Warning: Permanently added '10.128.0.81' (ED25519) to the list of known hosts. 2023/10/31 13:30:48 ignoring optional flag "sandboxArg"="0" 2023/10/31 13:30:48 parsed 1 programs [ 40.872144][ T23] kauditd_printk_skb: 75 callbacks suppressed [ 40.872149][ T23] audit: type=1400 audit(1698759048.420:151): avc: denied { mounton } for pid=334 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 40.907751][ T23] audit: type=1400 audit(1698759048.420:152): avc: denied { mount } for pid=334 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 40.935719][ T23] audit: type=1400 audit(1698759048.420:153): avc: denied { setattr } for pid=334 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 40.962599][ T23] audit: type=1400 audit(1698759048.420:154): avc: denied { read write } for pid=334 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 40.993673][ T23] audit: type=1400 audit(1698759048.420:155): avc: denied { open } for pid=334 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 41.020573][ T23] audit: type=1400 audit(1698759048.460:156): avc: denied { unlink } for pid=334 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2023/10/31 13:30:48 executed programs: 0 [ 41.048237][ T23] audit: type=1400 audit(1698759048.460:157): avc: denied { relabelto } for pid=335 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 41.048432][ T334] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 41.096621][ T23] audit: type=1400 audit(1698759048.650:158): avc: denied { mounton } for pid=340 comm="syz-executor.0" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 41.134286][ T340] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.144803][ T340] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.153357][ T340] device bridge_slave_0 entered promiscuous mode [ 41.160380][ T340] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.167521][ T340] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.175142][ T340] device bridge_slave_1 entered promiscuous mode [ 41.210757][ T340] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.219811][ T340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.228571][ T340] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.240300][ T340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.257524][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.267310][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.276368][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.284300][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.293554][ T50] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.303740][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.312015][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.326902][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.339893][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.354477][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.365247][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.383941][ T340] device veth0_vlan entered promiscuous mode [ 41.392149][ T50] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.406267][ T50] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.416737][ T50] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.424878][ T50] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.433443][ T50] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.446896][ T340] device veth1_macvtap entered promiscuous mode [ 41.455720][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.465356][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.475397][ T50] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.497617][ T23] audit: type=1400 audit(1698759049.050:159): avc: denied { mounton } for pid=344 comm="syz-executor.0" path="/root/syzkaller-testdir1288744501/syzkaller.9QY3JJ/0/file0" dev="sda1" ino=1938 