020 [ 117.754535] ? bdev_open+0x3e9/0xe40 [ 117.754550] ? find_inode_fast+0x261/0x610 [ 117.754567] ? __pfx___mutex_lock+0x10/0x10 [ 117.754587] ? __pfx_ilookup+0x10/0x10 [ 117.754602] ? lock_acquire+0x18c/0x2f0 [ 117.754619] ? _atomic_dec_and_lock+0x96/0x110 [ 117.754636] ? disk_block_events+0x21/0x140 [ 117.754651] bdev_open+0x3e9/0xe40 [ 117.754663] ? iput+0x62/0x80 [ 117.754678] blkdev_open+0x277/0x400 [ 117.754694] do_dentry_open+0x71c/0x1420 [ 117.754709] ? __pfx_blkdev_open+0x10/0x10 [ 117.754724] vfs_open+0x82/0x3f0 [ 117.754741] ? may_open+0x1f3/0x420 [ 117.754760] path_openat+0x1c3f/0x2880 [ 117.754775] ? kasan_save_stack+0x34/0x50 [ 117.754790] ? __pfx_path_openat+0x10/0x10 [ 117.754803] ? __kasan_slab_free+0x3f/0x50 [ 117.754819] ? kmem_cache_free+0x2a1/0x540 [ 117.754831] ? putname.part.0+0x11b/0x160 [ 117.754847] ? do_mkdirat+0x254/0x3d0 [ 117.754859] ? __x64_sys_mkdir+0xf3/0x140 [ 117.754872] ? do_syscall_64+0xbf/0x360 [ 117.754884] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.754897] ? xas_start+0x14e/0x710 [ 117.754910] do_filp_open+0x1e8/0x450 [ 117.754923] ? __pfx_do_filp_open+0x10/0x10 [ 117.754935] ? lock_acquire+0x18c/0x2f0 [ 117.754952] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 117.754969] ? lock_release+0x1c7/0x290 [ 117.754985] ? alloc_fd+0x2c1/0x560 [ 117.754998] do_sys_openat2+0x104/0x1b0 [ 117.755016] ? __pfx_do_sys_openat2+0x10/0x10 [ 117.755035] ? putname.part.0+0x11b/0x160 [ 117.755052] __x64_sys_openat+0x142/0x200 [ 117.755070] ? __pfx___x64_sys_openat+0x10/0x10 [ 117.755092] do_syscall_64+0xbf/0x360 [ 117.755103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.755116] RIP: 0033:0x7f61c1a31a04 [ 117.755126] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 117.755139] RSP: 002b:00007ffc99f61b30 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 117.755152] RAX: ffffffffffffffda RBX: 00007ffc99f61c30 RCX: 00007f61c1a31a04 [ 117.755161] RDX: 0000000000000002 RSI: 00007ffc99f61c70 RDI: 00000000ffffff9c [ 117.755170] RBP: 00007ffc99f61c70 R08: 0000000000000000 R09: 00007ffc99f61a40 [ 117.755178] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 117.755186] R13: 0000000000000000 R14: 0000000000000006 R15: 00007ffc99f61c70 [ 117.755199] [ 117.755203] [ 117.780411] Allocated by task 3974: [ 117.780741] kasan_save_stack+0x24/0x50 [ 117.781109] kasan_save_track+0x14/0x30 [ 117.781476] __kasan_slab_alloc+0x59/0x70 [ 117.781859] kmem_cache_alloc_node_noprof+0x21a/0x690 [ 117.782340] copy_process+0x461/0x73c0 [ 117.782701] kernel_clone+0xea/0x7f0 [ 117.783040] __do_sys_clone+0xce/0x120 [ 117.783396] do_syscall_64+0xbf/0x360 [ 117.783743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.784210] [ 117.784368] Freed by task 3993: [ 117.784693] kasan_save_stack+0x24/0x50 [ 117.785064] kasan_save_track+0x14/0x30 [ 117.785431] __kasan_save_free_info+0x3a/0x60 [ 117.785841] __kasan_slab_free+0x3f/0x50 [ 117.786215] kmem_cache_free+0x2a1/0x540 [ 117.786593] rcu_core+0x7c8/0x1800 [ 117.786927] handle_softirqs+0x1b1/0x770 [ 117.787309] __irq_exit_rcu+0xc4/0x100 [ 117.787671] irq_exit_rcu+0x9/0x20 [ 117.787998] sysvec_apic_timer_interrupt+0x70/0x80 [ 117.788451] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 117.788928] [ 117.789086] Last potentially related work creation: [ 117.789529] kasan_save_stack+0x24/0x50 [ 117.789896] kasan_record_aux_stack+0x89/0xa0 [ 117.790316] __call_rcu_common.constprop.0+0x70/0x960 [ 117.790776] __free_event+0x411/0xc20 [ 117.791133] perf_event_release_kernel+0x3ef/0x540 [ 117.791582] perf_release+0x31/0x40 [ 117.791916] __fput+0x401/0xb50 [ 117.792225] fput_close_sync+0x10f/0x240 [ 117.792597] __x64_sys_close+0x8f/0x120 [ 117.792968] do_syscall_64+0xbf/0x360 [ 117.793315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.793781] [ 117.793940] Second to last potentially related work creation: [ 117.794473] kasan_save_stack+0x24/0x50 [ 117.794836] kasan_record_aux_stack+0x89/0xa0 [ 117.795246] __call_rcu_common.constprop.0+0x70/0x960 [ 117.795716] put_task_struct_rcu_user+0x75/0xc0 [ 117.796144] __schedule+0xe86/0x3590 [ 117.796487] schedule+0xdb/0x390 [ 117.796801] irqentry_exit_to_user_mode+0xb0/0x1c0 [ 117.797255] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 117.797728] [ 117.797885] The buggy address belongs to the object at ffff888044090000 [ 117.797885] which belongs to the cache task_struct of size 6784 [ 