last executing test programs:
234.478737ms ago: executing program 0 (id=1):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_sys\x00', 0x275a, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000100)={0x10003, 0x400, 0x300, &(0x7f00000003c0)=[0x450fd3d7, 0xfffffffffffffcda, 0xff, 0x9, 0x10001, 0x4, 0xffffffffffffeff9, 0x3, 0x5, 0x23b, 0x8, 0x2b, 0xb79d, 0x79800000000, 0x2, 0x9, 0xa, 0x4ce3d10b, 0x5, 0x1, 0x35b, 0x1, 0x8, 0x7, 0x6, 0xf8, 0x5, 0x3, 0x6, 0x10, 0xffffffff, 0x101, 0x100000001, 0x3ff, 0xa4d, 0x1, 0x2, 0x3, 0x65, 0x40000000000, 0x10000, 0x1, 0x525, 0x100, 0x10, 0x6, 0x8, 0x8, 0xb48, 0xe6, 0x2, 0x9, 0x200, 0x4596371f, 0x8, 0x7, 0x8, 0x44ce, 0x6, 0xfffffffffffffffc, 0x8, 0x1, 0x10001, 0x3, 0x3, 0x0, 0x1, 0x7f, 0x2, 0x1, 0xffffffffffffff00, 0xffffffffffffff7a, 0x7ff, 0x3ff, 0x1, 0x6, 0x100, 0x5, 0x3, 0x33, 0x8f0, 0x2, 0x8, 0x7fffffffffffffff, 0xfffffffffffffff8, 0x8e2f, 0x5, 0x0, 0x0, 0xa, 0x3, 0x0, 0x7, 0xc0, 0xff, 0x0, 0x5, 0x7, 0x7fff, 0x40, 0x9, 0x1, 0x0, 0x9649, 0x0, 0x0, 0x3, 0x0, 0x6, 0x2, 0x3, 0x1, 0xd, 0x8, 0x2, 0x10000, 0x8, 0x3, 0x10000000000003cc, 0x3, 0x4, 0x5, 0x2, 0x0, 0x915a, 0x2, 0x3, 0x9]})
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r4, 0x80005520, 0x0)
215.514119ms ago: executing program 2 (id=3):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0xb, 0x84)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e26, 0x0, @mcast2}, 0x1c)
170.741103ms ago: executing program 0 (id=8):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='k', 0x1, 0xfffffffffffffffb)
170.579183ms ago: executing program 3 (id=4):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00), 0x0, 0x0)
syz_usb_connect(0x2, 0x47, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000a3233910daa658744d2d010703010902350001080010000904df0003080662ff09050c02200006060309050710000201020708269fbbf0d278480905020310"], 0x0)
170.258514ms ago: executing program 2 (id=9):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_sys\x00', 0x275a, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000100)={0x10003, 0x400, 0x300, &(0x7f00000003c0)=[0x450fd3d7, 0xfffffffffffffcda, 0xff, 0x9, 0x10001, 0x4, 0xffffffffffffeff9, 0x3, 0x5, 0x23b, 0x8, 0x2b, 0xb79d, 0x79800000000, 0x2, 0x9, 0xa, 0x4ce3d10b, 0x5, 0x1, 0x35b, 0x1, 0x8, 0x7, 0x6, 0xf8, 0x5, 0x3, 0x6, 0x10, 0xffffffff, 0x101, 0x100000001, 0x3ff, 0xa4d, 0x1, 0x2, 0x3, 0x65, 0x40000000000, 0x10000, 0x1, 0x525, 0x100, 0x10, 0x6, 0x8, 0x8, 0xb48, 0xe6, 0x2, 0x9, 0x200, 0x4596371f, 0x8, 0x7, 0x8, 0x44ce, 0x6, 0xfffffffffffffffc, 0x8, 0x1, 0x10001, 0x3, 0x3, 0x0, 0x1, 0x7f, 0x2, 0x1, 0xffffffffffffff00, 0xffffffffffffff7a, 0x7ff, 0x3ff, 0x1, 0x6, 0x100, 0x5, 0x3, 0x33, 0x8f0, 0x2, 0x8, 0x7fffffffffffffff, 0xfffffffffffffff8, 0x8e2f, 0x5, 0x0, 0x0, 0xa, 0x3, 0x0, 0x7, 0xc0, 0xff, 0x0, 0x5, 0x7, 0x7fff, 0x40, 0x9, 0x1, 0x0, 0x9649, 0x0, 0x0, 0x3, 0x0, 0x6, 0x2, 0x3, 0x1, 0xd, 0x8, 0x2, 0x10000, 0x8, 0x3, 0x10000000000003cc, 0x3, 0x4, 0x5, 0x2, 0x0, 0x915a, 0x2, 0x3, 0x9]})
