last executing test programs:
198.280432ms ago: executing program 3 (id=4):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x40845, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0xc, 0x54404d0a08a4d8, 0x4})
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
unshare(0x60000600)
131.116225ms ago: executing program 3 (id=5):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.dequeue\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
io_submit(0x0, 0x0, 0x0)
129.665424ms ago: executing program 2 (id=3):
rt_sigaction(0xd, &(0x7f0000000180)={0x0, 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r3, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014)
socket$inet_udplite(0x2, 0x2, 0x88)
74.071977ms ago: executing program 2 (id=6):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
quotactl$Q_SETINFO(0xffffffff80000600, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
63.094917ms ago: executing program 0 (id=1):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
49.504058ms ago: executing program 1 (id=2):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x40845, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0xc, 0x54404d0a08a4d8, 0x4})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
capset(&(0x7f0000000200)={0x19980330}, &(0x7f0000000000)={0x4, 0x4, 0x0, 0x0, 0xffffffff, 0x7})
31.668169ms ago: executing program 2 (id=7):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x40845, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0xc, 0x54404d0a08a4d8, 0x4})
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r6, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
unshare(0x60000600)
0s ago: executing program 0 (id=8):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
write$tun(r4, &(0x7f0000000000)=ANY=[], 0x2e)
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.0.49' (ED25519) to the list of known hosts.
[ 23.601122][ T36] audit: type=1400 audit(1763544081.860:64): avc: denied { mounton } for pid=283 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 23.602537][ T283] cgroup: Unknown subsys name 'net'
[ 23.623844][ T36] audit: type=1400 audit(1763544081.860:65): avc: denied { mount } for pid=283 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 23.651121][ T36] audit: type=1400 audit(1763544081.890:66): avc: denied { unmount } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 23.651342][ T283] cgroup: Unknown subsys name 'devices'
[ 23.855123][ T283] cgroup: Unknown subsys name 'hugetlb'
[ 23.860838][ T283] cgroup: Unknown subsys name 'rlimit'
[ 24.015757][ T36] audit: type=1400 audit(1763544082.280:67): avc: denied { setattr } for pid=283 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 24.038969][ T36] audit: type=1400 audit(1763544082.280:68): avc: denied { mounton } for pid=283 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 24.063744][ T36] audit: type=1400 audit(1763544082.280:69): avc: denied { mount } for pid=283 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 24.074576][ T285] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[ 24.095639][ T36] audit: type=1400 audit(1763544082.360:70): avc: denied { relabelto } for pid=285 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 24.121134][ T36] audit: type=1400 audit(1763544082.360:71): avc: denied { write } for pid=285 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 24.155094][ T36] audit: type=1400 audit(1763544082.420:72): avc: denied { read } for pid=283 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 24.180687][ T36] audit: type=1400 audit(1763544082.420:73): avc: denied { open } for pid=283 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 24.181017][ T283] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 26.668710][ T291] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.676267][ T291] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.683603][ T291] bridge_slave_0: entered allmulticast mode
[ 26.689859][ T291] bridge_slave_0: entered promiscuous mode
[ 26.702976][ T291] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.710017][ T291] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.717265][ T291] bridge_slave_1: entered allmulticast mode
[ 26.723582][ T291] bridge_slave_1: entered promiscuous mode
[ 26.759404][ T292] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.766608][ T292] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.773730][ T292] bridge_slave_0: entered allmulticast mode
