u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   32.895681][   T30] audit: type=1400 audit(1715005751.194:156): avc:  denied  { siginh } for  pid=320 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.4' (ED25519) to the list of known hosts.
2024/05/06 14:29:18 ignoring optional flag "sandboxArg"="0"
2024/05/06 14:29:18 parsed 1 programs
[   40.302803][   T30] audit: type=1400 audit(1715005758.664:157): avc:  denied  { mounton } for  pid=341 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   40.327553][   T30] audit: type=1400 audit(1715005758.664:158): avc:  denied  { mount } for  pid=341 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   40.388630][   T30] audit: type=1400 audit(1715005758.754:159): avc:  denied  { unlink } for  pid=341 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2024/05/06 14:29:18 executed programs: 0
[   40.450782][  T341] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   40.493531][  T348] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.500406][  T348] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.507506][  T348] device bridge_slave_0 entered promiscuous mode
[   40.514233][  T348] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.521086][  T348] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.528283][  T348] device bridge_slave_1 entered promiscuous mode
[   40.559087][   T30] audit: type=1400 audit(1715005758.924:160): avc:  denied  { write } for  pid=348 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   40.563263][  T348] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.579600][   T30] audit: type=1400 audit(1715005758.924:161): avc:  denied  { read } for  pid=348 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   40.586326][  T348] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.613745][  T348] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.620586][  T348] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.636482][   T39] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.643800][   T39] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.651066][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   40.658456][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.676832][  T348] device veth0_vlan entered promiscuous mode
[   40.683845][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   40.692140][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.699942][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   40.707362][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   40.714817][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.723279][   T39] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.730257][   T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.737507][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.745467][   T39] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.752322][   T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.759532][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   40.767215][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   40.778506][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.787111][  T348] device veth1_macvtap entered promiscuous mode
[   40.795623][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   40.807443][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   40.818476][   T30] audit: type=1400 audit(1715005759.184:162): avc:  denied  { mounton } for  pid=348 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   40.848237][   T30] audit: type=1400 audit(1715005759.214:163): avc:  denied  { mounton } for  pid=353 comm="syz-executor.0" path="/root/syzkaller-testdir515095624/syzkaller.2B0d1N/0/file0" dev="sda1" ino=1939 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   40.848863][  T354] incfs: ino conflict with backing FS 1