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
r2 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r2, 0x80005520, 0x0)
144.511136ms ago: executing program 0 (id=10):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r4, 0x4030ae7b, &(0x7f00000000c0)={0x9, 0xc, 0x50a2, 0xfffffffffffffffd, 0x1c})
136.290857ms ago: executing program 2 (id=11):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r3, 0x0, 0x0, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCDELRT(r5, 0x890c, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @private=0xa010101}, @ipv4={'\x00', '\xff\xff', @empty}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8, 0xf031, 0x5d, 0x300, 0x10000, 0x81410008})
99.68493ms ago: executing program 2 (id=13):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
99.317831ms ago: executing program 1 (id=14):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300))
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r4], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r5, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
setresuid(0xee01, 0xee01, 0x0)
85.682812ms ago: executing program 1 (id=15):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_sys\x00', 0x275a, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000100)={0x10003, 0x400, 0x300, &(0x7f00000003c0)=[0x450fd3d7, 0xfffffffffffffcda, 0xff, 0x9, 0x10001, 0x4, 0xffffffffffffeff9, 0x3, 0x5, 0x23b, 0x8, 0x2b, 0xb79d, 0x79800000000, 0x2, 0x9, 0xa, 0x4ce3d10b, 0x5, 0x1, 0x35b, 0x1, 0x8, 0x7, 0x6, 0xf8, 0x5, 0x3, 0x6, 0x10, 0xffffffff, 0x101, 0x100000001, 0x3ff, 0xa4d, 0x1, 0x2, 0x3, 0x65, 0x40000000000, 0x10000, 0x1, 0x525, 0x100, 0x10, 0x6, 0x8, 0x8, 0xb48, 0xe6, 0x2, 0x9, 0x200, 0x4596371f, 0x8, 0x7, 0x8, 0x44ce, 0x6, 0xfffffffffffffffc, 0x8, 0x1, 0x10001, 0x3, 0x3, 0x0, 0x1, 0x7f, 0x2, 0x1, 0xffffffffffffff00, 0xffffffffffffff7a, 0x7ff, 0x3ff, 0x1, 0x6, 0x100, 0x5, 0x3, 0x33, 0x8f0, 0x2, 0x8, 0x7fffffffffffffff, 0xfffffffffffffff8, 0x8e2f, 0x5, 0x0, 0x0, 0xa, 0x3, 0x0, 0x7, 0xc0, 0xff, 0x0, 0x5, 0x7, 0x7fff, 0x40, 0x9, 0x1, 0x0, 0x9649, 0x0, 0x0, 0x3, 0x0, 0x6, 0x2, 0x3, 0x1, 0xd, 0x8, 0x2, 0x10000, 0x8, 0x3, 0x10000000000003cc, 0x3, 0x4, 0x5, 0x2, 0x0, 0x915a, 0x2, 0x3, 0x9]})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), 0xffffffffffffffff)
68.210973ms ago: executing program 1 (id=16):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0xb, 0x84)
bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e26, 0x0, @mcast2}, 0x1c)
26.855828ms ago: executing program 1 (id=17):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="28000000100001000000000000000000180000000c0000000000000000000000080001"], 0x28}], 0x1}, 0x0)
