Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:36822' (ECDSA) to the list of known hosts. 2025/08/29 10:25:19 fuzzer started 2025/08/29 10:25:20 dialing manager at localhost:43077 syzkaller login: [ 51.383234] cgroup: Unknown subsys name 'net' [ 51.447366] cgroup: Unknown subsys name 'cpuset' [ 51.461855] cgroup: Unknown subsys name 'rlimit' 2025/08/29 10:25:29 syscalls: 2214 2025/08/29 10:25:29 code coverage: enabled 2025/08/29 10:25:29 comparison tracing: enabled 2025/08/29 10:25:29 extra coverage: enabled 2025/08/29 10:25:29 setuid sandbox: enabled 2025/08/29 10:25:29 namespace sandbox: enabled 2025/08/29 10:25:29 Android sandbox: enabled 2025/08/29 10:25:29 fault injection: enabled 2025/08/29 10:25:29 leak checking: enabled 2025/08/29 10:25:29 net packet injection: enabled 2025/08/29 10:25:29 net device setup: enabled 2025/08/29 10:25:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 10:25:29 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 10:25:29 USB emulation: enabled 2025/08/29 10:25:29 hci packet injection: enabled 2025/08/29 10:25:29 wifi device emulation: enabled 2025/08/29 10:25:29 802.15.4 emulation: enabled 2025/08/29 10:25:29 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 10:25:29 fetching corpus: 38, signal 18477/22056 (executing program) 2025/08/29 10:25:30 fetching corpus: 85, signal 33929/38791 (executing program) 2025/08/29 10:25:30 fetching corpus: 135, signal 40934/47149 (executing program) 2025/08/29 10:25:30 fetching corpus: 185, signal 47232/54602 (executing program) 2025/08/29 10:25:30 fetching corpus: 235, signal 52293/60762 (executing program) 2025/08/29 10:25:30 fetching corpus: 285, signal 56185/65722 (executing program) 2025/08/29 10:25:30 fetching corpus: 335, signal 60406/70925 (executing program) 2025/08/29 10:25:30 fetching corpus: 385, signal 63677/75186 (executing program) 2025/08/29 10:25:30 fetching corpus: 435, signal 67038/79465 (executing program) 2025/08/29 10:25:30 fetching corpus: 485, signal 70886/84111 (executing program) 2025/08/29 10:25:30 fetching corpus: 535, signal 74444/88417 (executing program) 2025/08/29 10:25:31 fetching corpus: 585, signal 76289/91115 (executing program) 2025/08/29 10:25:31 fetching corpus: 635, signal 79316/94807 (executing program) 2025/08/29 10:25:31 fetching corpus: 685, signal 81416/97616 (executing program) 2025/08/29 10:25:31 fetching corpus: 735, signal 83789/100704 (executing program) 2025/08/29 10:25:31 fetching corpus: 784, signal 87593/104813 (executing program) 2025/08/29 10:25:31 fetching corpus: 833, signal 89886/107672 (executing program) 2025/08/29 10:25:31 fetching corpus: 883, signal 92621/110797 (executing program) 2025/08/29 10:25:31 fetching corpus: 932, signal 94034/112823 (executing program) 2025/08/29 10:25:31 fetching corpus: 981, signal 95400/114828 (executing program) 2025/08/29 10:25:31 fetching corpus: 1031, signal 96769/116757 (executing program) 2025/08/29 10:25:32 fetching corpus: 1081, signal 98230/118707 (executing program) 2025/08/29 10:25:32 fetching corpus: 1129, signal 99385/120403 (executing program) 2025/08/29 10:25:32 fetching corpus: 1179, signal 101087/122477 (executing program) 2025/08/29 10:25:32 fetching corpus: 1228, signal 103413/124962 (executing program) 2025/08/29 10:25:32 fetching corpus: 1278, signal 104714/126641 (executing program) 2025/08/29 10:25:32 fetching corpus: 1328, signal 106206/128436 (executing program) 2025/08/29 10:25:32 fetching corpus: 1378, signal 107181/129902 (executing program) 2025/08/29 10:25:32 fetching corpus: 1428, signal 108344/131458 (executing program) 2025/08/29 10:25:32 fetching corpus: 1478, signal 109671/133080 (executing program) 2025/08/29 10:25:32 fetching corpus: 1528, signal 111666/135117 (executing program) 2025/08/29 10:25:33 fetching corpus: 1578, signal 113727/137214 (executing program) 2025/08/29 10:25:33 fetching corpus: 1628, signal 114865/138660 (executing program) 2025/08/29 10:25:33 fetching corpus: 1677, signal 116101/140117 (executing program) 2025/08/29 10:25:33 fetching corpus: 1727, signal 117557/141672 (executing program) 2025/08/29 10:25:33 fetching corpus: 1776, signal 118773/143011 (executing program) 2025/08/29 10:25:33 fetching corpus: 1826, signal 120291/144570 (executing program) 2025/08/29 10:25:33 fetching corpus: 1876, signal 121206/145712 (executing program) 2025/08/29 10:25:33 fetching corpus: 1926, signal 121956/146764 (executing program) 2025/08/29 10:25:33 fetching corpus: 1975, signal 122938/147946 (executing program) 2025/08/29 10:25:34 fetching corpus: 2025, signal 124027/149130 (executing program) 2025/08/29 10:25:34 fetching corpus: 2075, signal 124979/150230 (executing program) 2025/08/29 10:25:34 fetching corpus: 2125, signal 126014/151313 (executing program) 2025/08/29 10:25:34 fetching corpus: 2174, signal 126711/152262 (executing program) 2025/08/29 10:25:34 fetching corpus: 2224, signal 127247/153089 (executing program) 2025/08/29 10:25:34 fetching corpus: 2274, signal 127840/153937 (executing program) 2025/08/29 10:25:34 fetching corpus: 2324, signal 128666/154798 (executing program) 2025/08/29 10:25:34 fetching corpus: 2374, signal 130014/155932 (executing program) 2025/08/29 10:25:34 fetching corpus: 2424, signal 131100/156933 (executing program) 2025/08/29 10:25:34 fetching corpus: 2474, signal 131642/157647 (executing program) 2025/08/29 10:25:35 fetching corpus: 2524, signal 132509/158545 (executing program) 2025/08/29 10:25:35 fetching corpus: 2573, signal 133072/159266 (executing program) 2025/08/29 10:25:35 fetching corpus: 2623, signal 133706/159974 (executing program) 2025/08/29 10:25:35 fetching corpus: 2673, signal 134401/160747 (executing program) 2025/08/29 10:25:35 fetching corpus: 2723, signal 135013/161445 (executing program) 2025/08/29 10:25:35 fetching corpus: 2773, signal 135719/162201 (executing program) 2025/08/29 10:25:35 fetching corpus: 2822, signal 136724/163002 (executing program) 2025/08/29 10:25:35 fetching corpus: 2872, signal 137594/163732 (executing program) 2025/08/29 10:25:35 fetching corpus: 2922, signal 138416/164454 (executing program) 2025/08/29 10:25:35 fetching corpus: 2971, signal 138995/165040 (executing program) 2025/08/29 10:25:35 fetching corpus: 3021, signal 139540/165648 (executing program) 2025/08/29 10:25:35 fetching corpus: 3071, signal 140053/166188 (executing program) 2025/08/29 10:25:36 fetching corpus: 3121, signal 140717/166789 (executing program) 2025/08/29 10:25:36 fetching corpus: 3171, signal 141665/167513 (executing program) 2025/08/29 10:25:36 fetching corpus: 3221, signal 142199/168046 (executing program) 2025/08/29 10:25:36 fetching corpus: 3271, signal 142668/168544 (executing program) 2025/08/29 10:25:36 fetching corpus: 3321, signal 143170/169054 (executing program) 2025/08/29 10:25:36 fetching corpus: 3371, signal 143781/169598 (executing program) 2025/08/29 10:25:36 fetching corpus: 3421, signal 144267/170085 (executing program) 2025/08/29 10:25:36 fetching corpus: 3471, signal 145031/170586 (executing program) 2025/08/29 10:25:36 fetching corpus: 3521, signal 145507/171114 (executing program) 2025/08/29 10:25:37 fetching corpus: 3571, signal 146387/171633 (executing program) 2025/08/29 10:25:37 fetching corpus: 3621, signal 146931/172052 (executing program) 2025/08/29 10:25:37 fetching corpus: 3671, signal 147453/172509 (executing program) 2025/08/29 10:25:37 fetching corpus: 3721, signal 148087/172964 (executing program) 2025/08/29 10:25:37 fetching corpus: 3771, signal 150236/173641 (executing program) 2025/08/29 10:25:37 fetching corpus: 3821, signal 150855/174044 (executing program) 2025/08/29 10:25:37 fetching corpus: 3871, signal 151335/174404 (executing program) 2025/08/29 10:25:37 fetching corpus: 3921, signal 151764/174769 (executing program) 2025/08/29 10:25:37 fetching corpus: 3971, signal 152696/175119 (executing program) 2025/08/29 10:25:37 fetching corpus: 4021, signal 153120/175418 (executing program) 2025/08/29 10:25:38 fetching corpus: 4071, signal 153547/175725 (executing