Extracting prog: 6m41.612896279s
Minimizing prog: 29m22.915148547s
Simplifying prog options: 0s
Extracting C: 39.113691192s
Simplifying C: 14m21.525471785s


extracting reproducer from 27 programs
testing a last program of every proc
single: executing 7 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_init_net_socket$bt_sco-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-mmap-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-ioctl$SIOCGSTAMPNS-socket$inet6-openat$sysfs-openat$cgroup_ro-bind$inet6-listen-mount$binderfs
detailed listing:
executing program 0:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000003, 0x13, r3, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000000c0)={[0x2, 0x0, 0x9, 0x109e96, 0x20000000200, 0xb6, 0x4d, 0x401, 0x5, 0xfffffffffffffff8, 0x48d6, 0xfc, 0x6, 0x4, 0x9], 0xd5d5c004, 0x4004})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000000))
r4 = socket$inet6(0xa, 0x3, 0xff)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_trace_dev_match', 0x109000, 0x0)
openat$cgroup_ro(r5, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x0, 0x0)
bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e21, 0x2a, @mcast1, 0x8}, 0x1c)
listen(r0, 0x26a)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[@ANYBLOB='defcontext=\"'])

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CLEAR_DIRTY_LOG-socket$inet6-mprotect-sendmmsg-mkdir-mount$incfs-openat-openat$incfs-ioctl$TIOCL_GETKMSGREDIRECT-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-ioctl$KVM_SET_CPUID2-syz_clone-ptrace-openat$kvm-ptrace$setregs-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_DEVICE-ptrace$getregset-prctl$PR_SET_SECCOMP-ptrace$getregset-socket$inet6-socket$netlink-sendmsg$netlink-setsockopt$sock_int-ioctl$KVM_RUN-close_range
detailed listing:
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1b3f81, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, &(0x7f0000000180)=[0x6bd1a312, 0x100000000, 0xff, 0x8, 0x98bd, 0x800000000000009, 0x0, 0x9, 0x10000, 0x7, 0x9004, 0x9, 0x8, 0x9, 0x4, 0x49, 0x3ff, 0x5, 0x9020, 0x1, 0x8, 0x7, 0xc1, 0x5, 0x7ff, 0x7, 0x6, 0x9, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x5, 0x7, 0x4, 0x3, 0x9, 0x888f, 0x1, 0x4, 0x46, 0x6, 0x10000000000003, 0xa3de, 0x3, 0x8, 0x1ff, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x6, 0x0, 0x200e6, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x40000005, 0x7, 0x9, 0xd, 0x10001, 0xbbd9, 0x80000000, 0xfffffffffffffc00, 0x2, 0x7, 0x2, 0xcdc, 0x4000000007, 0x2, 0x3, 0x2, 0x2, 0xfff, 0x6, 0x8, 0x1, 0xab6, 0x97, 0x8, 0x0, 0x3007, 0x9, 0x0, 0x8006, 0x28000000, 0x5, 0x8061f, 0x2, 0x7, 0xf6, 0x4, 0x6, 0x204, 0x7, 0xe53e, 0x4, 0x9, 0x2293332f, 0x6, 0x105, 0x1e, 0x0, 0x2, 0x5, 0xfffffffffefffffb, 0x2, 0x7, 0xdfd4, 0xfffd, 0x10, 0x5, 0x8, 0x1, 0x53e0f0fe, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffe, 0xa693, 0xcc, 0x1, 0x3]})
r3 = socket$inet6(0xa, 0x80003, 0x6)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
sendmmsg(r3, &(0x7f0000003780), 0x0, 0x9200000020040010)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x2010800, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c)
r5 = openat$incfs(r4, &(0x7f00000001c0)='.pending_reads\x00', 0x0, 0x130)
ioctl$TIOCL_GETKMSGREDIRECT(r5, 0x40106726, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f000015c000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x5e, 0x0, 0x0)
ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f00000002c0)=ANY=[])
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r7)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ptrace$setregs(0xd, r7, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x1)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x1, 0xffffffffffffffff, 0x1})
ptrace$getregset(0x4205, r7, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x20, 0x0})
ptrace$getregset(0x4204, r7, 0x2, &(0x7f0000000740)={0x0})
r10 = socket$inet6(0xa, 0x2, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r11, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="280000001000010000feffff210100000008002700e00000020000005a2800000000000000001000"], 0x28}], 0x1}, 0x0)
setsockopt$sock_int(r10, 0x1, 0x2a, &(0x7f0000000300)=0x9, 0x4)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): accept$nfc_llcp-recvmmsg-socket$inet6_tcp-getsockopt$bt_hci-pwritev-openat$kvm-syz_io_uring_setup-ioctl$KVM_CREATE_VM-dup-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-getsockopt$bt_hci-ioctl$KVM_RUN-mount
