last executing test programs:

349.414387ms ago: executing program 0 (id=1):
socket$unix(0x1, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000f3ff0000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000580)='kfree\x00'}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40810)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0xfffffffd)
r3 = eventfd2(0x0, 0x0)
io_setup(0x3, &(0x7f0000000080)=<r4=>0x0)
io_pgetevents(r4, 0x7, 0x7, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}], 0x0, 0x0)
io_submit(r4, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0xfff9, r2, 0x0, 0x0, 0x0, 0x0, 0x3, r3}, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x7, 0x0, r3, 0x0}])

165.218535ms ago: executing program 4 (id=5):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000074"], 0x50)
r1 = syz_open_dev$loop(&(0x7f0000000200), 0x4, 0x40100)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000300), 0x8f, 0x40240)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000001280)={r2, 0x0, {0x2a12, 0x80010000, 0x0, 0x4, 0x8, 0x0, 0x0, 0x3, 0x11, "fee8a2ab78fc179fd1f809000000aca7ca64c6a4b4e00d9683dda1af01000000deff1200100000000000000000000000000800", "2809e8dbe1b22d0000b420a1a93c7540f476779e0117613dd4070000ebff08000000000000000000020000000800000000faffffff00", "e7460000102000000000e4440000002000000000000000000000008bd02800", [0xdd, 0xffffffffffffffff]}})
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
rt_sigsuspend(&(0x7f0000000000)={[0x1]}, 0x8)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in=@private=0xa010101, @in=@loopback, 0x0, 0x20, 0x2001, 0x2, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x400000000, 0x3, 0x0, 0xffffffffffffffff, 0x40000, 0xffffffff}, {}, 0x0, 0x4}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffffff, 0x6c}, 0x2, @in=@dev={0xac, 0x14, 0x14, 0x37}, 0x3507, 0x0, 0x3, 0x0, 0xe, 0x4000000, 0x3}}, 0xe8)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000000)="0f20e06635400000000f22e00f237e3e660f124bfab853058ec80f01ca0f20d86635080000000f22d80f01cad838ddeff20f58f3", 0xfffffffffffffe3c}], 0x1, 0x2, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x5000, 0x8563, 0x9, 0xffff, 0x0, [{0x80, 0x7, 0x0, '\x00', 0x5}, {0x10, 0x1, 0xc, '\x00', 0xee}, {0x2, 0x4, 0x7, '\x00', 0x4}, {0x5, 0x9, 0x6, '\x00', 0x3}, {0x2d, 0x9, 0x5, '\x00', 0x5}, {0x0, 0x1, 0xa3}, {0x2, 0x8, 0x8, '\x00', 0x5}, {0xfb, 0x3, 0xfb, '\x00', 0x7}, {0x1, 0x2, 0x7, '\x00', 0x76}, {0xa5, 0x5e, 0x42, '\x00', 0x1}, {0x7, 0x5, 0x5, '\x00', 0xf8}, {0x6f, 0x40, 0x2, '\x00', 0x3}, {0xb8, 0x7, 0x8, '\x00', 0xd}, {0xc, 0x5, 0xf, '\x00', 0x6}, {0x6, 0xad, 0x0, '\x00', 0x9}, {0x4, 0x4, 0xfb, '\x00', 0xc7}, {0x40, 0xe, 0x7d, '\x00', 0x6}, {0x7, 0x8, 0x6, '\x00', 0x5}, {0x29, 0xb, 0xd, '\x00', 0x8}, {0x8, 0x9, 0x9, '\x00', 0xd}, {0x7, 0x3, 0x7f, '\x00', 0x80}, {0x9, 0x2, 0x6, '\x00', 0x9}, {0xda, 0x7, 0x2, '\x00', 0x2}, {0x2, 0xf8, 0xd, '\x00', 0x6}]}})

137.848697ms ago: executing program 2 (id=3):
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x521102, 0x11e}, 0x18)
mkdirat(r0, &(0x7f0000000240)='./file0\x00', 0x16)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="160000000000000005000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000bc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r4}, 0x10)
getxattr(0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r2}, 0x9)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000340)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="df4800000000000000000c0000002c0003802800038014000180080001000200000005000200000000001000012bbe0002007369743000000000180001801400020073697430"], 0x58}}, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000100)={0x200000, 0x100, 0x7}, 0x18)
rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00')

66.910054ms ago: executing program 1 (id=2):
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
syz_usb_connect(0x2, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x0)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
sendmsg$NL80211_CMD_SET_WDS_PEER(0xffffffffffffffff, 0x0, 0x48005)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000300)={&(0x7f0000803000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000240)=""/29, 0x1d, 0x0, &(0x7f00000002c0)=""/60, 0x3c}, &(0x7f0000000340)=0x40)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000001c0)={'bridge0\x00', 0x20})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010024bd7000fc0ddf2500000000", @ANYRES32=0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0)
write$tun(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="020304000100090104006bd648c610112f01fe80000000000000000000000000002eff020000000000000000000000000001042022eb"], 0x1043)

0s ago: executing program 2 (id=6):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002060207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x202)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x18)
r5 = socket$netlink(0x10, 0x3, 0xc)
r6 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r6, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000200), 0x4)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x64, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffff639c}]}, 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r5, 0x0, 0x0)
dup(r0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.18' (ED25519) to the list of known hosts.
