Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:13475' (ECDSA) to the list of known hosts. 2025/09/01 08:29:11 fuzzer started 2025/09/01 08:29:11 dialing manager at localhost:35473 syzkaller login: [ 50.177149] cgroup: Unknown subsys name 'net' [ 50.242253] cgroup: Unknown subsys name 'cpuset' [ 50.249172] cgroup: Unknown subsys name 'rlimit' 2025/09/01 08:29:20 syscalls: 2214 2025/09/01 08:29:20 code coverage: enabled 2025/09/01 08:29:20 comparison tracing: enabled 2025/09/01 08:29:20 extra coverage: enabled 2025/09/01 08:29:20 setuid sandbox: enabled 2025/09/01 08:29:20 namespace sandbox: enabled 2025/09/01 08:29:20 Android sandbox: enabled 2025/09/01 08:29:20 fault injection: enabled 2025/09/01 08:29:20 leak checking: enabled 2025/09/01 08:29:20 net packet injection: enabled 2025/09/01 08:29:20 net device setup: enabled 2025/09/01 08:29:20 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 08:29:20 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 08:29:20 USB emulation: enabled 2025/09/01 08:29:20 hci packet injection: enabled 2025/09/01 08:29:20 wifi device emulation: enabled 2025/09/01 08:29:20 802.15.4 emulation: enabled 2025/09/01 08:29:20 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 08:29:20 fetching corpus: 50, signal 27481/30477 (executing program) 2025/09/01 08:29:20 fetching corpus: 100, signal 40415/44236 (executing program) 2025/09/01 08:29:21 fetching corpus: 150, signal 47194/51708 (executing program) 2025/09/01 08:29:21 fetching corpus: 200, signal 52289/57524 (executing program) 2025/09/01 08:29:21 fetching corpus: 250, signal 57043/62763 (executing program) 2025/09/01 08:29:21 fetching corpus: 300, signal 59406/65807 (executing program) 2025/09/01 08:29:21 fetching corpus: 350, signal 63474/70223 (executing program) 2025/09/01 08:29:21 fetching corpus: 400, signal 67478/74386 (executing program) 2025/09/01 08:29:21 fetching corpus: 450, signal 72341/79144 (executing program) 2025/09/01 08:29:21 fetching corpus: 500, signal 75722/82592 (executing program) 2025/09/01 08:29:22 fetching corpus: 550, signal 77847/84930 (executing program) 2025/09/01 08:29:22 fetching corpus: 600, signal 82457/88990 (executing program) 2025/09/01 08:29:22 fetching corpus: 650, signal 86082/92179 (executing program) 2025/09/01 08:29:22 fetching corpus: 700, signal 88426/94275 (executing program) 2025/09/01 08:29:22 fetching corpus: 750, signal 90120/95800 (executing program) 2025/09/01 08:29:22 fetching corpus: 800, signal 93747/98620 (executing program) 2025/09/01 08:29:22 fetching corpus: 850, signal 94948/99771 (executing program) 2025/09/01 08:29:22 fetching corpus: 900, signal 96546/101127 (executing program) 2025/09/01 08:29:23 fetching corpus: 950, signal 98254/102434 (executing program) 2025/09/01 08:29:23 fetching corpus: 1000, signal 100549/104068 (executing program) 2025/09/01 08:29:23 fetching corpus: 1050, signal 102287/105279 (executing program) 2025/09/01 08:29:23 fetching corpus: 1100, signal 104399/106606 (executing program) 2025/09/01 08:29:23 fetching corpus: 1150, signal 106111/107690 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/108398 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/108440 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/108485 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/108536 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/108587 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/108631 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/108673 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/108711 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/108746 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/108788 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/108832 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/108878 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/108929 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/108976 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/109013 (executing program) 2025/09/01 08:29:23 fetching corpus: 1180, signal 107294/109053 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109101 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109135 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109172 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109215 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109258 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109314 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109351 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109387 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109426 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109467 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109519 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109555 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109602 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109646 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109649 (executing program) 2025/09/01 08:29:24 fetching corpus: 1180, signal 107294/109649 (executing program) 2025/09/01 08:29:26 starting 8 fuzzer processes 08:29:26 executing program 0: prlimit64(0x0, 0x1, &(0x7f0000000040), &(0x7f0000000080)) 08:29:26 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_io_capa_reply={{0x32, 0x9}, {@fixed, 0x0, 0x9}}}, 0xc) 08:29:26 executing program 7: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) chdir(&(0x7f0000000040)='./file0\x00') 08:29:26 executing program 1: io_setup(0x1, &(0x7f0000000080)=0x0) io_submit(r0, 0x49, &(0x7f0000002940)) 08:29:26 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x6e, &(0x7f00000000c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "ca9d01", 0x0, 0x32, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev, [], "fcdc4613494550c1"}}}}}}}, 0x0) 08:29:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x14, 0x0, 0x0) [ 64.377724] audit: type=1400 audit(1756715366.154:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:29:26 executing program 3: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) sync_file_range(r0, 0x0, 0x0, 0x0) 08:29:26 executing program 6: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0/../file0/file0\x00', 0x0) [ 65.501432] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.506779] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.508948] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.513558] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.516455] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.631608] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 65.633577] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 65.636139] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 65.647097] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 65.651893] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 65.695553] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 65.700102] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 65.707139] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 65.709549] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 65.712784] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 65.714721] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 65.722127] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 65.727596] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 65.729223] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 65.730492] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 65.746483] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 65.749668] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 65.753153] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 65.755667] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 65.757195] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 65.760431] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 65.761954] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 65.765859] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 65.767109] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 65.769578] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 65.775171] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 65.776471] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 65.779464] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 65.782231] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 65.787535] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 65.789055] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 65.791123] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 65.792658] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 65.798188] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 65.812973] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 67.529189] Bluetooth: hci0: command tx timeout [ 67.723853] Bluetooth: hci1: command tx timeout [ 67.785029] Bluetooth: hci3: command tx timeout [ 67.849165] Bluetooth: hci5: command tx timeout [ 67.849211] Bluetooth: hci6: command tx timeout [ 67.850442] Bluetooth: hci4: command tx timeout [ 67.851283] Bluetooth: hci2: command tx timeout [ 67.914011] Bluetooth: hci7: command tx timeout [ 69.577024] Bluetooth: hci0: command tx timeout [ 69.769198] Bluetooth: hci1: command tx timeout [ 69.833872] Bluetooth: hci3: command tx timeout [ 69.898826] Bluetooth: hci4: command tx timeout [ 69.898858] Bluetooth: hci5: command tx timeout [ 69.899251] Bluetooth: hci6: command tx timeout [ 69.900383] Bluetooth: hci2: command tx timeout [ 69.961904] Bluetooth: hci7: command tx timeout [ 71.624838] Bluetooth: hci0: command tx timeout [ 71.817930] Bluetooth: hci1: command tx timeout [ 71.882023] Bluetooth: hci3: command tx timeout [ 71.944892] Bluetooth: hci5: command tx timeout [ 71.944917] Bluetooth: hci6: command tx timeout [ 71.945320] Bluetooth: hci4: command tx timeout [ 71.946912] Bluetooth: hci2: command tx timeout [ 72.008856] Bluetooth: hci7: command tx timeout [ 73.673875] Bluetooth: hci0: command tx timeout [ 73.865013] Bluetooth: hci1: command tx timeout [ 73.930295] Bluetooth: hci3: command tx timeout [ 73.992888] Bluetooth: hci5: command tx timeout [ 73.993351] Bluetooth: hci2: command tx timeout [ 73.995839] Bluetooth: hci4: command tx timeout [ 73.996245] Bluetooth: hci6: command tx timeout [ 74.056984] Bluetooth: hci7: command tx timeout [ 101.789356] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.790623] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.002479] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.003123] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.349319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.350043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.515038] audit: type=1400 audit(1756715404.295:8): avc: denied { open } for pid=3787 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 102.517113] audit: type=1400 audit(1756715404.295:9): avc: denied { kernel } for pid=3787 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 102.531217] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.532279] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:30:04 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x6e, &(0x7f00000000c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "ca9d01", 0x0, 0x32, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev, [], "fcdc4613494550c1"}}}}}}}, 0x0) [ 102.670199] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.670940] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:30:04 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x6e, &(0x7f00000000c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "ca9d01", 0x0, 0x32, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev, [], "fcdc4613494550c1"}}}}}}}, 0x0) 08:30:04 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x6e, &(0x7f00000000c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "ca9d01", 0x0, 0x32, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev, [], "fcdc4613494550c1"}}}}}}}, 0x0) [ 102.836941] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.837573] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:30:04 executing program 5: name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', &(0x7f0000000040)=@orangefs_parent={0x28, 0x2, {{"9550c5769f983ff93da9d274d211ce3d"}, {"cb5b24ee5bea979b1802bc1a9a98cac8"}}}, &(0x7f0000000080), 0x0) 08:30:04 executing program 5: name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', &(0x7f0000000040)=@orangefs_parent={0x28, 0x2, {{"9550c5769f983ff93da9d274d211ce3d"}, {"cb5b24ee5bea979b1802bc1a9a98cac8"}}}, &(0x7f0000000080), 0x0) 08:30:04 executing program 5: name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', &(0x7f0000000040)=@orangefs_parent={0x28, 0x2, {{"9550c5769f983ff93da9d274d211ce3d"}, {"cb5b24ee5bea979b1802bc1a9a98cac8"}}}, &(0x7f0000000080), 0x0) [ 103.092992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.093638] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:30:04 executing program 5: name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', &(0x7f0000000040)=@orangefs_parent={0x28, 0x2, {{"9550c5769f983ff93da9d274d211ce3d"}, {"cb5b24ee5bea979b1802bc1a9a98cac8"}}}, &(0x7f0000000080), 0x0) [ 103.226181] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.226943] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:30:05 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 103.622051] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.622642] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.728739] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.729410] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.882224] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.882970] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.934384] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.935110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.971859] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.972489] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.049628] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.050279] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.079009] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 