[   51.398728][ T1197] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.407750][ T1197] device veth1_macvtap left promiscuous mode
[   51.414067][ T1197] device veth0_macvtap left promiscuous mode
[   51.420503][ T1197] device veth1_vlan left promiscuous mode
[   51.427432][ T1197] device veth0_vlan left promiscuous mode
[   51.493883][ T1197] team0 (unregistering): Port device team_slave_1 removed
[   51.505994][ T1197] team0 (unregistering): Port device team_slave_0 removed
[   51.517342][ T1197] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   51.528625][ T1197] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   51.557998][ T1197] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts.
[   64.076763][   T26] audit: type=1400 audit(1648354168.175:189): avc:  denied  { ioctl } for  pid=4041 comm="syz-executor123" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   64.102392][ T4041] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   64.131849][   T26] audit: type=1400 audit(1648354168.225:190): avc:  denied  { write } for  pid=4041 comm="syz-executor123" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   64.172888][   T26] audit: type=1400 audit(1648354168.225:191): avc:  denied  { map } for  pid=4041 comm="syz-executor123" path="/dev/bus/usb/007/001" dev="devtmpfs" ino=726 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   67.381645][ T4168] page:ffffea0001a80000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a000
[   67.398943][ T4168] head:ffffea0001a80000 order:10 compound_mapcount:0 compound_pincount:0
[   67.408908][ T4168] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   67.419868][ T4168] raw: 00fff00000010200 ffffea0001fd0008 ffffea0001a20008 ffff88800fc43300
[   67.434662][ T4168] raw: 0000000000000000 ffff88806a000000 0000000100000001 0000000000000000
[   67.447707][ T4168] page dumped because: VM_BUG_ON_FOLIO(folio_test_slab(folio))
[   67.458961][ T4168] page_owner tracks the page as allocated
[   67.466783][ T4168] page last allocated via order 10, migratetype Unmovable, gfp_mask 0x3420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_HARDWALL|__GFP_THISNODE), pid 4041, tgid 4041 (syz-executor123), ts 64135907534, free_ts 45686436910
[   67.491514][ T4168]  get_page_from_freelist+0x178d/0x3da0
[   67.497463][ T4168]  __alloc_pages+0x1b2/0x500
[   67.503285][ T4168]  cache_grow_begin+0x75/0x350
[   67.509151][ T4168]  cache_alloc_refill+0x27f/0x380
[   67.516369][ T4168]  __kmalloc+0x3b3/0x4d0
[   67.520713][ T4168]  usbdev_mmap+0x1db/0x930
[   67.525881][ T4168]  mmap_region+0x976/0x1200
[   67.530846][ T4168]  do_mmap+0x5c4/0xd70
[   67.535511][ T4168]  vm_mmap_pgoff+0x163/0x210
[   67.540386][ T4168]  ksys_mmap_pgoff+0x2e8/0x490
[   67.545549][ T4168]  do_syscall_64+0x35/0xb0
[   67.549981][ T4168]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   67.556318][ T4168] page last free stack trace:
[   67.560969][ T4168]  free_pcp_prepare+0x549/0xd20
[   67.565811][ T4168]  free_unref_page+0x19/0x690
[   67.570740][ T4168]  release_pages+0x76b/0x1780
[   67.575498][ T4168]  tlb_finish_mmu+0x127/0x790
[   67.580510][ T4168]  exit_mmap+0x19d/0x3f0
[   67.584750][ T4168]  __mmput+0xed/0x430
[   67.588756][ T4168]  do_exit+0x8e9/0x24b0
[   67.593008][ T4168]  do_group_exit+0xb2/0x2a0
[   67.597746][ T4168]  get_signal+0x3aa/0x2130
[   67.602171][ T4168]  arch_do_signal_or_restart+0x2a9/0x1c40
[   67.608368][ T4168]  exit_to_user_mode_prepare+0x17d/0x290
[   67.614071][ T4168]  syscall_exit_to_user_mode+0x19/0x60
[   67.619549][ T4168]  do_syscall_64+0x42/0xb0
[   67.624463][ T4168]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   67.630515][ T4168] ------------[ cut here ]------------
[   67.636101][ T4168] kernel BUG at include/linux/memcontrol.h:472!