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 41.606793][ T347] ================================================================== [ 41.615530][ T347] BUG: KASAN: null-ptr-deref in ihold+0x19/0x30 [ 41.622006][ T347] Write of size 4 at addr 0000000000000170 by task syz-executor.0/347 [ 41.630506][ T347] [ 41.632709][ T347] CPU: 0 PID: 347 Comm: syz-executor.0 Not tainted 5.10.198-syzkaller #0 [ 41.641925][ T347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 41.652771][ T347] Call Trace: [ 41.656002][ T347] dump_stack_lvl+0x81/0xac [ 41.660859][ T347] ? ihold+0x19/0x30 [ 41.664796][ T347] kasan_report.cold+0x64/0xdb [ 41.670429][ T347] ? ihold+0x19/0x30 [ 41.675564][ T347] kasan_check_range+0x148/0x190 [ 41.683134][ T347] __kasan_check_write+0x14/0x20 [ 41.688523][ T347] ihold+0x19/0x30 [ 41.692268][ T347] fuse_dentry_revalidate+0x6bb/0xf80 [ 41.697965][ T347] ? fuse_invalid_attr+0xc0/0xc0 [ 41.702798][ T347] ? get_random_u64+0x310/0x310 [ 41.707874][ T347] ? lockref_put_or_lock+0x1a0/0x1a0 [ 41.713185][ T347] lookup_dcache+0x90/0xd0 [ 41.718420][ T347] __lookup_hash+0x1e/0x150 [ 41.723395][ T347] do_renameat2+0x3e3/0x990 [ 41.728188][ T347] ? __ia32_sys_link+0x80/0x80 [ 41.733209][ T347] ? __check_object_size+0x1df/0x270 [ 41.738648][ T347] ? kmem_cache_alloc+0x17f/0x4f0 [ 41.743843][ T347] ? getname_flags.part.0+0x8c/0x480 [ 41.749158][ T347] __x64_sys_rename+0x7d/0xa0 [ 41.754111][ T347] do_syscall_64+0x32/0x80 [ 41.758701][ T347] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 41.764757][ T347] RIP: 0033:0x7f563b4c8ae9 [ 41.769091][ T347] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 41.790188][ T347] RSP: 002b:00007f563b02a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 41.799786][ T347] RAX: ffffffffffffffda RBX: 00007f563b5e8050 RCX: 00007f563b4c8ae9 [ 41.808099][ T347] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000020000100 [ 41.816906][ T347] RBP: 00007f563b51447a R08: 0000000000000000 R09: 0000000000000000 [ 41.826046][ T347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 41.834875][ T347] R13: 000000000000006e R14: 00007f563b5e8050 R15: 00007fffd4ea8b48 [ 41.843308][ T347] ================================================================== [ 41.852282][ T347] Disabling lock debugging due to kernel taint [ 41.858731][ T347] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 41.867089][ T347] #PF: supervisor write access in kernel mode [ 41.873006][ T347] #PF: error_code(0x0002) - not-present page [ 41.879011][ T347] PGD 120c2b067 P4D 120c2b067 PUD 120c2f067 PMD 0 [ 41.885491][ T347] Oops: 0002 [#1] PREEMPT SMP KASAN [ 41.890835][ T347] CPU: 1 PID: 347 Comm: syz-executor.0 Tainted: G B 5.10.198-syzkaller #0 [ 41.901050][ T347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 41.912155][ T347] RIP: 0010:ihold+0x1e/0x30 [ 41.916749][ T347] Code: eb 90 66 2e 0f 1f 84 00 00 00 00 00 55 be 04 00 00 00 48 89 e5 53 48 89 fb 48 8d bf 70 01 00 00 e8 47 bc f2 ff b8 01 00 00 00 0f c1 83 70 01 00 00 48 8b 5d f8 c9 c3 0f 1f 40 00 48 b8 00 00 [ 41.937343][ T347] RSP: 0018:ffffc900008f7a08 EFLAGS: 00010246 [ 41.943537][ T347] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff81328231 [ 41.952439][ T347] RDX: fffffbfff0ad693c RSI: 0000000000000004 RDI: ffffffff856b49e0 [ 41.960709][ T347] RBP: ffffc900008f7a10 R08: 0000000000000001 R09: 0000000000000003 [ 41.969005][ T347] R10: fffffbfff0ad693c R11: 0000000000000001 R12: ffff888119fbcf58 [ 41.977104][ T347] R13: 0000000000000020 R14: ffff888121020900 R15: ffff888119fbcee0 [ 41.985187][ T347] FS: 00007f563b02a6c0(0000) GS:ffff8881f7500000(0000) knlGS:0000000000000000 [ 41.994976][ T347] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.001808][ T347] CR2: 0000000000000170 CR3: 0000000106dbc000 CR4: 00000000003506a0 [ 42.009776][ T347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.018104][ T347] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.026592][ T347] Call Trace: [ 42.030340][ T347] ? show_regs.part.0+0x1e/0x20 [ 42.035554][ T347] ? __die+0x5d/0x9e [ 42.039449][ T347] ? no_context+0x428/0x7e0 [ 42.043998][ T347] ? is_prefetch.constprop.0+0x330/0x330 [ 42.049852][ T347] ? _raw_spin_unlock_irq+0x42/0x6a [ 42.055123][ T347] ? finish_task_switch+0x10d/0x630 [ 42.060539][ T347] ? __switch_to_asm+0x3a/0x60 [ 42.065226][ T347] ? __bad_area_nosemaphore+0x72/0x330 [ 42.071092][ T347] ? bad_area_nosemaphore+0x11/0x20 [ 42.076244][ T347] ? do_user_addr_fault+0x3e3/0xa30 [ 42.083077][ T347] ? __kasan_check_read+0x11/0x20 [ 42.089529][ T347] ? mm_fault_error+0x240/0x240 [ 42.094796][ T347] ? ihold+0x19/0x30 [ 42.099122][ T347] ? preempt_schedule+0x1f/0x30 [ 42.103887][ T347] ? preempt_schedule_thunk+0x16/0x18 [ 42.109270][ T347] ? exc_page_fault+0x65/0xc0 [ 42.114167][ T347] ? asm_exc_page_fault+0x1e/0x30 [ 42.119128][ T347] ? check_panic_on_warn+0x31/0x60 [ 42.124060][ T347] ? ihold+0x1e/0x30 [ 42.127789][ T347] ? ihold+0x19/0x30 [ 42.131878][ T347] fuse_dentry_revalidate+0x6bb/0xf80 [ 42.137169][ T347] ? fuse_invalid_attr+0xc0/0xc0 [ 42.141943][ T347] ? get_random_u64+0x310/0x310 [ 42.146799][ T347] ? lockref_put_or_lock+0x1a0/0x1a0 [ 42.152124][ T347] lookup_dcache+0x90/0xd0 [ 42.156547][ T347] __lookup_hash+0x1e/0x150 [ 42.161463][ T347] do_renameat2+0x3e3/0x990 [ 42.166151][ T347] ? __ia32_sys_link+0x80/0x80 [ 42.170821][ T347] ? __check_object_size+0x1df/0x270 [ 42.175969][ T347] ? kmem_cache_alloc+0x17f/0x4f0 [ 42.181059][ T347] ? getname_flags.part.0+0x8c/0x480 [ 42.186186][ T347] __x64_sys_rename+0x7d/0xa0 [ 42.190724][ T347] do_syscall_64+0x32/0x80 [ 42.194942][ T347] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 42.200900][ T347] RIP: 0033:0x7f563b4c8ae9 [ 42.205131][ T347] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 42.225885][ T347] RSP: 002b:00007f563b02a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 42.234923][ T347] RAX: ffffffffffffffda RBX: 00007f563b5e8050 RCX: 00007f563b4c8ae9 [ 42.242951][ T347] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000020000100 [ 42.251088][ T347] RBP: 00007f563b51447a R08: 0000000000000000 R09: 0000000000000000 [ 42.258931][ T347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 42.266820][ T347] R13: 000000000000006e R14: 00007f563b5e8050 R15: 00007fffd4ea8b48 [ 42.274629][ T347] Modules linked in: [ 42.278365][ T347] CR2: 0000000000000170 [ 42.282355][ T347] ---[ end trace 9c2f618d02a0d022 ]--- [ 42.287670][ T347] RIP: 0010:ihold+0x1e/0x30 [ 42.292086][ T347] Code: eb 90 66 2e 0f 1f 84 00 00 00 00 00 55 be 04 00 00 00 48 89 e5 53 48 89 fb 48 8d bf 70 01 00 00 e8 47 bc f2 ff b8 01 00 00 00 0f c1 83 70 01 00 00 48 8b 5d f8 c9 c3 0f 1f 40 00 48 b8 00 00 [ 42.311990][ T347] RSP: 0018:ffffc900008f7a08 EFLAGS: 00010246 [ 42.318003][ T347] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff81328231 [ 42.326177][ T347] RDX: fffffbfff0ad693c RSI: 0000000000000004 RDI: ffffffff856b49e0 [ 42.334385][ T347] RBP: ffffc900008f7a10 R08: 0000000000000001 R09: 0000000000000003 [ 42.342746][ T347] R10: fffffbfff0ad693c R11: 0000000000000001 R12: ffff888119fbcf58 [ 42.351460][ T347] R13: 0000000000000020 R14: ffff888121020900 R15: ffff888119fbcee0 [ 42.359637][ T347] FS: 00007f563b02a6c0(0000) GS:ffff8881f7500000(0000) knlGS:0000000000000000 [ 42.368497][ T347] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.375112][ T347] CR2: 0000000000000170 CR3: 0000000106dbc000 CR4: 00000000003506a0 [ 42.383072][ T347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.391451][ T347] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.400061][ T347] Kernel panic - not syncing: Fatal exception [ 42.406599][ T347] Kernel Offset: disabled [ 42.411287][ T347] Rebooting in 86400 seconds..