last executing test programs:
341.997136ms ago: executing program 1 (id=2):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
sendmmsg$inet(r5, &(0x7f0000004040)=[{{&(0x7f0000000080)={0x2, 0x4e24, @empty}, 0x10, 0x0}}], 0x1, 0x4000000)
306.044277ms ago: executing program 2 (id=3):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r3, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmmsg$inet(r6, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)=ANY=[], 0x1b0}}], 0x1, 0x4)
r7 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r7, &(0x7f0000000480), 0x2e9, 0xffe0)
290.499068ms ago: executing program 1 (id=5):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet(r3, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x488d5)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
287.395078ms ago: executing program 0 (id=1):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0x118)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r4 = gettid()
process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)
276.032649ms ago: executing program 3 (id=4):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00), 0x27, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
sendmmsg$inet(r2, &(0x7f0000006a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000500)='O'})
244.44022ms ago: executing program 3 (id=6):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf293d0f9f90fc01ef3ac63df", 0x44000004, 0x0, {[0x5]}}, 0x0, 0x8, &(0x7f0000000140))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r2, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000400)='./bus\x00', &(0x7f0000000540)='system.posix_acl_access\x00', &(0x7f0000000580)={{}, {0x1, 0x7}, [], {}, [], {0x10, 0x5}, {0x20, 0x4}}, 0x24, 0x3)
239.61238ms ago: executing program 2 (id=7):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
close_range(r0, 0xffffffffffffffff, 0x2)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r3, @ANYRES64=r2], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x80)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, 0x0)
239.04218ms ago: executing program 1 (id=8):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmmsg$inet(r4, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
206.028882ms ago: executing program 3 (id=9):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014)
sendmmsg$inet6(r2, &(0x7f00000075c0), 0x0, 0x40804)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x500)
ioctl$EVIOCGREP(r3, 0x80084503, 0x0)
176.278443ms ago: executing program 1 (id=10):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup2(r3, r2)
rt_sigaction(0xf, &(0x7f0000000180)={&(0x7f0000000200)="ca00d12e42d9ea41ef196ec866400fe2de0c0cae4e0afaf2466fc4e1cdd47b83c422e10399c5c1202063df", 0x88000000, 0x0, {[0x9]}}, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000040)={0x0, 0x12000, 0x1})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
167.649923ms ago: executing program 3 (id=11):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
unshare(0x60000600)
120.113985ms ago: executing program 0 (id=12):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0xa, &(0x7f0000000200)=0x80, 0x4)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
71.729788ms ago: executing program 0 (id=13):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r1, 0x4008ae90, &(0x7f00000003c0)={0x2, 0x0, [{0xd, 0x5, 0x3, 0x89, 0x1ff, 0xf, 0x3}, {0x7, 0x4, 0x4, 0x8, 0x3, 0xb, 0xa4b}]})
64.317127ms ago: executing program 3 (id=14):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0)
7.69961ms ago: executing program 0 (id=15):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
2.38328ms ago: executing program 3 (id=16):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
ioprio_set$pid(0x1, 0x0, 0x0)
0s ago: executing program 0 (id=17):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf293d0f9f90fc01ef3ac63df", 0x44000004, 0x0, {[0x5]}}, 0x0, 0x8, &(0x7f0000000140))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r2, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000400)='./bus\x00', &(0x7f0000000540)='system.posix_acl_access\x00', &(0x7f0000000580)={{}, {0x1, 0x7}, [], {}, [], {0x10, 0x5}, {0x20, 0x4}}, 0x24, 0x3)
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.0.52' (ED25519) to the list of known hosts.