104.130659] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.131284] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.184244] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.184975] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:30:06 executing program 0: prlimit64(0x0, 0x1, &(0x7f0000000040), &(0x7f0000000080)) 08:30:06 executing program 1: io_setup(0x1, &(0x7f0000000080)=0x0) io_submit(r0, 0x49, &(0x7f0000002940)) 08:30:06 executing program 3: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) sync_file_range(r0, 0x0, 0x0, 0x0) 08:30:06 executing program 6: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0/../file0/file0\x00', 0x0) 08:30:06 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_io_capa_reply={{0x32, 0x9}, {@fixed, 0x0, 0x9}}}, 0xc) 08:30:06 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x14, 0x0, 0x0) 08:30:06 executing program 7: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) chdir(&(0x7f0000000040)='./file0\x00') [ 104.377711] kmemleak: Found object by alias at 0x607f1a63db24 [ 104.377732] CPU: 1 UID: 0 PID: 3930 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 104.377751] Tainted: [W]=WARN [ 104.377755] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 104.377762] Call Trace: [ 104.377766] [ 104.377771] dump_stack_lvl+0xca/0x120 [ 104.377805] __lookup_object+0x94/0xb0 [ 104.377824] delete_object_full+0x27/0x70 [ 104.377841] free_percpu+0x30/0x1160 [ 104.377858] ? arch_uprobe_clear_state+0x16/0x140 [ 104.377879] futex_hash_free+0x38/0xc0 [ 104.377895] mmput+0x2d3/0x390 [ 104.377914] do_exit+0x79d/0x2970 [ 104.377930] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 104.377945] ? __pfx_do_exit+0x10/0x10 [ 104.377960] ? find_held_lock+0x2b/0x80 [ 104.377979] ? get_signal+0x835/0x2340 [ 104.377999] do_group_exit+0xd3/0x2a0 [ 104.378014] get_signal+0x2315/0x2340 [ 104.378032] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 104.378049] ? __pfx_get_signal+0x10/0x10 [ 104.378065] ? __schedule+0xe91/0x3590 [ 104.378087] arch_do_signal_or_restart+0x80/0x790 [ 104.378105] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 104.378123] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 104.378135] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 104.378148] ? __pfx___x64_sys_futex+0x10/0x10 [ 104.378161] ? __x64_sys_umount+0x114/0x190 [ 104.378180] exit_to_user_mode_loop+0x8b/0x110 [ 104.378193] do_syscall_64+0x2f7/0x360 [ 104.378207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.378219] RIP: 0033:0x7f48721a8b19 [ 104.378228] Code: Unable to access opcode bytes at 0x7f48721a8aef. [ 104.378234] RSP: 002b:00007f486f71e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 104.378246] RAX: 0000000000000001 RBX: 00007f48722bbf68 RCX: 00007f48721a8b19 [ 104.378254] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f48722bbf6c [ 104.378261] RBP: 00007f48722bbf60 R08: 0000000000000002 R09: 0000000000000000 [ 104.378269] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f48722bbf6c [ 104.378276] R13: 00007ffe91100e4f R14: 00007f486f71e300 R15: 0000000000022000 [ 104.378293] [ 104.378297] kmemleak: Object (percpu) 0x607f1a63db20 (size 8): [ 104.378306] kmemleak: comm "syz-executor.1", pid 283, jiffies 4294770071 [ 104.378314] kmemleak: min_count = 1 [ 104.378319] kmemleak: count = 0 [ 104.378324] kmemleak: flags = 0x21 [ 104.378328] kmemleak: checksum = 0 [ 104.378332] kmemleak: backtrace: [ 104.378336] pcpu_alloc_noprof+0x87a/0x1170 [ 104.378352] percpu_ref_init+0x37/0x400 [ 104.378363] cgroup_mkdir+0x28a/0x1110 [ 104.378377] kernfs_iop_mkdir+0x111/0x190 [ 104.378393] vfs_mkdir+0x59a/0x8d0 [ 104.378413] do_mkdirat+0x19f/0x3d0 [ 104.378424] __x64_sys_mkdir+0xf3/0x140 [ 104.378435] do_syscall_64+0xbf/0x360 [ 104.378445] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:30:06 executing program 1: io_setup(0x1, &(0x7f0000000080)=0x0) io_submit(r0, 0x49, &(0x7f0000002940)) 08:30:06 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_io_capa_reply={{0x32, 0x9}, {@fixed, 0x0, 0x9}}}, 0xc) 08:30:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x14, 0x0, 0x0) 08:30:06 executing program 0: prlimit64(0x0, 0x1, &(0x7f0000000040), &(0x7f0000000080)) 08:30:06 executing program 3: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) sync_file_range(r0, 0x0, 0x0, 0x0) 08:30:06 executing program 7: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) chdir(&(0x7f0000000040)='./file0\x00') 08:30:06 executing program 6: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0/../file0/file0\x00', 0x0) 08:30:06 executing program 4: syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_io_capa_reply={{0x32, 0x9}, {@fixed, 0x0, 0x9}}}, 0xc) 08:30:06 executing program 1: io_setup(0x1, &(0x7f0000000080)=0x0) io_submit(r0, 0x49, &(0x7f0000002940)) 08:30:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x14, 0x0, 0x0) 08:30:06 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:06 executing program 3: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) sync_file_range(r0, 0x0, 0x0, 0x0) 08:30:06 executing program 7: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) chdir(&(0x7f0000000040)='./file0\x00') [ 104.764960] kmemleak: Found object by alias at 0x607f1a63db24 [ 104.764983] CPU: 0 UID: 0 PID: 3953 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 104.765002] Tainted: [W]=WARN [ 104.765006] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 104.765013] Call Trace: [ 104.765017] [ 104.765022] dump_stack_lvl+0xca/0x120 [ 104.765053] __lookup_object+0x94/0xb0 [ 104.765071] delete_object_full+0x27/0x70 [ 104.765087] free_percpu+0x30/0x1160 [ 104.765105] ? arch_uprobe_clear_state+0x16/0x140 [ 104.765125] futex_hash_free+0x38/0xc0 [ 104.765141] mmput+0x2d3/0x390 [ 104.765161] do_exit+0x79d/0x2970 [ 104.765175] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 104.765189] ? zap_other_threads+0x2b9/0x3a0 [ 104.765206] ? __pfx_do_exit+0x10/0x10 [ 104.765219] ? do_group_exit+0x1c3/0x2a0 [ 104.765239] ? _raw_spin_unlock_irq+0x23/0x40 [ 104.765262] do_group_exit+0xd3/0x2a0 [ 104.765277] __x64_sys_exit_group+0x3e/0x50 [ 104.765291] x64_sys_call+0x18c5/0x18d0 [ 104.765306] do_syscall_64+0xbf/0x360 [ 104.765319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.765331] RIP: 0033:0x7f48721a8b19 [ 104.765340] Code: Unable to access opcode bytes at 0x7f48721a8aef. [ 104.765345] RSP: 002b:00007ffe91101078 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 104.765357] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f48721a8b19 [ 104.765365] RDX: 00007f487215b72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 104.765372] RBP: 0000000000000000 R08: 0000001b2d3294dc R09: 0000000000000000 [ 104.765379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.765385] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe91101160 [ 104.765401] [ 104.765405] kmemleak: Object (percpu) 0x607f1a63db20 (size 16): [ 104.765412] kmemleak: comm "syz-executor.7", pid 285, jiffies 4294771402 [ 104.765419] kmemleak: min_count = 1 [ 104.765423] kmemleak: count = 0 [ 104.765426] kmemleak: flags = 0x21 [ 104.765430] kmemleak: checksum = 0 [ 104.765434] kmemleak: backtrace: [ 104.765437] pcpu_alloc_noprof+0x87a/0x1170 [ 104.765453] mm_init+0x99b/0x1170 [ 104.765461] copy_process+0x3ab7/0x73c0 [ 104.765471] kernel_clone+0xea/0x7f0 [ 104.765481] __do_sys_clone+0xce/0x120 [ 104.765491] do_syscall_64+0xbf/0x360 [ 104.765501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.785342] kmemleak: Found object by alias at 0x607f1a63db2c [ 104.785355] CPU: 0 UID: 0 PID: 3965 Comm: syz-executor.1 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 104.785373] Tainted: [W]=WARN [ 104.785377] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 104.785383] Call Trace: [ 104.785386] [ 104.785391] dump_stack_lvl+0xca/0x120 [ 104.785410] __lookup_object+0x94/0xb0 [ 104.785426] delete_object_full+0x27/0x70 [ 104.785442] free_percpu+0x30/0x1160 [ 104.785457] ? arch_uprobe_clear_state+0x16/0x140 [ 104.785477] futex_hash_free+0x38/0xc0 [ 104.785490] mmput+0x2d3/0x390 [ 104.785508] do_exit+0x79d/0x2970 [ 104.785524] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 104.785537] ? __pfx_do_exit+0x10/0x10 [ 104.785551] ? find_held_lock+0x2b/0x80 [ 104.785569] ? get_signal+0x835/0x2340 [ 104.785589] do_group_exit+0xd3/0x2a0 [ 104.785604] get_signal+0x2315/0x2340 [ 104.785622] ? put_task_stack+0xd2/0x240 [ 104.785637] ? __pfx_get_signal+0x10/0x10 [ 104.785654] ? __schedule+0xe91/0x3590 [ 104.785674] arch_do_signal_or_restart+0x80/0x790 [ 104.785692] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 104.785709] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 104.785722] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 104.785735] ? __pfx___x64_sys_futex+0x10/0x10 [ 104.785754] exit_to_user_mode_loop+0x8b/0x110 [ 104.785767] do_syscall_64+0x2f7/0x360 [ 104.785779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.785795] RIP: 0033:0x7f75a616eb19 [ 104.785804] Code: Unable to access opcode bytes at 0x7f75a616eaef. [ 104.785811] RSP: 002b:00007f75a36e4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 104.785824] RAX: 0000000000000001 RBX: 00007f75a6281f68 RCX: 00007f75a616eb19 [ 104.785832] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f75a6281f6c [ 104.785839] RBP: 00007f75a6281f60 R08: 000000000000000e R09: 0000000000000000 [ 104.785846] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f75a6281f6c [ 104.785853] R13: 00007ffc00dc97bf R14: 00007f75a36e4300 R15: 0000000000022000 [ 104.785868] [ 104.785872] kmemleak: Object (percpu) 0x607f1a63db20 (size 16): [ 104.785879] kmemleak: comm "syz-executor.7", pid 285, jiffies 4294771402 [ 104.785885] kmemleak: min_count = 1 [ 104.785889] kmemleak: count = 0 [ 104.785893] kmemleak: flags = 0x21 [ 104.785896] kmemleak: checksum = 0 [ 104.785900] kmemleak: backtrace: [ 104.785903] pcpu_alloc_noprof+0x87a/0x1170 [ 104.785918] mm_init+0x99b/0x1170 [ 104.785927] copy_process+0x3ab7/0x73c0 [ 104.785937] kernel_clone+0xea/0x7f0 [ 104.785947] __do_sys_clone+0xce/0x120 [ 104.785957] do_syscall_64+0xbf/0x360 [ 104.785967] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:30:06 executing program 6: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0/../file0/file0\x00', 0x0) 08:30:06 executing program 0: prlimit64(0x0, 0x1, &(0x7f0000000040), &(0x7f0000000080)) 08:30:06 executing program 2: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) chdir(&(0x7f0000000040)='./file0\x00') 08:30:06 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 105.043325] kmemleak: Found object by alias at 0x607f1a63db28 [ 105.043346] CPU: 0 UID: 0 PID: 3957 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 105.043365] Tainted: [W]=WARN [ 105.043369] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.043376] Call Trace: [ 105.043380] [ 105.043385] dump_stack_lvl+0xca/0x120 [ 105.043412] __lookup_object+0x94/0xb0 [ 105.043430] delete_object_full+0x27/0x70 [ 105.043446] free_percpu+0x30/0x1160 [ 105.043463] ? arch_uprobe_clear_state+0x16/0x140 [ 105.043484] futex_hash_free+0x38/0xc0 [ 105.043498] mmput+0x2d3/0x390 [ 105.043518] do_exit+0x79d/0x2970 [ 105.043532] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 105.043546] ? zap_other_threads+0x2b9/0x3a0 [ 105.043563] ? __pfx_do_exit+0x10/0x10 [ 105.043577] ? do_group_exit+0x1c3/0x2a0 [ 105.043592] ? _raw_spin_unlock_irq+0x23/0x40 [ 105.043610] do_group_exit+0xd3/0x2a0 [ 105.043625] __x64_sys_exit_group+0x3e/0x50 [ 105.043648] x64_sys_call+0x18c5/0x18d0 [ 105.043664] do_syscall_64+0xbf/0x360 [ 105.043677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.043688] RIP: 0033:0x7f0216885b19 [ 105.043697] Code: Unable to access opcode bytes at 0x7f0216885aef. [ 105.043703] RSP: 002b:00007ffe714d54c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 105.043714] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f0216885b19 [ 105.043722] RDX: 00007f021683872b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 105.043729] RBP: 0000000000000000 R08: 0000001b2d02fb9c R09: 0000000000000000 [ 105.043736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.043743] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe714d55b0 [ 105.043758] [ 105.043762] kmemleak: Object (percpu) 0x607f1a63db20 (size 16): [ 105.043769] kmemleak: comm "syz-executor.4", pid 3979, jiffies 4294771602 [ 105.043776] kmemleak: min_count = 1 [ 105.043780] kmemleak: count = 0 [ 105.043788] kmemleak: flags = 0x21 [ 105.043792] kmemleak: checksum = 0 [ 105.043795] kmemleak: backtrace: [ 105.043799] pcpu_alloc_noprof+0x87a/0x1170 [ 105.043815] mm_init+0x99b/0x1170 [ 105.043823] copy_process+0x3ab7/0x73c0 [ 105.043833] kernel_clone+0xea/0x7f0 [ 105.043843] __do_sys_fork+0x94/0xd0 [ 105.043854] do_syscall_64+0xbf/0x360 [ 105.043863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.063226] kmemleak: Cannot insert 0x607f1a63db28 into the object search tree (overlaps existing) [ 105.063252] CPU: 1 UID: 0 PID: 3979 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 105.063281] Tainted: [W]=WARN [ 105.063289] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.063300] Call Trace: [ 105.063304] [ 105.063310] dump_stack_lvl+0xca/0x120 [ 105.063350] __link_object+0x190/0x210 [ 105.063374] __create_object+0x48/0x80 [ 105.063399] pcpu_alloc_noprof+0x87a/0x1170 [ 105.063441] alloc_netdev_mqs+0x131/0x1360 [ 105.063468] ? __pfx_loopback_setup+0x10/0x10 [ 105.063489] ? __pfx_loopback_net_init+0x10/0x10 [ 105.063504] loopback_net_init+0x38/0x180 [ 105.063525] ? __pfx_loopback_net_init+0x10/0x10 [ 105.063540] ops_init+0x1e1/0x650 [ 105.063555] setup_net+0x10d/0x320 [ 105.063567] ? lockdep_init_map_type+0x4b/0x240 [ 105.063587] ? __pfx_setup_net+0x10/0x10 [ 105.063602] ? debug_mutex_init+0x37/0x70 [ 105.063635] copy_net_ns+0x2e3/0x650 [ 105.063651] create_new_namespaces+0x3f6/0xab0 [ 105.063679] copy_namespaces+0x45c/0x580 [ 105.063699] copy_process+0x2649/0x73c0 [ 105.063714] ? lock_release+0xc8/0x290 [ 105.063739] ? __pfx_copy_process+0x10/0x10 [ 105.063756] ? __might_fault+0xe0/0x190 [ 105.063780] ? _copy_from_user+0x5b/0xd0 [ 105.063811] kernel_clone+0xea/0x7f0 [ 105.063828] ? __pfx_kernel_clone+0x10/0x10 [ 105.063850] ? __pfx_futex_wake+0x10/0x10 [ 105.063874] __do_sys_clone3+0x1f5/0x280 [ 105.063888] ? __pfx___do_sys_clone3+0x10/0x10 [ 105.063913] ? __x64_sys_futex+0x1c9/0x4d0 [ 105.063929] ? __x64_sys_futex+0x1d2/0x4d0 [ 105.063945] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 105.063964] ? __x64_sys_openat+0x142/0x200 [ 105.063985] ? __pfx___x64_sys_futex+0x10/0x10 [ 105.064001] ? xfd_validate_state+0x55/0x180 [ 105.064029] do_syscall_64+0xbf/0x360 [ 105.064045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.064061] RIP: 0033:0x7f3f9696eb19 [ 105.064074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 105.064092] RSP: 002b:00007f3f93ee4188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 105.064108] RAX: ffffffffffffffda RBX: 00007f3f96a81f60 RCX: 00007f3f9696eb19 [ 105.064118] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00000000200002c0 [ 105.064128] RBP: 00007f3f969c8f6d R08: 0000000000000000 R09: 0000000000000000 [ 105.064138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.064147] R13: 00007fffb8035c5f R14: 00007f3f93ee4300 R15: 0000000000022000 [ 105.064165] [ 105.064762] kmemleak: Kernel memory leak detector disabled [ 105.064767] kmemleak: Object (percpu) 0x607f1a63db20 (size 16): [ 105.064776] kmemleak: comm "syz-executor.4", pid 3979, jiffies 4294771602 [ 105.064784] kmemleak: min_count = 1 [ 105.064789] kmemleak: count = 0 [ 105.064793] kmemleak: flags = 0x21 [ 105.064798] kmemleak: checksum = 0 [ 105.064802] kmemleak: backtrace: [ 105.064806] pcpu_alloc_noprof+0x87a/0x1170 [ 105.064826] mm_init+0x99b/0x1170 [ 105.064836] copy_process+0x3ab7/0x73c0 [ 105.064847] kernel_clone+0xea/0x7f0 [ 105.064858] __do_sys_fork+0x94/0xd0 [ 105.064870] do_syscall_64+0xbf/0x360 [ 105.064881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.120630] kmemleak: Found object by alias at 0x607f1a63db2c [ 105.120642] CPU: 1 UID: 0 PID: 66 Comm: kworker/u8:1 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 105.120660] Tainted: [W]=WARN [ 105.120664] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.120671] Workqueue: netns cleanup_net [ 105.120684] Call Trace: [ 105.120688] [ 105.120692] dump_stack_lvl+0xca/0x120 [ 105.120712] __lookup_object+0x94/0xb0 [ 105.120728] delete_object_full+0x27/0x70 [ 105.120744] free_percpu+0x30/0x1160 [ 105.120761] ? xdp_rxq_info_unreg_mem_model+0x78/0x90 [ 105.120787] free_netdev+0x498/0x960 [ 105.120807] netdev_run_todo+0xab0/0xf80 [ 105.120828] ? __pfx_netdev_run_todo+0x10/0x10 [ 105.120849] ? sit_exit_rtnl_net+0x3b4/0x460 [ 105.120863] ? __pfx_nexthop_net_exit_rtnl+0x10/0x10 [ 105.120886] ops_undo_list+0x8e1/0xa50 [ 105.120908] ? __pfx_ops_undo_list+0x10/0x10 [ 105.120927] ? lock_release+0xc8/0x290 [ 105.120939] ? idr_destroy+0x62/0x2c0 [ 105.120958] cleanup_net+0x38d/0x770 [ 105.120969] ? lock_acquire+0x15e/0x2f0 [ 105.120983] ? __pfx_cleanup_net+0x10/0x10 [ 105.121000] process_one_work+0x8e1/0x19c0 [ 105.121022] ? __pfx_process_one_work+0x10/0x10 [ 105.121036] ? move_linked_works+0x172/0x270 [ 105.121058] ? assign_work+0x196/0x240 [ 105.121074] worker_thread+0x67e/0xe90 [ 105.121088] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 105.121105] ? __pfx_worker_thread+0x10/0x10 [ 105.121120] kthread+0x3c8/0x740 [ 105.121133] ? __pfx_kthread+0x10/0x10 [ 105.121145] ? ret_from_fork+0x23/0x430 [ 105.121164] ? lock_release+0xc8/0x290 [ 105.121178] ? __pfx_kthread+0x10/0x10 [ 105.121191] ret_from_fork+0x34b/0x430 [ 105.121208] ? __pfx_kthread+0x10/0x10 [ 105.121221] ret_from_fork_asm+0x1a/0x30 [ 105.121245] [ 105.121249] kmemleak: Object (percpu) 0x607f1a63db20 (size 16): [ 105.121256] kmemleak: comm "syz-executor.4", pid 3979, jiffies 4294771602 [ 105.121263] kmemleak: min_count = 1 [ 105.121267] kmemleak: count = 0 [ 105.121271] kmemleak: flags = 0x21 [ 105.121275] kmemleak: checksum = 0 [ 105.121279] kmemleak: backtrace: [ 105.121281] pcpu_alloc_noprof+0x87a/0x1170 [ 105.121297] mm_init+0x99b/0x1170 [ 105.121305] copy_process+0x3ab7/0x73c0 [ 105.121316] kernel_clone+0xea/0x7f0 [ 105.121326] __do_sys_fork+0x94/0xd0 [ 105.121336] do_syscall_64+0xbf/0x360 [ 105.121346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.158182] kmemleak: Found object by alias at 0x607f1a63db28 [ 105.158194] CPU: 1 UID: 0 PID: 66 Comm: kworker/u8:1 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 105.158211] Tainted: [W]=WARN [ 105.158215] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.158222] Workqueue: netns cleanup_net [ 105.158235] Call Trace: [ 105.158238] [ 105.158243] dump_stack_lvl+0xca/0x120 [ 105.158262] __lookup_object+0x94/0xb0 [ 105.158278] delete_object_full+0x27/0x70 [ 105.158295] free_percpu+0x30/0x1160 [ 105.158311] ? xdp_rxq_info_unreg_mem_model+0x78/0x90 [ 105.158332] free_netdev+0x498/0x960 [ 105.158351] netdev_run_todo+0xab0/0xf80 [ 105.158372] ? __pfx_netdev_run_todo+0x10/0x10 [ 105.158390] ? rtnl_is_locked+0x15/0x20 [ 105.158404] ? unregister_netdevice_queue+0x17f/0x2e0 [ 105.158423] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 105.158447] default_device_exit_batch+0x6e8/0x920 [ 105.158465] ? __pfx___schedule+0x10/0x10 [ 105.158486] ? __pfx_default_device_exit_batch+0x10/0x10 [ 105.158510] ? lock_is_held_type+0x9e/0x120 [ 105.158529] ? __pfx_cfg802154_pernet_exit+0x10/0x10 [ 105.158546] ? __pfx_default_device_exit_batch+0x10/0x10 [ 105.158566] ops_undo_list+0x34c/0xa50 [ 105.158588] ? __pfx_ops_undo_list+0x10/0x10 [ 105.158607] ? lock_release+0xc8/0x290 [ 105.158619] ? idr_destroy+0x62/0x2c0 [ 105.158637] cleanup_net+0x38d/0x770 [ 105.158648] ? lock_acquire+0x15e/0x2f0 [ 105.158662] ? __pfx_cleanup_net+0x10/0x10 [ 105.158679] process_one_work+0x8e1/0x19c0 [ 105.158700] ? __pfx_process_one_work+0x10/0x10 [ 105.158714] ? move_linked_works+0x172/0x270 [ 105.158734] ? assign_work+0x196/0x240 [ 105.158749] worker_thread+0x67e/0xe90 [ 105.158764] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 105.158780] ? __pfx_worker_thread+0x10/0x10 [ 105.158796] kthread+0x3c8/0x740 [ 105.158808] ? __pfx_kthread+0x10/0x10 [ 105.158821] ? ret_from_fork+0x23/0x430 [ 105.158839] ? lock_release+0xc8/0x290 [ 105.158853] ? __pfx_kthread+0x10/0x10 [ 105.158866] ret_from_fork+0x34b/0x430 [ 105.158884] ? __pfx_kthread+0x10/0x10 [ 105.158896] ret_from_fork_asm+0x1a/0x30 [ 105.158920] [ 105.158923] kmemleak: Object (percpu) 0x607f1a63db20 (size 16): [ 105.158930] kmemleak: comm "syz-executor.4", pid 3979, jiffies 4294771602 [ 105.158937] kmemleak: min_count = 1 [ 105.158941] kmemleak: count = 0 [ 105.158945] kmemleak: flags = 0x21 [ 105.158948] kmemleak: checksum = 0 [ 105.158952] kmemleak: backtrace: [ 105.158955] pcpu_alloc_noprof+0x87a/0x1170 [ 105.158971] mm_init+0x99b/0x1170 [ 105.158979] copy_process+0x3ab7/0x73c0 [ 105.158989] kernel_clone+0xea/0x7f0 [ 105.158999] __do_sys_fork+0x94/0xd0 [ 105.159010] do_syscall_64+0xbf/0x360 [ 105.159020] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:30:06 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:06 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:06 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:06 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:06 executing program 2: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) chdir(&(0x7f0000000040)='./file0\x00') 08:30:06 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:06 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:07 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:07 executing program 2: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) chdir(&(0x7f0000000040)='./file0\x00') 08:30:07 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0/../file0/file0\x00', 0x0) 08:30:07 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0/../file0/file0\x00', 0x0) [ 105.366670] kmemleak: Found object by alias at 0x607f1a63db28 [ 105.366695] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 105.366716] Tainted: [W]=WARN [ 105.366720] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.366728] Call Trace: [ 105.366733] [ 105.366738] dump_stack_lvl+0xca/0x120 [ 105.366774] __lookup_object+0x94/0xb0 [ 105.366799] delete_object_full+0x27/0x70 [ 105.366818] free_percpu+0x30/0x1160 [ 105.366838] ? rcu_core+0x7c3/0x1800 [ 105.366856] ? rcu_core+0x7c3/0x1800 [ 105.366871] delayed_free_vfsmnt+0x7e/0xb0 [ 105.366890] rcu_core+0x7c8/0x1800 [ 105.366909] ? __pfx_rcu_core+0x10/0x10 [ 105.366924] ? __pfx___schedule+0x10/0x10 [ 105.366949] handle_softirqs+0x1b1/0x770 [ 105.366974] ? __pfx_run_ksoftirqd+0x10/0x10 [ 105.366993] ? smpboot_thread_fn+0x371/0x9d0 [ 105.367013] run_ksoftirqd+0x2e/0x60 [ 105.367031] smpboot_thread_fn+0x41d/0x9d0 [ 105.367051] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 105.367072] kthread+0x3c8/0x740 [ 105.367087] ? __pfx_kthread+0x10/0x10 [ 105.367100] ? ret_from_fork+0x23/0x430 [ 105.367121] ? lock_release+0xc8/0x290 [ 105.367137] ? __pfx_kthread+0x10/0x10 [ 105.367152] ret_from_fork+0x34b/0x430 [ 105.367170] ? __pfx_kthread+0x10/0x10 [ 105.367184] ret_from_fork_asm+0x1a/0x30 [ 105.367209] [ 105.367213] kmemleak: Object (percpu) 0x607f1a63db20 (size 16): [ 105.367221] kmemleak: comm "syz-executor.4", pid 3979, jiffies 4294771602 [ 105.367230] kmemleak: min_count = 1 [ 105.367234] kmemleak: count = 0 [ 105.367238] kmemleak: flags = 0x21 [ 105.367242] kmemleak: checksum = 0 [ 105.367246] kmemleak: backtrace: [ 105.367250] pcpu_alloc_noprof+0x87a/0x1170 [ 105.367267] mm_init+0x99b/0x1170 [ 105.367278] copy_process+0x3ab7/0x73c0 [ 105.367289] kernel_clone+0xea/0x7f0 [ 105.367300] __do_sys_fork+0x94/0xd0 [ 105.367312] do_syscall_64+0xbf/0x360 [ 105.367323] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:30:07 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0/../file0/file0\x00', 0x0) [ 105.497349] kmemleak: Found object by alias at 0x607f1a63db28 [ 105.497370] CPU: 1 UID: 0 PID: 3995 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 105.497389] Tainted: [W]=WARN [ 105.497393] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.497401] Call Trace: [ 105.497405] [ 105.497410] dump_stack_lvl+0xca/0x120 [ 105.497444] __lookup_object+0x94/0xb0 [ 105.497463] delete_object_full+0x27/0x70 [ 105.497480] free_percpu+0x30/0x1160 [ 105.497498] ? arch_uprobe_clear_state+0x16/0x140 [ 105.497519] futex_hash_free+0x38/0xc0 [ 105.497535] mmput+0x2d3/0x390 [ 105.497555] do_exit+0x79d/0x2970 [ 105.497569] ? lock_release+0xc8/0x290 [ 105.497585] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 105.497600] ? __pfx_do_exit+0x10/0x10 [ 105.497615] ? find_held_lock+0x2b/0x80 [ 105.497632] ? get_signal+0x835/0x2340 [ 105.497653] do_group_exit+0xd3/0x2a0 [ 105.497669] get_signal+0x2315/0x2340 [ 105.497687] ? task_mm_cid_work+0x66a/0x840 [ 105.497710] ? __pfx_get_signal+0x10/0x10 [ 105.497726] ? do_futex+0x135/0x370 [ 105.497740] ? __pfx_do_futex+0x10/0x10 [ 105.497756] arch_do_signal_or_restart+0x80/0x790 [ 105.497775] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 105.497797] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 105.497810] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 105.497823] ? __pfx___x64_sys_futex+0x10/0x10 [ 105.497837] ? xfd_validate_state+0x55/0x180 [ 105.497858] exit_to_user_mode_loop+0x8b/0x110 [ 105.497872] do_syscall_64+0x2f7/0x360 [ 105.497885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.497898] RIP: 0033:0x7f0216885b19 [ 105.497907] Code: Unable to access opcode bytes at 0x7f0216885aef. [ 105.497913] RSP: 002b:00007f0213dfb218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 105.497925] RAX: fffffffffffffe00 RBX: 00007f0216998f68 RCX: 00007f0216885b19 [ 105.497933] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0216998f68 [ 105.497940] RBP: 00007f0216998f60 R08: 0000000000000000 R09: 0000000000000000 [ 105.497947] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0216998f6c [ 105.497955] R13: 00007ffe714d529f R14: 00007f0213dfb300 R15: 0000000000022000 [ 105.497971] [ 105.497975] kmemleak: Object (percpu) 0x607f1a63db20 (size 16): [ 105.497982] kmemleak: comm "syz-executor.4", pid 3979, jiffies 4294771602 [ 105.497989] kmemleak: min_count = 1 [ 105.497993] kmemleak: count = 0 [ 105.497997] kmemleak: flags = 0x21 [ 105.498001] kmemleak: checksum = 0 [ 105.498005] kmemleak: backtrace: [ 105.498008] pcpu_alloc_noprof+0x87a/0x1170 [ 105.498024] mm_init+0x99b/0x1170 [ 105.498032] copy_process+0x3ab7/0x73c0 [ 105.498043] kernel_clone+0xea/0x7f0 [ 105.498053] __do_sys_fork+0x94/0xd0 [ 105.498064] do_syscall_64+0xbf/0x360 [ 105.498074] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:30:07 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0/../file0/file0\x00', 0x0) 08:30:07 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(r0, 0x4b63, 0x0) 08:30:07 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:07 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0/../file0/file0\x00', 0x0) [ 105.671971] kmemleak: Found object by alias at 0x607f1a63db28 [ 105.671990] CPU: 1 UID: 0 PID: 4029 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 105.672013] Tainted: [W]=WARN [ 105.672017] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.672024] Call Trace: [ 105.672028] [ 105.672033] dump_stack_lvl+0xca/0x120 [ 105.672060] __lookup_object+0x94/0xb0 [ 105.672078] delete_object_full+0x27/0x70 [ 105.672095] free_percpu+0x30/0x1160 [ 105.672112] ? arch_uprobe_clear_state+0x16/0x140 [ 105.672134] futex_hash_free+0x38/0xc0 [ 105.672149] mmput+0x2d3/0x390 [ 105.672168] do_exit+0x79d/0x2970 [ 105.672182] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 105.672197] ? zap_other_threads+0x2b9/0x3a0 [ 105.672215] ? __pfx_do_exit+0x10/0x10 [ 105.672228] ? do_group_exit+0x1c3/0x2a0 [ 105.672243] ? _raw_spin_unlock_irq+0x23/0x40 [ 105.672262] do_group_exit+0xd3/0x2a0 [ 105.672277] __x64_sys_exit_group+0x3e/0x50 [ 105.672291] x64_sys_call+0x18c5/0x18d0 [ 105.672308] do_syscall_64+0xbf/0x360 [ 