[   20.163968][   T28] audit: type=1400 audit(1766312511.197:64): avc:  denied  { mounton } for  pid=275 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   20.164965][  T275] cgroup: Unknown subsys name 'net'
[   20.186856][   T28] audit: type=1400 audit(1766312511.197:65): avc:  denied  { mount } for  pid=275 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   20.214308][   T28] audit: type=1400 audit(1766312511.227:66): avc:  denied  { unmount } for  pid=275 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   20.214439][  T275] cgroup: Unknown subsys name 'devices'
[   20.358793][  T275] cgroup: Unknown subsys name 'hugetlb'
[   20.364408][  T275] cgroup: Unknown subsys name 'rlimit'
[   20.466341][   T28] audit: type=1400 audit(1766312511.497:67): avc:  denied  { setattr } for  pid=275 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   20.489669][   T28] audit: type=1400 audit(1766312511.497:68): avc:  denied  { mounton } for  pid=275 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   20.494926][  T277] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   20.514608][   T28] audit: type=1400 audit(1766312511.497:69): avc:  denied  { mount } for  pid=275 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   20.546374][   T28] audit: type=1400 audit(1766312511.567:70): avc:  denied  { relabelto } for  pid=277 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.571976][   T28] audit: type=1400 audit(1766312511.567:71): avc:  denied  { write } for  pid=277 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.579131][  T275] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   20.597593][   T28] audit: type=1400 audit(1766312511.617:72): avc:  denied  { read } for  pid=275 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.632314][   T28] audit: type=1400 audit(1766312511.617:73): avc:  denied  { open } for  pid=275 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   23.187479][  T283] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.194584][  T283] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.202204][  T283] device bridge_slave_0 entered promiscuous mode
[   23.210254][  T283] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.217361][  T283] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.224830][  T283] device bridge_slave_1 entered promiscuous mode
[   23.326319][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.333428][  T284] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.340950][  T284] device bridge_slave_0 entered promiscuous mode
[   23.349223][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.356269][  T284] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.363807][  T284] device bridge_slave_1 entered promiscuous mode
[   23.431983][  T286] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.439054][  T286] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.446537][  T286] device bridge_slave_0 entered promiscuous mode
[   23.453284][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.460336][  T285] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.467760][  T285] device bridge_slave_0 entered promiscuous mode
[   23.474590][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.481952][  T285] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.489373][  T285] device bridge_slave_1 entered promiscuous mode
[   23.500265][  T286] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.507348][  T286] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.514963][  T286] device bridge_slave_1 entered promiscuous mode
[   23.546728][  T287] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.553844][  T287] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.561324][  T287] device bridge_slave_0 entered promiscuous mode
[   23.576171][  T287] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.583497][  T287] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.590983][  T287] device bridge_slave_1 entered promiscuous mode
[   23.733359][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.740523][  T284] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.747857][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.754884][  T284] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.790421][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.797734][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.806456][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   23.814339][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.838483][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.846187][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   23.854880][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.863121][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.870151][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.877628][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   23.885990][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.894289][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.901326][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.908709][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.916599][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.924690][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   23.939502][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.961584][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.969968][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.977022][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.984874][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.993293][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.000363][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.008281][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.041685][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.052624][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.060782][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.068507][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.089111][  T283] device veth0_vlan entered promiscuous mode
[   24.097586][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.105718][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.114743][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.123081][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.130116][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.137760][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.145961][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.153005][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.160519][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   24.171344][  T284] device veth0_vlan entered promiscuous mode
[   24.188694][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.199223][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.208183][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.216296][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.223338][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.230729][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.239231][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.246253][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.253701][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.261823][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.270605][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.278261][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.285606][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   24.295712][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   24.304021][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.317771][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   24.325266][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.333039][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   24.341595][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.349956][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.356997][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.364344][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   24.372613][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.380939][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.387987][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.408102][  T283] device veth1_macvtap entered promiscuous mode
[   24.417314][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.424971][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   24.432893][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   24.441194][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.449547][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   24.458054][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.465955][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   24.474027][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.483838][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.492255][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.510078][  T286] device veth0_vlan entered promiscuous mode
[   24.516855][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.525440][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.534064][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.542658][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.551304][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.559532][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.567714][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.575169][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.585669][  T284] device veth1_macvtap entered promiscuous mode
[   24.596064][  T285] device veth0_vlan entered promiscuous mode
[   24.603844][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.611686][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.620103][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.628706][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.636528][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.644656][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.652224][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.666770][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.675176][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   24.683373][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.691838][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.701003][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.709230][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.719152][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.727578][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.748359][  T286] device veth1_macvtap entered promiscuous mode
[   24.757272][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   24.765349][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.773820][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.782481][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.790942][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.799125][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.815361][  T283] request_module fs-gadgetfs succeeded, but still no fs?
