Warning: Permanently added '[localhost]:28335' (ECDSA) to the list of known hosts. 2025/08/29 10:34:29 fuzzer started 2025/08/29 10:34:29 dialing manager at localhost:43077 syzkaller login: [ 51.221362] cgroup: Unknown subsys name 'net' [ 51.263203] cgroup: Unknown subsys name 'cpuset' [ 51.275035] cgroup: Unknown subsys name 'rlimit' 2025/08/29 10:34:39 syscalls: 2214 2025/08/29 10:34:39 code coverage: enabled 2025/08/29 10:34:39 comparison tracing: enabled 2025/08/29 10:34:39 extra coverage: enabled 2025/08/29 10:34:39 setuid sandbox: enabled 2025/08/29 10:34:39 namespace sandbox: enabled 2025/08/29 10:34:39 Android sandbox: enabled 2025/08/29 10:34:39 fault injection: enabled 2025/08/29 10:34:39 leak checking: enabled 2025/08/29 10:34:39 net packet injection: enabled 2025/08/29 10:34:39 net device setup: enabled 2025/08/29 10:34:39 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 10:34:39 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 10:34:39 USB emulation: enabled 2025/08/29 10:34:39 hci packet injection: enabled 2025/08/29 10:34:39 wifi device emulation: enabled 2025/08/29 10:34:39 802.15.4 emulation: enabled 2025/08/29 10:34:39 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 10:34:39 fetching corpus: 50, signal 17848/21459 (executing program) 2025/08/29 10:34:40 fetching corpus: 100, signal 26363/31472 (executing program) 2025/08/29 10:34:40 fetching corpus: 150, signal 39276/45521 (executing program) 2025/08/29 10:34:40 fetching corpus: 200, signal 46482/53910 (executing program) 2025/08/29 10:34:40 fetching corpus: 250, signal 53039/61482 (executing program) 2025/08/29 10:34:40 fetching corpus: 300, signal 57948/67419 (executing program) 2025/08/29 10:34:40 fetching corpus: 350, signal 65509/75659 (executing program) 2025/08/29 10:34:40 fetching corpus: 400, signal 67730/78886 (executing program) 2025/08/29 10:34:40 fetching corpus: 450, signal 70775/82814 (executing program) 2025/08/29 10:34:40 fetching corpus: 500, signal 73191/86127 (executing program) 2025/08/29 10:34:40 fetching corpus: 550, signal 77053/90673 (executing program) 2025/08/29 10:34:40 fetching corpus: 600, signal 78950/93433 (executing program) 2025/08/29 10:34:41 fetching corpus: 650, signal 81045/96242 (executing program) 2025/08/29 10:34:41 fetching corpus: 700, signal 82658/98688 (executing program) 2025/08/29 10:34:41 fetching corpus: 750, signal 85121/101690 (executing program) 2025/08/29 10:34:41 fetching corpus: 800, signal 87531/104691 (executing program) 2025/08/29 10:34:41 fetching corpus: 850, signal 89334/107165 (executing program) 2025/08/29 10:34:41 fetching corpus: 900, signal 92061/110279 (executing program) 2025/08/29 10:34:41 fetching corpus: 950, signal 93438/112362 (executing program) 2025/08/29 10:34:41 fetching corpus: 1000, signal 95612/114954 (executing program) 2025/08/29 10:34:41 fetching corpus: 1050, signal 97929/117610 (executing program) 2025/08/29 10:34:41 fetching corpus: 1100, signal 99677/119831 (executing program) 2025/08/29 10:34:42 fetching corpus: 1150, signal 101457/122027 (executing program) 2025/08/29 10:34:42 fetching corpus: 1200, signal 102720/123774 (executing program) 2025/08/29 10:34:42 fetching corpus: 1250, signal 103917/125423 (executing program) 2025/08/29 10:34:42 fetching corpus: 1300, signal 104931/127012 (executing program) 2025/08/29 10:34:42 fetching corpus: 1350, signal 106328/128756 (executing program) 2025/08/29 10:34:42 fetching corpus: 1400, signal 107560/130392 (executing program) 2025/08/29 10:34:42 fetching corpus: 1450, signal 108423/131735 (executing program) 2025/08/29 10:34:42 fetching corpus: 1500, signal 110006/133507 (executing program) 2025/08/29 10:34:42 fetching corpus: 1550, signal 111478/135218 (executing program) 2025/08/29 10:34:43 fetching corpus: 1600, signal 112756/136811 (executing program) 2025/08/29 10:34:43 fetching corpus: 1650, signal 113573/138080 (executing program) 2025/08/29 10:34:43 fetching corpus: 1700, signal 114909/139634 (executing program) 2025/08/29 10:34:43 fetching corpus: 1750, signal 116384/141207 (executing program) 2025/08/29 10:34:43 fetching corpus: 1800, signal 117483/142550 (executing program) 2025/08/29 10:34:43 fetching corpus: 1850, signal 118337/143743 (executing program) 2025/08/29 10:34:43 fetching corpus: 1900, signal 119301/144908 (executing program) 2025/08/29 10:34:43 fetching corpus: 1950, signal 120508/146194 (executing program) 2025/08/29 10:34:43 fetching corpus: 2000, signal 121620/147465 (executing program) 2025/08/29 10:34:43 fetching corpus: 2050, signal 122377/148541 (executing program) 2025/08/29 10:34:44 fetching corpus: 2100, signal 123254/149621 (executing program) 2025/08/29 10:34:44 fetching corpus: 2150, signal 125234/151221 (executing program) 2025/08/29 10:34:44 fetching corpus: 2200, signal 126608/152558 (executing program) 2025/08/29 10:34:44 fetching corpus: 2250, signal 127597/153638 (executing program) 2025/08/29 10:34:44 fetching corpus: 2300, signal 128770/154768 (executing program) 2025/08/29 10:34:44 fetching corpus: 2350, signal 129553/155648 (executing program) 2025/08/29 10:34:44 fetching corpus: 2400, signal 130633/156656 (executing program) 2025/08/29 10:34:44 fetching corpus: 2450, signal 131609/157610 (executing program) 2025/08/29 10:34:44 fetching corpus: 2500, signal 133048/158767 (executing program) 2025/08/29 10:34:44 fetching corpus: 2550, signal 134134/159726 (executing program) 2025/08/29 10:34:45 fetching corpus: 2600, signal 134697/160421 (executing program) 2025/08/29 10:34:45 fetching corpus: 2650, signal 135649/161270 (executing program) 2025/08/29 10:34:45 fetching corpus: 2700, signal 136673/162126 (executing program) 2025/08/29 10:34:45 fetching corpus: 2750, signal 137420/162891 (executing program) 2025/08/29 10:34:45 fetching corpus: 2800, signal 137916/163489 (executing program) 2025/08/29 10:34:45 fetching corpus: 2850, signal 138579/164257 (executing program) 2025/08/29 10:34:45 fetching corpus: 2900, signal 139435/164969 (executing program) 2025/08/29 10:34:45 fetching corpus: 2950, signal 140253/165603 (executing program) 2025/08/29 10:34:45 fetching corpus: 3000, signal 140906/166200 (executing program) 2025/08/29 10:34:45 fetching corpus: 3050, signal 141419/166731 (executing program) 2025/08/29 10:34:45 fetching corpus: 3100, signal 142009/167348 (executing program) 2025/08/29 10:34:46 fetching corpus: 3150, signal 142503/167902 (executing program) 2025/08/29 10:34:46 fetching corpus: 3200, signal 143061/168480 (executing program) 2025/08/29 10:34:46 fetching corpus: 3250, signal 143641/169012 (executing program) 2025/08/29 10:34:46 fetching corpus: 3300, signal 144260/169516 (executing program) 2025/08/29 10:34:46 fetching corpus: 3350, signal 144649/169928 (executing program) 2025/08/29 10:34:46 fetching corpus: 3400, signal 145360/170551 (executing program) 2025/08/29 10:34:46 fetching corpus: 3450, signal 145911/171023 (executing program) 2025/08/29 10:34:46 fetching corpus: 3500, signal 147764/171736 (executing program) 2025/08/29 10:34:46 fetching corpus: 3550, signal 148311/172253 (executing program) 2025/08/29 10:34:46 fetching corpus: 3600, signal 148769/172770 (executing program) 2025/08/29 10:34:47 fetching corpus: 3650, signal 149411/173190 (executing program) 2025/08/29 10:34:47 fetching corpus: 3700, signal 150323/173638 (executing program) 2025/08/29 10:34:47 fetching corpus: 3750, signal 151058/174083 (executing program) 2025/08/29 10:34:47 fetching corpus: 3800, signal 151703/174515 (executing program) 2025/08/29 10:34:47 fetching corpus: 3850, signal 152174/174889 (executing program) 2025/08/29 10:34:47 fetching corpus: 3900, signal 152740/175237 (executing program) 2025/08/29 10:34:47 fetching corpus: 3950, signal 153221/175559 (executing program) 2025/08/29 10:34:47 fetching corpus: 4000, signal 153861/175980 (executing program) 