Hastebin

1
------------[ cut here ]------------
WARNING: CPU: 1 PID: 2905 at fs/inode.c:339 drop_nlink+0xf0/0x148 proc/self/cwd/common/fs/inode.c:339
Modules linked in: pptp(E) l2tp_ppp(E) r8153_ecm(E) cdc_ncm(E) hci_uart(E) btusb(E) pppox(E) bsd_comp(E) ppp_mppe(E) ppp_deflate(E) cdc_eem(E) ax88179_178a(E) aqc111(E) asix(E) cdc_ether(E) btqca(E) hidp(E) btsdio(E) btbcm(E) btintel(E) rfcomm(E) btrtl(E) clk_test(E) ptp(E) tipc_diag(E) ieee802154_socket(E) ieee802154_6lowpan(E) mac802154(E) nhc_hop(E) nhc_udp(E) nhc_routing(E) nhc_fragment(E) nhc_ipv6(E) nhc_dest(E) nhc_mobility(E) ppp_generic(E) regmap_kunit(E) usbnet(E) r8152(E) bluetooth(E) nfc(E) ftdi_sio(E) vcan(E) slcan(E) zram(E) can_bcm(E) can_raw(E) can_gw(E) soc_utils_test(E) platform_test(E) clk_gate_test(E) dev_addr_lists_test(E) kunit_example_test(E) input_test(E) kunit_test(E) time_test(E) hid_uclogic_test(E) lib_test(E) iio_test_format(E) of_kunit_helpers(E) ext4_inode_test(E) fat_test(E) clk_kunit_helpers(E) cdc_acm(E) vcpu_stall_detector(E) wwan(E) kheaders(E) gnss(E) rtl8150(E) 8021q(E) pps_core(E) libarc4(E) virtio_balloon(E) usbmon(E) pwrseq_core(E) tipc(E) cctrng(E) macsec(E)
 ieee802154(E) vmw_vsock_virtio_transport(E) 6lowpan(E) tls(E) l2tp_core(E) slhc(E) gzvm(E) regmap_ram(E) mii(E) rfkill(E) usbserial(E) regmap_raw_ram(E) can_dev(E) zsmalloc(E) can(E) open_dice(E) kunit(E)
CPU: 1 UID: 0 PID: 2905 Comm: syz.0.804 Tainted: G            E      6.12.18-android16-1-maybe-dirty-4k #1 9af86685e3ad064a54655916afb3d22234382e37
Tainted: [E]=UNSIGNED_MODULE
Hardware name: linux,dummy-virt (DT)
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : drop_nlink+0xf0/0x148 proc/self/cwd/common/fs/inode.c:339
lr : drop_nlink+0xf0/0x148 proc/self/cwd/common/fs/inode.c:339
sp : ffffffc0ad427a20
x29: ffffffc0ad427a20 x28: 0000003d8dce15e8 x27: 1ffffff018e42a94
x26: 1ffffff018e6302f x25: 1ffffff018e6303c x24: dfffffc000000000
x23: 1ffffff018e42947 x22: dfffffc000000000 x21: 0000000000000000
x20: ffffff80c7214a38 x19: ffffff80c72149f0 x18: ffffffc0ad76f080
x17: 000000003acc4584 x16: 000000003acc4584 x15: 0000000000000001
x14: 1ffffff018e63046 x13: 0000000000000000 x12: 0000000000000000
x11: ffffffb018e63047 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffffff810691bf80 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000020 x4 : 0000000000000008 x3 : ffffffc0803a99f8
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 drop_nlink+0xf0/0x148 proc/self/cwd/common/fs/inode.c:339
 simple_rmdir+0x74/0x168 proc/self/cwd/common/fs/libfs.c:781
 vfs_rmdir+0x34c/0x488 proc/self/cwd/common/fs/namei.c:4340
 incfs_kill_sb+0xec/0x1f4 proc/self/cwd/common/fs/incfs/vfs.c:1968
 deactivate_locked_super+0xf4/0x308 proc/self/cwd/common/fs/super.c:476
 deactivate_super+0xec/0x110 proc/self/cwd/common/fs/super.c:509
 cleanup_mnt+0x324/0x3bc proc/self/cwd/common/fs/namespace.c:1373
 __cleanup_mnt+0x28/0x3c proc/self/cwd/common/fs/namespace.c:1380
 task_work_run+0x1b4/0x22c proc/self/cwd/common/kernel/task_work.c:240
 exit_task_work proc/self/cwd/common/include/linux/task_work.h:43 [inline]
 do_exit+0x7a8/0x2174 proc/self/cwd/common/kernel/exit.c:944