[ 20.856536][ T36] audit: type=1400 audit(1763559635.419:64): avc: denied { mounton } for pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 20.857592][ T282] cgroup: Unknown subsys name 'net'
[ 20.879212][ T36] audit: type=1400 audit(1763559635.419:65): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 20.906495][ T36] audit: type=1400 audit(1763559635.449:66): avc: denied { unmount } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 20.906664][ T282] cgroup: Unknown subsys name 'devices'
[ 21.070816][ T282] cgroup: Unknown subsys name 'hugetlb'
[ 21.076410][ T282] cgroup: Unknown subsys name 'rlimit'
[ 21.248379][ T36] audit: type=1400 audit(1763559635.809:67): avc: denied { setattr } for pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 21.271541][ T36] audit: type=1400 audit(1763559635.809:68): avc: denied { mounton } for pid=282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 21.280863][ T284] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 21.296382][ T36] audit: type=1400 audit(1763559635.809:69): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 21.327905][ T36] audit: type=1400 audit(1763559635.879:70): avc: denied { relabelto } for pid=284 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 21.331314][ T282] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 21.353455][ T36] audit: type=1400 audit(1763559635.879:71): avc: denied { write } for pid=284 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 21.387639][ T36] audit: type=1400 audit(1763559635.899:72): avc: denied { read } for pid=282 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 21.413171][ T36] audit: type=1400 audit(1763559635.899:73): avc: denied { open } for pid=282 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 23.680562][ T290] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.687615][ T290] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.694877][ T290] bridge_slave_0: entered allmulticast mode
[ 23.701125][ T290] bridge_slave_0: entered promiscuous mode
[ 23.707393][ T289] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.714602][ T289] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.721674][ T289] bridge_slave_0: entered allmulticast mode
[ 23.727782][ T289] bridge_slave_0: entered promiscuous mode
[ 23.734095][ T289] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.741162][ T289] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.748194][ T289] bridge_slave_1: entered allmulticast mode
[ 23.754617][ T289] bridge_slave_1: entered promiscuous mode
[ 23.760971][ T290] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.767996][ T290] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.775075][ T290] bridge_slave_1: entered allmulticast mode
[ 23.781233][ T290] bridge_slave_1: entered promiscuous mode
[ 23.830708][ T291] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.837736][ T291] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.844800][ T291] bridge_slave_0: entered allmulticast mode
[ 23.851093][ T291] bridge_slave_0: entered promiscuous mode
[ 23.862702][ T291] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.869773][ T291] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.876836][ T291] bridge_slave_1: entered allmulticast mode
[ 23.883029][ T291] bridge_slave_1: entered promiscuous mode
[ 23.939807][ T292] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.946855][ T292] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.954119][ T292] bridge_slave_0: entered allmulticast mode
[ 23.960345][ T292] bridge_slave_0: entered promiscuous mode
[ 23.977260][ T292] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.984300][ T292] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.991460][ T292] bridge_slave_1: entered allmulticast mode
[ 23.997573][ T292] bridge_slave_1: entered promiscuous mode
