forked to background, child pid 4867 no interfaces have a carrier [ 52.252900][ T4868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.295908][ T4868] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.62' (ECDSA) to the list of known hosts. 2022/11/23 06:26:01 fuzzer started 2022/11/23 06:26:01 connecting to host at 10.128.0.169:39515 2022/11/23 06:26:01 checking machine... 2022/11/23 06:26:01 checking revisions... 2022/11/23 06:26:02 testing simple program... syzkaller login: [ 77.607600][ T5292] cgroup: Unknown subsys name 'net' [ 77.717009][ T5292] cgroup: Unknown subsys name 'rlimit' [ 78.019999][ T5296] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.028735][ T5296] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.036586][ T5296] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.045710][ T5296] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.054167][ T5296] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 78.061775][ T5296] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.225529][ T5295] chnl_net:caif_netlink_parms(): no params data found [ 78.284138][ T5295] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.291912][ T5295] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.300450][ T5295] device bridge_slave_0 entered promiscuous mode [ 78.310974][ T5295] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.318330][ T5295] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.326334][ T5295] device bridge_slave_1 entered promiscuous mode [ 78.353249][ T5295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.365455][ T5295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.393572][ T5295] team0: Port device team_slave_0 added [ 78.401626][ T5295] team0: Port device team_slave_1 added [ 78.425433][ T5295] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.432616][ T5295] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.458606][ T5295] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.472009][ T5295] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.479095][ T5295] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.505060][ T5295] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.521883][ T153] general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN [ 78.533631][ T153] KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf] [ 78.542050][ T153] CPU: 0 PID: 153 Comm: kworker/0:2 Not tainted 6.1.0-rc6-next-20221122-syzkaller #0 [ 78.551536][ T153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 78.561605][ T153] Workqueue: ipv6_addrconf addrconf_dad_work [ 78.568056][ T153] RIP: 0010:xfrm_policy_lookup_bytype.cold+0x1c/0x54 [ 78.574856][ T153] Code: 40 a4 26 8e e8 cb 96 37 fa e9 49 fc 7b fe e8 d1 1a 7e f7 49 8d bf cc 00 00 00 b8 ff ff 37 00 48 89 fa 48 c1 e0 2a 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1c 41 [ 78.594479][ T153] RSP: 0018:ffffc90002daf1e0 EFLAGS: 00010203 [ 78.600567][ T153] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 78.608632][ T153] RDX: 0000000000000019 RSI: ffffffff8a02a3af RDI: 00000000000000cc [ 78.616608][ T153] RBP: 0000000000000000 R08: 0000000000000007 R09: fffffffffffff000 [ 78.624587][ T153] R10: 0000000000000000 R11: 1ffffffff21631f6 R12: 0000000000000000 [ 78.632679][ T153] R13: ffff8880288d8000 R14: ffffed100511b2ff R15: 0000000000000000 [ 78.640660][ T153] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 78.649600][ T153] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.656189][ T153] CR2: 00007f62311c6300 CR3: 0000000070e7f000 CR4: 00000000003506f0 [ 78.664168][ T153] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.672162][ T153] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 78.680157][ T153] Call Trace: [ 78.683456][ T153] [ 78.686409][ T153] ? mark_lock.part.0+0xee/0x1910 [ 78.691477][ T153] ? xfrm_policy_match+0x2e0/0x2e0 [ 78.696608][ T153] ? lock_chain_count+0x20/0x20 [ 78.701529][ T153] ? lock_chain_count+0x20/0x20 [ 78.706416][ T153] xfrm_lookup_with_ifid+0x39b/0x20f0 [ 78.711808][ T153] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 78.717741][ T153] ? xfrm_expand_policies+0x680/0x680 [ 78.723219][ T153] ? decode_session6+0x677/0x1880 [ 78.728263][ T153] ? bpf_lsm_xfrm_decode_session+0x9/0x10 [ 78.734013][ T153] ? security_xfrm_decode_session+0x84/0xb0 [ 78.739934][ T153] xfrmi_xmit+0x3c7/0x1b90 [ 78.744371][ T153] ? xfrmi_exit_batch_net+0x5c0/0x5c0 [ 78.749771][ T153] dev_hard_start_xmit+0x1c2/0x990 [ 78.755447][ T153] __dev_queue_xmit+0x2cdf/0x3ba0 [ 78.760511][ T153] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 78.765827][ T153] ? find_held_lock+0x2d/0x110 [ 78.770625][ T153] ? ip6_finish_output2+0x56c/0x1530 [ 78.775945][ T153] ? mark_held_locks+0x9f/0xe0 [ 78.780760][ T153] ? ___neigh_create+0x188e/0x2a20 [ 78.785894][ T153] ? neigh_connected_output+0x41e/0x520 [ 78.791721][ T153] neigh_connected_output+0x3c4/0x520 [ 78.797116][ T153] ip6_finish_output2+0x56c/0x1530 [ 78.802262][ T153] ip6_finish_output+0x694/0x1170 [ 78.807321][ T153] ip6_output+0x1f1/0x540 [ 78.811686][ T153] ndisc_send_skb+0xa63/0x1740 [ 78.816647][ T153] ? ndisc_ifinfo_sysctl_change+0x600/0x600 [ 78.822566][ T153] ? ndisc_net_init+0x220/0x220 [ 78.827448][ T153] ? skb_set_owner_w+0x26d/0x420 [ 78.832410][ T153] ndisc_send_rs+0x132/0x6f0 [ 78.837115][ T153] addrconf_dad_completed+0x37a/0xda0 [ 78.842510][ T153] ? addrconf_rs_timer+0x870/0x870 [ 78.847645][ T153] ? __local_bh_enable_ip+0xa4/0x130 [ 78.852967][ T153] addrconf_dad_work+0x820/0x12d0 [ 78.858014][ T153] ? addrconf_dad_completed+0xda0/0xda0 [ 78.863587][ T153] process_one_work+0x9bf/0x1710 [ 78.868556][ T153] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 78.873951][ T153] ? rwlock_bug.part.0+0x90/0x90 [ 78.878904][ T153] ? _raw_spin_lock_irq+0x45/0x50 [ 78.884224][ T153] worker_thread+0x669/0x1090 [ 78.888925][ T153] ? __kthread_parkme+0x163/0x220 [ 78.893992][ T153] ? process_one_work+0x1710/0x1710 [ 78.899211][ T153] kthread+0x2e8/0x3a0 [ 78.903296][ T153] ? kthread_complete_and_exit+0x40/0x40 [ 78.908948][ T153] ret_from_fork+0x1f/0x30 [ 78.913398][ T153] [ 78.916438][ T153] Modules linked in: [ 78.920391][ T153] ---[ end trace 0000000000000000 ]--- [ 78.925876][ T153] RIP: 0010:xfrm_policy_lookup_bytype.cold+0x1c/0x54 [ 78.932748][ T153] Code: 40 a4 26 8e e8 cb 96 37 fa e9 49 fc 7b fe e8 d1 1a 7e f7 49 8d bf cc 00 00 00 b8 ff ff 37 00 48 89 fa 48 c1 e0 2a 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1c 41 [ 78.952543][ T153] RSP: 0018:ffffc90002daf1e0 EFLAGS: 00010203 [ 78.958656][ T153] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 78.966635][ T153] RDX: 0000000000000019 RSI: ffffffff8a02a3af RDI: 00000000000000cc [ 78.974653][ T153] RBP: 0000000000000000 R08: 0000000000000007 R09: fffffffffffff000 [ 78.982770][ T153] R10: 0000000000000000 R11: 1ffffffff21631f6 R12: 0000000000000000 [ 78.990836][ T153] R13: ffff8880288d8000 R14: ffffed100511b2ff R15: 0000000000000000 [ 78.998860][ T153] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 79.007896][ T153] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.014523][ T153] CR2: 00007f62311c6300 CR3: 0000000070e7f000 CR4: 00000000003506f0 [ 79.022551][ T153] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.030570][ T153] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.038585][ T153] Kernel panic - not syncing: Fatal exception in interrupt [ 79.045867][ T153] Kernel Offset: disabled [ 79.050204][ T153] Rebooting in 86400 seconds..