last executing test programs: 952.11759ms ago: executing program 1 (id=369): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) write(r2, 0x0, 0x0) pipe(&(0x7f0000000040)) 933.135211ms ago: executing program 1 (id=371): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x83, 0x1fe, 0x1, 0x1}, 0x1c) 906.473491ms ago: executing program 1 (id=372): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) 832.461674ms ago: executing program 1 (id=373): ioperm(0x0, 0x1, 0x6) prctl$PR_SET_MM_MAP(0x3c, 0xe, 0x0, 0x42) 832.212424ms ago: executing program 1 (id=374): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) write(r3, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000004600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r5, &(0x7f00000005c0)={&(0x7f00000003c0)={0x2, 0x0, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000080)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb35", 0x6}], 0x2, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @broadcast}}}], 0x20}, 0x24008004) 756.647877ms ago: executing program 1 (id=376): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_usb_disconnect(0xffffffffffffffff) syz_usb_connect$hid(0x0, 0x90, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x458, 0x5016, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xc0, 0x40, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x9, 0x0, 0x1, {0x22, 0xa0}}, {{{0x9, 0x5, 0x81, 0x3, 0x40}}}}}]}}]}}, 0x0) 594.407942ms ago: executing program 0 (id=385): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[], 0x118) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) 581.218632ms ago: executing program 0 (id=387): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) accept4$tipc(r3, 0x0, 0x0, 0x80000) 566.653842ms ago: executing program 0 (id=388): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) fchdir(r5) 544.602553ms ago: executing program 0 (id=390): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) 526.776104ms ago: executing program 0 (id=392): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x83, 0x1fe, 0x1, 0x1}, 0x1c) 363.118999ms ago: executing program 3 (id=401): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) 362.727259ms ago: executing program 3 (id=402): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[], 0x118) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r2, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r7, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) 349.635379ms ago: executing program 3 (id=403): madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x15) 338.481079ms ago: executing program 3 (id=404): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[], 0x118) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) 325.00856ms ago: executing program 3 (id=405): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40004) sendmmsg$inet6(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) close(r5) 311.71392ms ago: executing program 3 (id=406): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket(0xa, 0x3, 0x3a) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) accept4$tipc(r3, 0x0, 0x0, 0x80000) 228.325203ms ago: executing program 2 (id=408): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x800) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 205.989914ms ago: executing program 2 (id=409): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) unshare(0x60000600) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r4, 0x0, 0x0, 0x805, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r5, 0x0, 0x0) r7 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) 125.183706ms ago: executing program 2 (id=410): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x800) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r4, 0x0, 0x0) sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB=','], 0x2c}, 0x1, 0x0, 0x0, 0x40800}, 0x0) 33.820589ms ago: executing program 2 (id=411): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x805, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) 33.581369ms ago: executing program 0 (id=412): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r2, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r7, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) 33.198519ms ago: executing program 2 (id=413): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[], 0x118) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) 0s ago: executing program 2 (id=414): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40004) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) close(r4) close(r5) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.219' (ED25519) to the list of known hosts. [ 20.882947][ T36] audit: type=1400 audit(1763531129.030:64): avc: denied { mounton } for pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.884731][ T282] cgroup: Unknown subsys name 'net' [ 20.905610][ T36] audit: type=1400 audit(1763531129.030:65): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.932868][ T36] audit: type=1400 audit(1763531129.060:66): avc: denied { unmount } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.933023][ T282] cgroup: Unknown subsys name 'devices' [ 21.092241][ T282] cgroup: Unknown subsys name 'hugetlb' [ 21.097851][ T282] cgroup: Unknown subsys name 'rlimit' [ 21.252713][ T36] audit: type=1400 audit(1763531129.400:67): avc: denied { setattr } for pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.275961][ T36] audit: type=1400 audit(1763531129.400:68): avc: denied { mounton } for pid=282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.298969][ T284] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.300842][ T36] audit: type=1400 audit(1763531129.400:69): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 21.332306][ T36] audit: type=1400 audit(1763531129.450:70): avc: denied { relabelto } for pid=284 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.348336][ T282] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.357779][ T36] audit: type=1400 audit(1763531129.450:71): avc: denied { write } for pid=284 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.391910][ T36] audit: type=1400 audit(1763531129.490:72): avc: denied { read } for pid=282 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.417439][ T36] audit: type=1400 audit(1763531129.490:73): avc: denied { open } for pid=282 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.802790][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.809856][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.816939][ T289] bridge_slave_0: entered allmulticast mode [ 23.823288][ T289] bridge_slave_0: entered promiscuous mode [ 23.832635][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.839670][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.846941][ T289] bridge_slave_1: entered allmulticast mode [ 23.853165][ T289] bridge_slave_1: entered promiscuous mode [ 23.907112][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.914159][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.921218][ T292] bridge_slave_0: entered allmulticast mode [ 23.927362][ T292] bridge_slave_0: entered promiscuous mode [ 23.937763][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.944832][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.951898][ T292] bridge_slave_1: entered allmulticast mode [ 23.958046][ T292] bridge_slave_1: entered promiscuous mode [ 23.982990][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.990113][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.997190][ T290] bridge_slave_0: entered allmulticast mode [ 24.003474][ T290] bridge_slave_0: entered promiscuous mode [ 24.009894][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.016965][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.024055][ T290] bridge_slave_1: entered allmulticast mode [ 24.030382][ T290] bridge_slave_1: entered promiscuous mode [ 24.042014][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.049058][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.056164][ T291] bridge_slave_0: entered allmulticast mode [ 24.062333][ T291] bridge_slave_0: entered promiscuous mode [ 24.076920][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.083956][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.091026][ T291] bridge_slave_1: entered allmulticast mode [ 24.097173][ T291] bridge_slave_1: entered promiscuous mode [ 24.214688][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.221740][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.229007][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.236064][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.259650][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.266707][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.274004][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.281041][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.304121][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.311164][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.318407][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.325450][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.338936][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.345999][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.353295][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.360338][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.392511][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.399840][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.407472][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.414823][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.422142][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.429408][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.436702][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.444011][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.459739][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.466805][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.474369][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.481397][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