Warning: Permanently added '10.128.0.186' (ECDSA) to the list of known hosts. 2020/11/13 15:51:45 fuzzer started 2020/11/13 15:51:46 connecting to host at 10.128.0.26:45889 2020/11/13 15:51:46 checking machine... 2020/11/13 15:51:46 checking revisions... 2020/11/13 15:51:46 testing simple program... executing program executing program syzkaller login: [ 156.340091][ T8252] IPVS: ftp: loaded support on port[0] = 21 [ 156.723010][ T8252] chnl_net:caif_netlink_parms(): no params data found [ 156.830312][ T8252] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.837768][ T8252] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.846586][ T8252] device bridge_slave_0 entered promiscuous mode [ 156.857291][ T8252] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.864456][ T8252] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.873946][ T8252] device bridge_slave_1 entered promiscuous mode [ 156.907678][ T8252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.920590][ T8252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.958939][ T8252] team0: Port device team_slave_0 added [ 156.970391][ T8252] team0: Port device team_slave_1 added [ 157.001888][ T8252] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 157.009038][ T8252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.035338][ T8252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 157.048576][ T8252] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 157.055568][ T8252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.081763][ T8252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 157.124676][ T8252] device hsr_slave_0 entered promiscuous mode [ 157.132213][ T8252] device hsr_slave_1 entered promiscuous mode [ 157.317672][ T8252] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 157.332043][ T8252] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 157.351944][ T8252] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 157.369529][ T8252] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 157.458130][ T8252] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.465414][ T8252] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.473271][ T8252] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.480667][ T8252] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.561540][ T8252] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.583402][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.593732][ T2976] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.606175][ T2976] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.615541][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 157.637384][ T8252] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.652280][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 157.662077][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.671468][ T1073] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.678781][ T1073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.699311][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.708488][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.718101][ T1073] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.725273][ T1073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.742330][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 157.766330][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.776837][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.786610][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.798299][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 157.813792][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.823360][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.852182][ T8252] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 157.862934][ T8252] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 157.884680][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 157.894437][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.904177][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 157.913689][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.928555][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 157.952179][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 157.960219][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 157.982498][ T8252] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.019311][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 158.028845][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 158.064860][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 158.074046][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 158.085205][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 158.094269][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 158.111374][ T8252] device veth0_vlan entered promiscuous mode [ 158.131008][ T8252] device veth1_vlan entered promiscuous mode executing program [ 158.171065][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 158.179712][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 158.189123][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 158.199498][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 158.215236][ T8252] device veth0_macvtap entered promiscuous mode [ 158.230541][ T8252] device veth1_macvtap entered promiscuous mode [ 158.262913][ T8252] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 158.270568][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 158.279917][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 158.288817][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 158.298932][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 158.316551][ T1073] Bluetooth: hci0: command 0x0409 tx timeout [ 158.325103][ T8252] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 158.332912][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 158.342525][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 158.360709][ T8252] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.369977][ T8252] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.378963][ T8252] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.387953][ T8252] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.683350][ T180] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.691403][ T180] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.701305][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 158.749351][ T180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.757405][ T180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.765149][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2020/11/13 15:51:56 building call list... [ 159.939522][ T180] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.121236][ T180] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.374752][ T180] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.553302][ T180] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 163.598890][ T180] device hsr_slave_0 left promiscuous mode [ 163.623792][ T180] device hsr_slave_1 left promiscuous mode [ 163.639563][ T180] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.647326][ T180] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.662843][ T180] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.670819][ T180] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.682329][ T180] device bridge_slave_1 left promiscuous mode [ 163.689498][ T180] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.703790][ T180] device bridge_slave_0 left promiscuous mode [ 163.711117][ T180] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.737182][ T180] device veth1_macvtap left promiscuous mode [ 163.743300][ T180] device veth0_macvtap left promiscuous mode [ 163.749688][ T180] device veth1_vlan left promiscuous mode [ 163.755639][ T180] device veth0_vlan left promiscuous mode executing program executing program [ 167.534304][ T180] team0 (unregistering): Port device team_slave_1 removed [ 167.562288][ T180] team0 (unregistering): Port device team_slave_0 removed [ 167.589407][ T180] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 167.613741][ T180] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 167.715846][ T180] bond0 (unregistering): Released all slaves [ 168.527726][ T180] BUG: kernel NULL pointer dereference, address: 000000000000009c [ 168.535657][ T180] #PF: supervisor read access in kernel mode [ 168.541714][ T180] #PF: error_code(0x0000) - not-present page [ 168.547753][ T180] PGD 11735e067 P4D 11735e067 PUD 126d51067 PMD 0 [ 168.554492][ T180] Oops: 0000 [#1] SMP [ 168.558587][ T180] CPU: 1 PID: 180 Comm: kworker/u4:4 Not tainted 5.10.0-rc1-syzkaller #0 [ 168.567083][ T180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.577265][ T180] Workqueue: netns cleanup_net [ 168.582166][ T180] RIP: 0010:afs_unuse_cell+0x67/0x780 [ 168.587657][ T180] Code: 4d 8b 6f 08 45 8b a7 88 0c 00 00 41 8b 87 90 0c 00 00 89 45 d4 e8 b9 d7 78 fd 49 8d 9e 9c 00 00 00 4d 85 ed 0f 85 30 04 00 00 <41> 8b 86 9c 00 00 00 89 45 8c 48 89 df e8 a7 f8 f7 fd 8b 18 8b 0a [ 168.607388][ T180] RSP: 0018:ffff888102e2ba38 EFLAGS: 00010246 [ 168.613610][ T180] RAX: ffffffff843e3717 RBX: 000000000000009c RCX: ffff88810446bd80 [ 168.621685][ T180] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888126dcc800 [ 168.629763][ T180] RBP: ffff888102e2bac0 R08: ffffea000000000f R09: ffff88813fffa000 [ 168.637833][ T180] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000000 [ 168.645903][ T180] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88810446c780 [ 168.653986][ T180] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 168.663011][ T180] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 168.669794][ T180] CR2: 000000000000009c CR3: 00000001257f5000 CR4: 00000000001506e0 [ 168.677865][ T180] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 168.685952][ T180] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 168.693989][ T180] Call Trace: [ 168.697407][ T180] ? up_write+0x62/0x220 [ 168.701780][ T180] afs_cell_purge+0xfb/0x5e0 [ 168.706500][ T180] ? del_timer_sync+0x131/0x1f0 [ 168.711480][ T180] ? afs_fs_probe_cleanup+0x111/0x140 [ 168.716970][ T180] afs_net_exit+0xc6/0x180 [ 168.721494][ T180] ? afs_net_init+0xe90/0xe90 [ 168.726273][ T180] cleanup_net+0xd73/0x1af0 [ 168.730894][ T180] ? ops_init+0x7d0/0x7d0 [ 168.735342][ T180] process_one_work+0x121c/0x1fc0 [ 168.740512][ T180] worker_thread+0x10cc/0x2740 [ 168.745380][ T180] ? kmsan_get_metadata+0x116/0x180 [ 168.750682][ T180] ? kmsan_get_metadata+0x116/0x180 [ 168.756014][ T180] kthread+0x51c/0x560 [ 168.760189][ T180] ? process_one_work+0x1fc0/0x1fc0 [ 168.765523][ T180] ? kthread_blkcg+0x110/0x110 [ 168.770399][ T180] ret_from_fork+0x1f/0x30 [ 168.774884][ T180] Modules linked in: [ 168.778870][ T180] CR2: 000000000000009c [ 168.783118][ T180] ---[ end trace a45db3ecf360af8a ]--- [ 168.788793][ T180] RIP: 0010:afs_unuse_cell+0x67/0x780 [ 168.794280][ T180] Code: 4d 8b 6f 08 45 8b a7 88 0c 00 00 41 8b 87 90 0c 00 00 89 45 d4 e8 b9 d7 78 fd 49 8d 9e 9c 00 00 00 4d 85 ed 0f 85 30 04 00 00 <41> 8b 86 9c 00 00 00 89 45 8c 48 89 df e8 a7 f8 f7 fd 8b 18 8b 0a [ 168.814031][ T180] RSP: 0018:ffff888102e2ba38 EFLAGS: 00010246 [ 168.820231][ T180] RAX: ffffffff843e3717 RBX: 000000000000009c RCX: ffff88810446bd80 [ 168.828295][ T180] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888126dcc800 [ 168.836373][ T180] RBP: ffff888102e2bac0 R08: ffffea000000000f R09: ffff88813fffa000 [ 168.844435][ T180] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000000 [ 168.852513][ T180] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88810446c780 [ 168.860603][ T180] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 168.869634][ T180] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 168.876332][ T180] CR2: 000000000000009c CR3: 00000001257f5000 CR4: 00000000001506e0 [ 168.884414][ T180] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 168.892476][ T180] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 168.900532][ T180] Kernel panic - not syncing: Fatal exception [ 168.907355][ T180] Kernel Offset: disabled [ 168.911801][ T180] Rebooting in 86400 seconds..