[ 24.068444][ T289] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.075499][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.082774][ T289] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.089800][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.102069][ T290] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.109137][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.116370][ T290] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.123410][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.152996][ T291] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.160076][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.167348][ T291] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.174381][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.198903][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.206433][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.213657][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.220937][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.228581][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.235775][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.251540][ T46] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.258562][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.273553][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.280590][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.291450][ T46] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.298471][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.323603][ T46] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.330633][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.338660][ T46] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.345692][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.364369][ T46] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.371409][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.392191][ T291] veth0_vlan: entered promiscuous mode
[ 24.417516][ T290] veth0_vlan: entered promiscuous mode
[ 24.426678][ T46] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.433716][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.441241][ T46] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.448256][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.456965][ T291] veth1_macvtap: entered promiscuous mode
[ 24.473352][ T292] veth0_vlan: entered promiscuous mode
[ 24.489254][ T290] veth1_macvtap: entered promiscuous mode
[ 24.497397][ T289] veth0_vlan: entered promiscuous mode
[ 24.519781][ T292] veth1_macvtap: entered promiscuous mode
[ 24.526859][ T291] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 24.544110][ T289] veth1_macvtap: entered promiscuous mode
[ 24.570451][ T333] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 24.638213][ T342] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[ 24.638231][ T342] rust_binder: Read failure Err(EFAULT) in pid:2
[ 24.749088][ T353] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[ 24.859560][ T362] exFAT-fs (rnullb0): invalid boot record signature
[ 24.866183][ T362] exFAT-fs (rnullb0): failed to read boot sector
[ 24.874447][ T362] exFAT-fs (rnullb0): failed to recognize exfat type
[ 24.900075][ T292] ------------[ cut here ]------------
[ 24.905553][ T292] WARNING: CPU: 1 PID: 292 at fs/inode.c:340 drop_nlink+0xce/0x110
[ 24.913546][ T292] Modules linked in:
[ 24.917459][ T292] CPU: 1 UID: 0 PID: 292 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[ 24.929151][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 24.939270][ T292] RIP: 0010:drop_nlink+0xce/0x110
[ 24.944325][ T292] Code: 04 00 00 be 08 00 00 00 e8 cf 54 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 32 e4 97 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c
[ 24.964029][ T292] RSP: 0018:ffffc9000b69fc60 EFLAGS: 00010293
[ 24.970324][ T292] RAX: ffffffff81ee1a7e RBX: ffff888112bf96c0 RCX: ffff888123041300
[ 24.978414][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 24.986454][ T292] RBP: ffffc9000b69fc88 R08: 0000000000000003 R09: 0000000000000004
[ 24.994473][ T292] R10: dffffc0000000000 R11: fffff520016d3f7c R12: dffffc0000000000
[ 25.002498][ T292] R13: 1ffff1102257f2e1 R14: ffff888112bf9708 R15: 0000000000000000
[ 25.010491][ T292] FS: 000055556877a500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 25.019470][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 25.026048][ T292] CR2: 000055556879d4e8 CR3: 0000000124c64000 CR4: 00000000003526b0
