last executing test programs: 2.700436314s ago: executing program 3 (id=4): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) 2.605892498s ago: executing program 3 (id=7): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00), 0x0, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r1, 0x0, 0x0, 0x805, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r2, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x80, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r5, &(0x7f0000000600)={0x2, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x34}, 0x4}, 0x1c) 1.788623474s ago: executing program 0 (id=22): mount$fuseblk(0x0, &(0x7f0000000100)='./cgroup\x00', &(0x7f0000000140), 0x3818000, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX]) 1.700767697s ago: executing program 0 (id=23): r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x24b) 1.63878392s ago: executing program 0 (id=24): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth1_to_batadv\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100)="3f051c000302140006001e008900", 0xe, 0x0, &(0x7f0000000540)={0xc9, 0x8100, r1, 0x1, 0x1, 0x6, @broadcast}, 0x14) 1.588884972s ago: executing program 0 (id=25): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r6 = dup(r5) fsetxattr$security_selinux(r6, &(0x7f0000000040), &(0x7f00000000c0)='system_u:object_r:random_device_t:s0\x00', 0x25, 0x2) 832.989655ms ago: executing program 3 (id=28): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0xb, 0x84) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) 509.251579ms ago: executing program 2 (id=29): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) 508.685079ms ago: executing program 2 (id=30): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r6, &(0x7f0000000600)={0x2, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x34}, 0x4}, 0x1c) 498.271519ms ago: executing program 2 (id=31): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c) 457.121091ms ago: executing program 2 (id=32): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, 0x0, 0x0, 0x8000) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$packet(0x11, 0x3, 0x300) r5 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge0\x00'}) 449.372701ms ago: executing program 1 (id=33): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r5, @ANYRES32=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r5, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r6 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r6, 0x0, 0x0, 0x805, 0x0, 0x0) 443.054201ms ago: executing program 3 (id=34): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, '\t\x00'}, @local=@item_4={0x3, 0x2, 0x0, "93bf0280"}, @main=@item_4={0x3, 0x0, 0xb, "7488dffc"}]}}, 0x0}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000300)=ANY=[@ANYBLOB='*E\x00^'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$HIDIOCGUSAGE(r1, 0xc018480b, 0x0) 420.929042ms ago: executing program 1 (id=35): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) unshare(0x62040200) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 420.381812ms ago: executing program 2 (id=36): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x1d8) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) 380.515374ms ago: executing program 2 (id=37): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab1204000000000000010902240001b30000040904410c17ff5d810009050f1f05e13f000009058303"], 0x0) 344.855986ms ago: executing program 1 (id=38): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$sock_cred(r5, 0x1, 0x11, 0x0, &(0x7f00000002c0)) 313.478807ms ago: executing program 1 (id=39): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r1, 0x0, 0x0, 0x805, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) unshare(0x62040200) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 251.17738ms ago: executing program 1 (id=40): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 149.526714ms ago: executing program 0 (id=41): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x194) getdents(r2, 0x0, 0x0) 100.678356ms ago: executing program 1 (id=42): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r7 = getpid() r8 = syz_pidfd_open(r7, 0x0) setns(r8, 0x24020000) r9 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_pidfd_open(r9, 0x0) 0s ago: executing program 0 (id=43): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0xb, 0x84) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.174' (ED25519) to the list of known hosts. [ 24.390131][ T36] audit: type=1400 audit(1763556348.699:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 24.391474][ T281] cgroup: Unknown subsys name 'net' [ 24.412794][ T36] audit: type=1400 audit(1763556348.699:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.440146][ T36] audit: type=1400 audit(1763556348.739:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.440346][ T281] cgroup: Unknown subsys name 'devices' [ 24.625932][ T281] cgroup: Unknown subsys name 'hugetlb' [ 24.631555][ T281] cgroup: Unknown subsys name 'rlimit' [ 24.793177][ T36] audit: type=1400 audit(1763556349.099:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 24.816393][ T36] audit: type=1400 audit(1763556349.099:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 24.841249][ T36] audit: type=1400 audit(1763556349.099:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 24.850379][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 24.873466][ T36] audit: type=1400 audit(1763556349.179:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.899678][ T36] audit: type=1400 audit(1763556349.179:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.940737][ T36] audit: type=1400 audit(1763556349.249:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.966489][ T36] audit: type=1400 audit(1763556349.249:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.966859][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 28.495895][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.502958][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.510072][ T289] bridge_slave_0: entered allmulticast mode [ 28.516717][ T289] bridge_slave_0: entered promiscuous mode [ 28.535461][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.542513][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.550174][ T289] bridge_slave_1: entered allmulticast mode [ 28.556618][ T289] bridge_slave_1: entered promiscuous mode [ 28.589128][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.596250][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.603361][ T290] bridge_slave_0: entered allmulticast mode [ 28.609750][ T290] bridge_slave_0: entered promiscuous mode [ 28.624857][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.631902][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.639396][ T290] bridge_slave_1: entered allmulticast mode [ 28.645752][ T290] bridge_slave_1: entered promiscuous mode [ 28.707658][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.714771][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.722099][ T288] bridge_slave_0: entered allmulticast mode [ 28.728616][ T288] bridge_slave_0: entered promiscuous mode [ 28.734810][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.741819][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.749281][ T291] bridge_slave_0: entered allmulticast mode [ 28.755656][ T291] bridge_slave_0: entered promiscuous mode [ 28.764212][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.771264][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.778415][ T288] bridge_slave_1: entered allmulticast mode [ 28.784874][ T288] bridge_slave_1: entered promiscuous mode [ 28.791049][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.798230][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.805339][ T291] bridge_slave_1: entered allmulticast mode [ 28.811514][ T291] bridge_slave_1: entered promiscuous mode [ 28.972920][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.979985][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.987374][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.994416][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.005910][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.012976][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.020270][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.027317][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.044811][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.051864][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.059166][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.066210][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.075277][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.082312][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.089721][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.096754][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.137925][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.145914][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.153084][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.160401][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.168240][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.175579][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.182733][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.190174][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.199875][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.207204][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.225287][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.232350][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.239988][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.247026][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.287929][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.295000][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.302615][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.309956][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.317801][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.324899][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.333147][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.340218][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.347894][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.354940][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.378477][ T291] veth0_vlan: entered promiscuous mode [ 29.392371][ T291] veth1_macvtap: entered promiscuous mode [ 29.432074][ T290] veth0_vlan: entered promiscuous mode [ 29.433632][ T36] kauditd_printk_skb: 8 callbacks suppressed [ 29.433648][ T36] audit: type=1400 audit(1763556353.739:82): avc: denied { mounton } for pid=291 comm="syz-executor" path="/root/syzkaller.J35xRq/syz-tmp" dev="sda1" ino=2038 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 29.446178][ T290] veth1_macvtap: entered promiscuous mode [ 29.488240][ T291] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 29.493830][ T36] audit: type=1400 audit(1763556353.739:83): avc: denied { mount } for pid=291 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 29.525775][ T288] veth0_vlan: entered promiscuous mode [ 29.526551][ T36] audit: type=1400 audit(1763556353.739:84): avc: denied { mounton } for pid=291 comm="syz-executor" path="/root/syzkaller.J35xRq/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 29.556735][ T36] audit: type=1400 audit(1763556353.789:85): avc: denied { mount } for pid=291 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 29.570954][ T289] veth0_vlan: entered promiscuous mode [ 29.578671][ T36] audit: type=1400 audit(1763556353.789:86): avc: denied { mounton } for pid=291 comm="syz-executor" path="/root/syzkaller.J35xRq/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 29.585509][ T288] veth1_macvtap: entered promiscuous mode [ 29.630718][ T289] veth1_macvtap: entered promiscuous mode [ 29.675688][ T335] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 29.703597][ T36] audit: type=1400 audit(1763556353.789:87): avc: denied { mounton } for pid=291 comm="syz-executor" path="/root/syzkaller.J35xRq/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 29.751671][ T36] audit: type=1400 audit(1763556353.789:88): avc: denied { unmount } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 29.791363][ T344] SELinux: Context system_u:object_r:random_device_t:s0 is not valid (left unmapped). [ 29.792248][ T36] audit: type=1400 audit(1763556353.789:89): avc: denied { mounton } for pid=291 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=434 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 29.902182][ T36] audit: type=1400 audit(1763556353.789:90): avc: denied { mount } for pid=291 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 29.953445][ T358] fuseblk: Bad value for 'fd' [ 29.967508][ T36] audit: type=1400 audit(1763556353.789:91): avc: denied { mounton } for pid=291 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 30.672773][ T380] fuseblk: Bad value for 'fd' [ 32.293600][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 32.383646][ T31] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 32.430163][ T420] incfs: iterate_incfs_dir / -22 [ 32.444802][ T291] ------------[ cut here ]------------ [ 32.450690][ T291] WARNING: CPU: 1 PID: 291 at fs/inode.c:340 drop_nlink+0xce/0x110 [ 32.454916][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 32.458787][ T291] Modules linked in: [ 32.473497][ T291] CPU: 1 UID: 0 PID: 291 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 32.483574][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 32.485379][ T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 32.505164][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 32.505225][ T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 32.505247][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.518530][ T291] RIP: 0010:drop_nlink+0xce/0x110 [ 32.529572][ T10] usb 4-1: config 0 descriptor?? [ 32.535785][ T291] Code: 04 00 00 be 08 00 00 00 e8 cf 54 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 32 e4 97 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c [ 32.565471][ T291] RSP: 0018:ffffc9000b6dfc60 EFLAGS: 00010293 [ 32.571603][ T291] RAX: ffffffff81ee1a7e RBX: ffff8881320c61e8 RCX: ffff88812c81cc00 [ 32.579769][ T291] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 32.587826][ T291] RBP: ffffc9000b6dfc88 R08: 0000000000000003 R09: 0000000000000004 [ 32.596275][ T291] R10: dffffc0000000000 R11: fffff520016dbf7c