 __do_sys_exit proc/self/cwd/common/kernel/exit.c:1060 [inline]
 __se_sys_exit proc/self/cwd/common/kernel/exit.c:1058 [inline]
 __arm64_sys_exit+0x4c/0x50 proc/self/cwd/common/kernel/exit.c:1058
 __invoke_syscall proc/self/cwd/common/arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0xa4/0x288 proc/self/cwd/common/arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x138/0x24c proc/self/cwd/common/arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x50/0x64 proc/self/cwd/common/arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0xb4 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:715
 el0t_64_sync_handler+0x98/0x108 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:733
 el0t_64_sync+0x19c/0x1a0 proc/self/cwd/common/arch/arm64/kernel/entry.S:598
irq event stamp: 2454
hardirqs last  enabled at (2453): [<ffffffc0832ec9e4>] __raw_spin_unlock_irqrestore proc/self/cwd/common/include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (2453): [<ffffffc0832ec9e4>] _raw_spin_unlock_irqrestore+0x44/0xb8 proc/self/cwd/common/kernel/locking/spinlock.c:194
hardirqs last disabled at (2454): [<ffffffc0832c62b8>] el1_dbg+0x2c/0x80 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:473
softirqs last  enabled at (2384): [<ffffffc08023e818>] softirq_handle_end proc/self/cwd/common/kernel/softirq.c:426 [inline]
softirqs last  enabled at (2384): [<ffffffc08023e818>] handle_softirqs+0xb04/0xd50 proc/self/cwd/common/kernel/softirq.c:631
softirqs last disabled at (2379): [<ffffffc0800103ac>] __do_softirq+0x1c/0x2c proc/self/cwd/common/kernel/softirq.c:637
---[ end trace 0000000000000000 ]---
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write proc/self/cwd/common/include/linux/instrumented.h:96 [inline]
BUG: KASAN: null-ptr-deref in atomic_inc_return proc/self/cwd/common/include/linux/atomic/atomic-instrumented.h:453 [inline]
BUG: KASAN: null-ptr-deref in ihold+0x30/0xa8 proc/self/cwd/common/fs/inode.c:451
Write of size 4 at addr 0000000000000218 by task syz.0.804/2905

CPU: 3 UID: 0 PID: 2905 Comm: syz.0.804 Tainted: G        W   E      6.12.18-android16-1-maybe-dirty-4k #1 9af86685e3ad064a54655916afb3d22234382e37
Tainted: [W]=WARN, [E]=UNSIGNED_MODULE
Hardware name: linux,dummy-virt (DT)
Call trace:
 dump_backtrace+0x18c/0x1bc proc/self/cwd/common/arch/arm64/kernel/stacktrace.c:320
 show_stack+0x34/0x4c proc/self/cwd/common/arch/arm64/kernel/stacktrace.c:328
 __dump_stack proc/self/cwd/common/lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0xc8/0x118 proc/self/cwd/common/lib/dump_stack.c:120
 print_report+0xec/0x7b0 proc/self/cwd/common/mm/kasan/report.c:491
 kasan_report+0xf4/0x15c proc/self/cwd/common/mm/kasan/report.c:601
 check_region_inline proc/self/cwd/common/mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x25c/0x2a0 proc/self/cwd/common/mm/kasan/generic.c:189
 __kasan_check_write+0x28/0x40 proc/self/cwd/common/mm/kasan/shadow.c:37
 instrument_atomic_read_write proc/self/cwd/common/include/linux/instrumented.h:96 [inline]
 atomic_inc_return proc/self/cwd/common/include/linux/atomic/atomic-instrumented.h:453 [inline]
 ihold+0x30/0xa8 proc/self/cwd/common/fs/inode.c:451
 d_delete_notify proc/self/cwd/common/include/linux/fsnotify.h:354 [inline]
 vfs_rmdir+0x210/0x488 proc/self/cwd/common/fs/namei.c:4353
 incfs_kill_sb+0xec/0x1f4 proc/self/cwd/common/fs/incfs/vfs.c:1968
 deactivate_locked_super+0xf4/0x308 proc/self/cwd/common/fs/super.c:476
 deactivate_super+0xec/0x110 proc/self/cwd/common/fs/super.c:509
 cleanup_mnt+0x324/0x3bc proc/self/cwd/common/fs/namespace.c:1373
 __cleanup_mnt+0x28/0x3c proc/self/cwd/common/fs/namespace.c:1380
 task_work_run+0x1b4/0x22c proc/self/cwd/common/kernel/task_work.c:240
 exit_task_work proc/self/cwd/common/include/linux/task_work.h:43 [inline]