detailed listing:
executing program 0:
r0 = accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000080)=0x60)
recvmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f00000001c0)=@qipcrtr, 0x80, &(0x7f0000000340)=[{&(0x7f0000000240)=""/201, 0xc9}], 0x1, &(0x7f0000000380)=""/179, 0xb3}, 0x4}, {{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000440)=""/67, 0x43}, {&(0x7f00000004c0)=""/90, 0x5a}, {&(0x7f0000000540)=""/146, 0x92}], 0x3, &(0x7f0000000640)=""/177, 0xb1}, 0x7f}, {{&(0x7f0000000700)=@hci, 0x80, &(0x7f0000001880)=[{&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f0000001780)=""/94, 0x5e}, {&(0x7f0000001800)=""/94, 0x5e}], 0x3, &(0x7f00000018c0)=""/219, 0xdb}, 0x2}], 0x3, 0x40, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$bt_hci(r1, 0x0, 0x1, 0x0, &(0x7f0000000180))
pwritev(r0, &(0x7f0000001fc0)=[{&(0x7f0000001b80)="99b12a1ffed3006f8b342e5557410a035a3a7d784f85c5f41615b8b980", 0x1d}, {&(0x7f0000001bc0)="5003c2d1d9595073bb8ad04b6c6a984472fdf0fd1005bd1a692b353c5222880dcb6c5729d18b56d49a08fa0adca4699d5d5ac0588400672b8eac28b9a19638dbaf8b14075c88f99e7fb6af17b305e86f963ca9de54508501433a08a5f17d163c94a258c945414cf3652341d43650e5b0f448fa986fc453c370", 0x79}, {&(0x7f0000001c40)="89e1e3798def4e831121bfea729b44cbe863a5317e65541414905a23ecb8fe48ae056472c1a67b0126d01ab07ea394fd14ed7febb9ea1dfedc684dfb1110d562cec3de134140d5cdc815dfe1bb6f4fff84b36834625fce6a182e3136e7123639c8dfa407ddea80749ae26b4548b77620bf7207e474dc20e9056b21d515c69d70f9ebb68432be8d7cdaa5d96400c5cdbb6e7d34b1dd1091fb71b0f640fce112", 0x9f}, {&(0x7f0000001d00)="74d0f51576293e5af1ce5addba43cf52d0f69fac63205b7550c94abc2d0ba143abe81a6d5941ee4540c91fcc80cbdd50a2751d8b16ddf128883da1f62e", 0x3d}, {&(0x7f0000001d40)="8f916935f5c180da335643f4d30cd29e439afbd1db4ab37c27e43b0a0eba6347574f65503aa3e4a5647bb220a71e961e11ebd72b1edd7b3fbc76bc8def94fc70afca82a99fa32222496aff91ee369b8fc9ff0992b683f84ec5aa2d", 0x5b}, {&(0x7f0000001dc0)="cdcca873be169d128919db88881a4ba34f5e06eac5406fc1b050de4c80ec2308773cd2cae1446053adc25e8ba0f0a5247bc091265fdf2c4c8c837d654a897fcb00cc056516e03b9c052d4786aaa3ee9f3683e6b0e7a85446d22586549e6f0542491661dbb1f0fc445bf79a43b352fc40cb74412fc8ce67025bcaf47ce2b25171f5217069a7c9cc61f35ce5dbfd7812854dab46052398e5a9c6b33a56dfd785005e", 0xa1}, {&(0x7f0000001e80)="79df5def37419c44c872419a4795a0018f5a3305c73ef49c827830252e5bab0f0653fbacd60951c1ed3515ea5ecce4b4aa25a8bfa44cd1f327dbd949b4cefac176eb337a6575dd3c2d6ba4a299e4e046072b87f3f4a8248ca50737e0b3b2cc5ea1625bfcc444412bcd6eca82f1b37d9cbcb9af0dd7dcdc4cd929bad48433d893d914c481e26f3b50e7c5b80b6b1d6d512f365975e407e64b449e38542ae03252ccdae0521da633fb09de8794b880b8be5034df1805522858978005bc62149628f1bc761d5bb10742c3ed6f8af6b24bc43b7f5a14728c2e8255e98bc51f707b1f1a484301e5c6103d3358d211e3fd05e446c8b3", 0xf3}, {&(0x7f0000001f80)="31fba29ae90c71033078c4b014bf4fa0183b1bad", 0x14}], 0x8, 0x7341, 0x3)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_io_uring_setup(0xefd, &(0x7f0000000080)={0x0, 0x0, 0x2000, 0x0, 0x2e3}, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x27, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
getsockopt$bt_hci(r1, 0x0, 0x0, &(0x7f0000001a80)=""/187, &(0x7f0000001b40)=0xbb)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='ext3\x00', 0x208003, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_init_net_socket$bt_sco-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-mmap-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-ioctl$SIOCGSTAMPNS-socket$inet6-openat$sysfs-openat$cgroup_ro-bind$inet6-listen-mount$binderfs
detailed listing:
executing program 0:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000003, 0x13, r3, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000000c0)={[0x2, 0x0, 0x9, 0x109e96, 0x20000000200, 0xb6, 0x4d, 0x401, 0x5, 0xfffffffffffffff8, 0x48d6, 0xfc, 0x6, 0x4, 0x9], 0xd5d5c004, 0x4004})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000000))
r4 = socket$inet6(0xa, 0x3, 0xff)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_trace_dev_match', 0x109000, 0x0)
openat$cgroup_ro(r5, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x0, 0x0)
bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e21, 0x2a, @mcast1, 0x8}, 0x1c)
listen(r0, 0x26a)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[@ANYBLOB='defcontext=\"'])

