last executing test programs: 48.50445ms ago: executing program 0 (id=1): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) rt_sigpending(0x0, 0x0) 10.8638ms ago: executing program 0 (id=6): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') r1 = open(0x0, 0x0, 0x0) mkdirat(r1, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) rename(&(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000000c0)='./file0\x00') 0s ago: executing program 0 (id=7): listen(0xffffffffffffffff, 0x5644) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'veth1_vlan\x00', 0x0}) unshare(0x62040200) r2 = gettid() sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r1, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r2], 0x28}}, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(r3, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x4c000) setreuid(0x0, 0xee00) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@gettaction={0x20, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x20}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.33' (ED25519) to the list of known hosts. [ 23.974918][ T28] audit: type=1400 audit(1731984454.953:66): avc: denied { mounton } for pid=283 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 23.976196][ T283] cgroup: Unknown subsys name 'net' [ 23.997420][ T28] audit: type=1400 audit(1731984454.953:67): avc: denied { mount } for pid=283 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.024286][ T28] audit: type=1400 audit(1731984454.993:68): avc: denied { unmount } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.024481][ T283] cgroup: Unknown subsys name 'devices' [ 24.141384][ T283] cgroup: Unknown subsys name 'hugetlb' [ 24.146808][ T283] cgroup: Unknown subsys name 'rlimit' [ 24.247720][ T28] audit: type=1400 audit(1731984455.223:69): avc: denied { setattr } for pid=283 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 24.270778][ T28] audit: type=1400 audit(1731984455.223:70): avc: denied { mounton } for pid=283 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 24.293028][ T286] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 24.295843][ T28] audit: type=1400 audit(1731984455.223:71): avc: denied { mount } for pid=283 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 24.324334][ T283] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.326694][ T28] audit: type=1400 audit(1731984455.293:72): avc: denied { relabelto } for pid=286 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.360474][ T28] audit: type=1400 audit(1731984455.293:73): avc: denied { write } for pid=286 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.385964][ T28] audit: type=1400 audit(1731984455.303:74): avc: denied { read } for pid=283 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.411422][ T28] audit: type=1400 audit(1731984455.303:75): avc: denied { open } for pid=283 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.119189][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.126110][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.133512][ T293] device bridge_slave_0 entered promiscuous mode [ 25.140170][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.147014][ T295] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.154481][ T295] device bridge_slave_0 entered promiscuous mode [ 25.161299][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.168140][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.175579][ T295] device bridge_slave_1 entered promiscuous mode [ 25.189633][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.196478][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.203798][ T293] device bridge_slave_1 entered promiscuous mode [ 25.308881][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.315848][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.323201][ T296] device bridge_slave_0 entered promiscuous mode [ 25.340638][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.347486][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.354829][ T296] device bridge_slave_1 entered promiscuous mode [ 25.375266][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.382166][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.389431][ T294] device bridge_slave_0 entered promiscuous mode [ 25.410545][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.417386][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.424745][ T294] device bridge_slave_1 entered promiscuous mode [ 25.431099][ T297] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.437925][ T297] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.445274][ T297] device bridge_slave_0 entered promiscuous mode [ 25.453417][ T297] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.460388][ T297] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.467567][ T297] device bridge_slave_1 entered promiscuous mode [ 