.501184][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.508214][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.516476][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.523508][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.543973][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.551022][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.558568][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.565612][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.580671][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.587698][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.603057][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.610099][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.624762][ T289] veth0_vlan: entered promiscuous mode [ 24.655090][ T290] veth0_vlan: entered promiscuous mode [ 24.662568][ T292] veth0_vlan: entered promiscuous mode [ 24.673266][ T290] veth1_macvtap: entered promiscuous mode [ 24.679886][ T289] veth1_macvtap: entered promiscuous mode [ 24.700576][ T292] veth1_macvtap: entered promiscuous mode [ 24.735515][ T289] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 24.754606][ T291] veth0_vlan: entered promiscuous mode [ 24.783221][ T291] veth1_macvtap: entered promiscuous mode [ 24.871052][ T346] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 24.934235][ T358] overlayfs: failed to resolve './file1': -2 [ 25.002671][ T372] netlink: 20 bytes leftover after parsing attributes in process `syz.1.19'. [ 25.110554][ T388] process 'syz.3.28' launched './file0' with NULL argv: empty string added [ 25.411742][ T440] futex_wake_op: syz.3.51 tries to shift op by 32; fix this program [ 25.510307][ T64] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 25.661429][ T64] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 25.671582][ T64] usb 3-1: config 7 has 1 interface, different from the descriptor's value: 2 [ 25.681491][ T64] usb 3-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 0.84 [ 25.690576][ T64] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 25.698588][ T64] usb 3-1: Product: syz [ 25.702847][ T64] usb 3-1: SerialNumber: syz [ 25.709358][ T64] usb 3-1: bad CDC descriptors [ 25.817252][ T475] tmpfs: Unknown parameter 'no' [ 25.916098][ T45] usb 3-1: USB disconnect, device number 2 [ 26.214282][ T36] kauditd_printk_skb: 49 callbacks suppressed [ 26.214299][ T36] audit: type=1400 audit(1763531134.360:123): avc: denied { create } for pid=520 comm="syz.1.91" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 26.336469][ T36] audit: type=1400 audit(1763531134.480:124): avc: denied { create } for pid=537 comm="syz.1.100" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 26.358609][ T36] audit: type=1400 audit(1763531134.480:125): avc: denied { mounton } for pid=536 comm="syz.0.99" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 26.360551][ T541] ======================================================= [ 26.360551][ T541] WARNING: The mand mount option has been deprecated and [ 26.360551][ T541] and is ignored by this kernel. Remove the mand [ 26.360551][ T541] option from the mount to silence this warning. [ 26.360551][ T541] ======================================================= [ 26.384707][ T36] audit: type=1400 audit(1763531134.510:126): avc: denied { remount } for pid=540 comm="syz.0.101" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 26.416444][ T541] binder: Unknown parameter 'contextĚ' [ 26.442446][ T36] audit: type=1400 audit(1763531134.590:127): avc: denied { unlink } for pid=291 comm="syz-executor" name="file0" dev="tmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 26.471485][ T36] audit: type=1400 audit(1763531134.610:128): avc: denied { unlink } for pid=542 comm="syz.1.102" name="#1" dev="tmpfs" ino=131 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 26.495253][ T36] audit: type=1400 audit(1763531134.610:129): avc: denied { mount } for pid=542 comm="syz.1.102" name="/" dev="overlay" ino=125 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 26.541500][ T36] audit: type=1400 audit(1763531134.680:130): avc: denied { mount } for pid=549 comm="syz.0.106" name="/" dev="ramfs" ino=4373 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 26.568548][ T36] audit: type=1400 audit(1763531134.700:131): avc: denied { create } for pid=554 comm="syz.3.108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 26.588691][ T36] audit: type=1400 audit(1763531134.700:132): avc: denied { setopt } for pid=554 comm="syz.3.108" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 26.654325][ T563] fuseblk: Unknown parameter '0xffffffffffffffff' [ 27.729845][ T651] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1279 sclass=netlink_route_socket pid=651 comm=syz.3.154 [ 27.827333][ T664] overlayfs: overlapping lowerdir path [ 28.410860][ T694] overlayfs: failed to resolve './file1': -2 [ 29.282914][ T807] overlayfs: missing 'lowerdir' [ 29.290320][ T64] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 29.510310][ T64] usb 3-1: Using ep0 