last executing test programs: 57.433758ms ago: executing program 3 (id=4): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00), 0x0, 0x4) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) 54.541397ms ago: executing program 0 (id=1): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000040)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000240)=ANY=[@ANYRES32=r1, @ANYRES8, @ANYRES8=r1, @ANYRES32=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r2) sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x4042841) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) 46.512968ms ago: executing program 1 (id=2): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) io_setup(0x9bb1, &(0x7f0000000040)=0x0) io_submit(r4, 0x1, &(0x7f0000000480)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x8, r2, 0x0, 0x0, 0x0, 0x0, 0x4}]) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r5, &(0x7f0000000b80)=[{&(0x7f00000000c0)="f10dc44f7d20988057f85ab4dd61b58675fb03d944b014fb9cb34ce9a3428ca7df271b1179", 0x25}, {&(0x7f0000000640)="f14e4792586af7f2380c7d51d257826607fd39cc2d3571ac7e6b0f4edf17ed143170620ff63eaff5729afa9b52993626d76acc7c45ed66acb1ef8ba1cf478350334e2e3fac57df457868f7870695a9e2d1b5cd7382abb301e7b41538c733f36483a2418d462b88f7f6f661eeabc2823f86d0e5fe407f4504d78ac48229e940c2d788b3be1cb96e37cddda1244f4361dbf77e0322bfc6ef17abb172a80642b739fc38a4ba24cbf6fc81", 0xa9}, {&(0x7f0000000200)="c6d90d4117fc24396ad8457eeefe95e5c67a103dcd850a086c484bfb2d7c31d81a5cc1ebeb7150aa3f34f53ec3879a2ea5b8efcd9bbd102fbf8536da9e0b81bf7dd3e4c938677040c8cddf", 0x4b}, {&(0x7f0000000700)="b87703fcf01a3e7bb667b404b97c7cc284a90404a5a96ff4559329d80d037b08d8810e457b955102a0e93e966b04be1aafc2067dbc6c99566ce636740265f60f3467c311c5bab39f814b6b46458e362728f8f0b615607561", 0x58}, {&(0x7f0000000880)="1dfda5b80cb90832bf7cb077130ab731fe0fa5969adc03b465c883b86969debbfc1deaa4273a7d1e116dbd7c04c0afba5ca62c61e1fa758cd705e53263d421f77ac5c2366628a6ad455b841bc8afc9ce1d48e3b9667be8cfe5", 0x59}], 0x5) 39.231778ms ago: executing program 2 (id=3): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x202000, 0x0) 0s ago: executing program 3 (id=5): rt_sigaction(0xd, &(0x7f0000000180)={0x0, 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r4 = gettid() process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.232' (ED25519) to the list of known hosts. [ 21.346716][ T36] audit: type=1400 audit(1763574304.590:64): avc: denied { mounton } for pid=274 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.348287][ T274] cgroup: Unknown subsys name 'net' [ 21.369398][ T36] audit: type=1400 audit(1763574304.590:65): avc: denied { mount } for pid=274 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.396758][ T36] audit: type=1400 audit(1763574304.620:66): avc: denied { unmount } for pid=274 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.397022][ T274] cgroup: Unknown subsys name 'devices' [ 21.504474][ T274] cgroup: Unknown subsys name 'hugetlb' [ 21.510083][ T274] cgroup: Unknown subsys name 'rlimit' [ 21.646519][ T36] audit: type=1400 audit(1763574304.880:67): avc: denied { setattr } for pid=274 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.669802][ T36] audit: type=1400 audit(1763574304.880:68): avc: denied { mounton } for pid=274 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.680850][ T285] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.694783][ T36] audit: type=1400 audit(1763574304.880:69): avc: denied { mount } for pid=274 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.726776][ T36] audit: type=1400 audit(1763574304.940:70): avc: denied { relabelto } for pid=285 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.752508][ T36] audit: type=1400 audit(1763574304.940:71): avc: denied { write } for pid=285 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.782050][ T36] audit: type=1400 audit(1763574305.020:72): avc: denied { read } for pid=274 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.782795][ T274] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.807573][ T36] audit: type=1400 audit(1763574305.020:73): avc: denied { open } for pid=274 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.248077][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.255268][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.262518][ T290] bridge_slave_0: entered allmulticast mode [ 24.268890][ T290] bridge_slave_0: entered promiscuous mode [ 24.275495][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.282571][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.289656][ T290] bridge_slave_1: entered allmulticast mode [ 24.296030][ T290] bridge_slave_1: entered promiscuous mode [ 