Warning: Permanently added '10.128.0.77' (ECDSA) to the list of known hosts.
2021/12/15 17:25:53 fuzzer started
2021/12/15 17:25:53 connecting to host at 10.128.0.169:37977
2021/12/15 17:25:53 checking machine...
2021/12/15 17:25:53 checking revisions...
2021/12/15 17:25:54 testing simple program...
syzkaller login: [   52.926097][ T3605] cgroup: Unknown subsys name 'net'
[   53.072414][ T3605] cgroup: Unknown subsys name 'rlimit'
[   54.380737][ T3608] chnl_net:caif_netlink_parms(): no params data found
[   54.424874][ T3608] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.432426][ T3608] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.440754][ T3608] device bridge_slave_0 entered promiscuous mode
[   54.449813][ T3608] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.457134][ T3608] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.464832][ T3608] device bridge_slave_1 entered promiscuous mode
[   54.486099][ T3608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.497473][ T3608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.520462][ T3608] team0: Port device team_slave_0 added
[   54.528319][ T3608] team0: Port device team_slave_1 added
[   54.545394][ T3608] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.552628][ T3608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.578604][ T3608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.591140][ T3608] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.598344][ T3608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.625135][ T3608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.654682][ T3608] device hsr_slave_0 entered promiscuous mode
[   54.662294][ T3608] device hsr_slave_1 entered promiscuous mode
[   54.741413][ T3608] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   54.751955][ T3608] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   54.761409][ T3608] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   54.770109][ T3608] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   54.791147][ T3608] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.798342][ T3608] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.806219][ T3608] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.813298][ T3608] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.861861][ T3608] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.874972][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   54.886073][   T20] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.894875][   T20] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.904350][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   54.917564][ T3608] 8021q: adding VLAN 0 to HW filter on device team0
[   54.928416][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.937673][ T3619] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.944721][ T3619] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.967828][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.976447][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.983665][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.992517][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   55.001336][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   55.016559][ T3608] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   55.027312][ T3608] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   55.042432][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   55.051039][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   55.059819][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   55.068375][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   55.085934][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   55.093416][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   55.104308][ T3608] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.129473][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   55.142519][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   55.152560][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   55.161100][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   55.169459][ T3608] device veth0_vlan entered promiscuous mode
[   55.183032][ T3608] device veth1_vlan entered promiscuous mode
[   55.201769][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   55.211106][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   55.219449][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   55.230098][ T3608] device veth0_macvtap entered promiscuous mode
[   55.240429][ T3608] device veth1_macvtap entered promiscuous mode
[   55.255247][ T3608] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.264283][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   55.273803][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   55.286402][ T3608] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.293980][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   55.305432][ T3608] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.315069][ T3608] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.323937][ T3608] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.332708][ T3608] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.391774][   T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.400756][   T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.410250][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   55.430235][ T1009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.438578][ T1009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.449103][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2021/12/15 17:25:56 building call list...
[   55.681771][ T1009] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
executing program
[   57.585963][ T3602] can: request_module (can-proto-0) failed.
[   57.608834][ T3602] can: request_module (can-proto-0) failed.
[   57.629421][ T3602] can: request_module (can-proto-0) failed.
[   57.829560][ T3602] ------------[ cut here ]------------
[   57.835158][ T3602] refcount_t: decrement hit 0; leaking memory.
