Warning: Permanently added '[localhost]:60941' (ECDSA) to the list of known hosts.
2025/08/29 08:19:49 fuzzer started
2025/08/29 08:19:50 dialing manager at localhost:43077
syzkaller login: [ 51.098944] cgroup: Unknown subsys name 'net'
[ 51.165364] cgroup: Unknown subsys name 'cpuset'
[ 51.183008] cgroup: Unknown subsys name 'rlimit'
2025/08/29 08:20:01 syscalls: 2214
2025/08/29 08:20:01 code coverage: enabled
2025/08/29 08:20:01 comparison tracing: enabled
2025/08/29 08:20:01 extra coverage: enabled
2025/08/29 08:20:01 setuid sandbox: enabled
2025/08/29 08:20:01 namespace sandbox: enabled
2025/08/29 08:20:01 Android sandbox: enabled
2025/08/29 08:20:01 fault injection: enabled
2025/08/29 08:20:01 leak checking: enabled
2025/08/29 08:20:01 net packet injection: enabled
2025/08/29 08:20:01 net device setup: enabled
2025/08/29 08:20:01 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 08:20:01 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 08:20:01 USB emulation: enabled
2025/08/29 08:20:01 hci packet injection: enabled
2025/08/29 08:20:01 wifi device emulation: enabled
2025/08/29 08:20:01 802.15.4 emulation: enabled
2025/08/29 08:20:01 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 08:20:01 fetching corpus: 50, signal 21803/24788 (executing program)
2025/08/29 08:20:01 fetching corpus: 100, signal 38800/42101 (executing program)
2025/08/29 08:20:01 fetching corpus: 150, signal 43117/47142 (executing program)
2025/08/29 08:20:01 fetching corpus: 200, signal 49532/53799 (executing program)
2025/08/29 08:20:01 fetching corpus: 250, signal 55382/59682 (executing program)
2025/08/29 08:20:01 fetching corpus: 300, signal 59703/64058 (executing program)
2025/08/29 08:20:02 fetching corpus: 350, signal 64203/68523 (executing program)
2025/08/29 08:20:02 fetching corpus: 400, signal 66676/71059 (executing program)
2025/08/29 08:20:02 fetching corpus: 450, signal 69121/73478 (executing program)
2025/08/29 08:20:02 fetching corpus: 500, signal 72959/76819 (executing program)
2025/08/29 08:20:02 fetching corpus: 550, signal 75230/78777 (executing program)
2025/08/29 08:20:02 fetching corpus: 600, signal 77721/80823 (executing program)
2025/08/29 08:20:02 fetching corpus: 650, signal 81096/83331 (executing program)
2025/08/29 08:20:03 fetching corpus: 700, signal 83567/85136 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/86040 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/86128 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/86218 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/86300 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/86389 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/86469 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/86556 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/86630 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/86724 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/86815 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/86911 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/86993 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/87097 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/87196 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/87284 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/87371 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/87450 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/87549 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/87645 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/87750 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/87834 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/87934 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/88021 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/88107 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/88176 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/88259 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/88342 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/88423 (executing program)
2025/08/29 08:20:03 fetching corpus: 732, signal 84598/88423 (executing program)
2025/08/29 08:20:04 starting 8 fuzzer processes
08:20:04 executing program 0:
syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x5c000, 0x0, &(0x7f0000000200), 0x8000, &(0x7f0000000000))
08:20:04 executing program 7:
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x32, 0x2d, 0x39, 0x2c, 0x34]}}}}]})
08:20:04 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
08:20:04 executing program 2:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000000c0), 0x8)
read$snapshot(r0, 0x0, 0x0)
08:20:04 executing program 3:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
fcntl$setsig(r0, 0xa, 0x0)
ioctl$TIOCL_SETSEL(r0, 0x5452, &(0x7f0000000040))
08:20:04 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x7f)
08:20:04 executing program 5:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000003700), 0x0, 0x0)
ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000000))
[ 65.865087] audit: type=1400 audit(1756455604.993:7): avc: denied { execmem } for pid=277 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
08:20:05 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
truncate(&(0x7f0000000180)='./file0\x00', 0x2)
[ 67.013705] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 67.016058] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 67.017869] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 67.021416] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 67.024414] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 67.087406] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 67.091193] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 67.092888] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 67.098535] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 67.106094] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 67.108126] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 67.117651] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 67.119273] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 67.143762] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 67.146060] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 67.148303] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 67.149655] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 67.151421] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 67.156226] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 67.159396] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 67.163107] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 67.164537] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 67.166508] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 67.171001] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 67.172596] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 67.177034] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 67.178307] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 67.195330] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 67.196668] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 67.207090] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 67.210448] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 67.215158] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 67.222616] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 67.224896] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 67.228255] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 67.236388] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 67.236461] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 67.244402] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 67.249730] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 67.258266] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 69.046995] Bluetooth: hci0: command tx timeout