117.798999] The buggy address is located 52 bytes inside of [ 117.798999] freed 6784-byte region [ffff888044090000, ffff888044091a80) [ 117.800074] [ 117.800231] The buggy address belongs to the physical page: [ 117.800740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44090 [ 117.801455] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 117.802139] memcg:ffff88800eb679c1 [ 117.802464] anon flags: 0x100000000000040(head|node=0|zone=1) [ 117.802992] page_type: f5(slab) [ 117.803295] raw: 0100000000000040 ffff888008ff7640 0000000000000000 dead000000000001 [ 117.803984] raw: 0000000000000000 0000000000040004 00000000f5000000 ffff88800eb679c1 [ 117.804668] head: 0100000000000040 ffff888008ff7640 0000000000000000 dead000000000001 [ 117.805361] head: 0000000000000000 0000000000040004 00000000f5000000 ffff88800eb679c1 [ 117.806053] head: 0100000000000003 ffffea0001102401 00000000ffffffff 00000000ffffffff [ 117.806751] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 117.807435] page dumped because: kasan: bad access detected [ 117.807935] [ 117.808092] Memory state around the buggy address: [ 117.808527] ffff88804408ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 117.809166] ffff88804408ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 117.809807] >ffff888044090000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 117.810450] ^ [ 117.810892] ffff888044090080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 117.811533] ffff888044090100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 117.812173] ================================================================== 08:59:18 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:59:18 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:59:18 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000001880), 0x0, 0x10020, &(0x7f00000018c0)={0x77359400}) bind$bt_sco(0xffffffffffffffff, &(0x7f0000001880)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2118}, 0x0, 0x1, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0x80000}]) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000001900), 0x2, &(0x7f0000001980)) 08:59:18 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000080)={0x8b}, &(0x7f00000000c0), 0x0) 08:59:18 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:59:18 executing program 3: recvmmsg(0xffffffffffffffff, &(0x7f0000001880), 0x0, 0x10020, &(0x7f00000018c0)={0x77359400}) bind$bt_sco(0xffffffffffffffff, &(0x7f0000001880)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2118}, 0x0, 0x1, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0x80000}]) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000001900), 0x2, &(0x7f0000001980)) 08:59:18 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:59:18 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 118.228471] audit: type=1326 audit(1756457958.189:16): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4031 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f17371b8b19 code=0x0 [ 118.248941] loop1: detected capacity change from 0 to 1024 08:59:18 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:59:18 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 118.424026] ------------[ cut here ]------------ [ 118.424873] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#1: syz-executor.1/4046 [ 118.426235] Modules linked in: [ 118.426750] CPU: 1 UID: 0 PID: 4046 Comm: syz-executor.1 Tainted: G B D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 118.428476] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 118.429215] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.430411] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 118.431215] Code: 05 16 42 81 04 01 e8 31 f8 91 ff e9 41 fc ff ff e8 b7 50 b4 ff 31 ff 44 89 ee e8 dd 4b b4 ff 45 85 ed 79 09 e8 a3 50 b4 ff 90 <0f> 0b 90 e8 9a 50 b4 ff e8 75 f6 fb 02 31 ff 89 c5 89 c6 e8 ba 4b [ 118.433831] RSP: 0018:ffff888045de79b8 EFLAGS: 00010293 [ 118.434630] RAX: 0000000000000000 RBX: 1ffff11008bbcf3c RCX: ffffffff81bf96d3 [ 118.435669] RDX: ffff888045c8d280 RSI: ffffffff81bf96dd RDI: 0000000000000005 [ 118.436712] RBP: ffff888043a0ddc0 R08: 0000000000000001 R09: 0000000000000000 [ 118.438534] R10: 00000000ffffffff R11: 0000000000000000 R12: ffff888045de7a20 [ 118.440366] R13: 00000000ffffffff R14: dead000000000100 R15: ffff888043a0ddc0 [ 118.441428] FS: 0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 