Warning: Permanently added '[localhost]:27102' (ECDSA) to the list of known hosts.
2025/08/29 08:32:06 fuzzer started
2025/08/29 08:32:07 dialing manager at localhost:43077
syzkaller login: [ 59.477109] cgroup: Unknown subsys name 'net'
[ 59.541428] cgroup: Unknown subsys name 'cpuset'
[ 59.555866] cgroup: Unknown subsys name 'rlimit'
2025/08/29 08:32:16 syscalls: 2214
2025/08/29 08:32:16 code coverage: enabled
2025/08/29 08:32:16 comparison tracing: enabled
2025/08/29 08:32:16 extra coverage: enabled
2025/08/29 08:32:16 setuid sandbox: enabled
2025/08/29 08:32:16 namespace sandbox: enabled
2025/08/29 08:32:16 Android sandbox: enabled
2025/08/29 08:32:16 fault injection: enabled
2025/08/29 08:32:16 leak checking: enabled
2025/08/29 08:32:16 net packet injection: enabled
2025/08/29 08:32:16 net device setup: enabled
2025/08/29 08:32:16 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 08:32:16 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 08:32:16 USB emulation: enabled
2025/08/29 08:32:16 hci packet injection: enabled
2025/08/29 08:32:16 wifi device emulation: enabled
2025/08/29 08:32:16 802.15.4 emulation: enabled
2025/08/29 08:32:16 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 08:32:16 fetching corpus: 50, signal 26986/29922 (executing program)
2025/08/29 08:32:16 fetching corpus: 100, signal 38471/42115 (executing program)
2025/08/29 08:32:16 fetching corpus: 150, signal 45908/50181 (executing program)
2025/08/29 08:32:16 fetching corpus: 200, signal 50253/55168 (executing program)
2025/08/29 08:32:16 fetching corpus: 250, signal 54339/59687 (executing program)
2025/08/29 08:32:17 fetching corpus: 300, signal 59923/65400 (executing program)
2025/08/29 08:32:17 fetching corpus: 350, signal 63765/69446 (executing program)
2025/08/29 08:32:17 fetching corpus: 400, signal 67761/73424 (executing program)
2025/08/29 08:32:17 fetching corpus: 450, signal 70531/76401 (executing program)
2025/08/29 08:32:17 fetching corpus: 500, signal 73614/79413 (executing program)
2025/08/29 08:32:17 fetching corpus: 550, signal 75969/81728 (executing program)
2025/08/29 08:32:17 fetching corpus: 600, signal 79767/85108 (executing program)
2025/08/29 08:32:18 fetching corpus: 650, signal 81776/86938 (executing program)
2025/08/29 08:32:18 fetching corpus: 700, signal 83925/88849 (executing program)
2025/08/29 08:32:18 fetching corpus: 750, signal 87066/91281 (executing program)
2025/08/29 08:32:18 fetching corpus: 800, signal 89149/92967 (executing program)
2025/08/29 08:32:18 fetching corpus: 850, signal 91395/94658 (executing program)
2025/08/29 08:32:18 fetching corpus: 900, signal 92934/95810 (executing program)
2025/08/29 08:32:18 fetching corpus: 950, signal 94456/96859 (executing program)
2025/08/29 08:32:18 fetching corpus: 1000, signal 96068/97894 (executing program)
2025/08/29 08:32:19 fetching corpus: 1050, signal 97499/98797 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99312 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99356 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99404 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99443 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99481 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99514 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99553 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99596 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99635 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99687 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99721 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99770 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99815 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99855 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99897 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99936 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/99982 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/100026 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/100060 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/100101 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/100154 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/100208 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/100250 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/100291 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/100325 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/100374 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/100400 (executing program)
2025/08/29 08:32:19 fetching corpus: 1099, signal 98374/100400 (executing program)
2025/08/29 08:32:21 starting 8 fuzzer processes
08:32:21 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)
08:32:21 executing program 1:
syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'default', '', @void}}}]})
08:32:21 executing program 6:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
copy_file_range(r0, 0x0, r0, &(0x7f0000000080)=0xfffffffffffffff9, 0x692, 0x0)
08:32:21 executing program 2:
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@mpol={'mpol', 0x3d, {'default', '=relative', @val={0x3a, [0x36, 0x2d, 0x39, 0xa]}}}}]})
08:32:21 executing program 7:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0x3}, 0x6)
08:32:21 executing program 3:
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
08:32:21 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @private}})
ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @private}})
[ 73.376960] audit: type=1400 audit(1756456341.164:7): avc: denied { execmem } for pid=271 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
08:32:21 executing program 5:
r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x6804, 0x0)
[ 74.591088] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 74.596773] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 74.598914] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 74.603546] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 74.609009] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 74.663281] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 74.670896] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 74.673043] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 74.674865] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 74.677027] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 74.679096] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 74.682135] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 74.684620] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 74.695146] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 74.697223] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 74.700195] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 74.704245] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 74.705988] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 74.707479] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 