[ 69.172965] Bluetooth: hci1: command tx timeout
[ 69.237130] Bluetooth: hci5: command tx timeout
[ 69.238255] Bluetooth: hci2: command tx timeout
[ 69.301063] Bluetooth: hci4: command tx timeout
[ 69.302152] Bluetooth: hci3: command tx timeout
[ 69.365240] Bluetooth: hci7: command tx timeout
[ 69.366181] Bluetooth: hci6: command tx timeout
[ 71.092860] Bluetooth: hci0: command tx timeout
[ 71.221833] Bluetooth: hci1: command tx timeout
[ 71.287900] Bluetooth: hci2: command tx timeout
[ 71.288689] Bluetooth: hci5: command tx timeout
[ 71.348961] Bluetooth: hci4: command tx timeout
[ 71.349754] Bluetooth: hci3: command tx timeout
[ 71.413712] Bluetooth: hci6: command tx timeout
[ 71.414768] Bluetooth: hci7: command tx timeout
[ 73.140843] Bluetooth: hci0: command tx timeout
[ 73.269825] Bluetooth: hci1: command tx timeout
[ 73.333846] Bluetooth: hci5: command tx timeout
[ 73.334290] Bluetooth: hci2: command tx timeout
[ 73.397849] Bluetooth: hci3: command tx timeout
[ 73.398289] Bluetooth: hci4: command tx timeout
[ 73.460852] Bluetooth: hci6: command tx timeout
[ 73.461295] Bluetooth: hci7: command tx timeout
[ 75.189842] Bluetooth: hci0: command tx timeout
[ 75.316969] Bluetooth: hci1: command tx timeout
[ 75.380846] Bluetooth: hci2: command tx timeout
[ 75.381307] Bluetooth: hci5: command tx timeout
[ 75.444940] Bluetooth: hci4: command tx timeout
[ 75.445398] Bluetooth: hci3: command tx timeout
[ 75.508866] Bluetooth: hci7: command tx timeout
[ 75.509329] Bluetooth: hci6: command tx timeout
[ 101.732218] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 101.733165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 101.856719] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 101.857620] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.072605] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.073846] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.133090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.133721] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:20:41 executing program 5:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000003700), 0x0, 0x0)
ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000000))
[ 102.233203] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.234055] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:20:41 executing program 5:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000003700), 0x0, 0x0)
ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000000))
08:20:41 executing program 5:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000003700), 0x0, 0x0)
ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000000))
[ 102.329697] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.330317] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.355584] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.356190] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:20:41 executing program 5:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000003700), 0x0, 0x0)
ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000000))
[ 102.387122] audit: type=1400 audit(1756455641.514:8): avc: denied { open } for pid=3878 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 102.390577] audit: type=1400 audit(1756455641.515:9): avc: denied { kernel } for pid=3878 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
08:20:41 executing program 5:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000003700), 0x0, 0x0)
ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000000))
[ 102.415344] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.415973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:20:41 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
truncate(&(0x7f0000000180)='./file0\x00', 0x2)
[ 102.450127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.450709] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:20:41 executing program 5:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000003700), 0x0, 0x0)
ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000000))
[ 102.481306] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.481936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:20:41 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
truncate(&(0x7f0000000180)='./file0\x00', 0x2)
[ 102.551854] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.552450] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.611022] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.611605] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.667892] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.668533] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.731126] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.731750] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.854842] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.855470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.961365] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.961973] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.973493] tmpfs: Bad value for 'mpol'
[ 102.976238] tmpfs: Bad value for 'mpol'
[ 102.997116] loop0: detected capacity change from 0 to 736
08:20:42 executing program 3:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
fcntl$setsig(r0, 0xa, 0x0)
ioctl$TIOCL_SETSEL(r0, 0x5452, &(0x7f0000000040))
08:20:42 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
08:20:42 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
truncate(&(0x7f0000000180)='./file0\x00', 0x2)
08:20:42 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
truncate(&(0x7f0000000180)='./file0\x00', 0x2)
08:20:42 executing program 2:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000000c0), 0x8)
read$snapshot(r0, 0x0, 0x0)
08:20:42 executing program 7:
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x32, 0x2d, 0x39, 0x2c, 0x34]}}}}]})
08:20:42 executing program 0:
syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x5c000, 0x0, &(0x7f0000000200), 0x8000, &(0x7f0000000000))
08:20:42 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x7f)
[ 103.216280] loop0: detected capacity change from 0 to 736
[ 103.218554] tmpfs: Bad value for 'mpol'
[ 103.242392] kmemleak: Found object by alias at 0x607f1a633b84
[ 103.242409] CPU: 0 UID: 0 PID: 3923 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 103.242428] Tainted: [W]=WARN
[ 103.242432] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 103.242439] Call Trace:
[ 103.242444]
[ 103.242448] dump_stack_lvl+0xca/0x120
[ 103.242476] __lookup_object+0x94/0xb0
[ 103.242494] delete_object_full+0x27/0x70
[ 103.242510] free_percpu+0x30/0x1160
[ 103.242527] ? arch_uprobe_clear_state+0x16/0x140
[ 103.242547] futex_hash_free+0x38/0xc0
[ 103.242562] mmput+0x2d3/0x390
[ 103.242586] do_exit+0x79d/0x2970
[ 103.242599] ? lock_release+0xc8/0x290
[ 103.242616] ? __pfx_do_exit+0x10/0x10
[ 103.242630] ? find_held_lock+0x2b/0x80
[ 103.242647] ? get_signal+0x835/0x2340
[ 103.242667] do_group_exit+0xd3/0x2a0
[ 103.242682] get_signal+0x2315/0x2340
[ 103.242704] ? __pfx_get_signal+0x10/0x10
[ 103.242720] ? do_futex+0x135/0x370
[ 103.242734] ? __pfx_do_futex+0x10/0x10
[ 103.242749] arch_do_signal_or_restart+0x80/0x790
[ 103.242767] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 103.242782] ? __x64_sys_futex+0x1c9/0x4d0
[ 103.242794] ? __x64_sys_futex+0x1d2/0x4d0
[ 103.242808] ? fput+0x6a/0x100
[ 103.242823] ? __pfx___x64_sys_futex+0x10/0x10
[ 103.242835] ? ksys_read+0x1a3/0x240
[ 103.242847] ? __pfx_ksys_read+0x10/0x10
[ 103.242862] exit_to_user_mode_loop+0x8b/0x110
[ 103.242876] do_syscall_64+0x2f7/0x360
[ 103.242888] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.242900] RIP: 0033:0x7f0a37792b19
[ 103.242909] Code: Unable to access opcode bytes at 0x7f0a37792aef.