[   67.642676][ T4168] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   67.648848][ T4168] CPU: 1 PID: 4168 Comm: syz-executor123 Tainted: G        W         5.17.0-syzkaller #0
[   67.658626][ T4168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.668870][ T4168] RIP: 0010:workingset_activation+0x455/0x550
[   67.674931][ T4168] Code: df 48 c1 e8 03 80 3c 10 00 0f 85 ec 00 00 00 48 8b 05 bf 31 0b 0b e9 64 fd ff ff 48 c7 c6 60 05 f6 88 48 89 ef e8 fb 00 00 00 <0f> 0b 0f 0b e9 4f fc ff ff 48 c7 c6 c0 07 f6 88 48 89 ef e8 e3 00
[   67.694831][ T4168] RSP: 0018:ffffc900037b75e8 EFLAGS: 00010292
[   67.700896][ T4168] RAX: 0000000000000000 RBX: ffffea0001a80000 RCX: 0000000000000000
[   67.709022][ T4168] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888012a8000a
[   67.717060][ T4168] RBP: ffffea0001a80000 R08: 0000000000000029 R09: ffffc900037b718f
[   67.725106][ T4168] R10: fffff520006f6e31 R11: 535f7972746e6520 R12: 0000000000000000
[   67.733057][ T4168] R13: ffff8880b9f34d40 R14: 0000000000000003 R15: ffff8880b9f34d70
[   67.741099][ T4168] FS:  0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
[   67.750540][ T4168] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   67.757138][ T4168] CR2: 00007f0bb592e1f0 CR3: 0000000022e3b000 CR4: 00000000003526e0
[   67.765191][ T4168] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   67.773144][ T4168] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   67.781095][ T4168] Call Trace:
[   67.784353][ T4168]  <TASK>
[   67.787265][ T4168]  folio_mark_accessed+0x494/0xb60
[   67.792366][ T4168]  __handle_changed_spte+0x70c/0xea0
[   67.797641][ T4168]  ? tdp_mmu_init_child_sp+0x480/0x480
[   67.803078][ T4168]  __handle_changed_spte+0x6f7/0xea0
[   67.808508][ T4168]  ? tdp_mmu_init_child_sp+0x480/0x480
[   67.813942][ T4168]  ? tdp_iter_refresh_sptep+0x126/0x250
[   67.819573][ T4168]  ? kvm_mmu_reset_all_pte_masks+0x2a0/0x2a0
[   67.825531][ T4168]  __tdp_mmu_set_spte+0x123/0x6a0
[   67.830684][ T4168]  ? __handle_changed_spte+0xea0/0xea0
[   67.836302][ T4168]  ? spte_to_child_pt+0x40/0x40
[   67.841134][ T4168]  ? rcu_read_lock_sched_held+0xd/0x70
[   67.846665][ T4168]  ? lock_acquire+0x442/0x510
[   67.851328][ T4168]  __tdp_mmu_zap_root+0x4f0/0x540
[   67.856335][ T4168]  ? clear_dirty_pt_masked+0x350/0x350
[   67.862036][ T4168]  ? lock_acquire+0x442/0x510
[   67.866693][ T4168]  ? lock_release+0x720/0x720
[   67.871426][ T4168]  ? tdp_mmu_zap_root_work+0x70/0x70
[   67.876681][ T4168]  ? lock_release+0x720/0x720
[   67.881353][ T4168]  tdp_mmu_zap_root+0xe2/0x240
[   67.886105][ T4168]  kvm_tdp_mmu_zap_all+0xe0/0x120
[   67.891136][ T4168]  kvm_mmu_zap_all+0x1e8/0x240
[   67.895893][ T4168]  ? kvm_mmu_slot_leaf_clear_dirty+0x3f0/0x3f0
[   67.902118][ T4168]  ? lock_release+0x720/0x720
[   67.906775][ T4168]  ? kasan_save_stack+0x2e/0x40
[   67.911647][ T4168]  ? kasan_save_stack+0x1e/0x40
[   67.916925][ T4168]  ? kasan_set_track+0x21/0x30
[   67.921782][ T4168]  ? kasan_set_free_info+0x20/0x30
[   67.926891][ T4168]  ? __khugepaged_exit+0x272/0x3c0
[   67.932148][ T4168]  ? __mmput+0x34c/0x430
[   67.936365][ T4168]  ? do_exit+0x8e9/0x24b0
[   67.940704][ T4168]  ? do_group_exit+0xb2/0x2a0
[   67.945364][ T4168]  ? __x64_sys_exit_group+0x35/0x40
[   67.950592][ T4168]  kvm_mmu_notifier_release+0x4e/0x80