74.709458] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 74.712470] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 74.713739] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 74.716002] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 74.730527] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 74.732009] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 74.737674] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 74.739043] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 74.739386] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 74.740717] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 74.743228] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 74.749099] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 74.751253] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 74.758244] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 74.760120] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 74.769737] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 74.770391] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 74.771705] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 74.772626] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 74.773542] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 74.779692] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 76.623946] Bluetooth: hci0: command tx timeout
[ 76.815646] Bluetooth: hci6: command tx timeout
[ 76.817137] Bluetooth: hci7: command tx timeout
[ 76.817750] Bluetooth: hci2: command tx timeout
[ 76.818323] Bluetooth: hci1: command tx timeout
[ 76.880114] Bluetooth: hci3: command tx timeout
[ 76.880799] Bluetooth: hci5: command tx timeout
[ 76.881426] Bluetooth: hci4: command tx timeout
[ 78.671439] Bluetooth: hci0: command tx timeout
[ 78.863473] Bluetooth: hci7: command tx timeout
[ 78.863915] Bluetooth: hci1: command tx timeout
[ 78.864341] Bluetooth: hci2: command tx timeout
[ 78.864728] Bluetooth: hci6: command tx timeout
[ 78.927385] Bluetooth: hci3: command tx timeout
[ 78.927803] Bluetooth: hci4: command tx timeout
[ 78.928187] Bluetooth: hci5: command tx timeout
[ 80.720863] Bluetooth: hci0: command tx timeout
[ 80.911460] Bluetooth: hci6: command tx timeout
[ 80.911931] Bluetooth: hci2: command tx timeout
[ 80.912744] Bluetooth: hci1: command tx timeout
[ 80.913136] Bluetooth: hci7: command tx timeout
[ 80.975385] Bluetooth: hci5: command tx timeout
[ 80.975863] Bluetooth: hci4: command tx timeout
[ 80.976248] Bluetooth: hci3: command tx timeout
[ 82.767430] Bluetooth: hci0: command tx timeout
[ 82.959502] Bluetooth: hci7: command tx timeout
[ 82.959927] Bluetooth: hci2: command tx timeout
[ 82.960280] Bluetooth: hci1: command tx timeout
[ 82.960796] Bluetooth: hci6: command tx timeout
[ 83.023385] Bluetooth: hci5: command tx timeout
[ 83.023802] Bluetooth: hci3: command tx timeout
[ 83.024161] Bluetooth: hci4: command tx timeout
[ 112.751823] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.752873] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 112.922162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.922819] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.088853] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.089489] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.183249] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.183888] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.556683] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.557326] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.640353] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.640948] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:33:01 executing program 5:
r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x6804, 0x0)
[ 113.702157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.703349] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:33:01 executing program 5:
r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x6804, 0x0)
[ 113.841336] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.841970] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:33:01 executing program 5:
r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x6804, 0x0)
[ 113.915948] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 113.931513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.932131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:33:01 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x5421, &(0x7f0000000080)={'lo\x00', 0x0})
[ 113.983459] audit: type=1400 audit(1756456381.770:8): avc: denied { open } for pid=3852 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 113.987334] tmpfs: Bad value for 'mpol'
[ 113.989841] tmpfs: Bad value for 'mpol'
[ 113.990679] audit: type=1400 audit(1756456381.771:9): avc: denied { kernel } for pid=3852 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
08:33:01 executing program 2:
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@mpol={'mpol', 0x3d, {'default', '=relative', @val={0x3a, [0x36, 0x2d, 0x39, 0xa]}}}}]})
[ 114.046136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.047073] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 114.073154] tmpfs: Bad value for 'mpol'
08:33:01 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x5421, &(0x7f0000000080)={'lo\x00', 0x0})
[ 114.107551] kmemleak: Found object by alias at 0x607f1a6399e4
[ 114.107569] CPU: 1 UID: 0 PID: 3863 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 114.107587] Tainted: [W]=WARN
[ 114.107591] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 114.107598] Call Trace:
[ 114.107603]
[ 114.107607] dump_stack_lvl+0xca/0x120
[ 114.107631] __lookup_object+0x94/0xb0
[ 114.107647] delete_object_full+0x27/0x70
[ 114.107663] free_percpu+0x30/0x1160
[ 114.107679] ? arch_uprobe_clear_state+0x16/0x140
[ 114.107699] futex_hash_free+0x38/0xc0
[ 114.107712] mmput+0x2d3/0x390
[ 114.107730] do_exit+0x79d/0x2970
[ 114.107743] ? lock_release+0xc8/0x290
[ 114.107759] ? __pfx_do_exit+0x10/0x10
[ 114.107773] ? find_held_lock+0x2b/0x80
[ 114.107789] ? get_signal+0x835/0x2340
[ 114.107809] do_group_exit+0xd3/0x2a0
[ 114.107823] get_signal+0x2315/0x2340
[ 114.107840] ? __virt_addr_valid+0x2e8/0x5d0
[ 114.107861] ? __pfx_get_signal+0x10/0x10
[ 114.107877] ? do_futex+0x135/0x370
[ 114.107890] ? __pfx_do_futex+0x10/0x10
[ 114.107902] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 114.107916] arch_do_signal_or_restart+0x80/0x790
[ 114.107933] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 114.107961] ? __x64_sys_futex+0x1c9/0x4d0
[ 114.107972] ? __x64_sys_futex+0x1d2/0x4d0
[ 114.107987] ? __pfx___x64_sys_futex+0x10/0x10
[ 114.108000] ? xfd_validate_state+0x55/0x180
[ 114.108015] ? __pfx___x64_sys_mount+0x10/0x10
[ 114.108032] exit_to_user_mode_loop+0x8b/0x110
[ 114.108044] do_syscall_64+0x2f7/0x360
[ 114.108056] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.108068] RIP: 0033:0x7fdb18558b19
[ 114.108076] Code: Unable to access opcode bytes at 0x7fdb18558aef.