[ 103.242915] RSP: 002b:00007f0a34d08218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 103.242926] RAX: fffffffffffffe00 RBX: 00007f0a378a5f68 RCX: 00007f0a37792b19
[ 103.242934] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0a378a5f68
[ 103.242941] RBP: 00007f0a378a5f60 R08: 0000000000000000 R09: 0000000000000000
[ 103.242948] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0a378a5f6c
[ 103.242955] R13: 00007ffcc0f4248f R14: 00007f0a34d08300 R15: 0000000000022000
[ 103.242971]
[ 103.242975] kmemleak: Object (percpu) 0x607f1a633b80 (size 8):
[ 103.242982] kmemleak: comm "syz-executor.4", pid 289, jiffies 4294770001
[ 103.242989] kmemleak: min_count = 1
[ 103.242993] kmemleak: count = 0
[ 103.242997] kmemleak: flags = 0x21
[ 103.243001] kmemleak: checksum = 0
[ 103.243005] kmemleak: backtrace:
[ 103.243009] pcpu_alloc_noprof+0x87a/0x1170
[ 103.243023] percpu_ref_init+0x37/0x400
[ 103.243042] cgroup_mkdir+0x28a/0x1110
[ 103.243055] kernfs_iop_mkdir+0x111/0x190
[ 103.243070] vfs_mkdir+0x59a/0x8d0
[ 103.243087] do_mkdirat+0x19f/0x3d0
[ 103.243097] __x64_sys_mkdir+0xf3/0x140
[ 103.243107] do_syscall_64+0xbf/0x360
[ 103.243116] entry_SYSCALL_64_after_hwframe+0x77/0x7f
08:20:42 executing program 3:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
fcntl$setsig(r0, 0xa, 0x0)
ioctl$TIOCL_SETSEL(r0, 0x5452, &(0x7f0000000040))
08:20:42 executing program 7:
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x32, 0x2d, 0x39, 0x2c, 0x34]}}}}]})
08:20:42 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x7f)
08:20:42 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
truncate(&(0x7f0000000180)='./file0\x00', 0x2)
08:20:42 executing program 2:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000000c0), 0x8)
read$snapshot(r0, 0x0, 0x0)
08:20:42 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x7f)
08:20:42 executing program 0:
syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x5c000, 0x0, &(0x7f0000000200), 0x8000, &(0x7f0000000000))
08:20:42 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
[ 103.395342] tmpfs: Bad value for 'mpol'
[ 103.406319] loop0: detected capacity change from 0 to 736
08:20:42 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x7f)
08:20:42 executing program 2:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000000c0), 0x8)
read$snapshot(r0, 0x0, 0x0)
08:20:42 executing program 3:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
fcntl$setsig(r0, 0xa, 0x0)
ioctl$TIOCL_SETSEL(r0, 0x5452, &(0x7f0000000040))
08:20:42 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x7f)
08:20:42 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
truncate(&(0x7f0000000180)='./file0\x00', 0x2)
08:20:42 executing program 7:
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x32, 0x2d, 0x39, 0x2c, 0x34]}}}}]})
08:20:42 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
[ 103.544390] kmemleak: Found object by alias at 0x607f1a633b84
[ 103.544408] CPU: 1 UID: 0 PID: 3949 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 103.544426] Tainted: [W]=WARN
[ 103.544430] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 103.544438] Call Trace:
[ 103.544442]
[ 103.544446] dump_stack_lvl+0xca/0x120
[ 103.544475] __lookup_object+0x94/0xb0
[ 103.544492] delete_object_full+0x27/0x70
[ 103.544508] free_percpu+0x30/0x1160
[ 103.544525] ? arch_uprobe_clear_state+0x16/0x140
[ 103.544545] futex_hash_free+0x38/0xc0
[ 103.544560] mmput+0x2d3/0x390
[ 103.544578] do_exit+0x79d/0x2970
[ 103.544592] ? signal_wake_up_state+0x85/0x120
[ 103.544608] ? zap_other_threads+0x2b9/0x3a0
[ 103.544623] ? __pfx_do_exit+0x10/0x10
[ 103.544636] ? do_group_exit+0x1c3/0x2a0
[ 103.544649] ? lock_release+0xc8/0x290
[ 103.544666] do_group_exit+0xd3/0x2a0
[ 103.544680] __x64_sys_exit_group+0x3e/0x50
[ 103.544694] x64_sys_call+0x18c5/0x18d0
[ 103.544709] do_syscall_64+0xbf/0x360
[ 103.544721] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.544733] RIP: 0033:0x7f0a37792b19
[ 103.544742] Code: Unable to access opcode bytes at 0x7f0a37792aef.
[ 103.544747] RSP: 002b:00007ffcc0f426b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 103.544758] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f0a37792b19
[ 103.544766] RDX: 00007f0a3774572b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 103.544773] RBP: 0000000000000000 R08: 0000001b2d220618 R09: 0000000000000000
[ 103.544787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 103.544795] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffcc0f427a0
[ 103.544810]
[ 103.544814] kmemleak: Object (percpu) 0x607f1a633b80 (size 8):
[ 103.544821] kmemleak: comm "syz-executor.1", pid 3957, jiffies 4294770427
[ 103.544828] kmemleak: min_count = 1
[ 103.544832] kmemleak: count = 0
[ 103.544836] kmemleak: flags = 0x21
[ 103.544840] kmemleak: checksum = 0
[ 103.544844] kmemleak: backtrace:
[ 103.544847] pcpu_alloc_noprof+0x87a/0x1170
[ 103.544862] perf_trace_event_init+0x366/0xa10
[ 103.544876] perf_trace_init+0x1a4/0x2f0
[ 103.544888] perf_tp_event_init+0xa6/0x120
[ 103.544903] perf_try_init_event+0x140/0x9f0
[ 103.544917] perf_event_alloc.part.0+0x118e/0x45f0
[ 103.544933] __do_sys_perf_event_open+0x719/0x2c20
[ 103.544946] do_syscall_64+0xbf/0x360
[ 103.544954] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.546970] tmpfs: Bad value for 'mpol'