24.332141][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.339379][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.346754][ T291] bridge_slave_0: entered allmulticast mode [ 24.353212][ T291] bridge_slave_0: entered promiscuous mode [ 24.364100][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.371154][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.378409][ T291] bridge_slave_1: entered allmulticast mode [ 24.384726][ T291] bridge_slave_1: entered promiscuous mode [ 24.414527][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.421593][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.428833][ T292] bridge_slave_0: entered allmulticast mode [ 24.435172][ T292] bridge_slave_0: entered promiscuous mode [ 24.448205][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.455272][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.462395][ T292] bridge_slave_1: entered allmulticast mode [ 24.468742][ T292] bridge_slave_1: entered promiscuous mode [ 24.511358][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.518544][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.525648][ T293] bridge_slave_0: entered allmulticast mode [ 24.531922][ T293] bridge_slave_0: entered promiscuous mode [ 24.544704][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.551817][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.558935][ T293] bridge_slave_1: entered allmulticast mode [ 24.565219][ T293] bridge_slave_1: entered promiscuous mode [ 24.698189][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.705277][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.712677][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.719808][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.730568][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.737640][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.744943][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.751979][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.776213][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.783302][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.790636][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.797712][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.806312][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.813386][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.820666][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.827718][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.877158][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.884702][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.892004][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.900866][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.908287][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.915769][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.923496][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.930683][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.946751][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.953839][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.965132][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.972302][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.980445][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.987522][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.996393][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.003551][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.016851][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.023911][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.037406][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.044552][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.052494][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.059559][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.072140][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.079229][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.133790][ T292] veth0_vlan: entered promiscuous mode [ 25.149246][ T291] veth0_vlan: entered promiscuous mode [ 25.157727][ T293] veth0_vlan: entered promiscuous mode [ 25.177029][ T290] veth0_vlan: entered promiscuous mode [ 25.188378][ T292] veth1_macvtap: entered promiscuous mode [ 25.199166][ T291] veth1_macvtap: entered promiscuous mode [ 25.217538][ T293] veth1_macvtap: entered promiscuous mode [ 25.235526][ T290] veth1_macvtap: entered promiscuous mode [ 25.286105][ T291] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 25.326932][ T334] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 25.366242][ T292] ------------[ cut here ]------------ [ 25.371805][ T292] WARNING: CPU: 0 PID: 292 at fs/inode.c:340 drop_nlink+0xce/0x110 [ 25.379834][ T292] Modules linked in: [ 25.383838][ T292] CPU: 0 UID: 0 PID: 292 