Warning: Permanently added '10.128.1.141' (ECDSA) to the list of known hosts. 2023/03/23 18:03:10 fuzzer started 2023/03/23 18:03:10 dialing manager at 10.128.0.169:40369 2023/03/23 18:03:10 checking machine... 2023/03/23 18:03:10 checking revisions... 2023/03/23 18:03:10 testing simple program... [ 54.228738][ T5090] cgroup: Unknown subsys name 'net' [ 54.372166][ T5090] cgroup: Unknown subsys name 'rlimit' [ 54.498589][ T5085] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5085 'syz-fuzzer' [ 54.620299][ T5095] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 54.628206][ T5095] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 54.636489][ T5095] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 54.645203][ T5095] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 54.653371][ T5095] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 54.660812][ T5095] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 54.776229][ T5094] chnl_net:caif_netlink_parms(): no params data found [ 54.820011][ T5094] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.827839][ T5094] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.835399][ T5094] bridge_slave_0: entered allmulticast mode [ 54.842372][ T5094] bridge_slave_0: entered promiscuous mode [ 54.850927][ T5094] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.858566][ T5094] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.866019][ T5094] bridge_slave_1: entered allmulticast mode [ 54.873307][ T5094] bridge_slave_1: entered promiscuous mode [ 54.892940][ T5094] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.904758][ T5094] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.927302][ T5094] team0: Port device team_slave_0 added [ 54.935244][ T5094] team0: Port device team_slave_1 added [ 54.953820][ T5094] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.960850][ T5094] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.987737][ T5094] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.001574][ T5094] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.008727][ T5094] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.035227][ T5094] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.065581][ T5094] hsr_slave_0: entered promiscuous mode [ 55.071918][ T5094] hsr_slave_1: entered promiscuous mode [ 55.156093][ T5094] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.166526][ T5094] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.176058][ T5094] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.185520][ T5094] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.206878][ T5094] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.214164][ T5094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.222300][ T5094] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.229476][ T5094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.276068][ T5094] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.291502][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.306015][ T4406] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.314860][ T4406] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.323842][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 55.336713][ T5094] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.348234][ T5103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.357123][ T5103] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.364983][ T5103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.377522][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.386632][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.394503][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.416795][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.426314][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.436579][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.447108][ T4405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.458355][ T5105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.469425][ T5094] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.603024][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 55.611813][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 55.622949][ T5094] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.639247][ T5105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.658997][ T5094] veth0_vlan: entered promiscuous mode [ 55.666343][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.675537][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.683884][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.696679][ T5094] veth1_vlan: entered promiscuous mode [ 55.706264][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 55.727302][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 55.736155][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.748410][ T5094] veth0_macvtap: entered promiscuous mode [ 55.758240][ T5094] veth1_macvtap: entered promiscuous mode [ 55.774085][ T5094] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.782251][ T5105] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 55.791949][ T5105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.804760][ T5094] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.814722][ T5105] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.824914][ T5105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.835629][ T5094] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.845507][ T5094] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.854924][ T5094] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.863874][ T5094] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.927535][ T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.936938][ T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.949036][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 55.962788][ T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.971539][ T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.980615][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2023/03/23 18:03:12 building call list... executing program [ 57.218708][ T5110] BUG: unable to handle page fault for address: ffffffff000000c7 [ 57.226548][ T5110] #PF: supervisor read access in kernel mode [ 57.232529][ T5110] #PF: error_code(0x0000) - not-present page [ 57.238495][ T5110] PGD c572067 P4D c572067 PUD 0 [ 57.243519][ T5110] Oops: 0000 [#1] PREEMPT SMP KASAN [ 57.248809][ T5110] CPU: 0 PID: 5110 Comm: syz-fuzzer Not tainted 6.3.0-rc3-next-20230323-syzkaller #0 [ 57.258318][ T5110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 57.268585][ T5110] RIP: 0010:vma_merge+0x243/0x1fd0 [ 57.273799][ T5110] Code: 44 24 08 48 8d b8 a8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 4d 18 00 00 48 8b 44 24 08 <48> 8b b0 a8 00 00 00 4c 39 ee 0f 84 bf 03 00 00 48 89 74 24 50 e8 [ 57.293680][ T5110] RSP: 0018:ffffc900043ef998 EFLAGS: 00010246 [ 57.299879][ T5110] RAX: ffffffff0000001f RBX: ffff88806fd15a00 RCX: 0000000000000000 [ 57.307964][ T5110] RDX: 1fffffffe0000018 RSI: ffffffff81c37957 RDI: ffffffff000000c7 [ 57.316146][ T5110] RBP: ffff88806fd15800 R08: 0000000000000006 R09: 0000000000000000 [ 57.324149][ T5110] R10: 000000c0021fffff R11: 0000000000000000 R12: 0000000000000001 [ 57.332211][ T5110] R13: 0000000000000000 R14: 000000c002200000 R15: 0000000000000000 [ 57.340230][ T5110] FS: 000000c000bf6890(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 57.349199][ T5110] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.355976][ T5110] CR2: ffffffff000000c7 CR3: 000000001c42f000 CR4: 00000000003506f0 [ 57.365000][ T5110] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.372974][ T5110] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.381576][ T5110] Call Trace: [ 57.385201][ T5110] [ 57.388585][ T5110] ? vma_shrink+0x5c0/0x5c0 [ 57.393185][ T5110] ? print_usage_bug.part.0+0x660/0x660 [ 57.398828][ T5110] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 57.405795][ T5110] ? __lock_acquire+0x1916/0x5df0 [ 57.410850][ T5110] madvise_update_vma+0x23f/0xd40 [ 57.415979][ T5110] ? mt_find+0x27a/0x8e0 [ 57.420226][ T5110] ? anon_vma_name_alloc+0xe0/0xe0 [ 57.425814][ T5110] madvise_vma_behavior+0x7f6/0x20e0 [ 57.431118][ T5110] ? mas_find+0x200/0x200 [ 57.435449][ T5110] ? madvise_vma_anon_name+0xf0/0xf0 [ 57.440924][ T5110] ? find_vma+0x10c/0x1b0 [ 57.446988][ T5110] ? can_vma_merge_before+0x3a0/0x3a0 [ 57.452368][ T5110] ? trace_lock_acquire+0x12d/0x180 [ 57.457605][ T5110] madvise_walk_vmas+0x1c7/0x2b0 [ 57.462737][ T5110] ? madvise_vma_anon_name+0xf0/0xf0 [ 57.468038][ T5110] ? __remove_memory+0x40/0x40 [ 57.472817][ T5110] ? down_write_killable_nested+0x250/0x250 [ 57.478810][ T5110] ? find_held_lock+0x2d/0x110 [ 57.483576][ T5110] do_madvise.part.0+0x193/0x470 [ 57.488624][ T5110] ? madvise_pageout+0x560/0x560 [ 57.493581][ T5110] __x64_sys_madvise+0x117/0x150 [ 57.498544][ T5110] do_syscall_64+0x39/0xb0 [ 57.502965][ T5110] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.508885][ T5110] RIP: 0033:0x46b557 [ 57.512867][ T5110] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14 [ 57.532477][ T5110] RSP: 002b:000000c000235e60 EFLAGS: 00000206 ORIG_RAX: 000000000000001c [ 57.540975][ T5110] RAX: ffffffffffffffda RBX: 0000000000a12000 RCX: 000000000046b557 [ 57.549388][ T5110] RDX: 000000000000000e RSI: 0000000000800000 RDI: 000000c001e00000 [ 57.557354][ T5110] RBP: 000000c000235e88 R08: 0000000000000509 R09: 000000c001cf2000 [ 57.565322][ T5110] R10: 0000000000001381 R11: 0000000000000206 R12: 0000000000000509 [ 57.573376][ T5110] R13: 0000000000000003 R14: 000000c0004f6d00 R15: 00000000010e0700 [ 57.581365][ T5110] [ 57.584394][ T5110] Modules linked in: [ 57.588454][ T5110] CR2: ffffffff000000c7 [ 57.592689][ T5110] ---[ end trace 0000000000000000 ]--- [ 57.598133][ T5110] RIP: 0010:vma_merge+0x243/0x1fd0 [ 57.603264][ T5110] Code: 44 24 08 48 8d b8 a8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 4d 18 00 00 48 8b 44 24 08 <48> 8b b0 a8 00 00 00 4c 39 ee 0f 84 bf 03 00 00 48 89 74 24 50 e8 [ 57.622872][ T5110] RSP: 0018:ffffc900043ef998 EFLAGS: 00010246 [ 57.629037][ T5110] RAX: ffffffff0000001f RBX: ffff88806fd15a00 RCX: 0000000000000000 [ 57.637008][ T5110] RDX: 1fffffffe0000018 RSI: ffffffff81c37957 RDI: ffffffff000000c7 [ 57.644986][ T5110] RBP: ffff88806fd15800 R08: 0000000000000006 R09: 0000000000000000 [ 57.653129][ T5110] R10: 000000c0021fffff R11: 0000000000000000 R12: 0000000000000001 [ 57.661285][ T5110] R13: 0000000000000000 R14: 000000c002200000 R15: 0000000000000000 [ 57.669263][ T5110] FS: 000000c000bf6890(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 57.678195][ T5110] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.684876][ T5110] CR2: ffffffff000000c7 CR3: 000000001c42f000 CR4: 00000000003506f0 [ 57.692937][ T5110] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.701005][ T5110] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.708976][ T5110] Kernel panic - not syncing: Fatal exception [ 57.715186][ T5110] Kernel Offset: disabled [ 57.719564][ T5110] Rebooting in 86400 seconds..