last executing test programs: 36.97668ms ago: executing program 4 (id=5): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) rename(&(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000000c0)='./file0\x00') 0s ago: executing program 4 (id=6): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, 0x0, &(0x7f00000002c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000080)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000d40)={0x0, 0xe0, &(0x7f0000000d00)={&(0x7f0000000600)=ANY=[@ANYBLOB="2c020000", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000024000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d7843e40108804400208024000100000000000100000000000000fdffff01000000000000000000000000000000001400040003000000ac1414bb00000000000000000600050000000000000100802400020073e591ec06154031d3954ac0e16752e72640f08b5281a8461d17d26d12f2bbb6060005000021000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39228c00098028000080060001000a0000001400020020010000000000000000000000000001050003000000000088000080060001000a0000001400020020010000000000000000000000000002050003000000001003800080060001008c0e000008000200ac1414aa05000300000000001c000080060001000200000008000200ac1414bb0500030000000000200004000e00000000000000fe800000000000000000000000000000000000009c0000802400020073961633df6dc9cb418b15afd0bae7b90f1e6cfed8bb423cf9285c474163154908000a00010000002400010000000000000000000000000000000000000000000000000000000000000000004800098028000080060001000a00000014000200fe8000000000000000000000000000bb05000300000000001c000080060001000200000008000200000000000500030000000000080005000100000008000100", @ANYRES32=r4], 0x22c}}, 0x0) kernel console output (not intermixed with test programs): [ 15.148370][ T28] audit: type=1400 audit(1731996011.791:61): avc: denied { transition } for pid=227 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.155355][ T28] audit: type=1400 audit(1731996011.791:62): avc: denied { noatsecure } for pid=227 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.161358][ T28] audit: type=1400 audit(1731996011.801:63): avc: denied { write } for pid=227 comm="sh" path="pipe:[14618]" dev="pipefs" ino=14618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 15.167816][ T28] audit: type=1400 audit(1731996011.801:64): avc: denied { rlimitinh } for pid=227 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.184855][ T28] audit: type=1400 audit(1731996011.801:65): avc: denied { siginh } for pid=227 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.118' (ED25519) to the list of known hosts. [ 22.248711][ T28] audit: type=1400 audit(1731996018.891:66): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.250025][ T281] cgroup: Unknown subsys name 'net' [ 22.271195][ T28] audit: type=1400 audit(1731996018.891:67): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.298117][ T28] audit: type=1400 audit(1731996018.921:68): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.298285][ T281] cgroup: Unknown subsys name 'devices' [ 22.441758][ T281] cgroup: Unknown subsys name 'hugetlb' [ 22.447208][ T281] cgroup: Unknown subsys name 'rlimit' [ 22.547754][ T28] audit: type=1400 audit(1731996019.191:69): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.570738][ T28] audit: type=1400 audit(1731996019.191:70): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.595631][ T28] audit: type=1400 audit(1731996019.191:71): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.603641][ T284] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 22.627420][ T28] audit: type=1400 audit(1731996019.271:72): avc: denied { relabelto } for pid=284 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.652676][ T28] audit: type=1400 audit(1731996019.271:73): avc: denied { write } for pid=284 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.662809][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.678768][ T28] audit: type=1400 audit(1731996019.301:74): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.711936][ T28] audit: type=1400 audit(1731996019.301:75): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.461869][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.468730][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.476222][ T291] device bridge_slave_0 entered promiscuous mode [ 23.498713][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.505602][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.512980][ T291] device bridge_slave_1 entered promiscuous mode [ 23.575510][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.582420][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.589772][ T294] device bridge_slave_0 entered promiscuous mode [ 23.601638][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.608477][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.615905][ T292] device bridge_slave_0 entered promiscuous mode [ 23.624091][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.630999][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.638143][ T294] device bridge_slave_1 entered promiscuous mode [ 23.652074][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.659210][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.666541][ T292] device bridge_slave_1 entered promiscuous mode [ 23.693412][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.700290][ T295] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.707451][ T295] device bridge_slave_0 entered promiscuous mode [ 