[ 103.672013] loop0: detected capacity change from 0 to 736
08:20:42 executing program 3:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
fcntl$setsig(r0, 0xa, 0x0)
ioctl$TIOCL_SETSEL(r0, 0x5452, &(0x7f0000000040))
08:20:42 executing program 0:
syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x5c000, 0x0, &(0x7f0000000200), 0x8000, &(0x7f0000000000))
08:20:42 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
08:20:42 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
08:20:42 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x7f)
08:20:42 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
08:20:42 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
truncate(&(0x7f0000000180)='./file0\x00', 0x2)
08:20:42 executing program 3:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
fcntl$setsig(r0, 0xa, 0x0)
ioctl$TIOCL_SETSEL(r0, 0x5452, &(0x7f0000000040))
08:20:42 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
08:20:42 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
08:20:42 executing program 5:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x21084, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x6)
08:20:42 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
[ 103.917880] kmemleak: Found object by alias at 0x607f1a633b84
[ 103.917901] CPU: 0 UID: 0 PID: 3982 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 103.917919] Tainted: [W]=WARN
[ 103.917923] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 103.917931] Call Trace:
[ 103.917935]
[ 103.917940] dump_stack_lvl+0xca/0x120
[ 103.917969] __lookup_object+0x94/0xb0
[ 103.917988] delete_object_full+0x27/0x70
[ 103.918004] free_percpu+0x30/0x1160
[ 103.918020] ? arch_uprobe_clear_state+0x16/0x140
[ 103.918041] futex_hash_free+0x38/0xc0
[ 103.918056] mmput+0x2d3/0x390
[ 103.918075] do_exit+0x79d/0x2970
[ 103.918089] ? signal_wake_up_state+0x85/0x120
[ 103.918108] ? zap_other_threads+0x2b9/0x3a0
[ 103.918128] ? __pfx_do_exit+0x10/0x10
[ 103.918141] ? do_group_exit+0x1c3/0x2a0
[ 103.918154] ? lock_release+0xc8/0x290
[ 103.918172] do_group_exit+0xd3/0x2a0
[ 103.918187] __x64_sys_exit_group+0x3e/0x50
[ 103.918201] x64_sys_call+0x18c5/0x18d0
[ 103.918217] do_syscall_64+0xbf/0x360
[ 103.918229] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.918241] RIP: 0033:0x7f0a37792b19
[ 103.918250] Code: Unable to access opcode bytes at 0x7f0a37792aef.
[ 103.918255] RSP: 002b:00007ffcc0f426b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 103.918266] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f0a37792b19
[ 103.918274] RDX: 00007f0a3774572b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 103.918282] RBP: 0000000000000000 R08: 0000001b2d226668 R09: 0000000000000000
[ 103.918289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 103.918296] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffcc0f427a0
[ 103.918313]
[ 103.918317] kmemleak: Object (percpu) 0x607f1a633b80 (size 8):
[ 103.918324] kmemleak: comm "syz-executor.1", pid 3987, jiffies 4294770791
[ 103.918331] kmemleak: min_count = 1
[ 103.918334] kmemleak: count = 0
[ 103.918338] kmemleak: flags = 0x21
[ 103.918342] kmemleak: checksum = 0
[ 103.918346] kmemleak: backtrace:
[ 103.918350] pcpu_alloc_noprof+0x87a/0x1170
[ 103.918364] perf_trace_event_init+0x366/0xa10
[ 103.918378] perf_trace_init+0x1a4/0x2f0
[ 103.918389] perf_tp_event_init+0xa6/0x120
[ 103.918405] perf_try_init_event+0x140/0x9f0
[ 103.918418] perf_event_alloc.part.0+0x118e/0x45f0
[ 103.918434] __do_sys_perf_event_open+0x719/0x2c20
[ 103.918447] do_syscall_64+0xbf/0x360
[ 103.918455] entry_SYSCALL_64_after_hwframe+0x77/0x7f
08:20:42 executing program 3:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
fcntl$setsig(r0, 0xa, 0x0)
ioctl$TIOCL_SETSEL(r0, 0x5452, &(0x7f0000000040))
08:20:42 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
truncate(&(0x7f0000000180)='./file0\x00', 0x2)
08:20:42 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
08:20:42 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
08:20:43 executing program 5:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x21084, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x6)
08:20:43 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
08:20:43 executing program 3:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x21084, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x6)
08:20:43 executing program 6:
creat(&(0x7f0000000100)='./file0\x00', 0x0)
lsetxattr$security_selinux(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), &(0x7f0000000240)='system_u:object_r:update_modules_exec_t:s0\x00', 0x2b, 0x3)
08:20:43 executing program 0:
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8)
08:20:43 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0002}]})
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)
08:20:43 executing program 5:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x21084, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x6)
08:20:43 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x0)
truncate(&(0x7f0000000180)='./file0\x00', 0x2)
08:20:43 executing program 1:
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@mpol={'mpol', 0x3d, {'default', '=relative', @val={0x3a, [0x36, 0x2d, 0x39, 0x3a]}}}}]})
[ 104.067244] SELinux: Context system_u:object_r:update_modules_exec_t:s0 is not valid (left unmapped).
