last executing test programs:

1.243847605s ago: executing program 2 (id=3):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, 0x0)

1.029832155s ago: executing program 2 (id=9):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f00000033c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000100)="1ef52c1edd59bff3332298890198821345c3a7621aad595d6248f485beac91aad0cacab3a633e89044ca39271f71c69e9be9d73bc2a946f6c46c445f61d73f073c656e4d47f5a4c470699d", 0x4b}, {&(0x7f00000001c0)="a41c02a23b802d0987e06c1b25c920df3374df2ce47c754258d1fc4916062b87d0d604e9850182d9dbfc08504d8bf7a5984d3aaa9936172ee27286d29ad76955212da0057240f9b3cf6df2b31b09fd15f3c3fcb283cc06dd2111582d92bda8d294ba87c636a9a3ee8fea0409e697f4", 0x6f}, {&(0x7f0000000040)="b7203c65da7347", 0x7}, {&(0x7f0000000240)="f09fceee41e618f3d6bb8fa0bf7171d076064dbc718b0b5339e4987cd21b3b358a51200457bd7a2ab96f61d6901e06476076ac4ad0ad262ec18f919ca5854f73a1efda92cf09c5bcf9c42c9d6e278292941e9811bd9cec95575a40270b644a7155ed8b29e5a0422624c646ddd06977506649bd9597b9c252f2fe", 0x7a}], 0x4, &(0x7f00000054c0)=[@dstopts={{0x18, 0x29, 0x37, {0x1d}}}, @dstopts={{0xe8, 0x29, 0x37, {0x6d, 0x19, '\x00', [@generic={0x8, 0xc7, "d44743c80bd3639cdccea264ba0862a1047075bdd9858d56c01178bd5428f3ab3992bde3a34284b2736b3826226c6fe202f4d35be620239b02858766d6a7ee7baca71f5f5380436921508e9cca32d0ff6d0bbd77eb680979c5a96a30173967b0942da0cbe6889bd72e89dccae9b08caf1d9f7ff243f8cd3a4c0f0e90e608ef363c29b18d63db1693c9bc3048160ab5da6da9897669a6a22e71359e93d787e8de54031051386108387b4ba0c5c26db6a4b28f8a6f977e329210757c44f1a8a0660f53acfa798066"}]}}}, @rthdrdstopts={{0x38, 0x29, 0x37, {0x21, 0x3, '\x00', [@ra={0x5, 0x2, 0x9}, @hao={0xc9, 0x10, @private0}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x3}}, @rthdr={{0x58, 0x29, 0x39, {0x62, 0x8, 0x2, 0x54, 0x0, [@mcast2, @remote, @local, @private0={0xfc, 0x0, '\x00', 0x1}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hopopts_2292={{0x78, 0x29, 0x36, {0x11, 0xb, '\x00', [@jumbo={0xc2, 0x4, 0xc}, @pad1, @pad1, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x8}, @ra={0x5, 0x2, 0xfff9}, @calipso={0x7, 0x28, {0x0, 0x8, 0x1, 0x4, [0x4, 0x1, 0x0, 0x3]}}]}}}, @tclass={{0x14}}, @hopopts={{0x70, 0x29, 0x36, {0x3a, 0xa, '\x00', [@ra={0x5, 0x2, 0x80}, @generic={0x18, 0x4c, "6081d385396708b6076e9a7fb5f68d8b4992dae0dd738869a16b86cf65092567dfcdb7627ac277fd72d2557bf3c51a9caf5424e5bf116cfaa90e64eab190aba861d46c82186e00d22abfa0f2"}]}}}, @dstopts_2292={{0x80, 0x29, 0x4, {0x62, 0xc, '\x00', [@hao={0xc9, 0x10, @local}, @calipso={0x7, 0x50, {0x0, 0x12, 0x2, 0x5, [0x0, 0x4, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0, 0x9, 0x1, 0x9, 0xa]}}]}}}], 0x340}}, {{&(0x7f0000001c40)={0xa, 0x4e22, 0xbd39, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xc1}, 0x1c, &(0x7f0000002c80)=[{0x0}], 0x1}}], 0x3, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r4, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x6}, 0x1c)
write(r4, &(0x7f00000000c0)="8f2a0a65bd8c2c", 0x7)

