Warning: Permanently added '10.128.1.71' (ED25519) to the list of known hosts. 2024/08/18 23:53:39 ignoring optional flag "sandboxArg"="0" 2024/08/18 23:53:39 parsed 1 programs [ 53.490237][ T23] kauditd_printk_skb: 19 callbacks suppressed [ 53.490261][ T23] audit: type=1400 audit(1724025219.640:95): avc: denied { unlink } for pid=416 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2024/08/18 23:53:39 executed programs: 0 [ 53.585884][ T416] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.657946][ T422] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.664893][ T422] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.672365][ T422] device bridge_slave_0 entered promiscuous mode [ 53.679599][ T422] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.686538][ T422] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.693844][ T422] device bridge_slave_1 entered promiscuous mode [ 53.746726][ T422] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.753813][ T422] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.760907][ T422] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.767949][ T422] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.792679][ T372] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.799886][ T372] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.807608][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.816230][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.831859][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.840163][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.847049][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.854386][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.862508][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.869519][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.879119][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.888903][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.906363][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 53.921831][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 53.942498][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 53.950975][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 53.959848][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 53.984810][ T23] audit: type=1400 audit(1724025220.140:96): avc: denied { mounton } for pid=428 comm="syz-executor.0" path="/root/syzkaller-testdir1238751380/syzkaller.GujCys/0/file0" dev="sda1" ino=1939 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 54.012649][ T23] audit: type=1400 audit(1724025220.140:97): avc: denied { mount } for pid=428 comm="syz-executor.0" name="/" dev="tmpfs" ino=11325 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 54.035333][ T23] audit: type=1400 audit(1724025220.150:98): avc: denied { mounton } for pid=428 comm="syz-executor.0" path="/syzcgroup/unified/syz0" dev="cgroup2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 54.035356][ T422] ------------[ cut here ]------------ [ 54.059694][ T23] audit: type=1400 audit(1724025220.170:99): avc: denied { unmount } for pid=422 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 54.065014][ T422] WARNING: CPU: 0 PID: 422 at fs/inode.c:302 drop_nlink+0xbb/0x100 [ 54.065024][ T422] Modules linked in: [ 54.096152][ T422] CPU: 0 PID: 422 Comm: syz-executor.0 Not tainted 5.4.278-syzkaller-04929-g8edc449e71a9 #0 [ 54.106042][ T422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 54.116033][ T422] RIP: 