program) 2025/08/29 10:25:38 fetching corpus: 4121, signal 154142/176006 (executing program) 2025/08/29 10:25:38 fetching corpus: 4171, signal 154673/176286 (executing program) 2025/08/29 10:25:38 fetching corpus: 4221, signal 155318/176550 (executing program) 2025/08/29 10:25:38 fetching corpus: 4271, signal 155826/176567 (executing program) 2025/08/29 10:25:38 fetching corpus: 4321, signal 156313/176664 (executing program) 2025/08/29 10:25:38 fetching corpus: 4370, signal 156734/176664 (executing program) 2025/08/29 10:25:38 fetching corpus: 4420, signal 157418/176680 (executing program) 2025/08/29 10:25:38 fetching corpus: 4470, signal 157925/176802 (executing program) 2025/08/29 10:25:38 fetching corpus: 4520, signal 158458/176813 (executing program) 2025/08/29 10:25:38 fetching corpus: 4570, signal 158954/176846 (executing program) 2025/08/29 10:25:39 fetching corpus: 4620, signal 159623/176852 (executing program) 2025/08/29 10:25:39 fetching corpus: 4670, signal 159992/176905 (executing program) 2025/08/29 10:25:39 fetching corpus: 4720, signal 160610/176907 (executing program) 2025/08/29 10:25:39 fetching corpus: 4769, signal 161016/176961 (executing program) 2025/08/29 10:25:39 fetching corpus: 4818, signal 161352/176974 (executing program) 2025/08/29 10:25:39 fetching corpus: 4868, signal 161831/176983 (executing program) 2025/08/29 10:25:39 fetching corpus: 4918, signal 162263/176988 (executing program) 2025/08/29 10:25:39 fetching corpus: 4968, signal 162839/176997 (executing program) 2025/08/29 10:25:39 fetching corpus: 5018, signal 163242/177004 (executing program) 2025/08/29 10:25:39 fetching corpus: 5068, signal 163655/177055 (executing program) 2025/08/29 10:25:40 fetching corpus: 5118, signal 164110/177084 (executing program) 2025/08/29 10:25:40 fetching corpus: 5168, signal 164556/177089 (executing program) 2025/08/29 10:25:40 fetching corpus: 5218, signal 164886/177107 (executing program) 2025/08/29 10:25:40 fetching corpus: 5268, signal 165181/177110 (executing program) 2025/08/29 10:25:40 fetching corpus: 5318, signal 165818/177214 (executing program) 2025/08/29 10:25:40 fetching corpus: 5368, signal 166101/177243 (executing program) 2025/08/29 10:25:40 fetching corpus: 5417, signal 166462/177246 (executing program) 2025/08/29 10:25:40 fetching corpus: 5467, signal 166814/177250 (executing program) 2025/08/29 10:25:40 fetching corpus: 5516, signal 167206/177270 (executing program) 2025/08/29 10:25:40 fetching corpus: 5566, signal 167795/177303 (executing program) 2025/08/29 10:25:40 fetching corpus: 5616, signal 168172/177303 (executing program) 2025/08/29 10:25:41 fetching corpus: 5666, signal 168812/177318 (executing program) 2025/08/29 10:25:41 fetching corpus: 5716, signal 169217/177339 (executing program) 2025/08/29 10:25:41 fetching corpus: 5766, signal 169553/177364 (executing program) 2025/08/29 10:25:41 fetching corpus: 5816, signal 169913/177366 (executing program) 2025/08/29 10:25:41 fetching corpus: 5866, signal 170219/177377 (executing program) 2025/08/29 10:25:41 fetching corpus: 5916, signal 170713/177385 (executing program) 2025/08/29 10:25:41 fetching corpus: 5966, signal 170967/177402 (executing program) 2025/08/29 10:25:41 fetching corpus: 6016, signal 171235/177411 (executing program) 2025/08/29 10:25:41 fetching corpus: 6066, signal 171661/177411 (executing program) 2025/08/29 10:25:41 fetching corpus: 6116, signal 171879/177420 (executing program) 2025/08/29 10:25:41 fetching corpus: 6166, signal 172228/177421 (executing program) 2025/08/29 10:25:41 fetching corpus: 6216, signal 172582/177427 (executing program) 2025/08/29 10:25:42 fetching corpus: 6266, signal 172901/177465 (executing program) 2025/08/29 10:25:42 fetching corpus: 6316, signal 173150/177472 (executing program) 2025/08/29 10:25:42 fetching corpus: 6366, signal 173530/177474 (executing program) 2025/08/29 10:25:42 fetching corpus: 6416, signal 173924/177479 (executing program) 2025/08/29 10:25:42 fetching corpus: 6466, signal 174308/177486 (executing program) 2025/08/29 10:25:42 fetching corpus: 6516, signal 174611/177495 (executing program) 2025/08/29 10:25:42 fetching corpus: 6566, signal 175112/177495 (executing program) 2025/08/29 10:25:42 fetching corpus: 6585, signal 175237/177506 (executing program) 2025/08/29 10:25:42 fetching corpus: 6585, signal 175237/177506 (executing program) 2025/08/29 10:25:44 starting 8 fuzzer processes 10:25:44 executing program 0: r0 = memfd_create(&(0x7f0000001280)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000080)=':^/\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x10) copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0) 10:25:44 executing program 5: ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'}) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x202) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f00000001c0)={0x0, 0x2, {0x3, 0x2, 0x2, 0x0, 0x4}, 0x4f}) 10:25:44 executing program 7: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) write$binfmt_aout(r0, &(0x7f0000000000)={{0x108}}, 0x20) 10:25:44 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000002880)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:25:44 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) sendmmsg$inet6(r2, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)='1', 0x1}], 0x1}}], 0x1, 0x159909a46ddc7bc9) 10:25:44 executing program 2: r0 = gettid() waitid(0x2, r0, 0x0, 0x2, 0x0) [ 75.879839] audit: type=1400 audit(1756463144.766:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:25:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) 10:25:44 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, 0x0, 0x0) [ 76.983281] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.985610] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.988609] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.992418] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.995122] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.106758] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.108909] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.110544] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.121189] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.125426] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.195795] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.201316] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.204616] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.208549] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.212305] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.218537] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.222765] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 77.225166] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.234339] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 77.235918] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.238750] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 77.252454] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 77.253595] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 77.256695] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.257540] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.261046] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.262585] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 77.277369] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 77.283755] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 77.298338] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 77.301064] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 77.308530] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 77.312038] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 77.315054] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 77.319192] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 77.324467] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 77.327906] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 77.330207] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 