869.564182ms ago: executing program 1 (id=13):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
writev(r5, 0x0, 0x0)

832.370584ms ago: executing program 1 (id=15):
setresgid(0xee00, 0xee01, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')

779.658986ms ago: executing program 1 (id=16):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5e114b6e, 0x11, r0, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x805, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f00000003c0)={"8657b7c2306ba3d683317a3f78cfdb28d5bd6b14b9c1ab6c2c0279f0ef3d46399b5da2b3b59e90a5c35d558fb8b03b6156fe71e734682a10c1ddccf39314ac96267cabc37f1b7cb6c8dca33bbd0fafe23a2d2b4b1313de59d2eee0b81a440c50d246736dad8f3df6331571396e1d75bb51799a25eb9d34e2613152b05fadf1cd8a3cac148d934d466991289926c25e7bfbf474f8c4e8603e7d71349129dc1dbfcc037a768212987ac38d6dbe49234e9083fed1cb866fcb6c89a550ab3e4ee236a653579a449cc8ac9442f2eb080cbac196a3311ce60149cd46ec732d0f1a827ad9cefdf99c409edc1a636681a55e1359ad6987b23e6f3543d3e31b0cedf4359289eb95c9738681ffe72f4415b0de58f7f687a29af05e8d893d14fa40f016083d66e14e9dd393524546ddf9f82a8779a15293edb709b1c2a63ad763270a297d3d8918c6caa843070c025aa6fdcf46c1afee1f03c8c26738ec3881362e106f4a8a74596613c74447398db3259c50b9112e3628546df755ff26ef5e80bb21470bd109e0b7feec6e4686e29c8293d5c68f5ca745465d0a79583bce54a22970dfbf1e7e15f3b6785f84fef7a18f3ad81d1b6ba3afffa36db1808f653af59c0bcd99235f688638f64a7f4d72a6886385f77e85024a1740865a359be4e95d2cf7c640790ce82c4d34c2c1668a2ff9f1230b1240218af8308a6a0d732e9f8fb40de894a3d2450a999b92f7dc22f1d4f8837f8068e54a9fcf412421ee6b2a68d2b06f972f2b974ad5555158cd72902a75bf1a5331c667137b1025012ca1cce7ca607983534545c10c5b984a099a4eb847ae4612adaf98f1b203a61a03f9886721644af54706a5e23434653dbb1db3c1affdec971f47e06e1fd472b1733c07a315da97f2ad8cd9dc090c87fac28344ed386c5da862cf7bc8ec67177f0763af8f15a8815db5d85308c579872f201772905f3820c1fa4ca96106c956b956edd859a97fe46eeeb2161cac33aaa7b4a5d67463b98088ea9dfa8d71d62b2ce07ec556e81077c409c2af5ea4d4d3a09e2c0c8384ee56423b6d81e0f13594003fd8bfc123cd41cade439c007b4323e5d1009c5ed9d85c7917a2a411910967ff8081729d134666b526bb3de5e36b09d1b6315d1671df6b302ed25cb330d79e1e9eb9e6bd399042942cffc360afbcaf021c8f084e8d2973d331bcccf8ff7b90dc1decb55aa63ce4d89c984562643984a502333e9d17ffbd42ebcfa940d292c1ef7bd018f4b1c6052afd01967d42b226b7f75136ffce9d543844407a90e5bace2e359ae76cf861e99b327a9546712f6e2481610aac5f5b69304cd5dc1bcb2cb17368a24ea0a1ce83aa3654b2bc284b118f46091374aa629013a5160683130132d19612259296abc55192cb54f87adf1cb20f7d00592baf9fd36c4e080c681d2c0e6ff3cf36f363ae75c0"})

