DUID 00:04:99:cf:64:81:91:3a:f8:b3:88:a8:0e:05:2a:78:8a:13 forked to background, child pid 4656 [ 39.200173][ T4657] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.211199][ T4657] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts. 2023/03/23 03:23:16 fuzzer started 2023/03/23 03:23:16 connecting to host at 10.128.0.169:43037 2023/03/23 03:23:16 checking machine... 2023/03/23 03:23:16 checking revisions... 2023/03/23 03:23:17 testing simple program... syzkaller login: [ 63.168252][ T5082] cgroup: Unknown subsys name 'net' [ 63.337686][ T5082] cgroup: Unknown subsys name 'rlimit' [ 63.463022][ T5080] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5080 'syz-fuzzer' [ 63.588643][ T5086] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 63.597394][ T5086] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 63.605225][ T5086] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 63.614090][ T5086] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 63.621724][ T5086] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 63.630056][ T5086] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 63.761150][ T5084] chnl_net:caif_netlink_parms(): no params data found [ 63.809294][ T5084] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.818185][ T5084] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.826546][ T5084] bridge_slave_0: entered allmulticast mode [ 63.833332][ T5084] bridge_slave_0: entered promiscuous mode [ 63.842879][ T5084] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.850903][ T5084] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.858549][ T5084] bridge_slave_1: entered allmulticast mode [ 63.865327][ T5084] bridge_slave_1: entered promiscuous mode [ 63.888317][ T5084] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.899570][ T5084] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.924733][ T5084] team0: Port device team_slave_0 added [ 63.934463][ T5084] team0: Port device team_slave_1 added [ 63.954836][ T5084] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.962068][ T5084] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.988680][ T5084] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.001627][ T5084] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.009141][ T5084] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.035474][ T5084] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.068068][ T5084] hsr_slave_0: entered promiscuous mode [ 64.075227][ T5084] hsr_slave_1: entered promiscuous mode [ 64.164104][ T5084] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.177398][ T5084] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.188467][ T5084] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.199017][ T5084] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.222802][ T5084] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.230550][ T5084] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.238602][ T5084] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.245960][ T5084] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.294951][ T5084] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.308789][ T4777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.320434][ T4777] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.329959][ T4777] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.339685][ T4777] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 64.355247][ T5084] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.369290][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.378720][ T4406] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.385978][ T4406] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.398847][ T4777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.407654][ T4777] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.414888][ T4777] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.433892][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.448623][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.457041][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.472768][ T5084] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 64.483484][ T5084] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.498143][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.507625][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.517324][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.659756][ T5084] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.670485][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.678165][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.697156][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.716037][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.724914][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.736057][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.748856][ T5084] veth0_vlan: entered promiscuous mode [ 64.760011][ T5084] veth1_vlan: entered promiscuous mode [ 64.781719][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 64.791582][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.803138][ T5084] veth0_macvtap: entered promiscuous mode [ 64.814394][ T5084] veth1_macvtap: entered promiscuous mode [ 64.830560][ T5084] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.839608][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 64.848705][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 64.857406][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.866775][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.880271][ T5084] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.889563][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.898795][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.909506][ T5084] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.919363][ T5084] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.928292][ T5084] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.937193][ T5084] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.997538][ T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.012785][ T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.025075][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 65.040731][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.050486][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.060815][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2023/03/23 03:23:19 building call list... executing program [ 66.338152][ T5080] general protection fault, probably for non-canonical address 0xdffffc0000000018: 0000 [#1] PREEMPT SMP KASAN [ 66.350998][ T5080] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7] [ 66.359508][ T5080] CPU: 1 PID: 5080 Comm: syz-fuzzer Not tainted 6.3.0-rc3-next-20230323-syzkaller #0 [ 66.368974][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 66.379031][ T5080] RIP: 0010:vma_merge+0x234/0x1fd0 [ 66.384412][ T5080] Code: 08 00 0f 84 b0 03 00 00 e8 e9 54 bf ff 48 8b 44 24 08 48 8d b8 a8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 4d 18 00 00 48 8b 44 24 08 48 8b b0 a8 00 00 00 [ 66.404387][ T5080] RSP: 0018:ffffc90003d0f998 EFLAGS: 00010207 [ 66.410558][ T5080] RAX: dffffc0000000000 RBX: ffff88802974b800 RCX: 0000000000000000 [ 66.418539][ T5080] RDX: 0000000000000018 RSI: ffffffff81c37957 RDI: 00000000000000c7 [ 66.426528][ T5080] RBP: ffff888079aaa400 R08: 0000000000000006 R09: 0000000000000000 [ 66.435386][ T5080] R10: 000000c001ffffff R11: 0000000000000000 R12: 0000000000000001 [ 66.443379][ T5080] R13: 0000000000000000 R14: 000000c002000000 R15: 0000000000000000 [ 66.451438][ T5080] FS: 000000c000524890(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 66.460461][ T5080] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.467134][ T5080] CR2: 00007fe510676000 CR3: 00000000249a5000 CR4: 00000000003506e0 [ 66.475281][ T5080] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 66.483349][ T5080] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 66.491497][ T5080] Call Trace: [ 66.494792][ T5080] [ 66.497815][ T5080] ? vma_shrink+0x5c0/0x5c0 [ 66.502809][ T5080] ? print_usage_bug.part.0+0x660/0x660 [ 66.508368][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 66.514356][ T5080] ? print_usage_bug.part.0+0x660/0x660 [ 66.519911][ T5080] ? lock_downgrade+0x690/0x690 [ 66.524779][ T5080] ? trace_lock_acquire+0x12d/0x180 [ 66.530072][ T5080] madvise_update_vma+0x23f/0xd40 [ 66.535132][ T5080] ? mt_find+0x27a/0x8e0 [ 66.539376][ T5080] ? anon_vma_name_alloc+0xe0/0xe0 [ 66.544697][ T5080] madvise_vma_behavior+0x7f6/0x20e0 [ 66.550000][ T5080] ? mas_find+0x200/0x200 [ 66.554346][ T5080] ? madvise_vma_anon_name+0xf0/0xf0 [ 66.559739][ T5080] ? find_vma+0x10c/0x1b0 [ 66.564181][ T5080] ? can_vma_merge_before+0x3a0/0x3a0 [ 66.569556][ T5080] ? trace_lock_acquire+0x12d/0x180 [ 66.574867][ T5080] madvise_walk_vmas+0x1c7/0x2b0 [ 66.579907][ T5080] ? madvise_vma_anon_name+0xf0/0xf0 [ 66.585293][ T5080] ? __remove_memory+0x40/0x40 [ 66.590173][ T5080] ? down_write_killable_nested+0x250/0x250 [ 66.596340][ T5080] ? do_sigaltstack.constprop.0+0x5d9/0x800 [ 66.602258][ T5080] do_madvise.part.0+0x193/0x470 [ 66.607217][ T5080] ? madvise_pageout+0x560/0x560 [ 66.612173][ T5080] ? __do_sys_rt_sigreturn+0x1a1/0x200 [ 66.617643][ T5080] __x64_sys_madvise+0x117/0x150 [ 66.622600][ T5080] do_syscall_64+0x39/0xb0 [ 66.627047][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.633046][ T5080] RIP: 0033:0x46b557 [ 66.636949][ T5080] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14 [ 66.657364][ T5080] RSP: 002b:000000c00022de60 EFLAGS: 00000206 ORIG_RAX: 000000000000001c [ 66.665959][ T5080] RAX: ffffffffffffffda RBX: 0000000000a12000 RCX: 000000000046b557 [ 66.673969][ T5080] RDX: 000000000000000e RSI: 0000000000800000 RDI: 000000c001c00000 [ 66.681972][ T5080] RBP: 000000c00022de88 R08: 0000000000000509 R09: 000000c001b6a000 [ 66.690038][ T5080] R10: 00000000000012bd R11: 0000000000000206 R12: 0000000000000509 [ 66.698123][ T5080] R13: 0000000000000003 R14: 000000c0003f1a00 R15: 00000000010e0700 [ 66.706390][ T5080] [ 66.709412][ T5080] Modules linked in: [ 66.720309][ T5080] ---[ end trace 0000000000000000 ]--- [ 66.726001][ T5080] RIP: 0010:vma_merge+0x234/0x1fd0 [ 66.731155][ T5080] Code: 08 00 0f 84 b0 03 00 00 e8 e9 54 bf ff 48 8b 44 24 08 48 8d b8 a8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 4d 18 00 00 48 8b 44 24 08 48 8b b0 a8 00 00 00 [ 66.751455][ T5080] RSP: 0018:ffffc90003d0f998 EFLAGS: 00010207 [ 66.757954][ T5080] RAX: dffffc0000000000 RBX: ffff88802974b800 RCX: 0000000000000000 [ 66.766591][ T5080] RDX: 0000000000000018 RSI: ffffffff81c37957 RDI: 00000000000000c7 [ 66.774806][ T5080] RBP: ffff888079aaa400 R08: 0000000000000006 R09: 0000000000000000 [ 66.783213][ T5080] R10: 000000c001ffffff R11: 0000000000000000 R12: 0000000000000001 [ 66.792339][ T5080] R13: 0000000000000000 R14: 000000c002000000 R15: 0000000000000000 [ 66.800756][ T5080] FS: 000000c000524890(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 66.810099][ T5080] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.817120][ T5080] CR2: 0000564702bbb078 CR3: 00000000249a5000 CR4: 00000000003506f0 [ 66.825191][ T5080] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 66.833399][ T5080] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 66.841763][ T5080] Kernel panic - not syncing: Fatal exception [ 66.848006][ T5080] Kernel Offset: disabled [ 66.852340][ T5080] Rebooting in 86400 seconds..