Warning: Permanently added '10.128.0.35' (ED25519) to the list of known hosts.
2024/04/24 19:18:41 fuzzer started
2024/04/24 19:18:42 dialing manager at 10.128.0.163:30006
[   23.702439][   T28] audit: type=1400 audit(1713986322.047:66): avc:  denied  { node_bind } for  pid=287 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   23.722760][   T28] audit: type=1400 audit(1713986322.047:67): avc:  denied  { name_bind } for  pid=287 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   23.753125][   T28] audit: type=1400 audit(1713986322.097:68): avc:  denied  { mounton } for  pid=295 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   23.754360][  T295] cgroup: Unknown subsys name 'net'
[   23.775744][   T28] audit: type=1400 audit(1713986322.097:69): avc:  denied  { mount } for  pid=295 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   23.802627][   T28] audit: type=1400 audit(1713986322.137:70): avc:  denied  { unmount } for  pid=295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   23.802824][  T295] cgroup: Unknown subsys name 'devices'
[   23.948608][  T295] cgroup: Unknown subsys name 'hugetlb'
[   23.954073][  T295] cgroup: Unknown subsys name 'rlimit'
[   24.049302][   T28] audit: type=1400 audit(1713986322.397:71): avc:  denied  { mounton } for  pid=295 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   24.069692][  T296] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   24.073876][   T28] audit: type=1400 audit(1713986322.397:72): avc:  denied  { mount } for  pid=295 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   24.105362][   T28] audit: type=1400 audit(1713986322.397:73): avc:  denied  { setattr } for  pid=295 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   24.128285][   T28] audit: type=1400 audit(1713986322.437:74): avc:  denied  { relabelto } for  pid=296 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   24.153394][   T28] audit: type=1400 audit(1713986322.437:75): avc:  denied  { write } for  pid=296 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   24.178814][  T295] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2024/04/24 19:18:42 code coverage: enabled
2024/04/24 19:18:42 comparison tracing: enabled
2024/04/24 19:18:42 extra coverage: enabled
2024/04/24 19:18:42 delay kcov mmap: enabled
2024/04/24 19:18:42 setuid sandbox: enabled
2024/04/24 19:18:42 namespace sandbox: enabled
2024/04/24 19:18:42 Android sandbox: enabled
2024/04/24 19:18:42 fault injection: enabled
2024/04/24 19:18:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2024/04/24 19:18:42 net packet injection: enabled
2024/04/24 19:18:42 net device setup: enabled
2024/04/24 19:18:42 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2024/04/24 19:18:42 devlink PCI setup: PCI device 0000:00:10.0 is not available
2024/04/24 19:18:42 NIC VF setup: PCI device 0000:00:11.0 is not available
2024/04/24 19:18:42 USB emulation: enabled
2024/04/24 19:18:42 hci packet injection: /dev/vhci does not exist
2024/04/24 19:18:42 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
2024/04/24 19:18:42 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
2024/04/24 19:18:42 swap file: enabled
2024/04/24 19:18:43 starting 5 executor processes
[   25.160488][  T306] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.167605][  T306] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.174856][  T306] device bridge_slave_0 entered promiscuous mode
[   25.185279][  T306] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.192158][  T306] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.200040][  T306] device bridge_slave_1 entered promiscuous mode
[   25.211743][  T309] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.218712][  T309] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.225990][  T309] device bridge_slave_0 entered promiscuous mode
[   25.235550][  T309] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.242617][  T309] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.250015][  T309] device bridge_slave_1 entered promiscuous mode
[   25.280540][  T307] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.287455][  T307] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.294595][  T307] device bridge_slave_0 entered promiscuous mode
[   25.302627][  T307] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.309523][  T307] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.316783][  T307] device bridge_slave_1 entered promiscuous mode
[   25.330148][  T308] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.337097][  T308] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.344438][  T308] device bridge_slave_0 entered promiscuous mode
[   25.366116][  T308] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.373012][  T308] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.380344][  T308] device bridge_slave_1 entered promiscuous mode
[   25.448837][  T310] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.455697][  T310] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.463014][  T310] device bridge_slave_0 entered promiscuous mode
