last executing test programs: 39.15637ms ago: executing program 4 (id=5): mkdir(&(0x7f00000001c0)='./file0\x00', 0x113) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) mount$bind(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x813014, 0x0) mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='./file0\x00', 0x0, 0x1000, 0x0) mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x45110, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/udp\x00') read$FUSE(r0, &(0x7f00000061c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=r1, @ANYBLOB=',gid=', @ANYRESHEX=r2]) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') read$FUSE(r3, &(0x7f0000004180)={0x2020}, 0x2020) 0s ago: executing program 4 (id=6): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r1}, 0x10) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000002c0)={r4}, 0x69) kernel console output (not intermixed with test programs): [ 13.196090][ T28] audit: type=1400 audit(1731586547.303:63): avc: denied { write } for pid=227 comm="sh" path="pipe:[13779]" dev="pipefs" ino=13779 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 13.200535][ T28] audit: type=1400 audit(1731586547.303:64): avc: denied { rlimitinh } for pid=227 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.203606][ T28] audit: type=1400 audit(1731586547.303:65): avc: denied { siginh } for pid=227 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.193' (ED25519) to the list of known hosts. [ 20.017184][ T28] audit: type=1400 audit(1731586554.123:66): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.018175][ T281] cgroup: Unknown subsys name 'net' [ 20.039641][ T28] audit: type=1400 audit(1731586554.133:67): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.066578][ T28] audit: type=1400 audit(1731586554.153:68): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.066713][ T281] cgroup: Unknown subsys name 'devices' [ 20.208936][ T281] cgroup: Unknown subsys name 'hugetlb' [ 20.214331][ T281] cgroup: Unknown subsys name 'rlimit' [ 20.313681][ T28] audit: type=1400 audit(1731586554.423:69): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.336648][ T28] audit: type=1400 audit(1731586554.423:70): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.337062][ T284] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 20.361371][ T28] audit: type=1400 audit(1731586554.423:71): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 20.392427][ T28] audit: type=1400 audit(1731586554.483:72): avc: denied { relabelto } for pid=284 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.417616][ T28] audit: type=1400 audit(1731586554.483:73): avc: denied { write } for pid=284 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.420256][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 20.442954][ T28] audit: type=1400 audit(1731586554.533:74): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.442979][ T28] audit: type=1400 audit(1731586554.533:75): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.120996][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.127916][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.134953][ T293] device bridge_slave_0 entered promiscuous mode [ 21.141521][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.148370][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.155430][ T292] device bridge_slave_0 entered promiscuous mode [ 21.165165][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.172030][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.179242][ T293] device bridge_slave_1 entered promiscuous mode [ 21.185533][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.192383][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.199522][ T292] device bridge_slave_1 entered promiscuous mode [ 21.239139][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.245978][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.253194][ T294] device bridge_slave_0 entered promiscuous mode [ 21.263096][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.269955][ T295] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.277149][ T295] device bridge_slave_0 entered promiscuous mode [ 21.283573][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.290420][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.297636][ T291] device bridge_slave_0 entered promiscuous mode [ 21.304023][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.310889][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.318198][ T294] device bridge_slave_1 entered promiscuous mode [ 21.327760][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.334586][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.341810][ T295] device bridge_slave_1 entered promiscuous mode [ 21.348103][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.354915][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.362143][ T291] device bridge_slave_1 entered promiscuous mode [ 