[ 25.034082][ T292] Call Trace:
[ 25.037361][ T292]
[ 25.040325][ T292] shmem_rmdir+0x5f/0x90
[ 25.044577][ T292] vfs_rmdir+0x3dd/0x560
[ 25.048827][ T292] incfs_kill_sb+0x109/0x230
[ 25.053541][ T292] deactivate_locked_super+0xd5/0x2a0
[ 25.058916][ T292] deactivate_super+0xb8/0xe0
[ 25.063643][ T292] cleanup_mnt+0x3f1/0x480
[ 25.068068][ T292] __cleanup_mnt+0x1d/0x40
[ 25.072539][ T292] task_work_run+0x1e0/0x250
[ 25.077139][ T292] ? __cfi_task_work_run+0x10/0x10
[ 25.082293][ T292] ? __x64_sys_umount+0x126/0x170
[ 25.087326][ T292] ? __cfi___x64_sys_umount+0x10/0x10
[ 25.092767][ T292] ? __kasan_check_read+0x15/0x20
[ 25.097803][ T292] resume_user_mode_work+0x36/0x50
[ 25.103002][ T292] syscall_exit_to_user_mode+0x64/0xb0
[ 25.108465][ T292] do_syscall_64+0x64/0xf0
[ 25.112961][ T292] ? clear_bhb_loop+0x50/0xa0
[ 25.117639][ T292] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 25.123606][ T292] RIP: 0033:0x7f46f7990a77
[ 25.128034][ T292] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 25.147753][ T292] RSP: 002b:00007ffc77060fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 25.156233][ T292] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f46f7990a77
[ 25.164241][ T292] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc77061090
[ 25.172227][ T292] RBP: 00007ffc77061090 R08: 0000000000000000 R09: 0000000000000000
[ 25.180223][ T292] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc77062120
[ 25.188188][ T292] R13: 00007f46f7a13d7d R14: 0000000000006126 R15: 00007ffc77062160
[ 25.196201][ T292]
[ 25.199232][ T292] ---[ end trace 0000000000000000 ]---
[ 25.206243][ T292] ==================================================================
[ 25.214315][ T292] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70
[ 25.220559][ T292] Write of size 4 at addr 0000000000000168 by task syz-executor/292
[ 25.228530][ T292]
[ 25.230851][ T292] CPU: 1 UID: 0 PID: 292 Comm: syz-executor Tainted: G W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[ 25.230880][ T292] Tainted: [W]=WARN
[ 25.230886][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 25.230897][ T292] Call Trace:
[ 25.230903][ T292]
[ 25.230910][ T292] __dump_stack+0x21/0x30
[ 25.230937][ T292] dump_stack_lvl+0x10c/0x190
[ 25.230959][ T292] ? __cfi_dump_stack_lvl+0x10/0x10
[ 25.230983][ T292] print_report+0x3d/0x70
[ 25.231001][ T292] kasan_report+0x163/0x1a0
[ 25.231028][ T292] ? ihold+0x24/0x70
[ 25.231046][ T292] ? _raw_spin_unlock+0x45/0x60
[ 25.231068][ T292] ? ihold+0x24/0x70
[ 25.231085][ T292] kasan_check_range+0x299/0x2a0
[ 25.231106][ T292] __kasan_check_write+0x18/0x20
[ 25.231130][ T292] ihold+0x24/0x70
[ 25.231147][ T292] vfs_rmdir+0x26a/0x560
[ 25.231169][ T292] incfs_kill_sb+0x109/0x230
[ 25.231193][ T292] deactivate_locked_super+0xd5/0x2a0
[ 25.231215][ T292] deactivate_super+0xb8/0xe0
[ 25.231236][ T292] cleanup_mnt+0x3f1/0x480
[ 25.231255][ T292] __cleanup_mnt+0x1d/0x40
[ 25.231273][ T292] task_work_run+0x1e0/0x250
[ 25.231293][ T292] ? __cfi_task_work_run+0x10/0x10
[ 25.231312][ T292] ? __x64_sys_umount+0x126/0x170
[ 25.231334][ T292] ? __cfi___x64_sys_umount+0x10/0x10
[ 25.231357][ T292] ? __kasan_check_read+0x15/0x20
[ 25.231381][ T292] resume_user_mode_work+0x36/0x50
[ 25.231402][ T292] syscall_exit_to_user_mode+0x64/0xb0
[ 25.231422][ T292] do_syscall_64+0x64/0xf0
[ 25.231442][ T292] ? clear_bhb_loop+0x50/0xa0
[ 25.231461][ T292] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 25.231479][ T292] RIP: 0033:0x7f46f7990a77
[ 25.231495][ T292] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 25.231509][ T292] RSP: 002b:00007ffc77060fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 25.231529][ T292] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f46f7990a77
[ 25.231541][ T292] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc77061090
[ 25.231553][ T292] RBP: 00007ffc77061090 R08: 0000000000000000 R09: 0000000000000000
[ 25.231564][ T292] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc77062120
[ 25.231576][ T292] R13: 00007f46f7a13d7d R14: 0000000000006126 R15: 00007ffc77062160
[ 25.231591][ T292]
[ 25.231597][ T292] ==================================================================