[   25.481672][  T310] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.488618][  T310] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.495830][  T310] device bridge_slave_1 entered promiscuous mode
[   25.624215][  T309] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.631107][  T309] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.638214][  T309] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.644989][  T309] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.673438][  T307] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.680325][  T307] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.687421][  T307] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.694189][  T307] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.710111][  T306] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.716991][  T306] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.724071][  T306] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.731027][  T306] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.751955][  T308] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.758845][  T308] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.766017][  T308] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.772867][  T308] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.828744][   T24] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.835878][   T24] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.843039][   T24] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.850299][   T24] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.857424][   T24] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.864421][   T24] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.871768][   T24] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.878774][   T24] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.886815][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   25.894058][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.911191][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.918945][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.927077][   T39] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.933907][   T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.950646][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.958045][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.965969][  T311] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.972938][  T311] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.980140][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.988480][  T311] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.995308][  T311] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.002637][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   26.010688][  T311] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.017536][  T311] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.040594][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   26.048647][   T39] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.055475][   T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.062927][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   26.070656][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.078059][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.085840][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.093849][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   26.101871][   T39] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.108732][   T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.130552][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.138478][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   26.146641][   T39] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.153478][   T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.160732][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   26.168667][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.199000][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   26.207157][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   26.215084][   T39] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.221938][   T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.229084][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   26.237298][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.245409][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   26.253389][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.261244][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   26.269181][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.276990][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   26.284784][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.293560][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   26.300893][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   26.316061][  T306] device veth0_vlan entered promiscuous mode