26.681858ms ago: executing program 1 (id=18):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000040)=[0x0])
26.557928ms ago: executing program 1 (id=19):
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
792.81µs ago: executing program 0 (id=20):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @private=0xa010101}, @ipv4={'\x00', '\xff\xff', @empty}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8, 0xf031, 0x5d, 0x300, 0x10000, 0x81410008})
487.49µs ago: executing program 0 (id=21):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$inet(r2, &(0x7f00000005c0)={&(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10, &(0x7f0000000540)=[{&(0x7f00000001c0)="902fc404e2ab91e8f2ca36aad0cda029e182a78d1ec870814c475cadd8002020c591c7833a9f2176bbfd3feb76e60b62acba6a8fb97f0b8229758ac52f4d49a02ebfd080428d8df3face025e3e235da1045ea61853d3b64768cf960fc64fceb61be567499bdebc0a907815f2640dc256f933df2f3a3ebcdf7d1bd5b66a859eef2b9e5c4d86044ba0bda6fbc4", 0x8c}, {&(0x7f0000000100)="62d725ccad49870f43304ec5c0892fbf181dbf9d3ab0", 0x16}, {&(0x7f0000000280)="f5425b89bd93df056dc4714b397e35b0eb5c56b989dc4c4de0b53aab4887304217e477c043fd68aea87e5c5188e15f1a19a49fa46d37a0e354d3fb2480f1d4a3728936c1fbf61afeaad963fd4dfcd0b56a80", 0x52}, {&(0x7f0000000380)="712a9b76512aa6d387786c78102b4f96f64d88c338bae2b2ec947330ecbf9afcc9ad0be916a36f45300e3d021d06a003e331eb8352489e36c208f30094b513cb280a9a97ded59f662450d2b439fd7c811b8613689aee14281b8e7013b10257b94b7659b7cdbca390c1533a899ebc08fe7d1c857dd5a8778db60f48da827e45c809b5aceb55a7f33fcf5ebcac4260163a735d171c5349bade11086c4c7d29089590790e10e7dedce31e17dc6a640e50fd80b3329b", 0xb4}, {&(0x7f0000000440)="3e05c5b2470cd4ac3b5f539d337f7da6224600fc65edc6b5c359cbc96b6d6a412da31b606fe7eebf2a7faf0a6d6a20f6e645504e6296de6086709d115729b2ef6a2b0bbcc74e0acc29b95082edab1f0fcc89f1370929c3e0c14963738631f46dc4aa9f5e6b973384bef0c0a5b180eb121b993dd9634fb62c3bac29d0e3759a2eccfa99b6adaa6abd97ffe4892949988c7814bc62957ee5015ee716009b1341e3182550bd16eba2e0b9bba816422d9ed0bfba03813a495bd224597557db5f5ada6b01429f81e64c94091e9de2174558e217af2dca46196ef52cd46b626655e561734b5187313608906383148bd7edd38b486c04", 0xf3}], 0x5, &(0x7f0000000140)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x466f}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}], 0x30}, 0x840)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300))
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r4, @ANYRES64=r3], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r4, 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
0s ago: executing program 0 (id=22):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="28000000100001000000000000000000180000000c0000000000000000000000080001"], 0x28}], 0x1}, 0x0)
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.0.50' (ED25519) to the list of known hosts.