R12: dffffc0000000000 [ 32.604558][ T291] R13: 1ffff11026418c46 R14: ffff8881320c6230 R15: 0000000000000000 [ 32.612722][ T291] FS: 00005555742fb500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 32.621925][ T291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.628659][ T291] CR2: 000055557431e4e8 CR3: 0000000127cb2000 CR4: 00000000003526b0 [ 32.636771][ T291] Call Trace: [ 32.640081][ T291] [ 32.643053][ T291] shmem_rmdir+0x5f/0x90 [ 32.647396][ T291] vfs_rmdir+0x3dd/0x560 [ 32.651675][ T291] incfs_kill_sb+0x109/0x230 [ 32.656401][ T291] deactivate_locked_super+0xd5/0x2a0 [ 32.661859][ T291] deactivate_super+0xb8/0xe0 [ 32.667024][ T291] cleanup_mnt+0x3f1/0x480 [ 32.671487][ T291] __cleanup_mnt+0x1d/0x40 [ 32.676085][ T291] task_work_run+0x1e0/0x250 [ 32.680730][ T291] ? __cfi_task_work_run+0x10/0x10 [ 32.686031][ T291] ? __x64_sys_umount+0x126/0x170 [ 32.691119][ T291] ? __cfi___x64_sys_umount+0x10/0x10 [ 32.696744][ T291] ? __kasan_check_read+0x15/0x20 [ 32.701813][ T291] resume_user_mode_work+0x36/0x50 [ 32.707113][ T291] syscall_exit_to_user_mode+0x64/0xb0 [ 32.712661][ T291] do_syscall_64+0x64/0xf0 [ 32.717444][ T291] ? clear_bhb_loop+0x50/0xa0 [ 32.722185][ T291] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 32.728155][ T291] RIP: 0033:0x7ffa46b90a77 [ 32.732590][ T291] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 32.752479][ T291] RSP: 002b:00007ffcb334efd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 32.760967][ T291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ffa46b90a77 [ 32.769019][ T291] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcb334f090 [ 32.777140][ T291] RBP: 00007ffcb334f090 R08: 0000000000000000 R09: 0000000000000000 [ 32.785188][ T291] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcb3350120 [ 32.793331][ T291] R13: 00007ffa46c13d7d R14: 0000000000007eac R15: 00007ffcb3350160 [ 32.801439][ T291] [ 32.804970][ T291] ---[ end trace 0000000000000000 ]--- [ 32.811892][ T291] ================================================================== [ 32.819993][ T291] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 [ 32.826388][ T291] Write of size 4 at addr 0000000000000168 by task syz-executor/291 [ 32.834424][ T291] [ 32.836772][ T291] CPU: 1 UID: 0 PID: 291 Comm: syz-executor Tainted: G W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 32.836804][ T291] Tainted: [W]=WARN [ 32.836811][ T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 32.836821][ T291] Call Trace: [ 32.836828][ T291] [ 32.836835][ T291] __dump_stack+0x21/0x30 [ 32.836866][ T291] dump_stack_lvl+0x10c/0x190 [ 32.836904][ T291] ? __cfi_dump_stack_lvl+0x10/0x10 [ 32.836942][ T291] print_report+0x3d/0x70 [ 32.836960][ T291] kasan_report+0x163/0x1a0 [ 32.836982][ T291] ? ihold+0x24/0x70 [ 32.837014][ T291] ? _raw_spin_unlock+0x45/0x60 [ 32.837051][ T291] ? ihold+0x24/0x70 [ 32.837068][ T291] kasan_check_range+0x299/0x2a0 [ 32.837090][ T291] __kasan_check_write+0x18/0x20 [ 32.837114][ T291] ihold+0x24/0x70 [ 32.837132][ T291] vfs_rmdir+0x26a/0x560 [ 32.837169][ T291] incfs_kill_sb+0x109/0x230 [ 32.837208][ T291] deactivate_locked_super+0xd5/0x2a0 [ 32.837231][ T291] deactivate_super+0xb8/0xe0 [ 32.837252][ T291] cleanup_mnt+0x3f1/0x480 [ 32.837272][ T291] __cleanup_mnt+0x1d/0x40 [ 32.837290][ T291] task_work_run+0x1e0/0x250 [ 32.837310][ T291] ? __cfi_task_work_run+0x10/0x10 [ 32.837330][ T291] ? __x64_sys_umount+0x126/0x170 [ 32.837351][ T291] ? __cfi___x64_sys_umount+0x10/0x10 [ 32.837371][ T291] ? __kasan_check_read+0x15/0x20 [ 32.837395][ T291] resume_user_mode_work+0x36/0x50 [ 32.837417][ T291] syscall_exit_to_user_mode+0x64/0xb0 [ 32.837437][ T291] do_syscall_64+0x64/0xf0 [ 32.837472][ T291] ? clear_bhb_loop+0x50/0xa0 [ 32.837492][ T291] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 32.837515][ T291] RIP: 0033:0x7ffa46b90a77 [ 32.837531][ T291] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 32.837546][ T291] RSP: 002b:00007ffcb334efd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 32.837572][ T291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ffa46b90a77 [ 32.837585][ T291] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcb334f090 [ 32.837597][ T291] RBP: 00007ffcb334f090 R08: 0000000000000000 R09: 0000000000000000 [ 32.837609][ T291] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcb3350120 [ 32.837621][ T291] R13: 00007ffa46c13d7d R14: 0000000000007eac R15: 00007ffcb3350160 [ 32.837636][ T291] [ 32.837643][ T291] ================================================================== [ 32.947267][ T10] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 32.950777][ T291] Disabling lock debugging due to kernel taint [ 32.960331][ T10] plantronics 0003:047F:FFFF.0001: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 32.964132][ T31] usb 3-1: Using ep0 maxpacket: 8 [ 33.021084][ T291] BUG: kernel NULL pointer dereference, address: 0000000000000168 [ 33.030294][ T31] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 33.032846][ T291] #PF: supervisor write access in kernel mode [ 33.041335][ T31] usb 3-1: config 179 has no interface number 0 [ 33.048774][ T291] #PF: error_code(0x0002) - not-present page [ 33.048807][ T291] PGD 800000010b373067 P4D 800000010b373067 PUD 0 [ 33.048836][ T291] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 33.048877][ T291] CPU: 0 UID: 0 PID: 291 Comm: syz-executor Tainted: G B W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 33.048902][ T291] Tainted: [B]=BAD_PAGE, [W]=WARN [ 33.048908][ T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 33.048918][ T291] RIP: 0010:ihold+0x2a/0x70 [ 33.048948][ T291] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 33.080469][ T31] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 33.083937][ T291] RSP: 0018:ffffc9000b6dfca0 EFLAGS: 00010246 [ 33.083974][ T291] RAX: ffff88812c81cc00 RBX: 0000000000000000 RCX: ffff88812c81cc00 [ 33.083995][ T291] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 33.084006][ T291] RBP: ffffc9000b6dfcb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 33.112068][ T31] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 33.115201][ T291] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff8881320c61f4 [ 33.115246][ T291] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 33.115257][ T291] FS: 00005555742fb500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 33.133289][ T31] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 33.137333][ T291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.137351][ T291] CR2: 0000000000000168 CR3: 0000000127cb2000 CR4: 00000000003526b0 [ 33.137367][ T291] Call Trace: [ 33.137373][ T291] [ 33.137381][ T291] vfs_rmdir+0x26a/0x560 [ 33.153576][ T31] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 33.156064][ T291] incfs_kill_sb+0x109/0x230 [ 33.156099][ T291] deactivate_locked_super+0xd5/0x2a0 [ 33.162272][ T31] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 33.175229][ T291] deactivate_super+0xb8/0xe0 [ 33.175278][ T291] cleanup_mnt+0x3f1/0x480 [ 33.175295][ T291] __cleanup_mnt+0x1d/0x40 [ 33.175311][ T291] task_work_run+0x1e0/0x250 [ 33.190583][ T31] usb 3-1: config 179 interface 65 has no altsetting 0 [ 33.194893][ T291] ? __cfi_task_work_run+0x10/0x10 [ 33.194980][ T291] ? __x64_sys_umount+0x126/0x170 [ 33.233588][ T31] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 33.239913][ T291] ? __cfi___x64_sys_umount+0x10/0x10 [ 33.239946][ T291] ? __kasan_check_read+0x15/0x20 [ 33.253632][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 33.255893][ T291] resume_user_mode_work+0x36/0x50 [ 33.429787][ T291] syscall_exit_to_user_mode+0x64/0xb0 [ 33.435097][ T31] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input4 [ 33.435256][ T291] do_syscall_64+0x64/0xf0 [ 33.450577][ T291] ? clear_bhb_loop+0x50/0xa0 [ 33.455441][ T291] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 33.461385][ T291] RIP: 0033:0x7ffa46b90a77 [ 33.465842][ T291] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 33.485729][ T291] RSP: 002b:00007ffcb334efd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 33.494160][ T291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ffa46b90a77 [ 33.502138][ T291] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcb334f090 [ 33.510127][ T291] RBP: 00007ffcb334f090 R08: 0000000000000000 R09: 0000000000000000 [ 33.518154][ T291] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcb3350120 [ 33.526146][ T291] R13: 00007ffa46c13d7d R14: 0000000000007eac R15: 00007ffcb3350160 [ 33.534205][ T291] [ 33.537245][ T291] Modules linked in: [ 33.541190][ T291] CR2: 0000000000000168 [ 33.545337][ T291] ---[ end trace 0000000000000000 ]--- [ 33.550794][ T291] RIP: 0010:ihold+0x2a/0x70 [ 33.555294][ T291] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 33.574928][ T291] RSP: 0018:ffffc9000b6dfca0 EFLAGS: 00010246 [ 33.581030][ T291] RAX: ffff88812c81cc00 RBX: 0000000000000000 RCX: ffff88812c81cc00 [ 33.589106][ T291] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 33.597093][ T291] RBP: ffffc9000b6dfcb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 33.605099][ T291] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff8881320c61f4 [ 33.613076][ T291] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 33.621098][ T291] FS: 00005555742fb500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 33.630035][ T291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.636656][ T291] CR2: 0000000000000168 CR3: 0000000127cb2000 CR4: 00000000003526b0 [ 33.644710][ T291] Kernel panic - not syncing: Fatal exception [ 33.651046][ T291] Kernel Offset: disabled [ 33.655404][ T291] Rebooting in 86400 seconds..