Warning: Permanently added '10.128.1.21' (ED25519) to the list of known hosts.
2023/09/26 12:02:02 ignoring optional flag "sandboxArg"="0"
2023/09/26 12:02:02 parsed 1 programs
[ 41.526313][ T27] audit: type=1400 audit(1695729722.615:156): avc: denied { mounton } for pid=346 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 41.551177][ T27] audit: type=1400 audit(1695729722.615:157): avc: denied { mount } for pid=346 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
2023/09/26 12:02:02 executed programs: 0
[ 41.592685][ T27] audit: type=1400 audit(1695729722.685:158): avc: denied { unlink } for pid=346 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 41.622827][ T346] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 41.668455][ T351] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.675731][ T351] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.683166][ T351] device bridge_slave_0 entered promiscuous mode
[ 41.689675][ T351] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.696911][ T351] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.704335][ T351] device bridge_slave_1 entered promiscuous mode
[ 41.742143][ T27] audit: type=1400 audit(1695729722.825:159): avc: denied { write } for pid=351 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 41.747054][ T351] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.762574][ T27] audit: type=1400 audit(1695729722.835:160): avc: denied { read } for pid=351 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 41.769372][ T351] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.796711][ T351] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.803507][ T351] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.820878][ T36] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.828007][ T36] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.835623][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 41.843281][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 41.851805][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 41.859835][ T35] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.868061][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.882841][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 41.890741][ T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.897599][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.904773][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 41.913109][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 41.923350][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 41.934389][ T351] device veth0_vlan entered promiscuous mode
[ 41.942565][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 41.950211][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 41.957707][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 41.967504][ T351] device veth1_macvtap entered promiscuous mode
[ 41.974152][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 41.987123][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 41.995241][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 42.007520][ T27] audit: type=1400 audit(1695729723.095:161): avc: denied { mounton } for pid=351 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 42.036704][ T27] audit: type=1400 audit(1695729723.125:162): avc: denied { mounton } for pid=356 comm="syz-executor.0" path="/root/syzkaller-testdir3021294557/syzkaller.PScbSd/0/file0" dev="sda1" ino=1938 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 42.139363][ T359] ==================================================================
[ 42.147486][ T359] BUG: KASAN: null-ptr-deref in ihold+0x19/0x30
[ 42.153532][ T359] Write of size 4 at addr 0000000000000170 by task syz-executor.0/359
[ 42.161598][ T359]
[ 42.163772][ T359] CPU: 1 PID: 359 Comm: syz-executor.0 Not tainted 6.1.25-syzkaller #0
[ 42.171957][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 42.181849][ T359] Call Trace:
[ 42.184976][ T359]
[ 42.187755][ T359] dump_stack_lvl+0x105/0x148
[ 42.192264][ T359] ? panic+0x3b4/0x3b4
[ 42.196256][ T359] ? nf_tcp_handle_invalid+0x30b/0x30b
[ 42.202591][ T359] ? _printk+0xca/0x10a
[ 42.206584][ T359] print_report+0xe1/0x4e0
[ 42.210845][ T359] ? __kasan_slab_free+0x11/0x20
[ 42.215611][ T359] ? kasan_addr_to_slab+0xd/0x80
[ 42.220385][ T359] ? ihold+0x19/0x30
[ 42.224113][ T359] kasan_report+0x13c/0x170
[ 42.228549][ T359] ? ihold+0x19/0x30
[ 42.232282][ T359] kasan_check_range+0x294/0x2a0
[ 42.237055][ T359] __kasan_check_write+0x14/0x20
[ 42.241851][ T359] ihold+0x19/0x30
[ 42.245378][ T359] backing_data_changed+0x1ce/0x4b0
[ 42.251200][ T359] ? fuse_init_symlink+0x70/0x70
[ 42.255991][ T359] ? kasan_save_alloc_info+0x1f/0x30
[ 42.261091][ T359] ? dput+0x219/0x250
[ 42.264909][ T359] fuse_dentry_revalidate+0x76e/0xbe0
[ 42.270203][ T359] ? fuse_invalidate_entry_cache+0x250/0x250
[ 42.276027][ T359] ? __kasan_check_write+0x14/0x20
[ 42.280969][ T359] ? __d_lookup+0x3b5/0x400
[ 42.285304][ T359] __lookup_hash+0x98/0x1f0
[ 42.289644][ T359] do_renameat2+0x564/0x10d0
[ 42.294072][ T359] ? fsnotify_move+0x400/0x400
[ 42.298769][ T359] ? __kasan_slab_alloc+0x6c/0x80
[ 42.303758][ T359] ? getname_flags+0xe7/0x440
[ 42.308238][ T359] __x64_sys_rename+0x81/0x90
[ 42.312778][ T359] do_syscall_64+0x3d/0xb0
[ 42.316998][ T359] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 42.322754][ T359] RIP: 0033:0x7f3fc9a7cae9