[   40.874944][   T30] audit: type=1400 audit(1715005759.214:164): avc:  denied  { mount } for  pid=353 comm="syz-executor.0" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   40.902583][   T30] audit: type=1400 audit(1715005759.214:165): avc:  denied  { mounton } for  pid=353 comm="syz-executor.0" path="/root/syzkaller-testdir515095624/syzkaller.2B0d1N/0/file0/file0" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   40.902723][  T348] ------------[ cut here ]------------
[   40.930002][   T30] audit: type=1400 audit(1715005759.244:166): avc:  denied  { unmount } for  pid=348 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   40.935324][  T348] WARNING: CPU: 1 PID: 348 at fs/inode.c:307 drop_nlink+0xc1/0x110
[   40.962631][  T348] Modules linked in:
[   40.966352][  T348] CPU: 0 PID: 348 Comm: syz-executor.0 Not tainted 5.15.149-syzkaller-1069109-g5d96939590c0 #0
[   40.976674][  T348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   40.986595][  T348] RIP: 0010:drop_nlink+0xc1/0x110
[   40.991538][  T348] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 c7 f8 f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 bf e7 ae ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c
[   41.011249][  T348] RSP: 0018:ffffc90000a57c88 EFLAGS: 00010293
[   41.017251][  T348] RAX: ffffffff81c13c41 RBX: 0000000000000000 RCX: ffff88810c8c3b40
[   41.025114][  T348] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   41.032989][  T348] RBP: ffffc90000a57cb0 R08: ffffffff81c13bc4 R09: 0000000000000003
[   41.040886][  T348] R10: fffff5200014af80 R11: dffffc0000000001 R12: dffffc0000000000
[   41.048721][  T348] R13: 1ffff11024e10816 R14: ffff888127084068 R15: ffff8881270840b0
[   41.056435][  T348] FS:  0000555556087480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   41.065332][  T348] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   41.071814][  T348] CR2: 000000c00132a000 CR3: 0000000126171000 CR4: 00000000003506a0
[   41.079819][  T348] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   41.087589][  T348] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   41.095353][  T348] Call Trace:
[   41.098645][  T348]  <TASK>
[   41.101346][  T348]  ? show_regs+0x58/0x60
[   41.105531][  T348]  ? __warn+0x160/0x2f0
[   41.109591][  T348]  ? drop_nlink+0xc1/0x110
[   41.113777][  T348]  ? report_bug+0x3d9/0x5b0
[   41.118208][  T348]  ? drop_nlink+0xc1/0x110
[   41.122363][  T348]  ? handle_bug+0x41/0x70
[   41.126532][  T348]  ? exc_invalid_op+0x1b/0x50
[   41.131245][  T348]  ? asm_exc_invalid_op+0x1b/0x20
[   41.136084][  T348]  ? drop_nlink+0x44/0x110
[   41.140528][  T348]  ? drop_nlink+0xc1/0x110
[   41.144759][  T348]  ? drop_nlink+0xc1/0x110
[   41.149044][  T348]  ? drop_nlink+0xc1/0x110
[   41.153268][  T348]  shmem_rmdir+0x59/0x90
[   41.157426][  T348]  vfs_rmdir+0x324/0x470
[   41.161556][  T348]  incfs_kill_sb+0x113/0x230
[   41.165947][  T348]  deactivate_locked_super+0xad/0x110
[   41.171481][  T348]  deactivate_super+0xbe/0xf0
[   41.176070][  T348]  cleanup_mnt+0x45c/0x510
[   41.180548][  T348]  __cleanup_mnt+0x19/0x20
[   41.184784][  T348]  task_work_run+0x129/0x190
[   41.189337][  T348]  exit_to_user_mode_loop+0xc4/0xe0
[   41.194416][  T348]  exit_to_user_mode_prepare+0x5a/0xa0
[   41.199766][  T348]  syscall_exit_to_user_mode+0x26/0x160
[   41.205208][  T348]  do_syscall_64+0x49/0xb0
[   41.209705][  T348]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   41.215380][  T348] RIP: 0033:0x7f90cc56a1d7
[   41.219690][  T348] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[   41.239326][  T348] RSP: 002b:00007ffc2f548e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   41.247921][  T348] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f90cc56a1d7
[   41.255883][  T348] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc2f548f10
[   41.263726][  T348] RBP: 00007ffc2f548f10 R08: 0000000000000000 R09: 0000000000000000
[   41.271568][  T348] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc2f54a000