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CLEAR_DIRTY_LOG-socket$inet6-mprotect-sendmmsg-mkdir-mount$incfs-openat-openat$incfs-ioctl$TIOCL_GETKMSGREDIRECT-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-ioctl$KVM_SET_CPUID2-syz_clone-ptrace-openat$kvm-ptrace$setregs-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_DEVICE-ptrace$getregset-prctl$PR_SET_SECCOMP-ptrace$getregset-socket$inet6-socket$netlink-sendmsg$netlink-setsockopt$sock_int-ioctl$KVM_RUN-close_range
detailed listing:
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1b3f81, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, &(0x7f0000000180)=[0x6bd1a312, 0x100000000, 0xff, 0x8, 0x98bd, 0x800000000000009, 0x0, 0x9, 0x10000, 0x7, 0x9004, 0x9, 0x8, 0x9, 0x4, 0x49, 0x3ff, 0x5, 0x9020, 0x1, 0x8, 0x7, 0xc1, 0x5, 0x7ff, 0x7, 0x6, 0x9, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x5, 0x7, 0x4, 0x3, 0x9, 0x888f, 0x1, 0x4, 0x46, 0x6, 0x10000000000003, 0xa3de, 0x3, 0x8, 0x1ff, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x6, 0x0, 0x200e6, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x40000005, 0x7, 0x9, 0xd, 0x10001, 0xbbd9, 0x80000000, 0xfffffffffffffc00, 0x2, 0x7, 0x2, 0xcdc, 0x4000000007, 0x2, 0x3, 0x2, 0x2, 0xfff, 0x6, 0x8, 0x1, 0xab6, 0x97, 0x8, 0x0, 0x3007, 0x9, 0x0, 0x8006, 0x28000000, 0x5, 0x8061f, 0x2, 0x7, 0xf6, 0x4, 0x6, 0x204, 0x7, 0xe53e, 0x4, 0x9, 0x2293332f, 0x6, 0x105, 0x1e, 0x0, 0x2, 0x5, 0xfffffffffefffffb, 0x2, 0x7, 0xdfd4, 0xfffd, 0x10, 0x5, 0x8, 0x1, 0x53e0f0fe, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffe, 0xa693, 0xcc, 0x1, 0x3]})
r3 = socket$inet6(0xa, 0x80003, 0x6)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
sendmmsg(r3, &(0x7f0000003780), 0x0, 0x9200000020040010)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x2010800, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c)
r5 = openat$incfs(r4, &(0x7f00000001c0)='.pending_reads\x00', 0x0, 0x130)
ioctl$TIOCL_GETKMSGREDIRECT(r5, 0x40106726, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r6, &(0x7f000015c000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x5e, 0x0, 0x0)
ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f00000002c0)=ANY=[])
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r7)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ptrace$setregs(0xd, r7, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x1)
ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x1, 0xffffffffffffffff, 0x1})
ptrace$getregset(0x4205, r7, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x20, 0x0})
ptrace$getregset(0x4204, r7, 0x2, &(0x7f0000000740)={0x0})
r10 = socket$inet6(0xa, 0x2, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r11, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="280000001000010000feffff210100000008002700e00000020000005a2800000000000000001000"], 0x28}], 0x1}, 0x0)
setsockopt$sock_int(r10, 0x1, 0x2a, &(0x7f0000000300)=0x9, 0x4)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise-syz_open_procfs-lseek-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_GET_MSRS_cpu-socket$inet_tcp-setuid-eventfd-fchmod-setsockopt$inet_tcp_int-setsockopt$inet_tcp_int-connect$inet-sendto$inet-mount$binderfs
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r0, 0x2000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x122, 0x0, 0x3}]})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setuid(0xee01)
r5 = eventfd(0x2)
fchmod(r5, 0xa0ffff)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r4, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r4, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', &(0x7f0000000140), 0x4a81, &(0x7f0000000040)={[{}]})