[ 21.730584][ T36] audit: type=1400 audit(1763107164.199:64): avc: denied { mounton } for pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 21.731715][ T282] cgroup: Unknown subsys name 'net'
[ 21.753231][ T36] audit: type=1400 audit(1763107164.199:65): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 21.780583][ T36] audit: type=1400 audit(1763107164.229:66): avc: denied { unmount } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 21.780784][ T282] cgroup: Unknown subsys name 'devices'
[ 21.963147][ T282] cgroup: Unknown subsys name 'hugetlb'
[ 21.968742][ T282] cgroup: Unknown subsys name 'rlimit'
[ 22.100327][ T36] audit: type=1400 audit(1763107164.569:67): avc: denied { setattr } for pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 22.123566][ T36] audit: type=1400 audit(1763107164.569:68): avc: denied { mounton } for pid=282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 22.137258][ T284] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 22.148288][ T36] audit: type=1400 audit(1763107164.569:69): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 22.179896][ T36] audit: type=1400 audit(1763107164.629:70): avc: denied { relabelto } for pid=284 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 22.185890][ T282] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 22.205542][ T36] audit: type=1400 audit(1763107164.629:71): avc: denied { write } for pid=284 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 22.239806][ T36] audit: type=1400 audit(1763107164.659:72): avc: denied { read } for pid=282 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 22.265360][ T36] audit: type=1400 audit(1763107164.659:73): avc: denied { open } for pid=282 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 23.387341][ T290] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.394536][ T290] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.401779][ T290] bridge_slave_0: entered allmulticast mode
[ 23.407987][ T290] bridge_slave_0: entered promiscuous mode
[ 23.414512][ T290] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.421602][ T290] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.428663][ T290] bridge_slave_1: entered allmulticast mode
[ 23.434910][ T290] bridge_slave_1: entered promiscuous mode
[ 23.465864][ T289] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.473083][ T289] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.480154][ T289] bridge_slave_0: entered allmulticast mode
[ 23.486470][ T289] bridge_slave_0: entered promiscuous mode
[ 23.504889][ T289] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.511972][ T289] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.519017][ T289] bridge_slave_1: entered allmulticast mode
[ 23.525396][ T289] bridge_slave_1: entered promiscuous mode
[ 23.578241][ T292] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.585316][ T292] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.592402][ T292] bridge_slave_0: entered allmulticast mode
[ 23.598558][ T292] bridge_slave_0: entered promiscuous mode
[ 23.611213][ T291] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.618299][ T291] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.625424][ T291] bridge_slave_0: entered allmulticast mode
[ 23.631618][ T291] bridge_slave_0: entered promiscuous mode
[ 23.637675][ T292] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.644822][ T292] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.651934][ T292] bridge_slave_1: entered allmulticast mode
[ 23.658062][ T292] bridge_slave_1: entered promiscuous mode
[ 23.671602][ T291] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.678642][ T291] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.685760][ T291] bridge_slave_1: entered allmulticast mode
[ 23.691977][ T291] bridge_slave_1: entered promiscuous mode
[ 23.764009][ T290] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.771208][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 23.830523][ T289] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.837593][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 23.844878][ T289] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.851918][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 23.876090][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.883665][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.890871][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.923195][ T46] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.930232][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 23.938391][ T46] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.945451][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 23.960387][ T290] veth0_vlan: entered promiscuous mode
[ 23.991953][ T329] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.998984][ T329] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.007027][ T329] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.014067][ T329] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.031643][ T290] veth1_macvtap: entered promiscuous mode
[ 24.040278][ T329] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.047363][ T329] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.055027][ T329] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.062075][ T329] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.069528][ T329] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.076572][ T329] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.100073][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.107126][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.134202][ T289] veth0_vlan: entered promiscuous mode
[ 24.146696][ T292] veth0_vlan: entered promiscuous mode
[ 24.157982][ T289] veth1_macvtap: entered promiscuous mode
[ 24.177619][ T290] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 24.196683][ T291] veth0_vlan: entered promiscuous mode
[ 24.207395][ T292] veth1_macvtap: entered promiscuous mode
[ 24.227893][ T331] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 24.248125][ T291] veth1_macvtap: entered promiscuous mode
[ 24.351461][ T344] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7'.