2025/08/29 10:34:47 fetching corpus: 4050, signal 154396/176277 (executing program) 2025/08/29 10:34:47 fetching corpus: 4100, signal 155128/176707 (executing program) 2025/08/29 10:34:48 fetching corpus: 4150, signal 155516/176971 (executing program) 2025/08/29 10:34:48 fetching corpus: 4200, signal 155971/177227 (executing program) 2025/08/29 10:34:48 fetching corpus: 4250, signal 156532/177551 (executing program) 2025/08/29 10:34:48 fetching corpus: 4300, signal 157048/177668 (executing program) 2025/08/29 10:34:48 fetching corpus: 4350, signal 157299/177669 (executing program) 2025/08/29 10:34:48 fetching corpus: 4400, signal 157745/177684 (executing program) 2025/08/29 10:34:48 fetching corpus: 4450, signal 158112/177688 (executing program) 2025/08/29 10:34:48 fetching corpus: 4500, signal 158434/177703 (executing program) 2025/08/29 10:34:48 fetching corpus: 4550, signal 158723/177715 (executing program) 2025/08/29 10:34:48 fetching corpus: 4600, signal 159389/177743 (executing program) 2025/08/29 10:34:48 fetching corpus: 4650, signal 159757/177743 (executing program) 2025/08/29 10:34:49 fetching corpus: 4700, signal 160223/177746 (executing program) 2025/08/29 10:34:49 fetching corpus: 4750, signal 160686/177755 (executing program) 2025/08/29 10:34:49 fetching corpus: 4800, signal 161158/177758 (executing program) 2025/08/29 10:34:49 fetching corpus: 4850, signal 161662/177763 (executing program) 2025/08/29 10:34:49 fetching corpus: 4900, signal 162071/177784 (executing program) 2025/08/29 10:34:49 fetching corpus: 4950, signal 162637/177800 (executing program) 2025/08/29 10:34:49 fetching corpus: 5000, signal 162977/177839 (executing program) 2025/08/29 10:34:49 fetching corpus: 5050, signal 163563/177851 (executing program) 2025/08/29 10:34:49 fetching corpus: 5100, signal 163942/177851 (executing program) 2025/08/29 10:34:49 fetching corpus: 5150, signal 164209/177858 (executing program) 2025/08/29 10:34:49 fetching corpus: 5200, signal 164528/177872 (executing program) 2025/08/29 10:34:50 fetching corpus: 5250, signal 164924/177874 (executing program) 2025/08/29 10:34:50 fetching corpus: 5300, signal 165261/177890 (executing program) 2025/08/29 10:34:50 fetching corpus: 5350, signal 165771/177893 (executing program) 2025/08/29 10:34:50 fetching corpus: 5400, signal 166230/177897 (executing program) 2025/08/29 10:34:50 fetching corpus: 5450, signal 166691/177913 (executing program) 2025/08/29 10:34:50 fetching corpus: 5500, signal 167166/178021 (executing program) 2025/08/29 10:34:50 fetching corpus: 5550, signal 167614/178025 (executing program) 2025/08/29 10:34:50 fetching corpus: 5600, signal 167899/178047 (executing program) 2025/08/29 10:34:50 fetching corpus: 5650, signal 168595/178052 (executing program) 2025/08/29 10:34:50 fetching corpus: 5700, signal 169002/178081 (executing program) 2025/08/29 10:34:50 fetching corpus: 5750, signal 169318/178091 (executing program) 2025/08/29 10:34:50 fetching corpus: 5800, signal 169553/178112 (executing program) 2025/08/29 10:34:51 fetching corpus: 5850, signal 169813/178116 (executing program) 2025/08/29 10:34:51 fetching corpus: 5900, signal 170195/178122 (executing program) 2025/08/29 10:34:51 fetching corpus: 5950, signal 170649/178122 (executing program) 2025/08/29 10:34:51 fetching corpus: 6000, signal 171031/178136 (executing program) 2025/08/29 10:34:51 fetching corpus: 6050, signal 171333/178141 (executing program) 2025/08/29 10:34:51 fetching corpus: 6100, signal 171764/178216 (executing program) 2025/08/29 10:34:51 fetching corpus: 6150, signal 172173/178225 (executing program) 2025/08/29 10:34:51 fetching corpus: 6200, signal 172454/178235 (executing program) 2025/08/29 10:34:51 fetching corpus: 6250, signal 172704/178235 (executing program) 2025/08/29 10:34:51 fetching corpus: 6300, signal 173038/178236 (executing program) 2025/08/29 10:34:51 fetching corpus: 6350, signal 173557/178239 (executing program) 2025/08/29 10:34:51 fetching corpus: 6400, signal 173874/178244 (executing program) 2025/08/29 10:34:51 fetching corpus: 6450, signal 174323/178253 (executing program) 2025/08/29 10:34:51 fetching corpus: 6500, signal 174633/178253 (executing program) 2025/08/29 10:34:52 fetching corpus: 6550, signal 174851/178258 (executing program) 2025/08/29 10:34:52 fetching corpus: 6600, signal 175380/178269 (executing program) 2025/08/29 10:34:52 fetching corpus: 6650, signal 175662/178306 (executing program) 2025/08/29 10:34:52 fetching corpus: 6650, signal 175662/178306 (executing program) 2025/08/29 10:34:54 starting 8 fuzzer processes 10:34:54 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x6180}], 0x1, 0x0, 0x0, 0x0) 10:34:54 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000012500)="ed41000000100000dbf4655fdcf4655fdcf4655f00000000000004008000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x4080}, {&(0x7f0000013000)="504d4d00504d4dff", 0x8, 0x40000}, {0x0, 0x0, 0x80000}], 0x0, &(0x7f0000013b00)) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0, 0x0) openat$incfs(r0, &(0x7f0000000340)='.pending_reads\x00', 0x8001, 0x0) 10:34:54 executing program 4: r0 = fsopen(&(0x7f00000000c0)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x3, &(0x7f0000000180)='\xfc\xff\xff\xff\xc0\nrfs\x00', &(0x7f0000000040)='\x00\x00\x00\x00', 0x0) [ 75.658128] audit: type=1400 audit(1756463694.549:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:34:54 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0xe, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f800002000400003000000000000000100000000000000020000000100060000000000000000000000000080002913cb39f153595a4b414c4c4552202046415433322020200e1fbe777cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a0000000000", 0xe0}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aa5252614100"/64, 0x40, 0x1e0}, {&(0x7f0000010200)="0000000072724161430000001a000000000000000000000000000000000055aa", 0x20, 0x3e0}, {&(0x7f0000010300)="eb58906d6b66732e66617400020120000400008000f800002000400003000000000000000100000000000000020000000100060000000000000000000000000080002913cb39f153595a4b414c4c4552202046415433322020200e1fbe777cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a0000000000", 0xe0, 0xc00}, {&(0x7f0000010400)="00000000000000000000000000000000000000000000000000000000000055aa", 0x20, 0xde0}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0fffffff0f0500000006000000ffffff0fffffff0f090000000a0000000b0000000c0000000d0000000e0000000f00000010000000110000001200000013000000140000001500000016000000170000001800000019000000ffffff0fffffff0f00"/128, 0x80, 0x4000}, {&(0x7f0000010600)="f8ffff0fffffff0ff8ffff0fffffff0f0500000006000000ffffff0fffffff0f090000000a0000000b0000000c0000000d0000000e0000000f00000010000000110000001200000013000000140000001500000016000000170000001800000019000000ffffff0fffffff0f00"/128, 0x80, 0x4200}, {&(0x7f0000010700)="f8ffff0fffffff0ff8ffff0fffffff0f0500000006000000ffffff0fffffff0f090000000a0000000b0000000c0000000d0000000e0000000f00000010000000110000001200000013000000140000001500000016000000170000001800000019000000ffffff0fffffff0f00"/128, 0x80, 0x4400}, {&(0x7f0000010800)="f8ffff0fffffff0ff8ffff0fffffff0f0500000006000000ffffff0fffffff0f090000000a0000000b0000000c0000000d0000000e0000000f00000010000000110000001200000013000000140000001500000016000000170000001800000019000000ffffff0fffffff0f00"/128, 0x80, 0x4600}, {&(0x7f0000010900)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010000de870325132510000e870325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c453120202020202020000de870325132510000e870325107000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c453220202020202020000de870325132510000e870325108002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c20000de870325132510000e87032511a0064000000", 0x120, 