------------[ cut here ]------------
WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#0: syz-executor.6/286
Modules linked in:
CPU: 0 UID: 0 PID: 286 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:mntput_no_expire+0x78e/0xbe0
Code: 05 16 42 81 04 01 e8 31 f8 91 ff e9 41 fc ff ff e8 b7 50 b4 ff 31 ff 44 89 ee e8 dd 4b b4 ff 45 85 ed 79 09 e8 a3 50 b4 ff 90 <0f> 0b 90 e8 9a 50 b4 ff e8 75 f6 fb 02 31 ff 89 c5 89 c6 e8 ba 4b
RSP: 0018:ffff888017be7ce0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 1ffff11002f7cfa1 RCX: ffffffff81bf96d3
RDX: ffff888009ff0000 RSI: ffffffff81bf96dd RDI: 0000000000000005
RBP: ffff888016926c40 R08: 0000000000000001 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000001 R12: ffff888017be7d48
R13: 00000000ffffffff R14: ffff888016926c40 R15: ffff888016926d28
FS: 000055557d94f400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f10a73b79f0 CR3: 000000004439d000 CR4: 0000000000350ef0
Call Trace:
path_umount+0x6e0/0x1100
__x64_sys_umount+0x15c/0x190
do_syscall_64+0xbf/0x360
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1d5f792f87
Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcf9d7d018 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: ffffffffffffffda RBX: 0000000000000027 RCX: 00007f1d5f792f87
RDX: 00007ffcf9d7d0ea RSI: 000000000000000a RDI: 00007ffcf9d7d0e0
RBP: 00007ffcf9d7d0e0 R08: 00000000ffffffff R09: 00007ffcf9d7ceb0
R10: 000055557d950c7b R11: 0000000000000206 R12: 00007f1d5f7eb105
R13: 00007ffcf9d7e1a0 R14: 000055557d950c20 R15: 00007ffcf9d7e1e0
irq event stamp: 227667
hardirqs last enabled at (227677): [] __up_console_sem+0x78/0x80
hardirqs last disabled at (227684): [] __up_console_sem+0x5d/0x80
softirqs last enabled at (227638): [] handle_softirqs+0x50c/0x770
softirqs last disabled at (227627): [] __irq_exit_rcu+0xc4/0x100
---[ end trace 0000000000000000 ]---
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.6'.
kmemleak: Cannot insert 0x607f1a639840 into the object search tree (overlaps existing)
CPU: 0 UID: 0 PID: 4584 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
dump_stack_lvl+0xca/0x120
__link_object+0x190/0x210
__create_object+0x48/0x80
pcpu_alloc_noprof+0x87a/0x1170
percpu_ref_init+0x37/0x400
io_uring_setup+0x44c/0x2000
__x64_sys_io_uring_setup+0xc8/0x170
do_syscall_64+0xbf/0x360
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1d5f791b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1d5cd07108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
RAX: ffffffffffffffda RBX: 00007f1d5f8a4f60 RCX: 00007f1d5f791b19
RDX: 0000000020ffc000 RSI: 0000000020000480 RDI: 000000000000442e
RBP: 0000000020000480 R08: 0000000020000540 R09: 0000000020000540
R10: 0000000020000500 R11: 0000000000000202 R12: 0000000020000540
R13: 0000000020ffc000 R14: 0000000020000500 R15: 0000000020ff9000
kmemleak: Kernel memory leak detector disabled
kmemleak: Object (percpu) 0x607f1a639838 (size 20):
kmemleak: comm "syz-executor.0", pid 4072, jiffies 4294821233
kmemleak: min_count = 1
kmemleak: count = 1
kmemleak: flags = 0x21
kmemleak: checksum = 0
kmemleak: backtrace:
pcpu_alloc_noprof+0x87a/0x1170
qdisc_alloc+0x443/0xbe0
qdisc_create_dflt+0x75/0x3d0
dev_activate+0x692/0x1250