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 25.395544][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 25.405680][ T292] RIP: 0010:drop_nlink+0xce/0x110 [ 25.410761][ T292] Code: 04 00 00 be 08 00 00 00 e8 cf 54 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 32 e4 97 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c [ 25.430607][ T292] RSP: 0018:ffffc9000b60fc60 EFLAGS: 00010293 [ 25.436776][ T344] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 25.436804][ T344] rust_binder: Read failure Err(EFAULT) in pid:4 [ 25.437162][ T292] RAX: ffffffff81ee1a7e RBX: ffff88810df40428 RCX: ffff8881253f8000 [ 25.459256][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 25.467386][ T292] RBP: ffffc9000b60fc88 R08: 0000000000000003 R09: 0000000000000004 [ 25.475462][ T292] R10: dffffc0000000000 R11: fffff520016c1f7c R12: dffffc0000000000 [ 25.483536][ T292] R13: 1ffff11021be808e R14: ffff88810df40470 R15: 0000000000000000 [ 25.491539][ T292] FS: 000055558f8c7500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 25.500566][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.507252][ T292] CR2: 000000110c300cdf CR3: 0000000129c0e000 CR4: 00000000003526b0 [ 25.515369][ T292] Call Trace: [ 25.518676][ T292] [ 25.521621][ T292] shmem_rmdir+0x5f/0x90 [ 25.525960][ T292] vfs_rmdir+0x3dd/0x560 [ 25.530267][ T292] incfs_kill_sb+0x109/0x230 [ 25.534940][ T292] deactivate_locked_super+0xd5/0x2a0 [ 25.540352][ T292] deactivate_super+0xb8/0xe0 [ 25.545154][ T292] cleanup_mnt+0x3f1/0x480 [ 25.549618][ T292] __cleanup_mnt+0x1d/0x40 [ 25.554140][ T292] task_work_run+0x1e0/0x250 [ 25.558769][ T292] ? __cfi_task_work_run+0x10/0x10 [ 25.563962][ T292] ? __x64_sys_umount+0x126/0x170 [ 25.569033][ T292] ? __cfi___x64_sys_umount+0x10/0x10 [ 25.574614][ T292] ? __kasan_check_read+0x15/0x20 [ 25.579690][ T292] resume_user_mode_work+0x36/0x50 [ 25.584865][ T292] syscall_exit_to_user_mode+0x64/0xb0 [ 25.590410][ T292] do_syscall_64+0x64/0xf0 [ 25.594928][ T292] ? clear_bhb_loop+0x50/0xa0 [ 25.599642][ T292] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 25.605624][ T292] RIP: 0033:0x7f0550b90a77 [ 25.610078][ T292] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 25.629791][ T292] RSP: 002b:00007ffc3c748938 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 25.638326][ T292] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0550b90a77 [ 25.646415][ T292] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3c7489f0 [ 25.654494][ T292] RBP: 00007ffc3c7489f0 R08: 0000000000000000 R09: 0000000000000000 [ 25.662589][ T292] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc3c749a80 [ 25.670588][ T292] R13: 00007f0550c13d7d R14: 00000000000062f4 R15: 00007ffc3c749ac0 [ 25.678662][ T292] [ 25.681742][ T292] ---[ end trace 0000000000000000 ]--- [ 25.687925][ T292] ================================================================== [ 25.696034][ T292] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 [ 25.702393][ T292] Write of size 4 at addr 0000000000000168 by task syz-executor/292 [ 25.710417][ T292] [ 25.712760][ T292] CPU: 1 UID: 0 PID: 292 Comm: syz-executor Tainted: G W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 25.712792][ T292] Tainted: [W]=WARN [ 25.712800][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 25.712812][ T292] Call Trace: [ 25.712819][ T292] [ 25.712827][ T292] __dump_stack+0x21/0x30 [ 25.712858][ T292] dump_stack_lvl+0x10c/0x190 [ 25.712886][ T292] ? __cfi_dump_stack_lvl+0x10/0x10 [ 25.712915][ T292] print_report+0x3d/0x70 [ 25.712937][ T292] kasan_report+0x163/0x1a0 [ 25.712962][ T292] ? ihold+0x24/0x70 [ 25.712984][ T292] ? _raw_spin_unlock+0x45/0x60 [ 25.713010][ T292] ? ihold+0x24/0x70 [ 25.713031][ T292] kasan_check_range+0x299/0x2a0 [ 25.713056][ T292] __kasan_check_write+0x18/0x20 [ 25.713087][ T292] ihold+0x24/0x70 [ 25.713107][ T292] vfs_rmdir+0x26a/0x560 [ 25.713134][ T292] incfs_kill_sb+0x109/0x230 [ 25.713165][ T292] deactivate_locked_super+0xd5/0x2a0 [ 25.713193][ T292] deactivate_super+0xb8/0xe0 [ 25.713218][ T292] cleanup_mnt+0x3f1/0x480 [ 25.713242][ T292] __cleanup_mnt+0x1d/0x40 [ 25.713265][ T292] task_work_run+0x1e0/0x250 [ 25.713290][ T292] ? __cfi_task_work_run+0x10/0x10 [ 25.713314][ T292] ? __x64_sys_umount+0x126/0x170 [ 25.713342][ T292] ? __cfi___x64_sys_umount+0x10/0x10 [ 25.713371][ T292] ? __kasan_check_read+0x15/0x20 [ 25.713402][ T292] resume_user_mode_work+0x36/0x50 [ 25.713427][ T292] syscall_exit_to_user_mode+0x64/0xb0 [ 25.713449][ T292] do_syscall_64+0x64/0xf0 [ 25.713475][ T292] ? clear_bhb_loop+0x50/0xa0 [ 25.713505][ T292] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 25.713526][ T292] RIP: 0033:0x7f0550b90a77 [ 25.713543][ T292] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 