[ 38.153621][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.162561][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.170650][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 38.208853][ T315] syz-executor.0 (315) used greatest stack depth: 10848 bytes left [ 38.818758][ T114] device bridge_slave_1 left promiscuous mode [ 38.824852][ T114] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.832005][ T114] device bridge_slave_0 left promiscuous mode [ 38.838042][ T114] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.845444][ T114] device veth1_macvtap left promiscuous mode [ 38.851442][ T114] device veth0_vlan left promiscuous mode Warning: Permanently added '10.128.1.174' (ED25519) to the list of known hosts. 2024/06/26 10:01:21 ignoring optional flag "sandboxArg"="0" 2024/06/26 10:01:21 parsed 1 programs [ 45.048715][ T27] kauditd_printk_skb: 18 callbacks suppressed [ 45.048718][ T27] audit: type=1400 audit(1719396081.136:94): avc: denied { unlink } for pid=347 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2024/06/26 10:01:21 executed programs: 0 [ 45.080217][ T27] audit: type=1400 audit(1719396081.166:95): avc: denied { read } for pid=79 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 45.109304][ T347] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.127717][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.134641][ T353] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.141586][ T353] device bridge_slave_0 entered promiscuous mode [ 45.147747][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.154508][ T353] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.161444][ T353] device bridge_slave_1 entered promiscuous mode [ 45.173681][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.180534][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.187542][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.194396][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.203524][ T321] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.210462][ T321] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.217269][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.224304][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.231646][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.239526][ T316] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.246269][ T316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.255354][ T353] device veth0_vlan entered promiscuous mode [ 45.261481][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.269424][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.276836][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.283890][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.290914][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.298806][ T321] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.305607][ T321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.312688][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.320381][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.328822][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.336759][ T353] device veth1_macvtap entered promiscuous mode [ 45.344458][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.352502][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.362192][ T27] audit: type=1400 audit(1719396081.446:96): avc: denied { mounton } for pid=353 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 45.386823][ T27] audit: type=1400 audit(1719396081.476:97): avc: denied { read write } for pid=357 comm="syz-executor.0" name="fuse" dev="devtmpfs" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 45.410265][ T27] audit: type=1400 audit(1719396081.476:98): avc: denied { open } for pid=357 comm="syz-executor.0" path="/dev/fuse" dev="devtmpfs" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 45.433322][ T27] audit: type=1400 audit(1719396081.476:99): avc: denied { mounton } for pid=357 comm="syz-executor.0" path="/root/syzkaller-testdir2648769725/syzkaller.DUE0Z4/0/file0" dev="sda1" ino=1939 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 45.437814][ T358] BUG: kernel NULL pointer dereference, address: 000000000000000a [ 45.467505][ T358] #PF: supervisor read access in kernel mode [ 45.473398][ T358] #PF: error_code(0x0000) - not-present page [ 45.479217][ T358] PGD 110e1b067 P4D 110e1b067 PUD 110e17067 PMD 0 [ 45.485559][ T358] Oops: 0000 [#1] PREEMPT SMP [ 45.490092][ T358] CPU: 1 PID: 358 Comm: syz-executor.0 Not tainted 6.1.78-syzkaller #0 [ 45.498138][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 45.508131][ T358] RIP: 0010:path_openat+0x552/0xb60 [ 45.513161][ T358] Code: 8b 40 18 75 37 48 83 f8 ff 8b 4d b4 0f 84 6f 01 00 00 48 85 c0 74 13 4c 89 f7 e8 09 d0 00 00 8b 4d b4 48 8b 45 a8 4c 8b 70 18 <41> f6 46 02 70 75 17 41 bd fe ff ff ff e9 95 fe ff ff 4c 39 f0 8b [ 45.532611][ T358] RSP: 0018:ffffc900007d3cc0 EFLAGS: 00010246 [ 45.538583][ T358] RAX: ffff88810b842a00 RBX: 0000000000008000 RCX: 0000000000000000 [ 45.546570][ T358] RDX: 00000000ffffff9c RSI: 0000000300000000 RDI: ffff88810035b900 [ 45.554388][ T358] RBP: ffffc900007d3d58 R08: 0000000000000000 R09: ffffc900007d3c38 [ 45.562491][ T358] R10: ffff888110f008c0 R11: ffff888100041400 R12: ffffc900007d3e98 [ 45.570283][ T358] R13: 0000000000000000 R14: 0000000000000008 R15: ffffc900007d3d68 [ 45.578190][ T358] FS: 00007f0e8956c6c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 [ 45.587136][ T358] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.593698][ T358] CR2: 000000000000000a CR3: 0000000110e0d000 CR4: 00000000003506a0 [ 45.601457][ T358] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 45.609259][ T358] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.617076][ T358] Call Trace: [ 45.620201][ T358] [ 45.622977][ T358] ? __die_body+0x62/0xb0 [ 45.627143][ T358] ? __die+0x7e/0x90 [ 45.630877][ T358] ? page_fault_oops+0x369/0x3d0 [ 45.635823][ T358] ? fuse_dentry_init+0x1e/0x40 [ 45.640511][ T358] ? exc_page_fault+0x4dc/0x670 [ 45.645196][ T358] ? asm_exc_page_fault+0x27/0x30 [ 45.650057][ T358] ? path_openat+0x552/0xb60 [ 45.654480][ T358] do_filp_open+0xad/0x150 [ 45.658742][ T358] do_sys_openat2+0x8e/0x240 [ 45.663161][ T358] ? __this_cpu_preempt_check+0x13/0x20 [ 45.668541][ T358] __x64_sys_openat+0x79/0xa0 [ 45.673057][ T358] do_syscall_64+0x3d/0xb0 [ 45.677306][ T358] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.683125][ T358] RIP: 0033:0x7f0e8887cae9 [ 45.687377][ T358] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 45.706820][ T358] RSP: 002b:00007f0e8956c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 45.715060][ T358] RAX: ffffffffffffffda RBX: 00007f0e8899bf80 RCX: 00007f0e8887cae9 [ 45.722872][ T358] RDX: 0000000000000000 RSI: 0000000020000000 RDI: ffffffffffffff9c [ 45.730684][ T358] RBP: 00007f0e888c847a R08: 0000000000000000 R09: 0000000000000000 [ 45.738510][ T358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 45.746312][ T358] R13: 000000000000000b R14: 00007f0e8899bf80 R15: 00007ffdbe7a2738 [ 45.754119][ T358] [ 45.757157][ T358] Modules linked in: [ 45.760900][ T358] CR2: 000000000000000a [ 45.764881][ T358] ---[ end trace 0000000000000000 ]--- [ 45.770175][ T358] RIP: 0010:path_openat+0x552/0xb60 [ 45.775209][ T358] Code: 8b 40 18 75 37 48 83 f8 ff 8b 4d b4 0f 84 6f 01 00 00 48 85 c0 74 13 4c 89 f7 e8 09 d0 00 00 8b 4d b4 48 8b 45 a8 4c 8b 70 18 <41> f6 46 02 70 75 17 41 bd fe ff ff ff e9 95 fe ff ff 4c 39 f0 8b [ 45.794715][ T358] RSP: 0018:ffffc900007d3cc0 EFLAGS: 00010246 [ 45.800550][ T358] RAX: ffff88810b842a00 RBX: 0000000000008000 RCX: 0000000000000000 [ 45.808360][ T358] RDX: 00000000ffffff9c RSI: 0000000300000000 RDI: ffff88810035b900 [ 45.816174][ T358] RBP: ffffc900007d3d58 R08: 0000000000000000 R09: ffffc900007d3c38 [ 45.823985][ T358] R10: ffff888110f008c0 R11: ffff888100041400 R12: ffffc900007d3e98 [ 45.831807][ T358] R13: 0000000000000000 R14: 0000000000000008 R15: ffffc900007d3d68 [ 45.839610][ T358] FS: 00007f0e8956c6c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 [ 45.848377][ T358] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.854797][ T358] CR2: 000000000000000a CR3: 0000000110e0d000 CR4: 00000000003506a0 [ 45.862614][ T358] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 45.870418][ T358] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.878231][ T358] Kernel panic - not syncing: Fatal exception [ 45.884386][ T358] Kernel Offset: disabled [ 45.888502][ T358] Rebooting in 86400 seconds..