0x4800}, {&(0x7f0000010b00)="2e2020202020202020202010000de870325132510000e87032510300000000002e2e20202020202020202010000de870325132510000e870325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202020000de870325132510000e870325104001a040000", 0x80, 0x4a00}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x4c00}, {&(0x7f0000011100)='syzkallers\x00'/32, 0x20, 0x5200}, {&(0x7f0000011200)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x7800}], 0x0, &(0x7f0000011300)) 10:34:54 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r1, 0xb341daa0822653b3, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) recvmmsg(r0, &(0x7f0000004a00)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000180)=""/251, 0xfb}, {&(0x7f0000000280)=""/210, 0xd2}, {&(0x7f0000000380)=""/216, 0xd8}, {&(0x7f0000001040)=""/4096, 0x1000}, {&(0x7f00000004c0)=""/107, 0x6b}, {&(0x7f0000002040)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/14, 0xe}, {&(0x7f0000000540)=""/29, 0x1d}, {&(0x7f0000000600)=""/25, 0x19}], 0x9}}], 0x1, 0x0, 0x0) 10:34:54 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5c000, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b8000000000000b80000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000000040)="88e167e388ed00170000000000fa1600080000000008007809140b2a3a08020000010000013059747c4d168d8c6aba3f6b81ff", 0x33, 0xb800}], 0x0, &(0x7f0000000400)) 10:34:54 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041", 0x21, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mknodat$loop(r0, &(0x7f0000000080)='./file0\x00', 0x200, 0x1) 10:34:54 executing program 7: r0 = memfd_create(&(0x7f0000000340)='\x02\xce\x16Td\xa8\x98\x86\xb1:\x8f\xc5\x88{\xbd\xb4\xc2\xb1\x9b\x84\x97R\xcc\xdb<\x01\xfa\x91\x85\xa0\x81\xa9F0!/\x89\xacX\xbd\xcd\x12R|lTn\xac-\xfd\x8b\n\x1a\xbc\xf0^B6\xb6`[/\xafE\xdaYz\xd6\xc7\xbc!\xe5\x89\xc8^\x06np\xc6\xe7\x1d\xe4\xbe\xcaa}\x1c\x12\xf9\xd8\xefw\xe1\xcb\x85\xdb?^\x8f\f\nD\xf2\x1f\x11\xaa\x90>N\xb7\x86\x15\x03=\xcc\xbe\x0f\x0f\x14\x84\xde:;\x0f\xb5\xf1\x86\xf2{y\xe0t\xa2\xe9\x01\x00\x00\x00\x8e:^v\xc9\x8d\xd7E\xb4\vw\xbe\\\x11J\xf4\xae\xc6\x88F\x9c\xaflM\x1dSHjH\xd6\x8d\xa6\xbd\x96\xe4SR\xe6\x118L*\x9b\xb2\tbg\xad\x0fRu\xeb\xe4{GO\xa5M\x80-Y\xc6\x1f%\xb8i|\x86\xa9Zm+\x9fe~\x8a\xe7\xca\f\xad?\xa0t\x13_Rq\x1f\xc6\xd9\x1d#\x8a8q\x1e#c\x8c\x193\xab\xdbE\xe1\xc8d=\xe5\r\xe6\x9a\xe5zc-\f\xe5#\xa2v\x1eY\xf0\xe3\x1c*h\xdbq\x92\xf8a6\x99\x02\xc9}\x14\xfb\x03\xce\xb34\x95/\x18\xacJs0\x9f\x9b>\xae\a2\x01\xa7\x95\xbd\xf2\x99w\x11G\x1c\xd2\xbc\xf0E\x86\xca\x87\xefv\x8e\xad\xb8\xc7u\xc2z\x85\xc1\xd5R\x82\v\x1b\xea\x8f\xad\xc1\x02\x8a$\xd1T\xce\xa6\xa2m\x18K\xd5-\x03\xa0\xeeF^F\vJLx\xdc\xc8\b\xb7\xa1j2l\x8fQ\xc1\x89\xb8\xbef\xc6\x90\r\xae\xd4S\x8f\x7f\xe2[\x1cs\xab&\xa3\x81B<\xc5]n\xfc', 0x6) lseek(r0, 0x0, 0x2) [ 76.810462] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.813953] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.816103] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.818625] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.819889] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.823088] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.828283] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.831413] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.833237] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.835402] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.068223] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.075608] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.083167] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.091068] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.098947] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.146248] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.148717] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.151622] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.158227] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.160489] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.171112] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 77.184236] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 77.193032] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 77.195652] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 77.199613] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 77.201788] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 77.208006] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 77.209164] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 77.211428] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 77.214844] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 77.215333] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 77.219570] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 77.223384] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 77.226722] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 77.229060] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.232380] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 77.233477] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 77.248255] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 77.251557] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 77.253163] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 78.903524] Bluetooth: hci1: command tx timeout [ 78.904145] Bluetooth: hci0: command tx timeout [ 79.157898] Bluetooth: hci2: command tx timeout [ 79.222330] Bluetooth: hci3: command tx timeout [ 79.287098] Bluetooth: hci7: command tx timeout [ 79.287674] Bluetooth: hci4: command tx timeout [ 79.351190] Bluetooth: hci5: command tx timeout [ 79.351720] Bluetooth: hci6: command tx timeout [ 80.950903] Bluetooth: hci1: command tx timeout [ 80.951358] Bluetooth: hci0: command tx timeout [ 81.206946] Bluetooth: hci2: command tx timeout [ 81.272831] Bluetooth: hci3: command tx timeout [ 81.333968] Bluetooth: hci4: command tx timeout [ 81.334496] Bluetooth: hci7: command tx timeout [ 81.397840] Bluetooth: hci6: command tx timeout [ 81.398255] Bluetooth: hci5: command tx timeout [ 82.997943] Bluetooth: hci0: command tx timeout [ 82.998393] Bluetooth: hci1: command tx timeout [ 83.255227] Bluetooth: hci2: command tx timeout [ 83.318897] Bluetooth: hci3: command tx timeout [ 83.382857] Bluetooth: hci4: command tx timeout [ 83.383268] Bluetooth: hci7: command tx timeout [ 83.445863] Bluetooth: hci6: command tx timeout [ 83.446282] Bluetooth: hci5: command tx timeout [ 85.046405] Bluetooth: hci0: command tx timeout [ 85.046883] Bluetooth: hci1: command tx timeout [ 85.301847] Bluetooth: hci2: command tx timeout [ 85.366856] Bluetooth: hci3: command tx timeout [ 85.430946] Bluetooth: hci7: command tx timeout [ 85.431399] Bluetooth: hci4: command tx timeout [ 85.494931] Bluetooth: hci5: command tx timeout [ 85.495379] Bluetooth: hci6: command tx timeout [ 117.011889] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.012576] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.248991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.249596] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.622716] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.624406] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.844564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.846067] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.869258] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.869945] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.997332] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.998827] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.018549] loop0: detected capacity change from 0 to 2048 [ 118.042725] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.046545] ext4 filesystem being mounted at /syzkaller-testdir954005995/syzkaller.TjaNVJ/0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 118.114400] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. 