Warning: Permanently added '[localhost]:11614' (ECDSA) to the list of known hosts. 2025/08/29 09:00:20 fuzzer started 2025/08/29 09:00:21 dialing manager at localhost:43077 syzkaller login: [ 51.230791] cgroup: Unknown subsys name 'net' [ 51.299854] cgroup: Unknown subsys name 'cpuset' [ 51.320928] cgroup: Unknown subsys name 'rlimit' 2025/08/29 09:00:33 syscalls: 2214 2025/08/29 09:00:33 code coverage: enabled 2025/08/29 09:00:33 comparison tracing: enabled 2025/08/29 09:00:33 extra coverage: enabled 2025/08/29 09:00:33 setuid sandbox: enabled 2025/08/29 09:00:33 namespace sandbox: enabled 2025/08/29 09:00:33 Android sandbox: enabled 2025/08/29 09:00:33 fault injection: enabled 2025/08/29 09:00:33 leak checking: enabled 2025/08/29 09:00:33 net packet injection: enabled 2025/08/29 09:00:33 net device setup: enabled 2025/08/29 09:00:33 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 09:00:33 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 09:00:33 USB emulation: enabled 2025/08/29 09:00:33 hci packet injection: enabled 2025/08/29 09:00:33 wifi device emulation: enabled 2025/08/29 09:00:33 802.15.4 emulation: enabled 2025/08/29 09:00:33 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 09:00:33 fetching corpus: 50, signal 25352/28554 (executing program) 2025/08/29 09:00:33 fetching corpus: 100, signal 39359/43482 (executing program) 2025/08/29 09:00:33 fetching corpus: 150, signal 47443/52448 (executing program) 2025/08/29 09:00:33 fetching corpus: 200, signal 52031/58014 (executing program) 2025/08/29 09:00:33 fetching corpus: 250, signal 56767/63508 (executing program) 2025/08/29 09:00:33 fetching corpus: 300, signal 59903/67407 (executing program) 2025/08/29 09:00:34 fetching corpus: 350, signal 64081/72177 (executing program) 2025/08/29 09:00:34 fetching corpus: 400, signal 68034/76600 (executing program) 2025/08/29 09:00:34 fetching corpus: 450, signal 71386/80420 (executing program) 2025/08/29 09:00:34 fetching corpus: 500, signal 73969/83472 (executing program) 2025/08/29 09:00:34 fetching corpus: 550, signal 78551/88011 (executing program) 2025/08/29 09:00:34 fetching corpus: 600, signal 81410/91124 (executing program) 2025/08/29 09:00:34 fetching corpus: 650, signal 84481/94270 (executing program) 2025/08/29 09:00:34 fetching corpus: 700, signal 87686/97422 (executing program) 2025/08/29 09:00:34 fetching corpus: 750, signal 89685/99693 (executing program) 2025/08/29 09:00:35 fetching corpus: 800, signal 92081/102069 (executing program) 2025/08/29 09:00:35 fetching corpus: 850, signal 94357/104389 (executing program) 2025/08/29 09:00:35 fetching corpus: 900, signal 95534/105793 (executing program) 2025/08/29 09:00:35 fetching corpus: 950, signal 97569/107728 (executing program) 2025/08/29 09:00:35 fetching corpus: 1000, signal 99110/109214 (executing program) 2025/08/29 09:00:35 fetching corpus: 1050, signal 100306/110485 (executing program) 2025/08/29 09:00:35 fetching corpus: 1100, signal 101807/111996 (executing program) 2025/08/29 09:00:35 fetching corpus: 1150, signal 104319/114033 (executing program) 2025/08/29 09:00:35 fetching corpus: 1200, signal 105288/115103 (executing program) 2025/08/29 09:00:36 fetching corpus: 1250, signal 106440/116215 (executing program) 2025/08/29 09:00:36 fetching corpus: 1300, signal 108482/117831 (executing program) 2025/08/29 09:00:36 fetching corpus: 1350, signal 110316/119504 (executing program) 2025/08/29 09:00:36 fetching corpus: 1400, signal 111125/120279 (executing program) 2025/08/29 09:00:36 fetching corpus: 1450, signal 112323/121245 (executing program) 2025/08/29 09:00:36 fetching corpus: 1500, signal 113201/122039 (executing program) 2025/08/29 09:00:36 fetching corpus: 1550, signal 114264/122848 (executing program) 2025/08/29 09:00:36 fetching corpus: 1600, signal 115484/123716 (executing program) 2025/08/29 09:00:37 fetching corpus: 1650, signal 116695/124581 (executing program) 2025/08/29 09:00:37 fetching corpus: 1700, signal 117643/125261 (executing program) 2025/08/29 09:00:37 fetching corpus: 1750, signal 118267/125739 (executing program) 2025/08/29 09:00:37 fetching corpus: 1800, signal 119956/126688 (executing program) 2025/08/29 09:00:37 fetching corpus: 1850, signal 120885/127343 (executing program) 2025/08/29 09:00:37 fetching corpus: 1900, signal 121483/127746 (executing program) 2025/08/29 09:00:37 fetching corpus: 1950, signal 122363/128258 (executing program) 2025/08/29 09:00:37 fetching corpus: 2000, signal 123123/128683 (executing program) 2025/08/29 09:00:37 fetching corpus: 2050, signal 124062/129153 (executing program) 2025/08/29 09:00:38 fetching corpus: 2100, signal 125064/129614 (executing program) 2025/08/29 09:00:38 fetching corpus: 2150, signal 125918/129977 (executing program) 2025/08/29 09:00:38 fetching corpus: 2200, signal 126826/130396 (executing program) 2025/08/29 09:00:38 fetching corpus: 2250, signal 127690/130723 (executing program) 2025/08/29 09:00:38 fetching corpus: 2300, signal 128395/130993 (executing program) 2025/08/29 09:00:38 fetching corpus: 2350, signal 129437/131337 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131424 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131460 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131491 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131531 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131555 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131589 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131626 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131667 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131709 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131737 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131769 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131795 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131825 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131852 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131890 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131929 (executing program) 2025/08/29 09:00:38 fetching corpus: 2372, signal 129702/131929 (executing program) 2025/08/29 09:00:41 starting 8 fuzzer processes 09:00:41 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) 09:00:41 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)={0x34, 0x12, 0xffffffffffffffff, 0x0, 0x0, "", [@nested={0x4}, @nested={0x4}, @nested={0x1c, 0x0, 0x0, 0x1, [@typed={0x4}, @typed={0x14, 0x1d, 0x0, 0x0, @ipv6=@private1}]}]}, 0x34}], 0x1}, 0x0) 09:00:41 executing program 7: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000240008000f801002000400000000000000000008000292fe711f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d", 0xbe}, {0x0}, {0x0, 0x0, 0x1200}, {&(0x7f0000010b00)}], 0x0, &(0x7f0000010d00)) r0 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0xc001, 0x80, 0x18}, 0x18) syz_open_dev$vcsu(&(0x7f00000001c0), 0xfffffffffffffff8, 0x20042) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000008600)) keyctl$chown(0x4, 0x0, 0x0, r3) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0xb48020, &(0x7f00000002c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r3}}], [{@appraise}, {@euid_gt}]}}) mkdirat(r0, 0x0, 0x101) 09:00:41 executing program 2: futimesat(0xffffffffffffffff, 0x0, 0xfffffffffffffffc) [ 70.407886] audit: type=1400 audit(1756458041.210:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:00:41 