608.641984ms ago: executing program 1 (id=18):
rt_sigaction(0xd, 0x0, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, 0x0)

522.458737ms ago: executing program 3 (id=19):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00), 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r5, 0x0, 0x0)

522.187838ms ago: executing program 2 (id=20):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0)
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_mr_vif\x00')

405.972573ms ago: executing program 1 (id=23):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
io_setup(0x9bb1, &(0x7f0000000040)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000480)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x8, r2, 0x0, 0x0, 0x0, 0x0, 0x4}])
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
writev(r5, 0x0, 0x0)

405.778133ms ago: executing program 0 (id=24):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

329.324626ms ago: executing program 0 (id=25):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r6, 0x0, 0x0, 0x4)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)

329.098006ms ago: executing program 3 (id=26):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
writev(r5, 0x0, 0x0)

286.617078ms ago: executing program 3 (id=27):
setresgid(0xee00, 0xee01, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')

249.15482ms ago: executing program 1 (id=28):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f00000033c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000100)="1ef52c1edd59bff3332298890198821345c3a7621aad595d6248f485beac91aad0cacab3a633e89044ca39271f71c69e9be9d73bc2a946f6c46c445f61d73f073c656e4d47f5a4c470699d", 0x4b}, {&(0x7f00000001c0)="a41c02a23b802d0987e06c1b25c920df3374df2ce47c754258d1fc4916062b87d0d604e9850182d9dbfc08504d8bf7a5984d3aaa9936172ee27286d29ad76955212da0057240f9b3cf6df2b31b09fd15f3c3fcb283cc06dd2111582d92bda8d294ba87c636a9a3ee8fea0409e697f4", 0x6f}, {&(0x7f0000000040)="b7203c65da7347", 0x7}, {&(0x7f0000000240)="f09fceee41e618f3d6bb8fa0bf7171d076064dbc718b0b5339e4987cd21b3b358a51200457bd7a2ab96f61d6901e06476076ac4ad0ad262ec18f919ca5854f73a1efda92cf09c5bcf9c42c9d6e278292941e9811bd9cec95575a40270b644a7155ed8b29e5a0422624c646ddd06977506649bd9597b9c252f2fe", 0x7a}], 0x4, &(0x7f00000054c0)=[@dstopts={{0x18, 0x29, 0x37, {0x1d}}}, @dstopts={{0xe8, 0x29, 0x37, {0x6d, 0x19, '\x00', [@generic={0x8, 0xc7, "d44743c80bd3639cdccea264ba0862a1047075bdd9858d56c01178bd5428f3ab3992bde3a34284b2736b3826226c6fe202f4d35be620239b02858766d6a7ee7baca71f5f5380436921508e9cca32d0ff6d0bbd77eb680979c5a96a30173967b0942da0cbe6889bd72e89dccae9b08caf1d9f7ff243f8cd3a4c0f0e90e608ef363c29b18d63db1693c9bc3048160ab5da6da9897669a6a22e71359e93d787e8de54031051386108387b4ba0c5c26db6a4b28f8a6f977e329210757c44f1a8a0660f53acfa798066"}]}}}, @rthdrdstopts={{0x38, 0x29, 0x37, {0x21, 0x3, '\x00', [@ra={0x5, 0x2, 0x9}, @hao={0xc9, 0x10, @private0}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x3}}, @rthdr={{0x58, 0x29, 0x39, {0x62, 0x8, 0x2, 0x54, 0x0, [@mcast2, @remote, @local, @private0={0xfc, 0x0, '\x00', 0x1}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hopopts_2292={{0x78, 0x29, 0x36, {0x11, 0xb, '\x00', [@jumbo={0xc2, 0x4, 0xc}, @pad1, @pad1, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x8}, @ra={0x5, 0x2, 0xfff9}, @calipso={0x7, 0x28, {0x0, 0x8, 0x1, 0x4, [0x4, 0x1, 0x0, 0x3]}}]}}}, @tclass={{0x14}}, @hopopts={{0x70, 0x29, 0x36, {0x3a, 0xa, '\x00', [@ra={0x5, 0x2, 0x80}, @generic={0x18, 0x4c, "6081d385396708b6076e9a7fb5f68d8b4992dae0dd738869a16b86cf65092567dfcdb7627ac277fd72d2557bf3c51a9caf5424e5bf116cfaa90e64eab190aba861d46c82186e00d22abfa0f2"}]}}}, @dstopts_2292={{0x80, 0x29, 0x4, {0x62, 0xc, '\x00', [@hao={0xc9, 0x10, @local}, @calipso={0x7, 0x50, {0x0, 0x12, 0x2, 0x5, [0x0, 0x4, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0, 0x9, 0x1, 0x9, 0xa]}}]}}}], 0x340}}, {{&(0x7f0000001c40)={0xa, 0x4e22, 0xbd39, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xc1}, 0x1c, &(0x7f0000002c80)=[{0x0}], 0x1}}], 0x3, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r4, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x6}, 0x1c)
write(r4, &(0x7f00000000c0)="8f2a0a65bd8c2c", 0x7)