 do_exit+0x7a8/0x2174 proc/self/cwd/common/kernel/exit.c:944
 __do_sys_exit proc/self/cwd/common/kernel/exit.c:1060 [inline]
 __se_sys_exit proc/self/cwd/common/kernel/exit.c:1058 [inline]
 __arm64_sys_exit+0x4c/0x50 proc/self/cwd/common/kernel/exit.c:1058
 __invoke_syscall proc/self/cwd/common/arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0xa4/0x288 proc/self/cwd/common/arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x138/0x24c proc/self/cwd/common/arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x50/0x64 proc/self/cwd/common/arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0xb4 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:715
 el0t_64_sync_handler+0x98/0x108 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:733
 el0t_64_sync+0x19c/0x1a0 proc/self/cwd/common/arch/arm64/kernel/entry.S:598
==================================================================
Unable to handle kernel read from unreadable memory at virtual address 0000000000000218
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
user pgtable: 4k pages, 39-bit VAs, pgdp=0000000141e91000
[0000000000000218] pgd=0800000149605003, p4d=0800000149605003, pud=0800000149605003, pmd=0000000000000000
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in: pptp(E) l2tp_ppp(E) r8153_ecm(E) cdc_ncm(E) hci_uart(E) btusb(E) pppox(E) bsd_comp(E) ppp_mppe(E) ppp_deflate(E) cdc_eem(E) ax88179_178a(E) aqc111(E) asix(E) cdc_ether(E) btqca(E) hidp(E) btsdio(E) btbcm(E) btintel(E) rfcomm(E) btrtl(E) clk_test(E) ptp(E) tipc_diag(E) ieee802154_socket(E) ieee802154_6lowpan(E) mac802154(E) nhc_hop(E) nhc_udp(E) nhc_routing(E) nhc_fragment(E) nhc_ipv6(E) nhc_dest(E) nhc_mobility(E) ppp_generic(E) regmap_kunit(E) usbnet(E) r8152(E) bluetooth(E) nfc(E) ftdi_sio(E) vcan(E) slcan(E) zram(E) can_bcm(E) can_raw(E) can_gw(E) soc_utils_test(E) platform_test(E) clk_gate_test(E) dev_addr_lists_test(E) kunit_example_test(E) input_test(E) kunit_test(E) time_test(E) hid_uclogic_test(E) lib_test(E) iio_test_format(E) of_kunit_helpers(E) ext4_inode_test(E) fat_test(E) clk_kunit_helpers(E) cdc_acm(E) vcpu_stall_detector(E) wwan(E) kheaders(E) gnss(E) rtl8150(E) 8021q(E) pps_core(E) libarc4(E) virtio_balloon(E) usbmon(E) pwrseq_core(E) tipc(E) cctrng(E) macsec(E)
 ieee802154(E) vmw_vsock_virtio_transport(E) 6lowpan(E) tls(E) l2tp_core(E) slhc(E) gzvm(E) regmap_ram(E) mii(E) rfkill(E) usbserial(E) regmap_raw_ram(E) can_dev(E) zsmalloc(E) can(E) open_dice(E) kunit(E)
CPU: 3 UID: 0 PID: 2905 Comm: syz.0.804 Tainted: G    B   W   E      6.12.18-android16-1-maybe-dirty-4k #1 9af86685e3ad064a54655916afb3d22234382e37
Tainted: [B]=BAD_PAGE, [W]=WARN, [E]=UNSIGNED_MODULE
Hardware name: linux,dummy-virt (DT)
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __ll_sc_atomic_add_return proc/self/cwd/common/arch/arm64/include/asm/atomic_ll_sc.h:95 [inline]
pc : arch_atomic_add_return proc/self/cwd/common/arch/arm64/include/asm/atomic.h:52 [inline]
pc : raw_atomic_add_return proc/self/cwd/common/include/linux/atomic/atomic-arch-fallback.h:564 [inline]
pc : raw_atomic_inc_return proc/self/cwd/common/include/linux/atomic/atomic-arch-fallback.h:1020 [inline]
pc : atomic_inc_return proc/self/cwd/common/include/linux/atomic/atomic-instrumented.h:454 [inline]
pc : ihold+0x88/0xa8 proc/self/cwd/common/fs/inode.c:451
lr : __ll_sc_atomic_add_return proc/self/cwd/common/arch/arm64/include/asm/atomic_ll_sc.h:95 [inline]
lr : arch_atomic_add_return proc/self/cwd/common/arch/arm64/include/asm/atomic.h:52 [inline]