[ 24.397246][ T354] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[ 24.515129][ T289] ------------[ cut here ]------------
[ 24.520630][ T289] WARNING: CPU: 1 PID: 289 at fs/inode.c:340 drop_nlink+0xce/0x110
[ 24.528693][ T289] Modules linked in:
[ 24.532634][ T289] CPU: 1 UID: 0 PID: 289 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[ 24.544306][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 24.554426][ T289] RIP: 0010:drop_nlink+0xce/0x110
[ 24.559467][ T289] Code: 04 00 00 be 08 00 00 00 e8 cf 54 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 32 e4 97 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c
[ 24.579144][ T289] RSP: 0018:ffffc9000b66fc60 EFLAGS: 00010293
[ 24.585264][ T289] RAX: ffffffff81ee1a7e RBX: ffff88813307f480 RCX: ffff88810e6a9300
[ 24.593272][ T289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 24.601050][ T10] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[ 24.601393][ T289] RBP: ffffc9000b66fc88 R08: 0000000000000003 R09: 0000000000000004
[ 24.617077][ T289] R10: dffffc0000000000 R11: fffff520016cdf7c R12: dffffc0000000000
[ 24.625086][ T289] R13: 1ffff1102660fe99 R14: ffff88813307f4c8 R15: 0000000000000000
[ 24.633104][ T289] FS: 000055556b28e500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 24.642103][ T289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 24.648689][ T289] CR2: 000055556b2b14e8 CR3: 000000012463c000 CR4: 00000000003526b0
[ 24.656709][ T289] Call Trace:
[ 24.659981][ T289]
[ 24.662973][ T289] shmem_rmdir+0x5f/0x90
[ 24.667221][ T289] vfs_rmdir+0x3dd/0x560
[ 24.671508][ T289] incfs_kill_sb+0x109/0x230
[ 24.676109][ T289] deactivate_locked_super+0xd5/0x2a0
[ 24.681519][ T289] deactivate_super+0xb8/0xe0
[ 24.686212][ T289] cleanup_mnt+0x3f1/0x480
[ 24.690626][ T289] __cleanup_mnt+0x1d/0x40
[ 24.695131][ T289] task_work_run+0x1e0/0x250
[ 24.699810][ T289] ? __cfi_task_work_run+0x10/0x10
[ 24.704982][ T289] ? __x64_sys_umount+0x126/0x170
[ 24.710013][ T289] ? __cfi___x64_sys_umount+0x10/0x10
[ 24.715426][ T289] ? __kasan_check_read+0x15/0x20
[ 24.720456][ T289] resume_user_mode_work+0x36/0x50
[ 24.725614][ T289] syscall_exit_to_user_mode+0x64/0xb0
[ 24.731120][ T289] do_syscall_64+0x64/0xf0
[ 24.735543][ T289] ? clear_bhb_loop+0x50/0xa0
[ 24.740204][ T289] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 24.746238][ T289] RIP: 0033:0x7f2f979909f7
[ 24.750664][ T289] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 24.770358][ T289] RSP: 002b:00007ffe530ad1b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 24.772396][ T10] usb 4-1: config 8 has an invalid interface number: 223 but max is 0
[ 24.778850][ T289] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f2f979909f7
[ 24.787884][ T10] usb 4-1: config 8 has no interface number 0
[ 24.795023][ T289] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe530ad270
[ 24.795044][ T289] RBP: 00007ffe530ad270 R08: 0000000000000000 R09: 0000000000000000
[ 24.795055][ T289] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe530ae300
[ 24.801838][ T10] usb 4-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64
[ 24.809103][ T289] R13: 00007f2f97a11d7d R14: 0000000000005fb0 R15: 00007ffe530ae340
[ 24.809126][ T289]
[ 24.817715][ T10] usb 4-1: config 8 interface 223 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10
[ 24.825238][ T289] ---[ end trace 0000000000000000 ]---
[ 24.838645][ T289] ==================================================================