[   57.842089][ T3602] WARNING: CPU: 0 PID: 3602 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0
[   57.851681][ T3602] Modules linked in:
[   57.855596][ T3602] CPU: 1 PID: 3602 Comm: syz-fuzzer Not tainted 5.16.0-rc4-syzkaller #0
[   57.864508][ T3602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.874855][ T3602] RIP: 0010:refcount_warn_saturate+0xbf/0x1e0
[   57.881484][ T3602] Code: 1d b1 99 a1 09 31 ff 89 de e8 5d 3a 9c fd 84 db 75 e0 e8 74 36 9c fd 48 c7 c7 60 00 05 8a c6 05 91 99 a1 09 01 e8 cc 4b 27 05 <0f> 0b eb c4 e8 58 36 9c fd 0f b6 1d 80 99 a1 09 31 ff 89 de e8 28
[   57.901793][ T3602] RSP: 0018:ffffc9000207fab0 EFLAGS: 00010286
[   57.907971][ T3602] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   57.916214][ T3602] RDX: ffff888021b18000 RSI: ffffffff815f1e28 RDI: fffff5200040ff48
[   57.924195][ T3602] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
[   57.932314][ T3602] R10: ffffffff815ebbce R11: 0000000000000000 R12: 1ffff9200040ff5b
[   57.940331][ T3602] R13: 00000000ffffffef R14: ffffffff8d2fcd94 R15: ffffc9000207fd10
[   57.948356][ T3602] FS:  000000c0002e4490(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[   57.957531][ T3602] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   57.964213][ T3602] CR2: 00007fdbb303a300 CR3: 000000007848d000 CR4: 00000000003506e0
[   57.972433][ T3602] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   57.980505][ T3602] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   57.988628][ T3602] Call Trace:
[   57.991919][ T3602]  <TASK>
[   57.994856][ T3602]  ref_tracker_free+0x4fe/0x610
[   57.999786][ T3602]  ? ref_tracker_dir_exit+0x330/0x330
[   58.005293][ T3602]  ? bpf_sk_storage_free+0x333/0x3e0
[   58.010652][ T3602]  ? lock_downgrade+0x6e0/0x6e0
[   58.015514][ T3602]  ? kfree+0x1e1/0x560
[   58.020345][ T3602]  __sk_destruct+0x4a6/0x920
[   58.024954][ T3602]  sk_destruct+0xbd/0xe0
[   58.029282][ T3602]  __sk_free+0xef/0x3d0
[   58.033451][ T3602]  sk_free+0x78/0xa0
[   58.037399][ T3602]  __mptcp_close_ssk+0x435/0x590
[   58.042412][ T3602]  __mptcp_destroy_sock+0x35f/0x830
[   58.047779][ T3602]  ? __mptcp_close_ssk+0x590/0x590
[   58.052905][ T3602]  ? __local_bh_enable_ip+0xa0/0x120
[   58.058275][ T3602]  mptcp_close+0x5f8/0x7f0
[   58.062855][ T3602]  inet_release+0x12e/0x280
[   58.067524][ T3602]  inet6_release+0x4c/0x70
[   58.071956][ T3602]  __sock_release+0xcd/0x280
[   58.076734][ T3602]  sock_close+0x18/0x20
[   58.080906][ T3602]  __fput+0x286/0x9f0
[   58.084880][ T3602]  ? __sock_release+0x280/0x280
[   58.089810][ T3602]  task_work_run+0xdd/0x1a0
[   58.094332][ T3602]  exit_to_user_mode_prepare+0x27e/0x290
[   58.100065][ T3602]  syscall_exit_to_user_mode+0x19/0x60
[   58.106131][ T3602]  do_syscall_64+0x42/0xb0
[   58.110575][ T3602]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   58.116581][ T3602] RIP: 0033:0x4b12db
[   58.120479][ T3602] Code: fb ff eb bd e8 46 96 fb ff e9 61 ff ff ff cc e8 fb 61 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[   58.140454][ T3602] RSP: 002b:000000c00048f4f0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[   58.150434][ T3602] RAX: 0000000000000000 RBX: 000000c00001c000 RCX: 00000000004b12db
[   58.158661][ T3602] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[   58.166821][ T3602] RBP: 000000c00048f530 R08: 0000000000f0ae01 R09: 00007ffe759e1080
[   58.174782][ T3602] R10: 00007ffe759e1090 R11: 0000000000000206 R12: 000000000000000a
[   58.182844][ T3602] R13: 0000000000000000 R14: ffffffffffffffff R15: 000000c0000126e0
[   58.193386][ T3602]  </TASK>
[   58.196643][ T3602] Kernel panic - not syncing: panic_on_warn set ...