lr : raw_atomic_add_return proc/self/cwd/common/include/linux/atomic/atomic-arch-fallback.h:564 [inline]
lr : raw_atomic_inc_return proc/self/cwd/common/include/linux/atomic/atomic-arch-fallback.h:1020 [inline]
lr : atomic_inc_return proc/self/cwd/common/include/linux/atomic/atomic-instrumented.h:454 [inline]
lr : ihold+0x84/0xa8 proc/self/cwd/common/fs/inode.c:451
sp : ffffffc0ad427a80
x29: ffffffc0ad427a80 x28: 0000003d8dce15e8 x27: 1ffffff018e42a94
x26: 1ffffff018e6302f x25: 1ffffff018e6303c x24: dfffffc000000000
x23: 0000000000000000 x22: 0000000000200108 x21: 0000000000000000
x20: ffffff80c7318178 x19: 0000000000000218 x18: ffffffc0ad76f078
x17: 000000008c623181 x16: 000000008c623181 x15: 0000000000000001
x14: 1ffffff810a0e264 x13: 0000000000000000 x12: 0000000000000000
x11: ffffffb810a0e265 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffffff810691bf80 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffffffc0ad4274f8 x4 : ffffffc08487d580 x3 : ffffffc080224334
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 __ll_sc_atomic_add_return proc/self/cwd/common/arch/arm64/include/asm/atomic_ll_sc.h:95 [inline]
 arch_atomic_add_return proc/self/cwd/common/arch/arm64/include/asm/atomic.h:52 [inline]
 raw_atomic_add_return proc/self/cwd/common/include/linux/atomic/atomic-arch-fallback.h:564 [inline]
 raw_atomic_inc_return proc/self/cwd/common/include/linux/atomic/atomic-arch-fallback.h:1020 [inline]
 atomic_inc_return proc/self/cwd/common/include/linux/atomic/atomic-instrumented.h:454 [inline]
 ihold+0x88/0xa8 proc/self/cwd/common/fs/inode.c:451
 d_delete_notify proc/self/cwd/common/include/linux/fsnotify.h:354 [inline]
 vfs_rmdir+0x210/0x488 proc/self/cwd/common/fs/namei.c:4353
 incfs_kill_sb+0xec/0x1f4 proc/self/cwd/common/fs/incfs/vfs.c:1968
 deactivate_locked_super+0xf4/0x308 proc/self/cwd/common/fs/super.c:476
 deactivate_super+0xec/0x110 proc/self/cwd/common/fs/super.c:509
 cleanup_mnt+0x324/0x3bc proc/self/cwd/common/fs/namespace.c:1373
 __cleanup_mnt+0x28/0x3c proc/self/cwd/common/fs/namespace.c:1380
 task_work_run+0x1b4/0x22c proc/self/cwd/common/kernel/task_work.c:240
 exit_task_work proc/self/cwd/common/include/linux/task_work.h:43 [inline]
 do_exit+0x7a8/0x2174 proc/self/cwd/common/kernel/exit.c:944
 __do_sys_exit proc/self/cwd/common/kernel/exit.c:1060 [inline]
 __se_sys_exit proc/self/cwd/common/kernel/exit.c:1058 [inline]
 __arm64_sys_exit+0x4c/0x50 proc/self/cwd/common/kernel/exit.c:1058
 __invoke_syscall proc/self/cwd/common/arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0xa4/0x288 proc/self/cwd/common/arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x138/0x24c proc/self/cwd/common/arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x50/0x64 proc/self/cwd/common/arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0xb4 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:715
 el0t_64_sync_handler+0x98/0x108 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:733
 el0t_64_sync+0x19c/0x1a0 proc/self/cwd/common/arch/arm64/kernel/entry.S:598
Code: 17fffff9 d503249f 97e7830c f9800271 (885f7e69) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	17fffff9 	b	0xffffffffffffffe4
   4:	d503249f 	hint	#0x24
   8:	97e7830c 	bl	0xffffffffff9e0c38
   c:	f9800271 	prfm	pstl1strm, [x19]
* 10:	885f7e69 	ldxr	w9, [x19] <-- trapping instruction

For immediate assistance, please email our customer support: [email protected]

Download RAW File