[   26.330219][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   26.338185][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.346101][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   26.354859][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.362794][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   26.370161][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.377500][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   26.385600][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.410622][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   26.418920][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   26.427088][   T39] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.433916][   T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.441255][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   26.449901][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   26.458023][   T39] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.464849][   T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.472155][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   26.480300][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.488536][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   26.496396][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.504160][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   26.512070][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.519900][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   26.528140][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.536276][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   26.544086][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.551995][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   26.559646][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   26.567006][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   26.578840][  T309] device veth0_vlan entered promiscuous mode
[   26.591354][  T308] device veth0_vlan entered promiscuous mode
[   26.601292][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   26.609207][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.617605][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   26.624942][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   26.635997][  T307] device veth0_vlan entered promiscuous mode
[   26.645752][  T309] device veth1_macvtap entered promiscuous mode
[   26.653114][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   26.660994][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.668946][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   26.676944][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.684891][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   26.701504][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   26.708864][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   26.723810][  T310] device veth0_vlan entered promiscuous mode
[   26.734045][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.742057][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   26.749316][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   26.756959][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.765105][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   26.773294][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.781626][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   26.789825][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.798083][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.810098][  T308] device veth1_macvtap entered promiscuous mode
[   26.823011][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   26.831334][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.839551][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   26.847767][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r0}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r2}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x48)

[   26.861350][  T307] device veth1_macvtap entered promiscuous mode
[   26.871239][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   26.879664][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.896506][  T306] device veth1_macvtap entered promiscuous mode
[   26.903123][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
executing program 4:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000067dfb4a518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
close(r3)

[   26.913383][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   26.921056][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   26.929621][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.945943][  T310] device veth1_macvtap entered promiscuous mode
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x1)
mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000380), 0x400, 0x0)
fsetxattr$security_capability(r0, &(0x7f0000000400), &(0x7f0000000480)=@v3={0x3000000, [{0x7f, 0xe1c}, {0x1ff, 0x101}]}, 0x18, 0x0)
mkdir(&(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x123)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@nfs_export_on}]})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
creat(&(0x7f0000000d00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
r2 = dup(r1)
bind$inet(r2, &(0x7f00000004c0)={0x2, 0x4e21, @broadcast}, 0x10)
