last executing test programs: 303.084216ms ago: executing program 2 (id=3): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x40845, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0xc, 0x54404d0a08a4d8, 0x4}) socket$inet_tcp(0x2, 0x1, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) unshare(0x60000600) 252.282879ms ago: executing program 0 (id=1): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet(r2, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x488d5) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff024}, {0x6}]}, 0x10) 231.324939ms ago: executing program 0 (id=5): rt_sigaction(0xd, 0x0, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r5, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) socket$inet_udplite(0x2, 0x2, 0x88) 190.536201ms ago: executing program 0 (id=6): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) getuid() 184.252561ms ago: executing program 2 (id=7): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) lseek(r6, 0x4, 0x1) 103.539255ms ago: executing program 0 (id=8): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, 0x0, 0x0, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) r5 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$inet(r5, &(0x7f0000004040)=[{{&(0x7f0000000080)={0x2, 0x4e24, @empty}, 0x10, 0x0}}], 0x1, 0x4000000) 103.333065ms ago: executing program 2 (id=9): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) write(r3, 0x0, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x43, &(0x7f0000000040)={'NETMAP\x00'}, &(0x7f00000000c0)=0x1e) 103.209255ms ago: executing program 1 (id=2): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r4, 0x0, 0x0, 0x80, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) write(r6, 0x0, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) ioctl$KVM_X86_SETUP_MCE(r7, 0x4008ae9c, 0x0) 103.111005ms ago: executing program 3 (id=4): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r5, 0x40087703, 0x3) lseek(r5, 0x4, 0x1) 86.830716ms ago: executing program 0 (id=10): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) 64.657357ms ago: executing program 1 (id=11): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x24000]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x805, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000004c0)={r5, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf900000080149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d665f985881a350000ddffffff00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "715237601a8ca5b07dcc141802c4dacf162e43ac61f7ad330000000000a04100", [0xfffffffffffffce8, 0xa]}}) 64.470007ms ago: executing program 3 (id=12): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet(r2, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x488d5) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff024}, {0x6}]}, 0x10) 34.710268ms ago: executing program 0 (id=13): rt_sigaction(0xd, &(0x7f0000000180)={0x0, 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r5, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) socket$inet_udplite(0x2, 0x2, 0x88) 10.7213ms ago: executing program 3 (id=14): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) getuid() 0s ago: executing program 3 (id=15): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0xc, 0x54404d0a08a4d8, 0x4}) socket$inet_tcp(0x2, 0x1, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) unshare(0x60000600) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.238' (ED25519) to the list of known hosts. [ 25.341689][ T36] audit: type=1400 audit(1763545815.330:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.343178][ T281] cgroup: Unknown subsys name 'net' [ 25.364555][ T36] audit: type=1400 audit(1763545815.330:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.391899][ T36] audit: type=1400 audit(1763545815.360:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.392182][ T281] cgroup: Unknown subsys name 'devices' [ 25.558008][ T281] cgroup: Unknown subsys name 'hugetlb' [ 25.563770][ T281] cgroup: Unknown subsys name 'rlimit' [ 25.658362][ T36] audit: type=1400 audit(1763545815.650:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.681750][ T36] audit: type=1400 audit(1763545815.650:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 25.692690][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 25.707000][ T36] audit: type=1400 audit(1763545815.650:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 25.738766][ T36] audit: type=1400 audit(1763545815.710:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.764639][ T36] audit: type=1400 audit(1763545815.710:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.801899][ T36] audit: type=1400 audit(1763545815.790:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.802542][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 25.827700][ T36] audit: type=1400 