__dev_open+0x5f2/0x840
__dev_change_flags+0x51e/0x6e0
netif_change_flags+0x8e/0x170
do_setlink.constprop.0+0xc4d/0x3df0
rtnl_newlink+0x14a8/0x1f30
rtnetlink_rcv_msg+0x9c6/0xfc0
netlink_rcv_skb+0x147/0x430
netlink_unicast+0x5a7/0x870
netlink_sendmsg+0x8ac/0xd80
__sys_sendto+0x506/0x570
__x64_sys_sendto+0xe1/0x1c0
do_syscall_64+0xbf/0x360
kmemleak: Automatic memory scanning thread ended
kmemleak: Found object by alias at 0x607f1a639840
CPU: 0 UID: 0 PID: 4596 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
dump_stack_lvl+0xca/0x120
__lookup_object+0x94/0xb0
delete_object_full+0x27/0x70
free_percpu+0x30/0x1160
__percpu_ref_exit+0xa9/0x100
percpu_ref_switch_to_atomic_rcu+0x2e5/0x480
rcu_core+0x7c8/0x1800
handle_softirqs+0x1b1/0x770
__irq_exit_rcu+0xc4/0x100
irq_exit_rcu+0x9/0x20
sysvec_apic_timer_interrupt+0x70/0x80
asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:rcu_is_watching+0x5/0x70
Code: e8 b0 05 55 00 eb e4 48 c7 c7 00 12 a1 85 e8 b2 04 55 00 eb b1 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 <65> ff 05 a4 3d 29 06 65 48 8b 1d 94 3d 29 06 48 8d bb 50 48 85 87
RSP: 0018:ffff888017a97658 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 00007fcb6d318427 RCX: 1ffffffff0c86e10
RDX: 0000000000000000 RSI: ffffffff81209610 RDI: 0000000000000007
RBP: 00007fcb6d318427 R08: ffffffff867ba06a R09: 0000000000000000
R10: 00007fcb6d318000 R11: 0000000000000003 R12: ffff888017a97770
R13: 0000000000000000 R14: ffff8880173eb700 R15: 0000000000000c40
kernel_text_address+0x29/0xc0
__kernel_text_address+0xd/0x40
unwind_get_return_address+0x59/0xa0
arch_stack_walk+0x9c/0xf0
stack_trace_save+0x8e/0xc0
kasan_save_stack+0x24/0x50
kasan_save_track+0x14/0x30
__kasan_slab_alloc+0x59/0x70
kmem_cache_alloc_lru_noprof+0x209/0x6a0
ext4_alloc_inode+0x28/0x600
alloc_inode+0x67/0x250
new_inode+0x1e/0x160
__ext4_new_inode+0x35d/0x4d70
ext4_symlink+0x406/0xb40
vfs_symlink+0x3fe/0x680
do_symlinkat+0x144/0x300
__x64_sys_symlink+0x75/0x90
do_syscall_64+0xbf/0x360
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcb6d318427
Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe012c9e88 EFLAGS: 00000206 ORIG_RAX: 0000000000000058
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcb6d318427
RDX: 00007ffe012c9f63 RSI: 00007fcb6d37302f RDI: 00007ffe012c9f50
RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffe012c9d20
R10: 00007ffe012c9bd7 R11: 0000000000000206 R12: 0000000000000001
R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffe012c9f50
kmemleak: Object (percpu) 0x607f1a639838 (size 20):
kmemleak: comm "syz-executor.0", pid 4072, jiffies 4294821233
kmemleak: min_count = 1
kmemleak: count = 1
kmemleak: flags = 0x21
kmemleak: checksum = 0
kmemleak: backtrace:
pcpu_alloc_noprof+0x87a/0x1170
qdisc_alloc+0x443/0xbe0
qdisc_create_dflt+0x75/0x3d0
dev_activate+0x692/0x1250
__dev_open+0x5f2/0x840
__dev_change_flags+0x51e/0x6e0
netif_change_flags+0x8e/0x170
do_setlink.constprop.0+0xc4d/0x3df0
rtnl_newlink+0x14a8/0x1f30
rtnetlink_rcv_msg+0x9c6/0xfc0
netlink_rcv_skb+0x147/0x430
netlink_unicast+0x5a7/0x870
netlink_sendmsg+0x8ac/0xd80
__sys_sendto+0x506/0x570
__x64_sys_sendto+0xe1/0x1c0
do_syscall_64+0xbf/0x360
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.6'.