executing program 3: modify_ldt$write2(0x11, 0x0, 0x10) 09:00:41 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pwrite64(r0, 0x0, 0x0, 0x0) 09:00:41 executing program 5: ioctl$BTRFS_IOC_DEFRAG(0xffffffffffffffff, 0x50009402, 0x0) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000080)) timer_create(0x8, &(0x7f0000000100)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) timer_gettime(0x0, &(0x7f0000000000)) 09:00:41 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) pwritev(r0, &(0x7f00000006c0)=[{&(0x7f0000000180)="a7", 0x1}], 0x1, 0x0, 0x0) [ 71.587915] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.592970] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.594789] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.597120] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 71.600746] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 71.605789] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 71.607537] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.609648] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 71.614998] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 71.622281] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 71.653806] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 71.666364] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 71.670555] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 71.683654] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 71.688999] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 71.712710] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 71.717458] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 71.720689] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 71.730652] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 71.736483] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 71.803110] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 71.812503] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 71.816292] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 71.822696] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 71.826790] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 71.828664] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 71.830488] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 71.832672] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 71.837754] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 71.840295] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 71.844624] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 71.847511] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 71.848800] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 71.849056] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 71.853372] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 71.855942] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 71.857461] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 71.859903] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 71.898498] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 71.910975] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 73.676347] Bluetooth: hci0: command tx timeout [ 73.676970] Bluetooth: hci1: command tx timeout [ 73.739351] Bluetooth: hci2: command tx timeout [ 73.803266] Bluetooth: hci3: command tx timeout [ 73.930385] Bluetooth: hci6: command tx timeout [ 73.931615] Bluetooth: hci4: command tx timeout [ 73.932057] Bluetooth: hci7: command tx timeout [ 73.995456] Bluetooth: hci5: command tx timeout [ 75.722532] Bluetooth: hci1: command tx timeout [ 75.722592] Bluetooth: hci0: command tx timeout [ 75.786400] Bluetooth: hci2: command tx timeout [ 75.850378] Bluetooth: hci3: command tx timeout [ 75.979356] Bluetooth: hci7: command tx timeout [ 75.979446] Bluetooth: hci4: command tx timeout [ 75.979830] Bluetooth: hci6: command tx timeout [ 76.042247] Bluetooth: hci5: command tx timeout [ 77.770738] Bluetooth: hci0: command tx timeout [ 77.770785] Bluetooth: hci1: command tx timeout [ 77.834365] Bluetooth: hci2: command tx timeout [ 77.899263] Bluetooth: hci3: command tx timeout [ 78.027237] Bluetooth: hci6: command tx timeout [ 78.027272] Bluetooth: hci4: command tx timeout [ 78.027856] Bluetooth: hci7: command tx timeout [ 78.090414] Bluetooth: hci5: command tx timeout [ 79.818345] Bluetooth: hci0: command tx timeout [ 79.818928] Bluetooth: hci1: command tx timeout [ 79.884238] Bluetooth: hci2: command tx timeout [ 79.947288] Bluetooth: hci3: command tx timeout [ 80.074308] Bluetooth: hci4: command tx timeout [ 80.076422] Bluetooth: hci6: command tx timeout [ 80.076850] Bluetooth: hci7: command tx timeout [ 80.138346] Bluetooth: hci5: command tx timeout [ 108.272375] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.273058] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.496730] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.497408] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.934959] audit: type=1400 audit(1756458079.737:8): avc: denied { open } for pid=3782 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 108.947305] audit: type=1400 audit(1756458079.737:9): avc: denied { kernel } for pid=3782 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 09:01:19 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) pwritev(r0, &(0x7f00000006c0)=[{&(0x7f0000000180)="a7", 0x1}], 0x1, 0x0, 0x0) 09:01:20 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) pwritev(r0, &(0x7f00000006c0)=[{&(0x7f0000000180)="a7", 0x1}], 0x1, 0x0, 0x0) 09:01:20 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) pwritev(r0, &(0x7f00000006c0)=[{&(0x7f0000000180)="a7", 0x1}], 0x1, 0x0, 0x0) [ 109.456909] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.457543] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:01:20 executing program 6: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x3, &(0x7f0000000080)={{}, {r1, r2+60000000}}, 0x0) read(r0, &(0x7f00000000c0)=""/187, 0xbb) [ 109.504867] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.506579] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.573529] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.574140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:01:20 executing program 6: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x3, &(0x7f0000000080)={{}, {r1, r2+60000000}}, 0x0) read(r0, &(0x7f00000000c0)=""/187, 0xbb) [ 109.661281] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.661990] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:01:20 executing program 6: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x3, &(0x7f0000000080)={{}, {r1, r2+60000000}}, 0x0) read(r0, &(0x7f00000000c0)=""/187, 0xbb) [ 109.743776] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.745219] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.816289] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.816932] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:01:20 executing program 6: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x3, &(0x7f0000000080)={{}, {r1, r2+60000000}}, 0x0) read(r0, &(0x7f00000000c0)=""/187, 0xbb) [ 109.949832] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.950473] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:01:20 executing program 6: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x3, &(0x7f0000000080)={{}, {r1, r2+60000000}}, 0x0) read(r0, &(0x7f00000000c0)=""/187, 