audit(1763545815.790:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.000688][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.007846][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.015463][ T288] bridge_slave_0: entered allmulticast mode [ 28.022030][ T288] bridge_slave_0: entered promiscuous mode [ 28.040188][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.047283][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.054448][ T288] bridge_slave_1: entered allmulticast mode [ 28.060944][ T288] bridge_slave_1: entered promiscuous mode [ 28.101531][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.108615][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.115807][ T290] bridge_slave_0: entered allmulticast mode [ 28.122268][ T290] bridge_slave_0: entered promiscuous mode [ 28.130352][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.137571][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.144662][ T291] bridge_slave_0: entered allmulticast mode [ 28.151049][ T291] bridge_slave_0: entered promiscuous mode [ 28.161818][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.169043][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.176149][ T290] bridge_slave_1: entered allmulticast mode [ 28.182401][ T290] bridge_slave_1: entered promiscuous mode [ 28.190188][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.197313][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.204401][ T291] bridge_slave_1: entered allmulticast mode [ 28.210762][ T291] bridge_slave_1: entered promiscuous mode [ 28.241801][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.248931][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.256068][ T289] bridge_slave_0: entered allmulticast mode [ 28.262349][ T289] bridge_slave_0: entered promiscuous mode [ 28.268875][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.276046][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.283149][ T289] bridge_slave_1: entered allmulticast mode [ 28.289557][ T289] bridge_slave_1: entered promiscuous mode [ 28.462688][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.469886][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.477360][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.484491][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.500078][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.507258][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.514565][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.521745][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.538402][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.545509][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.552797][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.559952][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.569577][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.576760][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.584070][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.591159][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.633614][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.641029][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.648860][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.656181][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.663538][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.671453][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.678755][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.686154][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.710011][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.717156][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.724967][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.732051][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.757694][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.764755][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.772420][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.779594][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.794794][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.801980][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.812210][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.819328][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.841704][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.848824][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.857956][ T291] veth0_vlan: entered promiscuous mode [ 28.868888][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.876067][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.898091][ T291] veth1_macvtap: entered promiscuous mode [ 28.923406][ T288] veth0_vlan: entered promiscuous mode [ 28.957471][ T288] veth1_macvtap: entered promiscuous mode [ 28.968168][ T291] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 28.980699][ T289] veth0_vlan: entered promiscuous mode [ 29.010314][ T290] veth0_vlan: entered promiscuous mode [ 29.021800][ T289] veth1_macvtap: entered promiscuous mode [ 29.067514][ T290] veth1_macvtap: entered promiscuous mode [ 29.088453][ T338] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 29.258241][ T357] loop5: detected capacity change from 0 to 7 [ 29.264740][ T288] ------------[ cut here ]------------ [ 29.270363][ T288] WARNING: CPU: 0 PID: 288 at fs/inode.c:340 drop_nlink+0xce/0x110 [ 29.278744][ T288] Modules linked in: [ 29.282711][ T288] CPU: 0 UID: 0 PID: 288 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 29.294674][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 29.305202][ T288] RIP: 0010:drop_nlink+0xce/0x110 [ 29.310803][ T288] Code: 04 00 00 be 08 00 00 00 e8 cf 54 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 32 e4 97 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c [ 29.330695][ T288] RSP: 0018:ffffc9000b60fc60 EFLAGS: 00010293 [ 29.336874][ T288] RAX: ffffffff81ee1a7e RBX: ffff88810e793bf0 RCX: ffff88812a7cdf00 [ 29.344894][ T288] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 29.353074][ T288] RBP: ffffc9000b60fc88 R08: 0000000000000003 R09: 0000000000000004 [ 29.361405][ T288] R10: dffffc0000000000 R11: fffff520016c1f7c R12: dffffc0000000000 [ 29.369828][ T288] R13: 1ffff11021cf2787 R14: ffff88810e793c38 R15: 0000000000000000 [ 29.377943][ T288] FS: 000055555c64b500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 29.387090][ T288] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.393724][ T288] CR2: 000055555c66e4e8 CR3: 0000000126e62000 CR4: 00000000003526b0 [ 29.402055][ T288] Call Trace: [ 29.405424][ T288] [ 29.408397][ T288] shmem_rmdir+0x5f/0x90 [ 29.412693][ T288] vfs_rmdir+0x3dd/0x560 [ 29.417073][ T288] incfs_kill_sb+0x109/0x230 [ 29.421716][ T288] deactivate_locked_super+0xd5/0x2a0 [ 29.427190][ T288] deactivate_super+0xb8/0xe0 [ 29.431907][ T288] cleanup_mnt+0x3f1/0x480 [ 29.436434][ T288] __cleanup_mnt+0x1d/0x40 [ 29.440942][ T288] task_work_run+0x1e0/0x250 [ 29.445674][ T288] ? __cfi_task_work_run+0x10/0x10 [ 29.450915][ T288] ? __x64_sys_umount+0x126/0x170 [ 29.456088][ T288] ? __cfi___x64_sys_umount+0x10/0x10 [ 29.461515][ T288] ? __kasan_check_read+0x15/0x20 [ 29.466676][ T288] resume_user_mode_work+0x36/0x50 [ 29.471836][ T288] syscall_exit_to_user_mode+0x64/0xb0 [ 29.477390][ T288] do_syscall_64+0x64/0xf0 [ 29.481864][ T288] ? clear_bhb_loop+0x50/0xa0 [ 29.486684][ T288] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 29.492662][ T288] RIP: 0033:0x7f89c21909f7 [ 29.497198][ T288] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 29.517108][ T288] RSP: 002b:00007ffe723c3158 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 29.525832][ T288] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f89c21909f7 [ 29.533842][ T288] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe723c3210 [ 29.541953][ T288] RBP: 00007ffe723c3210 R08: 0000000000000000 R09: 0000000000000000 [ 29.550041][ T288] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe723c42a0 [ 29.558108][ T288] R13: 00007f89c2211d7d R14: 0000000000007232 R15: 00007ffe723c42e0 [ 29.566162][ T288] [ 29.569280][ T288] ---[ end trace 0000000000000000 ]--- [ 29.576938][ T288] ================================================================== [ 29.585160][ T288] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 [ 29.591536][ T288] Write of size 4 at addr 0000000000000168 by task syz-executor/288 [ 29.599639][ T288] [ 29.602021][ T288] CPU: 0 UID: 0 PID: 288 Comm: syz-executor Tainted: G W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 29.602060][ T288] Tainted: [W]=WARN [ 29.602068][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 29.602082][ T288] Call Trace: [ 29.602089][ T288] [ 29.602098][ T288] __dump_stack+0x21/0x30 [ 29.602134][ T288] dump_stack_lvl+0x10c/0x190 [ 29.602163][ T288] ? __cfi_dump_stack_lvl+0x10/0x10 [ 29.602196][ T288] print_report+0x3d/0x70 [ 29.602220][ T288] kasan_report+0x163/0x1a0 [ 29.602247][ T288] ? ihold+0x24/0x70 [ 29.602271][ T288] ? _raw_spin_unlock+0x45/0x60 [ 29.602301][ T288] ? ihold+0x24/0x70 [ 29.602324][ T288] kasan_check_range+0x299/0x2a0 [ 29.602352][ T288] __kasan_check_write+0x18/0x20 [ 29.602385][ T288] ihold+0x24/0x70 [ 29.602409][ T288] vfs_rmdir+0x26a/0x560 [ 29.602438][ T288] incfs_kill_sb+0x109/0x230 [ 29.602472][ T288] deactivate_locked_super+0xd5/0x2a0 [ 29.602503][ T288] deactivate_super+0xb8/0xe0 [ 29.602530][ T288] cleanup_mnt+0x3f1/0x480 [ 29.602555][ T288] __cleanup_mnt+0x1d/0x40 [ 29.602578][ T288] task_work_run+0x1e0/0x250 [ 29.602606][ T288] ? __cfi_task_work_run+0x10/0x10 [ 29.602632][ T288] ? __x64_sys_umount+0x126/0x170 [ 29.602663][ T288] ? __cfi___x64_sys_umount+0x10/0x10 [ 29.602702][ T288] ? __kasan_check_read+0x15/0x20 [ 29.602736][ T288] resume_user_mode_work+0x36/0x50 [ 29.602764][ T288] syscall_exit_to_user_mode+0x64/0xb0 [ 29.602795][ T288] do_syscall_64+0x64/0xf0 [ 29.602824][ T288] ? clear_bhb_loop+0x50/0xa0 [ 29.602850][ T288] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 29.602873][ T288] RIP: 0033:0x7f89c21909f7 [ 29.602891][ T288] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 29.602909][ T288] RSP: 002b:00007ffe723c3158 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 29.602933][ T288] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f89c21909f7 [ 29.602949][ T288] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe723c3210 [ 29.602963][ T288] RBP: 00007ffe723c3210 R08: 0000000000000000 R09: 0000000000000000 [ 29.602977][ T288] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe723c42a0 [ 29.602992][ T288] R13: 00007f89c2211d7d R14: 0000000000007232 R15: 00007ffe723c42e0 [ 29.603010][ T288] [ 29.603018][ T288] ================================================================== [ 29.851059][ T288] Disabling lock debugging due to kernel taint [ 29.857331][ T288] BUG: kernel NULL pointer dereference, address: 0000000000000168 [ 29.865165][ T288] #PF: supervisor write access in kernel mode [ 29.871275][ T288] #PF: error_code(0x0002) - not-present page [ 29.877295][ T288] PGD 8000000104f55067 P4D 8000000104f55067 PUD 0 [ 29.883949][ T288] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 29.890057][ T288] CPU: 0 UID: 0 PID: 288 Comm: syz-executor Tainted: G B W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 29.903211][ T288] Tainted: [B]=BAD_PAGE, [W]=WARN [ 29.908260][ T288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 29.918350][ T288] RIP: 0010:ihold+0x2a/0x70 [ 29.922906][ T288] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 29.942743][ T288] RSP: 0018:ffffc9000b60fca0 EFLAGS: 00010246 [ 29.948880][ T288] RAX: ffff88812a7cdf00 RBX: 0000000000000000 RCX: ffff88812a7cdf00 [ 29.956905][ T288] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 29.964914][ T288] RBP: ffffc9000b60fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 29.972927][ T288] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88810e793bfc [ 29.980944][ T288] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 29.988985][ T288] FS: 000055555c64b500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 29.997958][ T288] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.004671][ T288] CR2: 0000000000000168 CR3: 0000000126e62000 CR4: 00000000003526b0 [ 30.012771][ T288] Call Trace: [ 30.016096][ T288] [ 30.019066][ T288] vfs_rmdir+0x26a/0x560 [ 30.023369][ T288] incfs_kill_sb+0x109/0x230 [ 30.028186][ T288] deactivate_locked_super+0xd5/0x2a0 [ 30.033612][ T288] deactivate_super+0xb8/0xe0 [ 30.038371][ T288] cleanup_mnt+0x3f1/0x480 [ 30.043020][ T288] __cleanup_mnt+0x1d/0x40 [ 30.047485][ T288] task_work_run+0x1e0/0x250 [ 30.052219][ T288] ? __cfi_task_work_run+0x10/0x10 [ 30.057387][ T288] ? __x64_sys_umount+0x126/0x170 [ 30.062522][ T288] ? __cfi___x64_sys_umount+0x10/0x10 [ 30.067952][ T288] ? __kasan_check_read+0x15/0x20 [ 30.073029][ T288] resume_user_mode_work+0x36/0x50 [ 30.078182][ T288] syscall_exit_to_user_mode+0x64/0xb0 [ 30.083687][ T288] do_syscall_64+0x64/0xf0 [ 30.088165][ T288] ? clear_bhb_loop+0x50/0xa0 [ 30.092889][ T288] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 30.098829][ T288] RIP: 0033:0x7f89c21909f7 [ 30.103297][ T288] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 30.123203][ T288] RSP: 002b:00007ffe723c3158 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 30.131660][ T288] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f89c21909f7 [ 30.139947][ T288] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe723c3210 [ 30.147951][ T288] RBP: 00007ffe723c3210 R08: 0000000000000000 R09: 0000000000000000 [ 30.155955][ T288] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe723c42a0 [ 30.163960][ T288] R13: 00007f89c2211d7d R14: 0000000000007232 R15: 00007ffe723c42e0 [ 30.172238][ T288] [ 30.175287][ T288] Modules linked in: [ 30.179314][ T288] CR2: 0000000000000168 [ 30.183492][ T288] ---[ end trace 0000000000000000 ]--- [ 30.188988][ T288] RIP: 0010:ihold+0x2a/0x70 [ 30.193531][ T288] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 30.213251][ T288] RSP: 0018:ffffc9000b60fca0 EFLAGS: 00010246 [ 30.219363][ T288] RAX: ffff88812a7cdf00 RBX: 0000000000000000 RCX: ffff88812a7cdf00 [ 30.227371][ T288] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 30.235380][ T288] RBP: ffffc9000b60fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 30.243481][ T288] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88810e793bfc [ 30.251494][ T288] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 30.259498][ T288] FS: 000055555c64b500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 30.268556][ T288] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.275180][ T288] CR2: 0000000000000168 CR3: 0000000126e62000 CR4: 00000000003526b0 [ 30.283173][ T288] Kernel panic - not syncing: Fatal exception [ 30.289480][ T288] Kernel Offset: disabled [ 30.293823][ T288] Rebooting in 86400 seconds..