link(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000d40)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
rename(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
chdir(&(0x7f00000000c0)='./bus\x00')
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x12, 0x4000007, 0xfffffffe, 0x82c5, 0x1042, r4, 0x400, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x5}, 0x48)
setsockopt$packet_int(r2, 0x107, 0x12, &(0x7f0000000680)=0x9, 0x4)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0xb, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800ff0000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7030000000000008500000021000000b7000000000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfee6}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="0373ff8a04ef8d0a970407e826a1", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000200)='./bus/file0\x00', 0x0)

[   26.968783][  T330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   26.981915][  T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.990449][  T330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   26.998611][  T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   27.037035][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   27.050050][  T341] incfs: ino conflict with backing FS 1
[   27.058344][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   27.067234][  T341] incfs: ino conflict with backing FS 3
[   27.073033][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   27.081412][  T341] incfs: ino conflict with backing FS 4
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x1)
mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000380), 0x400, 0x0)
fsetxattr$security_capability(r0, &(0x7f0000000400), &(0x7f0000000480)=@v3={0x3000000, [{0x7f, 0xe1c}, {0x1ff, 0x101}]}, 0x18, 0x0)
mkdir(&(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x123)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@nfs_export_on}]})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
creat(&(0x7f0000000d00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
r2 = dup(r1)
bind$inet(r2, &(0x7f00000004c0)={0x2, 0x4e21, @broadcast}, 0x10)
link(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000d40)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
rename(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
chdir(&(0x7f00000000c0)='./bus\x00')
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x12, 0x4000007, 0xfffffffe, 0x82c5, 0x1042, r4, 0x400, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x5}, 0x48)
setsockopt$packet_int(r2, 0x107, 0x12, &(0x7f0000000680)=0x9, 0x4)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0xb, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800ff0000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7030000000000008500000021000000b7000000000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfee6}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="0373ff8a04ef8d0a970407e826a1", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
renameat2(r7, &(0x7f00000001c0)='./file0\x00', r7, &(0x7f0000000200)='./bus/file0\x00', 0x0)

[   27.088167][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   27.096733][  T341] incfs: ino conflict with backing FS 9
[   27.104658][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   27.114411][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   27.122783][  T308] ------------[ cut here ]------------
[   27.128104][  T308] WARNING: CPU: 0 PID: 308 at fs/inode.c:332 drop_nlink+0xc1/0x110
[   27.135795][  T308] Modules linked in:
[   27.139569][  T308] CPU: 0 PID: 308 Comm: syz-executor.0 Not tainted 6.1.75-syzkaller-00066-gd0c6724b0f6f #0
[   27.149739][  T308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   27.159964][  T308] RIP: 0010:drop_nlink+0xc1/0x110
[   27.164925][  T308] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 f7 f5 ef ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 df 11 a9 ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c
[   27.184483][  T308] RSP: 0018:ffffc90008fcfbf0 EFLAGS: 00010293
[   27.190504][  T308] RAX: ffffffff81cc5c71 RBX: 0000000000000000 RCX: ffff88811b1c0000
[   27.198265][  T308] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   27.206563][  T308] RBP: ffffc90008fcfc18 R08: ffffffff81cc5bf4 R09: 0000000000000003
[   27.214333][  T308] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000
[   27.222665][  T308] R13: 1ffff11025f79d4c R14: ffff88812fbcea18 R15: ffff88812fbcea60
[   27.230480][  T308] FS:  0000555555e88480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   27.239255][  T308] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.245625][  T308] CR2: 0000001b2e824000 CR3: 000000012cc97000 CR4: 00000000003506b0
[   27.253498][  T308] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   27.261395][  T308] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   27.269282][  T308] Call Trace:
[   27.272293][  T308]  <TASK>
[   27.275063][  T308]  ? show_regs+0x58/0x60
[   27.279208][  T308]  ? __warn+0x160/0x3d0
[   27.283135][  T308]  ? drop_nlink+0xc1/0x110
[   27.287426][  T308]  ? report_bug+0x4d5/0x7d0
[   27.291766][  T308]  ? drop_nlink+0xc1/0x110