[   24.822903][  T287] device veth0_vlan entered promiscuous mode
[   24.830145][  T285] device veth1_macvtap entered promiscuous mode
[   24.847092][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.855071][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.863802][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.875063][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.883316][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.891834][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.899981][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.927511][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.939072][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.948103][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.956617][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.965693][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.974250][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.982795][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.991440][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.002652][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   25.010917][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.038490][  T287] device veth1_macvtap entered promiscuous mode
[   25.060695][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   25.069025][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.078788][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.087674][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.096136][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.097114][  T345] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   25.154260][  T286] ------------[ cut here ]------------
[   25.159905][  T286] WARNING: CPU: 0 PID: 286 at fs/inode.c:335 drop_nlink+0xc5/0x110
[   25.167982][  T286] Modules linked in:
[   25.171897][  T286] CPU: 0 PID: 286 Comm: syz-executor Not tainted syzkaller #0
[   25.179512][  T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   25.189704][  T286] RIP: 0010:drop_nlink+0xc5/0x110
[   25.194846][  T286] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 83 e4 f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 4b 67 ac ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c
[   25.214566][  T286] RSP: 0018:ffffc9000db5fc38 EFLAGS: 00010293
[   25.220721][  T286] RAX: ffffffff81c3c2b5 RBX: ffff888132d3b938 RCX: ffff88810d3fd100
[   25.228745][  T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   25.236738][  T286] RBP: ffffc9000db5fc60 R08: 0000000000000004 R09: 0000000000000003
[   25.244739][  T286] R10: fffff52001b6bf78 R11: 1ffff92001b6bf78 R12: dffffc0000000000
[   25.252729][  T286] R13: 1ffff110265a7730 R14: ffff888132d3b980 R15: 0000000000000000
[   25.260717][  T286] FS:  000055556c2e3500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   25.269767][  T286] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.276362][  T286] CR2: 000000000000fff3 CR3: 00000001301f5000 CR4: 00000000003526b0
[   25.284577][  T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   25.292699][  T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   25.300735][  T286] Call Trace:
[   25.304027][  T286]  <TASK>
[   25.306998][  T286]  shmem_rmdir+0x5b/0x90
[   25.311354][  T286]  vfs_rmdir+0x393/0x500
[   25.315789][  T286]  incfs_kill_sb+0x105/0x220
[   25.320452][  T286]  deactivate_locked_super+0xb5/0x120
[   25.325851][  T286]  deactivate_super+0xaf/0xe0
[   25.330582][  T286]  cleanup_mnt+0x45f/0x4e0
[   25.335028][  T286]  __cleanup_mnt+0x19/0x20
[   25.339488][  T286]  task_work_run+0x1db/0x240
[   25.344116][  T286]  ? __cfi_task_work_run+0x10/0x10
[   25.349282][  T286]  ? __x64_sys_umount+0x125/0x160
[   25.354328][  T286]  ? __cfi___x64_sys_umount+0x10/0x10
[   25.359728][  T286]  exit_to_user_mode_loop+0x9b/0xb0
[   25.365161][  T286]  exit_to_user_mode_prepare+0x87/0xd0
[   25.370690][  T286]  syscall_exit_to_user_mode+0x1a/0x30
[   25.376167][  T286]  do_syscall_64+0x58/0xa0
[   25.380699][  T286]  ? clear_bhb_loop+0x30/0x80
[   25.385393][  T286]  ? clear_bhb_loop+0x30/0x80
[   25.390115][  T286]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   25.396060][  T286] RIP: 0033:0x7f356b390a77