[ 104.080189] tmpfs: Bad value for 'mpol'
[ 104.086403] tmpfs: Bad value for 'mpol'
08:20:43 executing program 3:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x21084, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x6)
08:20:43 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0002}]})
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)
08:20:43 executing program 0:
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8)
08:20:43 executing program 6:
creat(&(0x7f0000000100)='./file0\x00', 0x0)
lsetxattr$security_selinux(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), &(0x7f0000000240)='system_u:object_r:update_modules_exec_t:s0\x00', 0x2b, 0x3)
08:20:43 executing program 5:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x21084, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x6)
08:20:43 executing program 1:
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@mpol={'mpol', 0x3d, {'default', '=relative', @val={0x3a, [0x36, 0x2d, 0x39, 0x3a]}}}}]})
[ 104.186110] tmpfs: Bad value for 'mpol'
08:20:43 executing program 2:
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8)
08:20:43 executing program 6:
creat(&(0x7f0000000100)='./file0\x00', 0x0)
lsetxattr$security_selinux(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), &(0x7f0000000240)='system_u:object_r:update_modules_exec_t:s0\x00', 0x2b, 0x3)
08:20:43 executing program 1:
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@mpol={'mpol', 0x3d, {'default', '=relative', @val={0x3a, [0x36, 0x2d, 0x39, 0x3a]}}}}]})
08:20:43 executing program 0:
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8)
[ 104.263549] tmpfs: Bad value for 'mpol'
08:20:43 executing program 3:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x21084, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x6)
08:20:43 executing program 6:
creat(&(0x7f0000000100)='./file0\x00', 0x0)
lsetxattr$security_selinux(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), &(0x7f0000000240)='system_u:object_r:update_modules_exec_t:s0\x00', 0x2b, 0x3)
08:20:43 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0002}]})
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)
08:20:43 executing program 5:
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8)
08:20:43 executing program 4:
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8)
08:20:43 executing program 1:
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@mpol={'mpol', 0x3d, {'default', '=relative', @val={0x3a, [0x36, 0x2d, 0x39, 0x3a]}}}}]})
08:20:43 executing program 2:
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8)
08:20:43 executing program 0:
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8)
[ 104.348279] tmpfs: Bad value for 'mpol'
08:20:43 executing program 4:
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8)
08:20:43 executing program 5:
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8)
08:20:43 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0002}]})
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)
08:20:43 executing program 2:
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8)
08:20:43 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0)
mknod(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0)
08:20:43 executing program 5:
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8)
08:20:43 executing program 4:
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8)
08:20:43 executing program 6:
statx(0xffffffffffffff9c, 0x0, 0x0, 0xd0b83088af073d4b, 0x0)
08:20:43 executing program 0:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
flock(r2, 0x2)
flock(r0, 0x1)
08:20:43 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x6, 0x2, [{}, {}]}]}]}]}, 0x38}}, 0x0)
08:20:43 executing program 7:
syz_mount_image$msdos(&(0x7f0000001280), &(0x7f00000012c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000024c0)={[{@dots}, {@fat=@dos1xfloppy}, {@fat=@debug}, {@fat=@umask}, {@fat=@discard}]})
[ 104.499214] No source specified
[ 104.501989] No source specified
[ 104.538701] kmemleak: Found object by alias at 0x607f1a633b84
[ 104.538722] CPU: 1 UID: 0 PID: 4056 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 104.538740] Tainted: [W]=WARN
[ 104.538744] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 104.538752] Call Trace:
[ 104.538756]
[ 104.538761] dump_stack_lvl+0xca/0x120
[ 104.538794] __lookup_object+0x94/0xb0
[ 104.538811] delete_object_full+0x27/0x70
[ 104.538827] free_percpu+0x30/0x1160
[ 104.538845] ? arch_uprobe_clear_state+0x16/0x140
[ 104.538865] futex_hash_free+0x38/0xc0
[ 104.538879] mmput+0x2d3/0x390
[ 104.538898] do_exit+0x79d/0x2970
[ 104.538912] ? signal_wake_up_state+0x85/0x120
[ 104.538928] ? zap_other_threads+0x2b9/0x3a0
[ 104.538944] ? __pfx_do_exit+0x10/0x10
[ 104.538956] ? do_group_exit+0x1c3/0x2a0
[ 104.538970] ? lock_release+0xc8/0x290
[ 104.538987] do_group_exit+0xd3/0x2a0
[ 104.539002] __x64_sys_exit_group+0x3e/0x50
[ 104.539016] x64_sys_call+0x18c5/0x18d0
[ 104.539031] do_syscall_64+0xbf/0x360
[ 104.539043] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.539054] RIP: 0033:0x7f0a37792b19
[ 104.539063] Code: Unable to access opcode bytes at 0x7f0a37792aef.
[ 104.539069] RSP: 002b:00007ffcc0f426b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 104.539080] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f0a37792b19
[ 104.539088] RDX: 00007f0a3774572b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 104.539095] RBP: 0000000000000000 R08: 0000001b2d223ddc R09: 0000000000000000
[ 104.539102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 104.539109] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffcc0f427a0
[ 104.539125]
[ 104.539129] kmemleak: Object (percpu) 0x607f1a633b80 (size 8):
[ 104.539136] kmemleak: comm "syz-executor.1", pid 4071, jiffies 4294771414
[ 104.539143] kmemleak: min_count = 1
[ 104.539147] kmemleak: count = 0
[ 104.539150] kmemleak: flags = 0x21
[ 104.539154] kmemleak: checksum = 0
[ 104.539158] kmemleak: backtrace:
[ 104.539162] pcpu_alloc_noprof+0x87a/0x1170
[ 104.539176] alloc_vfsmnt+0x135/0x6e0
[ 104.539190] vfs_create_mount.part.0+0x40/0x440
[ 104.539204] path_mount+0x1637/0x1dd0
[ 104.539216] __x64_sys_mount+0x27b/0x300
[ 104.539227] do_syscall_64+0xbf/0x360
[ 104.539235] entry_SYSCALL_64_after_hwframe+0x77/0x7f