maxpacket: 32 [ 29.522611][ T64] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 30.073799][ T64] usb 3-1: config 0 has no interface number 0 [ 30.090310][ T64] usb 3-1: config 0 interface 184 has no altsetting 0 [ 30.169344][ T833] netlink: 'syz.1.241': attribute type 4 has an invalid length. [ 30.306715][ T842] 9pnet: Could not find request transport: f [ 30.473549][ T64] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 30.486791][ T64] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.494831][ T64] usb 3-1: Product: syz [ 30.499000][ T64] usb 3-1: Manufacturer: syz [ 30.503638][ T64] usb 3-1: SerialNumber: syz [ 30.508978][ T64] usb 3-1: config 0 descriptor?? [ 30.517997][ T64] smsc75xx v1.0.0 [ 30.525715][ T64] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 30.537265][ T64] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -22 [ 30.549811][ T858] Zero length message leads to an empty skb [ 30.720449][ T64] usb 3-1: USB disconnect, device number 3 [ 30.867901][ T910] netlink: 24 bytes leftover after parsing attributes in process `syz.0.273'. [ 30.903674][ T914] 9pnet: Could not find request transport: 0xffffffffffffffff [ 31.310287][ T64] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 31.460301][ T64] usb 1-1: Using ep0 maxpacket: 8 [ 31.466869][ T64] usb 1-1: unable to get BOS descriptor or descriptor too short [ 31.482480][ T64] usb 1-1: New USB device found, idVendor=1a0a, idProduct=0104, bcdDevice=55.44 [ 31.491695][ T64] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 31.499687][ T64] usb 1-1: Product: syz [ 31.504045][ T64] usb 1-1: Manufacturer: syz [ 31.508644][ T64] usb 1-1: SerialNumber: syz [ 31.655432][ T36] kauditd_printk_skb: 36 callbacks suppressed [ 31.655448][ T36] audit: type=1400 audit(1763531139.800:169): avc: denied { create } for pid=968 comm="syz.1.302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 31.717637][ T64] usb_ehset_test 1-1:4.0: probe with driver usb_ehset_test failed with error -32 [ 31.729888][ T64] usb 1-1: USB disconnect, device number 2 [ 31.828082][ T36] audit: type=1400 audit(1763531139.970:170): avc: denied { create } for pid=981 comm="syz.1.308" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 31.858571][ T36] audit: type=1400 audit(1763531140.000:171): avc: denied { unlink } for pid=291 comm="syz-executor" name="file0" dev="tmpfs" ino=456 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 32.095459][ T36] audit: type=1400 audit(1763531140.240:172): avc: denied { setcheckreqprot } for pid=1018 comm="syz.2.326" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 32.270371][ T36] audit: type=1400 audit(1763531140.400:173): avc: denied { write } for pid=1033 comm="syz.2.333" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 32.490287][ T64] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 32.646948][ T36] audit: type=1400 audit(1763531140.740:174): avc: denied { ioctl } for pid=1054 comm="syz.0.344" path="socket:[6546]" dev="sockfs" ino=6546 ioctlcmd=0x8916 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 32.720265][ T64] usb 3-1: Using ep0 maxpacket: 16 [ 32.726728][ T64] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 32.738206][ T64] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 32.748498][ T64] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 32.757936][ T64] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.775491][ T64] usb 3-1: config 0 descriptor?? [ 32.783888][ T1062] netlink: 28 bytes leftover after parsing attributes in process `syz.3.347'. [ 32.827895][ T36] audit: type=1326 audit(1763531140.970:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1063 comm="syz.0.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f260998f6c9 code=0x7ffc0000 [ 32.852129][ T36] audit: type=1326 audit(1763531140.970:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1063 comm="syz.0.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f260998f6c9 code=0x7ffc0000 [ 32.875889][ T36] audit: type=1326 audit(1763531141.000:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1063 comm="syz.0.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7f260998f6c9 code=0x7ffc0000 [ 32.989715][ T36] audit: type=1400 audit(1763531141.130:178): avc: denied { nlmsg_read } for pid=1071 comm="syz.3.352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 33.010184][ T1072] netlink: 192 bytes leftover after parsing attributes in process `syz.3.352'. [ 33.179120][ T1087] overlayfs: missing 'lowerdir' [ 33.283459][ T64] konepure 0003:1E7D:2DB4.0001: unknown main item tag 0x0 [ 33.291591][ T64] konepure 0003:1E7D:2DB4.0001: unknown main item tag 0x0 [ 33.299390][ T64] konepure 0003:1E7D:2DB4.0001: item fetching failed at offset 2/4 [ 33.308517][ T64] konepure 0003:1E7D:2DB4.0001: parse failed [ 33.314805][ T64] konepure 0003:1E7D:2DB4.0001: probe with driver konepure failed with error -22 [ 33.496001][ T64] usb 3-1: USB disconnect, device number 4 [ 33.640981][ T1131] netlink: 36 bytes leftover after parsing attributes in process `syz.0.380'. [ 