[ 31.021768][ T4874] dhcpcd-run-hook (4874) used greatest stack depth: 22384 bytes left forked to background, child pid 4870 [ 33.049669][ T4871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.066534][ T4871] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.104' (ECDSA) to the list of known hosts. 2022/11/21 13:14:41 fuzzer started 2022/11/21 13:14:41 connecting to host at 10.128.0.169:41113 2022/11/21 13:14:41 checking machine... 2022/11/21 13:14:41 checking revisions... 2022/11/21 13:14:41 testing simple program... syzkaller login: [ 50.757432][ T5301] cgroup: Unknown subsys name 'net' [ 50.908435][ T5301] cgroup: Unknown subsys name 'rlimit' [ 51.120369][ T5306] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 51.128751][ T5306] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 51.136695][ T5306] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 51.144626][ T5306] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 51.152584][ T5306] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 51.159866][ T5306] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 51.278956][ T5303] chnl_net:caif_netlink_parms(): no params data found [ 51.324813][ T5303] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.332440][ T5303] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.341251][ T5303] device bridge_slave_0 entered promiscuous mode [ 51.350420][ T5303] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.357711][ T5303] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.365523][ T5303] device bridge_slave_1 entered promiscuous mode [ 51.386248][ T5303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 51.397227][ T5303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 51.420840][ T5303] team0: Port device team_slave_0 added [ 51.428124][ T5303] team0: Port device team_slave_1 added [ 51.446323][ T5303] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 51.453413][ T5303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.479856][ T5303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 51.492749][ T5303] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 51.500574][ T5303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.527171][ T5303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 51.542229][ T14] general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN [ 51.553945][ T14] KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf] [ 51.562425][ T14] CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted 6.1.0-rc5-next-20221121-syzkaller #0 [ 51.571789][ T14] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 51.581854][ T14] Workqueue: ipv6_addrconf addrconf_dad_work [ 51.587835][ T14] RIP: 0010:xfrm_policy_lookup_bytype.cold+0x1c/0x54 [ 51.595122][ T14] Code: 80 44 28 8e e8 9a 88 37 fa e9 28 e7 7b fe e8 c0 25 7a f7 49 8d bf cc 00 00 00 b8 ff ff 37 00 48 89 fa 48 c1 e0 2a 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1c 41 [ 51.614722][ T14] RSP: 0018:ffffc900001371e0 EFLAGS: 00010203 [ 51.620770][ T14] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 51.628727][ T14] RDX: 0000000000000019 RSI: ffffffff8a068150 RDI: 00000000000000cc [ 51.636692][ T14] RBP: 0000000000000000 R08: 0000000000000007 R09: fffffffffffff000 [ 51.644659][ T14] R10: 0000000000000000 R11: 0000000000000005 R12: 0000000000000000 [ 51.652629][ T14] R13: ffff888018058000 R14: ffffed100300b2ff R15: 0000000000000000 [ 51.660591][ T14] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 51.669513][ T14] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.676280][ T14] CR2: 00007f9d6dc56300 CR3: 0000000071250000 CR4: 00000000003506f0 [ 51.684685][ T14] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.692865][ T14] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.700918][ T14] Call Trace: [ 51.704187][ T14] [ 51.707120][ T14] ? mark_lock.part.0+0xee/0x1910 [ 51.712519][ T14] ? xfrm_policy_match+0x2e0/0x2e0 [ 51.718498][ T14] ? lock_chain_count+0x20/0x20 [ 51.723917][ T14] ? lock_chain_count+0x20/0x20 [ 51.728975][ T14] xfrm_lookup_with_ifid+0x39b/0x20f0 [ 51.734366][ T14] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 51.740271][ T14] ? xfrm_expand_policies+0x680/0x680 [ 51.745651][ T14] ? decode_session6+0x677/0x1880 [ 51.751293][ T14] ? bpf_lsm_xfrm_decode_session+0x9/0x10 [ 51.757045][ T14] ? security_xfrm_decode_session+0x84/0xb0 [ 51.762942][ T14] xfrmi_xmit+0x3c7/0x1b90 [ 51.767360][ T14] ? xfrmi_exit_batch_net+0x5c0/0x5c0 [ 51.772738][ T14] dev_hard_start_xmit+0x1c2/0x990 [ 51.777856][ T14] __dev_queue_xmit+0x2cdf/0x3ba0 [ 51.782883][ T14] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 51.788441][ T14] ? find_held_lock+0x2d/0x110 [ 51.793271][ T14] ? ip6_finish_output2+0x56c/0x1530 [ 51.798851][ T14] ? mark_held_locks+0x9f/0xe0 [ 51.803647][ T14] ? ___neigh_create+0x188e/0x2a20 [ 51.808772][ T14] ? neigh_connected_output+0x41e/0x520 [ 51.814326][ T14] neigh_connected_output+0x3c4/0x520 [ 51.819828][ T14] ip6_finish_output2+0x56c/0x1530 [ 51.825075][ T14] ip6_finish_output+0x694/0x1170 [ 51.830486][ T14] ip6_output+0x1f1/0x540 [ 51.835007][ T14] ndisc_send_skb+0xa63/0x1740 [ 51.840162][ T14] ? ndisc_ifinfo_sysctl_change+0x600/0x600 [ 51.846192][ T14] ? ndisc_net_init+0x220/0x220 [ 51.851242][ T14] ? skb_set_owner_w+0x26d/0x420 [ 51.856188][ T14] ndisc_send_rs+0x132/0x6f0 [ 51.860800][ T14] addrconf_dad_completed+0x37a/0xda0 [ 51.866193][ T14] ? addrconf_rs_timer+0x870/0x870 [ 51.871306][ T14] ? __local_bh_enable_ip+0xa4/0x130 [ 51.876641][ T14] addrconf_dad_work+0x820/0x12d0 [ 51.881675][ T14] ? addrconf_dad_completed+0xda0/0xda0 [ 51.887226][ T14] process_one_work+0x9bf/0x1710 [ 51.892167][ T14] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 51.897982][ T14] ? rwlock_bug.part.0+0x90/0x90 [ 51.902911][ T14] ? _raw_spin_lock_irq+0x45/0x50 [ 51.907945][ T14] worker_thread+0x669/0x1090 [ 51.912633][ T14] ? __kthread_parkme+0x163/0x220 [ 51.917669][ T14] ? process_one_work+0x1710/0x1710 [ 51.922865][ T14] kthread+0x2e8/0x3a0 [ 51.926925][ T14] ? kthread_complete_and_exit+0x40/0x40 [ 51.932555][ T14] ret_from_fork+0x1f/0x30 [ 51.936983][ T14] [ 51.939995][ T14] Modules linked in: [ 51.943943][ T14] ---[ end trace 0000000000000000 ]--- [ 51.949413][ T14] RIP: 0010:xfrm_policy_lookup_bytype.cold+0x1c/0x54 [ 51.956210][ T14] Code: 80 44 28 8e e8 9a 88 37 fa e9 28 e7 7b fe e8 c0 25 7a f7 49 8d bf cc 00 00 00 b8 ff ff 37 00 48 89 fa 48 c1 e0 2a 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1c 41 [ 51.975932][ T14] RSP: 0018:ffffc900001371e0 EFLAGS: 00010203 [ 51.982199][ T14] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 51.990183][ T14] RDX: 0000000000000019 RSI: ffffffff8a068150 RDI: 00000000000000cc [ 51.998270][ T14] RBP: 0000000000000000 R08: 0000000000000007 R09: fffffffffffff000 [ 52.006248][ T14] R10: 0000000000000000 R11: 0000000000000005 R12: 0000000000000000 [ 52.014311][ T14] R13: ffff888018058000 R14: ffffed100300b2ff R15: 0000000000000000 [ 52.022298][ T14] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 52.031348][ T14] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.039588][ T14] CR2: 00007f9d6dc56300 CR3: 0000000071250000 CR4: 00000000003506f0 [ 52.047581][ T14] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.055577][ T14] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.063945][ T14] Kernel panic - not syncing: Fatal exception in interrupt [ 52.071615][ T14] Kernel Offset: disabled [ 52.075939][ T14] Rebooting in 86400 seconds..