[ 26.780079][ T292] bridge_slave_0: entered promiscuous mode
[ 26.794876][ T292] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.801942][ T292] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.809164][ T292] bridge_slave_1: entered allmulticast mode
[ 26.815568][ T292] bridge_slave_1: entered promiscuous mode
[ 26.836572][ T293] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.843653][ T293] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.850733][ T293] bridge_slave_0: entered allmulticast mode
[ 26.857189][ T293] bridge_slave_0: entered promiscuous mode
[ 26.873618][ T293] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.880680][ T293] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.887775][ T293] bridge_slave_1: entered allmulticast mode
[ 26.894207][ T293] bridge_slave_1: entered promiscuous mode
[ 26.915550][ T290] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.922605][ T290] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.929753][ T290] bridge_slave_0: entered allmulticast mode
[ 26.936043][ T290] bridge_slave_0: entered promiscuous mode
[ 26.952694][ T290] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.959788][ T290] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.966895][ T290] bridge_slave_1: entered allmulticast mode
[ 26.973251][ T290] bridge_slave_1: entered promiscuous mode
[ 27.108638][ T293] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.115747][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.123201][ T293] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.130245][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.155545][ T291] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.162598][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.182691][ T46] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.190639][ T46] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.197974][ T46] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.210848][ T46] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.217935][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.233572][ T46] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.240621][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.296776][ T46] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.303874][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.311793][ T46] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.318884][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.326600][ T46] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.333655][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.355510][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.362572][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.372375][ T293] veth0_vlan: entered promiscuous mode
[ 27.381928][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.389014][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.396818][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.403889][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.442156][ T293] veth1_macvtap: entered promiscuous mode
[ 27.478271][ T292] veth0_vlan: entered promiscuous mode
[ 27.489470][ T290] veth0_vlan: entered promiscuous mode
[ 27.505256][ T291] veth0_vlan: entered promiscuous mode
[ 27.517060][ T292] veth1_macvtap: entered promiscuous mode
[ 27.526727][ T290] veth1_macvtap: entered promiscuous mode
[ 27.533785][ T293] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 27.564540][ T291] veth1_macvtap: entered promiscuous mode
[ 27.738084][ T346] capability: warning: `syz.1.2' uses 32-bit capabilities (legacy support in use)
[ 27.754020][ T290] ------------[ cut here ]------------
[ 27.759655][ T290] WARNING: CPU: 1 PID: 290 at fs/inode.c:340 drop_nlink+0xce/0x110
[ 27.767701][ T290] Modules linked in:
[ 27.771647][ T290] CPU: 1 UID: 0 PID: 290 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[ 27.783407][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 27.793558][ T290] RIP: 0010:drop_nlink+0xce/0x110
[ 27.798620][ T290] Code: 04 00 00 be 08 00 00 00 e8 cf 54 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 32 e4 97 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c
[ 27.818666][ T290] RSP: 0018:ffffc9000b67fc60 EFLAGS: 00010293
[ 27.824840][ T290] RAX: ffffffff81ee1a7e RBX: ffff88810f3f5308 RCX: ffff888100a8b900