34.000265][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 34.170272][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 34.181274][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 34.194966][ T9] usb 2-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 34.206637][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 34.220481][ T9] usb 2-1: config 0 descriptor?? [ 34.276475][ T292] ------------[ cut here ]------------ [ 34.282077][ T292] WARNING: CPU: 1 PID: 292 at fs/inode.c:340 drop_nlink+0xce/0x110 [ 34.290001][ T292] Modules linked in: [ 34.293961][ T292] CPU: 1 UID: 0 PID: 292 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 34.305660][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 34.315763][ T292] RIP: 0010:drop_nlink+0xce/0x110 [ 34.320821][ T292] Code: 04 00 00 be 08 00 00 00 e8 cf 54 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 32 e4 97 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c [ 34.340565][ T292] RSP: 0018:ffffc9000b64fc60 EFLAGS: 00010293 [ 34.346666][ T292] RAX: ffffffff81ee1a7e RBX: ffff888114d3f480 RCX: ffff88810c6a4c00 [ 34.354771][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 34.362778][ T292] RBP: ffffc9000b64fc88 R08: 0000000000000003 R09: 0000000000000004 [ 34.370796][ T292] R10: dffffc0000000000 R11: fffff520016c9f7c R12: dffffc0000000000 [ 34.378778][ T292] R13: 1ffff110229a7e99 R14: ffff888114d3f4c8 R15: 0000000000000000 [ 34.386814][ T292] FS: 000055558a586500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 34.395777][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.402507][ T292] CR2: 00007f97a1ffdf08 CR3: 0000000127886000 CR4: 00000000003526b0 [ 34.410533][ T292] Call Trace: [ 34.413823][ T292] [ 34.416768][ T292] shmem_rmdir+0x5f/0x90 [ 34.421064][ T292] vfs_rmdir+0x3dd/0x560 [ 34.425334][ T292] incfs_kill_sb+0x109/0x230 [ 34.429952][ T292] deactivate_locked_super+0xd5/0x2a0 [ 34.435410][ T292] deactivate_super+0xb8/0xe0 [ 34.437820][ T9] usbhid 2-1:0.0: can't add hid device: -71 [ 34.440207][ T292] cleanup_mnt+0x3f1/0x480 [ 34.448428][ T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 34.450568][ T292] __cleanup_mnt+0x1d/0x40 [ 34.450595][ T292] task_work_run+0x1e0/0x250 [ 34.467344][ T292] ? __cfi_task_work_run+0x10/0x10 [ 34.472510][ T292] ? __x64_sys_umount+0x126/0x170 [ 34.473243][ T9] usb 2-1: USB disconnect, device number 2 [ 34.477550][ T292] ? __cfi___x64_sys_umount+0x10/0x10 [ 34.488753][ T292] ? __kasan_check_read+0x15/0x20 [ 34.493855][ T292] resume_user_mode_work+0x36/0x50 [ 34.499004][ T292] syscall_exit_to_user_mode+0x64/0xb0 [ 34.504543][ T292] do_syscall_64+0x64/0xf0 [ 34.508980][ T292] ? clear_bhb_loop+0x50/0xa0 [ 34.513718][ T292] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 34.519628][ T292] RIP: 0033:0x7fcaedd909f7 [ 34.524089][ T292] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 34.543716][ T292] RSP: 002b:00007ffeff9d9d68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 34.552174][ T292] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fcaedd909f7 [ 34.560161][ T292] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeff9d9e20 [ 34.568194][ T292] RBP: 00007ffeff9d9e20 R08: 0000000000000000 R09: 0000000000000000 [ 34.576190][ T292] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeff9daeb0 [ 34.584208][ T292] R13: 00007fcaede11d7d R14: 00000000000085ca R15: 00007ffeff9daef0 [ 34.592227][ T292] [ 34.595252][ T292] ---[ end trace 0000000000000000 ]--- [ 34.601042][ T292] ================================================================== [ 34.609139][ T292] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 [ 34.615406][ T292] Write of size 4 at addr 0000000000000168 by task syz-executor/292 [ 34.623386][ T292] [ 34.625715][ T292] CPU: 1 UID: 0 PID: 292 Comm: syz-executor Tainted: G W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 34.625745][ T292] Tainted: [W]=WARN [ 34.625752][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 34.625764][ T292] Call Trace: [ 34.625770][ T292] [ 34.625778][ T292] __dump_stack+0x21/0x30 [ 34.625807][ T292] dump_stack_lvl+0x10c/0x190 [ 34.625833][ T292] ? __cfi_dump_stack_lvl+0x10/0x10 [ 34.625862][ T292] print_report+0x3d/0x70 [ 34.625882][ T292] kasan_report+0x163/0x1a0 [ 34.625905][ T292] ? ihold+0x24/0x70 [ 34.625926][ T292] ? _raw_spin_unlock+0x45/0x60 [ 34.625951][ T292] ? ihold+0x24/0x70 [ 34.625971][ T292] kasan_check_range+0x299/0x2a0 [ 34.625993][ T292] __kasan_check_write+0x18/0x20 [ 34.626021][ T292] ihold+0x24/0x70 [ 34.626041][ T292] vfs_rmdir+0x26a/0x560 [ 34.626066][ T292] incfs_kill_sb+0x109/0x230 [ 34.626095][ T292] deactivate_locked_super+0xd5/0x2a0 [ 34.626120][ T292] deactivate_super+0xb8/0xe0 [ 34.626144][ T292] cleanup_mnt+0x3f1/0x480 [ 34.626166][ T292] __cleanup_mnt+0x1d/0x40 [ 34.626185][ T292] task_work_run+0x1e0/0x250 [ 34.626209][ T292] ? __cfi_task_work_run+0x10/0x10 [ 34.626231][ T292] ? __x64_sys_umount+0x126/0x170 [ 34.626257][ T292] ? __cfi___x64_sys_umount+0x10/0x10 [ 34.626283][ T292] ? __kasan_check_read+0x15/0x20 [ 34.626316][ T292] resume_user_mode_work+0x36/0x50 [ 