[   67.955962][ T4168]  ? __bpf_trace_kvm_test_age_hva+0xb0/0xb0
[   67.962414][ T4168]  __mmu_notifier_release+0x183/0x530
[   67.967772][ T4168]  ? mmu_interval_notifier_insert+0x130/0x130
[   67.973834][ T4168]  ? rcu_read_lock_sched_held+0xd/0x70
[   67.979291][ T4168]  ? lock_release+0x522/0x720
[   67.983955][ T4168]  ? debug_check_no_obj_freed+0x20c/0x420
[   67.989661][ T4168]  ? lock_downgrade+0x6e0/0x6e0
[   67.994506][ T4168]  ? rwlock_bug.part.0+0x90/0x90
[   67.999426][ T4168]  exit_mmap+0x322/0x3f0
[   68.003656][ T4168]  ? __ia32_sys_remap_file_pages+0x150/0x150
[   68.009632][ T4168]  ? debug_check_no_obj_freed+0x20c/0x420
[   68.015327][ T4168]  ? kmem_cache_free.part.0+0xe1/0x200
[   68.020860][ T4168]  ? trace_hardirqs_on+0x1c/0x140
[   68.025897][ T4168]  __mmput+0xed/0x430
[   68.029870][ T4168]  do_exit+0x8e9/0x24b0
[   68.034178][ T4168]  ? lock_release+0x522/0x720
[   68.038946][ T4168]  ? mm_update_next_owner+0x6d0/0x6d0
[   68.044317][ T4168]  do_group_exit+0xb2/0x2a0
[   68.048821][ T4168]  __x64_sys_exit_group+0x35/0x40
[   68.054012][ T4168]  do_syscall_64+0x35/0xb0
[   68.058434][ T4168]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   68.064316][ T4168] RIP: 0033:0x7f0bb58b81d9
[   68.068824][ T4168] Code: Unable to access opcode bytes at RIP 0x7f0bb58b81af.
[   68.076180][ T4168] RSP: 002b:00007ffcae696c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   68.084578][ T4168] RAX: ffffffffffffffda RBX: 00007f0bb592d350 RCX: 00007f0bb58b81d9
[   68.092530][ T4168] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[   68.100472][ T4168] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000
[   68.108426][ T4168] R10: 0000000000000006 R11: 0000000000000246 R12: 00007f0bb592d350
[   68.116386][ T4168] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   68.124331][ T4168]  </TASK>
[   68.127498][ T4168] Modules linked in:
[   68.131465][ T4168] ---[ end trace 0000000000000000 ]---
[   68.136926][ T4168] RIP: 0010:workingset_activation+0x455/0x550
[   68.143096][ T4168] Code: df 48 c1 e8 03 80 3c 10 00 0f 85 ec 00 00 00 48 8b 05 bf 31 0b 0b e9 64 fd ff ff 48 c7 c6 60 05 f6 88 48 89 ef e8 fb 00 00 00 <0f> 0b 0f 0b e9 4f fc ff ff 48 c7 c6 c0 07 f6 88 48 89 ef e8 e3 00
[   68.163281][ T4168] RSP: 0018:ffffc900037b75e8 EFLAGS: 00010292
[   68.169397][ T4168] RAX: 0000000000000000 RBX: ffffea0001a80000 RCX: 0000000000000000
[   68.177446][ T4168] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888012a8000a
[   68.185425][ T4168] RBP: ffffea0001a80000 R08: 0000000000000029 R09: ffffc900037b718f
[   68.193670][ T4168] R10: fffff520006f6e31 R11: 535f7972746e6520 R12: 0000000000000000
[   68.201793][ T4168] R13: ffff8880b9f34d40 R14: 0000000000000003 R15: ffff8880b9f34d70
[   68.209891][ T4168] FS:  0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
[   68.218836][ T4168] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.225591][ T4168] CR2: 00007f0bb592e1f0 CR3: 0000000022e3b000 CR4: 00000000003526e0
[   68.234023][ T4168] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.242407][ T4168] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.250408][ T4168] Kernel panic - not syncing: Fatal exception
[   68.256551][ T4168] Kernel Offset: disabled
[   68.260862][ T4168] Rebooting in 86400 seconds..