248.59637ms ago: executing program 0 (id=29):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000000280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)

234.29328ms ago: executing program 3 (id=30):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
io_setup(0x9bb1, &(0x7f0000000040)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000480)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x8, r5, 0x0, 0x0, 0x0, 0x0, 0x4}])
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0xa, &(0x7f0000000200)=0x80, 0x4)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r7, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r7, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)

216.010811ms ago: executing program 0 (id=31):
rt_sigaction(0xd, 0x0, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, 0x0)

47.602958ms ago: executing program 0 (id=32):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r3, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
mount$fuseblk(0x0, &(0x7f0000000100)='./cgroup\x00', &(0x7f0000000140), 0x3818000, 0x0)

46.940318ms ago: executing program 3 (id=33):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r0, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)

1.24464ms ago: executing program 0 (id=34):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r2, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)

0s ago: executing program 3 (id=35):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, 0x0, 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
writev(r5, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.132' (ED25519) to the list of known hosts.
[   20.600309][   T36] audit: type=1400 audit(1763572431.859:64): avc:  denied  { mounton } for  pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   20.601455][  T282] cgroup: Unknown subsys name 'net'
[   20.622996][   T36] audit: type=1400 audit(1763572431.859:65): avc:  denied  { mount } for  pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   20.650258][   T36] audit: type=1400 audit(1763572431.889:66): avc:  denied  { unmount } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   20.650448][  T282] cgroup: Unknown subsys name 'devices'
[   20.833075][  T282] cgroup: Unknown subsys name 'hugetlb'
[   20.838693][  T282] cgroup: Unknown subsys name 'rlimit'
[   20.990350][   T36] audit: type=1400 audit(1763572432.249:67): avc:  denied  { setattr } for  pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   21.013580][   T36] audit: type=1400 audit(1763572432.249:68): avc:  denied  { mounton } for  pid=282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   21.035049][  T284] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   21.039272][   T36] audit: type=1400 audit(1763572432.249:69): avc:  denied  { mount } for  pid=282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   21.070054][   T36] audit: type=1400 audit(1763572432.319:70): avc:  denied  { relabelto } for  pid=284 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.095541][   T36] audit: type=1400 audit(1763572432.319:71): avc:  denied  { write } for  pid=284 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.110858][  T282] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   21.121132][   T36] audit: type=1400 audit(1763572432.379:72): avc:  denied  { read } for  pid=282 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.155469][   T36] audit: type=1400 audit(1763572432.379:73): avc:  denied  { open } for  pid=282 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   23.820801][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.828043][  T289] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.835325][  T289] bridge_slave_0: entered allmulticast mode
[   23.841660][  T289] bridge_slave_0: entered promiscuous mode
[   23.854416][  T291] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.861485][  T291] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.868527][  T291] bridge_slave_0: entered allmulticast mode
[   23.874819][  T291] bridge_slave_0: entered promiscuous mode
[   23.882592][  T291] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.889713][  T291] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.896833][  T291] bridge_slave_1: entered allmulticast mode