[   41.279545][  T348] R13: 00007f90cc5b43b9 R14: 0000000000009f7c R15: 0000000000000006
[   41.287332][  T348]  </TASK>
[   41.290260][  T348] ---[ end trace f27d799b85389db5 ]---
[   41.295524][  T348] ==================================================================
[   41.303388][  T348] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60
[   41.309461][  T348] Write of size 4 at addr 0000000000000170 by task syz-executor.0/348
[   41.317445][  T348] 
[   41.319622][  T348] CPU: 0 PID: 348 Comm: syz-executor.0 Tainted: G        W         5.15.149-syzkaller-1069109-g5d96939590c0 #0
[   41.331256][  T348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   41.341403][  T348] Call Trace:
[   41.344525][  T348]  <TASK>
[   41.347296][  T348]  dump_stack_lvl+0x151/0x1b7
[   41.351811][  T348]  ? io_uring_drop_tctx_refs+0x190/0x190
[   41.357278][  T348]  ? _raw_spin_lock+0xa4/0x1b0
[   41.361882][  T348]  ? _raw_spin_trylock_bh+0x190/0x190
[   41.367089][  T348]  kasan_report+0x16f/0x1c0
[   41.371425][  T348]  ? ihold+0x20/0x60
[   41.375240][  T348]  ? ihold+0x20/0x60
[   41.378980][  T348]  kasan_check_range+0x293/0x2a0
[   41.384169][  T348]  __kasan_check_write+0x14/0x20
[   41.388958][  T348]  ihold+0x20/0x60
[   41.392701][  T348]  vfs_rmdir+0x201/0x470
[   41.396868][  T348]  incfs_kill_sb+0x113/0x230
[   41.401287][  T348]  deactivate_locked_super+0xad/0x110
[   41.406498][  T348]  deactivate_super+0xbe/0xf0
[   41.411011][  T348]  cleanup_mnt+0x45c/0x510
[   41.415260][  T348]  __cleanup_mnt+0x19/0x20
[   41.419599][  T348]  task_work_run+0x129/0x190
[   41.424029][  T348]  exit_to_user_mode_loop+0xc4/0xe0
[   41.429146][  T348]  exit_to_user_mode_prepare+0x5a/0xa0
[   41.434439][  T348]  syscall_exit_to_user_mode+0x26/0x160
[   41.439825][  T348]  do_syscall_64+0x49/0xb0
[   41.444081][  T348]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   41.450003][  T348] RIP: 0033:0x7f90cc56a1d7
[   41.454256][  T348] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[   41.473893][  T348] RSP: 002b:00007ffc2f548e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   41.482131][  T348] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f90cc56a1d7
[   41.489944][  T348] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc2f548f10
[   41.497757][  T348] RBP: 00007ffc2f548f10 R08: 0000000000000000 R09: 0000000000000000
[   41.505660][  T348] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc2f54a000
[   41.513488][  T348] R13: 00007f90cc5b43b9 R14: 0000000000009f7c R15: 0000000000000006
[   41.521278][  T348]  </TASK>
[   41.524138][  T348] ==================================================================
[   41.532037][  T348] Disabling lock debugging due to kernel taint
[   41.539018][  T348] BUG: kernel NULL pointer dereference, address: 0000000000000170
[   41.546629][  T348] #PF: supervisor write access in kernel mode
[   41.552530][  T348] #PF: error_code(0x0002) - not-present page
[   41.558344][  T348] PGD 1261c4067 P4D 1261c4067 PUD 0 
[   41.563468][  T348] Oops: 0002 [#1] PREEMPT SMP KASAN
[   41.568500][  T348] CPU: 0 PID: 348 Comm: syz-executor.0 Tainted: G    B   W         5.15.149-syzkaller-1069109-g5d96939590c0 #0
[   41.580129][  T348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   41.590125][  T348] RIP: 0010:ihold+0x25/0x60
[   41.594452][  T348] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 d1 df ae ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 b0 f0 f0 ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 54 e3 ae
[   41.613997][  T348] RSP: 0018:ffffc90000a57cc8 EFLAGS: 00010246
[   41.619889][  T348] RAX: ffff88810c8c3b00 RBX: 0000000000000001 RCX: ffff88810c8c3b40
[   41.627789][  T348] RDX: 0000000000000000 RSI: 0000000000000286 RDI: 00000000ffffffff
[   41.635607][  T348] RBP: ffffc90000a57cd8 R08: ffffffff81416f3b R09: 0000000000000003
[   41.643621][  T348] R10: fffffbfff0d9244c R11: dffffc0000000001 R12: dffffc0000000000