105.672321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.672333] RIP: 0033:0x7f0216885b19 [ 105.672342] Code: Unable to access opcode bytes at 0x7f0216885aef. [ 105.672348] RSP: 002b:00007ffe714d54c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 105.672359] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f0216885b19 [ 105.672367] RDX: 00007f021683872b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 105.672374] RBP: 0000000000000000 R08: 00007f021699dad0 R09: 0000000000000001 [ 105.672381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.672388] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffe714d55b0 [ 105.672403] [ 105.672407] kmemleak: Object (percpu) 0x607f1a63db20 (size 16): [ 105.672414] kmemleak: comm "syz-executor.4", pid 3979, jiffies 4294771602 [ 105.672421] kmemleak: min_count = 1 [ 105.672425] kmemleak: count = 0 [ 105.672429] kmemleak: flags = 0x21 [ 105.672433] kmemleak: checksum = 0 [ 105.672436] kmemleak: backtrace: [ 105.672440] pcpu_alloc_noprof+0x87a/0x1170 [ 105.672456] mm_init+0x99b/0x1170 [ 105.672464] copy_process+0x3ab7/0x73c0 [ 105.672474] kernel_clone+0xea/0x7f0 [ 105.672484] __do_sys_fork+0x94/0xd0 [ 105.672495] do_syscall_64+0xbf/0x360 [ 105.672504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.710767] kmemleak: Found object by alias at 0x607f1a63db24 [ 105.710786] CPU: 1 UID: 0 PID: 4000 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 105.710806] Tainted: [W]=WARN [ 105.710810] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.710817] Call Trace: [ 105.710821] [ 105.710826] dump_stack_lvl+0xca/0x120 [ 105.710848] __lookup_object+0x94/0xb0 [ 105.710865] delete_object_full+0x27/0x70 [ 105.710882] free_percpu+0x30/0x1160 [ 105.710897] ? arch_uprobe_clear_state+0x16/0x140 [ 105.710916] futex_hash_free+0x38/0xc0 [ 105.710930] mmput+0x2d3/0x390 [ 105.710949] do_exit+0x79d/0x2970 [ 105.710962] ? lock_release+0xc8/0x290 [ 105.710978] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 105.710991] ? __pfx_do_exit+0x10/0x10 [ 105.711006] ? find_held_lock+0x2b/0x80 [ 105.711023] ? get_signal+0x835/0x2340 [ 105.711043] do_group_exit+0xd3/0x2a0 [ 105.711059] get_signal+0x2315/0x2340 [ 105.711077] ? task_mm_cid_work+0x66a/0x840 [ 105.711100] ? __pfx_get_signal+0x10/0x10 [ 105.711116] ? do_futex+0x135/0x370 [ 105.711130] ? __pfx_do_futex+0x10/0x10 [ 105.711145] arch_do_signal_or_restart+0x80/0x790 [ 105.711164] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 105.711181] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 105.711194] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 105.711207] ? __pfx___x64_sys_futex+0x10/0x10 [ 105.711221] ? xfd_validate_state+0x55/0x180 [ 105.711242] exit_to_user_mode_loop+0x8b/0x110 [ 105.711256] do_syscall_64+0x2f7/0x360 [ 105.711269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.711280] RIP: 0033:0x7f48721a8b19 [ 105.711289] Code: Unable to access opcode bytes at 0x7f48721a8aef. [ 105.711295] RSP: 002b:00007f486f71e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 105.711306] RAX: fffffffffffffe00 RBX: 00007f48722bbf68 RCX: 00007f48721a8b19 [ 105.711314] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f48722bbf68 [ 105.711321] RBP: 00007f48722bbf60 R08: 0000000000000000 R09: 0000000000000000 [ 105.711329] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f48722bbf6c [ 105.711336] R13: 00007ffe91100e4f R14: 00007f486f71e300 R15: 0000000000022000 [ 105.711351] [ 105.711355] kmemleak: Object (percpu) 0x607f1a63db20 (size 16): [ 105.711362] kmemleak: comm "syz-executor.4", pid 3979, jiffies 4294771602 [ 105.711369] kmemleak: min_count = 1 [ 105.711373] kmemleak: count = 0 [ 105.711377] kmemleak: flags = 0x21 [ 105.711381] kmemleak: checksum = 0 [ 105.711384] kmemleak: backtrace: [ 105.711388] pcpu_alloc_noprof+0x87a/0x1170 [ 105.711403] mm_init+0x99b/0x1170 [ 105.711412] copy_process+0x3ab7/0x73c0 [ 105.711422] kernel_clone+0xea/0x7f0 [ 105.711432] __do_sys_fork+0x94/0xd0 [ 105.711443] do_syscall_64+0xbf/0x360 [ 105.711452] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:30:07 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:07 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:07 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(r0, 0x4b63, 0x0) 08:30:07 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 105.804330] ------------[ cut here ]------------ [ 105.804834] WARNING: fs/namespace.c:1375 at cleanup_mnt+0x33f/0x430, CPU#0: syz-executor.2/281 [ 105.805554] Modules linked in: [ 105.806081] CPU: 0 UID: 0 PID: 281 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 105.807950] Tainted: [W]=WARN [ 105.808782] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.810564] RIP: 0010:cleanup_mnt+0x33f/0x430 [ 105.811564] Code: c7 20 49 d1 85 e8 41 b3 fa 02 49 8d 7d 40 5b 48 c7 c6 d0 fa be 81 5d 41 5c 41 5d 41 5e 41 5f e9 97 9a 9c ff e8 f2 3c b4 ff 90 <0f> 0b 90 e9 e6 fc ff ff e8 e4 3c b4 ff 4c 89 ef e8 6c d7 06 00 e9 [ 105.816025] RSP: 0018:ffff8880168dfe20 EFLAGS: 00010293 [ 105.816756] RAX: 0000000000000000 RBX: 00000000fffffff8 RCX: ffffffff81bfb6a5 [ 105.817346] RDX: ffff888015625280 RSI: ffffffff81bfb9be RDI: 0000000000000005 [ 105.817939] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 105.818506] R10: 00000000fffffff8 R11: 0000000000000001 R12: ffff888015625b58 [ 105.819100] R13: ffff88801b7d3c00 R14: 0000000000000001 R15: ffff88801b7d3c40 [ 105.819684] FS: 0000555557964400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 105.820355] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.820844] CR2: 00007f139f93a718 CR3: 000000003944d000 CR4: 0000000000350ef0 [ 105.821414] Call Trace: [ 105.821636] [ 105.821854] task_work_run+0x172/0x280 [ 105.822183] ? __pfx_task_work_run+0x10/0x10 [ 105.822545] ? __x64_sys_umount+0x114/0x190 [ 105.822926] ? __pfx___x64_sys_umount+0x10/0x10 [ 105.823320] exit_to_user_mode_loop+0xef/0x110 [ 105.823704] do_syscall_64+0x2f7/0x360 [ 105.824054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.824479] RIP: 0033:0x7f3ddfe2ff87 [ 105.824814] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 105.826293] RSP: 002b:00007fffd2b7f1f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 105.826927] RAX: 0000000000000000 RBX: 0000000000000019 RCX: 00007f3ddfe2ff87 [ 105.827498] RDX: 00007fffd2b7f2ca RSI: 000000000000000a RDI: 00007fffd2b7f2c0 [ 105.828100] RBP: 00007fffd2b7f2c0 R08: 00000000ffffffff R09: 00007fffd2b7f090 [ 105.828677] R10: 0000555557965c7b R11: 0000000000000246 R12: 00007f3ddfe88105 [ 105.829276] R13: 00007fffd2b80380 R14: 0000555557965c20 R15: 00007fffd2b803c0 [ 105.829882] [ 105.830078] irq event stamp: 168803 [ 105.830370] hardirqs last enabled at (168811): [] __up_console_sem+0x78/0x80 [ 105.831103] hardirqs last disabled at (168820): [] __up_console_sem+0x5d/0x80 [ 105.831868] softirqs last enabled at (168534): [] handle_softirqs+0x50c/0x770 [ 105.832578] softirqs last disabled at (168529): [] __irq_exit_rcu+0xc4/0x100 [ 105.833301] ---[ end trace 0000000000000000 ]--- 08:30:07 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:07 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:07 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0/../file0/file0\x00', 0x0) 08:30:07 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:07 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(r0, 0x4b63, 0x0) 08:30:07 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:07 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:07 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(r0, 0x4b63, 0x0) 08:30:07 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(r0, 0x4b63, 0x0) 08:30:07 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(r0, 0x4b63, 0x0) 08:30:07 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(r0, 0x4b63, 0x0) 08:30:07 executing program 2: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) fcntl$setstatus(r0, 0x4, 0x42400) write(r0, 0x0, 0x6) 08:30:07 executing program 5: syz_mount_image$nfs4(&(0x7f0000000000), &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001500)={[{'port'}]}) [ 106.252929] nfs4: Bad value for 'port' [ 106.254519] nfs4: Bad value for 'port' 08:30:08 executing program 2: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) fcntl$setstatus(r0, 0x4, 0x42400) write(r0, 0x0, 0x6) 08:30:08 executing program 4: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) fcntl$setstatus(r0, 0x4, 0x42400) write(r0, 0x0, 0x6) 08:30:08 executing program 5: syz_mount_image$nfs4(&(0x7f0000000000), &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001500)={[{'port'}]}) [ 106.319452] nfs4: Bad value for 'port' 08:30:08 executing program 4: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) fcntl$setstatus(r0, 0x4, 0x42400) write(r0, 0x0, 0x6) 08:30:08 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) listen(r0, 0x0) 08:30:08 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:08 executing program 4: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) fcntl$setstatus(r0, 0x4, 0x42400) write(r0, 0x0, 0x6) 08:30:08 executing program 2: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) fcntl$setstatus(r0, 0x4, 0x42400) write(r0, 0x0, 0x6) 08:30:08 executing program 5: syz_mount_image$nfs4(&(0x7f0000000000), &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001500)={[{'port'}]}) 08:30:08 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), 0x0) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x12f1) r3 = fork() r4 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs$namespace(r4, &(0x7f0000000000)='ns/pid_for_children\x00') ioprio_get$pid(0x2, r4) ptrace(0x10, r3) ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0)) wait4(0x0, 0x0, 0x2, &(0x7f0000000300)) r5 = fork() r6 = memfd_secret(0x80000) fcntl$lock(r6, 0x25, &(0x7f0000000080)={0x2, 0x2, 0x3aa8, 0x6, r3}) clone3(&(0x7f0000003cc0)={0x1108800, &(0x7f0000002b00), &(0x7f0000003e00), &(0x7f0000002c80), {0xb}, &(0x7f0000002bc0)=""/169, 0xa9, &(0x7f0000003e40)=""/4096, &(0x7f0000002b40)=[0x0, 0xffffffffffffffff, r2, 0x0, 0x0, r5, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x9, {r1}}, 0x58) openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:30:08 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000400)={0x0, 0x0, 0x8, 0x1d, 0x0, &(0x7f0000000000)="8ba6c5532a6626bb0126f29951fb2359a2c841d94be994ddf2def7ff0755b21363fd41aeaf30ad72dfb2689714e968c789a57547be01f2d2ce0eda91e0f01db465a1298ebd5952f543727fa1bd21488d89054723d31224c6734b88e4c99849c87e130f91bc1d8af167b5a13cc2ca3ea3a6fd7fc97b7539e522127d58f8ddbc6b0482ae37f8045570f0094f8960190faa425119f7a27a83539c27ceef783050dabd6bd32b0a7b35db998e665e3c78bada2a3b039492be1edbc9faa2ca0c229bdd3ad9f2074cc33e611ecb931d57c1abea3b16736060d970c9dbd44c60a88bb912ba2d50a80fc773885f435d3f49fd118a7eaa4400e4837e889743c06075e314b560800ab83466e56b9c6c8e7edf7f1e2f88dd6abc77e27e5fd2a70d30e8ce65767cd96fa5a1e5b6fd7d941edbf7c95afc142b3aed0169fe164579a8d28dc60c2a9c0524b80bd2050093af367a4c945539e945e9fe5951cd65ea25ec21d6dc03d7d32a355f5855389c168d0459b888d8b6aeb3f4480f2d26da5d627e17f7dc1bdb2d62523e33cfaee8e8287e280e6826958705dbfa28257f62ca1a20cb87fdf16adf9258315ea767c67b6a30e7d9757eacf2fc6185bfa9cad388ecebfbc3bef173b1f05d7588a9a908d4a55a0c5aed9df4c9324ca3deadbd1e72a0794e320c6e9bcd44013b29a4626bb0905544734cde8cc7ddb3cbf63533f00110456232f97552f7aa14f1255277076bfebe98d89129a79c9ddf1e2d9dafc4dc1dd11af24a62bfb6cb8c156d12f0af78f9ed3dd54e480c26419b6278add8e86f955cea0285334b8562700f3a5fa69b6bb4b057f5056610c8c720dad0dc304f3d7e18a413e2b8e1dfaf981464800ccf8bdcbe3e1dfa35a6a014048048ec322a7a0d8c0baf6a9c3bb3ef61a479bc9f068dc5f9930160a4a580a2a9103f26a17df6c3ba5f182c1d8c36b19498547b1bc3d54abbddedcf8b7b7027b52b44836edb11034efa7f233dfdc0028e1da24a9b31892928aec50161977131b9d8eac28ecc1a52fe52e91759a176786944a7341dad28c12ada6742b7b1ece73ca4b5acf7ff937f80cd74c3269cf89a08bd472c10cc7f676f82daecd49f8dfa3ea7b0442e41010dc8cbbb746e64808fa52ce26cffcd90703a29dc9d359ed62a2bedeededccb83c55995c98f60023a76eaab2aec35372ccdd5a6e71310b1f5c9625592b9e83ede2b14263b09bac691d27f5440b647ccbbcbfcf824311240bf4a6b10f6e3dfde76980ca70c8270b28010baa666fee9b0be98e984d50967b066eedd620d78d3e57f3597865a0d8a41aba55bb5e24526352c2d3e06f46e6607d120afeee921e005e8c16b92baf1a75ea6a5860d817c1f8468155d078257d9ecb0b54b9d4bc824f8930840208be1dd8ef9c36feca799aa77f4997a0dbb10ace1a75172916a2697e8c7498db1d759ad96"}) [ 106.494525] nfs4: Bad value for 'port' 08:30:08 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$sock_linger(r0, 0x1, 0x4b, 0x0, &(0x7f0000000140)) 08:30:08 executing program 2: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) fcntl$setstatus(r0, 0x4, 0x42400) write(r0, 0x0, 0x6) [ 106.731768] kmemleak: Automatic memory scanning thread ended 08:30:08 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) listen(r0, 0x0) 08:30:08 executing program 5: syz_mount_image$nfs4(&(0x7f0000000000), &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001500)={[{'port'}]}) 08:30:08 executing program 2: r0 = memfd_create(&(0x7f0000000040)='*!