last executing test programs: 2.410946487s ago: executing program 3 (id=111): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) unshare(0xc040400) 2.359987789s ago: executing program 3 (id=112): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r7 = socket$inet_tcp(0x2, 0x1, 0x0) writev(r7, &(0x7f0000000040)=[{&(0x7f00000000c0)='W', 0x1}], 0x1) 2.316800491s ago: executing program 3 (id=114): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='io.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x4) 2.229365485s ago: executing program 3 (id=117): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) write$P9_RMKNOD(r1, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet(r3, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x488d5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mount$tmpfs(0x0, 0x0, 0x0, 0x2b00b8, 0x0) 1.493431016s ago: executing program 3 (id=122): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, 0x0) 1.493151126s ago: executing program 1 (id=123): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') lseek(r2, 0x1, 0x0) getdents64(r2, 0xffffffffffffffff, 0x18) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r4, 0x0, 0x0) sendto$inet(r3, 0x0, 0x0, 0x80, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r7 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r7, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r8 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r8, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r2) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r1, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f0000000580)={0xf4, r9, 0x8, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xd}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x2}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8520000}], @NL80211_ATTR_MAC={0xa}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1725}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x3}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x1e}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x1}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16ad}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x7fffffff}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x10}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0xf4}, 0x1, 0x0, 0x0, 0x40800}, 0x8000) bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xffffffff}, 0x1c) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) 1.467873117s ago: executing program 0 (id=124): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='io.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00') r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000000)=0x12, 0x4) bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x6e22, 0x9, @empty, 0x6}, 0x1c) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000040)={0xa, 0x5e22, 0x0, @empty}, 0x1c) listen(r6, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r7, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10) listen(r7, 0x0) listen(r5, 0x0) read$FUSE(r4, &(0x7f00000077c0)={0x2020}, 0x2020) 1.466868148s ago: executing program 1 (id=125): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x16b042, 0x0) ioctl$ASHMEM_SET_SIZE(r6, 0x40087703, 0xfffffff3) 1.029162536s ago: executing program 0 (id=127): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r5 = socket$inet6_icmp(0xa, 0x2, 0x3a) connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e25, 0x1, @mcast2, 0x7}, 0x1c) sendto$inet6(r5, &(0x7f00000001c0)="80006466d3805699", 0x8, 0x20004840, 0x0, 0x0) 971.574629ms ago: executing program 0 (id=128): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 966.079619ms ago: executing program 3 (id=129): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$packet(0x11, 0x2, 0x300) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) sendto$packet(r5, &(0x7f0000000180)="0b036800e0ff64000200475400f6a13bb1", 0x11, 0x0, &(0x7f0000000140)={0x11, 0x0, r6}, 0x14) 856.433564ms ago: executing program 0 (id=130): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r6, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) fsconfig$FSCONFIG_SET_BINARY(r7, 0x2, 0x0, 0x0, 0x0) 717.42284ms ago: executing program 0 (id=131): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) unshare(0xc040400) 700.26851ms ago: executing program 0 (id=132): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r3, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', 0x0}) sendmsg$ETHTOOL_MSG_EEE_GET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)={0x20, r5, 0x1, 0x70bd29, 0x25dfdbff, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0xc810) 559.550676ms ago: executing program 1 (id=134): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x3, 0x180, 0x2, 0x10, 0xf1, 0x100000001, 0x1, 0x5, 0x0, 0x29, 0x0, 0x6, 0x0, 0xbd9], 0xffff1001, 0x43100}) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000003c0)={[0x7, 0x1000000000, 0x0, 0x200000000000043, 0x2000004, 0x0, 0x2004cb, 0x0, 0xa7c, 0x68ff, 0x7, 0x8000000009, 0x803, 0x0, 0x9], 0xeeee8000, 0x202}) ioctl$KVM_RUN(r6, 0xae80, 0x0) 242.92355ms ago: executing program 2 (id=138): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') lseek(r2, 0x1, 0x0) getdents64(r2, 0xffffffffffffffff, 0x18) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r4, 0x0, 0x0) sendto$inet(r3, 0x0, 0x0, 0x80, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r7 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r7, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r8 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r8, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) 185.814252ms ago: executing program 2 (id=139): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e25, 0x1, @mcast2, 0x7}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)="80006466d3805699", 0x8, 0x20004840, 0x0, 0x0) 185.190912ms ago: executing program 2 (id=140): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) unshare(0xc040400) 163.935343ms ago: executing program 2 (id=141): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) 150.051644ms ago: executing program 1 (id=142): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r7 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r7, 0x40087703, 0x3) lseek(r7, 0x4, 0x1) 99.737396ms ago: executing program 1 (id=143): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00), 0x0, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) 99.274346ms ago: executing program 2 (id=144): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000280)={{0x100a, 0xfffc, 0x0, 0x4}, 'syz0\x00', 0x3a}) ioctl$UI_DEV_CREATE(r4, 0x5501) 21.380499ms ago: executing program 2 (id=145): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r6, r7, &(0x7f0000fda000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, 0x0}], 0x1, 0x10, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 0s ago: executing program 1 (id=146): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r1, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x400, 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x84022, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.173' (ED25519) to the list of known hosts. [ 26.812676][ T36] audit: type=1400 audit(1763535625.930:64): avc: denied { mounton } for pid=283 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.814288][ T283] cgroup: Unknown subsys name 'net' [ 26.835584][ T36] audit: type=1400 audit(1763535625.930:65): avc: denied { mount } for pid=283 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.862888][ T36] audit: type=1400 audit(1763535625.960:66): avc: denied { unmount } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.863122][ T283] cgroup: Unknown subsys name 'devices' [ 27.004532][ T283] cgroup: Unknown subsys name 'hugetlb' [ 27.010189][ T283] cgroup: Unknown subsys name 'rlimit' [ 27.206142][ T36] audit: type=1400 audit(1763535626.320:67): avc: denied { setattr } for pid=283 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.229443][ T36] audit: type=1400 audit(1763535626.320:68): avc: denied { mounton } for pid=283 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.241609][ T285] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 27.254519][ T36] audit: type=1400 audit(1763535626.320:69): avc: denied { mount } for pid=283 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 27.285988][ T36] audit: type=1400 audit(1763535626.390:70): avc: denied { relabelto } for pid=285 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.311519][ T36] audit: type=1400 audit(1763535626.390:71): avc: denied { write } for pid=285 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.341609][ T36] audit: type=1400 audit(1763535626.460:72): avc: denied { read } for pid=283 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.367254][ T36] audit: type=1400 audit(1763535626.460:73): avc: denied { open } for pid=283 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.367736][ T283] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 29.567913][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.575030][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.582119][ T291] bridge_slave_0: entered allmulticast mode [ 29.588640][ T291] bridge_slave_0: entered promiscuous mode [ 29.596964][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.604311][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.611469][ T291] bridge_slave_1: entered allmulticast mode [ 29.617916][ T291] bridge_slave_1: entered promiscuous mode [ 29.652382][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.659444][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.666553][ T292] bridge_slave_0: entered allmulticast mode [ 29.672884][ T292] bridge_slave_0: entered promiscuous mode [ 29.687467][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.694541][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.701629][ T292] bridge_slave_1: entered allmulticast mode [ 29.708071][ T292] bridge_slave_1: entered promiscuous mode [ 29.754605][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.761675][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.769299][ T290] bridge_slave_0: entered allmulticast mode [ 29.775724][ T290] bridge_slave_0: entered promiscuous mode [ 29.790420][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.797609][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.804974][ T290] bridge_slave_1: entered allmulticast mode [ 29.811227][ T290] bridge_slave_1: entered promiscuous mode [ 29.823814][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.830891][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.838013][ T293] bridge_slave_0: entered allmulticast mode [ 29.844367][ T293] bridge_slave_0: entered promiscuous mode [ 29.861089][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.868170][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.875306][ T293] bridge_slave_1: entered allmulticast mode [ 29.881616][ T293] bridge_slave_1: entered promiscuous mode [ 30.017869][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.024947][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.032281][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.039401][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.049394][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.056555][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.096022][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.103115][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.110395][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.117456][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.128443][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.135612][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.142910][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.149936][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.173010][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.180483][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.188013][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.196050][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.203330][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.210503][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.217879][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.235663][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.242806][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.250460][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.257541][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.288851][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.295975][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.313204][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.320282][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.328225][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.335300][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.355281][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.362457][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.378543][ T291] veth0_vlan: entered promiscuous mode [ 30.389569][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.396653][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.404531][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.411684][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.435525][ T291] veth1_macvtap: entered promiscuous mode [ 30.465850][ T292] veth0_vlan: entered promiscuous mode [ 30.487521][ T290] veth0_vlan: entered promiscuous mode [ 30.498163][ T291] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 30.500956][ T290] veth1_macvtap: entered promiscuous mode [ 30.526749][ T293] veth0_vlan: entered promiscuous mode [ 30.551933][ T333] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1'. [ 30.568765][ T292] veth1_macvtap: entered promiscuous mode [ 30.588927][ T293] veth1_macvtap: entered promiscuous mode [ 30.833454][ T366] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 31.436353][ T425] capability: warning: `syz.3.44' uses 32-bit capabilities (legacy support in use) [ 32.604679][ T36] kauditd_printk_skb: 34 callbacks suppressed [ 32.604697][ T36] audit: type=1400 audit(1763535631.720:108): avc: denied { remount } for pid=461 comm="syz.2.61" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 32.652376][ T36] audit: type=1400 audit(1763535631.750:109): avc: denied { unmount } for pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 34.952382][ T36] audit: type=1400 audit(1763535634.060:110): avc: denied { name_bind } for pid=585 comm="syz.1.123" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 35.306428][ T36] audit: type=1400 audit(1763535634.410:111): avc: denied { write } for pid=591 comm="syz.0.124" name="tcp" dev="proc" ino=4026532476 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 35.349367][ T36] audit: type=1400 audit(1763535634.450:112): avc: denied { name_bind } for pid=591 comm="syz.0.124" src=28194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 35.391325][ T36] audit: type=1400 audit(1763535634.450:113): avc: denied { node_bind } for pid=591 comm="syz.0.124" src=28194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 35.450453][ T36] audit: type=1400 audit(1763535634.550:114): avc: denied { create } for pid=594 comm="syz.0.127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 