Option ' ' to dns_resolver key: bad/missing value
FAT-fs (loop1): bogus number of reserved sectors
FAT-fs (loop1): This doesn't look like a DOS 1.x volume; no bootstrapping code
FAT-fs (loop1): Can't find a valid FAT filesystem
loop7: detected capacity change from 0 to 16383
vfat: Unknown parameter 'Ò�_½��
xÇ\œ�—nóz�i�æ7Ôyf¾¨²4ž´€ùìä×þŠc�öç�ÝYÞ'
------------[ cut here ]------------
WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#0: syz-executor.5/287
Modules linked in:
CPU: 0 UID: 0 PID: 287 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:mntput_no_expire+0x78e/0xbe0
Code: 05 16 42 81 04 01 e8 31 f8 91 ff e9 41 fc ff ff e8 b7 50 b4 ff 31 ff 44 89 ee e8 dd 4b b4 ff 45 85 ed 79 09 e8 a3 50 b4 ff 90 <0f> 0b 90 e8 9a 50 b4 ff e8 75 f6 fb 02 31 ff 89 c5 89 c6 e8 ba 4b
RSP: 0018:ffff888016ebfc00 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 1ffff11002dd7f85 RCX: ffffffff81bf96d3
RDX: ffff888016115280 RSI: ffffffff81bf96dd RDI: 0000000000000005
RBP: ffff888037179dc0 R08: 0000000000000001 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000001 R12: ffff888016ebfc68
R13: 00000000ffffffff R14: dead000000000100 R15: ffff888037179dc0
FS: 0000555561146400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fffd13e6fd8 CR3: 0000000046a9c000 CR4: 0000000000350ef0
Call Trace:
namespace_unlock+0x7f1/0x810
path_umount+0x6a4/0x1100
__x64_sys_umount+0x15c/0x190
do_syscall_64+0xbf/0x360
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff713a4df87
Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffd13e77a8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: ffffffffffffffda RBX: 0000000000000017 RCX: 00007ff713a4df87
RDX: 00007fffd13e7879 RSI: 000000000000000a RDI: 00007fffd13e7870
RBP: 00007fffd13e7870 R08: 00000000ffffffff R09: 00007fffd13e7640
R10: 0000555561147c7b R11: 0000000000000206 R12: 00007ff713aa6105
R13: 00007fffd13e8930 R14: 0000555561147c20 R15: 00007fffd13e8970
irq event stamp: 183291
hardirqs last enabled at (183299): [] __up_console_sem+0x78/0x80
hardirqs last disabled at (183308): [] __up_console_sem+0x5d/0x80
softirqs last enabled at (183174): [] handle_softirqs+0x50c/0x770
softirqs last disabled at (183327): [] __irq_exit_rcu+0xc4/0x100
---[ end trace 0000000000000000 ]---
audit: type=1326 audit(1756589886.735:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4619 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5986492b19 code=0x0
------------[ cut here ]------------
WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#1: syz-executor.5/287
Modules linked in:
CPU: 1 UID: 0 PID: 287 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:mntput_no_expire+0x78e/0xbe0
Code: 05 16 42 81 04 01 e8 31 f8 91 ff e9 41 fc ff ff e8 b7 50 b4 ff 31 ff 44 89 ee e8 dd 4b b4 ff 45 85 ed 79 09 e8 a3 50 b4 ff 90 <0f> 0b 90 e8 9a 50 b4 ff e8 75 f6 fb 02 31 ff 89 c5 89 c6 e8 ba 4b
RSP: 0018:ffff888016ebfce0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 1ffff11002dd7fa1 RCX: ffffffff81bf96d3
RDX: ffff888016115280 RSI: ffffffff81bf96dd RDI: 0000000000000005
RBP: ffff888037179dc0 R08: 0000000000000001 R09: 0000000000000000
R10: 00000000fffffffe R11: 0000000000000001 R12: ffff888016ebfd48
R13: 00000000fffffffe R14: ffff888037179dc0 R15: ffff888037179ea8
FS: 0000555561146400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2d421000 CR3: 0000000046a9c000 CR4: 0000000000350ef0
Call Trace:
path_umount+0x6e0/0x1100
__x64_sys_umount+0x15c/0x190
do_syscall_64+0xbf/0x360
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff713a4df87
Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffd13e77a8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: ffffffffffffffda RBX: 0000000000000017 RCX: 00007ff713a4df87
RDX: 00007fffd13e7879 RSI: 000000000000000a RDI: 00007fffd13e7870
RBP: 00007fffd13e7870 R08: 00000000ffffffff R09: 00007fffd13e7640
R10: 0000555561147c7b R11: 0000000000000206 R12: 00007ff713aa6105
R13: 00007fffd13e8930 R14: 0000555561147c20 R15: 00007fffd13e8970
irq event stamp: 183775
hardirqs last enabled at (183783): [] __up_console_sem+0x78/0x80
hardirqs last disabled at (183792): [] __up_console_sem+0x5d/0x80
softirqs last enabled at (183764): [] handle_softirqs+0x50c/0x770
softirqs last disabled at (183757): [] __irq_exit_rcu+0xc4/0x100
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: e8 b0 05 55 00 callq 0x5505b5
5: eb e4 jmp 0xffffffeb
7: 48 c7 c7 00 12 a1 85 mov $0xffffffff85a11200,%rdi
e: e8 b2 04 55 00 callq 0x5504c5
13: eb b1 jmp 0xffffffc6
15: 90 nop
16: 90 nop
17: 90 nop
18: 90 nop
19: 90 nop
1a: 90 nop
1b: 90 nop
1c: 90 nop
1d: 90 nop
1e: 90 nop
1f: 90 nop
20: 90 nop
21: 90 nop
22: 90 nop
23: 90 nop
24: 90 nop
25: f3 0f 1e fa endbr64
29: 53 push %rbx
* 2a: 65 ff 05 a4 3d 29 06 incl %gs:0x6293da4(%rip) # 0x6293dd5 <-- trapping instruction
31: 65 48 8b 1d 94 3d 29 mov %gs:0x6293d94(%rip),%rbx # 0x6293dcd
38: 06
39: 48 8d bb 50 48 85 87 lea -0x787ab7b0(%rbx),%rdi