\x00', 0x0) ftruncate(r0, 0xdc06) r1 = eventfd2(0x0, 0x0) sendfile(r1, r0, 0x0, 0x80) 08:30:08 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000400)={0x0, 0x0, 0x8, 0x1d, 0x0, &(0x7f0000000000)="8ba6c5532a6626bb0126f29951fb2359a2c841d94be994ddf2def7ff0755b21363fd41aeaf30ad72dfb2689714e968c789a57547be01f2d2ce0eda91e0f01db465a1298ebd5952f543727fa1bd21488d89054723d31224c6734b88e4c99849c87e130f91bc1d8af167b5a13cc2ca3ea3a6fd7fc97b7539e522127d58f8ddbc6b0482ae37f8045570f0094f8960190faa425119f7a27a83539c27ceef783050dabd6bd32b0a7b35db998e665e3c78bada2a3b039492be1edbc9faa2ca0c229bdd3ad9f2074cc33e611ecb931d57c1abea3b16736060d970c9dbd44c60a88bb912ba2d50a80fc773885f435d3f49fd118a7eaa4400e4837e889743c06075e314b560800ab83466e56b9c6c8e7edf7f1e2f88dd6abc77e27e5fd2a70d30e8ce65767cd96fa5a1e5b6fd7d941edbf7c95afc142b3aed0169fe164579a8d28dc60c2a9c0524b80bd2050093af367a4c945539e945e9fe5951cd65ea25ec21d6dc03d7d32a355f5855389c168d0459b888d8b6aeb3f4480f2d26da5d627e17f7dc1bdb2d62523e33cfaee8e8287e280e6826958705dbfa28257f62ca1a20cb87fdf16adf9258315ea767c67b6a30e7d9757eacf2fc6185bfa9cad388ecebfbc3bef173b1f05d7588a9a908d4a55a0c5aed9df4c9324ca3deadbd1e72a0794e320c6e9bcd44013b29a4626bb0905544734cde8cc7ddb3cbf63533f00110456232f97552f7aa14f1255277076bfebe98d89129a79c9ddf1e2d9dafc4dc1dd11af24a62bfb6cb8c156d12f0af78f9ed3dd54e480c26419b6278add8e86f955cea0285334b8562700f3a5fa69b6bb4b057f5056610c8c720dad0dc304f3d7e18a413e2b8e1dfaf981464800ccf8bdcbe3e1dfa35a6a014048048ec322a7a0d8c0baf6a9c3bb3ef61a479bc9f068dc5f9930160a4a580a2a9103f26a17df6c3ba5f182c1d8c36b19498547b1bc3d54abbddedcf8b7b7027b52b44836edb11034efa7f233dfdc0028e1da24a9b31892928aec50161977131b9d8eac28ecc1a52fe52e91759a176786944a7341dad28c12ada6742b7b1ece73ca4b5acf7ff937f80cd74c3269cf89a08bd472c10cc7f676f82daecd49f8dfa3ea7b0442e41010dc8cbbb746e64808fa52ce26cffcd90703a29dc9d359ed62a2bedeededccb83c55995c98f60023a76eaab2aec35372ccdd5a6e71310b1f5c9625592b9e83ede2b14263b09bac691d27f5440b647ccbbcbfcf824311240bf4a6b10f6e3dfde76980ca70c8270b28010baa666fee9b0be98e984d50967b066eedd620d78d3e57f3597865a0d8a41aba55bb5e24526352c2d3e06f46e6607d120afeee921e005e8c16b92baf1a75ea6a5860d817c1f8468155d078257d9ecb0b54b9d4bc824f8930840208be1dd8ef9c36feca799aa77f4997a0dbb10ace1a75172916a2697e8c7498db1d759ad96"}) 08:30:08 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$sock_linger(r0, 0x1, 0x4b, 0x0, &(0x7f0000000140)) [ 106.870890] nfs4: Bad value for 'port' 08:30:08 executing program 6: getsockname$packet(0xffffffffffffffff, 0x0, 0x0) 08:30:08 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) listen(r0, 0x0) 08:30:08 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736602106c00080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="0000000072724161140000000b000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f736602106c00080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e980325132510000e980325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100079e970325132510000e970325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200079e970325132510000e970325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200079e970325132510000e970325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200079e970325132510000e97032510b0064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e20202020202020202020100079e970325132510000e97032510300000000002e2e202020202020202020100079e970325132510000e970325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200079e970325132510000e970325104001a040000", 0x80, 0x11800}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x12000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0x12800}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x15800}], 0x0, &(0x7f0000011000)) 08:30:08 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 08:30:08 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000400)={0x0, 0x0, 0x8, 0x1d, 0x0, &(0x7f0000000000)="8ba6c5532a6626bb0126f29951fb2359a2c841d94be994ddf2def7ff0755b21363fd41aeaf30ad72dfb2689714e968c789a57547be01f2d2ce0eda91e0f01db465a1298ebd5952f543727fa1bd21488d89054723d31224c6734b88e4c99849c87e130f91bc1d8af167b5a13cc2ca3ea3a6fd7fc97b7539e522127d58f8ddbc6b0482ae37f8045570f0094f8960190faa425119f7a27a83539c27ceef783050dabd6bd32b0a7b35db998e665e3c78bada2a3b039492be1edbc9faa2ca0c229bdd3ad9f2074cc33e611ecb931d57c1abea3b16736060d970c9dbd44c60a88bb912ba2d50a80fc773885f435d3f49fd118a7eaa4400e4837e889743c06075e314b560800ab83466e56b9c6c8e7edf7f1e2f88dd6abc77e27e5fd2a70d30e8ce65767cd96fa5a1e5b6fd7d941edbf7c95afc142b3aed0169fe164579a8d28dc60c2a9c0524b80bd2050093af367a4c945539e945e9fe5951cd65ea25ec21d6dc03d7d32a355f5855389c168d0459b888d8b6aeb3f4480f2d26da5d627e17f7dc1bdb2d62523e33cfaee8e8287e280e6826958705dbfa28257f62ca1a20cb87fdf16adf9258315ea767c67b6a30e7d9757eacf2fc6185bfa9cad388ecebfbc3bef173b1f05d7588a9a908d4a55a0c5aed9df4c9324ca3deadbd1e72a0794e320c6e9bcd44013b29a4626bb0905544734cde8cc7ddb3cbf63533f00110456232f97552f7aa14f1255277076bfebe98d89129a79c9ddf1e2d9dafc4dc1dd11af24a62bfb6cb8c156d12f0af78f9ed3dd54e480c26419b6278add8e86f955cea0285334b8562700f3a5fa69b6bb4b057f5056610c8c720dad0dc304f3d7e18a413e2b8e1dfaf981464800ccf8bdcbe3e1dfa35a6a014048048ec322a7a0d8c0baf6a9c3bb3ef61a479bc9f068dc5f9930160a4a580a2a9103f26a17df6c3ba5f182c1d8c36b19498547b1bc3d54abbddedcf8b7b7027b52b44836edb11034efa7f233dfdc0028e1da24a9b31892928aec50161977131b9d8eac28ecc1a52fe52e91759a176786944a7341dad28c12ada6742b7b1ece73ca4b5acf7ff937f80cd74c3269cf89a08bd472c10cc7f676f82daecd49f8dfa3ea7b0442e41010dc8cbbb746e64808fa52ce26cffcd90703a29dc9d359ed62a2bedeededccb83c55995c98f60023a76eaab2aec35372ccdd5a6e71310b1f5c9625592b9e83ede2b14263b09bac691d27f5440b647ccbbcbfcf824311240bf4a6b10f6e3dfde76980ca70c8270b28010baa666fee9b0be98e984d50967b066eedd620d78d3e57f3597865a0d8a41aba55bb5e24526352c2d3e06f46e6607d120afeee921e005e8c16b92baf1a75ea6a5860d817c1f8468155d078257d9ecb0b54b9d4bc824f8930840208be1dd8ef9c36feca799aa77f4997a0dbb10ace1a75172916a2697e8c7498db1d759ad96"}) [ 106.949753] loop1: detected capacity change from 0 to 344 08:30:08 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$sock_linger(r0, 0x1, 0x4b, 0x0, &(0x7f0000000140)) 08:30:08 executing program 2: r0 = memfd_create(&(0x7f0000000040)='*!\x00', 0x0) ftruncate(r0, 0xdc06) r1 = eventfd2(0x0, 0x0) sendfile(r1, r0, 0x0, 0x80) 08:30:08 executing program 6: getsockname$packet(0xffffffffffffffff, 0x0, 0x0) 08:30:08 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736602106c00080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="0000000072724161140000000b000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f736602106c00080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e980325132510000e980325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100079e970325132510000e970325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200079e970325132510000e970325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200079e970325132510000e970325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200079e970325132510000e97032510b0064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e20202020202020202020100079e970325132510000e97032510300000000002e2e202020202020202020100079e970325132510000e970325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200079e970325132510000e970325104001a040000", 0x80, 0x11800}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x12000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0x12800}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x15800}], 0x0, &(0x7f0000011000)) [ 107.076528] loop1: detected capacity change from 0 to 344 08:30:08 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000400)={0x0, 0x0, 0x8, 0x1d, 0x0, &(0x7f0000000000)="8ba6c5532a6626bb0126f29951fb2359a2c841d94be994ddf2def7ff0755b21363fd41aeaf30ad72dfb2689714e968c789a57547be01f2d2ce0eda91e0f01db465a1298ebd5952f543727fa1bd21488d89054723d31224c6734b88e4c99849c87e130f91bc1d8af167b5a13cc2ca3ea3a6fd7fc97b7539e522127d58f8ddbc6b0482ae37f8045570f0094f8960190faa425119f7a27a83539c27ceef783050dabd6bd32b0a7b35db998e665e3c78bada2a3b039492be1edbc9faa2ca0c229bdd3ad9f2074cc33e611ecb931d57c1abea3b16736060d970c9dbd44c60a88bb912ba2d50a80fc773885f435d3f49fd118a7eaa4400e4837e889743c06075e314b560800ab83466e56b9c6c8e7edf7f1e2f88dd6abc77e27e5fd2a70d30e8ce65767cd96fa5a1e5b6fd7d941edbf7c95afc142b3aed0169fe164579a8d28dc60c2a9c0524b80bd2050093af367a4c945539e945e9fe5951cd65ea25ec21d6dc03d7d32a355f5855389c168d0459b888d8b6aeb3f4480f2d26da5d627e17f7dc1bdb2d62523e33cfaee8e8287e280e6826958705dbfa28257f62ca1a20cb87fdf16adf9258315ea767c67b6a30e7d9757eacf2fc6185bfa9cad388ecebfbc3bef173b1f05d7588a9a908d4a55a0c5aed9df4c9324ca3deadbd1e72a0794e320c6e9bcd44013b29a4626bb0905544734cde8cc7ddb3cbf63533f00110456232f97552f7aa14f1255277076bfebe98d89129a79c9ddf1e2d9dafc4dc1dd11af24a62bfb6cb8c156d12f0af78f9ed3dd54e480c26419b6278add8e86f955cea0285334b8562700f3a5fa69b6bb4b057f5056610c8c720dad0dc304f3d7e18a413e2b8e1dfaf981464800ccf8bdcbe3e1dfa35a6a014048048ec322a7a0d8c0baf6a9c3bb3ef61a479bc9f068dc5f9930160a4a580a2a9103f26a17df6c3ba5f182c1d8c36b19498547b1bc3d54abbddedcf8b7b7027b52b44836edb11034efa7f233dfdc0028e1da24a9b31892928aec50161977131b9d8eac28ecc1a52fe52e91759a176786944a7341dad28c12ada6742b7b1ece73ca4b5acf7ff937f80cd74c3269cf89a08bd472c10cc7f676f82daecd49f8dfa3ea7b0442e41010dc8cbbb746e64808fa52ce26cffcd90703a29dc9d359ed62a2bedeededccb83c55995c98f60023a76eaab2aec35372ccdd5a6e71310b1f5c9625592b9e83ede2b14263b09bac691d27f5440b647ccbbcbfcf824311240bf4a6b10f6e3dfde76980ca70c8270b28010baa666fee9b0be98e984d50967b066eedd620d78d3e57f3597865a0d8a41aba55bb5e24526352c2d3e06f46e6607d120afeee921e005e8c16b92baf1a75ea6a5860d817c1f8468155d078257d9ecb0b54b9d4bc824f8930840208be1dd8ef9c36feca799aa77f4997a0dbb10ace1a75172916a2697e8c7498db1d759ad96"}) 08:30:08 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 08:30:08 executing program 5: r0 = memfd_create(&(0x7f0000000040)='*!\x00', 0x0) ftruncate(r0, 0xdc06) r1 = eventfd2(0x0, 0x0) sendfile(r1, r0, 0x0, 0x80) 08:30:08 executing program 2: r0 = memfd_create(&(0x7f0000000040)='*!\x00', 0x0) ftruncate(r0, 0xdc06) r1 = eventfd2(0x0, 0x0) sendfile(r1, r0, 0x0, 0x80) 08:30:08 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) listen(r0, 0x0) 08:30:08 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$sock_linger(r0, 0x1, 0x4b, 0x0, &(0x7f0000000140)) 08:30:08 executing program 6: getsockname$packet(0xffffffffffffffff, 0x0, 0x0) 08:30:08 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736602106c00080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="0000000072724161140000000b000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f736602106c00080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e980325132510000e980325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100079e970325132510000e970325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200079e970325132510000e970325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200079e970325132510000e970325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200079e970325132510000e97032510b0064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e20202020202020202020100079e970325132510000e97032510300000000002e2e202020202020202020100079e970325132510000e970325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200079e970325132510000e970325104001a040000", 0x80, 0x11800}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x12000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0x12800}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x15800}], 0x0, &(0x7f0000011000)) [ 107.200291] loop1: detected capacity change from 0 to 344 08:30:09 executing program 6: getsockname$packet(0xffffffffffffffff, 0x0, 0x0) 08:30:09 executing program 3: r0 = memfd_create(&(0x7f0000000040)='*!\x00', 0x0) ftruncate(r0, 0xdc06) r1 = eventfd2(0x0, 0x0) sendfile(r1, r0, 0x0, 0x80) 08:30:09 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736602106c00080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="0000000072724161140000000b000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f736602106c00080120000200004000f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0f0700000008000000090000000a000000ffffff0fffffff0f00"/64, 0x40, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e980325132510000e980325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100079e970325132510000e970325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200079e970325132510000e970325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200079e970325132510000e970325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200079e970325132510000e97032510b0064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e20202020202020202020100079e970325132510000e97032510300000000002e2e202020202020202020100079e970325132510000e970325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200079e970325132510000e970325104001a040000", 0x80, 0x11800}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x12000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0x12800}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x15800}], 0x0, &(0x7f0000011000)) 08:30:09 executing program 2: r0 = memfd_create(&(0x7f0000000040)='*!\x00', 0x0) ftruncate(r0, 0xdc06) r1 = eventfd2(0x0, 0x0) sendfile(r1, r0, 0x0, 0x80) 08:30:09 executing program 5: r0 = memfd_create(&(0x7f0000000040)='*!\x00', 0x0) ftruncate(r0, 0xdc06) r1 = eventfd2(0x0, 0x0) sendfile(r1, r0, 0x0, 0x80) 08:30:09 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 08:30:09 executing program 3: r0 = memfd_create(&(0x7f0000000040)='*!\x00', 0x0) ftruncate(r0, 0xdc06) r1 = eventfd2(0x0, 0x0) sendfile(r1, r0, 0x0, 0x80) [ 107.326637] loop1: detected capacity change from 0 to 344 08:30:09 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMREADMODE1(r0, 0x324, &(0x7f0000000400)) 08:30:09 executing program 7: openat$null(0xffffffffffffff9c, &(0x7f00000004c0), 0xd7351913da770f2d, 0x0) 08:30:09 executing program 3: r0 = memfd_create(&(0x7f0000000040)='*!\x00', 0x0) ftruncate(r0, 0xdc06) r1 = eventfd2(0x0, 0x0) sendfile(r1, r0, 0x0, 0x80) 08:30:09 executing program 5: r0 = memfd_create(&(0x7f0000000040)='*!