Warning: Permanently added '10.128.1.99' (ED25519) to the list of known hosts. 2024/06/09 20:53:35 ignoring optional flag "sandboxArg"="0" 2024/06/09 20:53:35 parsed 1 programs [ 56.757599][ T23] kauditd_printk_skb: 19 callbacks suppressed [ 56.757612][ T23] audit: type=1400 audit(1717966415.870:95): avc: denied { unlink } for pid=421 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2024/06/09 20:53:35 executed programs: 0 [ 56.861418][ T421] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 56.933502][ T427] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.940549][ T427] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.947863][ T427] device bridge_slave_0 entered promiscuous mode [ 56.954997][ T427] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.961852][ T427] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.969351][ T427] device bridge_slave_1 entered promiscuous mode [ 57.022729][ T427] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.029593][ T427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.036777][ T427] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.043937][ T427] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.068352][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.075794][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.083531][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.091189][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.100819][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.108887][ T368] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.115738][ T368] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.124491][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.132886][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.140394][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.154941][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.169254][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.189267][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.197572][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.209501][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.227327][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.235611][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.260916][ T23] audit: type=1400 audit(1717966416.380:96): avc: denied { mounton } for pid=432 comm="syz-executor.0" path="/root/syzkaller-testdir1132538849/syzkaller.BFNL8b/0/file0" dev="sda1" ino=1939 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 57.288168][ T427] ------------[ cut here ]------------ [ 57.288420][ T23] audit: type=1400 audit(1717966416.380:97): avc: denied { mount } for pid=432 comm="syz-executor.0" name="/" dev="tmpfs" ino=10821 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 57.293501][ T427] WARNING: CPU: 1 PID: 427 at fs/inode.c:302 drop_nlink+0xbb/0x100 [ 57.293504][ T427] Modules linked in: [ 57.293518][ T427] CPU: 1 PID: 427 Comm: syz-executor.0 Not tainted 5.4.274-syzkaller-04909-gdd432c37afcd #0 [ 57.293524][ T427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 57.293539][ T427] RIP: 0010:drop_nlink+0xbb/0x100 [ 57.293549][ T427] Code: 49 8b 1e 48 8d bb d0 04 00 00 be 08 00 00 00 e8 7b 9a f2 ff f0 48 ff 83 d0 04 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 75 e2 c2 ff <0f> 0b eb 89 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 57.293556][ T427] RSP: 0018:ffff8881d9ef7aa8 EFLAGS: 00010293 [ 57.293567][ T427] RAX: ffffffff81a159ab RBX: 1ffff1103df6c774 RCX: ffff8881f31f8fc0 [ 57.293573][ T427] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 57.293579][ T427] RBP: 0000000000000000 R08: ffffffff81a1592f R09: 0000000000000003 [ 57.293587][ T427] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881efb63ba0 [ 57.293602][ T427] R13: dffffc0000000000 R14: ffff8881efb63b58 R15: dffffc0000000000 [ 57.316674][ T23] audit: type=1400 audit(1717966416.380:98): avc: denied { mounton } for pid=432 comm="syz-executor.0" path="/syzcgroup/unified/syz0" dev="cgroup2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 57.323587][ T427] FS: 0000555555e89480(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 57.323594][ T427] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.323600][ T427] CR2: 000000c001330000 CR3: 00000001ed34b000 CR4: 00000000003406a0 [ 57.323609][ T427] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.323622][ T427] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.327332][ T23] audit: type=1400 audit(1717966416.380:99): avc: denied { unmount } for pid=427 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 57.337293][ T427] Call Trace: [ 57.337309][ T427] ? __warn+0x162/0x250 [ 57.337321][ T427] ? report_bug+0x3a1/0x4e0 [ 57.337337][ T427] ? drop_nlink+0xbb/0x100 [ 57.516820][ T427] ? drop_nlink+0xbb/0x100 [ 57.521051][ T427] ? do_invalid_op+0x6e/0x110 [ 57.525653][ T427] ? invalid_op+0x1e/0x30 [ 57.530167][ T427] ? drop_nlink+0x3f/0x100 [ 57.534425][ T427] ? drop_nlink+0xbb/0x100 [ 57.538671][ T427] ? drop_nlink+0xbb/0x100 [ 57.543099][ T427] ? drop_nlink+0xbb/0x100 [ 57.547356][ T427] shmem_rmdir+0x54/0x80 [ 57.551433][ T427] vfs_rmdir+0x285/0x3c0 [ 57.555656][ T427] incfs_kill_sb+0x105/0x200 [ 57.560027][ T427] deactivate_locked_super+0xa8/0x110 [ 57.565832][ T427] deactivate_super+0x1e2/0x2a0 [ 57.570490][ T427] ? deactivate_locked_super+0x110/0x110 [ 57.576131][ T427] ? fast_dput+0x7a/0x280 [ 57.580302][ T427] cleanup_mnt+0x44e/0x500 [ 57.584533][ T427] task_work_run+0x140/0x170 [ 57.589080][ T427] do_exit+0xcaf/0x2bc0 [ 57.593067][ T427] ? check_preemption_disabled+0x153/0x320 [ 57.598701][ T427] ? put_task_struct+0x80/0x80 [ 57.603296][ T427] ? debug_smp_processor_id+0x20/0x20 [ 57.608704][ T427] do_group_exit+0x138/0x300 [ 57.613123][ T427] __x64_sys_exit_group+0x3b/0x40 [ 57.618070][ T427] do_syscall_64+0xca/0x1c0 [ 57.622434][ T427] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 57.628132][ T427] RIP: 0033:0x7f21830dee69 [ 57.632372][ T427] Code: Bad RIP value. [ 57.636318][ T427] RSP: 002b:00007ffd9d426af8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 57.644616][ T427] RAX: ffffffffffffffda RBX: 00007f218312a42b RCX: 00007f21830dee69 [ 57.652438][ T427] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 57.660322][ T427] RBP: 0000000000000010 R08: 00007ffd9d424896 R09: 00007ffd9d427db0 [ 57.668457][ T427] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffd9d427db0 [ 57.676300][ T427] R13: 00007f218312a3b9 R14: 0000555555e89430 R15: 0000000000000003 [ 57.684080][ T427] ---[ end trace e3e78958a83f7048 ]--- [ 57.692057][ T427] ================================================================== [ 57.700029][ T427] BUG: KASAN: null-ptr-deref in ihold+0x1b/0x50 [ 57.706192][ T427] Write of size 4 at addr 0000000000000160 by task syz-executor.0/427 [ 57.714249][ T427] [ 57.716531][ T427] CPU: 0 PID: 427 Comm: syz-executor.0 Tainted: G W 5.4.274-syzkaller-04909-gdd432c37afcd #0 [ 57.727884][ T427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 57.738175][ T427] Call Trace: [ 57.741305][ T427] dump_stack+0x1d8/0x241 [ 57.745450][ T427] ? panic+0x89d/0x89d [ 57.749347][ T427] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 57.755126][ T427] ? _raw_spin_trylock_bh+0x190/0x190 [ 57.760411][ T427] ? shmem_destroy_inode+0x5/0x10 [ 57.765264][ T427] ? ihold+0x1b/0x50 [ 57.769199][ T427] __kasan_report+0xe9/0x120 [ 57.773623][ T427] ? ihold+0x1b/0x50 [ 57.777360][ T427] kasan_report+0x30/0x60 [ 57.781526][ T427] check_memory_region+0x272/0x280 [ 57.786493][ T427] ihold+0x1b/0x50 [ 57.790026][ T427] vfs_rmdir+0x1e0/0x3c0 [ 57.794109][ T427] incfs_kill_sb+0x105/0x200 [ 57.798967][ T427] deactivate_locked_super+0xa8/0x110 [ 57.804441][ T427] deactivate_super+0x1e2/0x2a0 [ 57.809299][ T427] ? deactivate_locked_super+0x110/0x110 [ 57.814860][ T427] ? fast_dput+0x7a/0x280 [ 57.819015][ T427] cleanup_mnt+0x44e/0x500 [ 57.823379][ T427] task_work_run+0x140/0x170 [ 57.827894][ T427] do_exit+0xcaf/0x2bc0 [ 57.831921][ T427] ? check_preemption_disabled+0x153/0x320 [ 57.837527][ T427] ? put_task_struct+0x80/0x80 [ 57.842130][ T427] ? debug_smp_processor_id+0x20/0x20 [ 57.847665][ T427] do_group_exit+0x138/0x300 [ 57.852086][ T427] __x64_sys_exit_group+0x3b/0x40 [ 57.857019][ T427] do_syscall_64+0xca/0x1c0 [ 57.861371][ T427] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 57.867347][ T427] RIP: 0033:0x7f21830dee69 [ 57.871588][ T427] Code: Bad RIP value. [ 57.875661][ T427] RSP: 002b:00007ffd9d426af8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 57.884284][ T427] RAX: ffffffffffffffda RBX: 00007f218312a42b RCX: 00007f21830dee69 [ 57.892888][ T427] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 57.901128][ T427] RBP: 0000000000000010 R08: 00007ffd9d424896 R09: 00007ffd9d427db0 [ 57.909153][ T427] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffd9d427db0 [ 57.917284][ T427] R13: 00007f218312a3b9 R14: 0000555555e89430 R15: 0000000000000003 [ 57.925642][ T427] ================================================================== [ 57.933904][ T427] Disabling lock debugging due to kernel taint [ 57.943300][ T427] BUG: kernel NULL pointer dereference, address: 0000000000000160 [ 57.951966][ T427] #PF: supervisor write access in kernel mode [ 57.958036][ T427] #PF: error_code(0x0002) - not-present page [ 57.963850][ T427] PGD 1f0a6d067 P4D 1f0a6d067 PUD 1e0c52067 PMD 0 [ 57.970197][ T427] Oops: 0002 [#1] PREEMPT SMP KASAN [ 57.975224][ T427] CPU: 0 PID: 427 Comm: syz-executor.0 Tainted: G B W 5.4.274-syzkaller-04909-gdd432c37afcd #0 [ 57.986676][ T427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 57.996672][ T427] RIP: 0010:ihold+0x20/0x50 [ 58.001115][ T427] Code: 0f 1f 84 00 00 00 00 00 66 90 55 53 48 89 fb e8 d6 da c2 ff 48 8d bb 60 01 00 00 be 04 00 00 00 e8 b5 92 f2 ff bd 01 00 00 00 0f c1 ab 60 01 00 00 ff c5 bf 02 00 00 00 89 ee e8 9a dd c2 ff [ 58.020911][ T427] RSP: 0018:ffff8881d9ef7ae0 EFLAGS: 00010246 [ 58.026887][ T427] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881f31f8fc0 [ 58.035180][ T427] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 58.044236][ T427] RBP: 0000000000000001 R08: ffffffff813ae8a5 R09: 0000000000000003 [ 58.052033][ T427] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000 [ 58.059846][ T427] R13: dffffc0000000000 R14: ffff8881efb60ac8 R15: 0000000000000000 [ 58.067661][ T427] FS: 0000555555e89480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 58.076509][ T427] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.082934][ T427] CR2: 0000000000000160 CR3: 00000001da1c1000 CR4: 00000000003406b0 [ 58.090750][ T427] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.098647][ T427] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.106456][ T427] Call Trace: [ 58.109592][ T427] ? __die+0xb4/0x100 [ 58.113680][ T427] ? no_context+0xbda/0xe50 [ 58.118168][ T427] ? schedule_preempt_disabled+0x20/0x20 [ 58.123634][ T427] ? is_prefetch+0x4b0/0x4b0 [ 58.128146][ T427] ? ihold+0x1b/0x50 [ 58.131876][ T427] ? __do_page_fault+0xa7d/0xbb0 [ 58.136729][ T427] ? __bad_area_nosemaphore+0xc0/0x460 [ 58.142601][ T427] ? page_fault+0x2f/0x40 [ 58.146723][ T427] ? check_panic_on_warn+0x55/0xa0 [ 58.151874][ T427] ? ihold+0x20/0x50 [ 58.155636][ T427] vfs_rmdir+0x1e0/0x3c0 [ 58.159725][ T427] incfs_kill_sb+0x105/0x200 [ 58.165275][ T427] deactivate_locked_super+0xa8/0x110 [ 58.170760][ T427] deactivate_super+0x1e2/0x2a0 [ 58.175544][ T427] ? deactivate_locked_super+0x110/0x110 [ 58.181021][ T427] ? fast_dput+0x7a/0x280 [ 58.185291][ T427] cleanup_mnt+0x44e/0x500 [ 58.189662][ T427] task_work_run+0x140/0x170 [ 58.194252][ T427] do_exit+0xcaf/0x2bc0 [ 58.198444][ T427] ? check_preemption_disabled+0x153/0x320 [ 58.204345][ T427] ? put_task_struct+0x80/0x80 [ 58.209080][ T427] ? debug_smp_processor_id+0x20/0x20 [ 58.214498][ T427] do_group_exit+0x138/0x300 [ 58.219169][ T427] __x64_sys_exit_group+0x3b/0x40 [ 58.224188][ T427] do_syscall_64+0xca/0x1c0 [ 58.228765][ T427] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 58.234687][ T427] RIP: 0033:0x7f21830dee69 [ 58.239021][ T427] Code: Bad RIP value. [ 58.243811][ T427] RSP: 002b:00007ffd9d426af8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 58.252873][ T427] RAX: ffffffffffffffda RBX: 00007f218312a42b RCX: 00007f21830dee69 [ 58.261534][ T427] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 58.269767][ T427] RBP: 0000000000000010 R08: 00007ffd9d424896 R09: 00007ffd9d427db0 [ 58.278476][ T427] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffd9d427db0 [ 58.287672][ T427] R13: 00007f218312a3b9 R14: 0000555555e89430 R15: 0000000000000003 [ 58.296324][ T427] Modules linked in: [ 58.300810][ T427] CR2: 0000000000000160 [ 58.305314][ T427] ---[ end trace e3e78958a83f7049 ]--- [ 58.310957][ T427] RIP: 0010:ihold+0x20/0x50 [ 58.315291][ T427] Code: 0f 1f 84 00 00 00 00 00 66 90 55 53 48 89 fb e8 d6 da c2 ff 48 8d bb 60 01 00 00 be 04 00 00 00 e8 b5 92 f2 ff bd 01 00 00 00 0f c1 ab 60 01 00 00 ff c5 bf 02 00 00 00 89 ee e8 9a dd c2 ff [ 58.335021][ T427] RSP: 0018:ffff8881d9ef7ae0 EFLAGS: 00010246 [ 58.341176][ T427] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881f31f8fc0 [ 58.349091][ T427] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 58.357515][ T427] RBP: 0000000000000001 R08: ffffffff813ae8a5 R09: 0000000000000003 [ 58.365501][ T427] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000 [ 58.373716][ T427] R13: dffffc0000000000 R14: ffff8881efb60ac8 R15: 0000000000000000 [ 58.381519][ T427] FS: 0000555555e89480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 58.390597][ T427] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.397837][ T427] CR2: 00007f21830dee3f CR3: 00000001da1c1000 CR4: 00000000003406b0 [ 58.407380][ T427] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.415783][ T427] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.423754][ T427] Kernel panic - not syncing: Fatal exception [ 58.429902][ T427] Kernel Offset: disabled [ 58.434046][ T427] Rebooting in 86400 seconds..