77.346338] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 77.385123] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 79.019180] Bluetooth: hci0: command tx timeout [ 79.211261] Bluetooth: hci1: command tx timeout [ 79.275031] Bluetooth: hci3: command tx timeout [ 79.338766] Bluetooth: hci4: command tx timeout [ 79.339274] Bluetooth: hci2: command tx timeout [ 79.402895] Bluetooth: hci5: command tx timeout [ 79.403459] Bluetooth: hci7: command tx timeout [ 79.467295] Bluetooth: hci6: command tx timeout [ 81.066503] Bluetooth: hci0: command tx timeout [ 81.258066] Bluetooth: hci1: command tx timeout [ 81.321991] Bluetooth: hci3: command tx timeout [ 81.386062] Bluetooth: hci4: command tx timeout [ 81.386459] Bluetooth: hci2: command tx timeout [ 81.451224] Bluetooth: hci5: command tx timeout [ 81.451618] Bluetooth: hci7: command tx timeout [ 81.513992] Bluetooth: hci6: command tx timeout [ 83.114016] Bluetooth: hci0: command tx timeout [ 83.306962] Bluetooth: hci1: command tx timeout [ 83.370458] Bluetooth: hci3: command tx timeout [ 83.434024] Bluetooth: hci4: command tx timeout [ 83.434397] Bluetooth: hci2: command tx timeout [ 83.498031] Bluetooth: hci5: command tx timeout [ 83.498413] Bluetooth: hci7: command tx timeout [ 83.562087] Bluetooth: hci6: command tx timeout [ 85.162131] Bluetooth: hci0: command tx timeout [ 85.354005] Bluetooth: hci1: command tx timeout [ 85.418036] Bluetooth: hci3: command tx timeout [ 85.482001] Bluetooth: hci2: command tx timeout [ 85.482397] Bluetooth: hci4: command tx timeout [ 85.545988] Bluetooth: hci7: command tx timeout [ 85.546387] Bluetooth: hci5: command tx timeout [ 85.609986] Bluetooth: hci6: command tx timeout [ 113.341066] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.341739] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.649531] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.650642] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.034451] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.035212] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.126884] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.127848] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.227946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.228573] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.407726] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.408394] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.521531] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.522203] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.535081] loop1: detected capacity change from 0 to 240 [ 114.693359] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.694027] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.825024] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.825658] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.918258] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.918907] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.973405] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.974044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.035488] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.036362] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.098676] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.099309] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.164522] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.165180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.277597] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.278819] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.364730] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.365835] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:26:24 executing program 5: ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'}) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x202) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f00000001c0)={0x0, 0x2, {0x3, 0x2, 0x2, 0x0, 0x4}, 0x4f}) 10:26:24 executing program 2: r0 = gettid() waitid(0x2, r0, 0x0, 0x2, 0x0) 10:26:24 executing program 0: r0 = memfd_create(&(0x7f0000001280)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000080)=':^/\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x10) copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0) 10:26:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) 10:26:24 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, 0x0, 0x0) 10:26:24 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) sendmmsg$inet6(r2, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)='1', 0x1}], 0x1}}], 0x1, 0x159909a46ddc7bc9) 10:26:24 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000002880)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:26:24 executing program 7: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) write$binfmt_aout(r0, &(0x7f0000000000)={{0x108}}, 0x20) [ 115.526676] loop1: detected capacity change from 0 to 240 10:26:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) 10:26:24 executing program 5: ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'}) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x202) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f00000001c0)={0x0, 0x2, {0x3, 0x2, 0x2, 0x0, 0x4}, 0x4f}) 10:26:24 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, 0x0, 0x0) 10:26:24 executing program 0: r0 = memfd_create(&(0x7f0000001280)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000080)=':^/\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x10) copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0) 10:26:24 executing program 2: r0 = gettid() waitid(0x2, r0, 0x0, 0x2, 0x0) 10:26:24 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) sendmmsg$inet6(r2, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)='1', 0x1}], 0x1}}], 0x1, 0x159909a46ddc7bc9) 10:26:24 executing program 7: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) write$binfmt_aout(r0, &(0x7f0000000000)={{0x108}}, 0x20) 10:26:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) 10:26:24 executing program 2: r0 = gettid() waitid(0x2, r0, 0x0, 0x2, 0x0) 10:26:24 executing program 5: ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'}) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x202) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f00000001c0)={0x0, 0x2, {0x3, 0x2, 0x2, 0x0, 0x4}, 0x4f}) 10:26:24 executing program 0: r0 = memfd_create(&(0x7f0000001280)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000080)=':^/\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x10) copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0) 10:26:24 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, 0x0, 0x0) 10:26:24 executing program 7: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) write$binfmt_aout(r0, &(0x7f0000000000)={{0x108}}, 0x20) 10:26:24 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) sendmmsg$inet6(r2, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)='1', 0x1}], 0x1}}], 0x1, 0x159909a46ddc7bc9) 10:26:24 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000002880)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 115.807827] loop1: detected capacity change from 0 to 240 [ 115.845133] kmemleak: Found object by alias at 0x607f1a6394c4 [ 115.845149] CPU: 0 UID: 0 PID: 3936 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.845167] Tainted: [W]=WARN [ 115.845170] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.845177] Call Trace: [ 115.845181] [ 115.845186] dump_stack_lvl+0xca/0x120 [ 115.845211] __lookup_object+0x94/0xb0 [ 115.845227] delete_object_full+0x27/0x70 [ 115.845242] free_percpu+0x30/0x1160 [ 115.845258] ? arch_uprobe_clear_state+0x16/0x140 [ 115.845278] futex_hash_free+0x38/0xc0 [ 115.845292] mmput+0x2d3/0x390 [ 115.845310] do_exit+0x79d/0x2970 [ 115.845323] ? lock_release+0xc8/0x290 [ 115.845339] ? __pfx_do_exit+0x10/0x10 [ 115.845352] ? find_held_lock+0x2b/0x80 [ 115.845369] ? get_signal+0x835/0x2340 [ 115.845388] do_group_exit+0xd3/0x2a0 [ 115.845403] get_signal+0x2315/0x2340 [ 115.845422] ? __asan_memset+0x24/0x50 [ 115.845436] ? __pfx_get_signal+0x10/0x10 [ 115.845452] ? do_futex+0x135/0x370 [ 115.845465] ? __pfx_do_futex+0x10/0x10 [ 115.845476] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 115.845492] arch_do_signal_or_restart+0x80/0x790 [ 115.845509] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 115.845525] ? __x64_sys_futex+0x1c9/0x4d0 [ 115.845536] ? __x64_sys_futex+0x1d2/0x4d0 [ 115.845551] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.845564] ? __sys_getsockopt+0x146/0x1b0 [ 115.845583] exit_to_user_mode_loop+0x8b/0x110 [ 115.845596] do_syscall_64+0x2f7/0x360 [ 115.845608] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.845619] RIP: 0033:0x7f1cbdd91b19 [ 115.845628] Code: Unable to access opcode bytes at 0x7f1cbdd91aef. [ 115.845633] RSP: 002b:00007f1cbb307218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.845643] RAX: fffffffffffffe00 RBX: 00007f1cbdea4f68 RCX: 00007f1cbdd91b19 [ 115.845651] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1cbdea4f68 [ 115.845657] RBP: 00007f1cbdea4f60 R08: 0000000000000000 R09: 0000000000000000 [ 115.845664] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1cbdea4f6c [ 115.845671] R13: 00007ffeed0e2e3f R14: 00007f1cbb307300 R15: 0000000000022000 [ 115.845686] [ 115.845690] kmemleak: Object (percpu) 0x607f1a6394c0 (size 8): [ 115.845696] kmemleak: comm "syz-executor.1", pid 3942, jiffies 4294782486 [ 115.845703] kmemleak: min_count = 1 [ 115.845706] kmemleak: count = 0 [ 115.845710] kmemleak: flags = 0x21 [ 115.845714] kmemleak: checksum = 0 [ 115.845717] kmemleak: backtrace: [ 115.845721] pcpu_alloc_noprof+0x87a/0x1170 [ 115.845735] alloc_vfsmnt+0x135/0x6e0 [ 115.845748] clone_mnt+0x6c/0xb70 [ 115.845762] copy_tree+0x105/0xaf0 [ 115.845771] copy_mnt_ns+0x1ab/0xab0 [ 115.845781] create_new_namespaces+0xd6/0xab0 [ 115.845797] copy_namespaces+0x45c/0x580 [ 115.845812] copy_process+0x2649/0x73c0 [ 115.845821] kernel_clone+0xea/0x7f0 [ 115.845831] __do_sys_clone3+0x1f5/0x280 [ 115.845840] do_syscall_64+0xbf/0x360 [ 115.845849] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:26:24 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) sendmmsg$inet6(r2, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)='1', 0x1}], 0x1}}], 0x1, 0x159909a46ddc7bc9) 10:26:24 executing program 7: r0 = memfd_create(&(0x7f0000001280)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000080)=':^/\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x10) copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0) [ 115.890237] kmemleak: Cannot insert 0x607f1a6394c4 into the object search tree (overlaps existing) [ 115.890253] CPU: 0 UID: 0 PID: 3942 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 115.890272] Tainted: [W]=WARN [ 115.890275] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.890282] Call Trace: [ 115.890286] [ 115.890291] dump_stack_lvl+0xca/0x120 [ 115.890313] __link_object+0x190/0x210 [ 115.890331] __create_object+0x48/0x80 [ 115.890348] pcpu_alloc_noprof+0x87a/0x1170 [ 115.890372] __percpu_counter_init_many+0x44/0x360 [ 115.890390] ip6_route_net_init+0x51/0x500 [ 115.890405] ? __pfx_ip6_route_net_init+0x10/0x10 [ 115.890419] ops_init+0x1e1/0x650 [ 115.890440] setup_net+0x10d/0x320 [ 115.890457] ? lockdep_init_map_type+0x4b/0x240 [ 115.890472] ? __pfx_setup_net+0x10/0x10 [ 115.890491] ? debug_mutex_init+0x37/0x70 [ 115.890510] copy_net_ns+0x2e3/0x650 [ 115.890523] create_new_namespaces+0x3f6/0xab0 [ 115.890546] copy_namespaces+0x45c/0x580 [ 115.890564] copy_process+0x2649/0x73c0 [ 115.890576] ? lock_release+0xc8/0x290 [ 115.890597] ? __pfx_copy_process+0x10/0x10 [ 115.890609] ? __might_fault+0xe0/0x190 [ 115.890626] ? _copy_from_user+0x5b/0xd0 [ 115.890643] kernel_clone+0xea/0x7f0 [ 115.890657] ? __pfx_kernel_clone+0x10/0x10 [ 115.890674] ? __pfx_futex_wake+0x10/0x10 [ 115.890694] __do_sys_clone3+0x1f5/0x280 [ 115.890706] ? __pfx___do_sys_clone3+0x10/0x10 [ 115.890718] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 115.890744] ? __x64_sys_futex+0x1c9/0x4d0 [ 115.890756] ? __x64_sys_futex+0x1d2/0x4d0 [ 115.890770] ? fput_close_sync+0x114/0x240 [ 115.890787] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.890800] ? __pfx_fput_close_sync+0x10/0x10 [ 115.890816] ? dnotify_flush+0x79/0x4c0 [ 115.890829] ? xfd_validate_state+0x55/0x180 [ 115.890854] do_syscall_64+0xbf/0x360 [ 115.890866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.890878] RIP: 0033:0x7f6425123b19 [ 115.890887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.890898] RSP: 002b:00007f6422699188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 115.890909] RAX: ffffffffffffffda RBX: 00007f6425236f60 RCX: 00007f6425123b19 [ 115.890917] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200002c0 [ 115.890929] RBP: 00007f642517df6d R08: 0000000000000000 R09: 0000000000000000 [ 115.890936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.890943] R13: 00007ffc95d9da6f R14: 00007f6422699300 R15: 0000000000022000 [ 115.890959] [ 115.891614] kmemleak: Kernel memory leak detector disabled [ 115.891618] kmemleak: Object (percpu) 0x607f1a6394c0 (size 8): [ 115.891625] kmemleak: comm "syz-executor.1", pid 3942, jiffies 4294782486 [ 115.891632] kmemleak: min_count = 1 [ 115.891636] kmemleak: count = 0 [ 115.891640] kmemleak: flags = 0x21 [ 115.891643] kmemleak: checksum = 0 [ 115.891647] kmemleak: backtrace: [ 115.891650] pcpu_alloc_noprof+0x87a/0x1170 [ 115.891666] alloc_vfsmnt+0x135/0x6e0 [ 115.891679] clone_mnt+0x6c/0xb70 [ 115.891693] copy_tree+0x105/0xaf0 [ 115.891703] copy_mnt_ns+0x1ab/0xab0 [ 115.891714] create_new_namespaces+0xd6/0xab0 [ 115.891730] copy_namespaces+0x45c/0x580 [ 115.891745] copy_process+0x2649/0x73c0 [ 115.891755] kernel_clone+0xea/0x7f0 [ 115.891765] __do_sys_clone3+0x1f5/0x280 [ 115.891775] do_syscall_64+0xbf/0x360 [ 115.891784] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:26:24 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000002880)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:26:24 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) sendmmsg$inet6(r2, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)='1', 0x1}], 0x1}}], 0x1, 0x159909a46ddc7bc9) [ 115.942081] loop6: detected capacity change from 0 to 240 [ 116.020906] kmemleak: Found object by alias at 0x607f1a6394c4 [ 116.020930] CPU: 0 UID: 0 PID: 65 Comm: kworker/u8:1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.020948] Tainted: [W]=WARN [ 116.020951] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.020959] Workqueue: netns cleanup_net [ 116.020976] Call Trace: [ 116.020980] [ 116.020984] dump_stack_lvl+0xca/0x120 [ 116.021005] __lookup_object+0x94/0xb0 [ 116.021022] delete_object_full+0x27/0x70 [ 116.021038] free_percpu+0x30/0x1160 [ 116.021058] percpu_counter_destroy_many+0x188/0x2b0 [ 116.021077] ? __pfx_ip6_route_net_exit+0x10/0x10 [ 116.021095] ops_undo_list+0x2d5/0xa50 [ 116.021115] ? __pfx_ops_undo_list+0x10/0x10 [ 116.021132] ? lock_release+0xc8/0x290 [ 116.021146] ? idr_destroy+0x62/0x2c0 [ 116.021163] cleanup_net+0x38d/0x770 [ 116.021173] ? lock_acquire+0x15e/0x2f0 [ 116.021186] ? __pfx_cleanup_net+0x10/0x10 [ 116.021198] ? lock_release+0xc8/0x290 [ 116.021213] process_one_work+0x8e1/0x19c0 [ 116.021235] ? __pfx_process_one_work+0x10/0x10 [ 116.021248] ? move_linked_works+0x172/0x270 [ 116.021269] ? assign_work+0x196/0x240 [ 116.021283] worker_thread+0x67e/0xe90 [ 116.021297] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 116.021314] ? __pfx_worker_thread+0x10/0x10 [ 116.021328] kthread+0x3c8/0x740 [ 116.021341] ? __pfx_kthread+0x10/0x10 [ 116.021352] ? ret_from_fork+0x23/0x430 [ 116.021370] ? lock_release+0xc8/0x290 [ 116.021383] ? __pfx_kthread+0x10/0x10 [ 116.021396] ret_from_fork+0x34b/0x430 [ 116.021412] ? __pfx_kthread+0x10/0x10 [ 116.021424] ret_from_fork_asm+0x1a/0x30 [ 116.021448] [ 116.021452] kmemleak: Object (percpu) 0x607f1a6394c0 (size 8): [ 116.021459] kmemleak: comm "syz-executor.1", pid 3942, jiffies 4294782486 [ 116.021466] kmemleak: min_count = 1 [ 116.021469] kmemleak: count = 0 [ 116.021473] kmemleak: flags = 0x21 [ 116.021476] kmemleak: checksum = 0 [ 116.021480] kmemleak: backtrace: [ 116.021484] pcpu_alloc_noprof+0x87a/0x1170 [ 116.021498] alloc_vfsmnt+0x135/0x6e0 [ 116.021512] clone_mnt+0x6c/0xb70 [ 116.021526] copy_tree+0x105/0xaf0 [ 116.021535] copy_mnt_ns+0x1ab/0xab0 [ 116.021546] create_new_namespaces+0xd6/0xab0 [ 116.021561] copy_namespaces+0x45c/0x580 [ 116.021575] copy_process+0x2649/0x73c0 [ 116.021586] kernel_clone+0xea/0x7f0 [ 116.021596] __do_sys_clone3+0x1f5/0x280 [ 116.021606] do_syscall_64+0xbf/0x360 [ 116.021615] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:26:24 executing program 7: r0 = memfd_create(&(0x7f0000001280)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000080)=':^/\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x10) copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0) 10:26:24 executing program 5: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000400)=@file={0x1, './file0\x00'}, 0x6e) connect$unix(r0, &(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e) recvmmsg$unix(r0, &(0x7f0000006240)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) connect$unix(r0, &(0x7f0000003b00)=@abs, 0x6e) 10:26:24 executing program 4: creat(&(0x7f0000000080)='./file0\x00', 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x7f) truncate(&(0x7f0000000100)='./file0\x00', 0xe) 10:26:24 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0) 10:26:24 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000002880)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:26:24 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="24000000020105090000000000000000000000000800034000000002080019"], 0x24}}, 0x0) 10:26:24 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) sendmmsg$inet6(r2, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)='1', 0x1}], 0x1}}], 0x1, 0x159909a46ddc7bc9) 10:26:24 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000002880)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 116.046028] ------------[ cut here ]------------ [ 116.046537] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#0: syz-executor.1/285 [ 116.047321] Modules linked in: [ 116.047639] CPU: 0 UID: 0 PID: 285 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.049732] Tainted: [W]=WARN [ 116.050468] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.052089] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 116.053537] Code: 05 16 42 81 04 01 e8 31 f8 91 ff e9 41 fc ff ff e8 b7 50 b4 ff 31 ff 44 89 ee e8 dd 4b b4 ff 45 85 ed 79 09 e8 a3 50 b4 ff 90 <0f> 0b 90 e8 9a 50 b4 ff e8 75 f6 fb 02 31 ff 89 c5 89 c6 e8 ba 4b [ 116.056937] RSP: 0018:ffff888015d57ce0 EFLAGS: 00010293 [ 116.057375] RAX: 0000000000000000 RBX: 1ffff11002baafa1 RCX: ffffffff81bf96d3 [ 116.057971] RDX: ffff888014920000 RSI: ffffffff81bf96dd RDI: 0000000000000005 [ 116.058563] RBP: ffff88801fca9500 R08: 0000000000000001 R09: 0000000000000000 [ 116.059166] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff888015d57d48 [ 116.059740] R13: 00000000ffffffff R14: ffff88801fca9500 R15: ffff88801fca95e8 [ 116.060343] FS: 000055556b3eb400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 116.061006] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.061480] CR2: 00007f9e452de000 CR3: 0000000042c93000 CR4: 0000000000350ef0 [ 116.062075] Call Trace: [ 116.062307] [ 116.062499] ? __pfx_mntput_no_expire+0x10/0x10 [ 116.062890] ? dput.part.0+0xce/0x930 [ 116.063233] ? lock_release+0xc8/0x290 [ 116.063569] path_umount+0x6e0/0x1100 [ 116.063886] ? kmem_cache_free+0x2a1/0x540 [ 116.064258] ? __pfx_path_umount+0x10/0x10 [ 116.064612] ? putname.part.0+0x11b/0x160 [ 116.064980] __x64_sys_umount+0x15c/0x190 [ 116.065327] ? __pfx___x64_sys_umount+0x10/0x10 [ 116.065713] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 116.066213] do_syscall_64+0xbf/0x360 [ 116.066543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.067001] RIP: 0033:0x7f6425124f87 [ 116.067319] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 116.068852] RSP: 002b:00007ffc95d9cbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 116.069507] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007f6425124f87 [ 116.070133] RDX: 00007ffc95d9cc89 RSI: 000000000000000a RDI: 00007ffc95d9cc80 [ 116.070724] RBP: 00007ffc95d9cc80 R08: 00000000ffffffff R09: 00007ffc95d9ca50 [ 116.071350] R10: 000055556b3ecc7b R11: 0000000000000246 R12: 00007f642517d105 [ 116.071965] R13: 00007ffc95d9dd40 R14: 000055556b3ecc20 R15: 00007ffc95d9dd80 [ 116.072576] [ 116.072777] irq event stamp: 166481 [ 116.073105] hardirqs last enabled at (166491): [] __up_console_sem+0x78/0x80 [ 116.073834] hardirqs last disabled at (166498): [] __up_console_sem+0x5d/0x80 [ 116.074627] softirqs last enabled at (166512): [] handle_softirqs+0x50c/0x770 [ 116.075394] softirqs last disabled at (166507): [] __irq_exit_rcu+0xc4/0x100 [ 116.076202] ---[ end trace 0000000000000000 ]--- [ 116.095522] loop6: detected capacity change from 0 to 240 [ 116.123988] audit: type=1400 audit(1756463185.002:8): avc: denied { open } for pid=3963 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 10:26:25 executing program 7: r0 = memfd_create(&(0x7f0000001280)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000080)=':^/\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x10) copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0) 10:26:25 executing program 4: creat(&(0x7f0000000080)='./file0\x00', 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x7f) truncate(&(0x7f0000000100)='./file0\x00', 0xe) [ 116.134824] audit: type=1400 audit(1756463185.002:9): avc: denied { kernel } for pid=3963 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 10:26:25 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="24000000020105090000000000000000000000000800034000000002080019"], 0x24}}, 0x0) [ 116.162586] loop1: detected capacity change from 0 to 240 10:26:25 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_int(r0, 0x1, 0x10, 0x0, &(0x7f0000000280)) [ 116.170231] ------------[ cut here ]------------ [ 116.170710] WARNING: fs/namespace.c:1375 at cleanup_mnt+0x33f/0x430, CPU#1: syz-executor.6/3974 [ 116.171510] Modules linked in: [ 116.171897] CPU: 1 UID: 0 PID: 3974 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.172860] Tainted: [W]=WARN [ 116.173131] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.173776] RIP: 0010:cleanup_mnt+0x33f/0x430 [ 116.174183] Code: c7 a0 45 d1 85 e8 01 7c fa 02 49 8d 7d 40 5b 48 c7 c6 10 e2 be 81 5d 41 5c 41 5d 41 5e 41 5f e9 57 b3 9c ff e8 82 46 b4 ff 90 <0f> 0b 90 e9 e6 fc ff ff e8 74 46 b4 ff 4c 89 ef e8 6c d7 06 00 e9 [ 116.175627] RSP: 0018:ffff88801bec7af8 EFLAGS: 00010293 [ 116.176074] RAX: 0000000000000000 RBX: 0000000000000008 RCX: ffffffff81bf9de5 [ 116.176628] RDX: ffff88800ef88000 RSI: ffffffff81bfa0fe RDI: 0000000000000005 [ 116.177214] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 116.177778] R10: 0000000000000008 R11: 0000000000000001 R12: ffff88800ef888d8 [ 116.178369] R13: ffff88801e701c00 R14: 0000000000000001 R15: ffff88801e701c40 [ 116.178955] FS: 0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 116.179581] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.180066] CR2: ffffffffffffffb8 CR3: 00000000364cb000 CR4: 0000000000350ef0 [ 116.180627] Call Trace: [ 116.180836] [ 116.181077] task_work_run+0x172/0x280 [ 116.181404] ? __pfx_task_work_run+0x10/0x10 [ 116.181773] do_exit+0x846/0x2970 [ 116.182085] ? kmem_cache_free+0x33a/0x540 [ 116.182439] ? proc_coredump_connector+0x2bf/0x4e0 [ 116.182831] ? __pfx_do_exit+0x10/0x10 [ 116.183188] ? find_held_lock+0x2b/0x80 [ 116.183518] ? get_signal+0x1a05/0x2340 [ 116.183849] do_group_exit+0xd3/0x2a0 [ 116.184187] get_signal+0x2315/0x2340 [ 116.184517] ? __pfx_get_signal+0x10/0x10 [ 116.184866] arch_do_signal_or_restart+0x80/0x790 [ 116.185289] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 116.185728] ? fixup_vdso_exception+0x34c/0x410 [ 116.186147] ? trace_irq_disable.constprop.0+0xc2/0x100 [ 116.186579] ? __bad_area_nosemaphore+0x34e/0x620 [ 116.187002] irqentry_exit_to_user_mode+0x106/0x1c0 [ 116.187414] exc_page_fault+0xd9/0x180 [ 116.187735] asm_exc_page_fault+0x26/0x30 [ 116.188093] RIP: 0033:0x7f3e9a89d436 [ 116.188403] Code: Unable to access opcode bytes at 0x7f3e9a89d40c. [ 116.188884] RSP: 002b:00007f3e97e6c1a0 EFLAGS: 00010217 [ 116.189333] RAX: 0000000000000000 RBX: 00007f3e9aa09f60 RCX: 00007f3e9aa09f60 [ 116.189892] RDX: 0000000000000000 RSI: 00007f3e9a89d42e RDI: 00000000200002c0 [ 116.190485] RBP: 00007f3e9a950f6d R08: 0000000000000000 R09: 0000000000000000 [ 116.191079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 116.191641] R13: 00007ffd88d92e0f R14: 00007f3e97e6c300 R15: 0000000000022000 [ 116.192248] [ 116.192442] irq event stamp: 1593 [ 116.192714] hardirqs last enabled at (1601): [] __up_console_sem+0x78/0x80 [ 116.193412] hardirqs last disabled at (1616): [] __up_console_sem+0x5d/0x80 [ 116.194124] softirqs last enabled at (1630): [] handle_softirqs+0x50c/0x770 [ 116.194809] softirqs last disabled at (1625): [] __irq_exit_rcu+0xc4/0x100 [ 116.195503] ---[ end trace 0000000000000000 ]--- 10:26:25 executing program 4: creat(&(0x7f0000000080)='./file0\x00', 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x7f) truncate(&(0x7f0000000100)='./file0\x00', 0xe) 10:26:25 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_open(&(0x7f0000000100)='\\,!X(\\\x00', 0x40, 0x0, &(0x7f0000000140)={0x8, 0xffffffff, 0x1, 0x1}) 10:26:25 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="24000000020105090000000000000000000000000800034000000002080019"], 0x24}}, 0x0) 10:26:25 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_int(r0, 0x1, 0x10, 0x0, &(0x7f0000000280)) 10:26:25 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x8800}, {&(0x7f0000002880)="22001e0000000000001e00080000000008007809140b2a3a0802", 0x1a, 0xf000}], 0x0, &(0x7f0000013500)) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 116.271794] ------------[ cut here ]------------ [ 116.272239] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#0: syz-executor.6/283 [ 116.273011] Modules linked in: [ 116.273286] CPU: 0 UID: 0 PID: 283 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 116.274263] Tainted: [W]=WARN [ 116.274521] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 116.275196] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 116.275604] Code: 05 16 42 81 04 01 e8 31 f8 91 ff e9 41 fc ff ff e8 b7 50 b4 ff 31 ff 44 89 ee e8 dd 4b b4 ff 45 85 ed 79 09 e8 a3 50 b4 ff 90 <0f> 0b 90 e8 9a 50 b4 ff e8 75 f6 fb 02 31 ff 89 c5 89 c6 e8 ba 4b [ 116.277089] RSP: 0018:ffff888017b9fce0 EFLAGS: 00010293 [ 116.277523] RAX: 0000000000000000 RBX: 1ffff11002f73fa1 RCX: ffffffff81bf96d3 [ 116.278121] RDX: ffff88801bec9b80 RSI: ffffffff81bf96dd RDI: 0000000000000005 [ 116.278698] RBP: ffff88801e701a40 R08: 0000000000000001 R09: 0000000000000000 [ 116.279280] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff888017b9fd48 [ 116.279861] R13: 00000000ffffffff R14: ffff88801e701a40 R15: ffff88801e701b28 [ 116.280452] FS: 0000555564783400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 116.281116] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.281588] CR2: 000055556478cc58 CR3: 000000003fc99000 CR4: 0000000000350ef0 [ 116.282184] Call Trace: [ 116.282396] [ 116.282586] ? __pfx_mntput_no_expire+0x10/0x10 [ 116.282991] ? dput.part.0+0xce/0x930 [ 116.283309] ? lock_release+0xc8/0x290 [ 116.283642] path_umount+0x6e0/0x1100 [ 116.283976] ? kmem_cache_free+0x2a1/0x540 [ 116.284326] ? __pfx_path_umount+0x10/0x10 [ 116.284676] ? putname.part.0+0x11b/0x160 [ 116.285039] __x64_sys_umount+0x15c/0x190 [ 116.285380] ? __pfx___x64_sys_umount+0x10/0x10 [ 116.285772] do_syscall_64+0xbf/0x360 [ 116.286135] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.286583] RIP: 0033:0x7f3e9a8f7f87 [ 116.286903] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 116.288444] RSP: 002b:00007ffd88d91f58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 116.289103] RAX: ffffffffffffffda RBX: 000000000000000f RCX: 00007f3e9a8f7f87 [ 116.289702] RDX: 00007ffd88d92029 RSI: 000000000000000a RDI: 00007ffd88d92020 [ 116.290323] RBP: 00007ffd88d92020 R08: 00000000ffffffff R09: 00007ffd88d91df0 [ 116.290940] R10: 0000555564784c7b R11: 0000000000000246 R12: 00007f3e9a950105 [ 116.291542] R13: 00007ffd88d930e0 R14: 0000555564784c20 R15: 00007ffd88d93120 [ 116.292172] [ 116.292377] irq event stamp: 164379 [ 116.292684] hardirqs last enabled at (164387): [] __up_console_sem+0x78/0x80 [ 116.293434] hardirqs last disabled at (164396): [] __up_console_sem+0x5d/0x80 [ 116.294198] softirqs last enabled at (164018): [] handle_softirqs+0x50c/0x770 [ 116.294983] softirqs last disabled at (164415): [] __irq_exit_rcu+0xc4/0x100 [ 116.295711] ---[ end trace 0000000000000000 ]--- [ 116.389863] loop6: detected capacity change from 0 to 240 [ 116.846190] kmemleak: Automatic memory scanning thread ended 10:26:25 executing program 5: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000400)=@file={0x1, './file0\x00'}, 0x6e) connect$unix(r0, &(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e) recvmmsg$unix(r0, &(0x7f0000006240)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) connect$unix(r0, &(0x7f0000003b00)=@abs, 0x6e) 10:26:25 executing program 1: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e365d99dfc335cf588132eba1a51d12f95180d319ee1e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab32e07ac5000000000000000032", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETVNETHDRSZ(r0, 0x401054d6, 0x0) 10:26:25 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0) 10:26:25 executing program 4: creat(&(0x7f0000000080)='./file0\x00', 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x7f) truncate(&(0x7f0000000100)='./file0\x00', 0xe) 10:26:25 executing program 6: utimensat(0xffffffffffffffff, &(0x7f0000000b40)='./file0\x00', 0x0, 0x4ae12253e84075c) 10:26:25 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_int(r0, 0x1, 0x10, 0x0, &(0x7f0000000280)) 10:26:25 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="24000000020105090000000000000000000000000800034000000002080019"], 0x24}}, 0x0) 10:26:25 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_open(&(0x7f0000000100)='\\,!X(\\\x00', 0x40, 0x0, &(0x7f0000000140)={0x8, 0xffffffff, 0x1, 0x1}) [ 117.024665] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 117.026471] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 117.027635] CPU: 1 UID: 0 PID: 4001 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.029429] Tainted: [W]=WARN [ 117.029911] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.031202] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.031963] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.034869] RSP: 0018:ffff888046967800 EFLAGS: 00010212 [ 117.035714] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900029f6000 [ 117.036848] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 117.037978] RBP: ffff888046967a70 R08: ffff88806cf31340 R09: ffffe8ffffd15dc0 [ 117.039117] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 117.040243] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 117.041369] FS: 00007febde5e2700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 117.042654] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.043583] CR2: 00007febe1180018 CR3: 000000001fd74000 CR4: 0000000000350ef0 [ 117.044714] Call Trace: [ 117.045131] [ 117.045512] ? __pfx_perf_tp_event+0x10/0x10 [ 117.046245] ? lock_is_held_type+0x9e/0x120 [ 117.046952] ? lock_is_held_type+0x9e/0x120 [ 117.047655] ? perf_trace_lock+0xb5/0x5d0 [ 117.048327] ? perf_trace_lock+0xb5/0x5d0 [ 117.048997] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.049738] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.050490] ? find_held_lock+0x2b/0x80 [ 117.051147] ? find_held_lock+0x2b/0x80 [ 117.051800] ? __perf_install_in_context+0x503/0xb90 [ 117.052612] ? lock_release+0xc8/0x290 [ 117.053248] ? do_raw_spin_unlock+0x53/0x220 [ 117.053974] ? perf_trace_run_bpf_submit+0xef/0x180 [ 117.054790] perf_trace_run_bpf_submit+0xef/0x180 [ 117.055577] perf_trace_lock+0x337/0x5d0 [ 117.056227] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.056955] ? lock_acquire+0x15e/0x2f0 [ 117.057575] ? futex_ref_get+0x48/0x300 [ 117.058201] ? futex_ref_get+0x114/0x300 [ 117.058832] ? futex_hash+0x15c/0x390 [ 117.059425] lock_release+0x1ab/0x290 [ 117.060030] ? futex_hash+0x15c/0x390 [ 117.060634] futex_ref_get+0x119/0x300 [ 117.061249] ? futex_hash+0x15c/0x390 [ 117.061844] futex_hash+0x70/0x390 [ 117.062423] futex_wake+0x143/0x540 [ 117.063003] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.063725] ? __pfx_futex_wake+0x10/0x10 [ 117.064379] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 117.065168] ? lock_release+0xc8/0x290 [ 117.065787] do_futex+0x26d/0x370 [ 117.066354] ? __pfx_do_futex+0x10/0x10 [ 117.066980] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 117.067812] ? find_held_lock+0x2b/0x80 [ 117.068472] __x64_sys_futex+0x1c9/0x4d0 [ 117.069132] ? __pfx___x64_sys_futex+0x10/0x10 [ 117.069878] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 117.070731] do_syscall_64+0xbf/0x360 [ 117.071345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.072174] RIP: 0033:0x7febe106cb19 [ 117.072772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.075644] RSP: 002b:00007febde5e2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.076840] RAX: ffffffffffffffda RBX: 00007febe117ff68 RCX: 00007febe106cb19 [ 117.077967] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007febe117ff6c [ 117.079097] RBP: 00007febe117ff60 R08: 000000000000000e R09: 0000000000000000 [ 117.080220] R10: 0000000000000003 R11: 0000000000000246 R12: 00007febe117ff6c [ 117.081344] R13: 00007fffa1899baf R14: 00007febde5e2300 R15: 0000000000022000 [ 117.082478] [ 117.082861] Modules linked in: [ 117.083390] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 117.084300] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 117.084997] CPU: 0 UID: 0 PID: 4000 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.085957] Tainted: [D]=DIE, [W]=WARN [ 117.086271] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.086907] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.087282] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.088681] RSP: 0018:ffff888046ad7800 EFLAGS: 00010212 [ 117.089094] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 117.089649] RDX: ffff888017ff3700 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 117.090208] RBP: ffff888046ad7a70 R08: ffff88806ce31340 R09: ffffe8ffffc15dc0 [ 117.090760] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 117.091308] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 117.091861] FS: 0000555564783400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 117.092478] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.092931] CR2: 0000555564784c18 CR3: 0000000044fcc000 CR4: 0000000000350ef0 [ 117.093483] Call Trace: [ 117.093689] [ 117.093872] ? arch_scale_cpu_capacity+0x17/0xa0 [ 117.094259] ? __pfx_perf_tp_event+0x10/0x10 [ 117.094611] ? __asan_memset+0x24/0x50 [ 117.094930] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.095290] ? __pfx___mutex_lock+0x10/0x10 [ 117.095635] ? perf_trace_lock+0xb5/0x5d0 [ 117.095963] ? kvm_sched_clock_read+0x16/0x30 [ 117.096326] ? sched_clock+0x37/0x60 [ 117.096625] ? sched_clock_cpu+0x6c/0x4e0 [ 117.096957] ? perf_trace_run_bpf_submit+0xef/0x180 [ 117.097351] perf_trace_run_bpf_submit+0xef/0x180 [ 117.097739] perf_trace_lock+0x337/0x5d0 [ 117.098061] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.098435] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.098800] ? get_futex_key+0x592/0x14a0 [ 117.099130] ? futex_ref_get+0x114/0x300 [ 117.099447] ? futex_hash+0x15c/0x390 [ 117.099749] lock_release+0x1ab/0x290 [ 117.100054] ? futex_hash+0x15c/0x390 [ 117.100356] futex_ref_get+0x119/0x300 [ 117.100663] ? futex_hash+0x15c/0x390 [ 117.100965] futex_hash+0x70/0x390 [ 117.101249] futex_wake+0x143/0x540 [ 117.101541] ? put_pid+0x1f/0x30 [ 117.101813] ? kernel_clone+0x204/0x7f0 [ 117.102139] ? __pfx_futex_wake+0x10/0x10 [ 117.102470] ? __pfx_kernel_clone+0x10/0x10 [ 117.102815] ? perf_trace_lock+0xb5/0x5d0 [ 117.103143] ? __pfx___handle_mm_fault+0x10/0x10 [ 117.103522] do_futex+0x26d/0x370 [ 117.103801] ? __pfx_do_futex+0x10/0x10 [ 117.104115] ? __pfx___do_sys_clone+0x10/0x10 [ 117.104469] ? handle_mm_fault+0x590/0x9b0 [ 117.104806] __x64_sys_futex+0x1c9/0x4d0 [ 117.105134] ? __pfx___x64_sys_futex+0x10/0x10 [ 117.105500] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 117.105911] do_syscall_64+0xbf/0x360 [ 117.106220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.106623] RIP: 0033:0x7f3e9a8f6b19 [ 117.106916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.108319] RSP: 002b:00007ffd88d92e88 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.108907] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3e9a8f6b19 [ 117.109457] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3e9aa09f68 [ 117.110013] RBP: 00007f3e9aa09f60 R08: 00007f3e97e6c700 R09: 0000000000000000 [ 117.110579] R10: 00007f3e97e6c700 R11: 0000000000000246 R12: 00007f3e9aa0e0a0 [ 117.111132] R13: 00007ffd88d92f90 R14: 00007f3e9aa09f60 R15: 000000000001c86b [ 117.111690] [ 117.111879] Modules linked in: [ 117.112138] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 117.113834] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 117.114981] CPU: 1 UID: 0 PID: 4001 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.116773] Tainted: [D]=DIE, [W]=WARN [ 117.117357] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.118612] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.119336] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.122054] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 117.122875] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 117.123956] RDX: ffff888044545280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 117.125040] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd15dc0 [ 117.126134] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 117.127210] R13: 0000000000000024 R14: ffff88806cf31490 R15: dffffc0000000000 [ 117.128296] FS: 00007febde5e2700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 117.129517] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.130417] CR2: 00007febe1180018 CR3: 000000001fd74000 CR4: 0000000000350ef0 [ 117.131491] Call Trace: [ 117.131890] [ 117.132237] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 117.133075] ? arch_stack_walk+0x9c/0xf0 [ 117.133710] ? __pfx_perf_tp_event+0x10/0x10 [ 117.134413] ? stack_trace_save+0x8e/0xc0 [ 117.135058] ? stack_depot_save_flags+0x2c/0xa20 [ 117.135786] ? __kasan_slab_free+0x3f/0x50 [ 117.136436] ? kfree+0x281/0x550 [ 117.136972] ? slab_free_after_rcu_debug+0x6f/0x290 [ 117.137757] ? rcu_core+0x7c8/0x1800 [ 117.138356] ? kasan_save_stack+0x34/0x50 [ 117.138995] ? kasan_save_stack+0x24/0x50 [ 117.139644] ? kasan_save_track+0x14/0x30 [ 117.140278] ? __kasan_save_free_info+0x3a/0x60 [ 117.140986] ? __kasan_slab_free+0x3f/0x50 [ 117.141635] ? slab_free_after_rcu_debug+0xd6/0x290 [ 117.142412] ? rcu_core+0x7c8/0x1800 [ 117.142991] ? handle_softirqs+0x1b1/0x770 [ 117.143651] ? __irq_exit_rcu+0xc4/0x100 [ 117.144286] ? irq_exit_rcu+0x9/0x20 [ 117.144864] ? sysvec_apic_timer_interrupt+0x70/0x80 [ 117.145648] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 117.146485] ? write_comp_data+0xa/0xa0 [ 117.147097] ? ext4_group_desc_csum+0x155/0x4b0 [ 117.147815] ? ext4_group_desc_csum_set+0xc3/0x130 [ 117.148572] ? __ext4_new_inode+0x1c34/0x4d70 [ 117.149266] ? ext4_symlink+0x406/0xb40 [ 117.149880] ? vfs_symlink+0x3fe/0x680 [ 117.150499] ? do_symlinkat+0x144/0x300 [ 117.151108] ? __x64_sys_symlink+0x75/0x90 [ 117.151759] ? do_syscall_64+0xbf/0x360 [ 117.152372] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.153181] ? enqueue_task_fair+0x43a/0x1e00 [ 117.153890] ? perf_trace_run_bpf_submit+0xef/0x180 [ 