[   23.903590][  T291] bridge_slave_1: entered promiscuous mode
[   23.909649][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.917009][  T289] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.924148][  T289] bridge_slave_1: entered allmulticast mode
[   23.930390][  T289] bridge_slave_1: entered promiscuous mode
[   23.982398][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.989447][  T292] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.996676][  T292] bridge_slave_0: entered allmulticast mode
[   24.002970][  T292] bridge_slave_0: entered promiscuous mode
[   24.016191][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.023243][  T292] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.030293][  T292] bridge_slave_1: entered allmulticast mode
[   24.036579][  T292] bridge_slave_1: entered promiscuous mode
[   24.075575][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.082854][  T290] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.089953][  T290] bridge_slave_0: entered allmulticast mode
[   24.096548][  T290] bridge_slave_0: entered promiscuous mode
[   24.104904][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.111988][  T290] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.119041][  T290] bridge_slave_1: entered allmulticast mode
[   24.125361][  T290] bridge_slave_1: entered promiscuous mode
[   24.237736][  T291] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.244903][  T291] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.252214][  T291] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.259228][  T291] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.271154][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.278198][  T292] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.285505][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.292643][  T292] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.302023][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.309076][  T289] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.316373][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.323425][  T289] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.359180][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.366252][  T290] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.373593][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.380659][  T290] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.398636][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.406727][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.414261][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.421945][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.429324][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.436567][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.443849][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.451105][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.465366][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.472449][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.480128][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.487190][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.508246][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.515334][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.522964][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.529973][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.547084][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.554155][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.561995][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.569097][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.605098][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.612183][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.629600][  T291] veth0_vlan: entered promiscuous mode
[   24.640485][  T292] veth0_vlan: entered promiscuous mode
[   24.650270][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.657478][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.667554][  T289] veth0_vlan: entered promiscuous mode
[   24.691831][  T291] veth1_macvtap: entered promiscuous mode
[   24.707411][  T292] veth1_macvtap: entered promiscuous mode
[   24.719568][  T290] veth0_vlan: entered promiscuous mode