[ 114.108081] RSP: 002b:00007fdb15ace218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 114.108094] RAX: fffffffffffffe00 RBX: 00007fdb1866bf68 RCX: 00007fdb18558b19
[ 114.108102] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdb1866bf68
[ 114.108108] RBP: 00007fdb1866bf60 R08: 0000000000000000 R09: 0000000000000000
[ 114.108115] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdb1866bf6c
[ 114.108122] R13: 00007ffe521874ef R14: 00007fdb15ace300 R15: 0000000000022000
[ 114.108137]
[ 114.108141] kmemleak: Object (percpu) 0x607f1a6399e0 (size 8):
[ 114.108147] kmemleak: comm "syz-executor.4", pid 286, jiffies 4294780889
[ 114.108158] kmemleak: min_count = 1
[ 114.108162] kmemleak: count = 0
[ 114.108165] kmemleak: flags = 0x21
[ 114.108169] kmemleak: checksum = 0
[ 114.108172] kmemleak: backtrace:
[ 114.108176] pcpu_alloc_noprof+0x87a/0x1170
[ 114.108190] percpu_ref_init+0x37/0x400
[ 114.108208] cgroup_mkdir+0x28a/0x1110
[ 114.108220] kernfs_iop_mkdir+0x111/0x190
[ 114.108235] vfs_mkdir+0x59a/0x8d0
[ 114.108249] do_mkdirat+0x19f/0x3d0
[ 114.108259] __x64_sys_mkdir+0xf3/0x140
[ 114.108269] do_syscall_64+0xbf/0x360
[ 114.108277] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.145584] kmemleak: Cannot insert 0x607f1a6399e4 into the object search tree (overlaps existing)
[ 114.145598] CPU: 1 UID: 0 PID: 286 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 114.145614] Tainted: [W]=WARN
[ 114.145618] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 114.145624] Call Trace:
[ 114.145628]
[ 114.145632] dump_stack_lvl+0xca/0x120
[ 114.145651] __link_object+0x190/0x210
[ 114.145667] __create_object+0x48/0x80
[ 114.145683] pcpu_alloc_noprof+0x87a/0x1170
[ 114.145705] __percpu_counter_init_many+0x44/0x360
[ 114.145723] fprop_global_init+0x5b/0x100
[ 114.145739] mem_cgroup_css_alloc+0x88f/0x15e0
[ 114.145755] ? lock_is_held_type+0x9e/0x120
[ 114.145772] cgroup_apply_control_enable+0x446/0x9f0
[ 114.145793] cgroup_mkdir+0x86e/0x1110
[ 114.145809] ? __pfx_cgroup_mkdir+0x10/0x10
[ 114.145824] kernfs_iop_mkdir+0x111/0x190
[ 114.145841] vfs_mkdir+0x59a/0x8d0
[ 114.145860] do_mkdirat+0x19f/0x3d0
[ 114.145873] ? __pfx_do_mkdirat+0x10/0x10
[ 114.145890] __x64_sys_mkdir+0xf3/0x140
[ 114.145903] do_syscall_64+0xbf/0x360
[ 114.145913] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.145924] RIP: 0033:0x7fc322abfc27
[ 114.145933] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 114.145944] RSP: 002b:00007fffc1bfccb8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053
[ 114.145955] RAX: ffffffffffffffda RBX: 00007fffc1bfcd40 RCX: 00007fc322abfc27
[ 114.145962] RDX: 00007fffc1bfcd57 RSI: 00000000000001ff RDI: 00007fffc1bfcd40
[ 114.145969] RBP: 00000000ffffffff R08: 0000000000000000 R09: 00007fffc1bfcb50
[ 114.145976] R10: 00007fffc1bfca07 R11: 0000000000000206 R12: 0000000000000001
[ 114.145983] R13: 00007fffc1bfcfc0 R14: 0000000000000000 R15: 00000000000000f8
[ 114.145999]
[ 114.146571] kmemleak: Kernel memory leak detector disabled
[ 114.146575] kmemleak: Object (percpu) 0x607f1a6399e0 (size 8):
[ 114.146582] kmemleak: comm "syz-executor.4", pid 286, jiffies 4294780889
[ 114.146588] kmemleak: min_count = 1
[ 114.146592] kmemleak: count = 0
[ 114.146595] kmemleak: flags = 0x21
[ 114.146599] kmemleak: checksum = 0
[ 114.146603] kmemleak: backtrace:
[ 114.146605] pcpu_alloc_noprof+0x87a/0x1170
[ 114.146620] percpu_ref_init+0x37/0x400
[ 114.146636] cgroup_mkdir+0x28a/0x1110
[ 114.146647] kernfs_iop_mkdir+0x111/0x190
[ 114.146661] vfs_mkdir+0x59a/0x8d0
[ 114.146675] do_mkdirat+0x19f/0x3d0
[ 114.146685] __x64_sys_mkdir+0xf3/0x140
[ 114.146695] do_syscall_64+0xbf/0x360
[ 114.146703] entry_SYSCALL_64_after_hwframe+0x77/0x7f
08:33:01 executing program 2:
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@mpol={'mpol', 0x3d, {'default', '=relative', @val={0x3a, [0x36, 0x2d, 0x39, 0xa]}}}}]})
08:33:02 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x5421, &(0x7f0000000080)={'lo\x00', 0x0})
[ 114.223429] tmpfs: Bad value for 'mpol'
[ 114.245998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.246642] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 114.289139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.289785] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 114.454548] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.455163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 114.466814] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.467410] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 114.484241] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.484851] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 114.505740] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.506351] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:33:02 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)
08:33:02 executing program 1:
syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'default', '', @void}}}]})
08:33:02 executing program 6:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
copy_file_range(r0, 0x0, r0, &(0x7f0000000080)=0xfffffffffffffff9, 0x692, 0x0)
08:33:02 executing program 2:
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@mpol={'mpol', 0x3d, {'default', '=relative', @val={0x3a, [0x36, 0x2d, 0x39, 0xa]}}}}]})