117.154677] perf_trace_run_bpf_submit+0xef/0x180 [ 117.155425] perf_trace_lock+0x337/0x5d0 [ 117.156057] ? place_entity+0x1c/0x410 [ 117.156663] ? kvm_sched_clock_read+0x16/0x30 [ 117.157364] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.158072] ? check_preempt_wakeup_fair+0x6e/0x950 [ 117.158849] ? sched_ttwu_pending+0x2e0/0x4a0 [ 117.159553] lock_release+0x1ab/0x290 [ 117.160141] ? ttwu_do_activate+0x1a4/0x8a0 [ 117.160809] _raw_spin_unlock+0x16/0x40 [ 117.161425] sched_ttwu_pending+0x2e0/0x4a0 [ 117.162100] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 117.162870] __flush_smp_call_function_queue+0x434/0x740 [ 117.163710] __sysvec_call_function_single+0x6d/0x370 [ 117.164513] sysvec_call_function_single+0xa1/0xc0 [ 117.165273] [ 117.165632] [ 117.165991] asm_sysvec_call_function_single+0x1a/0x20 [ 117.166803] RIP: 0010:oops_exit+0x0/0x50 [ 117.167436] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 117.170182] RSP: 0018:ffff888046967690 EFLAGS: 00000202 [ 117.170992] RAX: 000000000002c4ac RBX: 0000000000000216 RCX: ffffc900029f6000 [ 117.172074] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 117.173163] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 117.174251] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888046967758 [ 117.175329] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 117.176420] ? oops_end+0x4a/0xe0 [ 117.176982] oops_end+0x65/0xe0 [ 117.177515] exc_general_protection+0x1a2/0x330 [ 117.178253] asm_exc_general_protection+0x26/0x30 [ 117.178997] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.179721] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.182482] RSP: 0018:ffff888046967800 EFLAGS: 00010212 [ 117.183297] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900029f6000 [ 117.184381] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 117.185474] RBP: ffff888046967a70 R08: ffff88806cf31340 R09: ffffe8ffffd15dc0 [ 117.186561] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 117.187640] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 117.188728] ? perf_tp_event+0x167/0xe70 [ 117.189369] ? __pfx_perf_tp_event+0x10/0x10 [ 117.190056] ? lock_is_held_type+0x9e/0x120 [ 117.190738] ? lock_is_held_type+0x9e/0x120 [ 117.191411] ? perf_trace_lock+0xb5/0x5d0 [ 117.192049] ? perf_trace_lock+0xb5/0x5d0 [ 117.192692] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.193397] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.194125] ? find_held_lock+0x2b/0x80 [ 117.194756] ? find_held_lock+0x2b/0x80 [ 117.195402] ? __perf_install_in_context+0x503/0xb90 [ 117.196186] ? lock_release+0xc8/0x290 [ 117.196800] ? do_raw_spin_unlock+0x53/0x220 [ 117.197514] ? perf_trace_run_bpf_submit+0xef/0x180 [ 117.198298] perf_trace_run_bpf_submit+0xef/0x180 [ 117.199063] perf_trace_lock+0x337/0x5d0 [ 117.199704] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.200437] ? lock_acquire+0x15e/0x2f0 [ 117.201067] ? futex_ref_get+0x48/0x300 [ 117.201696] ? futex_ref_get+0x114/0x300 [ 117.202338] ? futex_hash+0x15c/0x390 [ 117.202944] lock_release+0x1ab/0x290 [ 117.203548] ? futex_hash+0x15c/0x390 [ 117.204141] futex_ref_get+0x119/0x300 [ 117.204750] ? futex_hash+0x15c/0x390 [ 117.205347] futex_hash+0x70/0x390 [ 117.205918] futex_wake+0x143/0x540 [ 117.206520] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.207245] ? __pfx_futex_wake+0x10/0x10 [ 117.207897] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 117.208680] ? lock_release+0xc8/0x290 [ 117.209300] do_futex+0x26d/0x370 [ 117.209857] ? __pfx_do_futex+0x10/0x10 [ 117.210493] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 117.211314] ? find_held_lock+0x2b/0x80 [ 117.211947] __x64_sys_futex+0x1c9/0x4d0 [ 117.212590] ? __pfx___x64_sys_futex+0x10/0x10 [ 117.213309] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 117.214144] do_syscall_64+0xbf/0x360 [ 117.214752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.215555] RIP: 0033:0x7febe106cb19 [ 117.216126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.218924] RSP: 002b:00007febde5e2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.220092] RAX: ffffffffffffffda RBX: 00007febe117ff68 RCX: 00007febe106cb19 [ 117.221188] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007febe117ff6c [ 117.222292] RBP: 00007febe117ff60 R08: 000000000000000e R09: 0000000000000000 [ 117.223378] R10: 0000000000000003 R11: 0000000000000246 R12: 00007febe117ff6c [ 117.224477] R13: 00007fffa1899baf R14: 00007febde5e2300 R15: 0000000000022000 [ 117.225578] [ 117.225953] Modules linked in: [ 117.226476] ---[ end trace 0000000000000000 ]--- [ 117.226478] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI [ 117.227191] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.228051] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 117.228762] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.229431] CPU: 0 UID: 0 PID: 4000 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.232157] RSP: 0018:ffff888046967800 EFLAGS: 00010212 [ 117.233074] Tainted: [D]=DIE, [W]=WARN [ 117.233080] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900029f6000 [ 117.233487] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.234071] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 117.234627] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.235883] RBP: ffff888046967a70 R08: ffff88806cf31340 R09: ffffe8ffffd15dc0 [ 117.236430] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.237125] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 117.237674] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 117.240431] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 117.240972] [ 117.240976] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 117.241764] FS: 00007febde5e2700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 117.242309] RDX: ffff888017ff3700 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 117.242574] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.243112] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15dc0 [ 117.244314] CR2: 00007febe1180018 CR3: 000000001fd74000 CR4: 0000000000350ef0 [ 117.244857] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 117.245728] Kernel panic - not syncing: Fatal exception in interrupt [ 118.351306] Shutting down cpus with NMI [ 118.355146] Kernel Offset: disabled [ 118.355671] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:26:25 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888015d57618 R8 =0000000000000000 R9 =ffffed10016d2046 R10=0000000000000020 R11=0000000000000001 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556b3eb400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe6d00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f9e452de000 CR3=0000000042c93000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=6c616e72756f6a2f676f6c2f6e75722f XMM01=30306234386136303638616663356134 XMM02=38303062343861363036386166633561 XMM03=2f6c616e72756f6a2f676f6c2f6e7572 XMM04=07cd12919c2625e00000000000169660 XMM05=d3fdd5f48436fbd700000000000aead0 XMM06=efe8caf45cd4c86d00000000000ae988 XMM07=00000000000000000000000000000000 XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000200000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000100 RCX=ffffffff81b96dd8 RDX=ffff888015d88000 RSI=ffffffff81b96da3 RDI=0000000000000001 RBP=ffff888014b2fa98 RSP=ffff888014b2fa00 R8 =0000000000000001 R9 =ffffffff81b964d3 R10=0000000000000001 R11=0000000000000001 R12=ffff888014b2fc74 R13=0000000000000985 R14=ffff888014b2fc38 R15=0000000000000001 RIP=ffffffff8173e788 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007ff903ea68c0 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe2300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d235000 CR3=000000000ecab000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=0000000000000000000037706f6f6c2f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=0000558595e65c200000000000000004 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000002000000000000000200000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000