Warning: Permanently added '10.128.1.100' (ED25519) to the list of known hosts. 2024/08/19 00:21:40 ignoring optional flag "sandboxArg"="0" 2024/08/19 00:21:40 parsed 1 programs [ 48.481226][ T23] kauditd_printk_skb: 19 callbacks suppressed [ 48.481239][ T23] audit: type=1400 audit(1724026900.960:95): avc: denied { unlink } for pid=411 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2024/08/19 00:21:41 executed programs: 0 [ 48.557497][ T411] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 48.632340][ T417] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.639383][ T417] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.646943][ T417] device bridge_slave_0 entered promiscuous mode [ 48.654070][ T417] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.661095][ T417] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.668451][ T417] device bridge_slave_1 entered promiscuous mode [ 48.726141][ T417] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.734628][ T417] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.741963][ T417] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.749101][ T417] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.775209][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.783418][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.792094][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.799912][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.810167][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.818868][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.825689][ T371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.847422][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.855955][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.863499][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.871202][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.879167][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.892471][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.905159][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.928172][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.936468][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.945740][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.973063][ T23] audit: type=1400 audit(1724026901.450:96): avc: denied { mounton } for pid=422 comm="syz-executor.0" path="/root/syzkaller-testdir3302785333/syzkaller.45FAX3/0/file0" dev="sda1" ino=1939 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 48.999883][ T23] audit: type=1400 audit(1724026901.450:97): avc: denied { mount } for pid=422 comm="syz-executor.0" name="/" dev="tmpfs" ino=11119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 49.023108][ T23] audit: type=1400 audit(1724026901.480:98): avc: denied { mounton } for pid=422 comm="syz-executor.0" path="/root/syzkaller-testdir3302785333/syzkaller.45FAX3/0/file0/file0" dev="tmpfs" ino=11120 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 49.051717][ T23] audit: type=1400 audit(1724026901.530:99): avc: denied { unmount } for pid=417 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 49.072085][ T23] audit: type=1400 audit(1724026901.530:100): avc: denied { unmount } for pid=417 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 49.092617][ T417] ------------[ cut here ]------------ [ 49.098076][ T417] WARNING: CPU: 1 PID: 417 at fs/inode.c:302 drop_nlink+0xbb/0x100 [ 49.106110][ T417] Modules linked in: [ 49.109856][ T417] CPU: 1 PID: 417 Comm: syz-executor.0 Not tainted 5.4.278-syzkaller-04929-g8edc449e71a9 #0 [ 49.119916][ T417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 49.129823][ T417] RIP: 0010:drop_nlink+0xbb/0x100 [ 49.134753][ T417] Code: 49 8b 1e 48 8d bb d0 04 00 00 be 08 00 00 00 e8 7b 9a f2 ff f0 48 ff 83 d0 04 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 b5 e0 c2 ff <0f> 0b eb 89 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 49.154552][ T417] RSP: 0018:ffff8881ef49fc68 EFLAGS: 00010293 [ 49.160671][ T417] RAX: ffffffff81a1580b RBX: 1ffff1103b54cf05 RCX: ffff8881f31c2f40 [ 49.169001][ T417] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 49.176812][ T417] RBP: 0000000000000000 R08: ffffffff81a1578f R09: 0000000000000003 [ 49.184633][ T417] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881daa67828 [ 49.192522][ T417] R13: dffffc0000000000 R14: ffff8881daa677e0 R15: dffffc0000000000 [ 49.200576][ T417] FS: 0000555555c55480(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 49.209855][ T417] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.216456][ T417] CR2: 0000555555c6e898 CR3: 00000001f0e3f000 CR4: 00000000003406a0 [ 49.224623][ T417] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.232798][ T417] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.240776][ T417] Call Trace: [ 49.243915][ T417] ? __warn+0x162/0x250 [ 49.247914][ T417] ? report_bug+0x3a1/0x4e0 [ 49.252511][ T417] ? drop_nlink+0xbb/0x100 [ 49.256744][ T417] ? drop_nlink+0xbb/0x100 [ 49.262341][ T417] ? do_invalid_op+0x6e/0x110 [ 49.266971][ T417] ? invalid_op+0x1e/0x30 [ 49.271190][ T417] ? drop_nlink+0x3f/0x100 [ 49.275959][ T417] ? drop_nlink+0xbb/0x100 [ 49.280158][ T417] ? drop_nlink+0xbb/0x100 [ 49.284401][ T417] ? drop_nlink+0xbb/0x100 [ 49.288658][ T417] shmem_rmdir+0x54/0x80 [ 49.292749][ T417] vfs_rmdir+0x285/0x3c0 [ 49.296820][ T417] incfs_kill_sb+0x105/0x200 [ 49.301232][ T417] deactivate_locked_super+0xa8/0x110 [ 49.306459][ T417] deactivate_super+0x1e2/0x2a0 [ 49.311124][ T417] ? vfs_submount+0xb0/0xb0 [ 49.315565][ T417] ? deactivate_locked_super+0x110/0x110 [ 49.321291][ T417] ? fast_dput+0x7a/0x280 [ 49.325470][ T417] cleanup_mnt+0x44e/0x500 [ 49.329764][ T417] task_work_run+0x140/0x170 [ 49.334159][ T417] exit_to_usermode_loop+0x190/0x1a0 [ 49.339707][ T417] prepare_exit_to_usermode+0x199/0x200 [ 49.345094][ T417] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 49.350822][ T417] RIP: 0033:0x7f4a2e2bc197 [ 49.355053][ T417] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 49.374598][ T417] RSP: 002b:00007ffc3a5d38b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 49.383093][ T417] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f4a2e2bc197 [ 49.390910][ T417] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3a5d3970 [ 49.398798][ T417] RBP: 00007ffc3a5d3970 R08: 0000000000000000 R09: 0000000000000000 [ 49.406662][ T417] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc3a5d4a60 [ 49.414429][ T417] R13: 00007f4a2e3063b9 R14: 000000000000bf2e R15: 0000000000000006 [ 49.422239][ T417] ---[ end trace 82c7f39ef6b21b98 ]--- [ 49.430130][ T417] ================================================================== [ 49.438150][ T417] BUG: KASAN: null-ptr-deref in ihold+0x1b/0x50 [ 49.444165][ T417] Write of size 4 at addr 0000000000000160 by task syz-executor.0/417 [ 49.452156][ T417] [ 49.454336][ T417] CPU: 1 PID: 417 Comm: syz-executor.0 Tainted: G W 5.4.278-syzkaller-04929-g8edc449e71a9 #0 [ 49.465775][ T417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 49.475837][ T417] Call Trace: [ 49.478993][ T417] dump_stack+0x1d8/0x241 [ 49.483153][ T417] ? panic+0x89d/0x89d [ 49.487046][ T417] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 49.492776][ T417] ? _raw_spin_trylock_bh+0x190/0x190 [ 49.497905][ T417] ? shmem_destroy_inode+0x5/0x10 [ 49.502765][ T417] ? ihold+0x1b/0x50 [ 49.506619][ T417] __kasan_report+0xe9/0x120 [ 49.511417][ T417] ? ihold+0x1b/0x50 [ 49.515622][ T417] kasan_report+0x30/0x60 [ 49.519770][ T417] check_memory_region+0x272/0x280 [ 49.524786][ T417] ihold+0x1b/0x50 [ 49.528433][ T417] vfs_rmdir+0x1e0/0x3c0 [ 49.532621][ T417] incfs_kill_sb+0x105/0x200 [ 49.537110][ T417] deactivate_locked_super+0xa8/0x110 [ 49.542433][ T417] deactivate_super+0x1e2/0x2a0 [ 49.547094][ T417] ? vfs_submount+0xb0/0xb0 [ 49.551449][ T417] ? deactivate_locked_super+0x110/0x110 [ 49.557078][ T417] ? fast_dput+0x7a/0x280 [ 49.561323][ T417] cleanup_mnt+0x44e/0x500 [ 49.565617][ T417] task_work_run+0x140/0x170 [ 49.570007][ T417] exit_to_usermode_loop+0x190/0x1a0 [ 49.575312][ T417] prepare_exit_to_usermode+0x199/0x200 [ 49.580788][ T417] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 49.586507][ T417] RIP: 0033:0x7f4a2e2bc197 [ 49.590764][ T417] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 49.610202][ T417] RSP: 002b:00007ffc3a5d38b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 49.618542][ T417] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f4a2e2bc197 [ 49.626615][ T417] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3a5d3970 [ 49.634520][ T417] RBP: 00007ffc3a5d3970 R08: 0000000000000000 R09: 0000000000000000 [ 49.642340][ T417] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc3a5d4a60 [ 49.650126][ T417] R13: 00007f4a2e3063b9 R14: 000000000000bf2e R15: 0000000000000006 [ 49.658024][ T417] ================================================================== [ 49.666297][ T417] Disabling lock debugging due to kernel taint [ 49.673516][ T417] BUG: kernel NULL pointer dereference, address: 0000000000000160 [ 49.681221][ T417] #PF: supervisor write access in kernel mode [ 49.687113][ T417] #PF: error_code(0x0002) - not-present page [ 49.692931][ T417] PGD 1e0e1f067 P4D 1e0e1f067 PUD 0 [ 49.698153][ T417] Oops: 0002 [#1] PREEMPT SMP KASAN [ 49.703187][ T417] CPU: 0 PID: 417 Comm: syz-executor.0 Tainted: G B W 5.4.278-syzkaller-04929-g8edc449e71a9 #0 [ 49.714473][ T417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 49.724544][ T417] RIP: 0010:ihold+0x20/0x50 [ 49.729037][ T417] Code: 0f 1f 84 00 00 00 00 00 66 90 55 53 48 89 fb e8 16 d9 c2 ff 48 8d bb 60 01 00 00 be 04 00 00 00 e8 b5 92 f2 ff bd 01 00 00 00 0f c1 ab 60 01 00 00 ff c5 bf 02 00 00 00 89 ee e8 da db c2 ff [ 49.748571][ T417] RSP: 0018:ffff8881ef49fca0 EFLAGS: 00010246 [ 49.754477][ T417] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881f31c2f40 [ 49.762361][ T417] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 49.770275][ T417] RBP: 0000000000000001 R08: ffffffff813ae2f5 R09: 0000000000000003 [ 49.778179][ T417] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000 [ 49.786183][ T417] R13: dffffc0000000000 R14: ffff8881daa66a00 R15: 0000000000000000 [ 49.794219][ T417] FS: 0000555555c55480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 49.802974][ T417] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.809940][ T417] CR2: 0000000000000160 CR3: 00000001f0e3f000 CR4: 00000000003406b0 [ 49.818010][ T417] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.825921][ T417] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.834150][ T417] Call Trace: [ 49.837456][ T417] ? __die+0xb4/0x100 [ 49.841392][ T417] ? no_context+0xac7/0xd20 [ 49.845691][ T417] ? is_prefetch+0x4b0/0x4b0 [ 49.850202][ T417] ? ihold+0x1b/0x50 [ 49.853937][ T417] ? __do_page_fault+0xa72/0xbb0 [ 49.858798][ T417] ? __bad_area_nosemaphore+0xc0/0x470 [ 49.864614][ T417] ? page_fault+0x2f/0x40 [ 49.869008][ T417] ? check_panic_on_warn+0x55/0xa0 [ 49.873937][ T417] ? ihold+0x20/0x50 [ 49.877721][ T417] vfs_rmdir+0x1e0/0x3c0 [ 49.882016][ T417] incfs_kill_sb+0x105/0x200 [ 49.886592][ T417] deactivate_locked_super+0xa8/0x110 [ 49.891955][ T417] deactivate_super+0x1e2/0x2a0 [ 49.896824][ T417] ? vfs_submount+0xb0/0xb0 [ 49.901227][ T417] ? deactivate_locked_super+0x110/0x110 [ 49.906860][ T417] ? fast_dput+0x7a/0x280 [ 49.911037][ T417] cleanup_mnt+0x44e/0x500 [ 49.915280][ T417] task_work_run+0x140/0x170 [ 49.919863][ T417] exit_to_usermode_loop+0x190/0x1a0 [ 49.924955][ T417] prepare_exit_to_usermode+0x199/0x200 [ 49.930462][ T417] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 49.936190][ T417] RIP: 0033:0x7f4a2e2bc197 [ 49.940518][ T417] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 49.960181][ T417] RSP: 002b:00007ffc3a5d38b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 49.968593][ T417] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f4a2e2bc197 [ 49.976494][ T417] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3a5d3970 [ 49.984382][ T417] RBP: 00007ffc3a5d3970 R08: 0000000000000000 R09: 0000000000000000 [ 49.992234][ T417] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc3a5d4a60 [ 50.000011][ T417] R13: 00007f4a2e3063b9 R14: 000000000000bf2e R15: 0000000000000006 [ 50.007817][ T417] Modules linked in: [ 50.011558][ T417] CR2: 0000000000000160 [ 50.015553][ T417] ---[ end trace 82c7f39ef6b21b99 ]--- [ 50.020951][ T417] RIP: 0010:ihold+0x20/0x50 [ 50.025292][ T417] Code: 0f 1f 84 00 00 00 00 00 66 90 55 53 48 89 fb e8 16 d9 c2 ff 48 8d bb 60 01 00 00 be 04 00 00 00 e8 b5 92 f2 ff bd 01 00 00 00 0f c1 ab 60 01 00 00 ff c5 bf 02 00 00 00 89 ee e8 da db c2 ff [ 50.044789][ T417] RSP: 0018:ffff8881ef49fca0 EFLAGS: 00010246 [ 50.050793][ T417] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881f31c2f40 [ 50.058602][ T417] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 50.067050][ T417] RBP: 0000000000000001 R08: ffffffff813ae2f5 R09: 0000000000000003 [ 50.074856][ T417] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000 [ 50.082680][ T417] R13: dffffc0000000000 R14: ffff8881daa66a00 R15: 0000000000000000 [ 50.090568][ T417] FS: 0000555555c55480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 50.099428][ T417] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 50.105862][ T417] CR2: 0000000000000160 CR3: 00000001f0e3f000 CR4: 00000000003406b0 [ 50.114095][ T417] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 50.122019][ T417] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 50.129843][ T417] Kernel panic - not syncing: Fatal exception [ 50.136185][ T417] Kernel Offset: disabled [ 50.140406][ T417] Rebooting in 86400 seconds..