[ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started System Logging Service. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.183' (ECDSA) to the list of known hosts. 2020/11/12 23:47:29 fuzzer started 2020/11/12 23:47:30 connecting to host at 10.128.0.26:39809 2020/11/12 23:47:30 checking machine... 2020/11/12 23:47:30 checking revisions... 2020/11/12 23:47:31 testing simple program... executing program executing program syzkaller login: [ 157.308260][ T8271] IPVS: ftp: loaded support on port[0] = 21 [ 157.602206][ T8271] chnl_net:caif_netlink_parms(): no params data found [ 157.716589][ T8271] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.724891][ T8271] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.734438][ T8271] device bridge_slave_0 entered promiscuous mode [ 157.747173][ T8271] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.755056][ T8271] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.764563][ T8271] device bridge_slave_1 entered promiscuous mode [ 157.811085][ T8271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 157.824751][ T8271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.859729][ T8271] team0: Port device team_slave_0 added [ 157.870311][ T8271] team0: Port device team_slave_1 added [ 157.899433][ T8271] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 157.906762][ T8271] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.933111][ T8271] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 157.946425][ T8271] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 157.954165][ T8271] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.981304][ T8271] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 158.026039][ T8271] device hsr_slave_0 entered promiscuous mode [ 158.033956][ T8271] device hsr_slave_1 entered promiscuous mode [ 158.210915][ T8271] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 158.226380][ T8271] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 158.243651][ T8271] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 158.260136][ T8271] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 158.351874][ T8271] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.359383][ T8271] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.366896][ T8271] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.374410][ T8271] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.454044][ T8271] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.479418][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 158.493099][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.502352][ T56] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.514858][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 158.533684][ T8271] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.553486][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 158.562679][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.570377][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.588738][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 158.598015][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 158.607906][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.615454][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.642944][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.653541][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.664902][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.676295][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.694986][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.705479][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.716088][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.737850][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 158.747329][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.771493][ T8271] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 158.784098][ T8271] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 158.794114][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 158.803964][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 158.835251][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 158.843360][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 158.867391][ T8271] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.902040][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 158.912531][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 158.947655][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 158.957649][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 158.975666][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 158.984716][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 158.994829][ T8271] device veth0_vlan entered promiscuous mode [ 159.016754][ T8271] device veth1_vlan entered promiscuous mode [ 159.057644][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 159.066741][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 159.076234][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 159.085894][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 159.103339][ T8271] device veth0_macvtap entered promiscuous mode [ 159.118053][ T8271] device veth1_macvtap entered promiscuous mode [ 159.151352][ T8271] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 159.159764][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 159.169218][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 159.178460][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 159.188314][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready executing program [ 159.205365][ T8271] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 159.219917][ T8271] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.228904][ T8271] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.237773][ T8271] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.239664][ T4712] Bluetooth: hci0: command 0x0409 tx timeout [ 159.246746][ T8271] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.267020][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 