25.578124][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.585004][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.592146][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.599047][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.614165][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.621027][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.628101][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.634921][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.721007][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.727864][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.734986][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.741769][ T296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.761299][ T297] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.768171][ T297] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.775346][ T297] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.782201][ T297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.804836][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.811714][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.818922][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.825801][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.834041][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.841331][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.848342][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.856123][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.863849][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.871078][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.878019][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.884996][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.892111][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.899180][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.907197][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.914644][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.942599][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.950308][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.957531][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.965346][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.973624][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.980504][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.987976][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.996145][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.003010][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.010270][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.018220][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.025096][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.032486][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.040683][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.047513][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.059820][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.067851][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.074719][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.081948][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.090057][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.096887][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.122267][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 26.130458][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.138228][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 26.146516][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.154668][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 26.162838][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.170909][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 26.178730][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.186613][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.194779][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.205868][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.214099][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.235946][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 26.243884][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.251765][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 26.260155][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.270770][ T293] device veth0_vlan entered promiscuous mode [ 26.277141][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.285059][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.293869][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.301294][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.313562][ T295] device veth0_vlan entered promiscuous mode [ 26.325203][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 26.332654][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.340100][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.347781][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.355945][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.363337][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.371421][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 26.379729][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.387696][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.394561][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.409129][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.417259][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.425380][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.433596][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.446017][ T295] device veth1_macvtap entered promiscuous mode [ 26.456598][ T293] device veth1_macvtap entered promiscuous mode [ 26.465990][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.473722][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.481316][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 26.489672][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.497647][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.504498][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.519928][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.528158][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.536736][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.544931][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.553790][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.562018][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.570187][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.577855][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.591397][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.598924][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.606244][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.614382][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.622656][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 26.630789][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.640369][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.648494][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.657219][ T296] device veth0_vlan entered promiscuous mode [ 26.673656][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.682549][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 26.690535][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.705189][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 26.715302][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.726487][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.733375][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.743409][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 26.752108][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.760284][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.767125][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.777604][ T295] ------------[ cut here ]------------ [ 26.779346][ T296] device veth1_macvtap entered promiscuous mode [ 26.783038][ T295] WARNING: CPU: 0 PID: 295 at fs/inode.c:332 drop_nlink+0xc1/0x110 [ 26.797012][ T295] Modules linked in: [ 26.800834][ T295] CPU: 0 PID: 295 Comm: syz-executor Not tainted 6.1.112-syzkaller-00019-g6cf2e7d96862 #0 [ 26.810509][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 26.820389][ T295] RIP: 0010:drop_nlink+0xc1/0x110 [ 26.825199][ T295] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 b7 e2 ef ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 ef 74 a8 ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 26.844716][ T295] RSP: 0018:ffffc90001117a50 EFLAGS: 00010293 [ 26.850650][ T295] RAX: ffffffff81cd2f21 RBX: 0000000000000000 RCX: ffff8881100a5100 [ 26.858351][ T295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 26.866220][ T295] RBP: ffffc90001117a78 R08: ffffffff81cd2ea4 R09: 0000000000000003 [ 26.873996][ T295] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000 [ 26.881829][ T295] R13: 1ffff11025cb9d4c R14: ffff88812e5cea18 R15: ffff88812e5cea60 [ 26.889614][ T295] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 26.898392][ T295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.904842][ T295] CR2: 00007f4b47a68710 CR3: 000000012c752000 CR4: 00000000003506b0 [ 26.912632][ T295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.920429][ T295] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.928227][ T295] Call Trace: [ 26.931429][ T295] [ 26.934210][ T295] ? show_regs+0x58/0x60 [ 26.938286][ T295] ? __warn+0x160/0x3d0 [ 26.942316][ T295] ? drop_nlink+0xc1/0x110 [ 26.946535][ T295] ? report_bug+0x4d5/0x7d0 [ 26.950907][ T295] ? drop_nlink+0xc1/0x110 [ 26.955131][ T295] ? handle_bug+0x41/0x70 [ 26.959338][ T295] ? exc_invalid_op+0x1b/0x50 [ 26.963805][ T295] ? asm_exc_invalid_op+0x1b/0x20 [ 26.968664][ T295] ? drop_nlink+0x44/0x110 [ 26.972946][ T295] ? drop_nlink+0xc1/0x110 [ 26.977175][ T295] ? drop_nlink+0xc1/0x110 [ 26.981450][ T295] shmem_rmdir+0x59/0x90 [ 26.985512][ T295] vfs_rmdir+0x398/0x500 [ 26.989614][ T295] incfs_kill_sb+0x113/0x230 [ 26.994013][ T295] deactivate_locked_super+0xad/0x110 [ 26.999269][ T295] deactivate_super+0xbe/0xf0 [ 27.003729][ T295] cleanup_mnt+0x485/0x510 [ 27.007984][ T295] __cleanup_mnt+0x19/0x20 [ 27.012313][ T295] task_work_run+0x24d/0x2e0 [ 27.016663][ T295] ? kmem_cache_free+0x291/0x560 [ 27.021483][ T295] ? task_work_cancel+0x2e0/0x2e0 [ 27.026298][ T295] ? free_nsproxy+0x20d/0x260 [ 27.030840][ T295] ? exit_task_namespaces+0xb4/0xd0 [ 27.035875][ T295] do_exit+0xbd5/0x2b80 [ 27.039871][ T295] ? put_task_struct+0x80/0x80 [ 27.044451][ T295] ? __kasan_check_write+0x14/0x20 [ 27.049412][ T295] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 27.054439][ T295] ? _raw_spin_lock_irqsave+0x210/0x210 [ 27.059837][ T295] ? zap_other_threads+0x29c/0x2d0 [ 27.064754][ T295] do_group_exit+0x21a/0x2d0 [ 27.069179][ T295] __x64_sys_exit_group+0x3f/0x40 [ 27.074033][ T295] x64_sys_call+0x610/0x9a0 [ 27.078387][ T295] do_syscall_64+0x3b/0xb0 [ 27.082680][ T295] ? clear_bhb_loop+0x55/0xb0 [ 27.087316][ T295] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 27.093110][ T295] RIP: 0033:0x7f4b46d7e759 [ 27.097294][ T295] Code: Unable to access opcode bytes at 0x7f4b46d7e72f. [ 27.104182][ T295] RSP: 002b:00007ffc5a92edb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 27.112425][ T295] RAX: ffffffffffffffda RBX: 00007f4b46df166e RCX: 00007f4b46d7e759 [ 27.120236][ T295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 27.128017][ T295] RBP: 0000000000000016 R08: 00007ffc5a92cb56 R09: 00007ffc5a930070 [ 27.135858][ T295] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffc5a930070 [ 27.143659][ T295] R13: 00007f4b46df15fc R14: 000055558ef524a8 R15: 00007ffc5a932220 [ 27.151563][ T295] [ 27.154419][ T295] ---[ end trace 0000000000000000 ]--- [ 27.161458][ T295] ================================================================== [ 27.169340][ T295] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 27.175416][ T295] Write of size 4 at addr 0000000000000170 by task syz-executor/295 [ 27.183225][ T295] [ 27.185396][ T295] CPU: 0 PID: 295 Comm: syz-executor Tainted: G W 6.1.112-syzkaller-00019-g6cf2e7d96862 #0 [ 27.186678][ T294] device veth0_vlan entered promiscuous mode [ 27.196588][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 27.196604][ T295] Call Trace: [ 27.196611][ T295] [ 27.196620][ T295] dump_stack_lvl+0x151/0x1b7 [ 27.211955][ T294] device veth1_macvtap entered promiscuous mode [ 27.212302][ T295] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 27.234087][ T295] ? _printk+0xd1/0x111 [ 27.238076][ T295] print_report+0xe1/0x4e0 [ 27.242327][ T295] ? __virt_addr_valid+0x59/0x2f0 [ 27.247189][ T295] ? kasan_addr_to_slab+0xd/0x80 [ 27.251971][ T295] ? ihold+0x20/0x60 [ 27.255694][ T295] kasan_report+0x13c/0x170 [ 27.260032][ T295] ? ihold+0x20/0x60 [ 27.263768][ T295] kasan_check_range+0x294/0x2a0 [ 27.268537][ T295] __kasan_check_write+0x14/0x20 [ 27.273310][ T295] ihold+0x20/0x60 [ 27.276869][ T295] vfs_rmdir+0x268/0x500 [ 27.280949][ T295] incfs_kill_sb+0x113/0x230 [ 27.285376][ T295] deactivate_locked_super+0xad/0x110 [ 27.290583][ T295] deactivate_super+0xbe/0xf0 [ 27.295101][ T295] cleanup_mnt+0x485/0x510 [ 27.299354][ T295] __cleanup_mnt+0x19/0x20 [ 27.303604][ T295] task_work_run+0x24d/0x2e0 [ 27.308031][ T295] ? kmem_cache_free+0x291/0x560 [ 27.312812][ T295] ? task_work_cancel+0x2e0/0x2e0 [ 27.317839][ T295] ? free_nsproxy+0x20d/0x260 [ 27.322349][ T295] ? exit_task_namespaces+0xb4/0xd0 [ 27.327415][ T295] do_exit+0xbd5/0x2b80 [ 27.331465][ T295] ? put_task_struct+0x80/0x80 [ 27.336064][ T295] ? __kasan_check_write+0x14/0x20 [ 27.341130][ T295] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 27.346172][ T295] ? _raw_spin_lock_irqsave+0x210/0x210 [ 27.351545][ T295] ? zap_other_threads+0x29c/0x2d0 [ 27.356492][ T295] do_group_exit+0x21a/0x2d0 [ 27.360922][ T295] __x64_sys_exit_group+0x3f/0x40 [ 27.365778][ T295] x64_sys_call+0x610/0x9a0 [ 27.370119][ T295] do_syscall_64+0x3b/0xb0 [ 27.374393][ T295] ? clear_bhb_loop+0x55/0xb0 [ 27.378888][ T295] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 27.384631][ T295] RIP: 0033:0x7f4b46d7e759 [ 27.388883][ T295] Code: Unable to access opcode bytes at 0x7f4b46d7e72f. [ 27.395723][ T295] RSP: 002b:00007ffc5a92edb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 27.403968][ T295] RAX: ffffffffffffffda RBX: 00007f4b46df166e RCX: 00007f4b46d7e759 [ 27.411864][ T295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 27.419691][ T295] RBP: 0000000000000016 R08: 00007ffc5a92cb56 R09: 00007ffc5a930070 [ 27.427487][ T295] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffc5a930070 [ 27.435305][ T295] R13: 00007f4b46df15fc R14: 000055558ef524a8 R15: 00007ffc5a932220 [ 27.443115][ T295] [ 27.445978][ T295] ================================================================== [ 27.455600][ T295] Disabling lock debugging due to kernel taint [ 27.461975][ T295] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 27.462823][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.469592][ T295] #PF: supervisor write access in kernel mode [ 27.469604][ T295] #PF: error_code(0x0002) - not-present page [ 27.469629][ T295] PGD 0 P4D 0 [ 27.469648][ T295] Oops: 0002 [#1] PREEMPT SMP KASAN [ 27.478409][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.483218][ T295] CPU: 1 PID: 295 Comm: syz-executor Tainted: G B W 6.1.112-syzkaller-00019-g6cf2e7d96862 #0 [ 27.483241][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 27.483253][ T295] RIP: 0010:ihold+0x25/0x60 [ 27.490764][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.492241][ T295] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 c1 6c