[   27.295979][  T308]  ? handle_bug+0x41/0x70
[   27.300196][  T308]  ? exc_invalid_op+0x1b/0x50
[   27.304667][  T308]  ? asm_exc_invalid_op+0x1b/0x20
[   27.309556][  T308]  ? drop_nlink+0x44/0x110
[   27.313779][  T308]  ? drop_nlink+0xc1/0x110
[   27.318091][  T308]  ? drop_nlink+0xc1/0x110
[   27.322285][  T308]  shmem_rmdir+0x59/0x90
[   27.326399][  T308]  vfs_rmdir+0x398/0x500
[   27.330439][  T308]  incfs_kill_sb+0x113/0x230
[   27.334863][  T308]  deactivate_locked_super+0xad/0x110
[   27.340107][  T308]  deactivate_super+0xbe/0xf0
[   27.344584][  T308]  cleanup_mnt+0x485/0x510
[   27.348893][  T308]  ? user_path_at_empty+0x14e/0x1a0
[   27.353875][  T308]  __cleanup_mnt+0x19/0x20
[   27.358171][  T308]  task_work_run+0x24d/0x2e0
[   27.362661][  T308]  ? task_work_cancel+0x2b0/0x2b0
[   27.367559][  T308]  ? __x64_sys_umount+0x122/0x170
[   27.372432][  T308]  exit_to_user_mode_loop+0x94/0xa0
[   27.377438][  T308]  exit_to_user_mode_prepare+0x5a/0xa0
[   27.382703][  T308]  syscall_exit_to_user_mode+0x26/0x140
[   27.388116][  T308]  do_syscall_64+0x49/0xb0
[   27.392336][  T308]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   27.398098][  T308] RIP: 0033:0x7fa45187f1d7
[   27.402316][  T308] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[   27.421820][  T308] RSP: 002b:00007ffe3372e328 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   27.430076][  T308] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fa45187f1d7
[   27.437840][  T308] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe3372e3e0
[   27.445628][  T308] RBP: 00007ffe3372e3e0 R08: 0000000000000000 R09: 0000000000000000
[   27.453469][  T308] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe3372f4d0
[   27.461299][  T308] R13: 00007fa4518c93b9 R14: 000000000000698d R15: 000000000000001d
[   27.469088][  T308]  </TASK>
[   27.471922][  T308] ---[ end trace 0000000000000000 ]---
[   27.477657][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   27.485963][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   27.504438][  T308] ==================================================================
[   27.512339][  T308] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60
[   27.518414][  T308] Write of size 4 at addr 0000000000000170 by task syz-executor.0/308
[   27.526397][  T308] 
[   27.528569][  T308] CPU: 1 PID: 308 Comm: syz-executor.0 Tainted: G        W          6.1.75-syzkaller-00066-gd0c6724b0f6f #0
[   27.539858][  T308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   27.549749][  T308] Call Trace:
[   27.552869][  T308]  <TASK>
[   27.555646][  T308]  dump_stack_lvl+0x151/0x1b7
[   27.560162][  T308]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   27.565453][  T308]  ? _printk+0xd1/0x111
[   27.569449][  T308]  print_report+0xe1/0x4e0
[   27.573699][  T308]  ? _raw_spin_lock+0xa4/0x1b0
[   27.578301][  T308]  ? __virt_addr_valid+0x59/0x2f0
[   27.583163][  T308]  ? kasan_addr_to_slab+0xd/0x80
[   27.587933][  T308]  ? ihold+0x20/0x60
[   27.591668][  T308]  kasan_report+0x13c/0x170
[   27.596003][  T308]  ? ihold+0x20/0x60
[   27.599733][  T308]  kasan_check_range+0x294/0x2a0
[   27.604506][  T308]  __kasan_check_write+0x14/0x20
[   27.609281][  T308]  ihold+0x20/0x60
[   27.612842][  T308]  vfs_rmdir+0x268/0x500
[   27.616919][  T308]  incfs_kill_sb+0x113/0x230
[   27.621351][  T308]  deactivate_locked_super+0xad/0x110
[   27.626551][  T308]  deactivate_super+0xbe/0xf0
[   27.631071][  T308]  cleanup_mnt+0x485/0x510
[   27.635316][  T308]  ? user_path_at_empty+0x14e/0x1a0
[   27.640352][  T308]  __cleanup_mnt+0x19/0x20
[   27.644604][  T308]  task_work_run+0x24d/0x2e0
[   27.649033][  T308]  ? task_work_cancel+0x2b0/0x2b0
[   27.653892][  T308]  ? __x64_sys_umount+0x122/0x170
[   27.658756][  T308]  exit_to_user_mode_loop+0x94/0xa0
[   27.663817][  T308]  exit_to_user_mode_prepare+0x5a/0xa0
[   27.669078][  T308]  syscall_exit_to_user_mode+0x26/0x140
[   27.674460][  T308]  do_syscall_64+0x49/0xb0
[   27.678712][  T308]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   27.684447][  T308] RIP: 0033:0x7fa45187f1d7
[   27.688823][  T308] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[   27.708260][  T308] RSP: 002b:00007ffe3372e328 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   27.716507][  T308] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fa45187f1d7
[   27.724314][  T308] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe3372e3e0
[   27.732129][  T308] RBP: 00007ffe3372e3e0 R08: 0000000000000000 R09: 0000000000000000
[   27.739938][  T308] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe3372f4d0
[   27.747747][  T308] R13: 00007fa4518c93b9 R14: 000000000000698d R15: 000000000000001d
[   27.755566][  T308]  </TASK>
[   27.758425][  T308] ==================================================================
[   27.769003][  T308] Disabling lock debugging due to kernel taint
[   27.775003][  T308] BUG: kernel NULL pointer dereference, address: 0000000000000170
[   27.782614][  T308] #PF: supervisor write access in kernel mode
[   27.788512][  T308] #PF: error_code(0x0002) - not-present page