[   24.731504][  T289] veth1_macvtap: entered promiscuous mode
[   24.754642][  T290] veth1_macvtap: entered promiscuous mode
[   24.766588][  T291] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   24.850169][  T339] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   24.873971][  T340] overlayfs: overlapping lowerdir path
[   25.342248][  T365] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3851450944 (3851450944 ns) > initial count (1115526657 ns). Using initial count to start timer.
[   25.580897][  T371] No source specified
[   25.682391][  T377] overlayfs: overlapping lowerdir path
[   25.699586][   T36] kauditd_printk_skb: 34 callbacks suppressed
[   25.699604][   T36] audit: type=1400 audit(1763572436.959:108): avc:  denied  { create } for  pid=378 comm="syz.3.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   25.742787][   T36] audit: type=1400 audit(1763572436.999:109): avc:  denied  { bind } for  pid=378 comm="syz.3.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   26.033631][  T398] No source specified
[   26.043164][   T36] audit: type=1400 audit(1763572437.309:110): avc:  denied  { write } for  pid=399 comm="syz.3.33" name="/" dev="incremental-fs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   26.070701][  T291] ------------[ cut here ]------------
[   26.076266][  T291] WARNING: CPU: 1 PID: 291 at fs/inode.c:340 drop_nlink+0xce/0x110
[   26.084249][  T291] Modules linked in:
[   26.088181][  T291] CPU: 1 UID: 0 PID: 291 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[   26.093315][   T36] audit: type=1400 audit(1763572437.309:111): avc:  denied  { add_name } for  pid=399 comm="syz.3.33" name="cpuacct.usage_percpu" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   26.099880][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   26.131659][  T291] RIP: 0010:drop_nlink+0xce/0x110
[   26.136701][  T291] Code: 04 00 00 be 08 00 00 00 e8 cf 54 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 32 e4 97 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c
[   26.156555][  T291] RSP: 0018:ffffc9000b71fc60 EFLAGS: 00010293
[   26.156736][   T36] audit: type=1400 audit(1763572437.309:112): avc:  denied  { create } for  pid=399 comm="syz.3.33" name="cpuacct.usage_percpu" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   26.162660][  T291] RAX: ffffffff81ee1a7e RBX: ffff888114449308 RCX: ffff888100f49300
[   26.162676][  T291] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   26.162687][  T291] RBP: ffffc9000b71fc88 R08: 0000000000000003 R09: 0000000000000004
[   26.207984][  T291] R10: dffffc0000000000 R11: fffff520016e3f7c R12: dffffc0000000000
[   26.208667][   T36] audit: type=1400 audit(1763572437.309:113): avc:  denied  { associate } for  pid=399 comm="syz.3.33" name="cpuacct.usage_percpu" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   26.215999][  T291] R13: 1ffff1102288926a R14: ffff888114449350 R15: 0000000000000000
[   26.216016][  T291] FS:  00005555756f5500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   26.255672][  T291] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   26.262303][  T291] CR2: 00005555757184e8 CR3: 0000000127a06000 CR4: 00000000003526b0
[   26.270388][  T291] Call Trace:
[   26.273725][  T291]  <TASK>
[   26.276665][  T291]  shmem_rmdir+0x5f/0x90
[   26.280962][  T291]  vfs_rmdir+0x3dd/0x560
[   26.284733][   T36] audit: type=1400 audit(1763572437.339:114): avc:  denied  { unmount } for  pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   26.285212][  T291]  incfs_kill_sb+0x109/0x230
[   26.310047][  T291]  deactivate_locked_super+0xd5/0x2a0
[   26.315498][  T291]  deactivate_super+0xb8/0xe0
[   26.320424][  T291]  cleanup_mnt+0x3f1/0x480
[   26.324923][  T291]  __cleanup_mnt+0x1d/0x40
[   26.329539][  T291]  task_work_run+0x1e0/0x250
[   26.334209][  T291]  ? __cfi_task_work_run+0x10/0x10
[   26.339515][  T291]  ? __x64_sys_umount+0x126/0x170
[   26.344618][  T291]  ? __cfi___x64_sys_umount+0x10/0x10
[   26.350014][  T291]  ? __kasan_check_read+0x15/0x20
[   26.355097][  T291]  resume_user_mode_work+0x36/0x50
[   26.360222][  T291]  syscall_exit_to_user_mode+0x64/0xb0
[   26.365748][  T291]  do_syscall_64+0x64/0xf0
[   26.370176][  T291]  ? clear_bhb_loop+0x50/0xa0