35.492199][ T36] audit: type=1400 audit(1763535634.550:115): avc: denied { connect } for pid=594 comm="syz.0.127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 35.532214][ T36] audit: type=1400 audit(1763535634.560:116): avc: denied { write } for pid=594 comm="syz.0.127" laddr=fe80::6477:46ff:fe35:463b lport=1 faddr=ff02::1 fport=20005 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 35.774337][ T36] audit: type=1400 audit(1763535634.890:117): avc: denied { create } for pid=606 comm="syz.2.126" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1 [ 35.829163][ T609] 9pnet_fd: Insufficient options for proto=fd [ 36.442381][ T290] ------------[ cut here ]------------ [ 36.447914][ T290] WARNING: CPU: 1 PID: 290 at fs/inode.c:340 drop_nlink+0xce/0x110 [ 36.455924][ T290] Modules linked in: [ 36.459870][ T290] CPU: 1 UID: 0 PID: 290 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 36.471599][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 36.481778][ T290] RIP: 0010:drop_nlink+0xce/0x110 [ 36.487058][ T290] Code: 04 00 00 be 08 00 00 00 e8 cf 54 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 32 e4 97 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c [ 36.506866][ T290] RSP: 0018:ffffc9000b68fc60 EFLAGS: 00010293 [ 36.512989][ T290] RAX: ffffffff81ee1a7e RBX: ffff88811b3f3bf0 RCX: ffff8881230d1300 [ 36.520999][ T290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 36.529124][ T290] RBP: ffffc9000b68fc88 R08: 0000000000000003 R09: 0000000000000004 [ 36.537166][ T290] R10: dffffc0000000000 R11: fffff520016d1f7c R12: dffffc0000000000 [ 36.545185][ T290] R13: 1ffff1102367e787 R14: ffff88811b3f3c38 R15: 0000000000000000 [ 36.553290][ T290] FS: 00005555652a5500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 36.562303][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.568937][ T290] CR2: 00005555652c84e8 CR3: 000000011fd68000 CR4: 00000000003526b0 [ 36.576984][ T290] Call Trace: [ 36.580293][ T290] [ 36.583266][ T290] shmem_rmdir+0x5f/0x90 [ 36.587548][ T290] vfs_rmdir+0x3dd/0x560 [ 36.591826][ T290] incfs_kill_sb+0x109/0x230 [ 36.596498][ T290] deactivate_locked_super+0xd5/0x2a0 [ 36.601997][ T290] deactivate_super+0xb8/0xe0 [ 36.606738][ T290] cleanup_mnt+0x3f1/0x480 [ 36.611190][ T290] __cleanup_mnt+0x1d/0x40 [ 36.615657][ T290] task_work_run+0x1e0/0x250 [ 36.620277][ T290] ? __cfi_task_work_run+0x10/0x10 [ 36.625439][ T290] ? __x64_sys_umount+0x126/0x170 [ 36.630502][ T290] ? __cfi___x64_sys_umount+0x10/0x10 [ 36.635972][ T290] ? __kasan_check_read+0x15/0x20 [ 36.641125][ T290] resume_user_mode_work+0x36/0x50 [ 36.646332][ T290] syscall_exit_to_user_mode+0x64/0xb0 [ 36.651827][ T290] do_syscall_64+0x64/0xf0 [ 36.656373][ T290] ? clear_bhb_loop+0x50/0xa0 [ 36.661099][ T290] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 36.667104][ T290] RIP: 0033:0x7fd84e5909f7 [ 36.671562][ T290] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 36.691241][ T290] RSP: 002b:00007ffd78d57418 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 36.699713][ T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd84e5909f7 [ 36.707755][ T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd78d574d0 [ 36.715786][ T290] RBP: 00007ffd78d574d0 R08: 0000000000000000 R09: 0000000000000000 [ 36.723854][ T290] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd78d58560 [ 36.731869][ T290] R13: 00007fd84e611d7d R14: 0000000000008e31 R15: 00007ffd78d585a0 [ 36.740139][ T290] [ 36.743238][ T290] ---[ end trace 0000000000000000 ]--- [ 36.749100][ T290] ================================================================== [ 36.757213][ T290] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 [ 36.763531][ T290] Write of size 4 at addr 0000000000000168 by task syz-executor/290 [ 36.771543][ T290] [ 36.773894][ T290] CPU: 1 UID: 0 PID: 290 Comm: syz-executor Tainted: G W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 36.773930][ T290] Tainted: [W]=WARN [ 36.773938][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 36.773951][ T290] Call Trace: [ 36.773959][ T290] [ 36.773968][ T290] __dump_stack+0x21/0x30 [ 36.774003][ T290] dump_stack_lvl+0x10c/0x190 [ 36.774032][ T290] ? __cfi_dump_stack_lvl+0x10/0x10 [ 36.774064][ T290] print_report+0x3d/0x70 [ 36.774088][ T290] kasan_report+0x163/0x1a0 [ 36.774114][ T290] ? ihold+0x24/0x70 [ 36.774138][ T290] ? _raw_spin_unlock+0x45/0x60 [ 36.774169][ T290] ? ihold+0x24/0x70 [ 36.774192][ T290] kasan_check_range+0x299/0x2a0 [ 36.774219][ T290] __kasan_check_write+0x18/0x20 [ 36.774252][ T290] ihold+0x24/0x70 [ 36.774275][ T290] vfs_rmdir+0x26a/0x560 [ 36.774304][ T290] incfs_kill_sb+0x109/0x230 [ 36.774339][ T290] deactivate_locked_super+0xd5/0x2a0 [ 36.774368][ T290] deactivate_super+0xb8/0xe0 [ 36.774396][ T290] cleanup_mnt+0x3f1/0x480 [ 36.774422][ T290] __cleanup_mnt+0x1d/0x40 [ 36.774445][ T290] task_work_run+0x1e0/0x250 [ 36.774471][ T290] ? __cfi_task_work_run+0x10/0x10 [ 36.774497][ T290] ? __x64_sys_umount+0x126/0x170 [ 36.774528][ T290] ? __cfi___x64_sys_umount+0x10/0x10 [ 36.774559][ T290] ? __kasan_check_read+0x15/0x20 [ 