[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.36' (ECDSA) to the list of known hosts. 2021/09/03 20:55:55 fuzzer started 2021/09/03 20:55:55 connecting to host at 10.128.0.169:37623 2021/09/03 20:55:55 checking machine... 2021/09/03 20:55:55 checking revisions... 2021/09/03 20:55:55 testing simple program... syzkaller login: [ 77.797948][ T6546] chnl_net:caif_netlink_parms(): no params data found [ 77.880726][ T6546] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.888343][ T6546] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.898077][ T6546] device bridge_slave_0 entered promiscuous mode [ 77.908363][ T6546] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.916152][ T6546] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.924392][ T6546] device bridge_slave_1 entered promiscuous mode [ 77.956104][ T6546] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.968216][ T6546] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.005495][ T6546] team0: Port device team_slave_0 added [ 78.014000][ T6546] team0: Port device team_slave_1 added [ 78.042900][ T6546] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.049914][ T6546] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.078029][ T6546] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.093314][ T6546] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.100659][ T6546] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.127297][ T6546] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.165900][ T6546] device hsr_slave_0 entered promiscuous mode [ 78.174635][ T6546] device hsr_slave_1 entered promiscuous mode [ 78.302231][ T6546] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.317499][ T6546] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.331028][ T6546] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.341341][ T6546] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.370601][ T6546] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.377927][ T6546] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.386204][ T6546] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.393903][ T6546] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.440112][ T6546] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.455608][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.468344][ T1051] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.479154][ T1051] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.488608][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 78.504063][ T6546] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.518151][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.529314][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.536591][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.549680][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.558384][ T1051] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.566061][ T1051] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.585076][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.595155][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.608224][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.620864][ T6878] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.633351][ T6878] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.646253][ T6546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.670575][ T6546] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.680895][ T6878] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.688616][ T6878] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.715989][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.730518][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.739755][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.749146][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.760297][ T6546] device veth0_vlan entered promiscuous mode [ 78.776872][ T6546] device veth1_vlan entered promiscuous mode [ 78.785355][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 78.811035][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 78.820552][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.838391][ T6546] device veth0_macvtap entered promiscuous mode [ 78.848603][ T6546] device veth1_macvtap entered promiscuous mode [ 78.865916][ T6546] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.874767][ T6878] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 78.884081][ T6878] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 78.894676][ T6878] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.905084][ T6878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.918358][ T6546] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.926670][ T6878] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.935773][ T6878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.948988][ T6546] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.959453][ T6546] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 78.968218][ T6546] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.977154][ T6546] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.076778][ T1093] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.102585][ T1093] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.111942][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.149134][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.157677][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.169100][ T2951] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2021/09/03 20:55:59 building call list... [ 81.599219][ T8] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 82.388302][ T6540] ================================================================== [ 82.396834][ T6540] BUG: KASAN: null-ptr-deref in fuse_conn_put+0x1d7/0x300 [ 82.404244][ T6540] Read of size 4 at addr 0000000000000000 by task syz-fuzzer/6540 [ 82.412490][ T6540] [ 82.414903][ T6540] CPU: 0 PID: 6540 Comm: syz-fuzzer Not tainted 5.14.0-next-20210903-syzkaller #0 [ 82.424520][ T6540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.435132][ T6540] Call Trace: [ 82.438403][ T6540] dump_stack_lvl+0xcd/0x134 [ 82.443010][ T6540] kasan_report.cold+0x66/0xdf [ 82.448014][ T6540] ? fuse_conn_put+0x1d7/0x300 [ 82.452878][ T6540] kasan_check_range+0x13d/0x180 [ 82.457989][ T6540] fuse_conn_put+0x1d7/0x300 [ 82.462788][ T6540] fuse_dev_free+0x155/0x1f0 [ 82.467405][ T6540] fuse_dev_release+0x2a8/0x3f0 [ 82.472391][ T6540] ? fuse_abort_conn+0xc90/0xc90 [ 82.477543][ T6540] ? cuse_channel_release+0x237/0x300 [ 82.482940][ T6540] __fput+0x288/0x9f0 [ 82.487051][ T6540] ? cuse_class_waiting_show+0xa0/0xa0 [ 82.492683][ T6540] task_work_run+0xdd/0x1a0 [ 82.497605][ T6540] exit_to_user_mode_prepare+0x27e/0x290 [ 82.504012][ T6540] syscall_exit_to_user_mode+0x19/0x60 [ 82.509648][ T6540] do_syscall_64+0x42/0xb0 [ 82.514054][ T6540] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 82.520153][ T6540] RIP: 0033:0x4af19b [ 82.524596][ T6540] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 82.545076][ T6540] RSP: 002b:000000c0000ef430 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 82.554743][ T6540] RAX: 0000000000000000 RBX: 000000c00001c000 RCX: 00000000004af19b [ 82.563152][ T6540] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 82.571534][ T6540] RBP: 000000c0000ef470 R08: 0000000000000001 R09: 0000000000000000 [ 82.580189][ T6540] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000009 [ 82.588475][ T6540] R13: 0000000000000008 R14: 0000000000000200 R15: 000000c0003fe000 [ 82.596637][ T6540] ================================================================== [ 82.605011][ T6540] Disabling lock debugging due to kernel taint [ 82.621663][ T6540] Kernel panic - not syncing: panic_on_warn set ... [ 82.628270][ T6540] CPU: 0 PID: 6540 Comm: syz-fuzzer Tainted: G B 5.14.0-next-20210903-syzkaller #0 [ 82.639121][ T6540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.649197][ T6540] Call Trace: [ 82.652559][ T6540] dump_stack_lvl+0xcd/0x134 [ 82.657171][ T6540] panic+0x2b0/0x6dd [ 82.661236][ T6540] ? __warn_printk+0xf3/0xf3 [ 82.665845][ T6540] ? preempt_schedule_common+0x59/0xc0 [ 82.671309][ T6540] ? fuse_conn_put+0x1d7/0x300 [ 82.676154][ T6540] ? preempt_schedule_thunk+0x16/0x18 [ 82.681610][ T6540] ? trace_hardirqs_on+0x38/0x1c0 [ 82.686895][ T6540] ? trace_hardirqs_on+0x51/0x1c0 [ 82.691916][ T6540] ? fuse_conn_put+0x1d7/0x300 [ 82.696787][ T6540] ? fuse_conn_put+0x1d7/0x300 [ 82.701547][ T6540] end_report.cold+0x63/0x6f [ 82.706135][ T6540] kasan_report.cold+0x71/0xdf [ 82.710897][ T6540] ? fuse_conn_put+0x1d7/0x300 [ 82.715657][ T6540] kasan_check_range+0x13d/0x180 [ 82.720600][ T6540] fuse_conn_put+0x1d7/0x300 [ 82.725553][ T6540] fuse_dev_free+0x155/0x1f0 [ 82.730234][ T6540] fuse_dev_release+0x2a8/0x3f0 [ 82.735541][ T6540] ? fuse_abort_conn+0xc90/0xc90 [ 82.740567][ T6540] ? cuse_channel_release+0x237/0x300 [ 82.746022][ T6540] __fput+0x288/0x9f0 [ 82.750179][ T6540] ? cuse_class_waiting_show+0xa0/0xa0 [ 82.755635][ T6540] task_work_run+0xdd/0x1a0 [ 82.760581][ T6540] exit_to_user_mode_prepare+0x27e/0x290 [ 82.766216][ T6540] syscall_exit_to_user_mode+0x19/0x60 [ 82.771759][ T6540] do_syscall_64+0x42/0xb0 [ 82.776216][ T6540] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 82.782121][ T6540] RIP: 0033:0x4af19b [ 82.786015][ T6540] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 82.806048][ T6540] RSP: 002b:000000c0000ef430 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 82.814599][ T6540] RAX: 0000000000000000 RBX: 000000c00001c000 RCX: 00000000004af19b [ 82.822928][ T6540] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 82.831437][ T6540] RBP: 000000c0000ef470 R08: 0000000000000001 R09: 0000000000000000 [ 82.840016][ T6540] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000009 [ 82.848091][ T6540] R13: 0000000000000008 R14: 0000000000000200 R15: 000000c0003fe000 [ 82.858092][ T6540] Kernel Offset: disabled [ 82.862624][ T6540] Rebooting in 86400 seconds..