\x00', 0x0) ftruncate(r0, 0xdc06) r1 = eventfd2(0x0, 0x0) sendfile(r1, r0, 0x0, 0x80) 08:30:09 executing program 7: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000140)=r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) 08:30:09 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMREADMODE1(r0, 0x324, &(0x7f0000000400)) 08:30:09 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) 08:30:09 executing program 7: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000140)=r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) 08:30:09 executing program 6: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000140)=r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) 08:30:09 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) 08:30:09 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000006840)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0}}], 0x1, 0x24044054) sendmmsg$inet6(r0, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) connect(r0, &(0x7f0000000400)=@un=@abs, 0x80) 08:30:09 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f00000051c0)={0x0, {{0xa, 0x0, 0x0, @private2}}}, 0x88) 08:30:09 executing program 5: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)) chmod(&(0x7f0000000180)='./file0\x00', 0x10) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) chown(&(0x7f0000000000)='./file0\x00', 0xee01, 0xee00) fchmodat(r0, &(0x7f00000044c0)='./file0\x00', 0x0) [ 107.677404] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 08:30:09 executing program 6: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000140)=r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) 08:30:09 executing program 7: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000140)=r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) 08:30:09 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f00000051c0)={0x0, {{0xa, 0x0, 0x0, @private2}}}, 0x88) 08:30:09 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) 08:30:09 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMREADMODE1(r0, 0x324, &(0x7f0000000400)) 08:30:09 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, &(0x7f0000000000)=0x6, 0x7, 0x2) 08:30:09 executing program 5: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)) chmod(&(0x7f0000000180)='./file0\x00', 0x10) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) chown(&(0x7f0000000000)='./file0\x00', 0xee01, 0xee00) fchmodat(r0, &(0x7f00000044c0)='./file0\x00', 0x0) 08:30:09 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) 08:30:09 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000006840)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0}}], 0x1, 0x24044054) sendmmsg$inet6(r0, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) connect(r0, &(0x7f0000000400)=@un=@abs, 0x80) 08:30:09 executing program 7: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000140)=r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) 08:30:09 executing program 6: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e30be12e051656ca28132eba1a51d12f95180d319eef8bb32a4a5275ed0721e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab12e07ac5", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000140)=r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) 08:30:09 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, &(0x7f0000000000)=0x6, 0x7, 0x2) 08:30:09 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMREADMODE1(r0, 0x324, &(0x7f0000000400)) 08:30:09 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f00000051c0)={0x0, {{0xa, 0x0, 0x0, @private2}}}, 0x88) 08:30:09 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) 08:30:09 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000006840)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0}}], 0x1, 0x24044054) sendmmsg$inet6(r0, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) connect(r0, &(0x7f0000000400)=@un=@abs, 0x80) 08:30:09 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f00000051c0)={0x0, {{0xa, 0x0, 0x0, @private2}}}, 0x88) 08:30:09 executing program 6: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)) chmod(&(0x7f0000000180)='./file0\x00', 0x10) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) chown(&(0x7f0000000000)='./file0\x00', 0xee01, 0xee00) fchmodat(r0, &(0x7f00000044c0)='./file0\x00', 0x0) 08:30:09 executing program 5: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)) chmod(&(0x7f0000000180)='./file0\x00', 0x10) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) chown(&(0x7f0000000000)='./file0\x00', 0xee01, 0xee00) fchmodat(r0, &(0x7f00000044c0)='./file0\x00', 0x0) [ 108.063000] ------------[ cut here ]------------ [ 108.063941] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#0: syz-executor.5/282 [ 108.065229] Modules linked in: [ 108.065782] CPU: 0 UID: 0 PID: 282 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 108.067413] Tainted: [W]=WARN [ 108.067870] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.068985] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 108.069655] Code: 05 d6 30 81 04 01 e8 71 df 91 ff e9 41 fc ff ff e8 27 47 b4 ff 31 ff 44 89 ee e8 4d 42 b4 ff 45 85 ed 79 09 e8 13 47 b4 ff 90 <0f> 0b 90 e8 0a 47 b4 ff e8 b5 2d fc 02 31 ff 89 c5 89 c6 e8 2a 42 [ 108.072093] RSP: 0018:ffff888016827ce0 EFLAGS: 00010293 [ 108.072837] RAX: 0000000000000000 RBX: 1ffff11002d04fa1 RCX: ffffffff81bfaf93 [ 108.073808] RDX: ffff888016a60000 RSI: ffffffff81bfaf9d RDI: 0000000000000005 [ 108.074749] RBP: ffff888044ca1dc0 R08: 0000000000000001 R09: 0000000000000000 [ 108.075745] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff888016827d48 [ 108.076716] R13: 00000000ffffffff R14: ffff888044ca1dc0 R15: ffff888044ca1ea8 [ 108.077698] FS: 000055556d9e4400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 108.078807] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.079589] CR2: 000000c00cffa000 CR3: 000000003ec71000 CR4: 0000000000350ef0 [ 108.080582] Call Trace: [ 108.080966] [ 108.081284] ? __pfx_mntput_no_expire+0x10/0x10 [ 108.081955] ? dput.part.0+0xce/0x930 [ 108.082489] ? lock_release+0xc8/0x290 [ 108.083060] path_umount+0x6e0/0x1100 [ 108.083584] ? kmem_cache_free+0x2a1/0x540 [ 108.084219] ? __pfx_path_umount+0x10/0x10 [ 108.084821] ? putname.part.0+0x11b/0x160 [ 108.085395] __x64_sys_umount+0x15c/0x190 [ 108.085982] ? __pfx___x64_sys_umount+0x10/0x10 [ 108.086620] do_syscall_64+0xbf/0x360 [ 108.087170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.087897] RIP: 0033:0x7f0216886f87 [ 108.088404] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 108.090815] RSP: 002b:00007ffe714d43e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 108.091859] RAX: ffffffffffffffda RBX: 0000000000000049 RCX: 00007f0216886f87 [ 108.092830] RDX: 00007ffe714d44ba RSI: 000000000000000a RDI: 00007ffe714d44b0 [ 108.093762] RBP: 00007ffe714d44b0 R08: 00000000ffffffff R09: 00007ffe714d4280 [ 108.094729] R10: 000055556d9e5c7b R11: 0000000000000246 R12: 00007f02168df105 [ 108.095698] R13: 00007ffe714d5570 R14: 000055556d9e5c20 R15: 00007ffe714d55b0 [ 108.096683] [ 108.097029] irq event stamp: 239683 [ 108.097517] hardirqs last enabled at (239691): [] __up_console_sem+0x78/0x80 [ 108.098691] hardirqs last disabled at (239700): [] __up_console_sem+0x5d/0x80 [ 108.099988] softirqs last enabled at (239738): [] handle_softirqs+0x50c/0x770 [ 108.101312] softirqs last disabled at (239749): [] __irq_exit_rcu+0xc4/0x100 [ 108.102489] ---[ end trace 0000000000000000 ]--- 08:30:09 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, &(0x7f0000000000)=0x6, 0x7, 0x2) 08:30:09 executing program 6: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)) chmod(&(0x7f0000000180)='./file0\x00', 0x10) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) chown(&(0x7f0000000000)='./file0\x00', 0xee01, 0xee00) fchmodat(r0, &(0x7f00000044c0)='./file0\x00', 0x0) [ 108.211952] ------------[ cut here ]------------ [ 108.212588] WARNING: fs/namespace.c:1375 at cleanup_mnt+0x33f/0x430, CPU#0: syz-executor.5/282 [ 108.213839] Modules linked in: [ 108.214268] CPU: 0 UID: 0 PID: 282 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 108.215774] Tainted: [W]=WARN [ 108.216191] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.217239] RIP: 0010:cleanup_mnt+0x33f/0x430 [ 108.217854] Code: c7 20 49 d1 85 e8 41 b3 fa 02 49 8d 7d 40 5b 48 c7 c6 d0 fa be 81 5d 41 5c 41 5d 41 5e 41 5f e9 97 9a 9c ff e8 f2 3c b4 ff 90 <0f> 0b 90 e9 e6 fc ff ff e8 e4 3c b4 ff 4c 89 ef e8 6c d7 06 00 e9 [ 108.220140] RSP: 0018:ffff888016827e20 EFLAGS: 00010293 [ 108.220840] RAX: 0000000000000000 RBX: 0000000000000019 RCX: ffffffff81bfb6a5 [ 108.221729] RDX: ffff888016a60000 RSI: ffffffff81bfb9be RDI: 0000000000000005 [ 108.222646] RBP: ffff888016a61470 R08: 0000000000000001 R09: 0000000000000001 [ 108.223561] R10: 0000000000000019 R11: 0000000000000001 R12: ffff888016a608d8 [ 108.224486] R13: ffff888044ca1dc0 R14: 0000000000000001 R15: ffff888044ca1e00 [ 108.225417] FS: 000055556d9e4400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 108.226446] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.227206] CR2: 00007f48726c0004 CR3: 000000003ec71000 CR4: 0000000000350ef0 [ 108.228137] Call Trace: [ 108.228464] [ 108.228756] task_work_run+0x172/0x280 [ 108.229286] ? __pfx_task_work_run+0x10/0x10 [ 108.229868] ? __x64_sys_umount+0x114/0x190 [ 108.230416] exit_to_user_mode_loop+0xef/0x110 [ 108.231023] do_syscall_64+0x2f7/0x360 [ 108.231523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.232199] RIP: 0033:0x7f0216886f87 [ 108.232669] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 108.234924] RSP: 002b:00007ffe714d43e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 108.235905] RAX: 0000000000000000 RBX: 0000000000000049 RCX: 00007f0216886f87 [ 108.236813] RDX: 00007ffe714d44ba RSI: 000000000000000a RDI: 00007ffe714d44b0 [ 108.237705] RBP: 00007ffe714d44b0 R08: 00000000ffffffff R09: 00007ffe714d4280 [ 108.238611] R10: 000055556d9e5c7b R11: 0000000000000246 R12: 00007f02168df105 [ 108.239510] R13: 00007ffe714d5570 R14: 000055556d9e5c20 R15: 00007ffe714d55b0 [ 108.241275] [ 108.241588] irq event stamp: 240357 [ 108.242745] hardirqs last enabled at (240601): [] __up_console_sem+0x78/0x80 [ 108.243893] hardirqs last disabled at (240626): [] __up_console_sem+0x5d/0x80 [ 108.244976] softirqs last enabled at (240624): [] handle_softirqs+0x50c/0x770 [ 108.246084] softirqs last disabled at (240611): [] __irq_exit_rcu+0xc4/0x100 [ 108.247157] ---[ end trace 0000000000000000 ]--- 08:30:10 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000006840)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0}}], 0x1, 0x24044054) sendmmsg$inet6(r0, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) connect(r0, &(0x7f0000000400)=@un=@abs, 0x80) 08:30:10 executing program 7: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)) chmod(&(0x7f0000000180)='./file0\x00', 0x10) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) chown(&(0x7f0000000000)='./file0\x00', 0xee01, 0xee00) fchmodat(r0, &(0x7f00000044c0)='./file0\x00', 0x0) 08:30:10 executing program 6: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)) chmod(&(0x7f0000000180)='./file0\x00', 0x10) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) chown(&(0x7f0000000000)='./file0\x00', 0xee01, 0xee00) fchmodat(r0, &(0x7f00000044c0)='./file0\x00', 0x0) 08:30:10 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000006840)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0}}], 0x1, 0x24044054) sendmmsg$inet6(r0, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) connect(r0, &(0x7f0000000400)=@un=@abs, 0x80) 08:30:10 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, &(0x7f0000000000)=0x6, 0x7, 0x2) 08:30:10 executing program 0: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)) chmod(&(0x7f0000000180)='./file0\x00', 0x10) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) chown(&(0x7f0000000000)='./file0\x00', 0xee01, 0xee00) fchmodat(r0, &(0x7f00000044c0)='./file0\x00', 0x0) 08:30:10 executing program 5: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)) chmod(&(0x7f0000000180)='./file0\x00', 0x10) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) chown(&(0x7f0000000000)='./file0\x00', 0xee01, 0xee00) fchmodat(r0, &(0x7f00000044c0)='./file0\x00', 0x0) 08:30:10 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000006840)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0}}], 0x1, 0x24044054) sendmmsg$inet6(r0, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) connect(r0, &(0x7f0000000400)=@un=@abs, 0x80) [ 108.345726] ------------[ cut here ]------------ [ 108.346322] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#0: syz-executor.5/282 [ 108.347412] Modules linked in: [ 108.347835] CPU: 0 UID: 0 PID: 282 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 108.349189] Tainted: [W]=WARN [ 108.349553] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.350502] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 108.351112] Code: 05 d6 30 81 04 01 e8 71 df 91 ff e9 41 fc ff ff e8 27 47 b4 ff 31 ff 44 89 ee e8 4d 42 b4 ff 45 85 ed 79 09 e8 13 47 b4 ff 90 <0f> 0b 90 e8 0a 47 b4 ff e8 b5 2d fc 02 31 ff 89 c5 89 c6 e8 2a 42 [ 108.353207] RSP: 0018:ffff888016827c00 EFLAGS: 00010293 [ 108.353844] RAX: 0000000000000000 RBX: 1ffff11002d04f85 RCX: ffffffff81bfaf93 [ 108.354651] RDX: ffff888016a60000 RSI: ffffffff81bfaf9d RDI: 0000000000000005 [ 108.355487] RBP: ffff888044ca1c00 R08: 0000000000000001 R09: 0000000000000000 [ 108.356325] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff888016827c68 [ 108.357165] R13: 00000000ffffffff R14: dead000000000100 R15: ffff888044ca1c00 [ 108.357998] FS: 000055556d9e4400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 108.358932] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.359588] CR2: 00007f600f091f64 CR3: 000000003ec71000 CR4: 0000000000350ef0 [ 108.360419] Call Trace: [ 108.360720] [ 108.361032] ? __pfx_autoremove_wake_function+0x10/0x10 [ 108.361644] ? __pfx_mntput_no_expire+0x10/0x10 [ 108.362206] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 108.362745] ? shrink_dentry_list+0x1a/0x650 [ 108.363285] ? up_write+0x195/0x520 [ 108.363724] namespace_unlock+0x7f1/0x810 [ 108.364239] ? __pfx_namespace_unlock+0x10/0x10 [ 108.364779] ? find_held_lock+0x2b/0x80 [ 108.365270] ? lock_release+0xc8/0x290 [ 108.365720] path_umount+0x6a4/0x1100 [ 108.366181] ? kmem_cache_free+0x2a1/0x540 [ 108.366665] ? __pfx_path_umount+0x10/0x10 [ 108.367167] ? putname.part.0+0x11b/0x160 [ 108.367650] __x64_sys_umount+0x15c/0x190 [ 108.368162] ? __pfx___x64_sys_umount+0x10/0x10 [ 108.368709] do_syscall_64+0xbf/0x360 [ 108.369174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.369765] RIP: 0033:0x7f0216886f87 [ 108.370218] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 108.372275] RSP: 002b:00007ffe714d43e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 108.373148] RAX: ffffffffffffffda RBX: 000000000000004b RCX: 00007f0216886f87 [ 108.373971] RDX: 00007ffe714d44ba RSI: 000000000000000a RDI: 00007ffe714d44b0 [ 108.374758] RBP: 00007ffe714d44b0 R08: 00000000ffffffff R09: 00007ffe714d4280 [ 108.375565] R10: 