36.774592][ T290] resume_user_mode_work+0x36/0x50 [ 36.774619][ T290] syscall_exit_to_user_mode+0x64/0xb0 [ 36.774644][ T290] do_syscall_64+0x64/0xf0 [ 36.774672][ T290] ? clear_bhb_loop+0x50/0xa0 [ 36.774696][ T290] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 36.774719][ T290] RIP: 0033:0x7fd84e5909f7 [ 36.774737][ T290] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 36.774756][ T290] RSP: 002b:00007ffd78d57418 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 36.774780][ T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd84e5909f7 [ 36.774795][ T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd78d574d0 [ 36.774809][ T290] RBP: 00007ffd78d574d0 R08: 0000000000000000 R09: 0000000000000000 [ 36.774823][ T290] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd78d58560 [ 36.774844][ T290] R13: 00007fd84e611d7d R14: 0000000000008e31 R15: 00007ffd78d585a0 [ 36.774863][ T290] [ 36.774871][ T290] ================================================================== [ 37.020724][ T290] Disabling lock debugging due to kernel taint [ 37.027006][ T290] BUG: kernel NULL pointer dereference, address: 0000000000000168 [ 37.034835][ T290] #PF: supervisor write access in kernel mode [ 37.040920][ T290] #PF: error_code(0x0002) - not-present page [ 37.046914][ T290] PGD 8000000133d34067 P4D 8000000133d34067 PUD 0 [ 37.053440][ T290] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 37.059570][ T290] CPU: 1 UID: 0 PID: 290 Comm: syz-executor Tainted: G B W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 37.072716][ T290] Tainted: [B]=BAD_PAGE, [W]=WARN [ 37.077742][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 37.087803][ T290] RIP: 0010:ihold+0x2a/0x70 [ 37.092339][ T290] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 37.112064][ T290] RSP: 0018:ffffc9000b68fca0 EFLAGS: 00010246 [ 37.118159][ T290] RAX: ffff8881230d1300 RBX: 0000000000000000 RCX: ffff8881230d1300 [ 37.126148][ T290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 37.134128][ T290] RBP: ffffc9000b68fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 37.142110][ T290] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88811b3f3bfc [ 37.150116][ T290] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 37.158095][ T290] FS: 00005555652a5500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 37.167027][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.173632][ T290] CR2: 0000000000000168 CR3: 000000011fd68000 CR4: 00000000003526b0 [ 37.181717][ T290] Call Trace: [ 37.185007][ T290] [ 37.187945][ T290] vfs_rmdir+0x26a/0x560 [ 37.192213][ T290] incfs_kill_sb+0x109/0x230 [ 37.196847][ T290] deactivate_locked_super+0xd5/0x2a0 [ 37.202231][ T290] deactivate_super+0xb8/0xe0 [ 37.206921][ T290] cleanup_mnt+0x3f1/0x480 [ 37.211361][ T290] __cleanup_mnt+0x1d/0x40 [ 37.215790][ T290] task_work_run+0x1e0/0x250 [ 37.220398][ T290] ? __cfi_task_work_run+0x10/0x10 [ 37.225526][ T290] ? __x64_sys_umount+0x126/0x170 [ 37.230565][ T290] ? __cfi___x64_sys_umount+0x10/0x10 [ 37.235954][ T290] ? __kasan_check_read+0x15/0x20 [ 37.241007][ T290] resume_user_mode_work+0x36/0x50 [ 37.246132][ T290] syscall_exit_to_user_mode+0x64/0xb0 [ 37.251618][ T290] do_syscall_64+0x64/0xf0 [ 37.256054][ T290] ? clear_bhb_loop+0x50/0xa0 [ 37.260759][ T290] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 37.266667][ T290] RIP: 0033:0x7fd84e5909f7 [ 37.271091][ T290] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 37.290711][ T290] RSP: 002b:00007ffd78d57418 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 37.299134][ T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd84e5909f7 [ 37.307120][ T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd78d574d0 [ 37.315107][ T290] RBP: 00007ffd78d574d0 R08: 0000000000000000 R09: 0000000000000000 [ 37.323089][ T290] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd78d58560 [ 37.331077][ T290] R13: 00007fd84e611d7d R14: 0000000000008e31 R15: 00007ffd78d585a0 [ 37.339146][ T290] [ 37.342170][ T290] Modules linked in: [ 37.346068][ T290] CR2: 0000000000000168 [ 37.350219][ T290] ---[ end trace 0000000000000000 ]--- [ 37.355684][ T290] RIP: 0010:ihold+0x2a/0x70 [ 37.360204][ T290] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 37.379819][ T290] RSP: 0018:ffffc9000b68fca0 EFLAGS: 00010246 [ 37.385899][ T290] RAX: ffff8881230d1300 RBX: 0000000000000000 RCX: ffff8881230d1300 [ 37.393874][ T290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 37.401859][ T290] RBP: ffffc9000b68fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 37.409872][ T290] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88811b3f3bfc [ 37.417855][ T290] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 37.425835][ T290] FS: 00005555652a5500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 37.434774][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.441371][ T290] CR2: 0000000000000168 CR3: 000000011fd68000 CR4: 00000000003526b0 [ 37.449358][ T290] Kernel panic - not syncing: Fatal exception [ 37.455746][ T290] Kernel Offset: disabled [ 37.460073][ T290] Rebooting in 86400 seconds..