08:33:02 executing program 7:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0x3}, 0x6)
08:33:02 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @private}})
ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @private}})
08:33:02 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x5421, &(0x7f0000000080)={'lo\x00', 0x0})
08:33:02 executing program 3:
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
[ 114.609418] tmpfs: Bad value for 'mpol'
[ 114.617062] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
08:33:02 executing program 7:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0x3}, 0x6)
08:33:02 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @private}})
ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @private}})
08:33:02 executing program 6:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
copy_file_range(r0, 0x0, r0, &(0x7f0000000080)=0xfffffffffffffff9, 0x692, 0x0)
08:33:02 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)
08:33:02 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @private}})
ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @private}})
08:33:02 executing program 2:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0x3}, 0x6)
[ 114.709439] ------------[ cut here ]------------
[ 114.709870] WARNING: fs/namespace.c:1375 at cleanup_mnt+0x33f/0x430, CPU#0: syz-executor.1/279
[ 114.710594] Modules linked in:
[ 114.710932] CPU: 0 UID: 0 PID: 279 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 114.713271] Tainted: [W]=WARN
[ 114.713972] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 114.716395] RIP: 0010:cleanup_mnt+0x33f/0x430
[ 114.717528] Code: c7 a0 45 d1 85 e8 01 7c fa 02 49 8d 7d 40 5b 48 c7 c6 10 e2 be 81 5d 41 5c 41 5d 41 5e 41 5f e9 57 b3 9c ff e8 82 46 b4 ff 90 <0f> 0b 90 e9 e6 fc ff ff e8 74 46 b4 ff 4c 89 ef e8 6c d7 06 00 e9
[ 114.720321] RSP: 0018:ffff88800fc1fe20 EFLAGS: 00010293
[ 114.720751] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81bf9de5
[ 114.721339] RDX: ffff888017063700 RSI: ffffffff81bfa0fe RDI: 0000000000000005
[ 114.721899] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
[ 114.722478] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888017063fd8
[ 114.723047] R13: ffff8880178316c0 R14: 0000000000000001 R15: ffff888017831700
[ 114.723628] FS: 000055558eaf0400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 114.724270] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 114.724757] CR2: 00007ffcb51ece58 CR3: 0000000037b25000 CR4: 0000000000350ef0
[ 114.725343] Call Trace:
[ 114.725555]
[ 114.725741] task_work_run+0x172/0x280
[ 114.726047] ? __pfx_task_work_run+0x10/0x10
[ 114.726405] ? __x64_sys_umount+0x114/0x190
[ 114.726734] ? __pfx___x64_sys_umount+0x10/0x10
[ 114.727089] exit_to_user_mode_loop+0xef/0x110
[ 114.727459] do_syscall_64+0x2f7/0x360
[ 114.727758] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.728152] RIP: 0033:0x7f40db80bf87
[ 114.728456] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 114.729808] RSP: 002b:00007ffcb51ed598 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 114.730394] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f40db80bf87
[ 114.730922] RDX: 00007ffcb51ed669 RSI: 000000000000000a RDI: 00007ffcb51ed660
[ 114.731469] RBP: 00007ffcb51ed660 R08: 00000000ffffffff R09: 00007ffcb51ed430
[ 114.732002] R10: 000055558eaf1c7b R11: 0000000000000246 R12: 00007f40db864105
[ 114.732550] R13: 00007ffcb51ee720 R14: 000055558eaf1c20 R15: 00007ffcb51ee760
[ 114.733084]
[ 114.733264] irq event stamp: 139095
[ 114.733555] hardirqs last enabled at (139105): [] __up_console_sem+0x78/0x80
[ 114.734197] hardirqs last disabled at (139112): [] __up_console_sem+0x5d/0x80
[ 114.734861] softirqs last enabled at (138838): [] handle_softirqs+0x50c/0x770
[ 114.735536] softirqs last disabled at (138827): [] __irq_exit_rcu+0xc4/0x100
[ 114.736188] ---[ end trace 0000000000000000 ]---
08:33:02 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)
08:33:02 executing program 7:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0x3}, 0x6)
08:33:02 executing program 1:
syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'default', '', @void}}}]})
08:33:02 executing program 6:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
copy_file_range(r0, 0x0, r0, &(0x7f0000000080)=0xfffffffffffffff9, 0x692, 0x0)
08:33:02 executing program 2:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0x3}, 0x6)
08:33:02 executing program 4:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
copy_file_range(r0, 0x0, r0, &(0x7f0000000080)=0xfffffffffffffff9, 0x692, 0x0)
08:33:02 executing program 3:
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
08:33:02 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)
[ 115.018712] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
08:33:02 executing program 2:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0x3}, 0x6)
08:33:02 executing program 4:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
copy_file_range(r0, 0x0, r0, &(0x7f0000000080)=0xfffffffffffffff9, 0x692, 0x0)
08:33:02 executing program 7:
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
08:33:02 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)
08:33:02 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)