10:35:36 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000012500)="ed41000000100000dbf4655fdcf4655fdcf4655f00000000000004008000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x4080}, {&(0x7f0000013000)="504d4d00504d4dff", 0x8, 0x40000}, {0x0, 0x0, 0x80000}], 0x0, &(0x7f0000013b00)) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0, 0x0) openat$incfs(r0, &(0x7f0000000340)='.pending_reads\x00', 0x8001, 0x0) [ 118.189125] loop0: detected capacity change from 0 to 2048 [ 118.196715] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.198360] ext4 filesystem being mounted at /syzkaller-testdir954005995/syzkaller.TjaNVJ/1/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 118.328021] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. 10:35:37 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000012500)="ed41000000100000dbf4655fdcf4655fdcf4655f00000000000004008000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x4080}, {&(0x7f0000013000)="504d4d00504d4dff", 0x8, 0x40000}, {0x0, 0x0, 0x80000}], 0x0, &(0x7f0000013b00)) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0, 0x0) openat$incfs(r0, &(0x7f0000000340)='.pending_reads\x00', 0x8001, 0x0) [ 118.341691] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.342922] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:35:37 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000012500)="ed41000000100000dbf4655fdcf4655fdcf4655f00000000000004008000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x4080}, {&(0x7f0000013000)="504d4d00504d4dff", 0x8, 0x40000}, {0x0, 0x0, 0x80000}], 0x0, &(0x7f0000013b00)) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0, 0x0) openat$incfs(r0, &(0x7f0000000340)='.pending_reads\x00', 0x8001, 0x0) 10:35:37 executing program 4: r0 = fsopen(&(0x7f00000000c0)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x3, &(0x7f0000000180)='\xfc\xff\xff\xff\xc0\nrfs\x00', &(0x7f0000000040)='\x00\x00\x00\x00', 0x0) [ 118.471662] loop0: detected capacity change from 0 to 2048 [ 118.482073] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.484335] ext4 filesystem being mounted at /syzkaller-testdir954005995/syzkaller.TjaNVJ/3/file0 supports timestamps until 2038-01-19 (0x7fffffff) 10:35:37 executing program 4: r0 = fsopen(&(0x7f00000000c0)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x3, &(0x7f0000000180)='\xfc\xff\xff\xff\xc0\nrfs\x00', &(0x7f0000000040)='\x00\x00\x00\x00', 0x0) [ 118.545080] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.555604] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.556480] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:35:37 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000012500)="ed41000000100000dbf4655fdcf4655fdcf4655f00000000000004008000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x4080}, {&(0x7f0000013000)="504d4d00504d4dff", 0x8, 0x40000}, {0x0, 0x0, 0x80000}], 0x0, &(0x7f0000013b00)) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0, 0x0) openat$incfs(r0, &(0x7f0000000340)='.pending_reads\x00', 0x8001, 0x0) 10:35:37 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000012500)="ed41000000100000dbf4655fdcf4655fdcf4655f00000000000004008000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x4080}, {&(0x7f0000013000)="504d4d00504d4dff", 0x8, 0x40000}, {0x0, 0x0, 0x80000}], 0x0, &(0x7f0000013b00)) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0, 0x0) openat$incfs(r0, &(0x7f0000000340)='.pending_reads\x00', 0x8001, 0x0) 10:35:37 executing program 4: r0 = fsopen(&(0x7f00000000c0)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x3, &(0x7f0000000180)='\xfc\xff\xff\xff\xc0\nrfs\x00', &(0x7f0000000040)='\x00\x00\x00\x00', 0x0) [ 118.708127] loop0: detected capacity change from 0 to 2048 [ 118.745326] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.751554] ext4 filesystem being mounted at /syzkaller-testdir954005995/syzkaller.TjaNVJ/5/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 118.869700] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.048151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.048770] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.055627] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.056332] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.298274] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.298931] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.379682] loop5: detected capacity change from 0 to 128 [ 119.405584] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.406237] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.675516] audit: type=1400 audit(1756463738.564:8): avc: denied { open } for pid=3904 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.690007] audit: type=1400 audit(1756463738.565:9): avc: denied { kernel } for pid=3904 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.881170] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.881818] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.924556] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.925701] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.959869] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.960481] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.000621] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.001253] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.140553] loop3: detected capacity change from 0 to 6 [ 120.149261] FAT-fs (loop3): Directory bread(block 6) failed [ 120.151651] FAT-fs (loop3): Directory bread(block 7) failed [ 120.153521] loop6: detected capacity change from 0 to 736 [ 120.155085] FAT-fs (loop3): Directory bread(block 8) failed [ 120.157878] FAT-fs (loop3): Directory bread(block 9) failed [ 120.165314] FAT-fs (loop3): Directory bread(block 6) failed [ 120.167357] FAT-fs (loop3): Directory bread(block 7) failed [ 120.170045] FAT-fs (loop3): Directory bread(block 8) failed [ 120.172020] FAT-fs (loop3): Directory bread(block 9) failed [ 120.175095] FAT-fs (loop3): Directory bread(block 6) failed [ 120.177982] FAT-fs (loop3): Directory bread(block 7) failed [ 120.230557] isofs_fill_super: root inode is not a directory. Corrupted media? [ 120.237600] loop6: detected capacity change from 0 to 736 [ 120.306706] isofs_fill_super: root inode is not a directory. Corrupted media? 10:35:39 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x6180}], 0x1, 0x0, 0x0, 0x0) 10:35:39 executing program 5: restart_syscall() 10:35:39 executing program 7: r0 = memfd_create(&(0x7f0000000340)='\x02\xce\x16Td\xa8\x98\x86\xb1:\x8f\xc5\x88{\xbd\xb4\xc2\xb1\x9b\x84\x97R\xcc\xdb<\x01\xfa\x91\x85\xa0\x81\xa9F0!/\x89\xacX\xbd\xcd\x12R|lTn\xac-\xfd\x8b\n\x1a\xbc\xf0^B6\xb6`[/\xafE\xdaYz\xd6\xc7\xbc!\xe5\x89\xc8^\x06np\xc6\xe7\x1d\xe4\xbe\xcaa}\x1c\x12\xf9\xd8\xefw\xe1\xcb\x85\xdb?^\x8f\f\nD\xf2\x1f\x11\xaa\x90>N\xb7\x86\x15\x03=\xcc\xbe\x0f\x0f\x14\x84\xde:;\x0f\xb5\xf1\x86\xf2{y\xe0t\xa2\xe9\x01\x00\x00\x00\x8e:^v\xc9\x8d\xd7E\xb4\vw\xbe\\\x11J\xf4\xae\xc6\x88F\x9c\xaflM\x1dSHjH\xd6\x8d\xa6\xbd\x96\xe4SR\xe6\x118L*\x9b\xb2\tbg\xad\x0fRu\xeb\xe4{GO\xa5M\x80-Y\xc6\x1f%\xb8i|\x86\xa9Zm+\x9fe~\x8a\xe7\xca\f\xad?