program crashed: WARNING in shmem_rmdir
single: successfully extracted reproducer
found reproducer with 22 syscalls
minimizing guilty program
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise-syz_open_procfs-lseek-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_GET_MSRS_cpu-socket$inet_tcp-setuid-eventfd-fchmod-setsockopt$inet_tcp_int-setsockopt$inet_tcp_int-connect$inet-sendto$inet
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r0, 0x2000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x122, 0x0, 0x3}]})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setuid(0xee01)
r5 = eventfd(0x2)
fchmod(r5, 0xa0ffff)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r4, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r4, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise-syz_open_procfs-lseek-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_GET_MSRS_cpu-socket$inet_tcp-setuid-eventfd-fchmod-setsockopt$inet_tcp_int-setsockopt$inet_tcp_int-connect$inet
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r0, 0x2000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x122, 0x0, 0x3}]})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setuid(0xee01)
r5 = eventfd(0x2)
fchmod(r5, 0xa0ffff)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r4, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r4, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise-syz_open_procfs-lseek-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_GET_MSRS_cpu-socket$inet_tcp-setuid-eventfd-fchmod-setsockopt$inet_tcp_int-setsockopt$inet_tcp_int
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r0, 0x2000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x122, 0x0, 0x3}]})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setuid(0xee01)
r5 = eventfd(0x2)
fchmod(r5, 0xa0ffff)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r4, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise-syz_open_procfs-lseek-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_GET_MSRS_cpu-socket$inet_tcp-setuid-eventfd-fchmod-setsockopt$inet_tcp_int
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r0, 0x2000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x122, 0x0, 0x3}]})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setuid(0xee01)
r5 = eventfd(0x2)
fchmod(r5, 0xa0ffff)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise-syz_open_procfs-lseek-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_GET_MSRS_cpu-socket$inet_tcp-setuid-eventfd-fchmod
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r0, 0x2000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x122, 0x0, 0x3}]})
socket$inet_tcp(0x2, 0x1, 0x0)
setuid(0xee01)
r4 = eventfd(0x2)
fchmod(r4, 0xa0ffff)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise-syz_open_procfs-lseek-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_GET_MSRS_cpu-socket$inet_tcp-setuid-eventfd
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r0, 0x2000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x122, 0x0, 0x3}]})
socket$inet_tcp(0x2, 0x1, 0x0)
setuid(0xee01)
eventfd(0x2)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise-syz_open_procfs-lseek-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_GET_MSRS_cpu-socket$inet_tcp-setuid
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r0, 0x2000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x122, 0x0, 0x3}]})
socket$inet_tcp(0x2, 0x1, 0x0)
setuid(0xee01)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise-syz_open_procfs-lseek-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_GET_MSRS_cpu-socket$inet_tcp
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r0, 0x2000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x122, 0x0, 0x3}]})
socket$inet_tcp(0x2, 0x1, 0x0)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise-syz_open_procfs-lseek-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_GET_MSRS_cpu
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r0, 0x2000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x122, 0x0, 0x3}]})

