Warning: Permanently added '10.128.0.226' (ECDSA) to the list of known hosts. 2021/09/03 20:55:49 fuzzer started 2021/09/03 20:55:49 connecting to host at 10.128.0.169:33311 2021/09/03 20:55:49 checking machine... 2021/09/03 20:55:49 checking revisions... 2021/09/03 20:55:49 testing simple program... syzkaller login: [ 75.840018][ T6566] chnl_net:caif_netlink_parms(): no params data found [ 75.959759][ T6566] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.968019][ T6566] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.977562][ T6566] device bridge_slave_0 entered promiscuous mode [ 75.987169][ T6566] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.995519][ T6566] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.004847][ T6566] device bridge_slave_1 entered promiscuous mode [ 76.035915][ T6566] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.047230][ T6566] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.082778][ T6566] team0: Port device team_slave_0 added [ 76.090824][ T6566] team0: Port device team_slave_1 added [ 76.121978][ T6566] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.129292][ T6566] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.157225][ T6566] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.171744][ T6566] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.180183][ T6566] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.207226][ T6566] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.244141][ T6566] device hsr_slave_0 entered promiscuous mode [ 76.251869][ T6566] device hsr_slave_1 entered promiscuous mode [ 76.381892][ T6566] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.392799][ T6566] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.405997][ T6566] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.415971][ T6566] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.443626][ T6566] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.451033][ T6566] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.459629][ T6566] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.466718][ T6566] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.514663][ T6566] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.531425][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.544855][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.555321][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.564106][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 76.577715][ T6566] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.590525][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.600513][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.607836][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.630957][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.641074][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.648307][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.657330][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.677109][ T6566] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 76.690567][ T6566] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 76.704557][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.713022][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.721640][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.730704][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.740302][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.758664][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.766220][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.780802][ T6566] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.801343][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.822634][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.832819][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.842286][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.853367][ T6566] device veth0_vlan entered promiscuous mode [ 76.866636][ T6566] device veth1_vlan entered promiscuous mode [ 76.892772][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.903958][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.916064][ T6566] device veth0_macvtap entered promiscuous mode [ 76.927634][ T6566] device veth1_macvtap entered promiscuous mode [ 76.945296][ T6566] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.953359][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.962147][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.971624][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.980701][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.993600][ T6566] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.002086][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.011374][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.023995][ T6566] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.034585][ T6566] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 77.043584][ T6566] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.052602][ T6566] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.147931][ T247] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.156601][ T247] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.169849][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.205644][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.214352][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.224173][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2021/09/03 20:55:52 building call list... [ 79.530732][ T247] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 80.445641][ T6566] syz-executor.0 (6566) used greatest stack depth: 22560 bytes left [ 80.507033][ T6556] ================================================================== [ 80.515531][ T6556] BUG: KASAN: null-ptr-deref in fuse_conn_put+0x1d7/0x300 [ 80.522820][ T6556] Read of size 4 at addr 0000000000000000 by task syz-fuzzer/6556 [ 80.530723][ T6556] [ 80.533044][ T6556] CPU: 1 PID: 6556 Comm: syz-fuzzer Not tainted 5.14.0-next-20210903-syzkaller #0 [ 80.543000][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.553572][ T6556] Call Trace: [ 80.557099][ T6556] dump_stack_lvl+0xcd/0x134 [ 80.561790][ T6556] kasan_report.cold+0x66/0xdf [ 80.566571][ T6556] ? fuse_conn_put+0x1d7/0x300 [ 80.571424][ T6556] kasan_check_range+0x13d/0x180 [ 80.576637][ T6556] fuse_conn_put+0x1d7/0x300 [ 80.581318][ T6556] fuse_dev_free+0x155/0x1f0 [ 80.586279][ T6556] fuse_dev_release+0x2a8/0x3f0 [ 80.591124][ T6556] ? fuse_abort_conn+0xc90/0xc90 [ 80.596456][ T6556] ? cuse_channel_release+0x237/0x300 [ 80.601933][ T6556] __fput+0x288/0x9f0 [ 80.606023][ T6556] ? cuse_class_waiting_show+0xa0/0xa0 [ 80.611578][ T6556] task_work_run+0xdd/0x1a0 [ 80.616217][ T6556] exit_to_user_mode_prepare+0x27e/0x290 [ 80.622727][ T6556] syscall_exit_to_user_mode+0x19/0x60 [ 80.628359][ T6556] do_syscall_64+0x42/0xb0 [ 80.633419][ T6556] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 80.639310][ T6556] RIP: 0033:0x4af19b [ 80.643658][ T6556] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 80.664146][ T6556] RSP: 002b:000000c0002f1430 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 80.672566][ T6556] RAX: 0000000000000000 RBX: 000000c00001e800 RCX: 00000000004af19b [ 80.680547][ T6556] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 80.688591][ T6556] RBP: 000000c0002f1470 R08: 0000000000000001 R09: 0000000000000000 [ 80.696907][ T6556] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000014e [ 80.704867][ T6556] R13: 000000000000014d R14: 0000000000000200 R15: 000000c000484dc0 [ 80.712838][ T6556] ================================================================== [ 80.721228][ T6556] Disabling lock debugging due to kernel taint [ 80.731010][ T6556] Kernel panic - not syncing: panic_on_warn set ... [ 80.737884][ T6556] CPU: 0 PID: 6556 Comm: syz-fuzzer Tainted: G B 5.14.0-next-20210903-syzkaller #0 [ 80.750179][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.760416][ T6556] Call Trace: [ 80.763912][ T6556] dump_stack_lvl+0xcd/0x134 [ 80.768499][ T6556] panic+0x2b0/0x6dd [ 80.772562][ T6556] ? __warn_printk+0xf3/0xf3 [ 80.777437][ T6556] ? preempt_schedule_common+0x59/0xc0 [ 80.783108][ T6556] ? fuse_conn_put+0x1d7/0x300 [ 80.788187][ T6556] ? preempt_schedule_thunk+0x16/0x18 [ 80.794096][ T6556] ? trace_hardirqs_on+0x38/0x1c0 [ 80.799282][ T6556] ? trace_hardirqs_on+0x51/0x1c0 [ 80.804848][ T6556] ? fuse_conn_put+0x1d7/0x300 [ 80.810835][ T6556] ? fuse_conn_put+0x1d7/0x300 [ 80.815686][ T6556] end_report.cold+0x63/0x6f [ 80.820442][ T6556] kasan_report.cold+0x71/0xdf [ 80.829051][ T6556] ? fuse_conn_put+0x1d7/0x300 [ 80.833920][ T6556] kasan_check_range+0x13d/0x180 [ 80.838857][ T6556] fuse_conn_put+0x1d7/0x300 [ 80.843539][ T6556] fuse_dev_free+0x155/0x1f0 [ 80.848222][ T6556] fuse_dev_release+0x2a8/0x3f0 [ 80.853313][ T6556] ? fuse_abort_conn+0xc90/0xc90 [ 80.858540][ T6556] ? cuse_channel_release+0x237/0x300 [ 80.864295][ T6556] __fput+0x288/0x9f0 [ 80.868335][ T6556] ? cuse_class_waiting_show+0xa0/0xa0 [ 80.873999][ T6556] task_work_run+0xdd/0x1a0 [ 80.878779][ T6556] exit_to_user_mode_prepare+0x27e/0x290 [ 80.884515][ T6556] syscall_exit_to_user_mode+0x19/0x60 [ 80.890237][ T6556] do_syscall_64+0x42/0xb0 [ 80.894878][ T6556] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 80.901467][ T6556] RIP: 0033:0x4af19b [ 80.905435][ T6556] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 80.925399][ T6556] RSP: 002b:000000c0002f1430 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 80.933908][ T6556] RAX: 0000000000000000 RBX: 000000c00001e800 RCX: 00000000004af19b [ 80.942401][ T6556] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 80.950703][ T6556] RBP: 000000c0002f1470 R08: 0000000000000001 R09: 0000000000000000 [ 80.958659][ T6556] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000014e [ 80.966633][ T6556] R13: 000000000000014d R14: 0000000000000200 R15: 000000c000484dc0 [ 80.975024][ T6556] Kernel Offset: disabled [ 80.979343][ T6556] Rebooting in 86400 seconds..