0xbb) [ 110.031044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.031764] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.099503] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.100212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.189521] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.190160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.376012] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.377050] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.453800] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.454609] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.488115] loop7: detected capacity change from 0 to 128 [ 110.505364] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 110.559381] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.559982] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.595555] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.596164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:01:21 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pwrite64(r0, 0x0, 0x0, 0x0) 09:01:21 executing program 7: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000240008000f801002000400000000000000000008000292fe711f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d", 0xbe}, {0x0}, {0x0, 0x0, 0x1200}, {&(0x7f0000010b00)}], 0x0, &(0x7f0000010d00)) r0 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0xc001, 0x80, 0x18}, 0x18) syz_open_dev$vcsu(&(0x7f00000001c0), 0xfffffffffffffff8, 0x20042) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000008600)) keyctl$chown(0x4, 0x0, 0x0, r3) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0xb48020, &(0x7f00000002c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r3}}], [{@appraise}, {@euid_gt}]}}) mkdirat(r0, 0x0, 0x101) 09:01:21 executing program 2: futimesat(0xffffffffffffffff, 0x0, 0xfffffffffffffffc) 09:01:21 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000240008000f801002000400000000000000000008000292fe711f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d", 0xbe}, {0x0}, {0x0, 0x0, 0x1200}, {&(0x7f0000010b00)}], 0x0, &(0x7f0000010d00)) r0 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0xc001, 0x80, 0x18}, 0x18) syz_open_dev$vcsu(&(0x7f00000001c0), 0xfffffffffffffff8, 0x20042) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000008600)) keyctl$chown(0x4, 0x0, 0x0, r3) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0xb48020, &(0x7f00000002c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r3}}], [{@appraise}, {@euid_gt}]}}) mkdirat(r0, 0x0, 0x101) 09:01:21 executing program 6: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x3, &(0x7f0000000080)={{}, {r1, r2+60000000}}, 0x0) read(r0, &(0x7f00000000c0)=""/187, 0xbb) 09:01:21 executing program 5: ioctl$BTRFS_IOC_DEFRAG(0xffffffffffffffff, 0x50009402, 0x0) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000080)) timer_create(0x8, &(0x7f0000000100)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) timer_gettime(0x0, &(0x7f0000000000)) 09:01:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)={0x34, 0x12, 0xffffffffffffffff, 0x0, 0x0, "", [@nested={0x4}, @nested={0x4}, @nested={0x1c, 0x0, 0x0, 0x1, [@typed={0x4}, @typed={0x14, 0x1d, 0x0, 0x0, @ipv6=@private1}]}]}, 0x34}], 0x1}, 0x0) 09:01:21 executing program 3: modify_ldt$write2(0x11, 0x0, 0x10) [ 110.765900] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 110.777460] loop0: detected capacity change from 0 to 128 [ 110.779373] loop7: detected capacity change from 0 to 128 09:01:21 executing program 3: modify_ldt$write2(0x11, 0x0, 0x10) 09:01:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)={0x34, 0x12, 0xffffffffffffffff, 0x0, 0x0, "", [@nested={0x4}, @nested={0x4}, @nested={0x1c, 0x0, 0x0, 0x1, [@typed={0x4}, @typed={0x14, 0x1d, 0x0, 0x0, @ipv6=@private1}]}]}, 0x34}], 0x1}, 0x0) 09:01:21 executing program 5: ioctl$BTRFS_IOC_DEFRAG(0xffffffffffffffff, 0x50009402, 0x0) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000080)) timer_create(0x8, &(0x7f0000000100)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) timer_gettime(0x0, &(0x7f0000000000)) [ 110.888015] netlink: 'syz-executor.1': attribute type 29 has an invalid length. 09:01:21 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pwrite64(r0, 0x0, 0x0, 0x0) 09:01:21 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000240008000f801002000400000000000000000008000292fe711f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d", 0xbe}, {0x0}, {0x0, 0x0, 0x1200}, {&(0x7f0000010b00)}], 0x0, &(0x7f0000010d00)) r0 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0xc001, 0x80, 0x18}, 0x18) syz_open_dev$vcsu(&(0x7f00000001c0), 0xfffffffffffffff8, 0x20042) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000008600)) keyctl$chown(0x4, 0x0, 0x0, r3) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0xb48020, &(0x7f00000002c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r3}}], [{@appraise}, {@euid_gt}]}}) mkdirat(r0, 0x0, 0x101) 09:01:21 executing program 6: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x3, &(0x7f0000000080)={{}, {r1, r2+60000000}}, 0x0) read(r0, &(0x7f00000000c0)=""/187, 0xbb) 09:01:21 executing program 7: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000240008000f801002000400000000000000000008000292fe711f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d", 0xbe}, {0x0}, {0x0, 0x0, 0x1200}, {&(0x7f0000010b00)}], 0x0, &(0x7f0000010d00)) r0 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0xc001, 0x80, 0x18}, 0x18) syz_open_dev$vcsu(&(0x7f00000001c0), 0xfffffffffffffff8, 0x20042) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000008600)) keyctl$chown(0x4, 0x0, 0x0, r3) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0xb48020, &(0x7f00000002c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r3}}], [{@appraise}, {@euid_gt}]}}) mkdirat(r0, 0x0, 0x101) 09:01:21 executing program 2: futimesat(0xffffffffffffffff, 0x0, 0xfffffffffffffffc) 09:01:21 executing program 3: modify_ldt$write2(0x11, 0x0, 0x10) 09:01:21 executing program 5: ioctl$BTRFS_IOC_DEFRAG(0xffffffffffffffff, 0x50009402, 0x0) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000080)) timer_create(0x8, &(0x7f0000000100)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) timer_gettime(0x0, &(0x7f0000000000)) 09:01:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)={0x34, 0x12, 0xffffffffffffffff, 0x0, 0x0, "", [@nested={0x4}, @nested={0x4}, @nested={0x1c, 0x0, 0x0, 0x1, [@typed={0x4}, @typed={0x14, 0x1d, 0x0, 0x0, @ipv6=@private1}]}]}, 0x34}], 0x1}, 0x0) [ 110.973353] loop7: detected capacity change from 0 to 128 [ 111.001073] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 111.019688] loop0: detected capacity change from 0 to 128 [ 111.031482] kmemleak: Found object by alias at 0x607f1a63936c [ 111.031500] CPU: 1 UID: 0 PID: 3943 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.031518] Tainted: [W]=WARN [ 111.031522] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.031530] Call Trace: [ 111.031534] [ 111.031539] dump_stack_lvl+0xca/0x120 [ 111.031567] __lookup_object+0x94/0xb0 [ 111.031585] delete_object_full+0x27/0x70 [ 111.031601] free_percpu+0x30/0x1160 [ 111.031618] ? arch_uprobe_clear_state+0x16/0x140 [ 111.031638] futex_hash_free+0x38/0xc0 [ 111.031653] mmput+0x2d3/0x390 [ 111.031671] do_exit+0x79d/0x2970 [ 111.031685] ? signal_wake_up_state+0x85/0x120 [ 111.031700] ? zap_other_threads+0x2b9/0x3a0 [ 111.031716] ? __pfx_do_exit+0x10/0x10 [ 111.031729] ? do_group_exit+0x1c3/0x2a0 [ 111.031742] ? lock_release+0xc8/0x290 [ 111.031759] do_group_exit+0xd3/0x2a0 [ 111.031774] __x64_sys_exit_group+0x3e/0x50 [ 111.031787] x64_sys_call+0x18c5/0x18d0 [ 111.031802] do_syscall_64+0xbf/0x360 [ 111.031814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.031826] RIP: 0033:0x7f0577bceb19 [ 111.031835] Code: Unable to access opcode bytes at 0x7f0577bceaef. [ 111.031841] RSP: 002b:00007fff3ca8e898 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 111.031852] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f0577bceb19 [ 111.031859] RDX: 00007f0577b8172b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 111.031867] RBP: 0000000000000000 R08: 0000001b2d42001c R09: 0000000000000000 [ 111.031874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.031880] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff3ca8e980 [ 111.031896] [ 111.031900] kmemleak: Object (percpu) 0x607f1a639368 (size 8): [ 111.031906] kmemleak: comm "syz-executor.7", pid 3938, jiffies 4294777849 [ 111.031913] kmemleak: min_count = 1 [ 111.031917] kmemleak: count = 0 [ 111.031921] kmemleak: flags = 0x21 [ 111.031925] kmemleak: checksum = 0 [ 111.031928] kmemleak: backtrace: [ 111.031932] pcpu_alloc_noprof+0x87a/0x1170 [ 111.031947] alloc_vfsmnt+0x135/0x6e0 [ 111.031960] vfs_create_mount.part.0+0x40/0x440 [ 111.031974] path_mount+0x1637/0x1dd0 [ 111.031985] __x64_sys_mount+0x27b/0x300 [ 111.031996] do_syscall_64+0xbf/0x360 [ 111.032004] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:01:21 executing program 2: futimesat(0xffffffffffffffff, 0x0, 0xfffffffffffffffc) 09:01:21 executing program 4: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pwrite64(r0, 0x0, 0x0, 0x0) 09:01:21 executing program 7: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000240008000f801002000400000000000000000008000292fe711f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d", 0xbe}, {0x0}, {0x0, 0x0, 0x1200}, {&(0x7f0000010b00)}], 0x0, &(0x7f0000010d00)) r0 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0xc001, 0x80, 0x18}, 0x18) syz_open_dev$vcsu(&(0x7f00000001c0), 0xfffffffffffffff8, 0x20042) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000008600)) keyctl$chown(0x4, 0x0, 0x0, r3) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0xb48020, &(0x7f00000002c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r3}}], [{@appraise}, {@euid_gt}]}}) mkdirat(r0, 0x0, 0x101) [ 111.154018] ------------[ cut here ]------------ [ 111.154608] WARNING: fs/namespace.c:1375 at cleanup_mnt+0x33f/0x430, CPU#1: syz-executor.0/277 [ 111.155476] Modules linked in: [ 111.155880] CPU: 1 UID: 0 PID: 277 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.158105] Tainted: [W]=WARN [ 111.158770] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.160219] RIP: 0010:cleanup_mnt+0x33f/0x430 [ 111.160899] Code: c7 a0 45 d1 85 e8 01 7c fa 02 49 8d 7d 40 5b 48 c7 c6 10 e2 be 81 5d 41 5c 41 5d 41 5e 41 5f e9 57 b3 9c ff e8 82 46 b4 ff 90 <0f> 0b 90 e9 e6 fc ff ff e8 74 46 b4 ff 4c 89 ef e8 6c d7 06 00 e9 [ 111.164000] RSP: 0018:ffff88800f5ffe20 EFLAGS: 00010293 [ 111.165024] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81bf9de5 [ 111.166260] RDX: ffff888017543700 RSI: ffffffff81bfa0fe RDI: 0000000000000005 [ 111.167396] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 111.168574] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888017543fd8 [ 111.169408] R13: ffff888017178540 R14: 0000000000000001 R15: ffff888017178580 [ 111.170045] FS: 00005555557da400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 111.170950] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.171589] CR2: 00007fff1b93af48 CR3: 0000000033a14000 CR4: 0000000000350ef0 [ 111.172251] Call Trace: [ 111.172486] [ 111.172700] task_work_run+0x172/0x280 [ 111.173061] ? __pfx_task_work_run+0x10/0x10 [ 111.173494] ? __x64_sys_umount+0x114/0x190 [ 111.173885] ? __pfx___x64_sys_umount+0x10/0x10 [ 111.174332] exit_to_user_mode_loop+0xef/0x110 [ 111.174752] do_syscall_64+0x2f7/0x360 [ 111.175106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.175595] RIP: 0033:0x7f4cf0d19f87 [ 111.175939] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 111.177573] RSP: 002b:00007fff1b93b688 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 111.178293] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007f4cf0d19f87 [ 111.178933] RDX: 00007fff1b93b759 RSI: 000000000000000a RDI: 00007fff1b93b750 [ 111.179586] RBP: 00007fff1b93b750 R08: 00000000ffffffff R09: 00007fff1b93b520 [ 111.180237] R10: 00005555557dbc7b R11: 0000000000000246 R12: 00007f4cf0d72105 [ 111.180870] R13: 00007fff1b93c810 R14: 00005555557dbc20 R15: 00007fff1b93c850 [ 111.181547] [ 111.181766] irq event stamp: 171399 [ 111.182054] hardirqs last enabled at (171407): [] __up_console_sem+0x78/0x80 [ 111.182755] hardirqs last disabled at (171416): [] __up_console_sem+0x5d/0x80 [ 111.183450] softirqs last enabled at (171342): [] handle_softirqs+0x50c/0x770 [ 111.184139] softirqs last disabled at (171337): [] __irq_exit_rcu+0xc4/0x100 [ 111.184843] ---[ end trace 0000000000000000 ]--- [ 111.191916] loop7: detected capacity change from 0 to 128 09:01:22 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000240008000f801002000400000000000000000008000292fe711f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d", 0xbe}, {0x0}, {0x0, 0x0, 0x1200}, {&(0x7f0000010b00)}], 0x0, &(0x7f0000010d00)) r0 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0xc001, 0x80, 0x18}, 0x18) syz_open_dev$vcsu(&(0x7f00000001c0), 0xfffffffffffffff8, 0x20042) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000008600)) keyctl$chown(0x4, 0x0, 0x0, r3) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0xb48020, &(0x7f00000002c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r3}}], [{@appraise}, {@euid_gt}]}}) mkdirat(r0, 0x0, 0x101) 09:01:22 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000240008000f801002000400000000000000000008000292fe711f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d", 0xbe}, {0x0}, {0x0, 0x0, 0x1200}, {&(0x7f0000010b00)}], 0x0, &(0x7f0000010d00)) r0 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0xc001, 0x80, 0x18}, 0x18) syz_open_dev$vcsu(&(0x7f00000001c0), 0xfffffffffffffff8, 0x20042) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000008600)) keyctl$chown(0x4, 0x0, 0x0, r3) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0xb48020, &(0x7f00000002c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r3}}], [{@appraise}, {@euid_gt}]}}) mkdirat(r0, 0x0, 0x101) 09:01:22 executing program 5: r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0) ioctl$RTC_IRQP_READ(r0, 0x40187014, 0x0) 09:01:22 executing program 2: ioctl$BTRFS_IOC_DEFRAG(0xffffffffffffffff, 0x50009402, 0x0) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000080)) timer_create(0x8, &(0x7f0000000100)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) timer_gettime(0x0, &(0x7f0000000000)) 09:01:22 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000240008000f801002000400000000000000000008000292fe711f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d", 0xbe}, {0x0}, {0x0, 0x0, 0x1200}, {&(0x7f0000010b00)}], 0x0, &(0x7f0000010d00)) r0 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0xc001, 0x80, 0x18}, 