[   58.203230][ T3602] CPU: 1 PID: 3602 Comm: syz-fuzzer Not tainted 5.16.0-rc4-syzkaller #0
[   58.211715][ T3602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.221761][ T3602] Call Trace:
[   58.225027][ T3602]  <TASK>
[   58.227946][ T3602]  dump_stack_lvl+0xcd/0x134
[   58.232534][ T3602]  panic+0x2b0/0x6dd
[   58.236417][ T3602]  ? __warn_printk+0xf3/0xf3
[   58.241122][ T3602]  ? __warn.cold+0x1a/0x44
[   58.246228][ T3602]  ? refcount_warn_saturate+0xbf/0x1e0
[   58.251685][ T3602]  __warn.cold+0x35/0x44
[   58.255914][ T3602]  ? wake_up_klogd.part.0+0x8e/0xd0
[   58.261100][ T3602]  ? refcount_warn_saturate+0xbf/0x1e0
[   58.266546][ T3602]  report_bug+0x1bd/0x210
[   58.270864][ T3602]  handle_bug+0x3c/0x60
[   58.275004][ T3602]  exc_invalid_op+0x14/0x40
[   58.279538][ T3602]  asm_exc_invalid_op+0x12/0x20
[   58.286663][ T3602] RIP: 0010:refcount_warn_saturate+0xbf/0x1e0
[   58.295661][ T3602] Code: 1d b1 99 a1 09 31 ff 89 de e8 5d 3a 9c fd 84 db 75 e0 e8 74 36 9c fd 48 c7 c7 60 00 05 8a c6 05 91 99 a1 09 01 e8 cc 4b 27 05 <0f> 0b eb c4 e8 58 36 9c fd 0f b6 1d 80 99 a1 09 31 ff 89 de e8 28
[   58.315278][ T3602] RSP: 0018:ffffc9000207fab0 EFLAGS: 00010286
[   58.321677][ T3602] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   58.329715][ T3602] RDX: ffff888021b18000 RSI: ffffffff815f1e28 RDI: fffff5200040ff48
[   58.337848][ T3602] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
[   58.351017][ T3602] R10: ffffffff815ebbce R11: 0000000000000000 R12: 1ffff9200040ff5b
[   58.359057][ T3602] R13: 00000000ffffffef R14: ffffffff8d2fcd94 R15: ffffc9000207fd10
[   58.367024][ T3602]  ? wake_up_klogd.part.0+0x8e/0xd0
[   58.372226][ T3602]  ? vprintk+0x88/0x90
[   58.376294][ T3602]  ref_tracker_free+0x4fe/0x610
[   58.381152][ T3602]  ? ref_tracker_dir_exit+0x330/0x330
[   58.386521][ T3602]  ? bpf_sk_storage_free+0x333/0x3e0
[   58.391802][ T3602]  ? lock_downgrade+0x6e0/0x6e0
[   58.396641][ T3602]  ? kfree+0x1e1/0x560
[   58.400708][ T3602]  __sk_destruct+0x4a6/0x920
[   58.405289][ T3602]  sk_destruct+0xbd/0xe0
[   58.410039][ T3602]  __sk_free+0xef/0x3d0
[   58.414192][ T3602]  sk_free+0x78/0xa0
[   58.418080][ T3602]  __mptcp_close_ssk+0x435/0x590
[   58.423012][ T3602]  __mptcp_destroy_sock+0x35f/0x830
[   58.428198][ T3602]  ? __mptcp_close_ssk+0x590/0x590
[   58.433409][ T3602]  ? __local_bh_enable_ip+0xa0/0x120
[   58.438790][ T3602]  mptcp_close+0x5f8/0x7f0
[   58.443214][ T3602]  inet_release+0x12e/0x280
[   58.447719][ T3602]  inet6_release+0x4c/0x70
[   58.452138][ T3602]  __sock_release+0xcd/0x280
[   58.456756][ T3602]  sock_close+0x18/0x20
[   58.461048][ T3602]  __fput+0x286/0x9f0
[   58.465029][ T3602]  ? __sock_release+0x280/0x280
[   58.469966][ T3602]  task_work_run+0xdd/0x1a0
[   58.474466][ T3602]  exit_to_user_mode_prepare+0x27e/0x290
[   58.480109][ T3602]  syscall_exit_to_user_mode+0x19/0x60
[   58.485556][ T3602]  do_syscall_64+0x42/0xb0
[   58.490216][ T3602]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   58.496124][ T3602] RIP: 0033:0x4b12db
[   58.500015][ T3602] Code: fb ff eb bd e8 46 96 fb ff e9 61 ff ff ff cc e8 fb 61 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[   58.519692][ T3602] RSP: 002b:000000c00048f4f0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[   58.528104][ T3602] RAX: 0000000000000000 RBX: 000000c00001c000 RCX: 00000000004b12db
[   58.536059][ T3602] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[   58.544015][ T3602] RBP: 000000c00048f530 R08: 0000000000f0ae01 R09: 00007ffe759e1080
[   58.552033][ T3602] R10: 00007ffe759e1090 R11: 0000000000000206 R12: 000000000000000a
[   58.559989][ T3602] R13: 0000000000000000 R14: ffffffffffffffff R15: 000000c0000126e0
[   58.568003][ T3602]  </TASK>
[   58.571408][ T3602] Kernel Offset: disabled
[   58.575829][ T3602] Rebooting in 86400 seconds..