08:33:02 executing program 6:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @private}})
ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @private}})
[ 115.065800] ------------[ cut here ]------------
[ 115.066343] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#1: syz-executor.1/279
[ 115.067093] Modules linked in:
[ 115.067453] CPU: 1 UID: 0 PID: 279 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 115.068435] Tainted: [W]=WARN
[ 115.068691] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 115.069357] RIP: 0010:mntput_no_expire+0x78e/0xbe0
[ 115.069768] Code: 05 16 42 81 04 01 e8 31 f8 91 ff e9 41 fc ff ff e8 b7 50 b4 ff 31 ff 44 89 ee e8 dd 4b b4 ff 45 85 ed 79 09 e8 a3 50 b4 ff 90 <0f> 0b 90 e8 9a 50 b4 ff e8 75 f6 fb 02 31 ff 89 c5 89 c6 e8 ba 4b
[ 115.071222] RSP: 0018:ffff88800fc1fc00 EFLAGS: 00010293
[ 115.071672] RAX: 0000000000000000 RBX: 1ffff11001f83f85 RCX: ffffffff81bf96d3
[ 115.072246] RDX: ffff888017063700 RSI: ffffffff81bf96dd RDI: 0000000000000005
[ 115.072837] RBP: ffff888016c72700 R08: 0000000000000001 R09: 0000000000000000
[ 115.073431] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff88800fc1fc68
[ 115.074003] R13: 00000000ffffffff R14: dead000000000100 R15: ffff888016c72700
[ 115.074578] FS: 000055558eaf0400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 115.075223] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 115.075702] CR2: 00007fd159a70ff8 CR3: 0000000037b25000 CR4: 0000000000350ef0
[ 115.076273] Call Trace:
[ 115.076506]
[ 115.076695] ? __pfx_autoremove_wake_function+0x10/0x10
[ 115.077132] ? __pfx_mntput_no_expire+0x10/0x10
[ 115.077534] ? __pfx_wait_rcu_exp_gp+0x10/0x10
[ 115.077914] ? shrink_dentry_list+0x1a/0x650
[ 115.078298] ? up_write+0x195/0x520
[ 115.078601] namespace_unlock+0x7f1/0x810
[ 115.078949] ? __pfx_namespace_unlock+0x10/0x10
[ 115.079349] ? find_held_lock+0x2b/0x80
[ 115.079678] ? lock_release+0xc8/0x290
[ 115.080000] path_umount+0x6a4/0x1100
[ 115.080326] ? kmem_cache_free+0x2a1/0x540
[ 115.080670] ? __pfx_path_umount+0x10/0x10
[ 115.081014] ? putname.part.0+0x11b/0x160
[ 115.081379] __x64_sys_umount+0x15c/0x190
[ 115.081715] ? __pfx___x64_sys_umount+0x10/0x10
[ 115.082093] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 115.082530] do_syscall_64+0xbf/0x360
[ 115.082841] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.083251] RIP: 0033:0x7f40db80bf87
[ 115.083566] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 115.085948] RSP: 002b:00007ffcb51ed598 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 115.087378] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007f40db80bf87
[ 115.087948] RDX: 00007ffcb51ed669 RSI: 000000000000000a RDI: 00007ffcb51ed660
[ 115.088544] RBP: 00007ffcb51ed660 R08: 00000000ffffffff R09: 00007ffcb51ed430
[ 115.089105] R10: 000055558eaf1c7b R11: 0000000000000246 R12: 00007f40db864105
[ 115.089685] R13: 00007ffcb51ee720 R14: 000055558eaf1c20 R15: 00007ffcb51ee760
[ 115.090251]
[ 115.090459] irq event stamp: 143055
[ 115.090753] hardirqs last enabled at (143063): [] __up_console_sem+0x78/0x80
[ 115.091456] hardirqs last disabled at (143072): [] __up_console_sem+0x5d/0x80
[ 115.092147] softirqs last enabled at (142996): [] handle_softirqs+0x50c/0x770
[ 115.092860] softirqs last disabled at (142593): [] __irq_exit_rcu+0xc4/0x100
[ 115.093560] ---[ end trace 0000000000000000 ]---
[ 115.096094] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 115.099770] ------------[ cut here ]------------
[ 115.100195] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#1: syz-executor.1/279
[ 115.100952] Modules linked in:
[ 115.101216] CPU: 1 UID: 0 PID: 279 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 115.102158] Tainted: [W]=WARN
[ 115.102553] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 115.103209] RIP: 0010:mntput_no_expire+0x78e/0xbe0
[ 115.103690] Code: 05 16 42 81 04 01 e8 31 f8 91 ff e9 41 fc ff ff e8 b7 50 b4 ff 31 ff 44 89 ee e8 dd 4b b4 ff 45 85 ed 79 09 e8 a3 50 b4 ff 90 <0f> 0b 90 e8 9a 50 b4 ff e8 75 f6 fb 02 31 ff 89 c5 89 c6 e8 ba 4b
[ 115.105159] RSP: 0018:ffff88800fc1fce0 EFLAGS: 00010293
[ 115.105604] RAX: 0000000000000000 RBX: 1ffff11001f83fa1 RCX: ffffffff81bf96d3
[ 115.106165] RDX: ffff888017063700 RSI: ffffffff81bf96dd RDI: 0000000000000005
[ 115.106742] RBP: ffff888016c72700 R08: 0000000000000001 R09: 0000000000000000
[ 115.107318] R10: 00000000fffffffe R11: 0000000000000001 R12: ffff88800fc1fd48
[ 115.107880] R13: 00000000fffffffe R14: ffff888016c72700 R15: ffff888016c727e8
[ 115.108464] FS: 000055558eaf0400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 115.109097] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 115.109582] CR2: 0000001b2d028000 CR3: 0000000037b25000 CR4: 0000000000350ef0
[ 115.110146] Call Trace:
[ 115.110370]
[ 115.110559] ? __pfx_mntput_no_expire+0x10/0x10
[ 115.110936] ? dput.part.0+0xce/0x930
[ 115.111244] ? lock_release+0xc8/0x290
[ 115.111583] path_umount+0x6e0/0x1100
[ 115.111894] ? kmem_cache_free+0x2a1/0x540
[ 115.112239] ? __pfx_path_umount+0x10/0x10
[ 115.112595] ? putname.part.0+0x11b/0x160
[ 115.112935] __x64_sys_umount+0x15c/0x190
[ 115.113265] ? __pfx___x64_sys_umount+0x10/0x10
[ 115.113656] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 115.114079] do_syscall_64+0xbf/0x360