[ 24.846832][ T10] usb 4-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d
[ 24.847486][ T289] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70
[ 24.858616][ T10] usb 4-1: New USB device strings: Mfr=1, Product=7, SerialNumber=3
[ 24.863903][ T289] Write of size 4 at addr 0000000000000168 by task syz-executor/289
[ 24.863921][ T289]
[ 24.863930][ T289] CPU: 1 UID: 0 PID: 289 Comm: syz-executor Tainted: G W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[ 24.863956][ T289] Tainted: [W]=WARN
[ 24.863962][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 24.863973][ T289] Call Trace:
[ 24.863981][ T289]
[ 24.863989][ T289] __dump_stack+0x21/0x30
[ 24.864017][ T289] dump_stack_lvl+0x10c/0x190
[ 24.864040][ T289] ? __cfi_dump_stack_lvl+0x10/0x10
[ 24.864063][ T289] print_report+0x3d/0x70
[ 24.864081][ T289] kasan_report+0x163/0x1a0
[ 24.864109][ T289] ? ihold+0x24/0x70
[ 24.864128][ T289] ? _raw_spin_unlock+0x45/0x60
[ 24.864148][ T289] ? ihold+0x24/0x70
[ 24.864165][ T289] kasan_check_range+0x299/0x2a0
[ 24.864185][ T289] __kasan_check_write+0x18/0x20
[ 24.864209][ T289] ihold+0x24/0x70
[ 24.864226][ T289] vfs_rmdir+0x26a/0x560
[ 24.864247][ T289] incfs_kill_sb+0x109/0x230
[ 24.864271][ T289] deactivate_locked_super+0xd5/0x2a0
[ 24.864293][ T289] deactivate_super+0xb8/0xe0
[ 24.864314][ T289] cleanup_mnt+0x3f1/0x480
[ 24.864332][ T289] __cleanup_mnt+0x1d/0x40
[ 24.864350][ T289] task_work_run+0x1e0/0x250
[ 24.864370][ T289] ? __cfi_task_work_run+0x10/0x10
[ 24.864389][ T289] ? __x64_sys_umount+0x126/0x170
[ 24.864411][ T289] ? __cfi___x64_sys_umount+0x10/0x10
[ 24.864433][ T289] ? __kasan_check_read+0x15/0x20
[ 24.864457][ T289] resume_user_mode_work+0x36/0x50
[ 24.864477][ T289] syscall_exit_to_user_mode+0x64/0xb0
[ 24.864495][ T289] do_syscall_64+0x64/0xf0
[ 24.864516][ T289] ? clear_bhb_loop+0x50/0xa0
[ 24.864534][ T289] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 24.864552][ T289] RIP: 0033:0x7f2f979909f7
[ 24.864566][ T289] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 24.864580][ T289] RSP: 002b:00007ffe530ad1b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 24.864599][ T289] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f2f979909f7
[ 24.864611][ T289] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe530ad270
[ 24.864622][ T289] RBP: 00007ffe530ad270 R08: 0000000000000000 R09: 0000000000000000
[ 24.864634][ T289] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe530ae300
[ 24.864646][ T289] R13: 00007f2f97a11d7d R14: 0000000000005fb0 R15: 00007ffe530ae340
[ 24.864660][ T289]
[ 24.864666][ T289] ==================================================================
[ 24.872069][ T10] usb 4-1: Product: syz
[ 24.881920][ T289] Disabling lock debugging due to kernel taint
[ 24.889221][ T10] usb 4-1: Manufacturer: syz
[ 24.895709][ T289] BUG: kernel NULL pointer dereference, address: 0000000000000168
[ 24.905587][ T10] usb 4-1: SerialNumber: syz
[ 24.918574][ T289] #PF: supervisor write access in kernel mode
[ 24.918586][ T289] #PF: error_code(0x0002) - not-present page
[ 24.918595][ T289] PGD 800000010d7a4067 P4D 800000010d7a4067 PUD 0
[ 24.918615][ T289] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI
[ 24.918633][ T289] CPU: 1 UID: 0 PID: 289 Comm: syz-executor Tainted: G B W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[ 25.130170][ T10] usb 4-1: USB disconnect, device number 2
[ 25.137826][ T289] Tainted: [B]=BAD_PAGE, [W]=WARN
[ 25.137838][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 25.137848][ T289] RIP: 0010:ihold+0x2a/0x70
