Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.135' (ECDSA) to the list of known hosts. 2021/09/03 20:55:47 fuzzer started 2021/09/03 20:55:47 connecting to host at 10.128.0.169:44697 2021/09/03 20:55:47 checking machine... 2021/09/03 20:55:47 checking revisions... 2021/09/03 20:55:47 testing simple program... syzkaller login: [ 75.422224][ T6587] chnl_net:caif_netlink_parms(): no params data found [ 75.500142][ T6587] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.508290][ T6587] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.517463][ T6587] device bridge_slave_0 entered promiscuous mode [ 75.528978][ T6587] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.536457][ T6587] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.546111][ T6587] device bridge_slave_1 entered promiscuous mode [ 75.580171][ T6587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.591592][ T6587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.628927][ T6587] team0: Port device team_slave_0 added [ 75.637122][ T6587] team0: Port device team_slave_1 added [ 75.669745][ T6587] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.677348][ T6587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.706139][ T6587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.721065][ T6587] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.729252][ T6587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.757233][ T6587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.799259][ T6587] device hsr_slave_0 entered promiscuous mode [ 75.807408][ T6587] device hsr_slave_1 entered promiscuous mode [ 75.985264][ T6587] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.998926][ T6587] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.009693][ T6587] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.026711][ T6587] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.060545][ T6587] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.068045][ T6587] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.076630][ T6587] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.084169][ T6587] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.131514][ T6587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.147797][ T6921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.159339][ T6921] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.169892][ T6921] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.178618][ T6921] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 76.193425][ T6587] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.207051][ T2975] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.216440][ T2975] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.225731][ T2975] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.238602][ T6922] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.247913][ T6922] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.255280][ T6922] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.276822][ T6922] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.285944][ T6922] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.295735][ T6922] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.308432][ T2975] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.324001][ T6587] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 76.337197][ T6587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.346187][ T6922] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.366071][ T2975] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.373674][ T2975] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.388584][ T6587] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.408587][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 76.417605][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.439308][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 76.448060][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.459871][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.469489][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.480256][ T6587] device veth0_vlan entered promiscuous mode [ 76.492948][ T6587] device veth1_vlan entered promiscuous mode [ 76.522487][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 76.531244][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 76.540044][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.549469][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.561264][ T6587] device veth0_macvtap entered promiscuous mode [ 76.571422][ T6587] device veth1_macvtap entered promiscuous mode [ 76.589092][ T6587] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.598437][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.607503][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.616770][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.626567][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready executing program [ 76.639676][ T6587] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.647567][ T2975] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.657752][ T2975] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.669595][ T6587] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.678921][ T6587] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.687862][ T6587] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.700345][ T6587] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.806601][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.823823][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.838875][ T1055] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.870267][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.879851][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.891660][ T1055] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2021/09/03 20:55:51 building call list... [ 79.390341][ T8] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 79.997132][ T6580] ================================================================== [ 80.005363][ T6580] BUG: KASAN: null-ptr-deref in fuse_conn_put+0x1d7/0x300 [ 80.012593][ T6580] Read of size 4 at addr 0000000000000000 by task syz-fuzzer/6580 [ 80.020527][ T6580] [ 80.022840][ T6580] CPU: 1 PID: 6580 Comm: syz-fuzzer Not tainted 5.14.0-next-20210903-syzkaller #0 [ 80.032168][ T6580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.042318][ T6580] Call Trace: [ 80.045662][ T6580] dump_stack_lvl+0xcd/0x134 [ 80.050267][ T6580] kasan_report.cold+0x66/0xdf [ 80.055055][ T6580] ? fuse_conn_put+0x1d7/0x300 [ 80.060099][ T6580] kasan_check_range+0x13d/0x180 [ 80.065168][ T6580] fuse_conn_put+0x1d7/0x300 [ 80.069752][ T6580] fuse_dev_free+0x155/0x1f0 [ 80.074352][ T6580] fuse_dev_release+0x2a8/0x3f0 [ 80.079196][ T6580] ? fuse_abort_conn+0xc90/0xc90 [ 80.084298][ T6580] ? cuse_channel_release+0x237/0x300 [ 80.089834][ T6580] __fput+0x288/0x9f0 [ 80.094070][ T6580] ? cuse_class_waiting_show+0xa0/0xa0 [ 80.099839][ T6580] task_work_run+0xdd/0x1a0 [ 80.104443][ T6580] exit_to_user_mode_prepare+0x27e/0x290 [ 80.110319][ T6580] syscall_exit_to_user_mode+0x19/0x60 [ 80.115883][ T6580] do_syscall_64+0x42/0xb0 [ 80.120906][ T6580] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 80.127013][ T6580] RIP: 0033:0x4af19b [ 80.130911][ T6580] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 80.150875][ T6580] RSP: 002b:000000c0000ef430 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 80.159698][ T6580] RAX: 0000000000000000 RBX: 000000c00001c000 RCX: 00000000004af19b [ 80.167797][ T6580] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 80.175993][ T6580] RBP: 000000c0000ef470 R08: 0000000000000001 R09: 0000000000000000 [ 80.184070][ T6580] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000014a [ 80.192842][ T6580] R13: 0000000000000149 R14: 0000000000000200 R15: 000000c0006d41e0 [ 80.200990][ T6580] ================================================================== [ 80.209122][ T6580] Disabling lock debugging due to kernel taint [ 80.222387][ T6580] Kernel panic - not syncing: panic_on_warn set ... [ 80.229390][ T6580] CPU: 0 PID: 6580 Comm: syz-fuzzer Tainted: G B 5.14.0-next-20210903-syzkaller #0 [ 80.240353][ T6580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.250613][ T6580] Call Trace: [ 80.254059][ T6580] dump_stack_lvl+0xcd/0x134 [ 80.258671][ T6580] panic+0x2b0/0x6dd [ 80.262574][ T6580] ? __warn_printk+0xf3/0xf3 [ 80.267339][ T6580] ? preempt_schedule_common+0x59/0xc0 [ 80.272796][ T6580] ? fuse_conn_put+0x1d7/0x300 [ 80.277635][ T6580] ? preempt_schedule_thunk+0x16/0x18 [ 80.283172][ T6580] ? trace_hardirqs_on+0x38/0x1c0 [ 80.288218][ T6580] ? trace_hardirqs_on+0x51/0x1c0 [ 80.293901][ T6580] ? fuse_conn_put+0x1d7/0x300 [ 80.298864][ T6580] ? fuse_conn_put+0x1d7/0x300 [ 80.303629][ T6580] end_report.cold+0x63/0x6f [ 80.308209][ T6580] kasan_report.cold+0x71/0xdf [ 80.312966][ T6580] ? fuse_conn_put+0x1d7/0x300 [ 80.317712][ T6580] kasan_check_range+0x13d/0x180 [ 80.322645][ T6580] fuse_conn_put+0x1d7/0x300 [ 80.327217][ T6580] fuse_dev_free+0x155/0x1f0 [ 80.331811][ T6580] fuse_dev_release+0x2a8/0x3f0 [ 80.336775][ T6580] ? fuse_abort_conn+0xc90/0xc90 [ 80.341813][ T6580] ? cuse_channel_release+0x237/0x300 [ 80.347523][ T6580] __fput+0x288/0x9f0 [ 80.351492][ T6580] ? cuse_class_waiting_show+0xa0/0xa0 [ 80.357046][ T6580] task_work_run+0xdd/0x1a0 [ 80.361737][ T6580] exit_to_user_mode_prepare+0x27e/0x290 [ 80.367536][ T6580] syscall_exit_to_user_mode+0x19/0x60 [ 80.372982][ T6580] do_syscall_64+0x42/0xb0 [ 80.377585][ T6580] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 80.383612][ T6580] RIP: 0033:0x4af19b [ 80.387601][ T6580] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 80.407479][ T6580] RSP: 002b:000000c0000ef430 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 80.416070][ T6580] RAX: 0000000000000000 RBX: 000000c00001c000 RCX: 00000000004af19b [ 80.424421][ T6580] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 80.432513][ T6580] RBP: 000000c0000ef470 R08: 0000000000000001 R09: 0000000000000000 [ 80.440493][ T6580] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000014a [ 80.448586][ T6580] R13: 0000000000000149 R14: 0000000000000200 R15: 000000c0006d41e0 [ 80.458865][ T6580] Kernel Offset: disabled [ 80.463210][ T6580] Rebooting in 86400 seconds..