000055556d9e5c7b R11: 0000000000000246 R12: 00007f02168df105 [ 108.376382] R13: 00007ffe714d5570 R14: 000055556d9e5c20 R15: 00007ffe714d55b0 [ 108.377205] [ 108.377479] irq event stamp: 242893 [ 108.377904] hardirqs last enabled at (242903): [] __up_console_sem+0x78/0x80 [ 108.378901] hardirqs last disabled at (242912): [] __up_console_sem+0x5d/0x80 [ 108.379914] softirqs last enabled at (242646): [] handle_softirqs+0x50c/0x770 [ 108.380920] softirqs last disabled at (242635): [] __irq_exit_rcu+0xc4/0x100 [ 108.381903] ---[ end trace 0000000000000000 ]--- 08:30:10 executing program 0: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)) chmod(&(0x7f0000000180)='./file0\x00', 0x10) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) chown(&(0x7f0000000000)='./file0\x00', 0xee01, 0xee00) fchmodat(r0, &(0x7f00000044c0)='./file0\x00', 0x0) 08:30:10 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000006840)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0}}], 0x1, 0x24044054) sendmmsg$inet6(r0, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) connect(r0, &(0x7f0000000400)=@un=@abs, 0x80) 08:30:10 executing program 7: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)) chmod(&(0x7f0000000180)='./file0\x00', 0x10) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) chown(&(0x7f0000000000)='./file0\x00', 0xee01, 0xee00) fchmodat(r0, &(0x7f00000044c0)='./file0\x00', 0x0) 08:30:10 executing program 6: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) 08:30:10 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000006840)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0}}], 0x1, 0x24044054) sendmmsg$inet6(r0, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) connect(r0, &(0x7f0000000400)=@un=@abs, 0x80) 08:30:10 executing program 1: r0 = memfd_create(&(0x7f0000001b80)='(\xc8\xf5\x82j\xca', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x7fffffffffffffff}) 08:30:10 executing program 4: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) move_mount(0xffffffffffffffff, 0x0, r0, 0x0, 0x66) [ 108.505953] ------------[ cut here ]------------ [ 108.506493] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#0: syz-executor.5/282 [ 108.507511] Modules linked in: [ 108.507899] CPU: 0 UID: 0 PID: 282 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 108.509154] Tainted: [W]=WARN [ 108.509482] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.510359] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 108.510907] Code: 05 d6 30 81 04 01 e8 71 df 91 ff e9 41 fc ff ff e8 27 47 b4 ff 31 ff 44 89 ee e8 4d 42 b4 ff 45 85 ed 79 09 e8 13 47 b4 ff 90 <0f> 0b 90 e8 0a 47 b4 ff e8 b5 2d fc 02 31 ff 89 c5 89 c6 e8 2a 42 [ 108.512804] RSP: 0018:ffff888016827ce0 EFLAGS: 00010293 [ 108.513361] RAX: 0000000000000000 RBX: 1ffff11002d04fa1 RCX: ffffffff81bfaf93 [ 108.514117] RDX: ffff888016a60000 RSI: ffffffff81bfaf9d RDI: 0000000000000005 [ 108.514883] RBP: ffff888044ca1c00 R08: 0000000000000001 R09: 0000000000000000 [ 108.515605] R10: 00000000fffffffd R11: 0000000000000001 R12: ffff888016827d48 [ 108.516363] R13: 00000000fffffffd R14: ffff888044ca1c00 R15: ffff888044ca1ce8 [ 108.517116] FS: 000055556d9e4400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 108.517957] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.518559] CR2: 00007f75a6264a90 CR3: 000000003ec71000 CR4: 0000000000350ef0 [ 108.519310] Call Trace: [ 108.519580] [ 108.519851] ? __pfx_mntput_no_expire+0x10/0x10 [ 108.520352] ? dput.part.0+0xce/0x930 [ 108.520776] ? lock_release+0xc8/0x290 [ 108.521225] path_umount+0x6e0/0x1100 [ 108.521630] ? kmem_cache_free+0x2a1/0x540 [ 108.522091] ? __pfx_path_umount+0x10/0x10 [ 108.522539] ? putname.part.0+0x11b/0x160 [ 108.523004] __x64_sys_umount+0x15c/0x190 [ 108.523438] ? __pfx___x64_sys_umount+0x10/0x10 [ 108.523966] do_syscall_64+0xbf/0x360 [ 108.524370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.524922] RIP: 0033:0x7f0216886f87 [ 108.525305] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 108.527181] RSP: 002b:00007ffe714d43e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 108.527988] RAX: ffffffffffffffda RBX: 000000000000004b RCX: 00007f0216886f87 [ 108.528710] RDX: 00007ffe714d44ba RSI: 000000000000000a RDI: 00007ffe714d44b0 [ 108.529460] RBP: 00007ffe714d44b0 R08: 00000000ffffffff R09: 00007ffe714d4280 [ 108.530215] R10: 000055556d9e5c7b R11: 0000000000000246 R12: 00007f02168df105 [ 108.530963] R13: 00007ffe714d5570 R14: 000055556d9e5c20 R15: 00007ffe714d55b0 [ 108.531711] [ 108.532045] irq event stamp: 243399 [ 108.532419] hardirqs last enabled at (243407): [] __up_console_sem+0x78/0x80 [ 108.533416] hardirqs last disabled at (243438): [] __up_console_sem+0x5d/0x80 [ 108.534328] softirqs last enabled at (243436): [] handle_softirqs+0x50c/0x770 [ 108.535245] softirqs last disabled at (243415): [] __irq_exit_rcu+0xc4/0x100 [ 108.536143] ---[ end trace 0000000000000000 ]--- 08:30:10 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000006840)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0}}], 0x1, 0x24044054) sendmmsg$inet6(r0, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) connect(r0, &(0x7f0000000400)=@un=@abs, 0x80) 08:30:10 executing program 6: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) 08:30:10 executing program 0: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)) chmod(&(0x7f0000000180)='./file0\x00', 0x10) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) chown(&(0x7f0000000000)='./file0\x00', 0xee01, 0xee00) fchmodat(r0, &(0x7f00000044c0)='./file0\x00', 0x0) 08:30:10 executing program 4: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) move_mount(0xffffffffffffffff, 0x0, r0, 0x0, 0x66) 08:30:10 executing program 1: r0 = memfd_create(&(0x7f0000001b80)='(\xc8\xf5\x82j\xca', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x7fffffffffffffff}) [ 108.717101] ------------[ cut here ]------------ [ 108.717554] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#0: syz-executor.5/282 [ 108.718545] Modules linked in: [ 108.719005] CPU: 0 UID: 0 PID: 282 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 108.720199] Tainted: [W]=WARN [ 108.720474] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.721279] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 108.721726] Code: 05 d6 30 81 04 01 e8 71 df 91 ff e9 41 fc ff ff e8 27 47 b4 ff 31 ff 44 89 ee e8 4d 42 b4 ff 45 85 ed 79 09 e8 13 47 b4 ff 90 <0f> 0b 90 e8 0a 47 b4 ff e8 b5 2d fc 02 31 ff 89 c5 89 c6 e8 2a 42 [ 108.723321] RSP: 0018:ffff888016827c00 EFLAGS: 00010293 [ 108.723811] RAX: 0000000000000000 RBX: 1ffff11002d04f85 RCX: ffffffff81bfaf93 [ 108.724427] RDX: ffff888016a60000 RSI: ffffffff81bfaf9d RDI: 0000000000000005 [ 108.725060] RBP: ffff888044ca08c0 R08: 0000000000000001 R09: 0000000000000000 [ 108.725675] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff888016827c68 [ 108.726308] R13: 00000000ffffffff R14: dead000000000100 R15: ffff888044ca08c0 [ 108.726950] FS: 000055556d9e4400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 108.727647] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.728180] CR2: 000000c00d019000 CR3: 000000003ec71000 CR4: 0000000000350ef0 [ 108.728816] Call Trace: [ 108.729050] [ 108.729252] ? __pfx_autoremove_wake_function+0x10/0x10 [ 108.729727] ? __pfx_mntput_no_expire+0x10/0x10 [ 108.730336] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 108.730768] ? shrink_dentry_list+0x1a/0x650 [ 108.731230] ? up_write+0x195/0x520 [ 108.731566] namespace_unlock+0x7f1/0x810 [ 108.731975] ? __pfx_namespace_unlock+0x10/0x10 [ 108.732393] ? find_held_lock+0x2b/0x80 [ 108.732753] ? lock_release+0xc8/0x290 [ 108.733122] path_umount+0x6a4/0x1100 [ 108.733462] ? kmem_cache_free+0x2a1/0x540 [ 108.733855] ? __pfx_path_umount+0x10/0x10 [ 108.734234] ? putname.part.0+0x11b/0x160 [ 108.734609] __x64_sys_umount+0x15c/0x190 [ 108.734993] ? __pfx___x64_sys_umount+0x10/0x10 [ 108.735402] do_syscall_64+0xbf/0x360 [ 108.735756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.736221] RIP: 0033:0x7f0216886f87 [ 108.736543] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 108.738100] RSP: 002b:00007ffe714d43e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 108.738757] RAX: ffffffffffffffda RBX: 000000000000004d RCX: 00007f0216886f87 [ 108.739383] RDX: 00007ffe714d44ba RSI: 000000000000000a RDI: 00007ffe714d44b0 [ 108.740019] RBP: 00007ffe714d44b0 R08: 00000000ffffffff R09: 00007ffe714d4280 [ 108.740630] R10: 000055556d9e5c7b R11: 0000000000000246 R12: 00007f02168df105 [ 108.741258] R13: 00007ffe714d5570 R14: 000055556d9e5c20 R15: 00007ffe714d55b0 [ 108.741899] [ 108.742106] irq event stamp: 247683 [ 108.742415] hardirqs last enabled at (247691): [] __up_console_sem+0x78/0x80 [ 108.743180] hardirqs last disabled at (247700): [] __up_console_sem+0x5d/0x80 [ 108.743940] softirqs last enabled at (247474): [] handle_softirqs+0x50c/0x770 [ 108.744696] softirqs last disabled at (247457): [] __irq_exit_rcu+0xc4/0x100 [ 108.745458] ---[ end trace 0000000000000000 ]--- 08:30:10 executing program 7: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)) chmod(&(0x7f0000000180)='./file0\x00', 0x10) mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) chown(&(0x7f0000000000)='./file0\x00', 0xee01, 0xee00) fchmodat(r0, &(0x7f00000044c0)='./file0\x00', 0x0) 08:30:10 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000006840)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0}}], 0x1, 0x24044054) sendmmsg$inet6(r0, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) connect(r0, &(0x7f0000000400)=@un=@abs, 0x80) 08:30:10 executing program 4: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) move_mount(0xffffffffffffffff, 0x0, r0, 0x0, 0x66) 08:30:10 executing program 1: r0 = memfd_create(&(0x7f0000001b80)='(\xc8\xf5\x82j\xca', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x7fffffffffffffff}) 08:30:10 executing program 3: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) 08:30:10 executing program 0: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) 08:30:10 executing program 6: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) 08:30:10 executing program 5: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) 08:30:10 executing program 1: r0 = memfd_create(&(0x7f0000001b80)='(\xc8\xf5\x82j\xca', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x7fffffffffffffff}) 08:30:10 executing program 0: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) [ 108.898250] ------------[ cut here ]------------ [ 108.898669] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#0: syz-executor.5/282 [ 108.899578] Modules linked in: [ 108.899942] CPU: 0 UID: 0 PID: 282 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 108.900902] Tainted: [W]=WARN [ 108.901157] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 108.901824] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 108.902234] Code: 05 d6 30 81 04 01 e8 71 df 91 ff e9 41 fc ff ff e8 27 47 b4 ff 31 ff 44 89 ee e8 4d 42 b4 ff 45 85 ed 79 09 e8 13 47 b4 ff 90 <0f> 0b 90 e8 0a 47 b4 ff e8 b5 2d fc 02 31 ff 89 c5 89 c6 e8 2a 42 [ 108.903697] RSP: 0018:ffff888016827ce0 EFLAGS: 00010293 [ 108.904147] RAX: 0000000000000000 RBX: 1ffff11002d04fa1 RCX: ffffffff81bfaf93 [ 108.904710] RDX: ffff888016a60000 RSI: ffffffff81bfaf9d RDI: 0000000000000005 [ 108.905295] RBP: ffff888044ca08c0 R08: 0000000000000001 R09: 0000000000000000 [ 108.905879] R10: 00000000fffffffd R11: 0000000000000001 R12: ffff888016827d48 [ 108.906451] R13: 00000000fffffffd R14: ffff888044ca08c0 R15: ffff888044ca09a8 [ 108.907038] FS: 000055556d9e4400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 108.907697] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.908185] CR2: 0000000020fec000 CR3: 000000003ec71000 CR4: 0000000000350ef0 [ 108.908752] Call Trace: [ 108.908979] [ 108.909174] ? __pfx_mntput_no_expire+0x10/0x10 [ 108.909555] ? dput.part.0+0xce/0x930 [ 108.909893] ? lock_release+0xc8/0x290 [ 108.910336] path_umount+0x6e0/0x1100 [ 108.910635] ? kmem_cache_free+0x2a1/0x540 [ 108.910985] ? __pfx_path_umount+0x10/0x10 [ 108.911316] ? putname.part.0+0x11b/0x160 [ 108.911651] __x64_sys_umount+0x15c/0x190 [ 108.912001] ? __pfx___x64_sys_umount+0x10/0x10 [ 108.912370] do_syscall_64+0xbf/0x360 [ 108.912670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.913090] RIP: 0033:0x7f0216886f87 [ 108.913381] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 108.914795] RSP: 002b:00007ffe714d43e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 108.915377] RAX: ffffffffffffffda RBX: 000000000000004d RCX: 00007f0216886f87 [ 108.915963] RDX: 00007ffe714d44ba RSI: 000000000000000a RDI: 00007ffe714d44b0 [ 108.916513] RBP: 00007ffe714d44b0 R08: 00000000ffffffff R09: 00007ffe714d4280 [ 108.917075] R10: 000055556d9e5c7b R11: 0000000000000246 R12: 00007f02168df105 [ 108.917621] R13: 00007ffe714d5570 R14: 000055556d9e5c20 R15: 00007ffe714d55b0 [ 108.918193] [ 108.918381] irq event stamp: 248203 [ 108.918662] hardirqs last enabled at (248211): [] __up_console_sem+0x78/0x80 [ 108.919365] hardirqs last disabled at (248220): [] __up_console_sem+0x5d/0x80 [ 108.920066] softirqs last enabled at (248242): [] handle_softirqs+0x50c/0x770 [ 108.920747] softirqs last disabled at (248229): [] __irq_exit_rcu+0xc4/0x100 [ 108.921426] ---[ end trace 0000000000000000 ]--- 08:30:10 executing program 6: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) 08:30:10 executing program 4: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) move_mount(0xffffffffffffffff, 0x0, r0, 0x0, 0x66) 08:30:10 executing program 3: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) 08:30:10 executing program 2: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) 08:30:10 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='sysfs\x00', 0x0, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000180)={0x1}, 0x20) 08:30:10 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x40181, 0x30) write$tun(r0, 0x0, 0x0) 08:30:10 executing program 5: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) 