[ 115.114404] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.114815] RIP: 0033:0x7f40db80bf87
[ 115.115113] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 115.116557] RSP: 002b:00007ffcb51ed598 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 115.117153] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007f40db80bf87
[ 115.117732] RDX: 00007ffcb51ed669 RSI: 000000000000000a RDI: 00007ffcb51ed660
[ 115.118307] RBP: 00007ffcb51ed660 R08: 00000000ffffffff R09: 00007ffcb51ed430
[ 115.118866] R10: 000055558eaf1c7b R11: 0000000000000246 R12: 00007f40db864105
[ 115.119441] R13: 00007ffcb51ee720 R14: 000055558eaf1c20 R15: 00007ffcb51ee760
[ 115.120017]
[ 115.120205] irq event stamp: 143605
[ 115.120510] hardirqs last enabled at (143615): [] __up_console_sem+0x78/0x80
[ 115.121197] hardirqs last disabled at (143622): [] __up_console_sem+0x5d/0x80
[ 115.121895] softirqs last enabled at (143294): [] handle_softirqs+0x50c/0x770
[ 115.122604] softirqs last disabled at (143261): [] __irq_exit_rcu+0xc4/0x100
[ 115.123299] ---[ end trace 0000000000000000 ]---
[ 115.208924] kmemleak: Automatic memory scanning thread ended
08:33:03 executing program 7:
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
08:33:03 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x5421, &(0x7f0000000080)={'lo\x00', 0x0})
08:33:03 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getresgid(&(0x7f0000004a80), &(0x7f0000004ac0), &(0x7f0000004b00))
08:33:03 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff})
r1 = getpid()
sendmmsg$unix(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000003640)=@abs, 0x6e, 0x0, 0x0, &(0x7f00000038c0)=[@cred={{0x1c, 0x1, 0x2, {r1}}}], 0x20}}], 0x2, 0x0)
08:33:03 executing program 3:
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
08:33:03 executing program 4:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
copy_file_range(r0, 0x0, r0, &(0x7f0000000080)=0xfffffffffffffff9, 0x692, 0x0)
08:33:03 executing program 1:
syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'default', '', @void}}}]})
08:33:03 executing program 6:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @private}})
ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @private}})
[ 115.464178] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 115.498890] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
08:33:03 executing program 6:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @private}})
ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @private}})
08:33:03 executing program 4:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, &(0x7f0000000100)={0x0, 0x3938700}, 0x0, 0x0)
08:33:03 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff})
r1 = getpid()
sendmmsg$unix(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000003640)=@abs, 0x6e, 0x0, 0x0, &(0x7f00000038c0)=[@cred={{0x1c, 0x1, 0x2, {r1}}}], 0x20}}], 0x2, 0x0)
08:33:03 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x5421, &(0x7f0000000080)={'lo\x00', 0x0})
08:33:03 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getresgid(&(0x7f0000004a80), &(0x7f0000004ac0), &(0x7f0000004b00))
08:33:03 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x12, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x118, &(0x7f0000000100), 0x0, 0x4)
08:33:03 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x5421, &(0x7f0000000080)={'lo\x00', 0x0})
08:33:03 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff})
r1 = getpid()
sendmmsg$unix(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000003640)=@abs, 0x6e, 0x0, 0x0, &(0x7f00000038c0)=[@cred={{0x1c, 0x1, 0x2, {r1}}}], 0x20}}], 0x2, 0x0)
[ 115.637710] Oops: general protection fault, probably for non-canonical address 0xfbfffc0000000032: 0000 [#1] SMP KASAN NOPTI
[ 115.638642] KASAN: maybe wild-memory-access in range [0xe000000000000190-0xe000000000000197]
[ 115.639318] CPU: 0 UID: 0 PID: 4008 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 115.640285] Tainted: [W]=WARN
[ 115.640537] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 115.641200] RIP: 0010:perf_tp_event+0x175/0xe70
[ 115.641589] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 115.643042] RSP: 0018:ffff88804427f800 EFLAGS: 00010212
[ 115.643477] RAX: 1c00000000000032 RBX: dfffffffffffffa0 RCX: ffffc90006a3a000
[ 115.644060] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: e000000000000190
[ 115.644632] RBP: ffff88804427fa70 R08: ffff88806ce31340 R09: ffffe8ffffc169e0
[ 115.645202] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000
[ 115.645774] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000
[ 115.646350] FS: 00007ff7a760c700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 115.646995] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 115.647464] CR2: 00007ff7aa1aa018 CR3: 000000000cce3000 CR4: 0000000000350ef0
[ 115.648049] Call Trace:
[ 115.648261]
[ 115.648454] ? __pfx_perf_tp_event+0x10/0x10
[ 115.648818] ? perf_tp_event+0x807/0xe70
[ 115.649155] ? __pfx_perf_tp_event+0x10/0x10
[ 115.649517] ? kasan_addr_to_slab+0x70/0xa0
[ 115.649873] ? __pfx_ctx_sched_in+0x10/0x10
[ 115.650221] ? init_file+0x95/0x4c0
[ 115.650528] ? find_held_lock+0x2b/0x80
[ 115.650866] ? perf_trace_run_bpf_submit+0xef/0x180