0010:drop_nlink+0xbb/0x100 [ 54.120967][ T422] Code: 49 8b 1e 48 8d bb d0 04 00 00 be 08 00 00 00 e8 7b 9a f2 ff f0 48 ff 83 d0 04 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 b5 e0 c2 ff <0f> 0b eb 89 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 54.140495][ T422] RSP: 0018:ffff8881ef4f7aa8 EFLAGS: 00010293 [ 54.146397][ T422] RAX: ffffffff81a1580b RBX: 1ffff1103e1c55b8 RCX: ffff8881f0d74ec0 [ 54.154215][ T422] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 54.162022][ T422] RBP: 0000000000000000 R08: ffffffff81a1578f R09: 0000000000000003 [ 54.169830][ T422] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f0e2adc0 [ 54.177644][ T422] R13: dffffc0000000000 R14: ffff8881f0e2ad78 R15: dffffc0000000000 [ 54.185453][ T422] FS: 000055555601a480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 54.194653][ T422] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.201087][ T422] CR2: 000000c001380000 CR3: 00000001ed4cd000 CR4: 00000000003406b0 [ 54.209014][ T422] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.216822][ T422] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.224631][ T422] Call Trace: [ 54.227759][ T422] ? __warn+0x162/0x250 [ 54.231770][ T422] ? report_bug+0x3a1/0x4e0 [ 54.236085][ T422] ? drop_nlink+0xbb/0x100 [ 54.240338][ T422] ? drop_nlink+0xbb/0x100 [ 54.244613][ T422] ? do_invalid_op+0x6e/0x110 [ 54.249104][ T422] ? invalid_op+0x1e/0x30 [ 54.253361][ T422] ? drop_nlink+0x3f/0x100 [ 54.257608][ T422] ? drop_nlink+0xbb/0x100 [ 54.261950][ T422] ? drop_nlink+0xbb/0x100 [ 54.266505][ T422] ? drop_nlink+0xbb/0x100 [ 54.270741][ T422] shmem_rmdir+0x54/0x80 [ 54.274826][ T422] vfs_rmdir+0x285/0x3c0 [ 54.278991][ T422] incfs_kill_sb+0x105/0x200 [ 54.283418][ T422] deactivate_locked_super+0xa8/0x110 [ 54.288637][ T422] deactivate_super+0x1e2/0x2a0 [ 54.293320][ T422] ? deactivate_locked_super+0x110/0x110 [ 54.298793][ T422] ? fast_dput+0x7a/0x280 [ 54.302955][ T422] cleanup_mnt+0x44e/0x500 [ 54.307202][ T422] task_work_run+0x140/0x170 [ 54.311714][ T422] do_exit+0xcaf/0x2bc0 [ 54.315705][ T422] ? check_preemption_disabled+0x153/0x320 [ 54.321342][ T422] ? put_task_struct+0x80/0x80 [ 54.325970][ T422] ? debug_smp_processor_id+0x20/0x20 [ 54.331172][ T422] do_group_exit+0x138/0x300 [ 54.335698][ T422] __x64_sys_exit_group+0x3b/0x40 [ 54.340787][ T422] do_syscall_64+0xca/0x1c0 [ 54.345104][ T422] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 54.350870][ T422] RIP: 0033:0x7facd9037e69 [ 54.355091][ T422] Code: Bad RIP value. [ 54.359080][ T422] RSP: 002b:00007ffe79c467f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 54.367407][ T422] RAX: ffffffffffffffda RBX: 00007facd908342b RCX: 00007facd9037e69 [ 54.375219][ T422] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 54.383548][ T422] RBP: 0000000000000010 R08: 00007ffe79c44596 R09: 00007ffe79c47ab0 [ 54.391372][ T422] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffe79c47ab0 [ 54.399257][ T422] R13: 00007facd90833b9 R14: 000055555601a430 R15: 0000000000000003 [ 54.407161][ T422] ---[ end trace 60da558b40825085 ]--- [ 54.414213][ T422] ================================================================== [ 54.422098][ T422] BUG: KASAN: null-ptr-deref in ihold+0x1b/0x50 [ 54.428162][ T422] Write of size 4 at addr 0000000000000160 by task syz-executor.0/422 [ 54.436230][ T422] [ 54.438442][ T422] CPU: 0 PID: 422 Comm: syz-executor.0 Tainted: G W 5.4.278-syzkaller-04929-g8edc449e71a9 #0 [ 54.449759][ T422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 54.459667][ T422] Call Trace: [ 54.462811][ T422] dump_stack+0x1d8/0x241 [ 54.466960][ T422] ? panic+0x89d/0x89d [ 54.470867][ T422] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 54.476510][ T422] ? _raw_spin_trylock_bh+0x190/0x190 [ 54.481717][ T422] ? shmem_destroy_inode+0x5/0x10 [ 54.486663][ T422] ? ihold+0x1b/0x50 [ 54.490394][ T422] __kasan_report+0xe9/0x120 [ 54.494838][ T422] ? ihold+0x1b/0x50 [ 54.498639][ T422] kasan_report+0x30/0x60 [ 54.502811][ T422] check_memory_region+0x272/0x280 [ 54.507754][ T422] ihold+0x1b/0x50 [ 54.511594][ T422] vfs_rmdir+0x1e0/0x3c0 [ 54.515699][ T422] incfs_kill_sb+0x105/0x200 [ 54.520102][ T422] deactivate_locked_super+0xa8/0x110 [ 54.525322][ T422] deactivate_super+0x1e2/0x2a0 [ 54.530080][ T422] ? deactivate_locked_super+0x110/0x110 [ 54.535726][ T422] ? fast_dput+0x7a/0x280 [ 54.539888][ T422] cleanup_mnt+0x44e/0x500 [ 54.544228][ T422] task_work_run+0x140/0x170 [ 54.548654][ T422] do_exit+0xcaf/0x2bc0 [ 54.552668][ T422] ? check_preemption_disabled+0x153/0x320 [ 54.558385][ T422] ? put_task_struct+0x80/0x80 [ 54.562984][ T422] ? debug_smp_processor_id+0x20/0x20 [ 54.568187][ T422] do_group_exit+0x138/0x300 [ 54.572614][ T422] __x64_sys_exit_group+0x3b/0x40 [ 54.577469][ T422] do_syscall_64+0xca/0x1c0 [ 54.581813][ T422] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 54.587538][ T422] RIP: 0033:0x7facd9037e69 [ 54.592224][ T422] Code: Bad RIP value. [ 54.596123][ T422] RSP: 002b:00007ffe79c467f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 54.604382][ T422] RAX: ffffffffffffffda RBX: 00007facd908342b RCX: 00007facd9037e69 [ 54.612276][ T422] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 54.620086][ T422] RBP: 0000000000000010 R08: 00007ffe79c44596 R09: 00007ffe79c47ab0 [ 54.627890][ T422] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffe79c47ab0 [ 54.635884][ T422] R13: 00007facd90833b9 R14: 000055555601a430 R15: 0000000000000003 [ 54.643717][ T422] ================================================================== [ 54.651591][ T422] Disabling lock debugging due to kernel taint [ 54.658840][ T422] BUG: kernel NULL pointer dereference, address: 0000000000000160 [ 54.666557][ T422] #PF: supervisor write access in kernel mode [ 54.672457][ T422] #PF: error_code(0x0002) - not-present page [ 54.678269][ T422] PGD 0 P4D 0 [ 54.681482][ T422] Oops: 0002 [#1] PREEMPT SMP KASAN [ 54.686521][ T422] CPU: 0 PID: 422 Comm: syz-executor.0 Tainted: G B W 5.4.278-syzkaller-04929-g8edc449e71a9 #0 [ 54.697798][ T422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 54.707982][ T422] RIP: 0010:ihold+0x20/0x50 [ 54.712310][ T422] Code: 0f 1f 84 00 00 00 00 00 66 90 55 53 48 89 fb e8 16 d9 c2 ff 48 8d bb 60 01 00 00 be 04 00 00 00 e8 b5 92 f2 ff bd 01 00 00 00 0f c1 ab 60 01 00 00 ff c5 bf 02 00 00 00 89 ee e8 da db c2 ff [ 54.731918][ T422] RSP: 0018:ffff8881ef4f7ae0 EFLAGS: 00010246 [ 54.737826][ T422] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881f0d74ec0 [ 54.745889][ T422] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 54.753698][ T422] RBP: 0000000000000001 R08: ffffffff813ae2f5 R09: 0000000000000003 [ 54.761509][ T422] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000 [ 54.769318][ T422] R13: dffffc0000000000 R14: ffff8881f0e2b0f0 R15: 0000000000000000 [ 54.777132][ T422] FS: 000055555601a480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 54.786082][ T422] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.792495][ T422] CR2: 0000000000000160 CR3: 00000001ee1d5000 CR4: 00000000003406b0 [ 54.800390][ T422] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.808289][ T422] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.816190][ T422] Call Trace: [ 54.819417][ T422] ? __die+0xb4/0x100 [ 54.823221][ T422] ? no_context+0xac7/0xd20 [ 54.827568][ T422] ? is_prefetch+0x4b0/0x4b0 [ 54.831985][ T422] ? ihold+0x1b/0x50 [ 54.835742][ T422] ? __do_page_fault+0xa72/0xbb0 [ 54.840583][ T422] ? __bad_area_nosemaphore+0xc0/0x470 [ 54.845984][ T422] ? page_fault+0x2f/0x40 [ 54.850147][ T422] ? check_panic_on_warn+0x55/0xa0 [ 54.855103][ T422] ? ihold+0x20/0x50 [ 54.858912][ T422] vfs_rmdir+0x1e0/0x3c0 [ 54.862995][ T422] incfs_kill_sb+0x105/0x200 [ 54.867431][ T422] deactivate_locked_super+0xa8/0x110 [ 54.872639][ T422] deactivate_super+0x1e2/0x2a0 [ 54.877313][ T422] ? deactivate_locked_super+0x110/0x110 [ 54.882783][ T422] ? fast_dput+0x7a/0x280 [ 54.886945][ T422] cleanup_mnt+0x44e/0x500 [ 54.891200][ T422] task_work_run+0x140/0x170 [ 54.895641][ T422] do_exit+0xcaf/0x2bc0 [ 54.899622][ T422] ? check_preemption_disabled+0x153/0x320 [ 54.905260][ T422] ? put_task_struct+0x80/0x80 [ 54.909859][ T422] ? debug_smp_processor_id+0x20/0x20 [ 54.915071][ T422] do_group_exit+0x138/0x300 [ 54.919501][ T422] __x64_sys_exit_group+0x3b/0x40 [ 54.924535][ T422] do_syscall_64+0xca/0x1c0 [ 54.928884][ T422] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 54.934597][ T422] RIP: 0033:0x7facd9037e69 [ 54.938849][ T422] Code: Bad RIP value. [ 54.942752][ T422] RSP: 002b:00007ffe79c467f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 54.951186][ T422] RAX: ffffffffffffffda RBX: 00007facd908342b RCX: 00007facd9037e69 [ 54.958983][ T422] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 54.966812][ T422] RBP: 0000000000000010 R08: 00007ffe79c44596 R09: 00007ffe79c47ab0 [ 54.974606][ T422] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffe79c47ab0 [ 54.982414][ T422] R13: 00007facd90833b9 R14: 000055555601a430 R15: 0000000000000003 [ 54.990311][ T422] Modules linked in: [ 54.994058][ T422] CR2: 0000000000000160 [ 54.998046][ T422] ---[ end trace 60da558b40825086 ]--- [ 55.003342][ T422] RIP: 0010:ihold+0x20/0x50 [ 55.007790][ T422] Code: 0f 1f 84 00 00 00 00 00 66 90 55 53 48 89 fb e8 16 d9 c2 ff 48 8d bb 60 01 00 00 be 04 00 00 00 e8 b5 92 f2 ff bd 01 00 00 00 0f c1 ab 60 01 00 00 ff c5 bf 02 00 00 00 89 ee e8 da db c2 ff [ 55.027395][ T422] RSP: 0018:ffff8881ef4f7ae0 EFLAGS: 00010246 [ 55.033305][ T422] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881f0d74ec0 [ 55.041193][ T422] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 55.049091][ T422] RBP: 0000000000000001 R08: ffffffff813ae2f5 R09: 0000000000000003 [ 55.057086][ T422] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000 [ 55.064976][ T422] R13: dffffc0000000000 R14: ffff8881f0e2b0f0 R15: 0000000000000000 [ 55.072876][ T422] FS: 000055555601a480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 55.081640][ T422] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.088147][ T422] CR2: 00007facd9037e3f CR3: 00000001ee1d5000 CR4: 00000000003406b0 [ 55.095963][ T422] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.103774][ T422] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 55.111582][ T422] Kernel panic - not syncing: Fatal exception [ 55.117768][ T422] Kernel Offset: disabled [ 55.121896][ T422] Rebooting in 86400 seconds..