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise-syz_open_procfs-lseek-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r0, 0x2000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise-syz_open_procfs-lseek-openat$kvm-ioctl$KVM_CREATE_VM
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r0, 0x2000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise-syz_open_procfs-lseek-openat$kvm
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r0, 0x2000, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise-syz_open_procfs-lseek
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r0, 0x2000, 0x0)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise-syz_open_procfs
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom-madvise
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename-getrandom
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir-rename
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs-chdir
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir-mount$incfs
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mkdir
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)

program did not crash
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mount$incfs
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)

program did not crash
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
detailed listing:
executing program 0:
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)

program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
detailed listing:
executing program 0:
mkdir(0x0, 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)

program did not crash
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
detailed listing:
executing program 0:
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(0x0, &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)

program did not crash
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
detailed listing:
executing program 0:
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', 0x0, &(0x7f0000000840), 0x1004002, 0x0)

program did not crash
testing program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
detailed listing:
executing program 0:
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', 0x0, 0x1004002, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m2.517995839s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
program crashed: WARNING in shmem_rmdir
simplifying C reproducer
testing compiled C program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
program crashed: WARNING in shmem_rmdir
testing compiled C program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
program crashed: WARNING in shmem_rmdir
testing compiled C program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
program did not crash
testing compiled C program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
program crashed: WARNING in shmem_rmdir
testing compiled C program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
program crashed: WARNING in shmem_rmdir
testing compiled C program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
program crashed: WARNING in shmem_rmdir
testing compiled C program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
program crashed: WARNING in shmem_rmdir
testing compiled C program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
program crashed: WARNING in shmem_rmdir
testing compiled C program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
program crashed: WARNING in shmem_rmdir
testing compiled C program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
program did not crash
testing compiled C program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
program crashed: WARNING in shmem_rmdir
testing compiled C program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
program crashed: WARNING in shmem_rmdir
testing compiled C program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
program crashed: WARNING in shmem_rmdir
testing program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
detailed listing:
executing program 0:
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)

program crashed: WARNING in shmem_rmdir
validation run: crashed=true
testing program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
detailed listing:
executing program 0:
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)

program crashed: WARNING in shmem_rmdir
validation run: crashed=true
testing program (duration=1m2.517995839s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$incfs
detailed listing:
executing program 0:
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)

program crashed: WARNING in shmem_rmdir
validation run: crashed=true
reproducing took 54m6.003954173s
repro crashed as (corrupted=false):
veth0_vlan: entered promiscuous mode
veth1_macvtap: entered promiscuous mode
------------[ cut here ]------------
WARNING: CPU: 0 PID: 371 at fs/inode.c:340 drop_nlink+0xce/0x110 fs/inode.c:340
Modules linked in:
CPU: 0 UID: 0 PID: 371 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:drop_nlink+0xce/0x110 fs/inode.c:340
Code: 04 00 00 be 08 00 00 00 e8 cf 54 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 32 e4 97 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c
RSP: 0018:ffffc900010efc60 EFLAGS: 00010293
RAX: ffffffff81ee1a7e RBX: ffff8881160eb480 RCX: ffff88812729df00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900010efc88 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff5200021df7c R12: dffffc0000000000
R13: 1ffff11022c1d699 R14: ffff8881160eb4c8 R15: 0000000000000000
FS:  000055556ed79500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055556ed9c4e8 CR3: 0000000114780000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 shmem_rmdir+0x5f/0x90 mm/shmem.c:3733
 vfs_rmdir+0x3dd/0x560 fs/namei.c:4340
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd5/0x2a0 fs/super.c:476
 deactivate_super+0xb8/0xe0 fs/super.c:509
 cleanup_mnt+0x3f1/0x480 fs/namespace.c:1370
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1377
 task_work_run+0x1e0/0x250 kernel/task_work.c:240
 resume_user_mode_work+0x36/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x64/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x64/0xf0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f5ede1902f7
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffde8b8ab48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5ede1902f7
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde8b8ac00
RBP: 00007ffde8b8ac00 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffde8b8bc90
R13: 00007f5ede211d7d R14: 0000000000007997 R15: 00007ffde8b8bcd0
 </TASK>
---[ end trace 0000000000000000 ]---
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
BUG: KASAN: null-ptr-deref in atomic_inc_return include/linux/atomic/atomic-instrumented.h:453 [inline]
BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 fs/inode.c:452
Write of size 4 at addr 0000000000000168 by task syz-executor/371

