last executing test programs: 2.369003129s ago: executing program 2 (id=3): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00), 0x0, 0x4) quotactl$Q_SETINFO(0xffffffff80000600, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) 2.299932082s ago: executing program 2 (id=6): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, 0x0, 0x0, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) fcntl$lock(r0, 0x26, 0x0) 2.254343224s ago: executing program 2 (id=9): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) write(r5, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$inet(0x2, 0x2, 0x0) 1.983175385s ago: executing program 3 (id=10): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r3, 0x0, 0x0, 0x80, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) write(r5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) 1.478756737s ago: executing program 2 (id=13): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r6, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) 1.320672014s ago: executing program 3 (id=14): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00), 0x0, 0x4) quotactl$Q_SETINFO(0xffffffff80000600, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) 1.245669757s ago: executing program 0 (id=16): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) sendmmsg$inet6(r3, &(0x7f000000a380)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)}], 0x1, &(0x7f0000000880)=[@rthdrdstopts={{0x48, 0x29, 0x37, {0x2c, 0x5, '\x00', [@ra={0x5, 0x2, 0x7ff}, @calipso={0x7, 0x20, {0x2, 0x6, 0x8, 0x8, [0x9, 0x4, 0x6]}}, @pad1]}}}], 0x48}}], 0x1, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r6, 0xae9a) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901}) ioctl$KVM_RUN(r6, 0xae80, 0x0) 1.16109051s ago: executing program 0 (id=17): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000"]) r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 1.103345083s ago: executing program 1 (id=19): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r6, r7, &(0x7f0000fda000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, 0x0}], 0x1, 0x10, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 1.091630284s ago: executing program 0 (id=20): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x24000]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000004c0)={r7, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf900000080149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d665f985881a350000ddffffff00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "715237601a8ca5b07dcc141802c4dacf162e43ac61f7ad330000000000a04100", [0xfffffffffffffce8, 0xa]}}) 1.069731355s ago: executing program 3 (id=21): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r7 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r7, 0x40087703, 0x3) lseek(r7, 0x4, 0x1) 1.005086247s ago: executing program 3 (id=22): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) write(r5, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$inet(0x2, 0x2, 0x0) 570.442396ms ago: executing program 2 (id=23): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r3, 0x0, 0x0, 0x80, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) write(r5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) 455.706281ms ago: executing program 1 (id=24): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, 0x0, 0x0, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) write$P9_RMKNOD(r2, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet(r4, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x488d5) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff024}, {0x6}]}, 0x10) sendmmsg(r5, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4040840) 301.194207ms ago: executing program 0 (id=25): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r3, 0x0, 0x0, 0x80, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) write(r5, 0x0, 0x0) 264.845359ms ago: executing program 3 (id=26): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r4, 0x0, 0x0, 0x805, 0x0, 0x0) r5 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x16b042, 0x0) ioctl$ASHMEM_SET_SIZE(r5, 0x40087703, 0xfffffff3) 180.386313ms ago: executing program 1 (id=27): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, 0x0, 0x0, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) fcntl$lock(r0, 0x26, 0x0) 97.131256ms ago: executing program 1 (id=28): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket(0x10, 0x803, 0x0) bind$netlink(r6, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) 96.854326ms ago: executing program 1 (id=29): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) quotactl$Q_SETINFO(0xffffffff80000600, 0x0, 0x0, 0x0) 74.236607ms ago: executing program 0 (id=30): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, 0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) 