08:20:43 executing program 7:
syz_mount_image$msdos(&(0x7f0000001280), &(0x7f00000012c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000024c0)={[{@dots}, {@fat=@dos1xfloppy}, {@fat=@debug}, {@fat=@umask}, {@fat=@discard}]})
08:20:43 executing program 6:
statx(0xffffffffffffff9c, 0x0, 0x0, 0xd0b83088af073d4b, 0x0)
08:20:43 executing program 0:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
flock(r2, 0x2)
flock(r0, 0x1)
08:20:43 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x6, 0x2, [{}, {}]}]}]}]}, 0x38}}, 0x0)
08:20:43 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0)
mknod(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0)
08:20:43 executing program 4:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0)
mknod(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0)
[ 104.632420] No source specified
08:20:43 executing program 0:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
flock(r2, 0x2)
flock(r0, 0x1)
08:20:43 executing program 7:
syz_mount_image$msdos(&(0x7f0000001280), &(0x7f00000012c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000024c0)={[{@dots}, {@fat=@dos1xfloppy}, {@fat=@debug}, {@fat=@umask}, {@fat=@discard}]})
[ 104.690872] ------------[ cut here ]------------
[ 104.691436] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#0: syz-executor.4/289
[ 104.692202] Modules linked in:
[ 104.692542] CPU: 0 UID: 0 PID: 289 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 104.694686] Tainted: [W]=WARN
[ 104.695425] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 104.697101] RIP: 0010:mntput_no_expire+0x78e/0xbe0
[ 104.698479] Code: 05 16 42 81 04 01 e8 31 f8 91 ff e9 41 fc ff ff e8 b7 50 b4 ff 31 ff 44 89 ee e8 dd 4b b4 ff 45 85 ed 79 09 e8 a3 50 b4 ff 90 <0f> 0b 90 e8 9a 50 b4 ff e8 75 f6 fb 02 31 ff 89 c5 89 c6 e8 ba 4b
[ 104.701879] RSP: 0018:ffff88801744fce0 EFLAGS: 00010293
[ 104.702965] RAX: 0000000000000000 RBX: 1ffff11002e89fa1 RCX: ffffffff81bf96d3
[ 104.703524] RDX: ffff88801b451b80 RSI: ffffffff81bf96dd RDI: 0000000000000005
[ 104.704108] RBP: ffff888016bd0c40 R08: 0000000000000001 R09: 0000000000000000
[ 104.704668] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff88801744fd48
[ 104.705248] R13: 00000000ffffffff R14: ffff888016bd0c40 R15: ffff888016bd0d28
[ 104.705827] FS: 000055558f0af400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 104.706454] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 104.706924] CR2: 00007ffe024cbf28 CR3: 000000003f03c000 CR4: 0000000000350ef0
[ 104.707482] Call Trace:
[ 104.707697]
[ 104.707906] ? __pfx_mntput_no_expire+0x10/0x10
[ 104.708286] ? dput.part.0+0xce/0x930
[ 104.708596] ? lock_release+0xc8/0x290
[ 104.708961] path_umount+0x6e0/0x1100
[ 104.709259] ? kmem_cache_free+0x2a1/0x540
[ 104.709608] ? __pfx_path_umount+0x10/0x10
[ 104.709971] ? putname.part.0+0x11b/0x160
[ 104.710312] __x64_sys_umount+0x15c/0x190
[ 104.710650] ? __pfx___x64_sys_umount+0x10/0x10
[ 104.711050] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 104.711476] do_syscall_64+0xbf/0x360
[ 104.711816] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.712238] RIP: 0033:0x7f07178abf87
[ 104.712539] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 104.714004] RSP: 002b:00007ffe024cc668 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 104.714614] RAX: ffffffffffffffda RBX: 0000000000000017 RCX: 00007f07178abf87
[ 104.715200] RDX: 00007ffe024cc73a RSI: 000000000000000a RDI: 00007ffe024cc730
[ 104.715822] RBP: 00007ffe024cc730 R08: 00000000ffffffff R09: 00007ffe024cc500
[ 104.716395] R10: 000055558f0b0c7b R11: 0000000000000246 R12: 00007f0717904105
[ 104.716987] R13: 00007ffe024cd7f0 R14: 000055558f0b0c20 R15: 00007ffe024cd830
[ 104.717565]
[ 104.717757] irq event stamp: 191125
[ 104.718070] hardirqs last enabled at (191135): [] __up_console_sem+0x78/0x80
[ 104.718769] hardirqs last disabled at (191142): [] __up_console_sem+0x5d/0x80
[ 104.719486] softirqs last enabled at (190958): [] handle_softirqs+0x50c/0x770
[ 104.720223] softirqs last disabled at (190947): [] __irq_exit_rcu+0xc4/0x100
[ 104.720936] ---[ end trace 0000000000000000 ]---
[ 104.729363] No source specified
08:20:43 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x6, 0x2, [{}, {}]}]}]}]}, 0x38}}, 0x0)
08:20:43 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
flock(r2, 0x2)
flock(r0, 0x1)
08:20:43 executing program 5:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
flock(r2, 0x2)
flock(r0, 0x1)
08:20:43 executing program 6:
statx(0xffffffffffffff9c, 0x0, 0x0, 0xd0b83088af073d4b, 0x0)
08:20:43 executing program 0:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
flock(r2, 0x2)
flock(r0, 0x1)
08:20:43 executing program 4:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0)
mknod(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0)
08:20:43 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0)
mknod(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0)
08:20:43 executing program 7:
syz_mount_image$msdos(&(0x7f0000001280), &(0x7f00000012c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000024c0)={[{@dots}, {@fat=@dos1xfloppy}, {@fat=@debug}, {@fat=@umask}, {@fat=@discard}]})
[ 104.782706] No source specified
08:20:43 executing program 6:
statx(0xffffffffffffff9c, 0x0, 0x0, 0xd0b83088af073d4b, 0x0)
08:20:43 executing program 5:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
flock(r2, 0x2)
flock(r0, 0x1)
08:20:43 executing program 7:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x40, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @ipv4}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @dev}]}, 0x40}}, 0x0)
08:20:44 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x6, 0x2, [{}, {}]}]}]}]}, 0x38}}, 0x0)
08:20:44 executing program 4:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0)
mknod(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0)
08:20:44 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
flock(r2, 0x2)
flock(r0, 0x1)
08:20:44 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0)
mknod(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0)
08:20:44 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x17, &(0x7f0000000100)=[@timestamp={0x3}, @window, @mss, @sack_perm], 0x4)