CPU: 1 UID: 0 PID: 371 Comm: syz-executor Tainted: G        W          syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 __dump_stack+0x21/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0x10c/0x190 lib/dump_stack.c:120
 print_report+0x3d/0x70 mm/kasan/report.c:484
 kasan_report+0x163/0x1a0 mm/kasan/report.c:594
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x299/0x2a0 mm/kasan/generic.c:189
 __kasan_check_write+0x18/0x20 mm/kasan/shadow.c:37
 instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
 atomic_inc_return include/linux/atomic/atomic-instrumented.h:453 [inline]
 ihold+0x24/0x70 fs/inode.c:452
 d_delete_notify include/linux/fsnotify.h:357 [inline]
 vfs_rmdir+0x26a/0x560 fs/namei.c:4353
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd5/0x2a0 fs/super.c:476
 deactivate_super+0xb8/0xe0 fs/super.c:509
 cleanup_mnt+0x3f1/0x480 fs/namespace.c:1370
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1377
 task_work_run+0x1e0/0x250 kernel/task_work.c:240
 resume_user_mode_work+0x36/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x64/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x64/0xf0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f5ede1902f7
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffde8b8ab48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5ede1902f7
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde8b8ac00
RBP: 00007ffde8b8ac00 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffde8b8bc90
R13: 00007f5ede211d7d R14: 0000000000007997 R15: 00007ffde8b8bcd0
 </TASK>
==================================================================
BUG: kernel NULL pointer dereference, address: 0000000000000168
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 8000000127b45067 P4D 8000000127b45067 PUD 0 
Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI
CPU: 1 UID: 0 PID: 371 Comm: syz-executor Tainted: G    B   W          syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
Tainted: [B]=BAD_PAGE, [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:arch_atomic_add_return arch/x86/include/asm/atomic.h:85 [inline]
RIP: 0010:raw_atomic_add_return include/linux/atomic/atomic-arch-fallback.h:564 [inline]
RIP: 0010:raw_atomic_inc_return include/linux/atomic/atomic-arch-fallback.h:1020 [inline]
RIP: 0010:atomic_inc_return include/linux/atomic/atomic-instrumented.h:454 [inline]
RIP: 0010:ihold+0x2a/0x70 fs/inode.c:452
Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d
RSP: 0018:ffffc900010efca0 EFLAGS: 00010246
RAX: ffff88812729df00 RBX: 0000000000000000 RCX: ffff88812729df00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900010efcb0 R08: ffffffff88972947 R09: 1ffffffff112e528
R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff8881160eb48c
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
FS:  000055556ed79500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000168 CR3: 0000000114780000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 d_delete_notify include/linux/fsnotify.h:357 [inline]
 vfs_rmdir+0x26a/0x560 fs/namei.c:4353
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd5/0x2a0 fs/super.c:476
 deactivate_super+0xb8/0xe0 fs/super.c:509
 cleanup_mnt+0x3f1/0x480 fs/namespace.c:1370
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1377
 task_work_run+0x1e0/0x250 kernel/task_work.c:240
 resume_user_mode_work+0x36/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x64/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x64/0xf0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f5ede1902f7
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffde8b8ab48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5ede1902f7
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde8b8ac00
RBP: 00007ffde8b8ac00 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffde8b8bc90
R13: 00007f5ede211d7d R14: 0000000000007997 R15: 00007ffde8b8bcd0
 </TASK>
Modules linked in:
CR2: 0000000000000168
---[ end trace 0000000000000000 ]---
RIP: 0010:arch_atomic_add_return arch/x86/include/asm/atomic.h:85 [inline]
RIP: 0010:raw_atomic_add_return include/linux/atomic/atomic-arch-fallback.h:564 [inline]
RIP: 0010:raw_atomic_inc_return include/linux/atomic/atomic-arch-fallback.h:1020 [inline]
RIP: 0010:atomic_inc_return include/linux/atomic/atomic-instrumented.h:454 [inline]
RIP: 0010:ihold+0x2a/0x70 fs/inode.c:452
Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d
RSP: 0018:ffffc900010efca0 EFLAGS: 00010246
RAX: ffff88812729df00 RBX: 0000000000000000 RCX: ffff88812729df00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900010efcb0 R08: ffffffff88972947 R09: 1ffffffff112e528
R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff8881160eb48c
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
FS:  000055556ed79500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000168 CR3: 0000000114780000 CR4: 00000000003526b0
----------------
Code disassembly (best guess):
   0:	f3 0f 1e fa          	endbr64
   4:	55                   	push   %rbp
   5:	48 89 e5             	mov    %rsp,%rbp
   8:	41 56                	push   %r14
   a:	53                   	push   %rbx
   b:	48 89 fb             	mov    %rdi,%rbx
   e:	e8 1d db 97 ff       	call   0xff97db30
  13:	48 8d bb 68 01 00 00 	lea    0x168(%rbx),%rdi
  1a:	be 04 00 00 00       	mov    $0x4,%esi
  1f:	e8 8c 4b ee ff       	call   0xffee4bb0
  24:	41 be 01 00 00 00    	mov    $0x1,%r14d
* 2a:	f0 44 0f c1 b3 68 01 	lock xadd %r14d,0x168(%rbx) <-- trapping instruction
  31:	00 00
  33:	41 ff c6             	inc    %r14d
  36:	bf 02 00 00 00       	mov    $0x2,%edi
  3b:	44 89 f6             	mov    %r14d,%esi
  3e:	e8                   	.byte 0xe8
  3f:	2d                   	.byte 0x2d