08:30:10 executing program 0: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) 08:30:10 executing program 6: pipe2(&(0x7f0000001840), 0x4000) 08:30:10 executing program 3: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) 08:30:10 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='sysfs\x00', 0x0, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000180)={0x1}, 0x20) 08:30:10 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='sysfs\x00', 0x0, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000180)={0x1}, 0x20) 08:30:10 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000003640)=@abs, 0x6e, 0x0, 0x0, &(0x7f00000038c0)=[@cred={{0x1c}}], 0x20}}], 0x2, 0x0) 08:30:10 executing program 2: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) 08:30:10 executing program 5: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) 08:30:10 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x40181, 0x30) write$tun(r0, 0x0, 0x0) 08:30:10 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='sysfs\x00', 0x0, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000180)={0x1}, 0x20) 08:30:10 executing program 6: pipe2(&(0x7f0000001840), 0x4000) 08:30:10 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='sysfs\x00', 0x0, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000180)={0x1}, 0x20) 08:30:10 executing program 2: r0 = memfd_secret(0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x0) ftruncate(r0, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) 08:30:10 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000000240)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}}], 0x1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 08:30:10 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) bind$packet(r0, &(0x7f0000000400)={0x11, 0x4, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x2a, &(0x7f0000000240)=ANY=[], 0x0) [ 109.230293] BUG: unable to handle page fault for address: ffffed10212c9b2e [ 109.230888] #PF: supervisor read access in kernel mode [ 109.231306] #PF: error_code(0x0000) - not-present page [ 109.231727] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 [ 109.232177] Oops: Oops: 0000 [#1] SMP KASAN NOPTI [ 109.232570] CPU: 0 UID: 0 PID: 4366 Comm: syz-executor.1 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 109.233506] Tainted: [W]=WARN [ 109.233754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.234403] RIP: 0010:perf_tp_event+0x175/0xe70 [ 109.234789] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 109.236219] RSP: 0018:ffff88801ad77800 EFLAGS: 00010216 [ 109.236641] RAX: 1ffff110212c9b2e RBX: ffff88810964d780 RCX: ffffc900056b5000 [ 109.237201] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff88810964d970 [ 109.237761] RBP: ffff88801ad77a70 R08: ffff88806ce31340 R09: ffffe8ffffc15b28 [ 109.238321] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 109.238891] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 109.239455] FS: 00007f75a36e4700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 109.240096] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.240557] CR2: ffffed10212c9b2e CR3: 00000000106ba000 CR4: 0000000000350ef0 [ 109.241119] Call Trace: [ 109.241328] [ 109.241511] ? perf_swevent_event+0x63/0x3f0 [ 109.241872] ? __pfx_perf_tp_event+0x10/0x10 [ 109.242230] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 109.242628] ? perf_swevent_event+0x63/0x3f0 [ 109.242983] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 109.243381] ? perf_swevent_event+0x63/0x3f0 [ 109.243748] ? perf_tp_event+0x807/0xe70 [ 109.244081] ? __pfx_perf_tp_event+0x10/0x10 [ 109.244440] ? __perf_install_in_context+0x503/0xb90 [ 109.244847] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 109.245311] ? do_raw_spin_unlock+0x53/0x220 [ 109.245669] ? perf_trace_run_bpf_submit+0xef/0x180 [ 109.246071] perf_trace_run_bpf_submit+0xef/0x180 [ 109.246463] perf_trace_lock+0x337/0x5d0 [ 109.246797] ? __pfx_perf_trace_lock+0x10/0x10 [ 109.247165] ? lock_acquire+0x15e/0x2f0 [ 109.247484] ? futex_ref_get+0x48/0x300 [ 109.247811] ? futex_ref_get+0x114/0x300 [ 109.248132] ? futex_hash+0x15c/0x390 [ 109.248436] lock_release+0x1ab/0x290 [ 109.248746] ? futex_hash+0x15c/0x390 [ 109.249054] futex_ref_get+0x119/0x300 [ 109.249368] ? futex_hash+0x15c/0x390 [ 109.249671] futex_hash+0x70/0x390 [ 109.249964] futex_wake+0x143/0x540 [ 109.250261] ? __pfx_perf_trace_lock+0x10/0x10 [ 109.250631] ? __pfx_futex_wake+0x10/0x10 [ 109.250968] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 109.251373] ? lock_release+0xc8/0x290 [ 109.251694] do_futex+0x26d/0x370 [ 109.251980] ? __pfx_do_futex+0x10/0x10 [ 109.252300] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 109.252723] ? find_held_lock+0x2b/0x80 [ 109.253051] __x64_sys_futex+0x1c9/0x4d0 [ 109.253378] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 109.253839] ? __pfx___x64_sys_futex+0x10/0x10 [ 109.254207] ? xfd_validate_state+0x55/0x180 [ 109.254576] do_syscall_64+0xbf/0x360 [ 109.254885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.255295] RIP: 0033:0x7f75a616eb19 [ 109.255596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 109.257021] RSP: 002b:00007f75a36e4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 109.257621] RAX: ffffffffffffffda RBX: 00007f75a6281f68 RCX: 00007f75a616eb19 [ 109.258184] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f75a6281f6c [ 109.258741] RBP: 00007f75a6281f60 R08: 000000000000000e R09: 0000000000000000 [ 109.259299] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f75a6281f6c [ 109.259884] R13: 00007ffc00dc97bf R14: 00007f75a36e4300 R15: 0000000000022000 [ 109.260450] [ 109.260640] Modules linked in: [ 109.260899] CR2: ffffed10212c9b2e [ 109.261173] ---[ end trace 0000000000000000 ]--- [ 109.261545] RIP: 0010:perf_tp_event+0x175/0xe70 [ 109.261922] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 109.263340] RSP: 0018:ffff88801ad77800 EFLAGS: 00010216 [ 109.263766] RAX: 1ffff110212c9b2e RBX: ffff88810964d780 RCX: ffffc900056b5000 [ 109.264330] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff88810964d970 [ 109.264894] RBP: ffff88801ad77a70 R08: ffff88806ce31340 R09: ffffe8ffffc15b28 [ 109.265456] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 109.266017] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 109.266580] FS: 00007f75a36e4700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 109.267212] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.267675] CR2: ffffed10212c9b2e CR3: 00000000106ba000 CR4: 0000000000350ef0 [ 109.268243] note: syz-executor.1[4366] exited with irqs disabled [ 109.268729] BUG: unable to handle page fault for address: ffffed10212c9b2e [ 109.269270] #PF: supervisor read access in kernel mode [ 109.269676] #PF: error_code(0x0000) - not-present page [ 109.270082] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 [ 109.270523] Oops: Oops: 0000 [#2] SMP KASAN NOPTI [ 109.270907] CPU: 0 UID: 0 PID: 4366 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 109.271842] Tainted: [D]=DIE, [W]=WARN [ 109.272149] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.272788] RIP: 0010:perf_tp_event+0x175/0xe70 [ 109.273161] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 109.274569] RSP: 0018:ffff88806ce08b40 EFLAGS: 00010016 [ 109.274986] RAX: 1ffff110212c9b2e RBX: ffff88810964d780 RCX: 0000000000000002 [ 109.275540] RDX: ffff888015d01b80 RSI: ffffffff8189a4e7 RDI: ffff88810964d970 [ 109.276099] RBP: ffff88806ce08db0 R08: ffff88806ce31490 R09: ffffe8ffffc15b28 [ 109.276652] R10: 0000000000000000 R11: ffff88806ce08ff8 R12: dffffc0000000000 [ 109.277206] R13: 0000000000000024 R14: ffff88806ce31490 R15: dffffc0000000000 [ 109.277763] FS: 00007f75a36e4700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 109.278391] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.278843] CR2: ffffed10212c9b2e CR3: 00000000106ba000 CR4: 0000000000350ef0 [ 109.279396] Call Trace: [ 109.279602] [ 109.279792] ? kasan_save_track+0x14/0x30 [ 109.280123] ? __pfx_perf_tp_event+0x10/0x10 [ 109.280479] ? rcu_core+0x7c3/0x1800 [ 109.280781] ? __call_rcu_common.constprop.0+0x70/0x960 [ 109.281201] ? delayed_put_task_struct+0xde/0x260 [ 109.281586] ? rcu_core+0x7c8/0x1800 [ 109.281882] ? handle_softirqs+0x1b1/0x770 [ 109.282224] ? __irq_exit_rcu+0xc4/0x100 [ 109.282548] ? irq_exit_rcu+0x9/0x20 [ 109.282842] ? sysvec_apic_timer_interrupt+0x70/0x80 [ 109.283245] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 109.283678] ? lock_acquire+0x5b/0x2f0 [ 109.283990] ? unwind_next_frame+0xcd/0x2540 [ 109.284345] ? arch_stack_walk+0x86/0xf0 [ 109.284665] ? stack_trace_save+0x8e/0xc0 [ 109.284997] ? kasan_save_stack+0x24/0x50 [ 109.285326] ? kasan_save_track+0x14/0x30 [ 109.285655] ? __kasan_save_free_info+0x3a/0x60 [ 109.286022] ? __kasan_slab_free+0x3f/0x50 [ 109.286360] ? kmem_cache_free+0x2a1/0x540 [ 109.286697] ? putname.part.0+0x11b/0x160 [ 109.287028] ? putname+0x3c/0x50 [ 109.287302] ? do_sys_openat2+0x13c/0x1b0 [ 109.287634] ? __x64_sys_openat+0x142/0x200 [ 109.287987] ? lock_is_held_type+0x9e/0x120 [ 109.288333] ? trace_pelt_se_tp+0xdf/0x130 [ 109.288669] ? __update_load_avg_se+0x428/0xa40 [ 109.289046] ? match_held_lock+0xb0/0xd0 [ 109.289374] ? perf_trace_lock+0xb5/0x5d0 [ 109.289706] ? perf_trace_lock+0xb5/0x5d0 [ 109.290040] ? perf_trace_run_bpf_submit+0xef/0x180 [ 109.290439] perf_trace_run_bpf_submit+0xef/0x180 [ 109.290828] perf_trace_lock+0x337/0x5d0 [ 109.291153] ? lock_release+0xc8/0x290 [ 109.291467] ? lock_release+0xc8/0x290 [ 109.291787] ? __pfx_perf_trace_lock+0x10/0x10 [ 109.292150] ? lock_acquire+0x18c/0x2f0 [ 109.292472] ? clockevents_program_event+0x135/0x360 [ 109.292882] ? __flush_smp_call_function_queue+0x38b/0x740 [ 109.293330] lock_release+0x1ab/0x290 [ 109.293640] _raw_spin_unlock_irqrestore+0x1a/0x50 [ 109.294034] ? __pfx_rcu_exp_handler+0x10/0x10 [ 109.294408] __flush_smp_call_function_queue+0x38b/0x740 [ 109.294847] __sysvec_call_function_single+0x6d/0x370 [ 109.295261] sysvec_call_function_single+0xa1/0xc0 [ 109.295657] [ 109.295847] [ 109.296031] asm_sysvec_call_function_single+0x1a/0x20 [ 109.296444] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 109.296825] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 109.298234] RSP: 0018:ffff88801ad77f28 EFLAGS: 00000246 [ 109.298654] RAX: 0000000000000001 RBX: ffff888015d01b80 RCX: ffffffff817c3ab6 [ 109.299211] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 109.299773] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000 [ 109.300329] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff888015d01b80 [ 109.300884] R13: 0000000000000009 R14: ffff88801ad777e0 R15: 0000000000000000 [ 109.301440] ? trace_irq_enable.constprop.0+0x26/0x100 [ 109.301854] ? make_task_dead+0x214/0x3b0 [ 109.302186] ? make_task_dead+0x214/0x3b0 [ 109.302514] ? do_syscall_64+0xbf/0x360 [ 109.302838] rewind_stack_and_make_dead+0x16/0x20 [ 109.303227] RIP: 0033:0x7f75a616eb19 [ 109.303520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 109.304938] RSP: 002b:00007f75a36e4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 109.305530] RAX: ffffffffffffffda RBX: 00007f75a6281f68 RCX: 00007f75a616eb19 [ 109.306091] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f75a6281f6c [ 109.306645] RBP: 00007f75a6281f60 R08: 000000000000000e R09: 0000000000000000 [ 109.307197] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f75a6281f6c [ 109.307758] R13: 00007ffc00dc97bf R14: 00007f75a36e4300 R15: 0000000000022000 [ 109.308318] [ 109.308506] Modules linked in: [ 109.308762] CR2: ffffed10212c9b2e [ 109.309035] ---[ end trace 0000000000000000 ]--- [ 109.309405] RIP: 0010:perf_tp_event+0x175/0xe70 [ 109.309781] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 109.311199] RSP: 0018:ffff88801ad77800 EFLAGS: 00010216 [ 109.311615] RAX: 1ffff110212c9b2e RBX: ffff88810964d780 RCX: ffffc900056b5000 [ 109.312179] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff88810964d970 [ 109.312732] RBP: ffff88801ad77a70 R08: ffff88806ce31340 R09: ffffe8ffffc15b28 [ 109.313288] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 109.313842] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 109.314400] FS: 00007f75a36e4700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 109.315034] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.315491] CR2: ffffed10212c9b2e CR3: 00000000106ba000 CR4: 0000000000350ef0 [ 109.316065] Kernel panic - not syncing: Fatal exception in interrupt [ 110.358071] Shutting down cpus with NMI [ 110.358486] Kernel Offset: disabled [ 110.358771] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:30:07 Registers: info registers vcpu 0 RAX=0000000000000036 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880168df6f0 R8 =0000000000000000 R9 =ffffed10013bd046 R10=0000000000000036 R11=0000000000000001 R12=0000000000000036 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555557964400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe3d00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f139f93a718 CR3=000000003944d000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff812c7473 RDX=ffff888009f4d280 RSI=0000000000000000 RDI=0000000000000000 RBP=1ffff11001e45fb2 RSP=ffff88800f22fd70 R8 =0000000000000001 R9 =ffffed1001e45fba R10=0000000000000001 R11=0000000000000001 R12=0000000000000001 R13=0000000000000000 R14=0000000000000018 R15=000000000000001f RIP=ffffffff8173f1e8 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe6000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f173dfd4028 CR3=0000000044a68000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000008ebfc079e6814650ad20fec2 XMM01=00000000a43dd5f3741433c0061b3c80 XMM02=ffff8880110c0c800000000010040053 XMM03=ffffffffffffffff0f0e0d0c0b0a0908 XMM04=ffff8880110c0c800000000010040053 XMM05=d3fdd5f48436fbd700000000000aead0 XMM06=eee8b2d2f0dd7ec100000000000ae988 XMM07=00000001db710640b4e5b025f7011641 XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000 XMM10=00000000000000000020000020000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000