0x18) syz_open_dev$vcsu(&(0x7f00000001c0), 0xfffffffffffffff8, 0x20042) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000008600)) keyctl$chown(0x4, 0x0, 0x0, r3) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0xb48020, &(0x7f00000002c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r3}}], [{@appraise}, {@euid_gt}]}}) mkdirat(r0, 0x0, 0x101) 09:01:22 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x2a, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000800000000800000052470000620100000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e32383839333038373500"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000001d72581da2224158b58973c82eb77a3b010000000c00000000000000d7f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="0100000000000500110000000000000000000000040000003c00000000000000", 0x20, 0x560}, {&(0x7f0000010300)="030000000400"/32, 0x20, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce000f0003000400"/32, 0x20, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x480, 0xc00}, {&(0x7f0000010a00)="0b0000000c0001022e00000002000000f40302022e2e00"/32, 0x20, 0x1400}, {&(0x7f0000010b00)="00000000000400"/32, 0x20, 0x1800}, {&(0x7f0000010c00)="00000000000400"/32, 0x20, 0x1c00}, {&(0x7f0000010d00)="00000000000400"/32, 0x20, 0x2000}, {&(0x7f0000010e00)="00000000000400"/32, 0x20, 0x2400}, {&(0x7f0000010f00)="00000000000400"/32, 0x20, 0x2800}, {&(0x7f0000011000)="00000000000400"/32, 0x20, 0x2c00}, {&(0x7f0000011100)="00000000000400"/32, 0x20, 0x3000}, {&(0x7f0000011200)="00000000000400"/32, 0x20, 0x3400}, {&(0x7f0000011300)="00000000000400"/32, 0x20, 0x3800}, {&(0x7f0000011400)="00000000000400"/32, 0x20, 0x3c00}, {&(0x7f0000011500)="00000000000400"/32, 0x20, 0x4000}, {&(0x7f0000011600)="504d4d00504d4dffd7f4655f00000000647679756b6f762d676c6170746f70320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c6f6f7033300075782f746573742f73797a5f6d6f756e745f696d6167655f650500"/128, 0x80, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x4800}, {&(0x7f0000011800)="ffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300"/1056, 0x420, 0x4c00}, {&(0x7f0000011d00)="0400"/32, 0x20, 0x5400}, {&(0x7f0000011e00)="0500"/32, 0x20, 0x5800}, {&(0x7f0000011f00)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000007000"/96, 0x60, 0x5c00}, {&(0x7f0000012000)="0200"/32, 0x20, 0x6000}, {&(0x7f0000012100)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x6400}, {&(0x7f0000012200)="0300"/32, 0x20, 0x6800}, {&(0x7f0000012300)="0400"/32, 0x20, 0x6c00}, {&(0x7f0000012400)="0500"/32, 0x20, 0x7000}, {&(0x7f0000012500)="00000000000000000100000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000007000"/96, 0x60, 0x7400}, {&(0x7f0000012600)="0200"/32, 0x20, 0x7800}, {&(0x7f0000012700)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d803050766696c653100"/64, 0x40, 0x7c00}, {&(0x7f0000012800)="000002ea0100000001000000270f240c000000000000000000000000000000000601f8030000000006000000779b539778617474723100000601f00300000000060000007498539778617474723200"/96, 0x60, 0x8000}, {&(0x7f0000012900)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xattr2\x00\x00xattr1\x00\x00', 0x20, 0x83e0}, {&(0x7f0000012a00)="0000000000000000d7f4655fd7f4655fd7f4655f00"/32, 0x20, 0x8c00}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f00000000000004000200000000000800050000000af301000400000000000000000000000100000004000000", 0x40, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014000000000000000000000000000000000000000000000000000000000000000000000000000000000000008081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af30300040000000000000000000000010000001900000001000000010000001e00000002000000040000001a00"/224, 0xe0, 0x8d00}, {&(0x7f0000012d00)="c041000000300000d7f4655fd7f4655fd7f4655f00000000000002001800000000000800000000000af301000400000000000000000000000c00000005000000", 0x40, 0x9100}, {&(0x7f0000012e00)="ed41000000040000d7f4655fd7f4655fd7f4655f00000000000002000200000000000800030000000af30100040000000000000000000000010000001f0000000000000000000000000000000000000000000000000000000000000000000000000000008ea357f5000000000000000000000000000000000000000000000000ed8100001a040000d7f4655fd7f4655fd7f4655f00000000000001000400000000000800010000000af30100040000000000000000000000020000002700000000000000000000000000000000000000000000000000000000000000000000000000000074e121ec000000000000000000000000000000000000000000000000ffa1000026000000d7f4655fd7f4655fd7f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3238383933303837352f66696c65302f66696c653000000000000000000000000000000000000000000000e3b62488000000000000000000000000000000000000000000000000ed8100000a000000d7f4655fd7f4655fd7f4655f00000000000001000400000000000800010000000af301000400000000000000000000000100000029000000000000000000000000000000000000000000000000000000000000000000000000000000be68560c200000000000000000000000000000000000000000000000ed81000028230000d7f4655fd7f4655fd7f4655f00000000000002001200000000000800010000000af30100040000000000000000000000090000002a000000000000000000000000000000000000000000000000000000000000000000000000000000aa7d8da5000000000000000000000000000000000000000000000000ed81000064000000d7f4655fd7f4655fd7f4655f00000000000001000200000000000800010000000af3010004000000000000000000000001000000330000000000000000000000000000000000000000000000000000000000000000000000000000002b3d7d3c00"/768, 0x300, 0x9180}, {&(0x7f0000013100)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x9c00}, {&(0x7f0000013600)='syzkallers\x00'/32, 0x20, 0xa400}, {&(0x7f0000013700)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0xcc00}], 0x0, &(0x7f0000013800)) [ 111.257984] loop1: detected capacity change from 0 to 128 [ 111.262109] loop0: detected capacity change from 0 to 128 [ 111.266535] loop6: detected capacity change from 0 to 128 09:01:22 executing program 5: r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0) ioctl$RTC_IRQP_READ(r0, 0x40187014, 0x0) 09:01:22 executing program 2: ioctl$BTRFS_IOC_DEFRAG(0xffffffffffffffff, 0x50009402, 0x0) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000080)) timer_create(0x8, &(0x7f0000000100)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) timer_gettime(0x0, &(0x7f0000000000)) [ 111.317468] loop4: detected capacity change from 0 to 512 09:01:22 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMSUBCHNL(r0, 0x530b, &(0x7f0000000000)={0x2}) 09:01:22 executing program 3: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x44000) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000480)=[&(0x7f0000000180)={0x0, 0x0, 0x8, 0x1, 0x0, r0, 0x0, 0x19000}]) 09:01:22 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000240008000f801002000400000000000000000008000292fe711f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d", 0xbe}, {0x0}, {0x0, 0x0, 0x1200}, {&(0x7f0000010b00)}], 0x0, &(0x7f0000010d00)) r0 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0xc001, 0x80, 0x18}, 0x18) syz_open_dev$vcsu(&(0x7f00000001c0), 0xfffffffffffffff8, 0x20042) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000008600)) keyctl$chown(0x4, 0x0, 0x0, r3) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0xb48020, &(0x7f00000002c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r3}}], [{@appraise}, {@euid_gt}]}}) mkdirat(r0, 0x0, 0x101) 09:01:22 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000240008000f801002000400000000000000000008000292fe711f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d", 