23.728170][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.735079][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.742323][ T295] device bridge_slave_1 entered promiscuous mode [ 23.770527][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.777384][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.784792][ T293] device bridge_slave_0 entered promiscuous mode [ 23.799054][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.806105][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.813527][ T293] device bridge_slave_1 entered promiscuous mode [ 23.988084][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.995074][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.002182][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.008933][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.028879][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.035748][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.042882][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.049739][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.067455][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.074326][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.081443][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.088196][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.117365][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.124247][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.131390][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.138227][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.148178][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.155053][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.162149][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.168914][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.186310][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.193474][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.200733][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.207706][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.214894][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.221911][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.228870][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.236209][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.243291][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.250625][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.258127][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.265576][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.302989][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.310540][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.318537][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.325405][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.333558][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.341769][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.348693][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.368489][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.376521][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.383391][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.391341][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.398610][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.406909][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.413772][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.432016][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.439732][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.447876][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.456004][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.462848][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.470276][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.478231][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.485199][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.494617][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.502821][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.510807][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.517630][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.540337][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.548609][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.556918][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.563796][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.571385][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.579704][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.587673][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.594528][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.601816][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.609763][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.617492][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.625497][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.633324][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.641264][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.648968][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.656900][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.664708][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.672654][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.695208][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.703494][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.711742][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.718581][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.726137][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.734615][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.742460][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.750300][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.758003][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.765967][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.773824][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.781938][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.800598][ T292] device veth0_vlan entered promiscuous mode [ 24.810053][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.818262][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.826622][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.834780][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.842972][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.851138][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.858885][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.866376][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.885717][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.894289][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.902557][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.911079][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.924186][ T292] device veth1_macvtap entered promiscuous mode [ 24.936820][ T294] device veth0_vlan entered promiscuous mode [ 24.943751][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.951856][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.959631][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.973092][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.980545][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.990152][ T291] device veth0_vlan entered promiscuous mode [ 25.004771][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.013344][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.021379][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.029226][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.037752][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.046059][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.054443][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.062836][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.071150][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.078467][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.091685][ T295] device veth0_vlan entered promiscuous mode [ 25.099717][ T294] device veth1_macvtap entered promiscuous mode [ 25.106614][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.114979][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.122537][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.130494][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.138483][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.151961][ T293] device veth0_vlan entered promiscuous mode [ 25.161481][ T291] device veth1_macvtap entered promiscuous mode [ 25.169625][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.177374][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.185644][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.193814][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.202104][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.210011][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.217420][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.241234][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.249356][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.257575][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.265830][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.283603][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.292983][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.304480][ T317] overlayfs: missing 'lowerdir' [ 25.307884][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.323526][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.332780][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.340946][ T292] ------------[ cut here ]------------ [ 25.346226][ T292] WARNING: CPU: 1 PID: 292 at fs/inode.c:332 drop_nlink+0xc1/0x110 [ 25.354081][ T292] Modules linked in: [ 25.357787][ T292] CPU: 1 PID: 292 Comm: syz-executor Not tainted 6.1.112-syzkaller-00019-g6cf2e7d96862 #0 [ 25.367626][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 25.377528][ T292] RIP: 0010:drop_nlink+0xc1/0x110 [ 25.382456][ T292] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 b7 e2 ef ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 ef 74 a8 ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 25.401855][ T292] RSP: 0018:ffffc9000b12fa50 EFLAGS: 00010293 [ 25.407706][ T292] RAX: ffffffff81cd2f21 RBX: 0000000000000000 RCX: ffff88810d87d100 [ 25.415559][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 25.423349][ T292] RBP: ffffc9000b12fa78 R08: ffffffff81cd2ea4 R09: 0000000000000003 [ 25.431167][ T292] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000 [ 25.438954][ T292] R13: 1ffff11025ce4730 R14: ffff88812e723938 R15: ffff88812e723980 [ 25.446813][ T292] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 25.455686][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.462100][ T292] CR2: 00007f4b56a68710 CR3: 000000010f884000 CR4: 00000000003506a0 [ 25.469907][ T292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.477776][ T292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.485632][ T292] Call Trace: [ 25.488725][ T292] [ 25.491528][ T292] ? show_regs+0x58/0x60 [ 25.495570][ T292] ? __warn+0x160/0x3d0 [ 25.499593][ T292] ? drop_nlink+0xc1/0x110 [ 25.503818][ T292] ? report_bug+0x4d5/0x7d0 [ 25.508154][ T292] ? drop_nlink+0xc1/0x110 [ 25.512456][ T292] ? handle_bug+0x41/0x70 [ 25.516575][ T292] ? exc_invalid_op+0x1b/0x50 [ 25.521115][ T292] ? asm_exc_invalid_op+0x1b/0x20 [ 25.525951][ T292] ? drop_nlink+0x44/0x110 [ 25.530274][ T292] ? drop_nlink+0xc1/0x110 [ 25.534457][ T292] ? drop_nlink+0xc1/0x110 [ 25.538705][ T292] shmem_rmdir+0x59/0x90 [ 25.542823][ T292] vfs_rmdir+0x398/0x500 [ 25.546866][ T292] incfs_kill_sb+0x113/0x230 [ 25.551336][ T292] deactivate_locked_super+0xad/0x110 [ 25.556508][ T292] deactivate_super+0xbe/0xf0 [ 25.561037][ T292] cleanup_mnt+0x485/0x510 [ 25.565266][ T292] __cleanup_mnt+0x19/0x20 [ 25.569555][ T292] task_work_run+0x24d/0x2e0 [ 25.573944][ T292] ? kmem_cache_free+0x291/0x560 [ 25.578719][ T292] ? task_work_cancel+0x2e0/0x2e0 [ 25.583615][ T292] ? free_nsproxy+0x20d/0x260 [ 25.588095][ T292] ? exit_task_namespaces+0xb4/0xd0 [ 25.593157][ T292] do_exit+0xbd5/0x2b80 [ 25.597122][ T292] ? put_task_struct+0x80/0x80 [ 25.601743][ T292] ? __kasan_check_write+0x14/0x20 [ 25.606665][ T292] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 25.611661][ T292] ? _raw_spin_lock_irqsave+0x210/0x210 [ 25.616994][ T292] ? zap_other_threads+0x29c/0x2d0 [ 25.621977][ T292] do_group_exit+0x21a/0x2d0 [ 25.626372][ T292] __x64_sys_exit_group+0x3f/0x40 [ 25.631266][ T292] x64_sys_call+0x610/0x9a0 [ 25.635569][ T292] do_syscall_64+0x3b/0xb0 [ 25.639860][ T292] ? clear_bhb_loop+0x55/0xb0 [ 25.644334][ T292] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 25.650098][ T292] RIP: 0033:0x7f4b55d7e759 [ 25.654313][ T292] Code: Unable to access opcode bytes at 0x7f4b55d7e72f. [ 25.661194][ T292] RSP: 002b:00007ffd33203168 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 25.669439][ T292] RAX: ffffffffffffffda RBX: 00007f4b55df166e RCX: 00007f4b55d7e759 [ 25.677226][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 25.685081][ T292] RBP: 0000000000000016 R08: 00007ffd33200f06 R09: 00007ffd33204420 [ 25.692884][ T292] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffd33204420 [ 25.700707][ T292] R13: 00007f4b55df15fc R14: 000055558597b4a8 R15: 00007ffd332065d0 [ 25.708475][ T292] [ 25.711375][ T292] ---[ end trace 0000000000000000 ]--- [ 25.716743][ T292] ================================================================== [ 25.724537][ T292] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 25.725454][ T295] device veth1_macvtap entered promiscuous mode [ 25.730604][ T292] Write of size 4 at addr 0000000000000170 by task syz-executor/292 [ 25.730621][ T292] [ 25.730628][ T292] CPU: 0 PID: 292 Comm: syz-executor Tainted: G W 6.1.112-syzkaller-00019-g6cf2e7d96862 #0 [ 25.758044][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 25.767927][ T292] Call Trace: [ 25.771051][ T292] [ 25.773828][ T292] dump_stack_lvl+0x151/0x1b7 [ 25.778340][ T292] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 25.783642][ T292] ? _printk+0xd1/0x111 [ 25.787638][ T292] print_report+0xe1/0x4e0 [ 25.791887][ T292] ? __virt_addr_valid+0x59/0x2f0 [ 25.796752][ T292] ? kasan_addr_to_slab+0xd/0x80 [ 25.801520][ T292] ? ihold+0x20/0x60 [ 25.805319][ T292] kasan_report+0x13c/0x170 [ 25.809690][ T292] ? ihold+0x20/0x60 [ 25.813412][ T292] kasan_check_range+0x294/0x2a0 [ 25.818194][ T292] __kasan_check_write+0x14/0x20 [ 25.822954][ T292] ihold+0x20/0x60 [ 25.826511][ T292] vfs_rmdir+0x268/0x500 [ 25.830596][ T292] incfs_kill_sb+0x113/0x230 [ 25.835016][ T292] deactivate_locked_super+0xad/0x110 [ 25.840224][ T292] deactivate_super+0xbe/0xf0 [ 25.844748][ T292] cleanup_mnt+0x485/0x510 [ 25.848992][ T292] __cleanup_mnt+0x19/0x20 [ 25.853274][ T292] task_work_run+0x24d/0x2e0 [ 25.857667][ T292] ? kmem_cache_free+0x291/0x560 [ 25.862447][ T292] ? task_work_cancel+0x2e0/0x2e0 [ 25.867306][ T292] ? free_nsproxy+0x20d/0x260 [ 25.871819][ T292] ? exit_task_namespaces+0xb4/0xd0 [ 25.876951][ T292] do_exit+0xbd5/0x2b80 [ 25.880935][ T292] ? put_task_struct+0x80/0x80 [ 25.885533][ T292] ? __kasan_check_write+0x14/0x20 [ 25.890477][ T292] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 25.895423][ T292] ? _raw_spin_lock_irqsave+0x210/0x210 [ 25.900808][ T292] ? zap_other_threads+0x29c/0x2d0 [ 25.905758][ T292] do_group_exit+0x21a/0x2d0 [ 25.910189][ T292] __x64_sys_exit_group+0x3f/0x40 [ 25.915042][ T292] x64_sys_call+0x610/0x9a0 [ 25.919379][ T292] do_syscall_64+0x3b/0xb0 [ 25.923718][ T292] ? clear_bhb_loop+0x55/0xb0 [ 25.928231][ T292] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 25.934046][ T292] RIP: 0033:0x7f4b55d7e759 [ 25.938298][ T292] Code: Unable to access opcode bytes at 0x7f4b55d7e72f. [ 25.945159][ T292] RSP: 002b:00007ffd33203168 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 25.953402][ T292] RAX: ffffffffffffffda RBX: 00007f4b55df166e RCX: 00007f4b55d7e759 [ 25.961214][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 25.969028][ T292] RBP: 0000000000000016 R08: 00007ffd33200f06 R09: 00007ffd33204420 [ 25.976842][ T292] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffd33204420 [ 25.984647][ T292] R13: 00007f4b55df15fc R14: 000055558597b4a8 R15: 00007ffd332065d0 [ 25.992465][ T292] [ 25.995324][ T292] ================================================================== [ 26.004475][ T292] Disabling lock debugging due to kernel taint [ 26.010842][ T292] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 26.018474][ T292] #PF: supervisor write access in kernel mode [ 26.024546][ T292] #PF: error_code(0x0002) - not-present page [ 26.030663][ T292] PGD 0 P4D 0 [ 26.033854][ T292] Oops: 0002 [#1] PREEMPT SMP KASAN [ 26.038885][ T292] CPU: 1 PID: 292 Comm: syz-executor Tainted: G B W 6.1.112-syzkaller-00019-g6cf2e7d96862 #0 [ 26.050085][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 26.059980][ T292] RIP: 0010:ihold+0x25/0x60 [ 26.064316][ T292] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 c1 6c a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 60 da ef ff bb 01 00 00 00 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 44 70 a8 [ 26.084112][ T292] RSP: 0018:ffffc9000b12fa90 EFLAGS: 00010246 [ 26.090006][ T292] RAX: ffff88810d87d100 RBX: 0000000000000001 RCX: ffff88810d87d100 [ 26.097823][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 26.105628][ T292] RBP: ffffc9000b12faa0 R08: ffffffff8144a2c3 R09: fffffbfff0f6e0fd [ 26.113442][ T292] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11025ce4455 [ 26.121249][ T292] R13: ffff8881110cf660 R14: 0000000000000000 R15: 1ffff11022219ed2 [ 26.129061][ T292] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 26.137827][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.144249][ T292] CR2: 0000000000000170 CR3: 000000011fb3a000 CR4: 00000000003506a0 [ 26.152063][ T292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.159959][ T292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.167770][ T292] Call Trace: [ 26.170899][ T292] [ 26.173675][ T292] ? __die_body+0x62/0xb0 [ 26.177840][ T292] ? __die+0x7e/0x90 [ 26.181572][ T292] ? page_fault_oops+0x7f9/0xa90 [ 26.186346][ T292] ? vprintk_default+0x26/0x30 [ 26.190947][ T292] ? kernelmode_fixup_or_oops+0xd0/0xd0 [ 26.196336][ T292] ? add_taint+0x44/0xe0 [ 26.200410][ T292] ? panic+0x667/0x667 [ 26.204319][ T292] ? preempt_schedule_thunk+0x16/0x18 [ 26.209541][ T292] ? exc_page_fault+0x529/0x6d0 [ 26.214207][ T292] ? asm_exc_page_fault+0x27/0x30 [ 26.219066][ T292] ? add_taint+0x93/0xe0 [ 26.223147][ T292] ? ihold+0x25/0x60 [ 26.226884][ T292] vfs_rmdir+0x268/0x500 [ 26.230982][ T292] incfs_kill_sb+0x113/0x230 [ 26.235384][ T292] deactivate_locked_super+0xad/0x110 [ 26.240588][ T292] deactivate_super+0xbe/0xf0 [ 26.245111][ T292] cleanup_mnt+0x485/0x510 [ 26.249356][ T292] __cleanup_mnt+0x19/0x20 [ 26.253614][ T292] task_work_run+0x24d/0x2e0 [ 26.258033][ T292] ? kmem_cache_free+0x291/0x560 [ 26.262811][ T292] ? task_work_cancel+0x2e0/0x2e0 [ 26.267666][ T292] ? free_nsproxy+0x20d/0x260 [ 26.272189][ T292] ? exit_task_namespaces+0xb4/0xd0 [ 26.277220][ T292] do_exit+0xbd5/0x2b80 [ 26.281220][ T292] ? put_task_struct+0x80/0x80 [ 26.285808][ T292] ? __kasan_check_write+0x14/0x20 [ 26.290842][ T292] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 26.295787][ T292] ? _raw_spin_lock_irqsave+0x210/0x210 [ 26.301170][ T292] ? zap_other_threads+0x29c/0x2d0 [ 26.306125][ T292] do_group_exit+0x21a/0x2d0 [ 26.310548][ T292] __x64_sys_exit_group+0x3f/0x40 [ 26.315418][ T292] x64_sys_call+0x610/0x9a0 [ 26.319782][ T292] do_syscall_64+0x3b/0xb0 [ 26.323996][ T292] ? clear_bhb_loop+0x55/0xb0 [ 26.328513][ T292] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 26.334238][ T292] RIP: 0033:0x7f4b55d7e759 [ 26.338493][ T292] Code: Unable to access opcode bytes at 0x7f4b55d7e72f. [ 26.345349][ T292] RSP: 002b:00007ffd33203168 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 26.353598][ T292] RAX: ffffffffffffffda RBX: 00007f4b55df166e RCX: 00007f4b55d7e759 [ 26.361407][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 26.369216][ T292] RBP: 0000000000000016 R08: 00007ffd33200f06 R09: 00007ffd33204420 [ 26.377030][ T292] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffd33204420 [ 26.384837][ T292] R13: 00007f4b55df15fc R14: 000055558597b4a8 R15: 00007ffd332065d0 [ 26.392655][ T292] [ 26.395517][ T292] Modules linked in: [ 26.399256][ T292] CR2: 0000000000000170 [ 26.403241][ T292] ---[ end trace 0000000000000000 ]--- [ 26.408532][ T292] RIP: 0010:ihold+0x25/0x60 [ 26.412875][ T292] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 c1 6c a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 60 da ef ff bb 01 00 00 00 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 44 70 a8 [ 26.432317][ T292] RSP: 0018:ffffc9000b12fa90 EFLAGS: 00010246 [ 26.438303][ T292] RAX: ffff88810d87d100 RBX: 0000000000000001 RCX: ffff88810d87d100 [ 26.446112][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 26.453925][ T292] RBP: ffffc9000b12faa0 R08: ffffffff8144a2c3 R09: fffffbfff0f6e0fd [ 26.461734][ T292] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11025ce4455 [ 26.469547][ T292] R13: ffff8881110cf660 R14: 0000000000000000 R15: 1ffff11022219ed2 [ 26.477445][ T292] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 26.486222][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.492645][ T292] CR2: 0000000000000170 CR3: 000000011fb3a000 CR4: 00000000003506a0 [ 26.500449][ T292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.508255][ T292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.516072][ T292] Kernel panic - not syncing: Fatal exception [ 26.522302][ T292] Kernel Offset: disabled [ 26.526427][ T292] Rebooting in 86400 seconds..