[   25.400508][  T286] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   25.420144][  T286] RSP: 002b:00007ffc53b10548 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   25.428607][  T286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f356b390a77
[   25.436608][  T286] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc53b10600
[   25.444782][  T286] RBP: 00007ffc53b10600 R08: 0000000000000000 R09: 0000000000000000
[   25.452809][  T286] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc53b11690
[   25.460972][  T286] R13: 00007f356b413d7d R14: 0000000000006216 R15: 00007ffc53b116d0
[   25.468979][  T286]  </TASK>
[   25.472004][  T286] ---[ end trace 0000000000000000 ]---
[   25.477778][  T286] ==================================================================
[   25.485866][  T286] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60
[   25.492137][  T286] Write of size 4 at addr 0000000000000170 by task syz-executor/286
[   25.500134][  T286] 
[   25.502475][  T286] CPU: 1 PID: 286 Comm: syz-executor Tainted: G        W          syzkaller #0
[   25.511435][  T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   25.521508][  T286] Call Trace:
[   25.524802][  T286]  <TASK>
[   25.527737][  T286]  __dump_stack+0x21/0x24
[   25.532144][  T286]  dump_stack_lvl+0xee/0x150
[   25.536738][  T286]  ? __cfi_dump_stack_lvl+0x8/0x8
[   25.541768][  T286]  ? ihold+0x20/0x60
[   25.545669][  T286]  ? ihold+0x20/0x60
[   25.549666][  T286]  print_report+0x3d/0x60
[   25.554017][  T286]  kasan_report+0x122/0x150
[   25.558534][  T286]  ? ihold+0x20/0x60
[   25.562439][  T286]  kasan_check_range+0x280/0x290
[   25.567388][  T286]  __kasan_check_write+0x14/0x20
[   25.572413][  T286]  ihold+0x20/0x60
[   25.576149][  T286]  vfs_rmdir+0x25f/0x500
[   25.580391][  T286]  incfs_kill_sb+0x105/0x220
[   25.585142][  T286]  deactivate_locked_super+0xb5/0x120
[   25.590514][  T286]  deactivate_super+0xaf/0xe0
[   25.595195][  T286]  cleanup_mnt+0x45f/0x4e0
[   25.599608][  T286]  __cleanup_mnt+0x19/0x20
[   25.604020][  T286]  task_work_run+0x1db/0x240
[   25.608609][  T286]  ? __cfi_task_work_run+0x10/0x10
[   25.613718][  T286]  ? __x64_sys_umount+0x125/0x160
[   25.618741][  T286]  ? __cfi___x64_sys_umount+0x10/0x10
[   25.624117][  T286]  exit_to_user_mode_loop+0x9b/0xb0
[   25.629311][  T286]  exit_to_user_mode_prepare+0x87/0xd0
[   25.634858][  T286]  syscall_exit_to_user_mode+0x1a/0x30
[   25.640413][  T286]  do_syscall_64+0x58/0xa0
[   25.644950][  T286]  ? clear_bhb_loop+0x30/0x80
[   25.649625][  T286]  ? clear_bhb_loop+0x30/0x80
[   25.654300][  T286]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   25.660193][  T286] RIP: 0033:0x7f356b390a77
[   25.664752][  T286] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   25.684543][  T286] RSP: 002b:00007ffc53b10548 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   25.693047][  T286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f356b390a77
[   25.701033][  T286] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc53b10600
[   25.709152][  T286] RBP: 00007ffc53b10600 R08: 0000000000000000 R09: 0000000000000000
[   25.717121][  T286] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc53b11690
[   25.725367][  T286] R13: 00007f356b413d7d R14: 0000000000006216 R15: 00007ffc53b116d0
[   25.733427][  T286]  </TASK>
[   25.736450][  T286] ==================================================================
[   25.756160][  T286] Disabling lock debugging due to kernel taint
[   25.765169][  T286] BUG: kernel NULL pointer dereference, address: 0000000000000170
[   25.773083][  T286] #PF: supervisor write access in kernel mode
[   25.779152][  T286] #PF: error_code(0x0002) - not-present page
[   25.785116][  T286] PGD 132c75067 P4D 132c75067 PUD 0 
[   25.790393][  T286] Oops: 0002 [#1] PREEMPT SMP KASAN
[   25.795577][  T286] CPU: 1 PID: 286 Comm: syz-executor Tainted: G    B   W          syzkaller #0
[   25.804501][  T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   25.814639][  T286] RIP: 0010:ihold+0x26/0x60