0xbe}, {0x0}, {0x0, 0x0, 0x1200}, {&(0x7f0000010b00)}], 0x0, &(0x7f0000010d00)) r0 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0xc001, 0x80, 0x18}, 0x18) syz_open_dev$vcsu(&(0x7f00000001c0), 0xfffffffffffffff8, 0x20042) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000008600)) keyctl$chown(0x4, 0x0, 0x0, r3) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0xb48020, &(0x7f00000002c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r3}}], [{@appraise}, {@euid_gt}]}}) mkdirat(r0, 0x0, 0x101) [ 111.350606] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI [ 111.351503] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 111.352104] CPU: 1 UID: 0 PID: 279 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.353021] Tainted: [W]=WARN [ 111.353273] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.353917] RIP: 0010:__queue_work+0x202/0x1240 [ 111.354299] Code: 48 8b 6d 00 e8 4f 9e 79 03 31 ff 41 89 c5 89 c6 e8 93 f3 31 00 45 85 ed 0f 85 e1 05 00 00 e8 55 f8 31 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 111.355689] RSP: 0018:ffff88801c48f6b0 EFLAGS: 00010056 [ 111.356107] RAX: 0000000000000000 RBX: ffff88804161c718 RCX: ffffffff8141f51d [ 111.356671] RDX: ffff88800f89b700 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 111.357224] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f11ef4 [ 111.357786] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 111.358338] R13: 0000000000000001 R14: 0000000000000001 R15: ffff88801960c000 [ 111.358890] FS: 0000555562562400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 111.359513] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.359971] CR2: 00007f3327144000 CR3: 0000000036a36000 CR4: 0000000000350ef0 [ 111.360525] Call Trace: [ 111.360733] [ 111.360919] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 111.361295] queue_work_on+0xd0/0xe0 [ 111.361608] loop_queue_rq+0x5c8/0x1180 [ 111.361933] __blk_mq_issue_directly+0xd5/0x260 [ 111.362307] ? __pfx___blk_mq_issue_directly+0x10/0x10 [ 111.362722] ? bdev_count_inflight_rw.part.0+0x5f/0x380 [ 111.363143] blk_mq_request_issue_directly+0x11c/0x1e0 [ 111.363555] blk_mq_issue_direct+0x192/0x640 [ 111.363913] blk_mq_dispatch_queue_requests+0x4b0/0x7c0 [ 111.364335] blk_mq_flush_plug_list+0x1ec/0x5b0 [ 111.364709] ? read_tsc+0x9/0x20 [ 111.364986] ? ktime_get+0x16d/0x270 [ 111.365289] ? trace_block_plug+0x149/0x1b0 [ 111.365642] ? blk_add_rq_to_plug+0x234/0x550 [ 111.365999] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 111.366405] ? blk_mq_submit_bio+0x4fd/0x2220 [ 111.366762] __blk_flush_plug+0x25c/0x460 [ 111.367092] ? __pfx___blk_flush_plug+0x10/0x10 [ 111.367462] __submit_bio+0x480/0x5b0 [ 111.367774] ? __pfx___submit_bio+0x10/0x10 [ 111.368118] ? read_tsc+0x9/0x20 [ 111.368393] ? ktime_get+0x16d/0x270 [ 111.368695] submit_bio_noacct_nocheck+0x68e/0xcb0 [ 111.369084] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 111.369521] submit_bio_noacct+0x359/0x1350 [ 111.369864] __sync_dirty_buffer+0x176/0x380 [ 111.370218] fat_set_state+0x22f/0x360 [ 111.370532] fat_put_super+0x3f/0xc0 [ 111.370834] ? __pfx_fat_put_super+0x10/0x10 [ 111.371186] generic_shutdown_super+0x15a/0x4a0 [ 111.371563] kill_block_super+0x3b/0x90 [ 111.371887] deactivate_locked_super+0xbf/0x1a0 [ 111.372266] deactivate_super+0xb1/0xd0 [ 111.372587] cleanup_mnt+0x2df/0x430 [ 111.372896] task_work_run+0x172/0x280 [ 111.373210] ? __pfx_task_work_run+0x10/0x10 [ 111.373568] ? __x64_sys_umount+0x114/0x190 [ 111.373909] ? __pfx___x64_sys_umount+0x10/0x10 [ 111.374280] exit_to_user_mode_loop+0xef/0x110 [ 111.374645] do_syscall_64+0x2f7/0x360 [ 111.374956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.375367] RIP: 0033:0x7feb68850f87 [ 111.375666] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 111.377062] RSP: 002b:00007ffe82dd2df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 111.377660] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007feb68850f87 [ 111.378211] RDX: 00007ffe82dd2ec9 RSI: 000000000000000a RDI: 00007ffe82dd2ec0 [ 111.378763] RBP: 00007ffe82dd2ec0 R08: 00000000ffffffff R09: 00007ffe82dd2c90 [ 111.379318] R10: 0000555562563c7b R11: 0000000000000246 R12: 00007feb688a9105 [ 111.379868] R13: 00007ffe82dd3f80 R14: 0000555562563c20 R15: 00007ffe82dd3fc0 [ 111.380424] [ 111.380614] Modules linked in: [ 111.380877] ---[ end trace 0000000000000000 ]--- [ 111.381244] RIP: 0010:__queue_work+0x202/0x1240 [ 111.381626] Code: 48 8b 6d 00 e8 4f 9e 79 03 31 ff 41 89 c5 89 c6 e8 93 f3 31 00 45 85 ed 0f 85 e1 05 00 00 e8 55 f8 31 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 111.383026] RSP: 0018:ffff88801c48f6b0 EFLAGS: 00010056 [ 111.383446] RAX: 0000000000000000 RBX: ffff88804161c718 RCX: ffffffff8141f51d [ 111.384001] RDX: ffff88800f89b700 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 111.384553] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f11ef4 [ 111.385103] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 111.385662] R13: 0000000000000001 R14: 0000000000000001 R15: ffff88801960c000 [ 111.386221] FS: 0000555562562400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 111.386845] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.387303] CR2: 00007f3327144000 CR3: 0000000036a36000 CR4: 0000000000350ef0 [ 111.387859] note: syz-executor.1[279] exited with irqs disabled [ 111.388474] note: syz-executor.1[279] exited with preempt_count 1 [ 111.388988] ------------[ cut here ]------------ [ 111.389383] WARNING: kernel/exit.c:898 at do_exit+0x1c36/0x2970, CPU#1: syz-executor.1/279 [ 111.390028] Modules linked in: [ 111.390471] CPU: 1 UID: 0 PID: 279 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.391525] Tainted: [D]=DIE, [W]=WARN [ 111.391828] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.392500] RIP: 0010:do_exit+0x1c36/0x2970 [ 111.392846] Code: 96 0a 00 00 c7 43 18 00 00 00 00 e9 21 e6 ff ff e8 bf a4 38 00 bf 02 24 00 00 e8 f5 ab 0b 00 e9 41 ff ff ff e8 ab a4 38 00 90 <0f> 0b 90 e9 87 e4 ff ff e8 9d a4 38 00 4c 89 e6 bf 05 06 00 00 e8 [ 111.394276] RSP: 0018:ffff88801c48fe40 EFLAGS: 00010293 [ 111.394691] RAX: 0000000000000000 RBX: 0000000000000200 RCX: ffffffff813b2727 [ 111.395258] RDX: ffff88800f89b700 RSI: ffffffff813b42d5 RDI: ffff88800f89c8e8 [ 111.395813] RBP: ffff88800f89b700 R08: 0000000000000001 R09: fffffbfff0f11cd8 [ 111.396384] R10: 0000000000000200 R11: 0000000000000001 R12: 000000000000000b [ 111.396941] R13: 0000000000002710 R14: dffffc0000000000 R15: 0000000000000000 [ 111.398342] FS: 0000555562562400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 111.398969] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.400022] CR2: 00007f3327144000 CR3: 0000000036a36000 CR4: 0000000000350ef0 [ 111.400602] Call Trace: [ 111.400812] [ 111.401000] ? _printk+0xbe/0xf0 [ 111.401395] ? __pfx__printk+0x10/0x10 [ 111.401712] ? __pfx_do_exit+0x10/0x10 [ 111.402030] make_task_dead+0x174/0x3b0 [ 111.402370] ? do_syscall_64+0x2f7/0x360 [ 111.402876] rewind_stack_and_make_dead+0x16/0x20 [ 111.403285] RIP: 0033:0x7feb68850f87 [ 111.403583] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 111.405004] RSP: 002b:00007ffe82dd2df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 111.405617] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007feb68850f87 [ 111.406168] RDX: 00007ffe82dd2ec9 RSI: 000000000000000a RDI: 