[   26.374899][  T291]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   26.380809][  T291] RIP: 0033:0x7f99b2790a77
[   26.385288][  T291] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   26.404953][  T291] RSP: 002b:00007fff7abf0538 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   26.413445][  T291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f99b2790a77
[   26.421452][  T291] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff7abf05f0
[   26.429439][  T291] RBP: 00007fff7abf05f0 R08: 0000000000000000 R09: 0000000000000000
[   26.437462][  T291] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff7abf1680
[   26.445467][  T291] R13: 00007f99b2813d7d R14: 00000000000065ae R15: 00007fff7abf16c0
[   26.453499][  T291]  </TASK>
[   26.456532][  T291] ---[ end trace 0000000000000000 ]---
[   26.464917][  T291] ==================================================================
[   26.473015][  T291] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70
[   26.479276][  T291] Write of size 4 at addr 0000000000000168 by task syz-executor/291
[   26.487273][  T291] 
[   26.489616][  T291] CPU: 1 UID: 0 PID: 291 Comm: syz-executor Tainted: G        W          syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[   26.489649][  T291] Tainted: [W]=WARN
[   26.489655][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   26.489666][  T291] Call Trace:
[   26.489673][  T291]  <TASK>
[   26.489681][  T291]  __dump_stack+0x21/0x30
[   26.489710][  T291]  dump_stack_lvl+0x10c/0x190
[   26.489733][  T291]  ? __cfi_dump_stack_lvl+0x10/0x10
[   26.489758][  T291]  print_report+0x3d/0x70
[   26.489777][  T291]  kasan_report+0x163/0x1a0
[   26.489798][  T291]  ? ihold+0x24/0x70
[   26.489817][  T291]  ? _raw_spin_unlock+0x45/0x60
[   26.489840][  T291]  ? ihold+0x24/0x70
[   26.489858][  T291]  kasan_check_range+0x299/0x2a0
[   26.489880][  T291]  __kasan_check_write+0x18/0x20
[   26.489902][  T291]  ihold+0x24/0x70
[   26.489918][  T291]  vfs_rmdir+0x26a/0x560
[   26.489939][  T291]  incfs_kill_sb+0x109/0x230
[   26.489964][  T291]  deactivate_locked_super+0xd5/0x2a0
[   26.489988][  T291]  deactivate_super+0xb8/0xe0
[   26.490009][  T291]  cleanup_mnt+0x3f1/0x480
[   26.490030][  T291]  __cleanup_mnt+0x1d/0x40
[   26.490048][  T291]  task_work_run+0x1e0/0x250
[   26.490069][  T291]  ? __cfi_task_work_run+0x10/0x10
[   26.490098][  T291]  ? __x64_sys_umount+0x126/0x170
[   26.490122][  T291]  ? __cfi___x64_sys_umount+0x10/0x10
[   26.490145][  T291]  ? __kasan_check_read+0x15/0x20
[   26.490170][  T291]  resume_user_mode_work+0x36/0x50
[   26.490190][  T291]  syscall_exit_to_user_mode+0x64/0xb0
[   26.490208][  T291]  do_syscall_64+0x64/0xf0
[   26.490226][  T291]  ? clear_bhb_loop+0x50/0xa0
[   26.490246][  T291]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   26.490265][  T291] RIP: 0033:0x7f99b2790a77
[   26.490291][  T291] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   26.490306][  T291] RSP: 002b:00007fff7abf0538 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   26.490335][  T291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f99b2790a77
[   26.490348][  T291] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff7abf05f0
[   26.490360][  T291] RBP: 00007fff7abf05f0 R08: 0000000000000000 R09: 0000000000000000
[   26.490371][  T291] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff7abf1680
[   26.490384][  T291] R13: 00007f99b2813d7d R14: 00000000000065ae R15: 00007fff7abf16c0
[   26.490407][  T291]  </TASK>
[   26.490414][  T291] ==================================================================
[   26.608462][   T36] audit: type=1400 audit(1763572437.869:115): avc:  denied  { read write } for  pid=401 comm="syz.0.34" name="fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   26.625960][  T291] Disabling lock debugging due to kernel taint
[   26.660705][   T36] audit: type=1400 audit(1763572437.869:116): avc:  denied  { open } for  pid=401 comm="syz.0.34" path="/dev/fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   26.769598][  T291] BUG: kernel NULL pointer dereference, address: 0000000000000168
[   26.796029][  T291] #PF: supervisor write access in kernel mode
[   26.802087][  T291] #PF: error_code(0x0002) - not-present page