21.549527][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.556376][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.563495][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.570274][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.584836][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.591689][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.598788][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.605562][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.623200][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.630052][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.637123][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.643939][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.664553][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.671403][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.678497][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.685275][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.712181][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.719043][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.726116][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.732933][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.757847][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.764816][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.772433][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.779825][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.786767][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.793723][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.800860][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.807964][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.814911][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.821858][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.828838][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.836815][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.844258][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.881793][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.890589][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.898613][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.905439][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.913575][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.921495][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.928337][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.935574][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.943608][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.950444][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.957632][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.965519][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.972280][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.979413][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.986485][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.993739][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.001630][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.008389][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.015554][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.023629][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.030476][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.037801][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.045464][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.053254][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.061240][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.068072][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.075185][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.083117][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.089943][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.097097][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.121681][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.129686][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.137747][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.145506][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.153438][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.160864][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.168210][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.176203][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.184179][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.191016][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.198184][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.206177][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.214191][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.221030][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.228188][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.235952][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.252651][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.260764][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.268994][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.276991][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.293812][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.301731][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.309640][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.317641][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.325293][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.333173][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.340928][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.348724][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.356380][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.364310][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.372154][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.379417][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.392451][ T291] device veth0_vlan entered promiscuous mode [ 22.404394][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.412098][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.420001][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.428295][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.436325][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.443645][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.451503][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.459211][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.466957][ T292] device veth0_vlan entered promiscuous mode [ 22.478361][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.485613][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.492833][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.501090][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.518163][ T294] device veth0_vlan entered promiscuous mode [ 22.524494][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.532460][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.540467][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.548407][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.556068][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.564194][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.572373][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.579689][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.587323][ T295] device veth0_vlan entered promiscuous mode [ 22.594513][ T292] device veth1_macvtap entered promiscuous mode [ 22.606373][ T293] device veth0_vlan entered promiscuous mode [ 22.613367][ T291] device veth1_macvtap entered promiscuous mode [ 22.625480][ T294] device veth1_macvtap entered promiscuous mode [ 22.632482][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.640808][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.648395][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.656429][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.664532][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.672160][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.680053][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.688119][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.696119][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.703542][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.716138][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.724236][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.745963][ T293] device veth1_macvtap entered promiscuous mode [ 22.754492][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.762609][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.771129][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.779337][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.787255][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.795380][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.803345][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.811360][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.827203][ T295] device veth1_macvtap entered promiscuous mode [ 22.847529][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.856998][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.870653][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.878771][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.886953][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.895140][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.895264][ T292] ------------[ cut here ]------------ [ 22.903422][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.908424][ T292] WARNING: CPU: 1 PID: 292 at fs/inode.c:332 drop_nlink+0xc1/0x110 [ 22.916507][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.923916][ T292] Modules linked in: [ 22.932090][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.935462][ T292] CPU: 1 PID: 292 Comm: syz-executor Not tainted 6.1.112-syzkaller-00012-g351af49c1d4c #0 [ 22.943668][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.953120][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 22.961299][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.970926][ T292] RIP: 0010:drop_nlink+0xc1/0x110 [ 22.970952][ T292] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 b7 e2 ef ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 df 76 a8 ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 22.979793][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.983555][ T292] RSP: 0018:ffffc90000d87a50 EFLAGS: 00010293 [ 23.016795][ T292] RAX: ffffffff81cd2d31 RBX: 0000000000000000 RCX: ffff88810f30a880 [ 23.024636][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 23.032429][ T292] RBP: ffffc90000d87a78 R08: ffffffff81cd2cb4 R09: 0000000000000003 [ 23.040256][ T292] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000 [ 23.048051][ T292] R13: 1ffff11025e2ca76 R14: ffff88812f165368 R15: ffff88812f1653b0 [ 23.055850][ T292] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 23.064649][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.071053][ T292] CR2: 00007f2ccdc68710 CR3: 000000010fea3000 CR4: 00000000003506a0 [ 23.078896][ T292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.086664][ T292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.094544][ T292] Call Trace: [ 23.097616][ T292] [ 23.100374][ T292] ? show_regs+0x58/0x60 [ 23.104453][ T292] ? __warn+0x160/0x3d0 [ 23.108494][ T292] ? drop_nlink+0xc1/0x110 [ 23.112701][ T292] ? report_bug+0x4d5/0x7d0 [ 23.117038][ T292] ? drop_nlink+0xc1/0x110 [ 23.121322][ T292] ? handle_bug+0x41/0x70 [ 23.125458][ T292] ? exc_invalid_op+0x1b/0x50 [ 23.130000][ T292] ? asm_exc_invalid_op+0x1b/0x20 [ 23.134834][ T292] ? drop_nlink+0x44/0x110 [ 23.139121][ T292] ? drop_nlink+0xc1/0x110 [ 23.143337][ T292] ? drop_nlink+0xc1/0x110 [ 23.147607][ T292] shmem_rmdir+0x59/0x90 [ 23.151671][ T292] vfs_rmdir+0x398/0x500 [ 23.155749][ T292] incfs_kill_sb+0x113/0x230 [ 23.160223][ T292] deactivate_locked_super+0xad/0x110 [ 23.165383][ T292] deactivate_super+0xbe/0xf0 [ 23.170000][ T292] cleanup_mnt+0x485/0x510 [ 23.174149][ T292] __cleanup_mnt+0x19/0x20 [ 23.178426][ T292] task_work_run+0x24d/0x2e0 [ 23.182827][ T292] ? kmem_cache_free+0x291/0x510 [ 23.187623][ T292] ? task_work_cancel+0x2e0/0x2e0 [ 23.192460][ T292] ? free_nsproxy+0x20d/0x260 [ 23.196974][ T292] ? exit_task_namespaces+0xb4/0xd0 [ 23.202042][ T292] do_exit+0xbd5/0x2b80 [ 23.206004][ T292] ? put_task_struct+0x80/0x80 [ 23.210642][ T292] ? __kasan_check_write+0x14/0x20 [ 23.215549][ T292] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.220645][ T292] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.226018][ T292] ? zap_other_threads+0x29c/0x2d0 [ 23.230997][ T292] do_group_exit+0x21a/0x2d0 [ 23.235393][ T292] __x64_sys_exit_group+0x3f/0x40 [ 23.240278][ T292] x64_sys_call+0x610/0x9a0 [ 23.244592][ T292] do_syscall_64+0x3b/0xb0 [ 23.248901][ T292] ? clear_bhb_loop+0x55/0xb0 [ 23.253358][ T292] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 23.259104][ T292] RIP: 0033:0x7f2cccf7e719 [ 23.263339][ T292] Code: Unable to access opcode bytes at 0x7f2cccf7e6ef. [ 23.270217][ T292] RSP: 002b:00007fff69611478 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 23.278451][ T292] RAX: ffffffffffffffda RBX: 00007f2cccff166e RCX: 00007f2cccf7e719 [ 23.286253][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 23.294082][ T292] RBP: 0000000000000016 R08: 00007fff6960f216 R09: 00007fff69612730 [ 23.301902][ T292] R10: 000000000000000a R11: 0000000000000246 R12: 00007fff69612730 [ 23.309710][ T292] R13: 00007f2cccff15fc R14: 0000555557b2f4a8 R15: 00007fff696148e0 [ 23.317509][ T292] [ 23.320361][ T292] ---[ end trace 0000000000000000 ]--- [ 23.325733][ T292] ================================================================== [ 23.333555][ T292] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 23.339628][ T292] Write of size 4 at addr 0000000000000170 by task syz-executor/292 [ 23.347439][ T292] [ 23.349609][ T292] CPU: 0 PID: 292 Comm: syz-executor Tainted: G W 6.1.112-syzkaller-00012-g351af49c1d4c #0 [ 23.360806][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 23.370700][ T292] Call Trace: [ 23.373825][ T292] [ 23.376604][ T292] dump_stack_lvl+0x151/0x1b7 [ 23.381115][ T292] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 23.386431][ T292] ? _printk+0xd1/0x111 [ 23.390404][ T292] print_report+0xe1/0x4e0 [ 23.394660][ T292] ? __virt_addr_valid+0x59/0x2f0 [ 23.399514][ T292] ? kasan_addr_to_slab+0xd/0x80 [ 23.404288][ T292] ? ihold+0x20/0x60 [ 23.408020][ T292] kasan_report+0x13c/0x170 [ 23.412361][ T292] ? ihold+0x20/0x60 [ 23.416093][ T292] kasan_check_range+0x294/0x2a0 [ 23.420867][ T292] __kasan_check_write+0x14/0x20 [ 23.425639][ T292] ihold+0x20/0x60 [ 23.429197][ T292] vfs_rmdir+0x268/0x500 [ 23.433282][ T292] incfs_kill_sb+0x113/0x230 [ 23.437704][ T292] deactivate_locked_super+0xad/0x110 [ 23.442910][ T292] deactivate_super+0xbe/0xf0 [ 23.447426][ T292] cleanup_mnt+0x485/0x510 [ 23.451676][ T292] __cleanup_mnt+0x19/0x20 [ 23.455928][ T292] task_work_run+0x24d/0x2e0 [ 23.460357][ T292] ? kmem_cache_free+0x291/0x510 [ 23.465133][ T292] ? task_work_cancel+0x2e0/0x2e0 [ 23.469991][ T292] ? free_nsproxy+0x20d/0x260 [ 23.474503][ T292] ? exit_task_namespaces+0xb4/0xd0 [ 23.479537][ T292] do_exit+0xbd5/0x2b80 [ 23.483530][ T292] ? put_task_struct+0x80/0x80 [ 23.488129][ T292] ? __kasan_check_write+0x14/0x20 [ 23.493097][ T292] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.498024][ T292] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.503403][ T292] ? zap_other_threads+0x29c/0x2d0 [ 23.508353][ T292] do_group_exit+0x21a/0x2d0 [ 23.512779][ T292] __x64_sys_exit_group+0x3f/0x40 [ 23.517643][ T292] x64_sys_call+0x610/0x9a0 [ 23.521978][ T292] do_syscall_64+0x3b/0xb0 [ 23.526233][ T292] ? clear_bhb_loop+0x55/0xb0 [ 23.530745][ T292] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 23.536472][ T292] RIP: 0033:0x7f2cccf7e719 [ 23.540729][ T292] Code: Unable to access opcode bytes at 0x7f2cccf7e6ef. [ 23.547583][ T292] RSP: 002b:00007fff69611478 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 23.555827][ T292] RAX: ffffffffffffffda RBX: 00007f2cccff166e RCX: 00007f2cccf7e719 [ 23.563638][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 23.571448][ T292] RBP: 0000000000000016 R08: 00007fff6960f216 R09: 00007fff69612730 [ 23.579261][ T292] R10: 000000000000000a R11: 0000000000000246 R12: 00007fff69612730 [ 23.587072][ T292] R13: 00007f2cccff15fc R14: 0000555557b2f4a8 R15: 00007fff696148e0 [ 23.594886][ T292] [ 23.597747][ T292] ================================================================== [ 23.611640][ T292] Disabling lock debugging due to kernel taint [ 23.617673][ T292] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 23.625239][ T292] #PF: supervisor write access in kernel mode [ 23.631141][ T292] #PF: error_code(0x0002) - not-present page [ 23.636964][ T292] PGD 0 P4D 0 [ 23.640165][ T292] Oops: 0002 [#1] PREEMPT SMP KASAN [ 23.645201][ T292] CPU: 0 PID: 292 Comm: syz-executor Tainted: G B W 6.1.112-syzkaller-00012-g351af49c1d4c #0 [ 23.656396][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 23.666292][ T292] RIP: 0010:ihold+0x25/0x60 [ 23.670630][ T292] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 b1 6e a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 60 da ef ff bb 01 00 00 00 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 34 72 a8 [ 23.690072][ T292] RSP: 0018:ffffc90000d87a90 EFLAGS: 00010246 [ 23.695971][ T292] RAX: ffff88810f30a800 RBX: 0000000000000001 RCX: ffff88810f30a880 [ 23.703783][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 23.711594][ T292] RBP: ffffc90000d87aa0 R08: ffffffff8144a2c3 R09: fffffbfff0f6e0fd [ 23.719405][ T292] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11025e5adc0 [ 23.727216][ T292] R13: ffff8881114d9440 R14: 0000000000000000 R15: 1ffff1102229b28e [ 23.735031][ T292] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 23.743795][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.750218][ T292] CR2: 0000000000000170 CR3: 000000010fea3000 CR4: 00000000003506b0 [ 23.758037][ T292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.765839][ T292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.773650][ T292] Call Trace: [ 23.776778][ T292] [ 23.779556][ T292] ? __die_body+0x62/0xb0 [ 23.783719][ T292] ? __die+0x7e/0x90 [ 23.787453][ T292] ? page_fault_oops+0x7f9/0xa90 [ 23.792228][ T292] ? vprintk_default+0x26/0x30 [ 23.796824][ T292] ? kernelmode_fixup_or_oops+0xd0/0xd0 [ 23.802205][ T292] ? add_taint+0x44/0xe0 [ 23.806284][ T292] ? panic+0x667/0x667 [ 23.810190][ T292] ? schedule_preempt_disabled+0x20/0x20 [ 23.815661][ T292] ? preempt_schedule_thunk+0x16/0x18 [ 23.820866][ T292] ? exc_page_fault+0x529/0x6d0 [ 23.825553][ T292] ? asm_exc_page_fault+0x27/0x30 [ 23.830414][ T292] ? add_taint+0x93/0xe0 [ 23.834490][ T292] ? ihold+0x25/0x60 [ 23.838224][ T292] vfs_rmdir+0x268/0x500 [ 23.842306][ T292] incfs_kill_sb+0x113/0x230 [ 23.846729][ T292] deactivate_locked_super+0xad/0x110 [ 23.851937][ T292] deactivate_super+0xbe/0xf0 [ 23.856450][ T292] cleanup_mnt+0x485/0x510 [ 23.860707][ T292] __cleanup_mnt+0x19/0x20 [ 23.864956][ T292] task_work_run+0x24d/0x2e0 [ 23.869380][ T292] ? kmem_cache_free+0x291/0x510 [ 23.874155][ T292] ? task_work_cancel+0x2e0/0x2e0 [ 23.879015][ T292] ? free_nsproxy+0x20d/0x260 [ 23.883529][ T292] ? exit_task_namespaces+0xb4/0xd0 [ 23.888567][ T292] do_exit+0xbd5/0x2b80 [ 23.892557][ T292] ? put_task_struct+0x80/0x80 [ 23.897163][ T292] ? __kasan_check_write+0x14/0x20 [ 23.902101][ T292] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.907051][ T292] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.912430][ T292] ? zap_other_threads+0x29c/0x2d0 [ 23.917381][ T292] do_group_exit+0x21a/0x2d0 [ 23.921803][ T292] __x64_sys_exit_group+0x3f/0x40 [ 23.926664][ T292] x64_sys_call+0x610/0x9a0 [ 23.931005][ T292] do_syscall_64+0x3b/0xb0 [ 23.935259][ T292] ? clear_bhb_loop+0x55/0xb0 [ 23.939770][ T292] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 23.945504][ T292] RIP: 0033:0x7f2cccf7e719 [ 23.949749][ T292] Code: Unable to access opcode bytes at 0x7f2cccf7e6ef. [ 23.956605][ T292] RSP: 002b:00007fff69611478 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 23.964852][ T292] RAX: ffffffffffffffda RBX: 00007f2cccff166e RCX: 00007f2cccf7e719 [ 23.972662][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 23.980476][ T292] RBP: 0000000000000016 R08: 00007fff6960f216 R09: 00007fff69612730 [ 23.988285][ T292] R10: 000000000000000a R11: 0000000000000246 R12: 00007fff69612730 [ 23.996096][ T292] R13: 00007f2cccff15fc R14: 0000555557b2f4a8 R15: 00007fff696148e0 [ 24.003910][ T292] [ 24.006772][ T292] Modules linked in: [ 24.010519][ T292] CR2: 0000000000000170 [ 24.014499][ T292] ---[ end trace 0000000000000000 ]--- [ 24.019790][ T292] RIP: 0010:ihold+0x25/0x60 [ 24.024131][ T292] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 b1 6e a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 60 da ef ff bb 01 00 00 00 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 34 72 a8 [ 24.043574][ T292] RSP: 0018:ffffc90000d87a90 EFLAGS: 00010246 [ 24.049472][ T292] RAX: ffff88810f30a800 RBX: 0000000000000001 RCX: ffff88810f30a880 [ 24.057284][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 24.065095][ T292] RBP: ffffc90000d87aa0 R08: ffffffff8144a2c3 R09: fffffbfff0f6e0fd [ 24.072908][ T292] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11025e5adc0 [ 24.080717][ T292] R13: ffff8881114d9440 R14: 0000000000000000 R15: 1ffff1102229b28e [ 24.088529][ T292] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 24.097402][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.103820][ T292] CR2: 0000000000000170 CR3: 000000010fea3000 CR4: 00000000003506b0 [ 24.111633][ T292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.119442][ T292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.127255][ T292] Kernel panic - not syncing: Fatal exception [ 24.133373][ T292] Kernel Offset: disabled [ 24.137491][ T292] Rebooting in 86400 seconds..