00007ffe82dd2ec0 [ 111.406750] RBP: 00007ffe82dd2ec0 R08: 00000000ffffffff R09: 00007ffe82dd2c90 [ 111.407320] R10: 0000555562563c7b R11: 0000000000000246 R12: 00007feb688a9105 [ 111.407881] R13: 00007ffe82dd3f80 R14: 0000555562563c20 R15: 00007ffe82dd3fc0 [ 111.408455] [ 111.408646] irq event stamp: 168372 [ 111.408927] hardirqs last enabled at (168371): [] ktime_get+0x1c7/0x270 [ 111.409594] hardirqs last disabled at (168372): [] _raw_spin_lock_irq+0x42/0x50 [ 111.410298] softirqs last enabled at (168216): [] handle_softirqs+0x50c/0x770 [ 111.410980] softirqs last disabled at (168211): [] __irq_exit_rcu+0xc4/0x100 [ 111.411669] ---[ end trace 0000000000000000 ]--- [ 111.412042] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 111.412745] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 279, name: syz-executor.1 [ 111.413416] preempt_count: 0, expected: 0 [ 111.413742] RCU nest depth: 2, expected: 0 [ 111.414068] INFO: lockdep is turned off. [ 111.414403] CPU: 1 UID: 0 PID: 279 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.414422] Tainted: [D]=DIE, [W]=WARN [ 111.414426] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.414433] Call Trace: [ 111.414437] [ 111.414441] dump_stack_lvl+0xfa/0x120 [ 111.414461] __might_resched+0x2f3/0x510 [ 111.414475] exit_signals+0x25/0x940 [ 111.414493] do_exit+0x2db/0x2970 [ 111.414505] ? _printk+0xbe/0xf0 [ 111.414517] ? __pfx__printk+0x10/0x10 [ 111.414529] ? __pfx_do_exit+0x10/0x10 [ 111.414544] make_task_dead+0x174/0x3b0 [ 111.414556] ? do_syscall_64+0x2f7/0x360 [ 111.414566] rewind_stack_and_make_dead+0x16/0x20 [ 111.414581] RIP: 0033:0x7feb68850f87 [ 111.414589] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 111.414599] RSP: 002b:00007ffe82dd2df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 111.414610] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007feb68850f87 [ 111.414617] RDX: 00007ffe82dd2ec9 RSI: 000000000000000a RDI: 00007ffe82dd2ec0 [ 111.414624] RBP: 00007ffe82dd2ec0 R08: 00000000ffffffff R09: 00007ffe82dd2c90 [ 111.414631] R10: 0000555562563c7b R11: 0000000000000246 R12: 00007feb688a9105 [ 111.414638] R13: 00007ffe82dd3f80 R14: 0000555562563c20 R15: 00007ffe82dd3fc0 [ 111.414649] [ 111.426959] loop6: detected capacity change from 0 to 128 09:01:22 executing program 5: r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0) ioctl$RTC_IRQP_READ(r0, 0x40187014, 0x0) 09:01:22 executing program 5: r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0) ioctl$RTC_IRQP_READ(r0, 0x40187014, 0x0) 09:01:22 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000640)={@multicast2, @dev}, 0x8) setsockopt$inet_mreqsrc(r0, 0x0, 0x25, &(0x7f0000000000)={@multicast2, @remote, @multicast2}, 0xc) [ 111.444657] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.445894] ext4 filesystem being mounted at /syzkaller-testdir904158350/syzkaller.3Atvdv/4/file0 supports timestamps until 2038-01-19 (0x7fffffff) 09:01:22 executing program 5: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$PTP_SYS_OFFSET_EXTENDED(r0, 0xc4c03d09, 0x0) [ 111.474464] BUG: unable to handle page fault for address: ffffffff857474f6 [ 111.475062] #PF: supervisor write access in kernel mode [ 111.475493] #PF: error_code(0x0003) - permissions violation [ 111.475937] PGD 5a8b067 P4D 5a8b067 PUD 5a8c063 PMD 80000000056001a1 [ 111.476469] Oops: Oops: 0003 [#2] SMP KASAN NOPTI [ 111.476864] CPU: 0 UID: 0 PID: 279 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.477820] Tainted: [D]=DIE, [W]=WARN [ 111.478127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.478788] RIP: 0010:__blk_flush_plug+0x128/0x460 [ 111.479199] Code: 6c 24 58 49 8b 56 30 80 38 00 0f 85 03 03 00 00 48 8d 7a 08 4d 8b 66 38 48 89 f9 48 c1 e9 03 42 80 3c 39 00 0f 85 02 03 00 00 <48> 89 5a 08 48 89 54 24 58 4c 89 e2 48 c1 ea 03 42 80 3c 3a 00 0f [ 111.480664] RSP: 0018:ffff88801c48f8c0 EFLAGS: 00010246 [ 111.481098] RAX: ffffed1003891f6a RBX: ffff88801c48f918 RCX: 1ffffffff0ae8e9e [ 111.481679] RDX: ffffffff857474ee RSI: ffffffff8238e087 RDI: ffffffff857474f6 [ 111.482251] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 111.482823] R10: ffffffff8643ac57 R11: 0000000000000000 R12: ffffffff81522000 [ 111.483405] R13: ffff88801c48f918 R14: ffff88801c48fb18 R15: dffffc0000000000 [ 111.483981] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 111.484635] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.485103] CR2: ffffffff857474f6 CR3: 0000000044f34000 CR4: 0000000000350ef0 [ 111.485685] Call Trace: [ 111.485896] [ 111.486084] ? __pfx___blk_flush_plug+0x10/0x10 [ 111.486470] ? lock_acquire+0x18c/0x2f0 [ 111.486796] ? __pfx___mutex_trylock_common+0x10/0x10 [ 111.487218] ? __mutex_lock+0x4d5/0x1020 [ 111.487556] schedule+0x2b9/0x390 [ 111.487847] schedule_preempt_disabled+0x10/0x20 [ 111.488243] __mutex_lock+0x813/0x1020 [ 111.488566] ? exp_funnel_lock+0x2c7/0x5c0 [ 111.488915] ? __pfx___mutex_lock+0x10/0x10 [ 111.489271] ? __mutex_trylock_common+0x77/0x260 [ 111.489665] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 111.490049] ? __call_rcu_common.constprop.0+0x70/0x960 [ 111.490490] ? lock_release+0x1c7/0x290 [ 111.490819] exp_funnel_lock+0x2c7/0x5c0 [ 111.491157] ? __pfx_exp_funnel_lock+0x10/0x10 [ 111.491533] ? do_raw_spin_lock+0x123/0x260 [ 111.491888] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 111.492272] ? xas_start+0x14e/0x710 [ 111.492582] ? lock_release+0x1c7/0x290 [ 111.492910] synchronize_rcu_expedited+0x27e/0x420 [ 111.493313] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 111.493743] ? lock_release+0x1c7/0x290 [ 111.494070] ? __virt_addr_valid+0x100/0x5d0 [ 111.494435] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 111.494850] ? shrink_dentry_list+0x1a/0x650 [ 111.495210] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 111.495637] namespace_unlock+0x4b6/0x810 [ 111.495977] ? __pfx_namespace_unlock+0x10/0x10 [ 111.496355] ? do_raw_spin_lock+0x123/0x260 [ 111.496701] ? __pfx_umount_tree+0x10/0x10 [ 111.497039] ? lock_acquire+0x18c/0x2f0 [ 111.497366] ? lock_release+0x1c7/0x290 [ 111.497688] put_mnt_ns+0xf5/0x120 [ 111.497980] free_nsproxy+0x3a/0x400 [ 111.498291] switch_task_namespaces+0xe2/0x100 [ 111.498663] do_exit+0x841/0x2970 [ 111.498949] ? _printk+0xbe/0xf0 [ 111.499228] ? __pfx__printk+0x10/0x10 [ 111.499540] ? __pfx_do_exit+0x10/0x10 [ 111.499856] make_task_dead+0x174/0x3b0 [ 111.500180] ? do_syscall_64+0x2f7/0x360 [ 111.500505] rewind_stack_and_make_dead+0x16/0x20 [ 111.500895] RIP: 0033:0x7feb68850f87 [ 111.501191] Code: Unable to access opcode bytes at 0x7feb68850f5d. [ 111.501677] RSP: 002b:00007ffe82dd2df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 111.502273] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007feb68850f87 [ 111.502829] RDX: 00007ffe82dd2ec9 RSI: 000000000000000a RDI: 00007ffe82dd2ec0 [ 111.503382] RBP: 00007ffe82dd2ec0 R08: 00000000ffffffff R09: 00007ffe82dd2c90 [ 111.503945] R10: 0000555562563c7b R11: 0000000000000246 R12: 00007feb688a9105 [ 111.504505] R13: 00007ffe82dd3f80 R14: 0000555562563c20 R15: 00007ffe82dd3fc0 [ 111.505068] [ 111.505259] Modules linked in: [ 111.505524] CR2: ffffffff857474f6 [ 111.505799] ---[ end trace 0000000000000000 ]--- [ 111.506168] RIP: 0010:__queue_work+0x202/0x1240 [ 111.506543] Code: 48 8b 6d 00 e8 4f 9e 79 03 31 ff 41 89 c5 89 c6 e8 93 f3 31 00 45 85 ed 0f 85 e1 05 00 00 e8 55 f8 31 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24 [ 111.507969] RSP: 0018:ffff88801c48f6b0 EFLAGS: 00010056 [ 111.508384] RAX: 0000000000000000 RBX: ffff88804161c718 RCX: ffffffff8141f51d [ 111.508940] RDX: ffff88800f89b700 RSI: ffffffff8141ef2b RDI: 0000000000000005 [ 111.509504] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f11ef4 [ 111.510064] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 111.510620] R13: 0000000000000001 R14: 0000000000000001 R15: ffff88801960c000 [ 111.511185] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 111.511818] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.512272] CR2: ffffffff857474f6 CR3: 0000000044f34000 CR4: 0000000000350ef0 [ 111.512833] note: syz-executor.1[279] exited with irqs disabled [ 111.513991] Fixing recursive fault but reboot is needed! [ 111.514906] BUG: scheduling while atomic: syz-executor.1/279/0x00000000 [ 111.515463] INFO: lockdep is turned off. [ 111.515782] Modules linked in: [ 111.516050] CPU: 0 UID: 0 PID: 279 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.516068] Tainted: [D]=DIE, [W]=WARN [ 111.516072] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.516078] Call Trace: [ 111.516082] [ 111.516086] dump_stack_lvl+0xfa/0x120 [ 111.516108] __schedule_bug+0xb9/0x100 [ 111.516121] __schedule+0x24f3/0x3590 [ 111.516135] ? __pfx_vprintk_emit+0x10/0x10 [ 111.516153] ? free_nsproxy+0x3a/0x400 [ 111.516169] ? __pfx___schedule+0x10/0x10 [ 111.516187] ? do_raw_spin_lock+0x123/0x260 [ 111.516201] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 111.516216] ? lock_acquire+0x18c/0x2f0 [ 111.516229] ? lock_release+0x1c7/0x290 [ 111.516242] ? do_task_dead+0x3e/0x110 [ 111.516255] do_task_dead+0xdc/0x110 [ 111.516268] make_task_dead+0x373/0x3b0 [ 111.516281] ? do_syscall_64+0x2f7/0x360 [ 111.516291] rewind_stack_and_make_dead+0x16/0x20 [ 111.516306] RIP: 0033:0x7feb68850f87 [ 111.516314] Code: Unable to access opcode bytes at 0x7feb68850f5d. [ 111.516319] RSP: 002b:00007ffe82dd2df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 111.516330] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007feb68850f87 [ 111.516337] RDX: 00007ffe82dd2ec9 RSI: 000000000000000a RDI: 00007ffe82dd2ec0 [ 111.516344] RBP: 00007ffe82dd2ec0 R08: 00000000ffffffff R09: 00007ffe82dd2c90 [ 111.516351] R10: 0000555562563c7b R11: 0000000000000246 R12: 00007feb688a9105 [ 111.516358] R13: 00007ffe82dd3f80 R14: 0000555562563c20 R15: 00007ffe82dd3fc0 [ 111.516369] [ 111.527573] ------------[ cut here ]------------ [ 111.527942] Voluntary context switch within RCU read-side critical section! [ 111.528059] WARNING: kernel/rcu/tree_plugin.h:332 at rcu_note_context_switch+0xa96/0x1b00, CPU#0: syz-executor.1/279 [ 111.529428] Modules linked in: [ 111.529689] CPU: 0 UID: 0 PID: 279 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.530607] Tainted: [D]=DIE, [W]=WARN [ 111.530911] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.531552] RIP: 0010:rcu_note_context_switch+0xa96/0x1b00 [ 111.531999] Code: 00 00 00 65 48 8b 3d 41 8c 27 06 e8 84 11 fd ff e9 1a f8 ff ff c6 05 9a 42 e4 04 01 90 48 c7 c7 a0 8a c9 84 e8 0b 39 dd ff 90 <0f> 0b 90 90 e9 3a f6 ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1 ea [ 111.533422] RSP: 0018:ffff88801c48fd38 EFLAGS: 00010082 [ 111.533837] RAX: 0000000000000000 RBX: ffff88806ce37d00 RCX: ffffffff8139de70 [ 111.534393] RDX: ffff88800f89b700 RSI: ffffffff8139de7e RDI: 0000000000000001 [ 111.534948] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100d9c4801 [ 111.535510] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800f89b700 [ 111.536063] R13: 0000000000000000 R14: ffff88800f89b700 R15: ffffffff84c5d520 [ 111.536622] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 111.537246] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.537708] CR2: ffffffff857474f6 CR3: 0000000044f34000 CR4: 0000000000350ef0 [ 111.538265] Call Trace: [ 111.538474] [ 111.538657] ? dump_stack_lvl+0x113/0x120 [ 111.538987] ? dump_stack_lvl+0x115/0x120 [ 111.539321] __schedule+0x217/0x3590 [ 111.539618] ? __pfx_vprintk_emit+0x10/0x10 [ 111.539963] ? free_nsproxy+0x3a/0x400 [ 111.540280] ? __pfx___schedule+0x10/0x10 [ 111.540610] ? do_raw_spin_lock+0x123/0x260 [ 111.540957] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 111.541336] ? lock_acquire+0x18c/0x2f0 [ 111.541662] ? lock_release+0x1c7/0x290 [ 111.541979] ? do_task_dead+0x3e/0x110 [ 111.542289] do_task_dead+0xdc/0x110 [ 111.542589] make_task_dead+0x373/0x3b0 [ 111.542905] ? do_syscall_64+0x2f7/0x360 [ 111.543226] rewind_stack_and_make_dead+0x16/0x20 [ 111.543610] RIP: 0033:0x7feb68850f87 [ 111.543904] Code: Unable to access opcode bytes at 0x7feb68850f5d. [ 111.544385] RSP: 002b:00007ffe82dd2df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 111.544978] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007feb68850f87 [ 111.545550] RDX: 00007ffe82dd2ec9 RSI: 000000000000000a RDI: 00007ffe82dd2ec0 [ 111.546105] RBP: 00007ffe82dd2ec0 R08: 00000000ffffffff R09: 00007ffe82dd2c90 [ 111.546660] R10: 0000555562563c7b R11: 0000000000000246 R12: 00007feb688a9105 [ 111.547215] R13: 00007ffe82dd3f80 R14: 0000555562563c20 R15: 00007ffe82dd3fc0 [ 111.547776] [ 111.547964] irq event stamp: 168372 [ 111.548251] hardirqs last enabled at (168371): [] ktime_get+0x1c7/0x270 [ 111.548898] hardirqs last disabled at (168372): [] _raw_spin_lock_irq+0x42/0x50 [ 111.549599] softirqs last enabled at (168216): [] handle_softirqs+0x50c/0x770 [ 111.550291] softirqs last disabled at (168211): [] __irq_exit_rcu+0xc4/0x100 [ 111.550969] ---[ end trace 0000000000000000 ]--- VM DIAGNOSIS: 09:01:22 Registers: info registers vcpu 0 RAX=ffffffff87a97f80 RBX=ffff888016ad0000 RCX=0000000000000000 RDX=0000000000000064 RSI=0000000000000000 RDI=ffffffff85a112d8 RBP=ffff888016ad0a58 RSP=ffff88806ce08c98 R8 =0000000000080000 R9 =0000000000000064 R10=0000000000000001 R11=0000000000000000 R12=ffff888016ad0a80 R13=0000000000000002 R14=0000000000000001 R15=0000000000040000 RIP=ffffffff8151bb13 RFL=00000003 [------C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fd319aa58c0 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4900000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f3d74700150 CR3=000000000a0cf000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffff00000000ff00000000 XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=00000000000000210000726500716d2f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=0000555664f03e400000555664ed6650 XMM06=0000000000000000ffffffff00000000 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000020000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88800f5ff750 R8 =0000000000000001 R9 =ffffed1001ebfee0 R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=ffffffff88724190 R14=ffffffff88724140 R15=ffffffff88724400 RIP=ffffffff828e331d RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555557da400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe7400000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fff1b93af48 CR3=0000000033a14000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=d22540a2c41461d4a69cf47386541f51 XMM02=1ccc379672c42c90c498c0c9ca920912 XMM03=6c5edf5af7b33165eb7b0a41ad7b58d2 XMM04=5fd6f63c498e4bf2df60cb0be719f327 XMM05=4c5436cf32073d3ed458c0d078fb4762 XMM06=ad87df27ef20a4bb3cb99e68e26b66d5 XMM07=0ff19b210fb93a8dd7089a0f39e0affe XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000