[   26.804411][   T36] audit: type=1400 audit(1763572438.069:117): avc:  denied  { read } for  pid=92 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   26.808054][  T291] PGD 800000010df77067 P4D 800000010df77067 PUD 0 
[   26.836271][  T291] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI
[   26.842326][  T291] CPU: 1 UID: 0 PID: 291 Comm: syz-executor Tainted: G    B   W          syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[   26.855421][  T291] Tainted: [B]=BAD_PAGE, [W]=WARN
[   26.860462][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   26.870496][  T291] RIP: 0010:ihold+0x2a/0x70
[   26.874986][  T291] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d
[   26.894653][  T291] RSP: 0018:ffffc9000b71fca0 EFLAGS: 00010246
[   26.900704][  T291] RAX: ffff888100f49300 RBX: 0000000000000000 RCX: ffff888100f49300
[   26.908654][  T291] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   26.916623][  T291] RBP: ffffc9000b71fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528
[   26.924572][  T291] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff888114449314
[   26.932613][  T291] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[   26.940563][  T291] FS:  00005555756f5500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   26.949477][  T291] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   26.956037][  T291] CR2: 0000000000000168 CR3: 0000000127a06000 CR4: 00000000003526b0
[   26.963990][  T291] Call Trace:
[   26.967333][  T291]  <TASK>
[   26.970245][  T291]  vfs_rmdir+0x26a/0x560
[   26.974477][  T291]  incfs_kill_sb+0x109/0x230
[   26.979103][  T291]  deactivate_locked_super+0xd5/0x2a0
[   26.984453][  T291]  deactivate_super+0xb8/0xe0
[   26.989302][  T291]  cleanup_mnt+0x3f1/0x480
[   26.993727][  T291]  __cleanup_mnt+0x1d/0x40
[   26.998133][  T291]  task_work_run+0x1e0/0x250
[   27.002710][  T291]  ? __cfi_task_work_run+0x10/0x10
[   27.007806][  T291]  ? __x64_sys_umount+0x126/0x170
[   27.012813][  T291]  ? __cfi___x64_sys_umount+0x10/0x10
[   27.018222][  T291]  ? __kasan_check_read+0x15/0x20
[   27.023373][  T291]  resume_user_mode_work+0x36/0x50
[   27.028509][  T291]  syscall_exit_to_user_mode+0x64/0xb0
[   27.033960][  T291]  do_syscall_64+0x64/0xf0
[   27.039061][  T291]  ? clear_bhb_loop+0x50/0xa0
[   27.043769][  T291]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   27.049705][  T291] RIP: 0033:0x7f99b2790a77
[   27.054108][  T291] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   27.073693][  T291] RSP: 002b:00007fff7abf0538 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   27.082086][  T291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f99b2790a77
[   27.090039][  T291] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff7abf05f0
[   27.097986][  T291] RBP: 00007fff7abf05f0 R08: 0000000000000000 R09: 0000000000000000
[   27.105933][  T291] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff7abf1680
[   27.113881][  T291] R13: 00007f99b2813d7d R14: 00000000000065ae R15: 00007fff7abf16c0
[   27.121836][  T291]  </TASK>
[   27.124833][  T291] Modules linked in:
[   27.128711][  T291] CR2: 0000000000000168
[   27.132838][  T291] ---[ end trace 0000000000000000 ]---
[   27.138298][  T291] RIP: 0010:ihold+0x2a/0x70
[   27.142878][  T291] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d
[   27.162549][  T291] RSP: 0018:ffffc9000b71fca0 EFLAGS: 00010246
[   27.168620][  T291] RAX: ffff888100f49300 RBX: 0000000000000000 RCX: ffff888100f49300
[   27.176571][  T291] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   27.184520][  T291] RBP: ffffc9000b71fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528
[   27.192469][  T291] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff888114449314
[   27.200421][  T291] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[   27.208373][  T291] FS:  00005555756f5500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   27.217282][  T291] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.223842][  T291] CR2: 0000000000000168 CR3: 0000000127a06000 CR4: 00000000003526b0
[   27.231796][  T291] Kernel panic - not syncing: Fatal exception
[   27.238424][  T291] Kernel Offset: disabled
[   27.242732][  T291] Rebooting in 86400 seconds..