Warning: Permanently added '10.128.1.247' (ED25519) to the list of known hosts. 2024/06/09 21:08:14 ignoring optional flag "sandboxArg"="0" 2024/06/09 21:08:14 parsed 1 programs [ 40.213687][ T23] kauditd_printk_skb: 19 callbacks suppressed [ 40.213696][ T23] audit: type=1400 audit(1717967294.749:95): avc: denied { unlink } for pid=404 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2024/06/09 21:08:14 executed programs: 0 [ 40.348077][ T404] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 40.403159][ T410] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.410000][ T410] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.417342][ T410] device bridge_slave_0 entered promiscuous mode [ 40.424031][ T410] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.430990][ T410] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.438454][ T410] device bridge_slave_1 entered promiscuous mode [ 40.479062][ T410] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.486136][ T410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.493385][ T410] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.500209][ T410] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.521352][ T355] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.528832][ T355] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.536505][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.544607][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.561332][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.569542][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.576417][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.583765][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.591918][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.598825][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.606504][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.614356][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.629431][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.652652][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.661226][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.669363][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.677548][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.698470][ T23] audit: type=1400 audit(1717967295.229:96): avc: denied { mounton } for pid=416 comm="syz-executor.0" path="/root/syzkaller-testdir3887498124/syzkaller.04IRs9/0/file0" dev="sda1" ino=1939 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 40.726830][ T23] audit: type=1400 audit(1717967295.229:97): avc: denied { mount } for pid=416 comm="syz-executor.0" name="/" dev="tmpfs" ino=11323 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 40.749321][ T23] audit: type=1400 audit(1717967295.229:98): avc: denied { mounton } for pid=416 comm="syz-executor.0" path="/root/syzkaller-testdir3887498124/syzkaller.04IRs9/0/file0/file0" dev="tmpfs" ino=11324 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 40.749387][ T410] ------------[ cut here ]------------ [ 40.776901][ T23] audit: type=1400 audit(1717967295.259:99): avc: denied { unmount } for pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 40.782143][ T410] WARNING: CPU: 1 PID: 410 at fs/inode.c:302 drop_nlink+0xbb/0x100 [ 40.782146][ T410] Modules linked in: [ 40.782157][ T410] CPU: 1 PID: 410 Comm: syz-executor.0 Not tainted 5.4.274-syzkaller-04909-gdd432c37afcd #0 [ 40.782161][ T410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 40.782174][ T410] RIP: 0010:drop_nlink+0xbb/0x100 [ 40.782182][ T410] Code: 49 8b 1e 48 8d bb d0 04 00 00 be 08 00 00 00 e8 7b 9a f2 ff f0 48 ff 83 d0 04 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 75 e2 c2 ff <0f> 0b eb 89 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 40.782187][ T410] RSP: 0018:ffff8881f42f7c68 EFLAGS: 00010293 [ 40.782194][ T410] RAX: ffffffff81a159ab RBX: 1ffff1103de3eb1e RCX: ffff8881f31e1f80 [ 40.782199][ T410] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 40.782204][ T410] RBP: 0000000000000000 R08: ffffffff81a1592f R09: 0000000000000003 [ 40.782211][ T410] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881ef1f58f0 [ 40.782216][ T410] R13: dffffc0000000000 R14: ffff8881ef1f58a8 R15: dffffc0000000000 [ 40.782223][ T410] FS: 0000555556a06480(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 40.782229][ T410] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.782234][ T410] CR2: 0000555556a1f898 CR3: 00000001f35de000 CR4: 00000000003406a0 [ 40.782241][ T410] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.782246][ T410] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.782248][ T410] Call Trace: [ 40.782260][ T410] ? __warn+0x162/0x250 [ 40.782271][ T410] ? report_bug+0x3a1/0x4e0 [ 40.782278][ T410] ? drop_nlink+0xbb/0x100 [ 40.782286][ T410] ? drop_nlink+0xbb/0x100 [ 40.782293][ T410] ? do_invalid_op+0x6e/0x110 [ 40.782301][ T410] ? invalid_op+0x1e/0x30 [ 40.782314][ T410] ? drop_nlink+0x3f/0x100 [ 40.802424][ T23] audit: type=1400 audit(1717967295.259:100): avc: denied { unmount } for pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 40.809921][ T410] ? drop_nlink+0xbb/0x100 [ 41.000852][ T410] ? drop_nlink+0xbb/0x100 [ 41.005086][ T410] ? drop_nlink+0xbb/0x100 [ 41.009360][ T410] shmem_rmdir+0x54/0x80 [ 41.013408][ T410] vfs_rmdir+0x285/0x3c0 [ 41.017509][ T410] incfs_kill_sb+0x105/0x200 [ 41.021920][ T410] deactivate_locked_super+0xa8/0x110 [ 41.027133][ T410] deactivate_super+0x1e2/0x2a0 [ 41.031809][ T410] ? vfs_submount+0xb0/0xb0 [ 41.036148][ T410] ? deactivate_locked_super+0x110/0x110 [ 41.041614][ T410] ? fast_dput+0x7a/0x280 [ 41.045918][ T410] cleanup_mnt+0x44e/0x500 [ 41.050119][ T410] task_work_run+0x140/0x170 [ 41.054561][ T410] exit_to_usermode_loop+0x190/0x1a0 [ 41.059666][ T410] prepare_exit_to_usermode+0x199/0x200 [ 41.065183][ T410] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 41.070890][ T410] RIP: 0033:0x7f58df773197 [ 41.075131][ T410] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 41.094577][ T410] RSP: 002b:00007ffc5cf732f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 41.102824][ T410] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f58df773197 [ 41.110628][ T410] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc5cf733b0 [ 41.118674][ T410] RBP: 00007ffc5cf733b0 R08: 0000000000000000 R09: 0000000000000000 [ 41.126568][ T410] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc5cf744a0 [ 41.134526][ T410] R13: 00007f58df7bd3b9 R14: 0000000000009ee2 R15: 0000000000000006 [ 41.142525][ T410] ---[ end trace e31fe4a13a79b904 ]--- [ 41.149210][ T410] ================================================================== [ 41.157672][ T410] BUG: KASAN: null-ptr-deref in ihold+0x1b/0x50 [ 41.163845][ T410] Write of size 4 at addr 0000000000000160 by task syz-executor.0/410 [ 41.171821][ T410] [ 41.174016][ T410] CPU: 1 PID: 410 Comm: syz-executor.0 Tainted: G W 5.4.274-syzkaller-04909-gdd432c37afcd #0 [ 41.185389][ T410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 41.195528][ T410] Call Trace: [ 41.198825][ T410] dump_stack+0x1d8/0x241 [ 41.203166][ T410] ? panic+0x89d/0x89d [ 41.207123][ T410] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 41.212754][ T410] ? _raw_spin_trylock_bh+0x190/0x190 [ 41.217959][ T410] ? shmem_destroy_inode+0x5/0x10 [ 41.222918][ T410] ? ihold+0x1b/0x50 [ 41.227035][ T410] __kasan_report+0xe9/0x120 [ 41.231717][ T410] ? ihold+0x1b/0x50 [ 41.235991][ T410] kasan_report+0x30/0x60 [ 41.240227][ T410] check_memory_region+0x272/0x280 [ 41.245161][ T410] ihold+0x1b/0x50 [ 41.248815][ T410] vfs_rmdir+0x1e0/0x3c0 [ 41.252896][ T410] incfs_kill_sb+0x105/0x200 [ 41.257443][ T410] deactivate_locked_super+0xa8/0x110 [ 41.262637][ T410] deactivate_super+0x1e2/0x2a0 [ 41.267320][ T410] ? vfs_submount+0xb0/0xb0 [ 41.271663][ T410] ? deactivate_locked_super+0x110/0x110 [ 41.277126][ T410] ? fast_dput+0x7a/0x280 [ 41.281607][ T410] cleanup_mnt+0x44e/0x500 [ 41.285944][ T410] task_work_run+0x140/0x170 [ 41.290369][ T410] exit_to_usermode_loop+0x190/0x1a0 [ 41.295719][ T410] prepare_exit_to_usermode+0x199/0x200 [ 41.301095][ T410] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 41.307013][ T410] RIP: 0033:0x7f58df773197 [ 41.311438][ T410] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 41.331407][ T410] RSP: 002b:00007ffc5cf732f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 41.339760][ T410] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f58df773197 [ 41.347650][ T410] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc5cf733b0 [ 41.355603][ T410] RBP: 00007ffc5cf733b0 R08: 0000000000000000 R09: 0000000000000000 [ 41.363385][ T410] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc5cf744a0 [ 41.371369][ T410] R13: 00007f58df7bd3b9 R14: 0000000000009ee2 R15: 0000000000000006 [ 41.379261][ T410] ================================================================== [ 41.387445][ T410] Disabling lock debugging due to kernel taint [ 41.394492][ T410] BUG: kernel NULL pointer dereference, address: 0000000000000160 [ 41.402186][ T410] #PF: supervisor write access in kernel mode [ 41.408092][ T410] #PF: error_code(0x0002) - not-present page [ 41.413896][ T410] PGD 1dd5ae067 P4D 1dd5ae067 PUD 0 [ 41.419119][ T410] Oops: 0002 [#1] PREEMPT SMP KASAN [ 41.424322][ T410] CPU: 1 PID: 410 Comm: syz-executor.0 Tainted: G B W 5.4.274-syzkaller-04909-gdd432c37afcd #0 [ 41.435648][ T410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 41.445891][ T410] RIP: 0010:ihold+0x20/0x50 [ 41.450296][ T410] Code: 0f 1f 84 00 00 00 00 00 66 90 55 53 48 89 fb e8 d6 da c2 ff 48 8d bb 60 01 00 00 be 04 00 00 00 e8 b5 92 f2 ff bd 01 00 00 00 0f c1 ab 60 01 00 00 ff c5 bf 02 00 00 00 89 ee e8 9a dd c2 ff [ 41.470303][ T410] RSP: 0018:ffff8881f42f7ca0 EFLAGS: 00010246 [ 41.476188][ T410] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881f31e1f80 [ 41.484412][ T410] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 41.492221][ T410] RBP: 0000000000000001 R08: ffffffff813ae8a5 R09: 0000000000000003 [ 41.500027][ T410] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000 [ 41.508088][ T410] R13: dffffc0000000000 R14: ffff8881ef1f6310 R15: 0000000000000000 [ 41.515918][ T410] FS: 0000555556a06480(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 41.524653][ T410] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.531074][ T410] CR2: 0000000000000160 CR3: 00000001f35de000 CR4: 00000000003406a0 [ 41.538891][ T410] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.546876][ T410] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.554681][ T410] Call Trace: [ 41.557816][ T410] ? __die+0xb4/0x100 [ 41.561633][ T410] ? no_context+0xbda/0xe50 [ 41.565976][ T410] ? schedule_preempt_disabled+0x20/0x20 [ 41.571437][ T410] ? is_prefetch+0x4b0/0x4b0 [ 41.575867][ T410] ? ihold+0x1b/0x50 [ 41.579681][ T410] ? __do_page_fault+0xa7d/0xbb0 [ 41.584462][ T410] ? __bad_area_nosemaphore+0xc0/0x460 [ 41.589836][ T410] ? page_fault+0x2f/0x40 [ 41.594021][ T410] ? check_panic_on_warn+0x55/0xa0 [ 41.599039][ T410] ? ihold+0x20/0x50 [ 41.602780][ T410] vfs_rmdir+0x1e0/0x3c0 [ 41.606851][ T410] incfs_kill_sb+0x105/0x200 [ 41.611305][ T410] deactivate_locked_super+0xa8/0x110 [ 41.616585][ T410] deactivate_super+0x1e2/0x2a0 [ 41.621258][ T410] ? vfs_submount+0xb0/0xb0 [ 41.625792][ T410] ? deactivate_locked_super+0x110/0x110 [ 41.631357][ T410] ? fast_dput+0x7a/0x280 [ 41.635513][ T410] cleanup_mnt+0x44e/0x500 [ 41.639892][ T410] task_work_run+0x140/0x170 [ 41.644297][ T410] exit_to_usermode_loop+0x190/0x1a0 [ 41.649415][ T410] prepare_exit_to_usermode+0x199/0x200 [ 41.654900][ T410] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 41.660813][ T410] RIP: 0033:0x7f58df773197 [ 41.665096][ T410] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 41.685071][ T410] RSP: 002b:00007ffc5cf732f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 41.693432][ T410] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f58df773197 [ 41.701337][ T410] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc5cf733b0 [ 41.709220][ T410] RBP: 00007ffc5cf733b0 R08: 0000000000000000 R09: 0000000000000000 [ 41.717029][ T410] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc5cf744a0 [ 41.725099][ T410] R13: 00007f58df7bd3b9 R14: 0000000000009ee2 R15: 0000000000000006 [ 41.733091][ T410] Modules linked in: [ 41.736826][ T410] CR2: 0000000000000160 [ 41.740828][ T410] ---[ end trace e31fe4a13a79b905 ]--- [ 41.746105][ T410] RIP: 0010:ihold+0x20/0x50 [ 41.750440][ T410] Code: 0f 1f 84 00 00 00 00 00 66 90 55 53 48 89 fb e8 d6 da c2 ff 48 8d bb 60 01 00 00 be 04 00 00 00 e8 b5 92 f2 ff bd 01 00 00 00 0f c1 ab 60 01 00 00 ff c5 bf 02 00 00 00 89 ee e8 9a dd c2 ff [ 41.770200][ T410] RSP: 0018:ffff8881f42f7ca0 EFLAGS: 00010246 [ 41.776231][ T410] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881f31e1f80 [ 41.784034][ T410] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 41.791843][ T410] RBP: 0000000000000001 R08: ffffffff813ae8a5 R09: 0000000000000003 [ 41.799924][ T410] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000 [ 41.807650][ T410] R13: dffffc0000000000 R14: ffff8881ef1f6310 R15: 0000000000000000 [ 41.815615][ T410] FS: 0000555556a06480(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 41.824368][ T410] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.830910][ T410] CR2: 0000000000000160 CR3: 00000001f35de000 CR4: 00000000003406a0 [ 41.838875][ T410] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.846763][ T410] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.854491][ T410] Kernel panic - not syncing: Fatal exception [ 41.860749][ T410] Kernel Offset: disabled [ 41.864883][ T410] Rebooting in 86400 seconds..