08:20:44 executing program 7:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x40, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @ipv4}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @dev}]}, 0x40}}, 0x0)
08:20:44 executing program 6:
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=@reiserfs_3={0xc}, 0x0, 0x2)
08:20:44 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0xc0189436, 0xfffffffffffffffd)
08:20:44 executing program 5:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
flock(r2, 0x2)
flock(r0, 0x1)
08:20:44 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x17, &(0x7f0000000100)=[@timestamp={0x3}, @window, @mss, @sack_perm], 0x4)
08:20:44 executing program 4:
r0 = io_uring_setup(0x5053, &(0x7f0000000140))
io_uring_register$IORING_REGISTER_FILES(r0, 0x9, &(0x7f0000000000), 0x0)
08:20:44 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
flock(r2, 0x2)
flock(r0, 0x1)
08:20:44 executing program 7:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x40, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @ipv4}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @dev}]}, 0x40}}, 0x0)
08:20:44 executing program 6:
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=@reiserfs_3={0xc}, 0x0, 0x2)
08:20:44 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000040))
wait4(0x0, 0x0, 0x0, 0x0)
[ 105.095350] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[ 105.096290] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 105.096976] CPU: 0 UID: 0 PID: 4132 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 105.097914] Tainted: [W]=WARN
[ 105.098163] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 105.098813] RIP: 0010:perf_tp_event+0x175/0xe70
[ 105.099201] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 105.100640] RSP: 0018:ffff888043f47780 EFLAGS: 00010012
[ 105.101062] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 105.101646] RDX: ffff88800a010000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 105.102223] RBP: ffff888043f479f0 R08: ffff88806ce31340 R09: ffffe8ffffc10b80
[ 105.102776] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 105.103329] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 105.103899] FS: 000055557051d400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 105.104545] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 105.105007] CR2: 00007fa75b5f8018 CR3: 000000001f901000 CR4: 0000000000350ef0
[ 105.105570] Call Trace:
[ 105.105791]
[ 105.105978] ? __lock_acquire+0x694/0x1b70
[ 105.106325] ? __pfx_perf_tp_event+0x10/0x10
[ 105.106689] ? __lock_acquire+0xc65/0x1b70
[ 105.107038] ? lock_acquire+0x15e/0x2f0
[ 105.107364] ? find_held_lock+0x2b/0x80
[ 105.107706] ? mark_held_locks+0x49/0x80
[ 105.108042] ? finish_task_switch.isra.0+0x206/0x840
[ 105.108463] ? trace_sched_exit_tp+0xbf/0x100
[ 105.108834] ? perf_trace_run_bpf_submit+0xef/0x180
[ 105.109242] ? __lock_acquire+0xc65/0x1b70
[ 105.109590] perf_trace_run_bpf_submit+0xef/0x180
[ 105.109989] perf_trace_preemptirq_template+0x259/0x430
[ 105.110428] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 105.110916] ? _raw_spin_lock_irqsave+0x53/0x60
[ 105.111301] trace_irq_disable.constprop.0+0xa6/0x100
[ 105.111726] _raw_spin_lock_irqsave+0x53/0x60
[ 105.112096] try_to_wake_up+0xa0/0x11d0
[ 105.112426] ? __pfx_try_to_wake_up+0x10/0x10
[ 105.112798] ? plist_del+0x122/0x270
[ 105.113105] ? find_held_lock+0x2b/0x80
[ 105.113433] ? futex_wake+0x474/0x540
[ 105.113753] wake_up_q+0xa1/0x130
08:20:44 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000040))
wait4(0x0, 0x0, 0x0, 0x0)
[ 105.114046] futex_wake+0x47e/0x540
[ 105.114491] ? __pfx_futex_wake+0x10/0x10
[ 105.114834] ? __handle_mm_fault+0x753/0x3260
[ 105.115207] ? __lock_acquire+0x694/0x1b70
[ 105.115552] do_futex+0x26d/0x370
[ 105.115855] ? __pfx_do_futex+0x10/0x10
[ 105.116182] ? find_held_lock+0x2b/0x80
[ 105.116516] __x64_sys_futex+0x1c9/0x4d0
08:20:44 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0xc0189436, 0xfffffffffffffffd)
[ 105.116854] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 105.117375] ? __pfx___x64_sys_futex+0x10/0x10
[ 105.117753] do_syscall_64+0xbf/0x360
[ 105.118066] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 105.118496] RIP: 0033:0x7f0a37792b19
[ 105.118801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 105.120269] RSP: 002b:00007ffcc0f42508 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 105.120895] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0a37792b19
[ 105.121484] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0a378a5f68
[ 105.122021] RBP: 00007f0a378a5f60 R08: 00007f0a378a20c0 R09: 0000000000000000
[ 105.122540] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0a378aa200
[ 105.123060] R13: 00007ffcc0f42610 R14: 00007f0a378a5f60 R15: 0000000000019a19
[ 105.123630]
[ 105.123828] Modules linked in:
[ 105.124093] ---[ end trace 0000000000000000 ]---
[ 105.124465] RIP: 0010:perf_tp_event+0x175/0xe70
[ 105.124835] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 105.126243] RSP: 0018:ffff888043f47780 EFLAGS: 00010012
[ 105.126658] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 105.127217] RDX: ffff88800a010000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 105.127781] RBP: ffff888043f479f0 R08: ffff88806ce31340 R09: ffffe8ffffc10b80
[ 105.128334] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 105.128889] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 105.129449] FS: 000055557051d400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 105.130062] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 105.130493] CR2: 00007fa75b5f8018 CR3: 000000001f901000 CR4: 0000000000350ef0
[ 105.131015] note: syz-executor.2[4132] exited with irqs disabled
[ 105.131520] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[ 105.132345] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 105.132982] CPU: 0 UID: 0 PID: 4132 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 105.133853] Tainted: [D]=DIE, [W]=WARN
[ 105.134138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 105.134736] RIP: 0010:perf_tp_event+0x175/0xe70
[ 105.135090] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 105.136417] RSP: 0018:ffff88806ce08ac0 EFLAGS: 00010012
