Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.228' (ECDSA) to the list of known hosts. 2021/09/03 09:16:49 fuzzer started 2021/09/03 09:16:49 connecting to host at 10.128.0.169:40963 2021/09/03 09:16:49 checking machine... 2021/09/03 09:16:49 checking revisions... 2021/09/03 09:16:50 testing simple program... syzkaller login: [ 75.567754][ T6567] chnl_net:caif_netlink_parms(): no params data found [ 75.642663][ T6567] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.652213][ T6567] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.661572][ T6567] device bridge_slave_0 entered promiscuous mode [ 75.671459][ T6567] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.678854][ T6567] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.688369][ T6567] device bridge_slave_1 entered promiscuous mode [ 75.721100][ T6567] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.733720][ T6567] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.771296][ T6567] team0: Port device team_slave_0 added [ 75.778732][ T6567] team0: Port device team_slave_1 added [ 75.808594][ T6567] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.816641][ T6567] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.844921][ T6567] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.858474][ T6567] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.866258][ T6567] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.893850][ T6567] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.932644][ T6567] device hsr_slave_0 entered promiscuous mode [ 75.941080][ T6567] device hsr_slave_1 entered promiscuous mode [ 76.074554][ T6567] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.089829][ T6567] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.100475][ T6567] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.110225][ T6567] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.138609][ T6567] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.145973][ T6567] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.154216][ T6567] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.161867][ T6567] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.209633][ T6567] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.225884][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.237279][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.247836][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.257170][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 76.272386][ T6567] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.286421][ T1052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.295572][ T1052] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.303100][ T1052] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.316251][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.325190][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.332600][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.353827][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.367505][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.376711][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.390534][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.404418][ T6567] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 76.416972][ T6567] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.426458][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.447163][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.455300][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.469404][ T6567] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.490963][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.513970][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.523555][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.533905][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.546315][ T6567] device veth0_vlan entered promiscuous mode [ 76.559344][ T6567] device veth1_vlan entered promiscuous mode [ 76.587000][ T6567] device veth0_macvtap entered promiscuous mode [ 76.595060][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.605531][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.616005][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.628572][ T6567] device veth1_macvtap entered promiscuous mode [ 76.647301][ T6567] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.655114][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.666247][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.675530][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.688430][ T6567] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.697366][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.707103][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.719644][ T6567] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.729388][ T6567] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.739069][ T6567] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 76.748442][ T6567] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.851272][ T159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.859491][ T159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.901822][ T1163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.904921][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.918687][ T1163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.932248][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2021/09/03 09:16:53 building call list... [ 79.232173][ T149] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.520701][ T6567] syz-executor.0 (6567) used greatest stack depth: 22320 bytes left executing program [ 80.236570][ T6554] ================================================================== [ 80.247405][ T6554] BUG: KASAN: null-ptr-deref in fuse_conn_put+0x1d7/0x300 [ 80.254520][ T6554] Read of size 4 at addr 0000000000000000 by task syz-fuzzer/6554 [ 80.262324][ T6554] [ 80.264810][ T6554] CPU: 0 PID: 6554 Comm: syz-fuzzer Not tainted 5.14.0-next-20210903-syzkaller #0 [ 80.274076][ T6554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.284308][ T6554] Call Trace: [ 80.287675][ T6554] dump_stack_lvl+0xcd/0x134 [ 80.292350][ T6554] kasan_report.cold+0x66/0xdf [ 80.297364][ T6554] ? fuse_conn_put+0x1d7/0x300 [ 80.302118][ T6554] kasan_check_range+0x13d/0x180 [ 80.307072][ T6554] fuse_conn_put+0x1d7/0x300 [ 80.311652][ T6554] fuse_dev_free+0x155/0x1f0 [ 80.316316][ T6554] fuse_dev_release+0x2a8/0x3f0 [ 80.321202][ T6554] ? fuse_abort_conn+0xc90/0xc90 [ 80.326153][ T6554] ? cuse_channel_release+0x237/0x300 [ 80.331554][ T6554] __fput+0x288/0x9f0 [ 80.335577][ T6554] ? cuse_class_waiting_show+0xa0/0xa0 [ 80.341069][ T6554] task_work_run+0xdd/0x1a0 [ 80.345584][ T6554] exit_to_user_mode_prepare+0x27e/0x290 [ 80.351402][ T6554] syscall_exit_to_user_mode+0x19/0x60 [ 80.356952][ T6554] do_syscall_64+0x42/0xb0 [ 80.361384][ T6554] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 80.367286][ T6554] RIP: 0033:0x4af19b [ 80.371352][ T6554] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 80.391160][ T6554] RSP: 002b:000000c00015f430 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 80.399575][ T6554] RAX: 0000000000000000 RBX: 000000c00001c000 RCX: 00000000004af19b [ 80.407559][ T6554] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 80.415545][ T6554] RBP: 000000c00015f470 R08: 0000000000000001 R09: 0000000000000000 [ 80.423530][ T6554] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000014f [ 80.431686][ T6554] R13: 000000000000014e R14: 0000000000000200 R15: 000000c000424320 [ 80.439671][ T6554] ================================================================== [ 80.447807][ T6554] Disabling lock debugging due to kernel taint [ 80.455489][ T6554] Kernel panic - not syncing: panic_on_warn set ... [ 80.462089][ T6554] CPU: 1 PID: 6554 Comm: syz-fuzzer Tainted: G B 5.14.0-next-20210903-syzkaller #0 [ 80.472690][ T6554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.482739][ T6554] Call Trace: [ 80.486010][ T6554] dump_stack_lvl+0xcd/0x134 [ 80.491037][ T6554] panic+0x2b0/0x6dd [ 80.494945][ T6554] ? __warn_printk+0xf3/0xf3 [ 80.499549][ T6554] ? preempt_schedule_common+0x59/0xc0 [ 80.505267][ T6554] ? fuse_conn_put+0x1d7/0x300 [ 80.510033][ T6554] ? preempt_schedule_thunk+0x16/0x18 [ 80.515501][ T6554] ? trace_hardirqs_on+0x38/0x1c0 [ 80.520525][ T6554] ? trace_hardirqs_on+0x51/0x1c0 [ 80.525548][ T6554] ? fuse_conn_put+0x1d7/0x300 [ 80.530320][ T6554] ? fuse_conn_put+0x1d7/0x300 [ 80.535080][ T6554] end_report.cold+0x63/0x6f [ 80.539689][ T6554] kasan_report.cold+0x71/0xdf [ 80.544541][ T6554] ? fuse_conn_put+0x1d7/0x300 [ 80.549303][ T6554] kasan_check_range+0x13d/0x180 [ 80.554947][ T6554] fuse_conn_put+0x1d7/0x300 [ 80.559726][ T6554] fuse_dev_free+0x155/0x1f0 [ 80.564585][ T6554] fuse_dev_release+0x2a8/0x3f0 [ 80.569438][ T6554] ? fuse_abort_conn+0xc90/0xc90 [ 80.574549][ T6554] ? cuse_channel_release+0x237/0x300 [ 80.580008][ T6554] __fput+0x288/0x9f0 [ 80.584104][ T6554] ? cuse_class_waiting_show+0xa0/0xa0 [ 80.589567][ T6554] task_work_run+0xdd/0x1a0 [ 80.594071][ T6554] exit_to_user_mode_prepare+0x27e/0x290 [ 80.599896][ T6554] syscall_exit_to_user_mode+0x19/0x60 [ 80.605907][ T6554] do_syscall_64+0x42/0xb0 [ 80.610495][ T6554] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 80.616392][ T6554] RIP: 0033:0x4af19b [ 80.620282][ T6554] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 80.639984][ T6554] RSP: 002b:000000c00015f430 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 80.648482][ T6554] RAX: 0000000000000000 RBX: 000000c00001c000 RCX: 00000000004af19b [ 80.656445][ T6554] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 80.664521][ T6554] RBP: 000000c00015f470 R08: 0000000000000001 R09: 0000000000000000 [ 80.672519][ T6554] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000014f [ 80.680583][ T6554] R13: 000000000000014e R14: 0000000000000200 R15: 000000c000424320 [ 80.690028][ T6554] Kernel Offset: disabled [ 80.694366][ T6554] Rebooting in 86400 seconds..