[ 27.832878][ T290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 27.840882][ T290] RBP: ffffc9000b67fc88 R08: 0000000000000003 R09: 0000000000000004
[ 27.848968][ T290] R10: dffffc0000000000 R11: fffff520016cff7c R12: dffffc0000000000
[ 27.857016][ T290] R13: 1ffff11021e7ea6a R14: ffff88810f3f5350 R15: 0000000000000000
[ 27.865089][ T290] FS: 0000555583f41500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 27.874151][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 27.880765][ T290] CR2: 00000000000000d8 CR3: 000000012590c000 CR4: 00000000003526b0
[ 27.888855][ T290] Call Trace:
[ 27.892168][ T290]
[ 27.895179][ T290] shmem_rmdir+0x5f/0x90
[ 27.899467][ T290] vfs_rmdir+0x3dd/0x560
[ 27.903834][ T290] incfs_kill_sb+0x109/0x230
[ 27.908470][ T290] deactivate_locked_super+0xd5/0x2a0
[ 27.913945][ T290] deactivate_super+0xb8/0xe0
[ 27.918655][ T290] cleanup_mnt+0x3f1/0x480
[ 27.923200][ T290] __cleanup_mnt+0x1d/0x40
[ 27.927646][ T290] task_work_run+0x1e0/0x250
[ 27.932270][ T290] ? __cfi_task_work_run+0x10/0x10
[ 27.937485][ T290] ? __x64_sys_umount+0x126/0x170
[ 27.942564][ T290] ? __cfi___x64_sys_umount+0x10/0x10
[ 27.948061][ T290] ? __kasan_check_read+0x15/0x20
[ 27.953160][ T290] resume_user_mode_work+0x36/0x50
[ 27.958305][ T290] syscall_exit_to_user_mode+0x64/0xb0
[ 27.963920][ T290] do_syscall_64+0x64/0xf0
[ 27.968469][ T290] ? clear_bhb_loop+0x50/0xa0
[ 27.973216][ T290] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 27.979147][ T290] RIP: 0033:0x7fc1d23909f7
[ 27.983675][ T290] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 28.003357][ T290] RSP: 002b:00007fff87708e78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 28.011812][ T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fc1d23909f7
[ 28.019880][ T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff87708f30
[ 28.027955][ T290] RBP: 00007fff87708f30 R08: 0000000000000000 R09: 0000000000000000
[ 28.036023][ T290] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff87709fc0
[ 28.044259][ T290] R13: 00007fc1d2411d7d R14: 0000000000006c3a R15: 00007fff8770a000
[ 28.052275][ T290]
[ 28.055404][ T290] ---[ end trace 0000000000000000 ]---
[ 28.062727][ T290] ==================================================================
[ 28.070942][ T290] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70
[ 28.077313][ T290] Write of size 4 at addr 0000000000000168 by task syz-executor/290
[ 28.085337][ T290]
[ 28.087696][ T290] CPU: 1 UID: 0 PID: 290 Comm: syz-executor Tainted: G W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[ 28.087733][ T290] Tainted: [W]=WARN
[ 28.087741][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 28.087755][ T290] Call Trace:
[ 28.087762][ T290]
[ 28.087771][ T290] __dump_stack+0x21/0x30
[ 28.087805][ T290] dump_stack_lvl+0x10c/0x190
[ 28.087833][ T290] ? __cfi_dump_stack_lvl+0x10/0x10
[ 28.087863][ T290] print_report+0x3d/0x70
[ 28.087886][ T290] kasan_report+0x163/0x1a0
[ 28.087912][ T290] ? ihold+0x24/0x70
[ 28.087935][ T290] ? _raw_spin_unlock+0x45/0x60
[ 28.087964][ T290] ? ihold+0x24/0x70
[ 28.087987][ T290] kasan_check_range+0x299/0x2a0
[ 28.088013][ T290] __kasan_check_write+0x18/0x20
[ 28.088046][ T290] ihold+0x24/0x70
[ 28.088068][ T290] vfs_rmdir+0x26a/0x560
[ 28.088111][ T290] incfs_kill_sb+0x109/0x230
[ 28.088160][ T290] deactivate_locked_super+0xd5/0x2a0
[ 28.088190][ T290] deactivate_super+0xb8/0xe0
[ 28.088217][ T290] cleanup_mnt+0x3f1/0x480
[ 28.088243][ T290] __cleanup_mnt+0x1d/0x40
[ 28.088265][ T290] task_work_run+0x1e0/0x250
[ 28.088292][ T290] ? __cfi_task_work_run+0x10/0x10
[ 28.088325][ T290] ? __x64_sys_umount+0x126/0x170
[ 28.088355][ T290] ? __cfi___x64_sys_umount+0x10/0x10
[ 28.088386][ T290] ? __kasan_check_read+0x15/0x20
[ 28.088418][ T290] resume_user_mode_work+0x36/0x50
[ 28.088445][ T290] syscall_exit_to_user_mode+0x64/0xb0
[ 28.088469][ T290] do_syscall_64+0x64/0xf0
[ 28.088497][ T290] ? clear_bhb_loop+0x50/0xa0
[ 28.088521][ T290] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 28.088544][ T290] RIP: 0033:0x7fc1d23909f7
[ 28.088563][ T290] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 28.088581][ T290] RSP: 002b:00007fff87708e78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 28.088604][ T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fc1d23909f7
[ 28.088618][ T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff87708f30
[ 28.088632][ T290] RBP: 00007fff87708f30 R08: 0000000000000000 R09: 0000000000000000