final repro crashed as (corrupted=false):
veth0_vlan: entered promiscuous mode
veth1_macvtap: entered promiscuous mode
------------[ cut here ]------------
WARNING: CPU: 0 PID: 371 at fs/inode.c:340 drop_nlink+0xce/0x110 fs/inode.c:340
Modules linked in:
CPU: 0 UID: 0 PID: 371 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:drop_nlink+0xce/0x110 fs/inode.c:340
Code: 04 00 00 be 08 00 00 00 e8 cf 54 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 32 e4 97 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c
RSP: 0018:ffffc900010efc60 EFLAGS: 00010293
RAX: ffffffff81ee1a7e RBX: ffff8881160eb480 RCX: ffff88812729df00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900010efc88 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff5200021df7c R12: dffffc0000000000
R13: 1ffff11022c1d699 R14: ffff8881160eb4c8 R15: 0000000000000000
FS:  000055556ed79500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055556ed9c4e8 CR3: 0000000114780000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 shmem_rmdir+0x5f/0x90 mm/shmem.c:3733
 vfs_rmdir+0x3dd/0x560 fs/namei.c:4340
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd5/0x2a0 fs/super.c:476
 deactivate_super+0xb8/0xe0 fs/super.c:509
 cleanup_mnt+0x3f1/0x480 fs/namespace.c:1370
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1377
 task_work_run+0x1e0/0x250 kernel/task_work.c:240
 resume_user_mode_work+0x36/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x64/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x64/0xf0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f5ede1902f7
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffde8b8ab48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5ede1902f7
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde8b8ac00
RBP: 00007ffde8b8ac00 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffde8b8bc90
R13: 00007f5ede211d7d R14: 0000000000007997 R15: 00007ffde8b8bcd0
 </TASK>
---[ end trace 0000000000000000 ]---
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
BUG: KASAN: null-ptr-deref in atomic_inc_return include/linux/atomic/atomic-instrumented.h:453 [inline]
BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 fs/inode.c:452
Write of size 4 at addr 0000000000000168 by task syz-executor/371