[ 42.326974][ T359] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 42.346508][ T359] RSP: 002b:00007f3fc95de0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[ 42.354749][ T359] RAX: ffffffffffffffda RBX: 00007f3fc9b9c050 RCX: 00007f3fc9a7cae9
[ 42.362561][ T359] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000020000100
[ 42.370368][ T359] RBP: 00007f3fc9ac847a R08: 0000000000000000 R09: 0000000000000000
[ 42.378187][ T359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 42.385991][ T359] R13: 000000000000006e R14: 00007f3fc9b9c050 R15: 00007ffdc0e549d8
[ 42.393806][ T359]
[ 42.396673][ T359] ==================================================================
[ 42.404680][ T359] Disabling lock debugging due to kernel taint
[ 42.410627][ T359] BUG: kernel NULL pointer dereference, address: 0000000000000170
[ 42.418194][ T359] #PF: supervisor write access in kernel mode
[ 42.424179][ T359] #PF: error_code(0x0002) - not-present page
[ 42.429996][ T359] PGD 12512d067 P4D 12512d067 PUD 125131067 PMD 0
[ 42.436331][ T359] Oops: 0002 [#1] PREEMPT SMP KASAN
[ 42.441366][ T359] CPU: 0 PID: 359 Comm: syz-executor.0 Tainted: G B 6.1.25-syzkaller #0
[ 42.450910][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 42.461156][ T359] RIP: 0010:ihold+0x1e/0x30
[ 42.465501][ T359] Code: 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 55 48 89 e5 53 48 89 fb 48 81 c7 70 01 00 00 be 04 00 00 00 e8 b7 98 f2 ff b8 01 00 00 00 0f c1 83 70 01 00 00 5b 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5
[ 42.484945][ T359] RSP: 0018:ffffc90000db77e8 EFLAGS: 00010246
[ 42.490834][ T359] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff813b4140
[ 42.498649][ T359] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff85c9f7e0
[ 42.506457][ T359] RBP: ffffc90000db77f0 R08: dffffc0000000000 R09: fffffbfff0b93efd
[ 42.514268][ T359] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 42.522169][ T359] R13: ffffc90000db78a0 R14: 1ffff920001b6f0c R15: ffff8881234e3ee0
[ 42.529993][ T359] FS: 00007f3fc95de6c0(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
[ 42.538755][ T359] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.545171][ T359] CR2: 0000000000000170 CR3: 000000012511e000 CR4: 00000000003506b0
[ 42.553009][ T359] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 42.560801][ T359] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 42.568612][ T359] Call Trace:
[ 42.571817][ T359]
[ 42.574593][ T359] backing_data_changed+0x1ce/0x4b0
[ 42.580070][ T359] ? fuse_init_symlink+0x70/0x70
[ 42.584853][ T359] ? kasan_save_alloc_info+0x1f/0x30
[ 42.590048][ T359] ? dput+0x219/0x250
[ 42.593864][ T359] fuse_dentry_revalidate+0x76e/0xbe0
[ 42.599073][ T359] ? fuse_invalidate_entry_cache+0x250/0x250
[ 42.604894][ T359] ? __kasan_check_write+0x14/0x20
[ 42.610533][ T359] ? __d_lookup+0x3b5/0x400
[ 42.614871][ T359] __lookup_hash+0x98/0x1f0
[ 42.619221][ T359] do_renameat2+0x564/0x10d0
[ 42.623641][ T359] ? fsnotify_move+0x400/0x400
[ 42.628245][ T359] ? __kasan_slab_alloc+0x6c/0x80
[ 42.633104][ T359] ? getname_flags+0xe7/0x440
[ 42.637603][ T359] __x64_sys_rename+0x81/0x90
[ 42.642144][ T359] do_syscall_64+0x3d/0xb0
[ 42.646371][ T359] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 42.652105][ T359] RIP: 0033:0x7f3fc9a7cae9
[ 42.656359][ T359] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 42.675887][ T359] RSP: 002b:00007f3fc95de0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[ 42.684121][ T359] RAX: ffffffffffffffda RBX: 00007f3fc9b9c050 RCX: 00007f3fc9a7cae9
[ 42.691932][ T359] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000020000100
[ 42.699758][ T359] RBP: 00007f3fc9ac847a R08: 0000000000000000 R09: 0000000000000000
[ 42.707658][ T359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 42.718300][ T359] R13: 000000000000006e R14: 00007f3fc9b9c050 R15: 00007ffdc0e549d8
[ 42.726212][ T359]
[ 42.729063][ T359] Modules linked in:
[ 42.732801][ T359] CR2: 0000000000000170
[ 42.736790][ T359] ---[ end trace 0000000000000000 ]---
[ 42.742081][ T359] RIP: 0010:ihold+0x1e/0x30
[ 42.746426][ T359] Code: 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 55 48 89 e5 53 48 89 fb 48 81 c7 70 01 00 00 be 04 00 00 00 e8 b7 98 f2 ff b8 01 00 00 00 0f c1 83 70 01 00 00 5b 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5
[ 42.765862][ T359] RSP: 0018:ffffc90000db77e8 EFLAGS: 00010246
[ 42.771766][ T359] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff813b4140
[ 42.779584][ T359] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff85c9f7e0
[ 42.787388][ T359] RBP: ffffc90000db77f0 R08: dffffc0000000000 R09: fffffbfff0b93efd
[ 42.795200][ T359] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 42.803008][ T359] R13: ffffc90000db78a0 R14: 1ffff920001b6f0c R15: ffff8881234e3ee0
[ 42.810919][ T359] FS: 00007f3fc95de6c0(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
[ 42.819682][ T359] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.826096][ T359] CR2: 0000000000000170 CR3: 000000012511e000 CR4: 00000000003506b0
[ 42.833921][ T359] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 42.841722][ T359] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 42.849627][ T359] Kernel panic - not syncing: Fatal exception
[ 42.855808][ T359] Kernel Offset: disabled
[ 42.859924][ T359] Rebooting in 86400 seconds..