[ 25.137872][ T289] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d
[ 25.137885][ T289] RSP: 0018:ffffc9000b66fca0 EFLAGS: 00010246
[ 25.264566][ T289] RAX: ffff88810e6a9300 RBX: 0000000000000000 RCX: ffff88810e6a9300
[ 25.272535][ T289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 25.280493][ T289] RBP: ffffc9000b66fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528
[ 25.288472][ T289] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88813307f48c
[ 25.296432][ T289] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[ 25.304390][ T289] FS: 000055556b28e500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 25.313310][ T289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 25.319875][ T289] CR2: 0000000000000168 CR3: 000000012463c000 CR4: 00000000003526b0
[ 25.327837][ T289] Call Trace:
[ 25.331106][ T289]
[ 25.334016][ T289] vfs_rmdir+0x26a/0x560
[ 25.338245][ T289] incfs_kill_sb+0x109/0x230
[ 25.342908][ T289] deactivate_locked_super+0xd5/0x2a0
[ 25.348266][ T289] deactivate_super+0xb8/0xe0
[ 25.352937][ T289] cleanup_mnt+0x3f1/0x480
[ 25.357337][ T289] __cleanup_mnt+0x1d/0x40
[ 25.361737][ T289] task_work_run+0x1e0/0x250
[ 25.366309][ T289] ? __cfi_task_work_run+0x10/0x10
[ 25.371405][ T289] ? __x64_sys_umount+0x126/0x170
[ 25.376418][ T289] ? __cfi___x64_sys_umount+0x10/0x10
[ 25.381781][ T289] ? __kasan_check_read+0x15/0x20
[ 25.386828][ T289] resume_user_mode_work+0x36/0x50
[ 25.391929][ T289] syscall_exit_to_user_mode+0x64/0xb0
[ 25.397374][ T289] do_syscall_64+0x64/0xf0
[ 25.401773][ T289] ? clear_bhb_loop+0x50/0xa0
[ 25.406432][ T289] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 25.412302][ T289] RIP: 0033:0x7f2f979909f7
[ 25.416784][ T289] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 25.436373][ T289] RSP: 002b:00007ffe530ad1b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 25.444773][ T289] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f2f979909f7
[ 25.452730][ T289] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe530ad270
[ 25.460689][ T289] RBP: 00007ffe530ad270 R08: 0000000000000000 R09: 0000000000000000
[ 25.468648][ T289] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe530ae300
[ 25.476604][ T289] R13: 00007f2f97a11d7d R14: 0000000000005fb0 R15: 00007ffe530ae340
[ 25.484564][ T289]
[ 25.487568][ T289] Modules linked in:
[ 25.491459][ T289] CR2: 0000000000000168
[ 25.495588][ T289] ---[ end trace 0000000000000000 ]---
[ 25.501028][ T289] RIP: 0010:ihold+0x2a/0x70
[ 25.505537][ T289] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d
[ 25.525129][ T289] RSP: 0018:ffffc9000b66fca0 EFLAGS: 00010246
[ 25.531180][ T289] RAX: ffff88810e6a9300 RBX: 0000000000000000 RCX: ffff88810e6a9300
[ 25.539136][ T289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 25.547095][ T289] RBP: ffffc9000b66fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528
[ 25.555051][ T289] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88813307f48c
[ 25.563012][ T289] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[ 25.571000][ T289] FS: 000055556b28e500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 25.579921][ T289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 25.586485][ T289] CR2: 0000000000000168 CR3: 000000012463c000 CR4: 00000000003526b0
[ 25.594447][ T289] Kernel panic - not syncing: Fatal exception
[ 25.600731][ T289] Kernel Offset: disabled
[ 25.605039][ T289] Rebooting in 86400 seconds..