CPU: 1 UID: 0 PID: 371 Comm: syz-executor Tainted: G        W          syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 __dump_stack+0x21/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0x10c/0x190 lib/dump_stack.c:120
 print_report+0x3d/0x70 mm/kasan/report.c:484
 kasan_report+0x163/0x1a0 mm/kasan/report.c:594
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x299/0x2a0 mm/kasan/generic.c:189
 __kasan_check_write+0x18/0x20 mm/kasan/shadow.c:37
 instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
 atomic_inc_return include/linux/atomic/atomic-instrumented.h:453 [inline]
 ihold+0x24/0x70 fs/inode.c:452
 d_delete_notify include/linux/fsnotify.h:357 [inline]
 vfs_rmdir+0x26a/0x560 fs/namei.c:4353
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd5/0x2a0 fs/super.c:476
 deactivate_super+0xb8/0xe0 fs/super.c:509
 cleanup_mnt+0x3f1/0x480 fs/namespace.c:1370
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1377
 task_work_run+0x1e0/0x250 kernel/task_work.c:240
 resume_user_mode_work+0x36/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x64/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x64/0xf0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f5ede1902f7
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffde8b8ab48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5ede1902f7
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde8b8ac00
RBP: 00007ffde8b8ac00 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffde8b8bc90
R13: 00007f5ede211d7d R14: 0000000000007997 R15: 00007ffde8b8bcd0
 </TASK>
==================================================================
BUG: kernel NULL pointer dereference, address: 0000000000000168
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 8000000127b45067 P4D 8000000127b45067 PUD 0 
Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI
CPU: 1 UID: 0 PID: 371 Comm: syz-executor Tainted: G    B   W          syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
Tainted: [B]=BAD_PAGE, [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:arch_atomic_add_return arch/x86/include/asm/atomic.h:85 [inline]
RIP: 0010:raw_atomic_add_return include/linux/atomic/atomic-arch-fallback.h:564 [inline]
RIP: 0010:raw_atomic_inc_return include/linux/atomic/atomic-arch-fallback.h:1020 [inline]
RIP: 0010:atomic_inc_return include/linux/atomic/atomic-instrumented.h:454 [inline]
RIP: 0010:ihold+0x2a/0x70 fs/inode.c:452
Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d
RSP: 0018:ffffc900010efca0 EFLAGS: 00010246
RAX: ffff88812729df00 RBX: 0000000000000000 RCX: ffff88812729df00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900010efcb0 R08: ffffffff88972947 R09: 1ffffffff112e528
R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff8881160eb48c
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
FS:  000055556ed79500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000168 CR3: 0000000114780000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 d_delete_notify include/linux/fsnotify.h:357 [inline]
 vfs_rmdir+0x26a/0x560 fs/namei.c:4353
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd5/0x2a0 fs/super.c:476
 deactivate_super+0xb8/0xe0 fs/super.c:509
 cleanup_mnt+0x3f1/0x480 fs/namespace.c:1370
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1377
 task_work_run+0x1e0/0x250 kernel/task_work.c:240
 resume_user_mode_work+0x36/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x64/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x64/0xf0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f5ede1902f7
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffde8b8ab48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5ede1902f7
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde8b8ac00
RBP: 00007ffde8b8ac00 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffde8b8bc90
R13: 00007f5ede211d7d R14: 0000000000007997 R15: 00007ffde8b8bcd0
 </TASK>
Modules linked in:
CR2: 0000000000000168
---[ end trace 0000000000000000 ]---
RIP: 0010:arch_atomic_add_return arch/x86/include/asm/atomic.h:85 [inline]
RIP: 0010:raw_atomic_add_return include/linux/atomic/atomic-arch-fallback.h:564 [inline]
RIP: 0010:raw_atomic_inc_return include/linux/atomic/atomic-arch-fallback.h:1020 [inline]
RIP: 0010:atomic_inc_return include/linux/atomic/atomic-instrumented.h:454 [inline]
RIP: 0010:ihold+0x2a/0x70 fs/inode.c:452
Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d
RSP: 0018:ffffc900010efca0 EFLAGS: 00010246
RAX: ffff88812729df00 RBX: 0000000000000000 RCX: ffff88812729df00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900010efcb0 R08: ffffffff88972947 R09: 1ffffffff112e528
R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff8881160eb48c
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
FS:  000055556ed79500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000168 CR3: 0000000114780000 CR4: 00000000003526b0
----------------
Code disassembly (best guess):
   0:	f3 0f 1e fa          	endbr64
   4:	55                   	push   %rbp
   5:	48 89 e5             	mov    %rsp,%rbp
   8:	41 56                	push   %r14
   a:	53                   	push   %rbx
   b:	48 89 fb             	mov    %rdi,%rbx
   e:	e8 1d db 97 ff       	call   0xff97db30
  13:	48 8d bb 68 01 00 00 	lea    0x168(%rbx),%rdi
  1a:	be 04 00 00 00       	mov    $0x4,%esi
  1f:	e8 8c 4b ee ff       	call   0xffee4bb0
  24:	41 be 01 00 00 00    	mov    $0x1,%r14d
* 2a:	f0 44 0f c1 b3 68 01 	lock xadd %r14d,0x168(%rbx) <-- trapping instruction
  31:	00 00
  33:	41 ff c6             	inc    %r14d
  36:	bf 02 00 00 00       	mov    $0x2,%edi
  3b:	44 89 f6             	mov    %r14d,%esi
  3e:	e8                   	.byte 0xe8
  3f:	2d                   	.byte 0x2d