[   27.794333][  T308] PGD 12f827067 P4D 12f827067 PUD 0 
[   27.799567][  T308] Oops: 0002 [#1] PREEMPT SMP KASAN
[   27.804603][  T308] CPU: 1 PID: 308 Comm: syz-executor.0 Tainted: G    B   W          6.1.75-syzkaller-00066-gd0c6724b0f6f #0
[   27.815902][  T308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   27.825872][  T308] RIP: 0010:ihold+0x25/0x60
[   27.830197][  T308] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 b1 09 a9 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 a0 ed ef ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 34 0d a9
[   27.849729][  T308] RSP: 0018:ffffc90008fcfc30 EFLAGS: 00010246
[   27.855630][  T308] RAX: ffff88811b1c0000 RBX: 0000000000000001 RCX: ffff88811b1c0000
[   27.863437][  T308] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   27.871274][  T308] RBP: ffffc90008fcfc40 R08: ffffffff814470c3 R09: fffffbfff0ee5efd
[   27.879061][  T308] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11025f79b63
[   27.886880][  T308] R13: ffff88812014e220 R14: 0000000000000000 R15: 1ffff11024029c4a
[   27.894687][  T308] FS:  0000555555e88480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   27.903450][  T308] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.909872][  T308] CR2: 0000000000000170 CR3: 000000012cc97000 CR4: 00000000003506a0
[   27.917695][  T308] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   27.925495][  T308] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   27.933312][  T308] Call Trace:
[   27.936432][  T308]  <TASK>
[   27.939210][  T308]  ? __die_body+0x62/0xb0
[   27.943377][  T308]  ? __die+0x7e/0x90
[   27.947107][  T308]  ? page_fault_oops+0x7f9/0xa90
[   27.952053][  T308]  ? vprintk_default+0x26/0x30
[   27.956644][  T308]  ? kernelmode_fixup_or_oops+0x270/0x270
[   27.962198][  T308]  ? add_taint+0x44/0xe0
[   27.966282][  T308]  ? panic+0x660/0x660
[   27.970184][  T308]  ? preempt_schedule_thunk+0x16/0x18
[   27.975390][  T308]  ? exc_page_fault+0x537/0x700
[   27.980076][  T308]  ? asm_exc_page_fault+0x27/0x30
[   27.984957][  T308]  ? add_taint+0x93/0xe0
[   27.989051][  T308]  ? ihold+0x25/0x60
[   27.992748][  T308]  vfs_rmdir+0x268/0x500
[   27.996832][  T308]  incfs_kill_sb+0x113/0x230
[   28.001254][  T308]  deactivate_locked_super+0xad/0x110
[   28.006462][  T308]  deactivate_super+0xbe/0xf0
[   28.010972][  T308]  cleanup_mnt+0x485/0x510
[   28.015225][  T308]  ? user_path_at_empty+0x14e/0x1a0
[   28.020262][  T308]  __cleanup_mnt+0x19/0x20
[   28.024515][  T308]  task_work_run+0x24d/0x2e0
[   28.028949][  T308]  ? task_work_cancel+0x2b0/0x2b0
[   28.033800][  T308]  ? __x64_sys_umount+0x122/0x170
[   28.038662][  T308]  exit_to_user_mode_loop+0x94/0xa0
[   28.043697][  T308]  exit_to_user_mode_prepare+0x5a/0xa0
[   28.048999][  T308]  syscall_exit_to_user_mode+0x26/0x140
[   28.054370][  T308]  do_syscall_64+0x49/0xb0
[   28.058748][  T308]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   28.064581][  T308] RIP: 0033:0x7fa45187f1d7
[   28.068817][  T308] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[   28.088251][  T308] RSP: 002b:00007ffe3372e328 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   28.096496][  T308] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fa45187f1d7
[   28.104311][  T308] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe3372e3e0
[   28.112118][  T308] RBP: 00007ffe3372e3e0 R08: 0000000000000000 R09: 0000000000000000
[   28.119929][  T308] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe3372f4d0
[   28.127740][  T308] R13: 00007fa4518c93b9 R14: 000000000000698d R15: 000000000000001d
[   28.135560][  T308]  </TASK>
[   28.138413][  T308] Modules linked in:
[   28.142160][  T308] CR2: 0000000000000170
[   28.146143][  T308] ---[ end trace 0000000000000000 ]---
[   28.151433][  T308] RIP: 0010:ihold+0x25/0x60
[   28.155776][  T308] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 b1 09 a9 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 a0 ed ef ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 34 0d a9
[   28.175303][  T308] RSP: 0018:ffffc90008fcfc30 EFLAGS: 00010246
[   28.181202][  T308] RAX: ffff88811b1c0000 RBX: 0000000000000001 RCX: ffff88811b1c0000
[   28.189128][  T308] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   28.196935][  T308] RBP: ffffc90008fcfc40 R08: ffffffff814470c3 R09: fffffbfff0ee5efd
[   28.204745][  T308] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11025f79b63
[   28.223568][  T308] R13: ffff88812014e220 R14: 0000000000000000 R15: 1ffff11024029c4a
[   28.231495][  T308] FS:  0000555555e88480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   28.240274][  T308] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   28.246691][  T308] CR2: 0000000000000170 CR3: 000000012cc97000 CR4: 00000000003506a0
[   28.254503][  T308] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   28.262313][  T308] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   28.270126][  T308] Kernel panic - not syncing: Fatal exception
[   28.276142][  T308] Kernel Offset: disabled
[   28.280189][  T308] Rebooting in 86400 seconds..