[ 115.651278] ? perf_trace_run_bpf_submit+0xef/0x180
[ 115.651689] ? perf_trace_run_bpf_submit+0xef/0x180
[ 115.652106] perf_trace_run_bpf_submit+0xef/0x180
[ 115.652504] perf_trace_lock_acquire+0x3c2/0x700
[ 115.652897] ? __pfx_perf_trace_lock_acquire+0x10/0x10
[ 115.653322] ? futex_ref_get+0x48/0x300
[ 115.653648] ? find_held_lock+0x2b/0x80
[ 115.653983] lock_acquire+0xc5/0x2f0
[ 115.654291] ? futex_wake+0x228/0x540
[ 115.654611] _raw_spin_lock+0x2b/0x40
[ 115.654929] ? futex_wake+0x228/0x540
[ 115.655244] futex_wake+0x228/0x540
[ 115.655553] ? __pfx_futex_wake+0x10/0x10
[ 115.655896] ? __do_sys_perf_event_open+0x44d/0x2c20
[ 115.656317] ? lock_release+0xc8/0x290
[ 115.656642] do_futex+0x26d/0x370
[ 115.656934] ? __pfx_do_futex+0x10/0x10
[ 115.657261] ? __pfx___do_sys_perf_event_open+0x10/0x10
[ 115.657697] ? find_held_lock+0x2b/0x80
[ 115.658030] __x64_sys_futex+0x1c9/0x4d0
[ 115.658366] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 115.658847] ? __pfx___x64_sys_futex+0x10/0x10
[ 115.659223] ? xfd_validate_state+0x55/0x180
[ 115.659597] do_syscall_64+0xbf/0x360
[ 115.659911] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.660335] RIP: 0033:0x7ff7aa096b19
[ 115.660636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 115.662097] RSP: 002b:00007ff7a760c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 115.662711] RAX: ffffffffffffffda RBX: 00007ff7aa1a9f68 RCX: 00007ff7aa096b19
[ 115.663285] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff7aa1a9f6c
[ 115.663858] RBP: 00007ff7aa1a9f60 R08: 000000000000000e R09: 0000000000000000
[ 115.664436] R10: 0000000000000003 R11: 0000000000000246 R12: 00007ff7aa1a9f6c
[ 115.665012] R13: 00007ffd213d3fff R14: 00007ff7a760c300 R15: 0000000000022000
[ 115.665593]
[ 115.665787] Modules linked in:
[ 115.666072] Oops: general protection fault, probably for non-canonical address 0xfbfffc0000000032: 0000 [#2] SMP KASAN NOPTI
[ 115.666957] KASAN: maybe wild-memory-access in range [0xe000000000000190-0xe000000000000197]
[ 115.667625] CPU: 0 UID: 0 PID: 4008 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 115.668582] Tainted: [D]=DIE, [W]=WARN
[ 115.668893] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 115.669544] RIP: 0010:perf_tp_event+0x175/0xe70
[ 115.669929] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 115.671368] RSP: 0018:ffff88806ce08a40 EFLAGS: 00010012
[ 115.671792] RAX: 1c00000000000032 RBX: dfffffffffffffa0 RCX: ffffffff81898973
[ 115.672361] RDX: ffff888015bcd280 RSI: ffffffff818995b7 RDI: e000000000000190
[ 115.672934] RBP: ffff88806ce08cb0 R08: ffff88806ce31490 R09: ffffe8ffffc169e0
[ 115.673501] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000
[ 115.674065] R13: 0000000000000000 R14: ffff88806ce31490 R15: dffffc0000000000
[ 115.674633] FS: 00007ff7a760c700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 115.675273] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 115.675743] CR2: 00007ff7aa1aa018 CR3: 000000000cce3000 CR4: 0000000000350ef0
[ 115.676317] Call Trace:
[ 115.676527]
[ 115.676711] ? kernel_text_address+0x5b/0xc0
[ 115.677077] ? __pfx_perf_tp_event+0x10/0x10
[ 115.677442] ? sched_clock_cpu+0x6c/0x4e0
[ 115.677782] ? trace_pelt_se_tp+0xdf/0x130
[ 115.678122] ? __update_load_avg_se+0x428/0xa40
[ 115.678503] ? match_held_lock+0xb0/0xd0
[ 115.678842] ? place_entity+0x1c/0x410
[ 115.679158] ? kvm_sched_clock_read+0x16/0x30
[ 115.679526] ? enqueue_task_fair+0x43a/0x1e00
[ 115.679898] ? perf_trace_run_bpf_submit+0xef/0x180
[ 115.680307] perf_trace_run_bpf_submit+0xef/0x180
[ 115.680703] perf_trace_lock_acquire+0x3c2/0x700
[ 115.681091] ? __pfx_perf_trace_lock_acquire+0x10/0x10
[ 115.681519] lock_acquire+0xc5/0x2f0
[ 115.681822] ? sched_ttwu_pending+0xa1/0x4a0
[ 115.682184] ? sched_ttwu_pending+0x2e0/0x4a0
[ 115.682549] ? lock_release+0xc8/0x290
[ 115.682867] _raw_spin_lock_nested+0x29/0x40
[ 115.683223] ? sched_ttwu_pending+0xa1/0x4a0
[ 115.683583] sched_ttwu_pending+0xa1/0x4a0
[ 115.683930] ? __pfx_sched_ttwu_pending+0x10/0x10
[ 115.684329] ? hrtimer_interrupt+0x652/0x830
[ 115.684689] __flush_smp_call_function_queue+0x434/0x740
[ 115.685131] __sysvec_call_function_single+0x6d/0x370
[ 115.685550] sysvec_call_function_single+0xa1/0xc0
[ 115.685945]
[ 115.686128]
[ 115.686315] asm_sysvec_call_function_single+0x1a/0x20
[ 115.686735] RIP: 0010:oops_exit+0x0/0x50
[ 115.687068] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27
[ 115.688515] RSP: 0018:ffff88804427f690 EFLAGS: 00000202
[ 115.688946] RAX: 0000000000029bda RBX: 0000000000000216 RCX: ffffc90006a3a000
[ 115.689511] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007
[ 115.690079] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90
[ 115.690645] R10: 0000000000000000 R11: 000000000000002c R12: ffff88804427f758
[ 115.691210] R13: 0000000000000000 R14: fbfffc0000000032 R15: 0000000000000000
[ 115.691784] ? oops_end+0x4a/0xe0
[ 115.692083] oops_end+0x65/0xe0
[ 115.692361] exc_general_protection+0x1a2/0x330
[ 115.692745] asm_exc_general_protection+0x26/0x30
[ 115.693132] RIP: 0010:perf_tp_event+0x175/0xe70
[ 115.693513] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 115.694950] RSP: 0018:ffff88804427f800 EFLAGS: 00010212
[ 115.695372] RAX: 1c00000000000032 RBX: dfffffffffffffa0 RCX: ffffc90006a3a000