25.713560][ T292] RSP: 002b:00007ffc3c748938 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 25.713581][ T292] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0550b90a77 [ 25.713595][ T292] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3c7489f0 [ 25.713608][ T292] RBP: 00007ffc3c7489f0 R08: 0000000000000000 R09: 0000000000000000 [ 25.713621][ T292] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc3c749a80 [ 25.713635][ T292] R13: 00007f0550c13d7d R14: 00000000000062f4 R15: 00007ffc3c749ac0 [ 25.713652][ T292] [ 25.713659][ T292] ================================================================== [ 25.964221][ T292] Disabling lock debugging due to kernel taint [ 25.970662][ T292] BUG: kernel NULL pointer dereference, address: 0000000000000168 [ 25.978485][ T292] #PF: supervisor write access in kernel mode [ 25.984551][ T292] #PF: error_code(0x0002) - not-present page [ 25.990535][ T292] PGD 800000010e3cc067 P4D 800000010e3cc067 PUD 0 [ 25.997075][ T292] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 26.003147][ T292] CPU: 1 UID: 0 PID: 292 Comm: syz-executor Tainted: G B W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 26.016272][ T292] Tainted: [B]=BAD_PAGE, [W]=WARN [ 26.021554][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 26.031608][ T292] RIP: 0010:ihold+0x2a/0x70 [ 26.036122][ T292] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 26.055731][ T292] RSP: 0018:ffffc9000b60fca0 EFLAGS: 00010246 [ 26.061806][ T292] RAX: ffff8881253f8000 RBX: 0000000000000000 RCX: ffff8881253f8000 [ 26.069800][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 26.077782][ T292] RBP: ffffc9000b60fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 26.085762][ T292] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88810df40434 [ 26.093738][ T292] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 26.101712][ T292] FS: 000055558f8c7500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 26.110652][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.117240][ T292] CR2: 0000000000000168 CR3: 0000000129c0e000 CR4: 00000000003526b0 [ 26.125259][ T292] Call Trace: [ 26.128540][ T292] [ 26.131475][ T292] vfs_rmdir+0x26a/0x560 [ 26.135726][ T292] incfs_kill_sb+0x109/0x230 [ 26.140327][ T292] deactivate_locked_super+0xd5/0x2a0 [ 26.145705][ T292] deactivate_super+0xb8/0xe0 [ 26.150394][ T292] cleanup_mnt+0x3f1/0x480 [ 26.154815][ T292] __cleanup_mnt+0x1d/0x40 [ 26.159327][ T292] task_work_run+0x1e0/0x250 [ 26.163930][ T292] ? __cfi_task_work_run+0x10/0x10 [ 26.169050][ T292] ? __x64_sys_umount+0x126/0x170 [ 26.174085][ T292] ? __cfi___x64_sys_umount+0x10/0x10 [ 26.179466][ T292] ? __kasan_check_read+0x15/0x20 [ 26.184501][ T292] resume_user_mode_work+0x36/0x50 [ 26.189620][ T292] syscall_exit_to_user_mode+0x64/0xb0 [ 26.195111][ T292] do_syscall_64+0x64/0xf0 [ 26.199537][ T292] ? clear_bhb_loop+0x50/0xa0 [ 26.204222][ T292] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 26.210119][ T292] RIP: 0033:0x7f0550b90a77 [ 26.214531][ T292] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 26.234151][ T292] RSP: 002b:00007ffc3c748938 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 26.242594][ T292] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0550b90a77 [ 26.250572][ T292] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3c7489f0 [ 26.258550][ T292] RBP: 00007ffc3c7489f0 R08: 0000000000000000 R09: 0000000000000000 [ 26.266529][ T292] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc3c749a80 [ 26.274510][ T292] R13: 00007f0550c13d7d R14: 00000000000062f4 R15: 00007ffc3c749ac0 [ 26.282488][ T292] [ 26.285507][ T292] Modules linked in: [ 26.289411][ T292] CR2: 0000000000000168 [ 26.293557][ T292] ---[ end trace 0000000000000000 ]--- [ 26.299016][ T292] RIP: 0010:ihold+0x2a/0x70 [ 26.303524][ T292] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 26.323133][ T292] RSP: 0018:ffffc9000b60fca0 EFLAGS: 00010246 [ 26.329203][ T292] RAX: ffff8881253f8000 RBX: 0000000000000000 RCX: ffff8881253f8000 [ 26.337172][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 26.345142][ T292] RBP: ffffc9000b60fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 26.353150][ T292] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88810df40434 [ 26.361132][ T292] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 26.369101][ T292] FS: 000055558f8c7500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 26.378032][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.384614][ T292] CR2: 0000000000000168 CR3: 0000000129c0e000 CR4: 00000000003526b0 [ 26.392600][ T292] Kernel panic - not syncing: Fatal exception [ 26.398925][ T292] Kernel Offset: disabled [ 26.403257][ T292] Rebooting in 86400 seconds..