[ 105.136815] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 105.137335] RDX: ffff88800a010000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 105.137855] RBP: ffff88806ce08d30 R08: ffff88806ce313e8 R09: ffffe8ffffc10b80
[ 105.138375] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 105.138895] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[ 105.139416] FS: 000055557051d400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 105.140015] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 105.140442] CR2: 00007fa75b5f8018 CR3: 000000001f901000 CR4: 0000000000350ef0
[ 105.140964] Call Trace:
[ 105.141159]
[ 105.141325] ? __smp_call_single_queue+0x15b/0x2f0
[ 105.141701] ? __pfx_perf_tp_event+0x10/0x10
[ 105.142037] ? trace_pelt_se_tp+0xdf/0x130
[ 105.142354] ? __update_load_avg_se+0x428/0xa40
[ 105.142715] ? __cgroup_account_cputime+0x30/0xc0
[ 105.143083] ? update_load_avg+0x17d/0x1ef0
[ 105.143403] ? update_cfs_group+0x11d/0x260
[ 105.143732] ? kvm_sched_clock_read+0x16/0x30
[ 105.144077] ? enqueue_task_fair+0xded/0x1e00
[ 105.144418] ? check_preempt_wakeup_fair+0x6e/0x950
[ 105.144792] ? wakeup_preempt+0x140/0x2a0
[ 105.145100] ? lock_release+0x1c7/0x290
[ 105.145399] ? lock_release+0x1c7/0x290
[ 105.145702] ? perf_trace_run_bpf_submit+0xef/0x180
[ 105.146080] perf_trace_run_bpf_submit+0xef/0x180
[ 105.146447] perf_trace_preemptirq_template+0x259/0x430
[ 105.146850] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 105.147290] ? lock_acquire+0x18c/0x2f0
[ 105.147591] ? irqentry_enter+0x2a/0x60
[ 105.147900] trace_irq_disable.constprop.0+0xa6/0x100
[ 105.148285] irqentry_enter+0x2a/0x60
[ 105.148577] common_interrupt+0x1d/0xd0
[ 105.148880] asm_common_interrupt+0x26/0x40
[ 105.149201] RIP: 0010:handle_softirqs+0x174/0x770
[ 105.149570] Code: c8 83 83 3c 0a 00 00 01 c7 44 24 20 0a 00 00 00 48 89 44 24 18 65 66 c7 05 0f 84 48 06 00 00 e8 42 80 40 00 fb bb ff ff ff ff <48> c7 c5 c0 c0 a0 85 41 0f bc de 83 c3 01 0f 85 9b 00 00 00 e9 8d
[ 105.150885] RSP: 0018:ffff88806ce08f78 EFLAGS: 00000246
[ 105.151276] RAX: 0000000000000001 RBX: 00000000ffffffff RCX: ffffffff817c2b86
[ 105.151806] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813bac2e
[ 105.152326] RBP: ffff888043f47e78 R08: 0000000000000000 R09: 0000000000000000
[ 105.152845] R10: ffffffff8643ac57 R11: ffff88801f255c98 R12: 0000000000000000
[ 105.153364] R13: 0000000000000000 R14: 0000000000000282 R15: 0000000000000000
[ 105.153932] ? trace_irq_enable.constprop.0+0x26/0x100
[ 105.154348] ? handle_softirqs+0x16e/0x770
[ 105.154711] ? handle_softirqs+0x16e/0x770
[ 105.155066] __irq_exit_rcu+0xc4/0x100
[ 105.155395] irq_exit_rcu+0x9/0x20
[ 105.155695] sysvec_apic_timer_interrupt+0x70/0x80
[ 105.156102]
[ 105.156289]
[ 105.156477] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 105.156902] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 105.157289] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[ 105.158766] RSP: 0018:ffff888043f47f28 EFLAGS: 00000246
[ 105.159197] RAX: 0000000000000001 RBX: ffff88800a010000 RCX: ffffffff817c2b86
[ 105.159779] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 105.160352] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[ 105.160926] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff88800a010000
[ 105.161499] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[ 105.162077] ? trace_irq_enable.constprop.0+0x26/0x100
[ 105.162505] ? make_task_dead+0x214/0x3b0
[ 105.162849] ? make_task_dead+0x214/0x3b0
[ 105.163198] ? do_syscall_64+0xbf/0x360
[ 105.163530] rewind_stack_and_make_dead+0x16/0x20
[ 105.163936] RIP: 0033:0x7f0a37792b19
[ 105.164237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 105.165696] RSP: 002b:00007ffcc0f42508 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 105.166310] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0a37792b19
[ 105.166880] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0a378a5f68
[ 105.167457] RBP: 00007f0a378a5f60 R08: 00007f0a378a20c0 R09: 0000000000000000
[ 105.168040] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0a378aa200
[ 105.168620] R13: 00007ffcc0f42610 R14: 00007f0a378a5f60 R15: 0000000000019a19
[ 105.169196]
[ 105.169389] Modules linked in:
[ 105.169653] ---[ end trace 0000000000000000 ]---
[ 105.170039] RIP: 0010:perf_tp_event+0x175/0xe70
[ 105.170428] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 105.171907] RSP: 0018:ffff888043f47780 EFLAGS: 00010012
[ 105.172343] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 105.172930] RDX: ffff88800a010000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 105.173509] RBP: ffff888043f479f0 R08: ffff88806ce31340 R09: ffffe8ffffc10b80
[ 105.174086] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 105.174663] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 105.175238] FS: 000055557051d400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 105.175910] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 105.176392] CR2: 00007fa75b5f8018 CR3: 000000001f901000 CR4: 0000000000350ef0
[ 105.176974] Kernel panic - not syncing: Fatal exception in interrupt
[ 105.177573] Kernel Offset: disabled
[ 105.177872] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
08:20:43 Registers:
info registers vcpu 0
RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88801744f618
R8 =0000000000000000 R9 =ffffed1001497046 R10=0000000000000030 R11=0000000000000001
R12=0000000000000030 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055558f0af400 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe4000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffe024cbf28 CR3=000000003f03c000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000ff000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff81b96dd8 RDX=ffff88801b905280
RSI=ffffffff81b96da3 RDI=0000000000000001 RBP=ffff88800f2afbe0 RSP=ffff88800f2afb50
R8 =0000000000000000 R9 =ffffed1003a10afe R10=0000000000000001 R11=0000000000000001
R12=ffff88800f2afcac R13=00000000000007cb R14=ffff88800f2afc70 R15=0000000000000001
RIP=ffffffff81b96da5 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555583d36400 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe6d00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fff1aa72ed8 CR3=000000003b23d000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000ff000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000