\xa0t\x13_Rq\x1f\xc6\xd9\x1d#\x8a8q\x1e#c\x8c\x193\xab\xdbE\xe1\xc8d=\xe5\r\xe6\x9a\xe5zc-\f\xe5#\xa2v\x1eY\xf0\xe3\x1c*h\xdbq\x92\xf8a6\x99\x02\xc9}\x14\xfb\x03\xce\xb34\x95/\x18\xacJs0\x9f\x9b>\xae\a2\x01\xa7\x95\xbd\xf2\x99w\x11G\x1c\xd2\xbc\xf0E\x86\xca\x87\xefv\x8e\xad\xb8\xc7u\xc2z\x85\xc1\xd5R\x82\v\x1b\xea\x8f\xad\xc1\x02\x8a$\xd1T\xce\xa6\xa2m\x18K\xd5-\x03\xa0\xeeF^F\vJLx\xdc\xc8\b\xb7\xa1j2l\x8fQ\xc1\x89\xb8\xbef\xc6\x90\r\xae\xd4S\x8f\x7f\xe2[\x1cs\xab&\xa3\x81B<\xc5]n\xfc', 0x6) lseek(r0, 0x0, 0x2) 10:35:39 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000012500)="ed41000000100000dbf4655fdcf4655fdcf4655f00000000000004008000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x4080}, {&(0x7f0000013000)="504d4d00504d4dff", 0x8, 0x40000}, {0x0, 0x0, 0x80000}], 0x0, &(0x7f0000013b00)) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0, 0x0) openat$incfs(r0, &(0x7f0000000340)='.pending_reads\x00', 0x8001, 0x0) 10:35:39 executing program 4: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_setup(0x2, &(0x7f0000000680)=0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_submit(r0, 0x2, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x3, r1}]) 10:35:39 executing program 2: r0 = fsopen(&(0x7f0000000040)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r0, 0x6, &(0x7f0000000000)='debugfs\x00', 0x0, 0xffffffffffffffff) 10:35:39 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041", 0x21, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mknodat$loop(r0, &(0x7f0000000080)='./file0\x00', 0x200, 0x1) 10:35:39 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5c000, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b8000000000000b80000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000000040)="88e167e388ed00170000000000fa1600080000000008007809140b2a3a08020000010000013059747c4d168d8c6aba3f6b81ff", 0x33, 0xb800}], 0x0, &(0x7f0000000400)) [ 120.404288] loop3: detected capacity change from 0 to 6 [ 120.415442] FAT-fs (loop3): Directory bread(block 6) failed [ 120.420376] FAT-fs (loop3): Directory bread(block 7) failed [ 120.428010] FAT-fs (loop3): Directory bread(block 8) failed [ 120.428483] FAT-fs (loop3): Directory bread(block 9) failed [ 120.430590] loop6: detected capacity change from 0 to 736 [ 120.433657] loop0: detected capacity change from 0 to 2048 [ 120.452400] FAT-fs (loop3): Directory bread(block 6) failed [ 120.452925] FAT-fs (loop3): Directory bread(block 7) failed [ 120.453398] FAT-fs (loop3): Directory bread(block 8) failed [ 120.462541] FAT-fs (loop3): Directory bread(block 9) failed [ 120.463212] FAT-fs (loop3): Directory bread(block 6) failed [ 120.465861] FAT-fs (loop3): Directory bread(block 7) failed 10:35:39 executing program 4: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_setup(0x2, &(0x7f0000000680)=0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_submit(r0, 0x2, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x3, r1}]) [ 120.490088] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 120.509063] ext4 filesystem being mounted at /syzkaller-testdir954005995/syzkaller.TjaNVJ/6/file0 supports timestamps until 2038-01-19 (0x7fffffff) 10:35:39 executing program 2: r0 = fsopen(&(0x7f0000000040)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r0, 0x6, &(0x7f0000000000)='debugfs\x00', 0x0, 0xffffffffffffffff) 10:35:39 executing program 5: restart_syscall() 10:35:39 executing program 7: r0 = memfd_create(&(0x7f0000000340)='\x02\xce\x16Td\xa8\x98\x86\xb1:\x8f\xc5\x88{\xbd\xb4\xc2\xb1\x9b\x84\x97R\xcc\xdb<\x01\xfa\x91\x85\xa0\x81\xa9F0!/\x89\xacX\xbd\xcd\x12R|lTn\xac-\xfd\x8b\n\x1a\xbc\xf0^B6\xb6`[/\xafE\xdaYz\xd6\xc7\xbc!\xe5\x89\xc8^\x06np\xc6\xe7\x1d\xe4\xbe\xcaa}\x1c\x12\xf9\xd8\xefw\xe1\xcb\x85\xdb?^\x8f\f\nD\xf2\x1f\x11\xaa\x90>N\xb7\x86\x15\x03=\xcc\xbe\x0f\x0f\x14\x84\xde:;\x0f\xb5\xf1\x86\xf2{y\xe0t\xa2\xe9\x01\x00\x00\x00\x8e:^v\xc9\x8d\xd7E\xb4\vw\xbe\\\x11J\xf4\xae\xc6\x88F\x9c\xaflM\x1dSHjH\xd6\x8d\xa6\xbd\x96\xe4SR\xe6\x118L*\x9b\xb2\tbg\xad\x0fRu\xeb\xe4{GO\xa5M\x80-Y\xc6\x1f%\xb8i|\x86\xa9Zm+\x9fe~\x8a\xe7\xca\f\xad?\xa0t\x13_Rq\x1f\xc6\xd9\x1d#\x8a8q\x1e#c\x8c\x193\xab\xdbE\xe1\xc8d=\xe5\r\xe6\x9a\xe5zc-\f\xe5#\xa2v\x1eY\xf0\xe3\x1c*h\xdbq\x92\xf8a6\x99\x02\xc9}\x14\xfb\x03\xce\xb34\x95/\x18\xacJs0\x9f\x9b>\xae\a2\x01\xa7\x95\xbd\xf2\x99w\x11G\x1c\xd2\xbc\xf0E\x86\xca\x87\xefv\x8e\xad\xb8\xc7u\xc2z\x85\xc1\xd5R\x82\v\x1b\xea\x8f\xad\xc1\x02\x8a$\xd1T\xce\xa6\xa2m\x18K\xd5-\x03\xa0\xeeF^F\vJLx\xdc\xc8\b\xb7\xa1j2l\x8fQ\xc1\x89\xb8\xbef\xc6\x90\r\xae\xd4S\x8f\x7f\xe2[\x1cs\xab&\xa3\x81B<\xc5]n\xfc', 0x6) lseek(r0, 0x0, 0x2) [ 120.544686] isofs_fill_super: root inode is not a directory. Corrupted media? 10:35:39 executing program 4: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_setup(0x2, &(0x7f0000000680)=0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_submit(r0, 0x2, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x3, r1}]) [ 120.688288] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. 10:35:39 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x6180}], 0x1, 0x0, 0x0, 0x0) 10:35:39 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5c000, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b8000000000000b80000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000000040)="88e167e388ed00170000000000fa1600080000000008007809140b2a3a08020000010000013059747c4d168d8c6aba3f6b81ff", 0x33, 0xb800}], 0x0, &(0x7f0000000400)) 10:35:39 executing program 5: restart_syscall() 10:35:39 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041", 0x21, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mknodat$loop(r0, &(0x7f0000000080)='./file0\x00', 0x200, 0x1) 10:35:39 executing program 2: r0 = fsopen(&(0x7f0000000040)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r0, 0x6, &(0x7f0000000000)='debugfs\x00', 0x0, 0xffffffffffffffff) 10:35:39 executing program 4: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_setup(0x2, &(0x7f0000000680)=0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_submit(r0, 0x2, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x3, r1}]) 10:35:39 executing program 7: r0 = memfd_create(&(0x7f0000000340)='\x02\xce\x16Td\xa8\x98\x86\xb1:\x8f\xc5\x88{\xbd\xb4\xc2\xb1\x9b\x84\x97R\xcc\xdb<\x01\xfa\x91\x85\xa0\x81\xa9F0!/\x89\xacX\xbd\xcd\x12R|lTn\xac-\xfd\x8b\n\x1a\xbc\xf0^B6\xb6`[/\xafE\xdaYz\xd6\xc7\xbc!\xe5\x89\xc8^\x06np\xc6\xe7\x1d\xe4\xbe\xcaa}\x1c\x12\xf9\xd8\xefw\xe1\xcb\x85\xdb?^\x8f\f\nD\xf2\x1f\x11\xaa\x90>N\xb7\x86\x15\x03=\xcc\xbe\x0f\x0f\x14\x84\xde:;\x0f\xb5\xf1\x86\xf2{y\xe0t\xa2\xe9\x01\x00\x00\x00\x8e:^v\xc9\x8d\xd7E\xb4\vw\xbe\\\x11J\xf4\xae\xc6\x88F\x9c\xaflM\x1dSHjH\xd6\x8d\xa6\xbd\x96\xe4SR\xe6\x118L*\x9b\xb2\tbg\xad\x0fRu\xeb\xe4{GO\xa5M\x80-Y\xc6\x1f%\xb8i|\x86\xa9Zm+\x9fe~\x8a\xe7\xca\f\xad?\xa0t\x13_Rq\x1f\xc6\xd9\x1d#\x8a8q\x1e#c\x8c\x193\xab\xdbE\xe1\xc8d=\xe5\r\xe6\x9a\xe5zc-\f\xe5#\xa2v\x1eY\xf0\xe3\x1c*h\xdbq\x92\xf8a6\x99\x02\xc9}\x14\xfb\x03\xce\xb34\x95/\x18\xacJs0\x9f\x9b>\xae\a2\x01\xa7\x95\xbd\xf2\x99w\x11G\x1c\xd2\xbc\xf0E\x86\xca\x87\xefv\x8e\xad\xb8\xc7u\xc2z\x85\xc1\xd5R\x82\v\x1b\xea\x8f\xad\xc1\x02\x8a$\xd1T\xce\xa6\xa2m\x18K\xd5-\x03\xa0\xeeF^F\vJLx\xdc\xc8\b\xb7\xa1j2l\x8fQ\xc1\x89\xb8\xbef\xc6\x90\r\xae\xd4S\x8f\x7f\xe2[\x1cs\xab&\xa3\x81B<\xc5]n\xfc', 0x6) lseek(r0, 0x0, 0x2) [ 120.766974] loop6: detected capacity change from 0 to 736 [ 120.799288] kmemleak: Found object by alias at 0x607f1a638eec [ 120.799304] CPU: 0 UID: 0 PID: 3952 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 120.799322] Tainted: [W]=WARN [ 120.799325] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.799332] Call Trace: [ 120.799336] [ 120.799341] dump_stack_lvl+0xca/0x120 [ 120.799364] __lookup_object+0x94/0xb0 [ 120.799381] delete_object_full+0x27/0x70 [ 120.799396] free_percpu+0x30/0x1160 [ 120.799412] ? arch_uprobe_clear_state+0x16/0x140 [ 120.799432] futex_hash_free+0x38/0xc0 [ 120.799446] mmput+0x2d3/0x390 [ 120.799464] do_exit+0x79d/0x2970 [ 120.799477] ? signal_wake_up_state+0x85/0x120 [ 120.799493] ? zap_other_threads+0x2b9/0x3a0 [ 120.799512] ? __pfx_do_exit+0x10/0x10 [ 120.799524] ? do_group_exit+0x1c3/0x2a0 [ 120.799537] ? lock_release+0xc8/0x290 [ 120.799554] do_group_exit+0xd3/0x2a0 [ 120.799568] __x64_sys_exit_group+0x3e/0x50 [ 120.799582] x64_sys_call+0x18c5/0x18d0 [ 120.799597] do_syscall_64+0xbf/0x360 [ 120.799609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.799620] RIP: 0033:0x7fa595fadb19 [ 120.799629] Code: Unable to access opcode bytes at 0x7fa595fadaef. [ 120.799634] RSP: 002b:00007ffe01b89cc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 120.799645] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fa595fadb19 [ 120.799652] RDX: 00007fa595f6072b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 120.799659] RBP: 0000000000000000 R08: 0000001b2d520bd8 R09: 0000000000000000 [ 120.799665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.799672] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe01b89db0 [ 120.799687] [ 120.799690] kmemleak: Object (percpu) 0x607f1a638ee8 (size 8): [ 120.799697] kmemleak: comm "syz-executor.4", pid 3963, jiffies 4294787683 [ 120.799704] kmemleak: min_count = 1 [ 120.799708] kmemleak: count = 0 [ 120.799711] kmemleak: flags = 0x21 [ 120.799715] kmemleak: checksum = 0 [ 120.799719] kmemleak: backtrace: [ 120.799722] pcpu_alloc_noprof+0x87a/0x1170 [ 120.799737] percpu_ref_init+0x37/0x400 [ 120.799754] ioctx_alloc+0x368/0x1e10 [ 120.799766] __x64_sys_io_setup+0xc8/0x1f0 [ 120.799778] do_syscall_64+0xbf/0x360 [ 120.799786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.845913] isofs_fill_super: root inode is not a directory. Corrupted media? 