61.091468ms ago: executing program 1 (id=31): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r7 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r7, 0x40087703, 0x3) lseek(r7, 0x4, 0x1) 605.83µs ago: executing program 3 (id=32): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r6, r7, &(0x7f0000fda000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, 0x0}], 0x1, 0x10, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 0s ago: executing program 0 (id=33): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x24000]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, 0x0, 0x0, 0x8014) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000004c0)={r7, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf900000080149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d665f985881a350000ddffffff00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "715237601a8ca5b07dcc141802c4dacf162e43ac61f7ad330000000000a04100", [0xfffffffffffffce8, 0xa]}}) kernel console output (not intermixed with test programs): cess permissive=1 [ 13.660737][ T36] audit: type=1400 audit(1763535186.310:63): avc: denied { siginh } for pid=232 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.188' (ED25519) to the list of known hosts. [ 20.482053][ T36] audit: type=1400 audit(1763535193.140:64): avc: denied { mounton } for pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.483122][ T282] cgroup: Unknown subsys name 'net' [ 20.504745][ T36] audit: type=1400 audit(1763535193.140:65): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.531986][ T36] audit: type=1400 audit(1763535193.180:66): avc: denied { unmount } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.532150][ T282] cgroup: Unknown subsys name 'devices' [ 20.720096][ T282] cgroup: Unknown subsys name 'hugetlb' [ 20.725687][ T282] cgroup: Unknown subsys name 'rlimit' [ 20.817332][ T36] audit: type=1400 audit(1763535193.470:67): avc: denied { setattr } for pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.840563][ T36] audit: type=1400 audit(1763535193.470:68): avc: denied { mounton } for pid=282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.848344][ T284] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 20.865262][ T36] audit: type=1400 audit(1763535193.470:69): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 20.896935][ T36] audit: type=1400 audit(1763535193.540:70): avc: denied { relabelto } for pid=284 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.922589][ T36] audit: type=1400 audit(1763535193.540:71): avc: denied { write } for pid=284 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.955833][ T36] audit: type=1400 audit(1763535193.610:72): avc: denied { read } for pid=282 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.981355][ T36] audit: type=1400 audit(1763535193.610:73): avc: denied { open } for pid=282 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.981627][ T282] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.170861][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.177907][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.185116][ T292] bridge_slave_0: entered allmulticast mode [ 23.191404][ T292] bridge_slave_0: entered promiscuous mode [ 23.205562][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.212602][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.219643][ T292] bridge_slave_1: entered allmulticast mode [ 23.225737][ T292] bridge_slave_1: entered promiscuous mode [ 23.233821][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.240859][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.247885][ T290] bridge_slave_0: entered allmulticast mode [ 23.254188][ T290] bridge_slave_0: entered promiscuous mode [ 23.267643][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.274678][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.281721][ T290] bridge_slave_1: entered allmulticast mode [ 23.287802][ T290] bridge_slave_1: entered promiscuous mode [ 23.322051][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.329099][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.336124][ T291] bridge_slave_0: entered allmulticast mode [ 23.342359][ T291] bridge_slave_0: entered promiscuous mode [ 23.357296][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.364351][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.371418][ T291] bridge_slave_1: entered allmulticast mode [ 23.377517][ T291] bridge_slave_1: entered promiscuous mode [ 23.383524][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.390552][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.397566][ T289] bridge_slave_0: entered allmulticast mode [ 23.404048][ T289] bridge_slave_0: entered promiscuous mode [ 23.416423][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.423463][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.430628][ T289] bridge_slave_1: entered allmulticast mode [ 23.436726][ T289] bridge_slave_1: entered promiscuous mode [ 23.568904][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.575942][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.583240][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.590271][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.602345][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.609383][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.616600][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.623620][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.632887][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.639935][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.647181][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.654208][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.663695][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.670733][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.677976][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.685003][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.738252][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.745535][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.753310][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.761305][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.769397][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.776538][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.786283][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.793320][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.803390][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.810425][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.831034][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.838068][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.845823][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.852852][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.860472][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.867502][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.885340][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.892377][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.923943][ T291] veth0_vlan: entered promiscuous mode [ 23.938400][ T289] veth0_vlan: entered promiscuous mode [ 23.953852][ T291] veth1_macvtap: entered promiscuous mode [ 23.960389][ T290] veth0_vlan: entered promiscuous mode [ 23.971335][ T292] veth0_vlan: entered promiscuous mode [ 23.985796][ T289] veth1_macvtap: entered promiscuous mode [ 23.996780][ T290] veth1_macvtap: entered promiscuous mode [ 24.021897][ T291] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 24.028354][ T292] veth1_macvtap: entered promiscuous mode [ 24.126722][ T342] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 24.175208][ T347] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 26.412351][ T36] kauditd_printk_skb: 32 callbacks suppressed [ 26.412368][ T36] audit: type=1400 audit(1763535199.070:106): avc: denied { write } for pid=394 comm="syz.0.30" name="/" dev="incremental-fs" ino=57 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 26.468192][ T290] ------------[ cut here ]------------ [ 26.472985][ T36] audit: type=1400 audit(1763535199.070:107): avc: denied { add_name } for pid=394 comm="syz.0.30" name="cpuacct.usage_percpu" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 26.473691][ T290] WARNING: CPU: 1 PID: 290 at fs/inode.c:340 drop_nlink+0xce/0x110 [ 26.495932][ T36] audit: type=1400 audit(1763535199.070:108): avc: denied { create } for pid=394 comm="syz.0.30" name="cpuacct.usage_percpu" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 26.503230][ T290] Modules linked in: [ 26.503265][ T290] CPU: 1 UID: 0 PID: 290 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 26.524980][ T36] audit: type=1400 audit(1763535199.070:109): avc: denied { associate } for pid=394 comm="syz.0.30" name="cpuacct.usage_percpu" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 26.528323][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 26.540168][ T36] audit: type=1400 audit(1763535199.070:110): avc: denied { read append } for pid=394 comm="syz.0.30" name="cpuacct.usage_percpu" dev="incremental-fs" ino=63 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 26.562509][ T290] RIP: 0010:drop_nlink+0xce/0x110 [ 26.562538][ T290] Code: 04 00 00 be 08 00 00 00 e8 cf 54 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 32 e4 97 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c [ 26.575348][ T36] audit: type=1400 audit(1763535199.070:111): avc: denied { open } for pid=394 comm="syz.0.30" path="/7/bus/cpuacct.usage_percpu" dev="incremental-fs" ino=63 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 