[ 28.088646][ T290] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff87709fc0
[ 28.088661][ T290] R13: 00007fc1d2411d7d R14: 0000000000006c3a R15: 00007fff8770a000
[ 28.088680][ T290]
[ 28.088688][ T290] ==================================================================
[ 28.335366][ T290] Disabling lock debugging due to kernel taint
[ 28.341583][ T290] BUG: kernel NULL pointer dereference, address: 0000000000000168
[ 28.349416][ T290] #PF: supervisor write access in kernel mode
[ 28.355502][ T290] #PF: error_code(0x0002) - not-present page
[ 28.361501][ T290] PGD 800000010efab067 P4D 800000010efab067 PUD 0
[ 28.368052][ T290] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI
[ 28.374156][ T290] CPU: 1 UID: 0 PID: 290 Comm: syz-executor Tainted: G B W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[ 28.387313][ T290] Tainted: [B]=BAD_PAGE, [W]=WARN
[ 28.392357][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 28.402444][ T290] RIP: 0010:ihold+0x2a/0x70
[ 28.406996][ T290] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d
[ 28.426633][ T290] RSP: 0018:ffffc9000b67fca0 EFLAGS: 00010246
[ 28.432738][ T290] RAX: ffff888100a8b900 RBX: 0000000000000000 RCX: ffff888100a8b900
[ 28.440760][ T290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 28.448761][ T290] RBP: ffffc9000b67fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528
[ 28.456778][ T290] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88810f3f5314
[ 28.464781][ T290] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[ 28.472787][ T290] FS: 0000555583f41500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 28.481744][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 28.488363][ T290] CR2: 0000000000000168 CR3: 000000012590c000 CR4: 00000000003526b0
[ 28.496364][ T290] Call Trace:
[ 28.499667][ T290]
[ 28.502615][ T290] vfs_rmdir+0x26a/0x560
[ 28.506934][ T290] incfs_kill_sb+0x109/0x230
[ 28.511572][ T290] deactivate_locked_super+0xd5/0x2a0
[ 28.516974][ T290] deactivate_super+0xb8/0xe0
[ 28.521698][ T290] cleanup_mnt+0x3f1/0x480
[ 28.526149][ T290] __cleanup_mnt+0x1d/0x40
[ 28.530608][ T290] task_work_run+0x1e0/0x250
[ 28.535248][ T290] ? __cfi_task_work_run+0x10/0x10
[ 28.540392][ T290] ? __x64_sys_umount+0x126/0x170
[ 28.545450][ T290] ? __cfi___x64_sys_umount+0x10/0x10
[ 28.550842][ T290] ? __kasan_check_read+0x15/0x20
[ 28.555891][ T290] resume_user_mode_work+0x36/0x50
[ 28.561017][ T290] syscall_exit_to_user_mode+0x64/0xb0
[ 28.566504][ T290] do_syscall_64+0x64/0xf0
[ 28.570939][ T290] ? clear_bhb_loop+0x50/0xa0
[ 28.575622][ T290] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 28.581524][ T290] RIP: 0033:0x7fc1d23909f7
[ 28.585942][ T290] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 28.605643][ T290] RSP: 002b:00007fff87708e78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 28.614075][ T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fc1d23909f7
[ 28.622059][ T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff87708f30
[ 28.630036][ T290] RBP: 00007fff87708f30 R08: 0000000000000000 R09: 0000000000000000
[ 28.638026][ T290] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff87709fc0
[ 28.646007][ T290] R13: 00007fc1d2411d7d R14: 0000000000006c3a R15: 00007fff8770a000
[ 28.654001][ T290]
[ 28.657023][ T290] Modules linked in:
[ 28.660916][ T290] CR2: 0000000000000168
[ 28.665061][ T290] ---[ end trace 0000000000000000 ]---
[ 28.670522][ T290] RIP: 0010:ihold+0x2a/0x70
[ 28.675033][ T290] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d
[ 28.694727][ T290] RSP: 0018:ffffc9000b67fca0 EFLAGS: 00010246
[ 28.700803][ T290] RAX: ffff888100a8b900 RBX: 0000000000000000 RCX: ffff888100a8b900
[ 28.708775][ T290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 28.716747][ T290] RBP: ffffc9000b67fcb0 R08: ffffffff88972947 R09: 1ffffffff112e528
[ 28.724722][ T290] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88810f3f5314
[ 28.732718][ T290] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[ 28.740693][ T290] FS: 0000555583f41500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 28.749633][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 28.756221][ T290] CR2: 0000000000000168 CR3: 000000012590c000 CR4: 00000000003526b0
[ 28.764216][ T290] Kernel panic - not syncing: Fatal exception
[ 28.770566][ T290] Kernel Offset: disabled
[ 28.774894][ T290] Rebooting in 86400 seconds..