10:35:39 executing program 2: r0 = fsopen(&(0x7f0000000040)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r0, 0x6, &(0x7f0000000000)='debugfs\x00', 0x0, 0xffffffffffffffff) 10:35:39 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041", 0x21, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mknodat$loop(r0, &(0x7f0000000080)='./file0\x00', 0x200, 0x1) 10:35:39 executing program 7: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, 0xffffffffffffffff) [ 120.875753] loop3: detected capacity change from 0 to 6 [ 120.881713] FAT-fs (loop3): Directory bread(block 6) failed [ 120.882325] FAT-fs (loop3): Directory bread(block 7) failed [ 120.883051] FAT-fs (loop3): Directory bread(block 8) failed [ 120.883527] FAT-fs (loop3): Directory bread(block 9) failed 10:35:39 executing program 5: restart_syscall() [ 120.903918] FAT-fs (loop3): Directory bread(block 6) failed [ 120.904403] FAT-fs (loop3): Directory bread(block 7) failed [ 120.908606] FAT-fs (loop3): Directory bread(block 8) failed [ 120.919783] FAT-fs (loop3): Directory bread(block 9) failed [ 120.920479] FAT-fs (loop3): Directory bread(block 6) failed [ 120.924156] loop0: detected capacity change from 0 to 6 [ 120.925726] kmemleak: Cannot insert 0x607f1a638eec into the object search tree (overlaps existing) [ 120.925742] CPU: 0 UID: 0 PID: 3972 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 120.925761] Tainted: [W]=WARN [ 120.925765] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.925772] Call Trace: [ 120.925776] [ 120.925780] dump_stack_lvl+0xca/0x120 [ 120.925808] __link_object+0x190/0x210 [ 120.925827] __create_object+0x48/0x80 [ 120.925844] pcpu_alloc_noprof+0x87a/0x1170 [ 120.925869] __percpu_init_rwsem+0x2d/0x160 [ 120.925885] ? security_sb_alloc+0x75/0x140 [ 120.925902] alloc_super+0x29e/0xb80 [ 120.925916] ? __pfx_super_s_dev_test+0x10/0x10 [ 120.925933] sget_fc+0xfe/0xb80 [ 120.925944] ? __pfx_super_s_dev_set+0x10/0x10 [ 120.925963] get_tree_bdev_flags+0x1b8/0x620 [ 120.925974] ? __pfx_vfat_fill_super+0x10/0x10 [ 120.925987] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 120.925999] ? cap_capable+0xdb/0x3b0 [ 120.926016] ? security_capable+0x2f/0x90 [ 120.926031] vfs_get_tree+0x93/0x340 [ 120.926049] path_mount+0x132d/0x1dd0 [ 120.926063] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 120.926077] ? __pfx_path_mount+0x10/0x10 [ 120.926090] ? kmem_cache_free+0x2a1/0x540 [ 120.926101] ? putname.part.0+0x11b/0x160 [ 120.926118] ? getname_flags.part.0+0x1c6/0x540 [ 120.926136] ? putname.part.0+0x11b/0x160 [ 120.926153] __x64_sys_mount+0x27b/0x300 [ 120.926167] ? __pfx___x64_sys_mount+0x10/0x10 [ 120.926185] do_syscall_64+0xbf/0x360 [ 120.926197] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.926209] RIP: 0033:0x7f0f53cd404a [ 120.926218] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 120.926230] RSP: 002b:00007f0f51247fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 120.926241] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f0f53cd404a [ 120.926249] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f0f51248000 [ 120.926257] RBP: 00007f0f51248040 R08: 00007f0f51248040 R09: 0000000020000000 [ 120.926264] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 [ 120.926271] R13: 0000000020000100 R14: 00007f0f51248000 R15: 0000000020010d00 [ 120.926287] [ 120.926946] kmemleak: Kernel memory leak detector disabled [ 120.926950] kmemleak: Object (percpu) 0x607f1a638ee8 (size 8): [ 120.926957] kmemleak: comm "syz-executor.4", pid 3963, jiffies 4294787683 [ 120.926964] kmemleak: min_count = 1 [ 120.926968] kmemleak: count = 0 [ 120.926972] kmemleak: flags = 0x21 [ 120.926975] kmemleak: checksum = 0 [ 120.926979] kmemleak: backtrace: [ 120.926983] pcpu_alloc_noprof+0x87a/0x1170 [ 120.926998] percpu_ref_init+0x37/0x400 [ 120.927016] ioctx_alloc+0x368/0x1e10 [ 120.927029] __x64_sys_io_setup+0xc8/0x1f0 [ 120.927041] do_syscall_64+0xbf/0x360 [ 120.927050] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.939906] kmemleak: Found object by alias at 0x607f1a638dc4 [ 120.939933] CPU: 1 UID: 0 PID: 3955 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 120.939962] Tainted: [W]=WARN [ 120.939968] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.939979] Call Trace: [ 120.939985] [ 120.939992] dump_stack_lvl+0xca/0x120 [ 120.940029] __lookup_object+0x94/0xb0 [ 120.940055] delete_object_full+0x27/0x70 [ 120.940080] free_percpu+0x30/0x1160 [ 120.940106] ? arch_uprobe_clear_state+0x16/0x140 [ 120.940138] futex_hash_free+0x38/0xc0 [ 120.940160] mmput+0x2d3/0x390 [ 120.940189] do_exit+0x79d/0x2970 [ 120.940211] ? signal_wake_up_state+0x85/0x120 [ 120.940236] ? zap_other_threads+0x2b9/0x3a0 [ 120.940262] ? __pfx_do_exit+0x10/0x10 [ 120.940282] ? do_group_exit+0x1c3/0x2a0 [ 120.940304] ? lock_release+0xc8/0x290 [ 120.940331] do_group_exit+0xd3/0x2a0 [ 120.940356] __x64_sys_exit_group+0x3e/0x50 [ 120.940378] x64_sys_call+0x18c5/0x18d0 [ 120.940402] do_syscall_64+0xbf/0x360 [ 120.940421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.940439] RIP: 0033:0x7f0d14a27b19 [ 120.940453] Code: Unable to access opcode bytes at 0x7f0d14a27aef. [ 120.940461] RSP: 002b:00007ffe221d27d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 120.940479] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f0d14a27b19 [ 120.940492] RDX: 00007f0d149da72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 120.940503] RBP: 0000000000000000 R08: 0000001b2d42001c R09: 0000000000000000 [ 120.940514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.940526] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe221d28c0 [ 120.940551] [ 120.940557] kmemleak: Object (percpu) 0x607f1a638dc0 (size 8): [ 120.940568] kmemleak: comm "syz-executor.3", pid 3967, jiffies 4294787783 [ 120.940579] kmemleak: min_count = 1 [ 120.940585] kmemleak: count = 0 [ 120.940591] kmemleak: flags = 0x21 [ 120.940597] kmemleak: checksum = 0 [ 120.940603] kmemleak: backtrace: [ 120.940608] pcpu_alloc_noprof+0x87a/0x1170 [ 120.940633] alloc_vfsmnt+0x135/0x6e0 [ 120.940654] vfs_create_mount.part.0+0x40/0x440 [ 120.940678] path_mount+0x1637/0x1dd0 [ 120.940695] __x64_sys_mount+0x27b/0x300 [ 120.940713] do_syscall_64+0xbf/0x360 [ 120.940727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.968718] kmemleak: Found object by alias at 0x607f1a638eec [ 120.968730] CPU: 0 UID: 0 PID: 3969 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 120.968747] Tainted: [W]=WARN [ 120.968751] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.968756] Call Trace: [ 120.968760] [ 120.968764] dump_stack_lvl+0xca/0x120 [ 120.968782] __lookup_object+0x94/0xb0 [ 120.968802] delete_object_full+0x27/0x70 [ 120.968817] free_percpu+0x30/0x1160 [ 120.968831] ? arch_uprobe_clear_state+0x16/0x140 [ 120.968851] futex_hash_free+0x38/0xc0 [ 120.968865] mmput+0x2d3/0x390 [ 120.968883] do_exit+0x79d/0x2970 [ 