26.597339][ T290] RSP: 0018:ffffc9000b66fc60 EFLAGS: 00010293 [ 26.602385][ T36] audit: type=1400 audit(1763535199.090:112): avc: denied { write } for pid=398 comm="syz.3.26" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 26.621644][ T290] [ 26.621651][ T290] RAX: ffffffff81ee1a7e RBX: ffff888113bf70c8 RCX: ffff888128342600 [ 26.621666][ T290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 26.621676][ T290] RBP: ffffc9000b66fc88 R08: 0000000000000003 R09: 0000000000000004 [ 26.621687][ T290] R10: dffffc0000000000 R11: fffff520016cdf7c R12: dffffc0000000000 [ 26.621701][ T290] R13: 1ffff1102277ee22 R14: ffff888113bf7110 R15: 0000000000000000 [ 26.716697][ T290] FS: 000055556f8e6500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 26.725681][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.732299][ T290] CR2: 0000001b2ed21ff8 CR3: 0000000123f72000 CR4: 00000000003526b0 [ 26.740325][ T290] Call Trace: [ 26.743605][ T290] [ 26.746536][ T290] shmem_rmdir+0x5f/0x90 [ 26.750497][ T36] audit: type=1400 audit(1763535199.110:113): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 26.750816][ T290] vfs_rmdir+0x3dd/0x560 [ 26.775060][ T290] incfs_kill_sb+0x109/0x230 [ 26.779717][ T290] deactivate_locked_super+0xd5/0x2a0 [ 26.785097][ T290] deactivate_super+0xb8/0xe0 [ 26.789816][ T290] cleanup_mnt+0x3f1/0x480 [ 26.794238][ T290] __cleanup_mnt+0x1d/0x40 [ 26.798704][ T290] task_work_run+0x1e0/0x250 [ 26.803310][ T290] ? __cfi_task_work_run+0x10/0x10 [ 26.808457][ T290] ? __x64_sys_umount+0x126/0x170 [ 26.813490][ T290] ? __cfi___x64_sys_umount+0x10/0x10 [ 26.818928][ T290] ? __kasan_check_read+0x15/0x20 [ 26.823964][ T290] resume_user_mode_work+0x36/0x50 [ 26.829112][ T290] syscall_exit_to_user_mode+0x64/0xb0 [ 26.834582][ T290] do_syscall_64+0x64/0xf0 [ 26.839038][ T290] ? clear_bhb_loop+0x50/0xa0 [ 26.843716][ T290] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 26.849637][ T290] RIP: 0033:0x7f77d49909f7 [ 26.854064][ T290] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 26.873716][ T290] RSP: 002b:00007ffdeec41fa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 26.882154][ T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f77d49909f7 [ 26.890167][ T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdeec42060 [ 26.898154][ T290] RBP: 00007ffdeec42060 R08: 0000000000000000 R09: 0000000000000000 [ 26.906129][ T290] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdeec430f0 [ 26.914135][ T290] R13: 00007f77d4a11d7d R14: 0000000000006739 R15: 00007ffdeec43130 [ 26.922126][ T290] [ 26.925147][ T290] ---[ end trace 0000000000000000 ]--- [ 26.930759][ T290] ================================================================== [ 26.938824][ T290] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 [ 26.945070][ T290] Write of size 4 at addr 0000000000000168 by task syz-executor/290 [ 26.953048][ T290] [ 26.955376][ T290] CPU: 1 UID: 0 PID: 290 Comm: syz-executor Tainted: G W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 26.955407][ T290] Tainted: [W]=WARN [ 26.955418][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 26.955428][ T290] Call Trace: [ 26.955434][ T290] [ 26.955442][ T290] __dump_stack+0x21/0x30 [ 26.955469][ T290] dump_stack_lvl+0x10c/0x190 [ 26.955490][ T290] ? __cfi_dump_stack_lvl+0x10/0x10 [ 26.955514][ T290] print_report+0x3d/0x70 [ 26.955534][ T290] kasan_report+0x163/0x1a0 [ 26.955555][ T290] ? ihold+0x24/0x70 [ 26.955574][ T290] ? _raw_spin_unlock+0x45/0x60 [ 26.955596][ T290] ? ihold+0x24/0x70 [ 26.955615][ T290] kasan_check_range+0x299/0x2a0 [ 26.955636][ T290] __kasan_check_write+0x18/0x20 [ 26.955661][ T290] ihold+0x24/0x70 [ 26.955680][ T290] vfs_rmdir+0x26a/0x560 [ 26.955703][ T290] incfs_kill_sb+0x109/0x230 [ 26.955729][ T290] deactivate_locked_super+0xd5/0x2a0 [ 26.955752][ T290] deactivate_super+0xb8/0xe0 [ 26.955774][ T290] cleanup_mnt+0x3f1/0x480 [ 26.955794][ T290] __cleanup_mnt+0x1d/0x40 [ 26.955812][ T290] task_work_run+0x1e0/0x250 [ 26.955833][ T290] ? __cfi_task_work_run+0x10/0x10 [ 26.955853][ T290] ? __x64_sys_umount+0x126/0x170 [ 26.955877][ T290] ? __cfi___x64_sys_umount+0x10/0x10 [ 26.955901][ T290] ? __kasan_check_read+0x15/0x20 [ 26.955926][ T290] resume_user_mode_work+0x36/0x50 [ 26.955947][ T290] syscall_exit_to_user_mode+0x64/0xb0 [ 26.955967][ T290] do_syscall_64+0x64/0xf0 [ 26.955988][ T290] ? clear_bhb_loop+0x50/0xa0 [ 26.956008][ T290] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 26.956026][ T290] RIP: 0033:0x7f77d49909f7 [ 26.956041][ T290] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 26.956056][ T290] RSP: 002b:00007ffdeec41fa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 26.956076][ T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f77d49909f7 [ 26.956089][ T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdeec42060 [ 26.956101][ T290] RBP: 00007ffdeec42060 R08: 0000000000000000 R09: 0000000000000000 [ 26.956112][ T290] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdeec430f0 [ 26.956125][ T290] R13: 00007f77d4a11d7d R14: 0000000000006739 R15: 00007ffdeec43130 [ 26.956140][ T290] [ 26.956146][ T290] ================================================================== [ 27.200059][ T290] Disabling lock debugging due to kernel taint [ 27.206235][ T290] BUG: kernel NULL pointer dereference, address: 0000000000000168 [ 27.209912][ T36] audit: type=1400 audit(1763535199.870:114): avc: denied { read } for pid=92 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 27.214030][ T290] #PF: supervisor write access in kernel mode [ 27.214042][ T290] #PF: error_code(0x0002) - not-present page [ 27.247709][ T290] PGD 800000010e757067 P4D 800000010e757067 PUD 0 [ 27.254222][ T290] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 27.260293][ T290] CPU: 1 UID: 0 PID: 290 Comm: syz-executor Tainted: G B W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 27.273402][ T290] Tainted: [B]=BAD_PAGE, [W]=WARN [ 27.278411][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 27.288459][ T290] RIP: 0010:ihold+0x2a/0x70 [ 27.288513][ T36] audit: type=1400 audit(1763535199.870:115): avc: denied { search } for pid=92 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 27.292964][ T290] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 27.292981][ T290] RSP: 0018:ffffc9000b66fca0 EFLAGS: 00010246 [ 27.339859][ T290] RAX: ffff888128342600 RBX: 0000000000000000 RCX: ffff888128342600 [ 27.347832][ T290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 27.355806][ T290] RBP: ffffc9000b66fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 27.363783][ T290] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff888113bf70d4 [ 27.371754][ T290] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 27.379720][ T290] FS: 000055556f8e6500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 27.388646][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.395223][ T290] CR2: 0000000000000168 CR3: 0000000123f72000 CR4: 00000000003526b0 [ 27.403199][ T290] Call Trace: [ 27.406472][ T290] [ 27.409400][ T290] vfs_rmdir+0x26a/0x560 [ 27.413648][ T290] incfs_kill_sb+0x109/0x230 [ 27.418249][ T290] deactivate_locked_super+0xd5/0x2a0 [ 27.423627][ T290] deactivate_super+0xb8/0xe0 [ 27.428307][ T290] cleanup_mnt+0x3f1/0x480 [ 27.432725][ T290] __cleanup_mnt+0x1d/0x40 [ 27.437134][ T290] task_work_run+0x1e0/0x250 [ 27.441714][ T290] ? __cfi_task_work_run+0x10/0x10 [ 27.446823][ T290] ? __x64_sys_umount+0x126/0x170 [ 27.451827][ T290] ? __cfi___x64_sys_umount+0x10/0x10 [ 27.457177][ T290] ? __kasan_check_read+0x15/0x20 [ 27.462179][ T290] resume_user_mode_work+0x36/0x50 [ 27.467268][ T290] syscall_exit_to_user_mode+0x64/0xb0 [ 27.472722][ T290] do_syscall_64+0x64/0xf0 [ 27.477117][ T290] ? clear_bhb_loop+0x50/0xa0 [ 27.481771][ T290] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 27.487640][ T290] RIP: 0033:0x7f77d49909f7 [ 27.492031][ T290] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 27.511612][ T290] RSP: 002b:00007ffdeec41fa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 27.520002][ T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f77d49909f7 [ 27.527955][ T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdeec42060 [ 27.535910][ T290] RBP: 00007ffdeec42060 R08: 0000000000000000 R09: 0000000000000000 [ 27.543859][ T290] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdeec430f0 [ 27.551805][ T290] R13: 00007f77d4a11d7d R14: 0000000000006739 R15: 00007ffdeec43130 [ 27.559753][ T290] [ 27.562749][ T290] Modules linked in: [ 27.566616][ T290] CR2: 0000000000000168 [ 27.570740][ T290] ---[ end trace 0000000000000000 ]--- [ 27.576178][ T290] RIP: 0010:ihold+0x2a/0x70 [ 27.580659][ T290] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 27.600244][ T290] RSP: 0018:ffffc9000b66fca0 EFLAGS: 00010246 [ 27.606286][ T290] RAX: ffff888128342600 RBX: 0000000000000000 RCX: ffff888128342600 [ 27.614242][ T290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 27.622193][ T290] RBP: ffffc9000b66fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 27.630167][ T290] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff888113bf70d4 [ 27.638134][ T290] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 27.646101][ T290] FS: 000055556f8e6500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 27.655023][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.661582][ T290] CR2: 0000000000000168 CR3: 0000000123f72000 CR4: 00000000003526b0 [ 27.669537][ T290] Kernel panic - not syncing: Fatal exception [ 27.675809][ T290] Kernel Offset: disabled [ 27.680114][ T290] Rebooting in 86400 seconds..