a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 60 da ef ff bb 01 00 00 00 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 44 70 a8 [ 27.498017][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.505176][ T295] RSP: 0018:ffffc90001117a90 EFLAGS: 00010246 [ 27.505196][ T295] RAX: ffff8881100a5100 RBX: 0000000000000001 RCX: ffff8881100a5100 [ 27.505211][ T295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 27.505222][ T295] RBP: ffffc90001117aa0 R08: ffffffff8144a2c3 R09: fffffbfff0f6e0fd [ 27.505237][ T295] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11025cb997f [ 27.516997][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.526265][ T295] R13: ffff888114de9bb0 R14: 0000000000000000 R15: 1ffff110229bd37c [ 27.526282][ T295] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 27.526299][ T295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.531728][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.538071][ T295] CR2: 0000000000000170 CR3: 000000011f951000 CR4: 00000000003506a0 [ 27.538091][ T295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.558398][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 27.564542][ T295] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.564559][ T295] Call Trace: [ 27.564564][ T295] [ 27.564572][ T295] ? __die_body+0x62/0xb0 [ 27.564596][ T295] ? __die+0x7e/0x90 [ 27.571733][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.578343][ T295] ? page_fault_oops+0x7f9/0xa90 [ 27.586872][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.593966][ T295] ? vprintk_default+0x26/0x30 [ 27.593997][ T295] ? kernelmode_fixup_or_oops+0xd0/0xd0 [ 27.714788][ T295] ? add_taint+0x44/0xe0 [ 27.718859][ T295] ? panic+0x667/0x667 [ 27.722768][ T295] ? preempt_schedule_thunk+0x16/0x18 [ 27.727976][ T295] ? exc_page_fault+0x529/0x6d0 [ 27.732668][ T295] ? asm_exc_page_fault+0x27/0x30 [ 27.737529][ T295] ? add_taint+0x93/0xe0 [ 27.741604][ T295] ? ihold+0x25/0x60 [ 27.745335][ T295] vfs_rmdir+0x268/0x500 [ 27.749417][ T295] incfs_kill_sb+0x113/0x230 [ 27.753845][ T295] deactivate_locked_super+0xad/0x110 [ 27.759050][ T295] deactivate_super+0xbe/0xf0 [ 27.763570][ T295] cleanup_mnt+0x485/0x510 [ 27.767814][ T295] __cleanup_mnt+0x19/0x20 [ 27.772067][ T295] task_work_run+0x24d/0x2e0 [ 27.776496][ T295] ? kmem_cache_free+0x291/0x560 [ 27.781267][ T295] ? task_work_cancel+0x2e0/0x2e0 [ 27.786130][ T295] ? free_nsproxy+0x20d/0x260 [ 27.791075][ T295] ? exit_task_namespaces+0xb4/0xd0 [ 27.796196][ T295] do_exit+0xbd5/0x2b80 [ 27.800189][ T295] ? put_task_struct+0x80/0x80 [ 27.804785][ T295] ? __kasan_check_write+0x14/0x20 [ 27.809735][ T295] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 27.814679][ T295] ? _raw_spin_lock_irqsave+0x210/0x210 [ 27.820104][ T295] ? zap_other_threads+0x29c/0x2d0 [ 27.825009][ T295] do_group_exit+0x21a/0x2d0 [ 27.829436][ T295] __x64_sys_exit_group+0x3f/0x40 [ 27.834296][ T295] x64_sys_call+0x610/0x9a0 [ 27.838657][ T295] do_syscall_64+0x3b/0xb0 [ 27.842887][ T295] ? clear_bhb_loop+0x55/0xb0 [ 27.847403][ T295] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 27.853133][ T295] RIP: 0033:0x7f4b46d7e759 [ 27.857382][ T295] Code: Unable to access opcode bytes at 0x7f4b46d7e72f. [ 27.864239][ T295] RSP: 002b:00007ffc5a92edb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 27.872485][ T295] RAX: ffffffffffffffda RBX: 00007f4b46df166e RCX: 00007f4b46d7e759 [ 27.880729][ T295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 27.888541][ T295] RBP: 0000000000000016 R08: 00007ffc5a92cb56 R09: 00007ffc5a930070 [ 27.896353][ T295] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffc5a930070 [ 27.904280][ T295] R13: 00007f4b46df15fc R14: 000055558ef524a8 R15: 00007ffc5a932220 [ 27.912095][ T295] [ 27.914966][ T295] Modules linked in: [ 27.918699][ T295] CR2: 0000000000000170 [ 27.922683][ T295] ---[ end trace 0000000000000000 ]--- [ 27.927975][ T295] RIP: 0010:ihold+0x25/0x60 [ 27.932318][ T295] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 c1 6c a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 60 da ef ff bb 01 00 00 00 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 44 70 a8 [ 27.951761][ T295] RSP: 0018:ffffc90001117a90 EFLAGS: 00010246 [ 27.957769][ T295] RAX: ffff8881100a5100 RBX: 0000000000000001 RCX: ffff8881100a5100 [ 27.965594][ T295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 27.973386][ T295] RBP: ffffc90001117aa0 R08: ffffffff8144a2c3 R09: fffffbfff0f6e0fd [ 27.981195][ T295] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11025cb997f [ 27.989005][ T295] R13: ffff888114de9bb0 R14: 0000000000000000 R15: 1ffff110229bd37c [ 27.996820][ T295] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 28.005583][ T295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.012006][ T295] CR2: 0000000000000170 CR3: 000000011f951000 CR4: 00000000003506a0 [ 28.019817][ T295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.027627][ T295] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.035442][ T295] Kernel panic - not syncing: Fatal exception [ 28.041559][ T295] Kernel Offset: disabled [ 28.045599][ T295] Rebooting in 86400 seconds..