120.968896] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 120.968916] ? zap_other_threads+0x2b9/0x3a0 [ 120.968933] ? __pfx_do_exit+0x10/0x10 [ 120.968945] ? do_group_exit+0x1c3/0x2a0 [ 120.968960] ? _raw_spin_unlock_irq+0x23/0x40 [ 120.968977] do_group_exit+0xd3/0x2a0 [ 120.968991] __x64_sys_exit_group+0x3e/0x50 [ 120.969004] x64_sys_call+0x18c5/0x18d0 [ 120.969018] do_syscall_64+0xbf/0x360 [ 120.969029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.969040] RIP: 0033:0x7fa595fadb19 [ 120.969048] Code: Unable to access opcode bytes at 0x7fa595fadaef. [ 120.969053] RSP: 002b:00007ffe01b89cc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 120.969063] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fa595fadb19 [ 120.969070] RDX: 00007fa595f6072b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 120.969077] RBP: 0000000000000000 R08: 0000001b2d520a9c R09: 0000000000000000 [ 120.969084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.969090] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe01b89db0 [ 120.969106] [ 120.969109] kmemleak: Object (percpu) 0x607f1a638ee8 (size 8): [ 120.969115] kmemleak: comm "syz-executor.4", pid 3963, jiffies 4294787683 [ 120.969122] kmemleak: min_count = 1 [ 120.969126] kmemleak: count = 0 [ 120.969129] kmemleak: flags = 0x21 [ 120.969133] kmemleak: checksum = 0 [ 120.969136] kmemleak: backtrace: [ 120.969139] pcpu_alloc_noprof+0x87a/0x1170 [ 120.969153] percpu_ref_init+0x37/0x400 [ 120.969169] ioctx_alloc+0x368/0x1e10 [ 120.969180] __x64_sys_io_setup+0xc8/0x1f0 [ 120.969192] do_syscall_64+0xbf/0x360 [ 120.969200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.992905] FAT-fs (loop3): Directory bread(block 7) failed 10:35:39 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x6180}], 0x1, 0x0, 0x0, 0x0) 10:35:39 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5c000, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b8000000000000b80000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000000040)="88e167e388ed00170000000000fa1600080000000008007809140b2a3a08020000010000013059747c4d168d8c6aba3f6b81ff", 0x33, 0xb800}], 0x0, &(0x7f0000000400)) [ 121.003847] FAT-fs (loop0): Directory bread(block 6) failed [ 121.004666] FAT-fs (loop0): Directory bread(block 7) failed [ 121.008386] FAT-fs (loop0): Directory bread(block 8) failed 10:35:39 executing program 7: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, 0xffffffffffffffff) [ 121.022296] loop6: detected capacity change from 0 to 736 10:35:39 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GETSTATE(r0, 0x80086601, &(0x7f0000002a00)) [ 121.035530] FAT-fs (loop0): Directory bread(block 9) failed [ 121.062260] ------------[ cut here ]------------ [ 121.063145] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#1: syz-executor.3/287 [ 121.064369] Modules linked in: [ 121.064965] CPU: 1 UID: 0 PID: 287 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.071688] Tainted: [W]=WARN [ 121.072955] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.074055] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 121.074686] Code: 05 16 42 81 04 01 e8 31 f8 91 ff e9 41 fc ff ff e8 b7 50 b4 ff 31 ff 44 89 ee e8 dd 4b b4 ff 45 85 ed 79 09 e8 a3 50 b4 ff 90 <0f> 0b 90 e8 9a 50 b4 ff e8 75 f6 fb 02 31 ff 89 c5 89 c6 e8 ba 4b [ 121.076901] RSP: 0018:ffff88801674fc00 EFLAGS: 00010293 [ 121.077560] RAX: 0000000000000000 RBX: 1ffff11002ce9f85 RCX: ffffffff81bf96d3 [ 121.078464] RDX: ffff8880179c8000 RSI: ffffffff81bf96dd RDI: 0000000000000005 [ 121.079355] RBP: ffff88800e764000 R08: 0000000000000001 R09: 0000000000000000 [ 121.080239] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff88801674fc68 [ 121.081128] R13: 00000000ffffffff R14: dead000000000100 R15: ffff88800e764000 [ 121.082023] FS: 000055555ee53400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 121.083014] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.083718] CR2: 00007ffc27649f78 CR3: 0000000044d98000 CR4: 0000000000350ef0 [ 121.084607] Call Trace: [ 121.084954] [ 121.085239] ? __pfx_autoremove_wake_function+0x10/0x10 [ 121.086234] ? __pfx_mntput_no_expire+0x10/0x10 [ 121.087155] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 121.088035] ? shrink_dentry_list+0x1a/0x650 [ 121.088867] ? up_write+0x195/0x520 [ 121.089533] namespace_unlock+0x7f1/0x810 [ 121.090215] ? __pfx_namespace_unlock+0x10/0x10 [ 121.090751] ? find_held_lock+0x2b/0x80 [ 121.091230] ? lock_release+0xc8/0x290 [ 121.091678] path_umount+0x6a4/0x1100 [ 121.092137] ? kmem_cache_free+0x2a1/0x540 [ 121.092614] ? __pfx_path_umount+0x10/0x10 [ 121.093114] ? putname.part.0+0x11b/0x160 [ 121.093593] __x64_sys_umount+0x15c/0x190 [ 121.094102] ? __pfx___x64_sys_umount+0x10/0x10 [ 121.094621] do_syscall_64+0xbf/0x360 [ 121.095069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.095637] RIP: 0033:0x7f4730b01f87 [ 121.096074] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.098068] RSP: 002b:00007ffc2764a6b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 121.098917] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f4730b01f87 [ 121.099686] RDX: 00007ffc2764a789 RSI: 000000000000000a RDI: 00007ffc2764a780 [ 121.100480] RBP: 00007ffc2764a780 R08: 00000000ffffffff R09: 00007ffc2764a550 [ 121.101275] R10: 000055555ee54c7b R11: 0000000000000246 R12: 00007f4730b5a105 [ 121.102087] R13: 00007ffc2764b840 R14: 000055555ee54c20 R15: 00007ffc2764b880 [ 121.102892] [ 121.103165] irq event stamp: 159939 [ 121.103561] hardirqs last enabled at (159947): [] __up_console_sem+0x78/0x80 [ 121.104529] hardirqs last disabled at (159956): [] __up_console_sem+0x5d/0x80 [ 121.105495] softirqs last enabled at (159530): [] handle_softirqs+0x50c/0x770 [ 121.106486] softirqs last disabled at (159515): [] __irq_exit_rcu+0xc4/0x100 [ 121.107444] ---[ end trace 0000000000000000 ]--- [ 121.138559] kmemleak: Found object by alias at 0x607f1a638eec [ 121.138594] CPU: 0 UID: 0 PID: 3978 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.138642] Tainted: [W]=WARN [ 121.138653] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.138670] Call Trace: [ 121.138679] [ 121.138687] dump_stack_lvl+0xca/0x120 [ 121.138731] __lookup_object+0x94/0xb0 [ 121.138761] delete_object_full+0x27/0x70 [ 121.138799] free_percpu+0x30/0x1160 [ 121.138829] ? arch_uprobe_clear_state+0x16/0x140 [ 121.138865] futex_hash_free+0x38/0xc0 [ 121.138890] mmput+0x2d3/0x390 [ 121.138923] do_exit+0x79d/0x2970 [ 121.138948] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.138986] ? zap_other_threads+0x2b9/0x3a0 [ 121.139017] ? __pfx_do_exit+0x10/0x10 [ 121.139040] ? do_group_exit+0x1c3/0x2a0 [ 121.139066] ? _raw_spin_unlock_irq+0x23/0x40 [ 121.139101] do_group_exit+0xd3/0x2a0 [ 121.139129] __x64_sys_exit_group+0x3e/0x50 [ 121.139154] x64_sys_call+0x18c5/0x18d0 [ 121.139181] do_syscall_64+0xbf/0x360 [ 121.139202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.139223] RIP: 0033:0x7fa595fadb19 [ 121.139239] Code: Unable to access opcode bytes at 0x7fa595fadaef. [ 121.139249] RSP: 002b:00007ffe01b89cc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 121.139269] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fa595fadb19 [ 121.139283] RDX: 00007fa595f6072b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 121.139296] RBP: 0000000000000000 R08: 00007fa5960c5b58 R09: 0000000000000001 [ 121.139309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 121.139321] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffe01b89db0 [ 121.139350] [ 121.139357] kmemleak: Object (percpu) 0x607f1a638ee8 (size 8): [ 121.139369] kmemleak: comm "syz-executor.4", pid 3963, jiffies 4294787683 [ 121.139382] kmemleak: min_count = 1 [ 121.139389] kmemleak: count = 0 [ 121.139396] kmemleak: flags = 0x21 [ 121.139402] kmemleak: checksum = 0 [ 121.139409] kmemleak: backtrace: [ 121.139415] pcpu_alloc_noprof+0x87a/0x1170 [ 121.139442] percpu_ref_init+0x37/0x400 [ 