DUID 00:04:e3:a1:4c:5b:a4:47:39:93:9a:5d:f6:69:14:97:a9:57 forked to background, child pid 3172 [ 21.001866][ T3173] 8021q: adding VLAN 0 to HW filter on device bond0 [ 21.014106][ T3173] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 53.028069][ T3587] general protection fault, probably for non-canonical address 0xdffffc0000000058: 0000 [#1] PREEMPT SMP KASAN [ 53.039830][ T3587] KASAN: null-ptr-deref in range [0x00000000000002c0-0x00000000000002c7] [ 53.048240][ T3587] CPU: 0 PID: 3587 Comm: syz-executor394 Tainted: G W 5.17.0-next-20220321-syzkaller #0 [ 53.059236][ T3587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.069282][ T3587] RIP: 0010:br_mst_info_size+0x97/0x270 [ 53.074821][ T3587] Code: 00 00 31 c0 e8 ba 10 53 f9 31 c0 b9 40 00 00 00 4c 8d 6c 24 30 4c 89 ef f3 48 ab 48 8d 83 c0 02 00 00 48 89 04 24 48 c1 e8 03 <80> 3c 28 00 0f 85 ae 01 00 00 48 8b 83 c0 02 00 00 41 bf 04 00 00 [ 53.094409][ T3587] RSP: 0018:ffffc9000395f0a8 EFLAGS: 00010202 [ 53.100462][ T3587] RAX: 0000000000000058 RBX: 0000000000000000 RCX: 0000000000000000 [ 53.108433][ T3587] RDX: ffff88802432d7c0 RSI: ffffffff88259876 RDI: ffffc9000395f2d8 [ 53.116391][ T3587] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff8db68957 [ 53.124345][ T3587] R10: ffffffff881f737b R11: 0000000000000000 R12: 0000000000000000 [ 53.132310][ T3587] R13: ffffc9000395f0d8 R14: 0000000000000328 R15: 00000000ffffffff [ 53.140294][ T3587] FS: 0000555555d2b300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 53.149233][ T3587] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.155819][ T3587] CR2: 0000000020000980 CR3: 000000007b6b2000 CR4: 00000000003506f0 [ 53.163780][ T3587] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 53.171747][ T3587] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 53.179708][ T3587] Call Trace: [ 53.182976][ T3587] [ 53.185897][ T3587] ? br_mst_set_enabled+0x450/0x450 [ 53.191126][ T3587] ? rcu_read_lock_sched_held+0xd/0x70 [ 53.196576][ T3587] ? lock_acquire+0x442/0x510 [ 53.201247][ T3587] ? deref_stack_reg+0xee/0x150 [ 53.206089][ T3587] ? br_fill_linkxstats+0xb40/0xb40 [ 53.211283][ T3587] br_get_link_af_size_filtered+0x6e9/0xc00 [ 53.217177][ T3587] ? br_fill_linkxstats+0xb40/0xb40 [ 53.222727][ T3587] ? lock_acquire+0x442/0x510 [ 53.227396][ T3587] ? lock_release+0x720/0x720 [ 53.232064][ T3587] ? if6_seq_start+0x440/0x440 [ 53.236818][ T3587] ? br_fill_linkxstats+0xb40/0xb40 [ 53.242014][ T3587] if_nlmsg_size+0x40c/0xa50 [ 53.246599][ T3587] rtnl_calcit.isra.0+0x25f/0x460 [ 53.251633][ T3587] ? rtnl_bridge_getlink+0x880/0x880 [ 53.256908][ T3587] ? lock_acquire+0x442/0x510 [ 53.261590][ T3587] ? stack_trace_save+0x8c/0xc0 [ 53.266434][ T3587] ? __stack_depot_save+0x35/0x500 [ 53.271550][ T3587] rtnetlink_rcv_msg+0xa65/0xb80 [ 53.276480][ T3587] ? rtnl_fill_ifinfo+0x40e0/0x40e0 [ 53.281670][ T3587] ? rtnl_fdb_dump+0x9a0/0x9a0 [ 53.286426][ T3587] ? ___sys_sendmsg+0xf3/0x170 [ 53.291173][ T3587] ? __sys_sendmsg+0xe5/0x1b0 [ 53.295843][ T3587] ? do_syscall_64+0x35/0x80 [ 53.300418][ T3587] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 53.306482][ T3587] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 53.312375][ T3587] ? rcu_read_lock_sched_held+0xd/0x70 [ 53.317824][ T3587] ? lock_acquire+0x442/0x510 [ 53.322491][ T3587] netlink_rcv_skb+0x153/0x420 [ 53.327253][ T3587] ? rtnl_fdb_dump+0x9a0/0x9a0 [ 53.332011][ T3587] ? netlink_ack+0xa80/0xa80 [ 53.336596][ T3587] ? netlink_deliver_tap+0x1a2/0xc40 [ 53.341897][ T3587] ? netlink_deliver_tap+0x1b1/0xc40 [ 53.347179][ T3587] netlink_unicast+0x543/0x7f0 [ 53.351936][ T3587] ? netlink_attachskb+0x880/0x880 [ 53.357044][ T3587] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 53.363278][ T3587] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 53.369519][ T3587] ? __phys_addr_symbol+0x2c/0x70 [ 53.374540][ T3587] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 53.380252][ T3587] ? __check_object_size+0x16c/0x4f0 [ 53.385526][ T3587] netlink_sendmsg+0x904/0xe00 [ 53.390379][ T3587] ? netlink_unicast+0x7f0/0x7f0 [ 53.395400][ T3587] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 53.401633][ T3587] ? netlink_unicast+0x7f0/0x7f0 [ 53.406562][ T3587] sock_sendmsg+0xcf/0x120 [ 53.410974][ T3587] ____sys_sendmsg+0x6e8/0x810 [ 53.415734][ T3587] ? kernel_sendmsg+0x50/0x50 [ 53.420405][ T3587] ? do_recvmmsg+0x6d0/0x6d0 [ 53.424993][ T3587] ? rcu_read_lock_sched_held+0xd/0x70 [ 53.430443][ T3587] ? lock_release+0x522/0x720 [ 53.435112][ T3587] ? folio_add_lru+0x353/0x6a0 [ 53.439869][ T3587] ? lock_downgrade+0x6e0/0x6e0 [ 53.444714][ T3587] ___sys_sendmsg+0xf3/0x170 [ 53.449292][ T3587] ? sendmsg_copy_msghdr+0x160/0x160 [ 53.454565][ T3587] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 53.460805][ T3587] ? do_raw_spin_unlock+0x171/0x230 [ 53.465998][ T3587] ? _raw_spin_unlock+0x24/0x40 [ 53.470842][ T3587] ? __handle_mm_fault+0x625/0x4150 [ 53.476156][ T3587] ? vm_iomap_memory+0x190/0x190 [ 53.481111][ T3587] ? lock_release+0x720/0x720 [ 53.485972][ T3587] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 53.492212][ T3587] ? __fget_light+0x215/0x280 [ 53.496890][ T3587] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 53.503155][ T3587] __sys_sendmsg+0xe5/0x1b0 [ 53.507653][ T3587] ? __sys_sendmsg_sock+0x30/0x30 [ 53.512679][ T3587] ? syscall_enter_from_user_mode+0x21/0x70 [ 53.518569][ T3587] ? trace_hardirqs_on+0x5b/0x1c0 [ 53.523597][ T3587] do_syscall_64+0x35/0x80 [ 53.528000][ T3587] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 53.533891][ T3587] RIP: 0033:0x7fdb30ad1059 [ 53.538301][ T3587] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 53.557895][ T3587] RSP: 002b:00007ffc6e780eb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.566293][ T3587] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdb30ad1059 [ 53.574248][ T3587] RDX: 0000000000000000 RSI: 0000000020001a80 RDI: 0000000000000003 [ 53.582206][ T3587] RBP: 00007fdb30a95040 R08: 0000000000000000 R09: 0000000000000000 [ 53.590160][ T3587] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdb30a950d0 [ 53.598113][ T3587] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 53.606080][ T3587] [ 53.609102][ T3587] Modules linked in: [ 53.613137][ T3587] ---[ end trace 0000000000000000 ]--- [ 53.618623][ T3587] RIP: 0010:br_mst_info_size+0x97/0x270 [ 53.624227][ T3587] Code: 00 00 31 c0 e8 ba 10 53 f9 31 c0 b9 40 00 00 00 4c 8d 6c 24 30 4c 89 ef f3 48 ab 48 8d 83 c0 02 00 00 48 89 04 24 48 c1 e8 03 <80> 3c 28 00 0f 85 ae 01 00 00 48 8b 83 c0 02 00 00 41 bf 04 00 00 [ 53.643960][ T3587] RSP: 0018:ffffc9000395f0a8 EFLAGS: 00010202 [ 53.650029][ T3587] RAX: 0000000000000058 RBX: 0000000000000000 RCX: 0000000000000000 [ 53.658061][ T3587] RDX: ffff88802432d7c0 RSI: ffffffff88259876 RDI: ffffc9000395f2d8 [ 53.666039][ T3587] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff8db68957 [ 53.674071][ T3587] R10: ffffffff881f737b R11: 0000000000000000 R12: 0000000000000000 [ 53.682131][ T3587] R13: ffffc9000395f0d8 R14: 0000000000000328 R15: 00000000ffffffff [ 53.690224][ T3587] FS: 0000555555d2b300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 53.699198][ T3587] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.705797][ T3587] CR2: 0000000020000980 CR3: 000000007b6b2000 CR4: 00000000003506f0 [ 53.713812][ T3587] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 53.721849][ T3587] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 53.729841][ T3587] Kernel panic - not syncing: Fatal exception [ 53.736075][ T3587] Kernel Offset: disabled [ 53.740390][ T3587] Rebooting in 86400 seconds..