[   41.651511][  T348] R13: ffff88811d266330 R14: 0000000000000000 R15: 1ffff11023a4cc6c
[   41.659320][  T348] FS:  0000555556087480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   41.668087][  T348] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   41.674602][  T348] CR2: 0000000000000170 CR3: 0000000126171000 CR4: 00000000003506b0
[   41.682421][  T348] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   41.690310][  T348] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   41.698293][  T348] Call Trace:
[   41.701417][  T348]  <TASK>
[   41.704214][  T348]  ? __die_body+0x62/0xb0
[   41.708379][  T348]  ? __die+0x7e/0x90
[   41.712097][  T348]  ? page_fault_oops+0x7f9/0xa90
[   41.716868][  T348]  ? __kasan_check_write+0x14/0x20
[   41.721814][  T348]  ? kernelmode_fixup_or_oops+0x270/0x270
[   41.727367][  T348]  ? __schedule+0xcd4/0x1590
[   41.731825][  T348]  ? exc_page_fault+0x521/0x830
[   41.736485][  T348]  ? asm_exc_page_fault+0x27/0x30
[   41.741342][  T348]  ? check_panic_on_warn+0x5b/0xb0
[   41.746288][  T348]  ? ihold+0x25/0x60
[   41.750021][  T348]  ? ihold+0x20/0x60
[   41.753752][  T348]  vfs_rmdir+0x201/0x470
[   41.757832][  T348]  incfs_kill_sb+0x113/0x230
[   41.762257][  T348]  deactivate_locked_super+0xad/0x110
[   41.767471][  T348]  deactivate_super+0xbe/0xf0
[   41.771982][  T348]  cleanup_mnt+0x45c/0x510
[   41.776235][  T348]  __cleanup_mnt+0x19/0x20
[   41.780485][  T348]  task_work_run+0x129/0x190
[   41.784912][  T348]  exit_to_user_mode_loop+0xc4/0xe0
[   41.789955][  T348]  exit_to_user_mode_prepare+0x5a/0xa0
[   41.795243][  T348]  syscall_exit_to_user_mode+0x26/0x160
[   41.800921][  T348]  do_syscall_64+0x49/0xb0
[   41.805166][  T348]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   41.810920][  T348] RIP: 0033:0x7f90cc56a1d7
[   41.815322][  T348] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[   41.834959][  T348] RSP: 002b:00007ffc2f548e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   41.843269][  T348] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f90cc56a1d7
[   41.851081][  T348] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc2f548f10
[   41.858888][  T348] RBP: 00007ffc2f548f10 R08: 0000000000000000 R09: 0000000000000000
[   41.866786][  T348] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc2f54a000
[   41.874599][  T348] R13: 00007f90cc5b43b9 R14: 0000000000009f7c R15: 0000000000000006
[   41.882513][  T348]  </TASK>
[   41.885487][  T348] Modules linked in:
[   41.889198][  T348] CR2: 0000000000000170
[   41.893188][  T348] ---[ end trace f27d799b85389db6 ]---
[   41.898473][  T348] RIP: 0010:ihold+0x25/0x60
[   41.902811][  T348] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 d1 df ae ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 b0 f0 f0 ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 54 e3 ae
[   41.922339][  T348] RSP: 0018:ffffc90000a57cc8 EFLAGS: 00010246
[   41.928236][  T348] RAX: ffff88810c8c3b00 RBX: 0000000000000001 RCX: ffff88810c8c3b40
[   41.936058][  T348] RDX: 0000000000000000 RSI: 0000000000000286 RDI: 00000000ffffffff
[   41.943957][  T348] RBP: ffffc90000a57cd8 R08: ffffffff81416f3b R09: 0000000000000003
[   41.951767][  T348] R10: fffffbfff0d9244c R11: dffffc0000000001 R12: dffffc0000000000
[   41.959579][  T348] R13: ffff88811d266330 R14: 0000000000000000 R15: 1ffff11023a4cc6c
[   41.967404][  T348] FS:  0000555556087480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   41.976157][  T348] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   41.982579][  T348] CR2: 0000000000000170 CR3: 0000000126171000 CR4: 00000000003506b0
[   41.990480][  T348] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   41.998290][  T348] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   42.006200][  T348] Kernel panic - not syncing: Fatal exception
[   42.012293][  T348] Kernel Offset: disabled
[   42.016419][  T348] Rebooting in 86400 seconds..