121.139473] ioctx_alloc+0x368/0x1e10 [ 121.139495] __x64_sys_io_setup+0xc8/0x1f0 [ 121.139517] do_syscall_64+0xbf/0x360 [ 121.139532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.180355] ------------[ cut here ]------------ [ 121.181143] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#1: syz-executor.3/287 [ 121.182201] Modules linked in: [ 121.182578] CPU: 1 UID: 0 PID: 287 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.183912] Tainted: [W]=WARN [ 121.184261] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.185190] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 121.185757] Code: 05 16 42 81 04 01 e8 31 f8 91 ff e9 41 fc ff ff e8 b7 50 b4 ff 31 ff 44 89 ee e8 dd 4b b4 ff 45 85 ed 79 09 e8 a3 50 b4 ff 90 <0f> 0b 90 e8 9a 50 b4 ff e8 75 f6 fb 02 31 ff 89 c5 89 c6 e8 ba 4b [ 121.187781] RSP: 0018:ffff88801674fce0 EFLAGS: 00010293 [ 121.188393] RAX: 0000000000000000 RBX: 1ffff11002ce9fa1 RCX: ffffffff81bf96d3 [ 121.189202] RDX: ffff8880179c8000 RSI: ffffffff81bf96dd RDI: 0000000000000005 [ 121.190022] RBP: ffff88800e764000 R08: 0000000000000001 R09: 0000000000000000 [ 121.190836] R10: 00000000fffffffe R11: 0000000000000001 R12: ffff88801674fd48 [ 121.191623] R13: 00000000fffffffe R14: ffff88800e764000 R15: ffff88800e7640e8 [ 121.192434] FS: 000055555ee53400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 121.193348] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.194025] CR2: 00007f52880380c8 CR3: 0000000044d98000 CR4: 0000000000350ef0 [ 121.194829] Call Trace: [ 121.195122] [ 121.195383] ? __pfx_mntput_no_expire+0x10/0x10 [ 121.195937] ? dput.part.0+0xce/0x930 [ 121.196377] ? lock_release+0xc8/0x290 [ 121.196854] path_umount+0x6e0/0x1100 [ 121.197288] ? kmem_cache_free+0x2a1/0x540 [ 121.197776] ? __pfx_path_umount+0x10/0x10 [ 121.198272] ? putname.part.0+0x11b/0x160 [ 121.198758] __x64_sys_umount+0x15c/0x190 [ 121.199254] ? __pfx___x64_sys_umount+0x10/0x10 [ 121.199817] do_syscall_64+0xbf/0x360 [ 121.200257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.200866] RIP: 0033:0x7f4730b01f87 [ 121.201288] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.203327] RSP: 002b:00007ffc2764a6b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 121.204197] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f4730b01f87 [ 121.205022] RDX: 00007ffc2764a789 RSI: 000000000000000a RDI: 00007ffc2764a780 [ 121.205851] RBP: 00007ffc2764a780 R08: 00000000ffffffff R09: 00007ffc2764a550 [ 121.206642] R10: 000055555ee54c7b R11: 0000000000000246 R12: 00007f4730b5a105 [ 121.207465] R13: 00007ffc2764b840 R14: 000055555ee54c20 R15: 00007ffc2764b880 [ 121.208291] [ 121.208562] irq event stamp: 160493 [ 121.208995] hardirqs last enabled at (160503): [] __up_console_sem+0x78/0x80 [ 121.209997] hardirqs last disabled at (160512): [] __up_console_sem+0x5d/0x80 [ 121.210991] softirqs last enabled at (160190): [] handle_softirqs+0x50c/0x770 [ 121.212005] softirqs last disabled at (160185): [] __irq_exit_rcu+0xc4/0x100 [ 121.212996] ---[ end trace 0000000000000000 ]--- [ 121.232870] kmemleak: Found object by alias at 0x607f1a638eec [ 121.232887] CPU: 1 UID: 0 PID: 49 Comm: kworker/1:1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.232911] Tainted: [W]=WARN [ 121.232915] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.232925] Workqueue: events destroy_super_work [ 121.232953] Call Trace: [ 121.232958] [ 121.232964] dump_stack_lvl+0xca/0x120 [ 121.232991] __lookup_object+0x94/0xb0 [ 121.233013] delete_object_full+0x27/0x70 [ 121.233035] free_percpu+0x30/0x1160 [ 121.233063] percpu_free_rwsem+0x53/0xa0 [ 121.233086] destroy_super_work+0xe3/0x150 [ 121.233111] process_one_work+0x8e1/0x19c0 [ 121.233152] ? __pfx_process_one_work+0x10/0x10 [ 121.233181] ? move_linked_works+0x172/0x270 [ 121.233225] ? assign_work+0x196/0x240 [ 121.233253] worker_thread+0x67e/0xe90 [ 121.233272] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.233295] ? __pfx_worker_thread+0x10/0x10 [ 121.233315] kthread+0x3c8/0x740 [ 121.233334] ? __pfx_kthread+0x10/0x10 [ 121.233349] ? ret_from_fork+0x23/0x430 [ 121.233375] ? lock_release+0xc8/0x290 [ 121.233393] ? __pfx_kthread+0x10/0x10 [ 121.233411] ret_from_fork+0x34b/0x430 [ 121.233434] ? __pfx_kthread+0x10/0x10 [ 121.233450] ret_from_fork_asm+0x1a/0x30 [ 121.233483] [ 121.233488] kmemleak: Object (percpu) 0x607f1a638ee8 (size 8): [ 121.233498] kmemleak: comm "syz-executor.4", pid 3963, jiffies 4294787683 [ 121.233508] kmemleak: min_count = 1 [ 121.233513] kmemleak: count = 0 [ 121.233519] kmemleak: flags = 0x21 [ 121.233524] kmemleak: checksum = 0 [ 121.233529] kmemleak: backtrace: [ 121.233534] pcpu_alloc_noprof+0x87a/0x1170 [ 121.233556] percpu_ref_init+0x37/0x400 [ 121.233581] ioctx_alloc+0x368/0x1e10 [ 121.233598] __x64_sys_io_setup+0xc8/0x1f0 [ 121.233614] do_syscall_64+0xbf/0x360 [ 121.233626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.258920] isofs_fill_super: root inode is not a directory. Corrupted media? [ 121.264841] kmemleak: Found object by alias at 0x607f1a638eec [ 121.264858] CPU: 1 UID: 0 PID: 49 Comm: kworker/1:1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.264881] Tainted: [W]=WARN [ 121.264886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.264896] Workqueue: events destroy_super_work [ 121.264920] Call Trace: [ 121.264925] [ 121.264931] dump_stack_lvl+0xca/0x120 [ 121.264955] __lookup_object+0x94/0xb0 [ 121.264975] delete_object_full+0x27/0x70 [ 121.264997] free_percpu+0x30/0x1160 [ 121.265023] percpu_free_rwsem+0x53/0xa0 [ 121.265045] destroy_super_work+0xef/0x150 [ 121.265070] process_one_work+0x8e1/0x19c0 [ 121.265098] ? __pfx_process_one_work+0x10/0x10 [ 121.265117] ? move_linked_works+0x172/0x270 [ 121.265144] ? assign_work+0x196/0x240 [ 121.265165] worker_thread+0x67e/0xe90 [ 121.265184] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.265206] ? __pfx_worker_thread+0x10/0x10 [ 121.265226] kthread+0x3c8/0x740 [ 121.265243] ? __pfx_kthread+0x10/0x10 [ 121.265259] ? ret_from_fork+0x23/0x430 [ 121.265282] ? lock_release+0xc8/0x290 [ 121.265301] ? __pfx_kthread+0x10/0x10 [ 121.265319] ret_from_fork+0x34b/0x430 [ 121.265347] ? __pfx_kthread+0x10/0x10 [ 121.265374] ret_from_fork_asm+0x1a/0x30 [ 121.265423] [ 121.265432] kmemleak: Object (percpu) 0x607f1a638ee8 (size 8): [ 121.265444] kmemleak: comm "syz-executor.4", pid 3963, jiffies 4294787683 [ 121.265455] kmemleak: min_count = 1 [ 121.265461] kmemleak: count = 0 [ 121.265468] kmemleak: flags = 0x21 [ 121.265474] kmemleak: checksum = 0 [ 121.265480] kmemleak: backtrace: [ 121.265485] pcpu_alloc_noprof+0x87a/0x1170 [ 121.265512] percpu_ref_init+0x37/0x400 [ 121.265542] ioctx_alloc+0x368/0x1e10 [ 121.265563] __x64_sys_io_setup+0xc8/0x1f0 [ 121.265582] do_syscall_64+0xbf/0x360 [ 121.265596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.790990] kmemleak: Automatic memory scanning thread ended VM DIAGNOSIS: 10:35:40 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000000 RCX=66c8676be6f67c13 RDX=0000000047918e7d RSI=000000001fd080bf RDI=00000000d4b8e8ef RBP=ffffffff85c1c760 RSP=ffff8880179a7558 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=0000000000000002 R13=0000000000000000 R14=0000000000000000 R15=0000000000000200 RIP=ffffffff8151dc6b RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe6a00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f89ec91e000 CR3=0000000032ff8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88801674f578 R8 =0000000000000000 R9 =ffffed1001769046 R10=000000000000005b R11=0000000000000001 R12=000000000000005b R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055555ee53400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe0b00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffc27649f78 CR3=0000000044d98000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000000000000ff000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000