118.442614] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.443469] CR2: 000000000000000e CR3: 00000000443c9000 CR4: 0000000000350ef0 [ 118.444530] Call Trace: [ 118.444934] [ 118.445268] ? __pfx_mntput_no_expire+0x10/0x10 [ 118.445984] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 118.446708] ? shrink_dentry_list+0x1a/0x650 [ 118.447364] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 118.448174] namespace_unlock+0x7f1/0x810 [ 118.448808] ? __pfx_namespace_unlock+0x10/0x10 [ 118.449514] ? do_raw_spin_lock+0x123/0x260 [ 118.450174] ? __pfx_umount_tree+0x10/0x10 [ 118.450820] ? lock_acquire+0x18c/0x2f0 [ 118.451416] ? lock_release+0x1c7/0x290 [ 118.452029] put_mnt_ns+0xf5/0x120 [ 118.452577] free_nsproxy+0x3a/0x400 [ 118.453135] switch_task_namespaces+0xe2/0x100 [ 118.453829] do_exit+0x841/0x2970 [ 118.454362] ? proc_coredump_connector+0x2bf/0x4e0 [ 118.455106] ? __pfx_do_exit+0x10/0x10 [ 118.455697] ? kmem_cache_free+0x2a1/0x540 [ 118.456314] ? __sigqueue_free+0xc0/0x290 [ 118.456948] do_group_exit+0xd3/0x2a0 [ 118.457522] get_signal+0x2315/0x2340 [ 118.458133] ? __pfx_get_signal+0x10/0x10 [ 118.458778] ? force_sig_fault+0xb4/0xf0 [ 118.459376] ? __pfx_force_sig_fault+0x10/0x10 [ 118.460080] arch_do_signal_or_restart+0x80/0x790 [ 118.460822] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 118.461633] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 118.462513] ? lock_mm_and_find_vma+0xaa/0x6f0 [ 118.463218] irqentry_exit_to_user_mode+0x106/0x1c0 [ 118.463984] exc_page_fault+0xd9/0x180 [ 118.464592] asm_exc_page_fault+0x26/0x30 [ 118.465199] RIP: 0033:0xe [ 118.465634] Code: Unable to access opcode bytes at 0xffffffffffffffe4. [ 118.466600] RSP: 002b:00007fab49ec9190 EFLAGS: 00010217 [ 118.467369] RAX: 0000000000000000 RBX: 00007fab4ca66f60 RCX: 00007fab4c953b19 [ 118.468403] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200002c0 [ 118.469443] RBP: 00007fab4c9adf6d R08: 0000000000000000 R09: 0000000000000000 [ 118.470486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.471523] R13: 00007ffd73657dcf R14: 00007fab49ec9300 R15: 0000000000022000 [ 118.472575] [ 118.472921] irq event stamp: 0 [ 118.473385] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 118.474323] hardirqs last disabled at (0): [] copy_process+0x1e08/0x73c0 [ 118.475519] softirqs last enabled at (0): [] copy_process+0x1e58/0x73c0 [ 118.476723] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 118.477647] ---[ end trace 0000000000000000 ]--- 08:59:18 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:59:18 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:59:18 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:59:18 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:59:18 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:59:18 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x12f1) r2 = fork() r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r3, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r3) ptrace(0x10, r2) ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r4 = memfd_secret(0x80000) fcntl$lock(r4, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r2}) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) VM DIAGNOSIS: 08:59:17 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828e3230 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880463ce758 R8 =0000000000000000 R9 =ffffed10016d4046 R10=00000000000fe503 R11=0000000065646f43 R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e4882 R15=dffffc0000000000 RIP=ffffffff828e3285 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f61beff4700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 ffff888000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f8f2c290498 CR3=00000000447ab000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000000 RBX=ffff888045cbfce0 RCX=1ffff11003b94c01 RDX=0000000000000000 RSI=ffffffff81a028da RDI=ffff88801dca6008 RBP=0000000000000000 RSP=ffff888045cbf830 R8 =0000000000000000 R9 =fffff940001d483e R10=ffffffffffffffff R11=1ffff1100d9e6f7b R12=ffffffffffffffff R13=0000000000000001 R14=ffff88801dca6000 R15=800000003a907007 RIP=ffffffff81a0291b RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 ffff888000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000c00062f000 CR3=00000000342c4000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000