[ 25.476246][ T292] Disabling lock debugging due to kernel taint
[ 25.482450][ T292] BUG: kernel NULL pointer dereference, address: 0000000000000168
[ 25.490229][ T292] #PF: supervisor write access in kernel mode
[ 25.496270][ T292] #PF: error_code(0x0002) - not-present page
[ 25.502221][ T292] PGD 800000010df68067 P4D 800000010df68067 PUD 0
[ 25.508707][ T292] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI
[ 25.514765][ T292] CPU: 1 UID: 0 PID: 292 Comm: syz-executor Tainted: G B W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[ 25.527847][ T292] Tainted: [B]=BAD_PAGE, [W]=WARN
[ 25.532842][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 25.542897][ T292] RIP: 0010:ihold+0x2a/0x70
[ 25.547381][ T292] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d
[ 25.566968][ T292] RSP: 0018:ffffc9000b69fca0 EFLAGS: 00010246
[ 25.573017][ T292] RAX: ffff888123041300 RBX: 0000000000000000 RCX: ffff888123041300
[ 25.580976][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 25.588940][ T292] RBP: ffffc9000b69fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528
[ 25.596890][ T292] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff888112bf96cc
[ 25.604838][ T292] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[ 25.612788][ T292] FS: 000055556877a500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 25.621695][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 25.628257][ T292] CR2: 0000000000000168 CR3: 0000000124c64000 CR4: 00000000003526b0
[ 25.636213][ T292] Call Trace:
[ 25.639472][ T292]
[ 25.642382][ T292] vfs_rmdir+0x26a/0x560
[ 25.646612][ T292] incfs_kill_sb+0x109/0x230
[ 25.651193][ T292] deactivate_locked_super+0xd5/0x2a0
[ 25.656571][ T292] deactivate_super+0xb8/0xe0
[ 25.661237][ T292] cleanup_mnt+0x3f1/0x480
[ 25.665651][ T292] __cleanup_mnt+0x1d/0x40
[ 25.670046][ T292] task_work_run+0x1e0/0x250
[ 25.674615][ T292] ? __cfi_task_work_run+0x10/0x10
[ 25.679707][ T292] ? __x64_sys_umount+0x126/0x170
[ 25.684714][ T292] ? __cfi___x64_sys_umount+0x10/0x10
[ 25.690070][ T292] ? __kasan_check_read+0x15/0x20
[ 25.695078][ T292] resume_user_mode_work+0x36/0x50
[ 25.700169][ T292] syscall_exit_to_user_mode+0x64/0xb0
[ 25.705605][ T292] do_syscall_64+0x64/0xf0
[ 25.710006][ T292] ? clear_bhb_loop+0x50/0xa0
[ 25.714664][ T292] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 25.720533][ T292] RIP: 0033:0x7f46f7990a77
[ 25.724928][ T292] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 25.744519][ T292] RSP: 002b:00007ffc77060fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 25.752914][ T292] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f46f7990a77
[ 25.760867][ T292] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc77061090
[ 25.768819][ T292] RBP: 00007ffc77061090 R08: 0000000000000000 R09: 0000000000000000
[ 25.776779][ T292] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc77062120
[ 25.784730][ T292] R13: 00007f46f7a13d7d R14: 0000000000006126 R15: 00007ffc77062160
[ 25.792686][ T292]
[ 25.795684][ T292] Modules linked in:
[ 25.799557][ T292] CR2: 0000000000000168
[ 25.803688][ T292] ---[ end trace 0000000000000000 ]---
[ 25.809127][ T292] RIP: 0010:ihold+0x2a/0x70
[ 25.813615][ T292] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d
[ 25.833201][ T292] RSP: 0018:ffffc9000b69fca0 EFLAGS: 00010246
[ 25.839253][ T292] RAX: ffff888123041300 RBX: 0000000000000000 RCX: ffff888123041300
[ 25.847202][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 25.855155][ T292] RBP: ffffc9000b69fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528
[ 25.863191][ T292] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff888112bf96cc
[ 25.871146][ T292] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[ 25.879093][ T292] FS: 000055556877a500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 25.888013][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 25.894573][ T292] CR2: 0000000000000168 CR3: 0000000124c64000 CR4: 00000000003526b0
[ 25.902533][ T292] Kernel panic - not syncing: Fatal exception
[ 25.908816][ T292] Kernel Offset: disabled
[ 25.913119][ T292] Rebooting in 86400 seconds..