[   25.819228][  T286] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 b1 5e ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 c0 db f0 ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 a1
[   25.839454][  T286] RSP: 0018:ffffc9000db5fc78 EFLAGS: 00010246
[   25.845524][  T286] RAX: ffff88810d3fd100 RBX: 0000000000000000 RCX: ffff88810d3fd100
[   25.853491][  T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   25.861629][  T286] RBP: ffffc9000db5fc88 R08: dffffc0000000000 R09: fffffbfff0f2d8fd
[   25.869604][  T286] R10: fffffbfff0f2d8fd R11: 1ffffffff0f2d8fc R12: ffff888132d3b944
[   25.877641][  T286] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000
[   25.885718][  T286] FS:  000055556c2e3500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   25.894643][  T286] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.901223][  T286] CR2: 0000000000000170 CR3: 00000001301f5000 CR4: 00000000003526a0
[   25.909294][  T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   25.917265][  T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   25.925443][  T286] Call Trace:
[   25.928806][  T286]  <TASK>
[   25.931742][  T286]  vfs_rmdir+0x25f/0x500
[   25.935989][  T286]  incfs_kill_sb+0x105/0x220
[   25.940579][  T286]  deactivate_locked_super+0xb5/0x120
[   25.945962][  T286]  deactivate_super+0xaf/0xe0
[   25.950640][  T286]  cleanup_mnt+0x45f/0x4e0
[   25.955051][  T286]  __cleanup_mnt+0x19/0x20
[   25.959471][  T286]  task_work_run+0x1db/0x240
[   25.964151][  T286]  ? __cfi_task_work_run+0x10/0x10
[   25.969304][  T286]  ? __x64_sys_umount+0x125/0x160
[   25.974329][  T286]  ? __cfi___x64_sys_umount+0x10/0x10
[   25.979701][  T286]  exit_to_user_mode_loop+0x9b/0xb0
[   25.985073][  T286]  exit_to_user_mode_prepare+0x87/0xd0
[   25.990556][  T286]  syscall_exit_to_user_mode+0x1a/0x30
[   25.996017][  T286]  do_syscall_64+0x58/0xa0
[   26.000517][  T286]  ? clear_bhb_loop+0x30/0x80
[   26.005226][  T286]  ? clear_bhb_loop+0x30/0x80
[   26.009901][  T286]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   26.015791][  T286] RIP: 0033:0x7f356b390a77
[   26.020200][  T286] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   26.040062][  T286] RSP: 002b:00007ffc53b10548 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   26.048484][  T286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f356b390a77
[   26.056452][  T286] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc53b10600
[   26.064440][  T286] RBP: 00007ffc53b10600 R08: 0000000000000000 R09: 0000000000000000
[   26.072430][  T286] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc53b11690
[   26.080499][  T286] R13: 00007f356b413d7d R14: 0000000000006216 R15: 00007ffc53b116d0
[   26.088477][  T286]  </TASK>
[   26.091498][  T286] Modules linked in:
[   26.095484][  T286] CR2: 0000000000000170
[   26.099975][  T286] ---[ end trace 0000000000000000 ]---
[   26.105429][  T286] RIP: 0010:ihold+0x26/0x60
[   26.109966][  T286] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 b1 5e ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 c0 db f0 ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 a1
[   26.129572][  T286] RSP: 0018:ffffc9000db5fc78 EFLAGS: 00010246
[   26.135640][  T286] RAX: ffff88810d3fd100 RBX: 0000000000000000 RCX: ffff88810d3fd100
[   26.143694][  T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   26.151661][  T286] RBP: ffffc9000db5fc88 R08: dffffc0000000000 R09: fffffbfff0f2d8fd
[   26.159626][  T286] R10: fffffbfff0f2d8fd R11: 1ffffffff0f2d8fc R12: ffff888132d3b944
[   26.167601][  T286] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000
[   26.175565][  T286] FS:  000055556c2e3500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   26.184629][  T286] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   26.191217][  T286] CR2: 0000000000000170 CR3: 00000001301f5000 CR4: 00000000003526a0
[   26.199189][  T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   26.207170][  T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   26.215169][  T286] Kernel panic - not syncing: Fatal exception
[   26.221593][  T286] Kernel Offset: disabled
[   26.225919][  T286] Rebooting in 86400 seconds..