last executing test programs: 152.529781ms ago: executing program 2 (id=3): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f00000002c0)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0, 0x6000}) r2 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0) lseek(r2, 0xfffffffffffffffe, 0x4) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x74) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x81, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(r5, 0x4068aea3, &(0x7f0000000200)={0xc0, 0x0, 0x8000}) ioctl$KVM_CLEAR_DIRTY_LOG(r5, 0xc018aec0, &(0x7f0000000000)={0x4, 0x340, 0xc0, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1) 134.070573ms ago: executing program 0 (id=1): symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00') (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async) sigaltstack(&(0x7f0000002180)={&(0x7f0000001180)=""/4096, 0x1, 0x1000}, 0x0) sigaltstack(&(0x7f0000000240)={&(0x7f0000000500)=""/236, 0x2, 0xec}, &(0x7f0000000280)={&(0x7f0000000440)=""/122, 0x0, 0x7a}) (async) utime(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x80000000}) (async) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) (async) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, 0x20) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000600), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f00000002c0)={0xb6, 0x0, 0x6b3}) (async) r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) (async, rerun: 32) r4 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="122141014813442024040075ee69010203010902240001000410000904b8070296d1ca000905060200020d0006090582020002000110"], 0x0) (rerun: 32) syz_usb_control_io$uac1(r4, 0x0, 0x0) (async, rerun: 64) syz_usb_control_io(r4, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x17, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (rerun: 64) syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004000000cf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) syz_usb_control_io$cdc_ecm(r4, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000001480)=ANY=[@ANYBLOB="2001"], 0x0, 0x0}) syz_usb_control_io(r4, 0x0, &(0x7f0000000fc0)={0x84, &(0x7f0000000c80)={0x20, 0x0, 0x4, "f670e000"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = socket$inet_udp(0x2, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0) (async) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x94, 0x0, 0x0, 0xffffff81}, {0x6}]}, 0x10) (async) mknodat$loop(r3, &(0x7f0000000340)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') (async) rename(&(0x7f0000000140)='./file1\x00', &(0x7f0000001900)='./file0\x00') 127.962673ms ago: executing program 3 (id=4): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='environ\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) timer_create(0x3, 0x0, &(0x7f0000000340)=0x0) timer_settime(r0, 0x1, &(0x7f0000000380)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r1 = fsopen(&(0x7f0000000200)='msdos\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x8, 0x4, 0x18, 0x6}, {0x9, 0x5, 0x7}, {0xba, 0x0, 0x4, 0x7}]}) 113.859244ms ago: executing program 1 (id=2): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x1c, 0x18, 0x209, 0x0, 0x0, {0x2}, [@nested={0x8, 0x10f, 0x0, 0x1, [@typed={0x4, 0xd8, 0x0, 0x0, @binary}]}]}, 0x1c}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5401000010001307000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb00"/64, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="20010000000000000000000000000002000004d632000000640101020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000002000000000000000000000000000000fdffffff0000000000000000020000c8d52117000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017"], 0x154}, 0x1, 0x0, 0x0, 0x40000c5}, 0x80) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8923, &(0x7f00000000c0)={'bond_slave_0\x00', @random="013701300108"}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x40305839, 0x0) r4 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000140)={0x28, 0x0, 0x2711, @hyper}, 0x10, 0x40000) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/syz0\x00', 0x200002, 0x0) r7 = openat$full(0xffffffffffffff9c, &(0x7f0000000380), 0x60002, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f0000000200)={0x0, 0x0}) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r9, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) getresuid(&(0x7f0000000040)=0x0, &(0x7f0000000100), &(0x7f0000000140)) sendmsg$nl_xfrm(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000840)=@newsa={0x1d4, 0x16, 0x633, 0x0, 0x80000000, {{@in=@broadcast, @in=@loopback, 0xfffc, 0x0, 0x0, 0x0, 0xa}, {@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d2, 0x32}, @in6=@loopback, {}, {0x9, 0xffffffffffffffff, 0x0, 0x5}, {0x4, 0x2}, 0x6, 0x2, 0x2, 0x4, 0x18, 0x19}, [@sa={0xe4, 0x6, {{@in=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x4e24, 