159.277128][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 159.575276][ T1484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.584056][ T1484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.593902][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 159.680114][ T402] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.688485][ T402] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.696893][ T8493] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2020/11/12 23:47:40 building call list... [ 160.745796][ T402] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.992312][ T402] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.195177][ T402] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.382770][ T402] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 164.251785][ T402] device hsr_slave_0 left promiscuous mode [ 164.273234][ T402] device hsr_slave_1 left promiscuous mode [ 164.290921][ T402] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 164.298654][ T402] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 164.307927][ T402] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 164.315862][ T402] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 164.333468][ T402] device bridge_slave_1 left promiscuous mode [ 164.340479][ T402] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.356827][ T402] device bridge_slave_0 left promiscuous mode [ 164.363897][ T402] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.397197][ T402] device veth1_macvtap left promiscuous mode [ 164.403751][ T402] device veth0_macvtap left promiscuous mode [ 164.410055][ T402] device veth1_vlan left promiscuous mode [ 164.415921][ T402] device veth0_vlan left promiscuous mode executing program executing program [ 168.192649][ T402] team0 (unregistering): Port device team_slave_1 removed [ 168.217253][ T402] team0 (unregistering): Port device team_slave_0 removed [ 168.241180][ T402] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 168.268024][ T402] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 168.377616][ T402] bond0 (unregistering): Released all slaves [ 168.870946][ T402] BUG: kernel NULL pointer dereference, address: 000000000000009c [ 168.878865][ T402] #PF: supervisor read access in kernel mode [ 168.884910][ T402] #PF: error_code(0x0000) - not-present page [ 168.890953][ T402] PGD 11c479067 P4D 11c479067 PUD 126c3f067 PMD 0 [ 168.897673][ T402] Oops: 0000 [#1] SMP [ 168.901748][ T402] CPU: 0 PID: 402 Comm: kworker/u4:9 Not tainted 5.10.0-rc1-syzkaller #0 [ 168.910229][ T402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.920392][ T402] Workqueue: netns cleanup_net [ 168.925289][ T402] RIP: 0010:afs_unuse_cell+0x67/0x780 [ 168.930778][ T402] Code: 4d 8b 6f 08 45 8b a7 88 0c 00 00 41 8b 87 90 0c 00 00 89 45 d4 e8 b9 d7 78 fd 49 8d 9e 9c 00 00 00 4d 85 ed 0f 85 30 04 00 00 <41> 8b 86 9c 00 00 00 89 45 8c 48 89 df e8 a7 f8 f7 fd 8b 18 8b 0a [ 168.950478][ T402] RSP: 0018:ffff888105053a38 EFLAGS: 00010246 [ 168.956659][ T402] RAX: ffffffff843e3717 RBX: 000000000000009c RCX: ffff888105035c40 [ 168.964749][ T402] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888123fba000 [ 168.972811][ T402] RBP: ffff888105053ac0 R08: ffffea000000000f R09: ffff88813fffa000 [ 168.980860][ T402] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000000 [ 168.988926][ T402] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888105036640 [ 168.996993][ T402] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 169.006005][ T402] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 169.012672][ T402] CR2: 000000000000009c CR3: 0000000123da3000 CR4: 00000000001506f0 [ 169.020732][ T402] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 169.028786][ T402] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 169.036811][ T402] Call Trace: [ 169.040218][ T402] ? up_write+0x62/0x220 [ 169.044567][ T402] afs_cell_purge+0xfb/0x5e0 [ 169.049269][ T402] ? del_timer_sync+0x131/0x1f0 [ 169.054246][ T402] ? afs_fs_probe_cleanup+0x111/0x140 [ 169.059824][ T402] afs_net_exit+0xc6/0x180 [ 169.064349][ T402] ? afs_net_init+0xe90/0xe90 [ 169.069137][ T402] cleanup_net+0xd73/0x1af0 [ 169.073749][ T402] ? ops_init+0x7d0/0x7d0 [ 169.078183][ T402] process_one_work+0x121c/0x1fc0 [ 169.083342][ T402] worker_thread+0x10cc/0x2740 [ 169.088215][ T402] ? kmsan_get_metadata+0x116/0x180 [ 169.093520][ T402] ? kmsan_get_metadata+0x116/0x180 [ 169.098847][ T402] kthread+0x51c/0x560 [ 169.103027][ T402] ? process_one_work+0x1fc0/0x1fc0 [ 169.108358][ T402] ? kthread_blkcg+0x110/0x110 [ 169.113227][ T402] ret_from_fork+0x1f/0x30 [ 169.117712][ T402] Modules linked in: [ 169.121696][ T402] CR2: 000000000000009c [ 169.125940][ T402] ---[ end trace fd4642bc45af292f ]--- [ 169.131500][ T402] RIP: 0010:afs_unuse_cell+0x67/0x780 [ 169.136982][ T402] Code: 4d 8b 6f 08 45 8b a7 88 0c 00 00 41 8b 87 90 0c 00 00 89 45 d4 e8 b9 d7 78 fd 49 8d 9e 9c 00 00 00 4d 85 ed 0f 85 30 04 00 00 <41> 8b 86 9c 00 00 00 89 45 8c 48 89 df e8 a7 f8 f7 fd 8b 18 8b 0a [ 169.156680][ T402] RSP: 0018:ffff888105053a38 EFLAGS: 00010246 [ 169.162859][ T402] RAX: ffffffff843e3717 RBX: 000000000000009c RCX: ffff888105035c40 [ 169.170940][ T402] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888123fba000 [ 169.179004][ T402] RBP: ffff888105053ac0 R08: ffffea000000000f R09: ffff88813fffa000 [ 169.187058][ T402] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000000 [ 169.195114][ T402] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888105036640 [ 169.203183][ T402] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 169.212196][ T402] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 169.218880][ T402] CR2: 000000000000009c CR3: 0000000123da3000 CR4: 00000000001506f0 [ 169.227024][ T402] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 169.235082][ T402] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 169.243135][ T402] Kernel panic - not syncing: Fatal exception [ 169.249996][ T402] Kernel Offset: disabled [ 169.254571][ T402] Rebooting in 86400 seconds..