34.626339][ T292] syscall_exit_to_user_mode+0x64/0xb0 [ 34.626360][ T292] do_syscall_64+0x64/0xf0 [ 34.626383][ T292] ? clear_bhb_loop+0x50/0xa0 [ 34.626402][ T292] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 34.626421][ T292] RIP: 0033:0x7fcaedd909f7 [ 34.626436][ T292] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 34.626450][ T292] RSP: 002b:00007ffeff9d9d68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 34.626471][ T292] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fcaedd909f7 [ 34.626483][ T292] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeff9d9e20 [ 34.626495][ T292] RBP: 00007ffeff9d9e20 R08: 0000000000000000 R09: 0000000000000000 [ 34.626507][ T292] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeff9daeb0 [ 34.626519][ T292] R13: 00007fcaede11d7d R14: 00000000000085ca R15: 00007ffeff9daef0 [ 34.626535][ T292] [ 34.626542][ T292] ================================================================== [ 34.870564][ T292] Disabling lock debugging due to kernel taint [ 34.876740][ T292] BUG: kernel NULL pointer dereference, address: 0000000000000168 [ 34.884530][ T292] #PF: supervisor write access in kernel mode [ 34.890597][ T292] #PF: error_code(0x0002) - not-present page [ 34.896557][ T292] PGD 800000010e3f0067 P4D 800000010e3f0067 PUD 0 [ 34.903064][ T292] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 34.909134][ T292] CPU: 1 UID: 0 PID: 292 Comm: syz-executor Tainted: G B W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 34.922235][ T292] Tainted: [B]=BAD_PAGE, [W]=WARN [ 34.927236][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 34.937280][ T292] RIP: 0010:ihold+0x2a/0x70 [ 34.941790][ T292] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 34.961400][ T292] RSP: 0018:ffffc9000b64fca0 EFLAGS: 00010246 [ 34.967496][ T292] RAX: ffff88810c6a4c00 RBX: 0000000000000000 RCX: ffff88810c6a4c00 [ 34.975462][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 34.983423][ T292] RBP: ffffc9000b64fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 34.991386][ T292] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff888114d3f48c [ 34.999348][ T292] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 35.007315][ T292] FS: 000055558a586500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 35.016230][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.022798][ T292] CR2: 0000000000000168 CR3: 0000000127886000 CR4: 00000000003526b0 [ 35.030761][ T292] Call Trace: [ 35.034030][ T292] [ 35.036950][ T292] vfs_rmdir+0x26a/0x560 [ 35.041188][ T292] incfs_kill_sb+0x109/0x230 [ 35.045776][ T292] deactivate_locked_super+0xd5/0x2a0 [ 35.051147][ T292] deactivate_super+0xb8/0xe0 [ 35.055838][ T292] cleanup_mnt+0x3f1/0x480 [ 35.060281][ T292] __cleanup_mnt+0x1d/0x40 [ 35.064695][ T292] task_work_run+0x1e0/0x250 [ 35.069284][ T292] ? __cfi_task_work_run+0x10/0x10 [ 35.074398][ T292] ? __x64_sys_umount+0x126/0x170 [ 35.079445][ T292] ? __cfi___x64_sys_umount+0x10/0x10 [ 35.084819][ T292] ? __kasan_check_read+0x15/0x20 [ 35.089845][ T292] resume_user_mode_work+0x36/0x50 [ 35.094956][ T292] syscall_exit_to_user_mode+0x64/0xb0 [ 35.100403][ T292] do_syscall_64+0x64/0xf0 [ 35.104812][ T292] ? clear_bhb_loop+0x50/0xa0 [ 35.109482][ T292] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 35.115369][ T292] RIP: 0033:0x7fcaedd909f7 [ 35.119774][ T292] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 35.139377][ T292] RSP: 002b:00007ffeff9d9d68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 35.147790][ T292] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fcaedd909f7 [ 35.155754][ T292] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeff9d9e20 [ 35.163742][ T292] RBP: 00007ffeff9d9e20 R08: 0000000000000000 R09: 0000000000000000 [ 35.171705][ T292] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeff9daeb0 [ 35.179669][ T292] R13: 00007fcaede11d7d R14: 00000000000085ca R15: 00007ffeff9daef0 [ 35.187639][ T292] [ 35.190648][ T292] Modules linked in: [ 35.194532][ T292] CR2: 0000000000000168 [ 35.198682][ T292] ---[ end trace 0000000000000000 ]--- [ 35.204128][ T292] RIP: 0010:ihold+0x2a/0x70 [ 35.208622][ T292] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 35.228239][ T292] RSP: 0018:ffffc9000b64fca0 EFLAGS: 00010246 [ 35.234316][ T292] RAX: ffff88810c6a4c00 RBX: 0000000000000000 RCX: ffff88810c6a4c00 [ 35.242282][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 35.250268][ T292] RBP: ffffc9000b64fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 35.258267][ T292] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff888114d3f48c [ 35.266228][ T292] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 35.274189][ T292] FS: 000055558a586500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 35.283111][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.289691][ T292] CR2: 0000000000000168 CR3: 0000000127886000 CR4: 00000000003526b0 [ 35.297664][ T292] Kernel panic - not syncing: Fatal exception [ 35.304010][ T292] Kernel Offset: disabled [ 35.308344][ T292] Rebooting in 86400 seconds..