0x20, 0x4e23, 0xa4c, 0x2, 0x80, 0xa0, 0x2, 0x0, r10}, {@in=@multicast2, 0x4d4, 0x8596f95369958b8b}, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, {0x4eea8493, 0xff, 0x80, 0x8000000000000000, 0x81, 0x1000000000000000, 0x2, 0x10000}, {0x0, 0xe82, 0x4, 0x1}, {0x8001, 0x7, 0x4}, 0x70bd26, 0x3, 0x2, 0x4, 0x4, 0x84}}]}, 0x1d4}}, 0x0) sendmsg$netlink(r1, &(0x7f0000000300)={&(0x7f0000000040)=@proc={0x10, 0x0, 0x25dfdbfb, 0x2000}, 0xc, &(0x7f00000000c0)=[{&(0x7f0000000080)={0x10, 0x3c, 0x200, 0x70bd29, 0x25dfdbfe}, 0x10}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="2c000000000000000100000001000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=r3, @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r6, @ANYRES32, @ANYBLOB="004000001c00000000000001000095f1000000", @ANYRES32=r8, @ANYRES32=r10, @ANYRES32=0xee00, @ANYBLOB='\x00\x00\x00\x00'], 0x50, 0x50}, 0x40) 2.49212ms ago: executing program 1 (id=5): openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x340, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) mount$binderfs(0x0, &(0x7f0000000300)='./binderfs\x00', 0x0, 0x100000, 0x0) 2.16194ms ago: executing program 2 (id=6): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x110) openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000007c0)=ANY=[]) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x11e) renameat2(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) 454.42µs ago: executing program 1 (id=7): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYRES32=r0], 0x5c}}, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000240), 0x6, 0x85862) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000280)={r2, 0x5af, {0x0, 0x0, 0x0, 0xcd5f, 0xe1, 0x0, 0x9, 0x18, 0x8, "faf98317e5a1149989fc8dbe53ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5af60c9e6d680f984881a8a0f3500000000000000b20e0000000082", "32d8cc5137061a74df2cfc06c8070000004b30c509fe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b0108faff010000001f831fa79a00", "675237601a8ca5b07dcc141802c4a36a1c54e805397cad33ef39f846777ba31b", [0x3, 0x6]}}) sendfile(r1, r2, 0x0, 0xffff) 0s ago: executing program 2 (id=8): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x1, 0x490, 0x19, {0x77359400}, {0x0, 0xea60}, {}, 0x1, @can={{0x1, 0x1, 0x1}, 0x5, 0x0, 0x0, 0x0, "f51dc5254c260c98"}}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x4000041) r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r2) syz_usb_connect(0x0, 0x8c6, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201500236e47e2082055c2955d4010203010902b408048006a00309047f0e01ff2dde700a24010100800201020824050503"], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x2f, &(0x7f0000000100)=ANY=[@ANYBLOB="2f03bac6c75bef54b57901ce9c63dae3933f2b"]}]}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.70' (ED25519) to the list of known hosts. [ 25.844356][ T36] audit: type=1400 audit(1769942388.930:64): avc: denied { mounton } for pid=283 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.847972][ T283] cgroup: Unknown subsys name 'net' [ 25.867099][ T36] audit: type=1400 audit(1769942388.930:65): avc: denied { mount } for pid=283 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.894759][ T36] audit: type=1400 audit(1769942388.960:66): avc: denied { unmount } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.895307][ T283] cgroup: Unknown subsys name 'devices' [ 26.099090][ T283] cgroup: Unknown subsys name 'hugetlb' [ 26.104733][ T283] cgroup: Unknown subsys name 'rlimit' [ 26.281446][ T36] audit: type=1400 audit(1769942389.370:67): avc: denied { setattr } for pid=283 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 26.304686][ T36] audit: type=1400 audit(1769942389.370:68): avc: denied { mounton } for pid=283 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 26.329527][ T36] audit: type=1400 audit(1769942389.370:69): avc: denied { mount } for pid=283 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 26.355045][ T285] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 26.363898][ T36] audit: type=1400 audit(1769942389.450:70): avc: denied { relabelto } for pid=285 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.389875][ T36] audit: type=1400 audit(1769942389.450:71): avc: denied { write } for pid=285 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.418414][ T36] audit: type=1400 audit(1769942389.510:72): avc: denied { read } for pid=283 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.419607][ T283] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.444049][ T36] audit: type=1400 audit(1769942389.510:73): avc: denied { open } for pid=283 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.277973][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.285070][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.292608][ T290] bridge_slave_0: entered allmulticast mode [ 27.299135][ T290] bridge_slave_0: entered promiscuous mode [ 27.327246][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.334329][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.341587][ T290] bridge_slave_1: entered allmulticast mode [ 27.347880][ T290] bridge_slave_1: entered promiscuous mode [ 27.357903][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.364987][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.372136][ T291] bridge_slave_0: entered allmulticast mode [ 27.378458][ T291] bridge_slave_0: entered promiscuous mode [ 27.384932][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.392030][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.399199][ T291] bridge_slave_1: entered allmulticast mode [ 27.405580][ T291] bridge_slave_1: entered promiscuous mode [ 27.473263][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.480402][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.487707][ T292] bridge_slave_0: entered allmulticast mode [ 27.493990][ T292] bridge_slave_0: entered promiscuous mode [ 27.500505][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.507598][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.514682][ T293] bridge_slave_0: entered allmulticast mode [ 27.521077][ T293] bridge_slave_0: entered promiscuous mode [ 27.529752][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.537090][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.544632][ T292] bridge_slave_1: entered allmulticast mode [ 27.551214][ T292] bridge_slave_1: entered promiscuous mode [ 27.573016][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.580262][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.587413][ T293] bridge_slave_1: entered allmulticast mode [ 27.593677][ T293] bridge_slave_1: entered promiscuous mode [ 27.733154][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.740252][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.747622][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.754672][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.776935][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.784032][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.791378][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.798470][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.815871][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.823057][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.830382][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.837444][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.878415][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.885769][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.894159][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.901651][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.909365][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.916743][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.935660][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.942813][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.954061][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.961253][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.972755][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.979862][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.988163][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.995208][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.018227][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.025319][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.039656][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.046854][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.055075][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.062257][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.071877][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.078945][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.125453][ T292] veth0_vlan: entered promiscuous mode [ 28.149560][ T290] veth0_vlan: entered promiscuous mode [ 28.163635][ T291] veth0_vlan: entered promiscuous mode [ 28.173091][ T292] veth1_macvtap: entered promiscuous mode [ 28.191404][ T290] veth1_macvtap: entered promiscuous mode [ 28.198359][ T293] veth0_vlan: entered promiscuous mode [ 28.213093][ T291] veth1_macvtap: entered promiscuous mode [ 28.239270][ T293] veth1_macvtap: entered promiscuous mode [ 28.255798][ T292] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 28.332557][ T335] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 28.354875][ T342] : renamed from bond_slave_0 [ 28.382071][ T342] netlink: 220 bytes leftover after parsing attributes in process `syz.1.2'. [ 28.435847][ T292] ------------[ cut here ]------------ [ 28.441688][ T292] WARNING: CPU: 0 PID: 292 at fs/inode.c:340 drop_nlink+0xce/0x110 [ 28.449781][ T292] Modules linked in: [ 28.453769][ T292] CPU: 0 UID: 0 PID: 292 Comm: syz-executor Not tainted syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e [ 28.465530][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 28.475718][ T292] RIP: 0010:drop_nlink+0xce/0x110 [ 28.480948][ T292] Code: 04 00 00 be 08 00 00 00 e8 bf 25 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 e2 5b 96 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c [ 28.500873][ T292] RSP: 0018:ffffc9000b6afc60 EFLAGS: 00010293 [ 28.507083][ T292] RAX: ffffffff81f1412e RBX: ffff8881312165a0 RCX: ffff888108a9df00 [ 28.515099][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 28.523182][ T292] RBP: ffffc9000b6afc88 R08: 0000000000000003 R09: 0000000000000004 [ 28.531267][ T292] R10: dffffc0000000000 R11: fffff520016d5f7c R12: dffffc0000000000 [ 28.539723][ T292] R13: 1ffff11026242cbd R14: ffff8881312165e8 R15: 0000000000000000 [ 28.547876][ T292] FS: 0000555568b91500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 28.556890][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.563545][ T292] CR2: 0000555568bb4948 CR3: 000000011f92a000 CR4: 00000000003526b0 [ 28.571652][ T292] Call Trace: [ 28.574958][ T292] [ 28.578053][ T292] shmem_rmdir+0x5f/0x90 [ 28.582377][ T292] vfs_rmdir+0x3e0/0x560 [ 28.586714][ T292] incfs_kill_sb+0x109/0x230 [ 28.591353][ T292] deactivate_locked_super+0xd8/0x2a0 [ 28.596844][ T292] deactivate_super+0xb8/0xe0 [ 28.601555][ T292] cleanup_mnt+0x406/0x4a0 [ 28.605988][ T292] __cleanup_mnt+0x1d/0x40 [ 28.610501][ T292] task_work_run+0x1e5/0x260 [ 28.615166][ T292] ? __cfi_task_work_run+0x10/0x10 [ 28.620367][ T292] ? __x64_sys_umount+0x12e/0x180 [ 28.625427][ T292] ? __cfi___x64_sys_umount+0x10/0x10 [ 28.630877][ T292] ? __kasan_check_read+0x15/0x20 [ 28.635935][ T292] resume_user_mode_work+0x35/0x50 [ 28.641144][ T292] syscall_exit_to_user_mode+0x63/0xb0 [ 28.646717][ T292] do_syscall_64+0x63/0xf0 [ 28.651172][ T292] ? clear_bhb_loop+0x50/0xa0 [ 28.655891][ T292] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 28.661914][ T292] RIP: 0033:0x7f475839c117 [ 28.666373][ T292] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 28.686060][ T292] RSP: 002b:00007ffc24935d08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 28.686900][ T31] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 28.694586][ T292] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f475839c117 [ 28.710084][ T292] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc24935dc0 [ 28.718155][ T292] RBP: 00007ffc24935dc0 R08: 00007ffc24936dc0 R09: 00000000ffffffff [ 28.726157][ T292] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc24936e50 [ 28.734211][ T292] R13: 00007f475840471f R14: 0000000000006eee R15: 00007ffc24936e90 [ 28.742322][ T292] [ 28.745358][ T292] ---[ end trace 0000000000000000 ]--- [ 28.750983][ T292] ================================================================== [ 28.759192][ T292] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 [ 28.765478][ T292] Write of size 4 at addr 0000000000000168 by task syz-executor/292 [ 28.773465][ T292] [ 28.775807][ T292] CPU: 1 UID: 0 PID: 292 Comm: syz-executor Tainted: G W syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e [ 28.775832][ T292] Tainted: [W]=WARN [ 28.775838][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 28.775848][ T292] Call Trace: [ 28.775853][ T292] [ 28.775859][ T292] __dump_stack+0x21/0x30 [ 28.775883][ T292] dump_stack_lvl+0x140/0x1c0 [ 28.775903][ T292] ? __cfi_dump_stack_lvl+0x10/0x10 [ 28.775924][ T292] print_report+0x3d/0x70 [ 28.775942][ T292] kasan_report+0x162/0x1a0 [ 28.775966][ T292] ? ihold+0x24/0x70 [ 28.775988][ T292] ? _raw_spin_unlock+0x45/0x60 [ 28.776016][ T292] ? ihold+0x24/0x70 [ 28.776037][ T292] kasan_check_range+0x25a/0x2b0 [ 28.776061][ T292] __kasan_check_write+0x18/0x20 [ 28.776079][ T292] ihold+0x24/0x70 [ 28.776099][ T292] vfs_rmdir+0x26a/0x560 [ 28.776114][ T292] incfs_kill_sb+0x109/0x230 [ 28.776133][ T292] deactivate_locked_super+0xd8/0x2a0 [ 28.776150][ T292] deactivate_super+0xb8/0xe0 [ 28.776164][ T292] cleanup_mnt+0x406/0x4a0 [ 28.776187][ T292] __cleanup_mnt+0x1d/0x40 [ 28.776207][ T292] task_work_run+0x1e5/0x260 [ 28.776226][ T292] ? __cfi_task_work_run+0x10/0x10 [ 28.776243][ T292] ? __x64_sys_umount+0x12e/0x180 [ 28.776259][ T292] ? __cfi___x64_sys_umount+0x10/0x10 [ 28.776276][ T292] ? __kasan_check_read+0x15/0x20 [ 28.776295][ T292] resume_user_mode_work+0x35/0x50 [ 28.776316][ T292] syscall_exit_to_user_mode+0x63/0xb0 [ 28.776335][ T292] do_syscall_64+0x63/0xf0 [ 28.776358][ T292] ? clear_bhb_loop+0x50/0xa0 [ 28.776380][ T292] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 28.776401][ T292] RIP: 0033:0x7f475839c117 [ 28.776415][ T292] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 28.776428][ T292] RSP: 002b:00007ffc24935d08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 28.776445][ T292] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f475839c117 [ 28.776455][ T292] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc24935dc0 [ 28.776466][ T292] RBP: 00007ffc24935dc0 R08: 00007ffc24936dc0 R09: 00000000ffffffff [ 28.776477][ T292] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc24936e50 [ 28.776488][ T292] R13: 00007f475840471f R14: 0000000000006eee R15: 00007ffc24936e90 [ 28.776501][ T292] [ 28.776507][ T292] ================================================================== [ 29.021933][ T292] Disabling lock debugging due to kernel taint [ 29.030152][ T292] BUG: kernel NULL pointer dereference, address: 0000000000000168 [ 29.037986][ T292] #PF: supervisor write access in kernel mode [ 29.044058][ T292] #PF: error_code(0x0002) - not-present page [ 29.050039][ T292] PGD 800000010bbaf067 P4D 800000010bbaf067 PUD 0 [ 29.056565][ T292] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 29.062669][ T292] CPU: 0 UID: 0 PID: 292 Comm: syz-executor Tainted: G B W syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e [ 29.075786][ T292] Tainted: [B]=BAD_PAGE, [W]=WARN [ 29.076869][ T31] usb 1-1: device descriptor read/64, error -71 [ 29.080835][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 29.080852][ T292] RIP: 0010:ihold+0x2a/0x70 [ 29.101721][ T292] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 cd 52 96 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 7c 1c ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 dd [ 29.121370][ T292] RSP: 0018:ffffc9000b6afca0 EFLAGS: 00010246 [ 29.127470][ T292] RAX: ffff888108a9df00 RBX: 0000000000000000 RCX: ffff888108a9df00 [ 29.135451][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 29.143436][ T292] RBP: ffffc9000b6afcb0 R08: ffffffff88b8b947 R09: 1ffffffff1171728 [ 29.151423][ T292] R10: dffffc0000000000 R11: fffffbfff1171729 R12: ffff8881312165ac [ 29.159417][ T292] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 29.167400][ T292] FS: 0000555568b91500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 29.176338][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.182936][ T292] CR2: 0000000000000168 CR3: 000000011f92a000 CR4: 00000000003526b0 [ 29.190946][ T292] Call Trace: [ 29.194234][ T292] [ 29.197206][ T292] vfs_rmdir+0x26a/0x560 [ 29.201477][ T292] incfs_kill_sb+0x109/0x230 [ 29.206081][ T292] deactivate_locked_super+0xd8/0x2a0 [ 29.211460][ T292] deactivate_super+0xb8/0xe0 [ 29.216249][ T292] cleanup_mnt+0x406/0x4a0 [ 29.220701][ T292] __cleanup_mnt+0x1d/0x40 [ 29.225135][ T292] task_work_run+0x1e5/0x260 [ 29.229759][ T292] ? __cfi_task_work_run+0x10/0x10 [ 29.234893][ T292] ? __x64_sys_umount+0x12e/0x180 [ 29.239952][ T292] ? __cfi___x64_sys_umount+0x10/0x10 [ 29.245334][ T292] ? __kasan_check_read+0x15/0x20 [ 29.250399][ T292] resume_user_mode_work+0x35/0x50 [ 29.255520][ T292] syscall_exit_to_user_mode+0x63/0xb0 [ 29.260997][ T292] do_syscall_64+0x63/0xf0 [ 29.265445][ T292] ? clear_bhb_loop+0x50/0xa0 [ 29.270137][ T292] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 29.276048][ T292] RIP: 0033:0x7f475839c117 [ 29.280467][ T292] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 29.300080][ T292] RSP: 002b:00007ffc24935d08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 29.308509][ T292] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f475839c117 [ 29.316489][ T292] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc24935dc0 [ 29.324475][ T292] RBP: 00007ffc24935dc0 R08: 00007ffc24936dc0 R09: 00000000ffffffff [ 29.326829][ T31] usb 1-1: device descriptor read/64, error -71 [ 29.332474][ T292] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc24936e50 [ 29.332494][ T292] R13: 00007f475840471f R14: 0000000000006eee R15: 00007ffc24936e90 [ 29.354721][ T292] [ 29.357752][ T292] Modules linked in: [ 29.361669][ T292] CR2: 0000000000000168 [ 29.365818][ T292] ---[ end trace 0000000000000000 ]--- [ 29.371279][ T292] RIP: 0010:ihold+0x2a/0x70 [ 29.375800][ T292] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 cd 52 96 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 7c 1c ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 dd [ 29.395415][ T292] RSP: 0018:ffffc9000b6afca0 EFLAGS: 00010246 [ 29.401497][ T292] RAX: ffff888108a9df00 RBX: 0000000000000000 RCX: ffff888108a9df00 [ 29.409484][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 29.417468][ T292] RBP: ffffc9000b6afcb0 R08: ffffffff88b8b947 R09: 1ffffffff1171728 [ 29.425453][ T292] R10: dffffc0000000000 R11: fffffbfff1171729 R12: ffff8881312165ac [ 29.433444][ T292] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 29.441449][ T292] FS: 0000555568b91500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 29.450413][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.457104][ T292] CR2: 0000000000000168 CR3: 000000011f92a000 CR4: 00000000003526b0 [ 29.465089][ T292] Kernel panic - not syncing: Fatal exception [ 29.471752][ T292] Kernel Offset: disabled [ 29.476087][ T292] Rebooting in 86400 seconds..