[ 115.695937] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: e000000000000190
[ 115.696520] RBP: ffff88804427fa70 R08: ffff88806ce31340 R09: ffffe8ffffc169e0
[ 115.697131] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000
[ 115.697780] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000
[ 115.698450] ? perf_tp_event+0x167/0xe70
[ 115.698836] ? __pfx_perf_tp_event+0x10/0x10
[ 115.699200] ? perf_tp_event+0x807/0xe70
[ 115.699531] ? __pfx_perf_tp_event+0x10/0x10
[ 115.699886] ? kasan_addr_to_slab+0x70/0xa0
[ 115.700241] ? __pfx_ctx_sched_in+0x10/0x10
[ 115.700581] ? init_file+0x95/0x4c0
[ 115.700887] ? find_held_lock+0x2b/0x80
[ 115.701215] ? perf_trace_run_bpf_submit+0xef/0x180
[ 115.701621] ? perf_trace_run_bpf_submit+0xef/0x180
[ 115.702025] ? perf_trace_run_bpf_submit+0xef/0x180
[ 115.702419] perf_trace_run_bpf_submit+0xef/0x180
[ 115.702809] perf_trace_lock_acquire+0x3c2/0x700
[ 115.703189] ? __pfx_perf_trace_lock_acquire+0x10/0x10
[ 115.703604] ? futex_ref_get+0x48/0x300
[ 115.703919] ? find_held_lock+0x2b/0x80
[ 115.704250] lock_acquire+0xc5/0x2f0
[ 115.704551] ? futex_wake+0x228/0x540
[ 115.704865] _raw_spin_lock+0x2b/0x40
[ 115.705170] ? futex_wake+0x228/0x540
[ 115.705473] futex_wake+0x228/0x540
[ 115.705774] ? __pfx_futex_wake+0x10/0x10
[ 115.706105] ? __do_sys_perf_event_open+0x44d/0x2c20
[ 115.706504] ? lock_release+0xc8/0x290
[ 115.706816] do_futex+0x26d/0x370
[ 115.707095] ? __pfx_do_futex+0x10/0x10
[ 115.707413] ? __pfx___do_sys_perf_event_open+0x10/0x10
[ 115.707836] ? find_held_lock+0x2b/0x80
[ 115.708162] __x64_sys_futex+0x1c9/0x4d0
[ 115.708485] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 115.708948] ? __pfx___x64_sys_futex+0x10/0x10
[ 115.709309] ? xfd_validate_state+0x55/0x180
[ 115.709666] do_syscall_64+0xbf/0x360
[ 115.709967] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.710367] RIP: 0033:0x7ff7aa096b19
[ 115.710660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 115.712069] RSP: 002b:00007ff7a760c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 115.712653] RAX: ffffffffffffffda RBX: 00007ff7aa1a9f68 RCX: 00007ff7aa096b19
[ 115.713203] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff7aa1a9f6c
[ 115.713755] RBP: 00007ff7aa1a9f60 R08: 000000000000000e R09: 0000000000000000
[ 115.714306] R10: 0000000000000003 R11: 0000000000000246 R12: 00007ff7aa1a9f6c
[ 115.714862] R13: 00007ffd213d3fff R14: 00007ff7a760c300 R15: 0000000000022000
[ 115.715415]
[ 115.715604] Modules linked in:
[ 115.715863] ---[ end trace 0000000000000000 ]---
[ 115.716236] RIP: 0010:perf_tp_event+0x175/0xe70
[ 115.716606] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 115.718025] RSP: 0018:ffff88804427f800 EFLAGS: 00010212
[ 115.718443] RAX: 1c00000000000032 RBX: dfffffffffffffa0 RCX: ffffc90006a3a000
[ 115.718995] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: e000000000000190
[ 115.719546] RBP: ffff88804427fa70 R08: ffff88806ce31340 R09: ffffe8ffffc169e0
[ 115.720108] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000
[ 115.720661] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000
[ 115.721221] FS: 00007ff7a760c700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 115.721844] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 115.722295] CR2: 00007ff7aa1aa018 CR3: 000000000cce3000 CR4: 0000000000350ef0
[ 115.722858] Kernel panic - not syncing: Fatal exception in interrupt
[ 115.723548] Kernel Offset: disabled
[ 115.723847] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
08:33:02 Registers:
info registers vcpu 0
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff828e3230 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88800fc1f740
R8 =0000000000000000 R9 =ffffed10013bd046 R10=00000000000fe503 R11=0000000000000001
R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e4882 R15=dffffc0000000000
RIP=ffffffff828e3285 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055558eaf0400 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe5e00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffcb51ece58 CR3=0000000037b25000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=ffff88800fc98000 RBX=ffff888010586de0 RCX=ffffffff81522123 RDX=0000000000000010
RSI=ffff8880105823e0 RDI=ffff88800fca7dd0 RBP=ffff88800fc98000 RSP=ffff88800fca7e40
R8 =0000000000000001 R9 =ffffed1001f94fba R10=0000000000000003 R11=0000000000000001
R12=ffffffffffffffff R13=0000000000000000 R14=0000000000000001 R15=000000000000001f
RIP=ffffffff81b36362 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe2f00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f84e4a3df30 CR3=000000001eab9000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000dfcad720acee2c41c2563a0f XMM01=00000000dfcad720acee2d34e0cda1c0
XMM02=0000000000000000ffff888010582380 XMM03=ffffffffffffffff0f0e0d0c0b0a0908
XMM04=0000000000000000ffff888010582380 XMM05=000000c00012e5a0000000c00012e570
XMM06=00000000000000003fd3333333333333 XMM07=00000001db710640b4e5b025f7011641
XMM08=00000000000000003fd961673c7194d8 XMM09=00000000000000003f50568237ddec00
XMM10=00000000000000003fbabbbd17192450 XMM11=000000c00012e8d0000000c00012e8a0
XMM12=000000c00012e900000000c000087260 XMM13=000000c00012e960000000c00012e930
XMM14=000000c00012e9c0000000c00012e990 XMM15=000000c000136b00000000c00012e9f0