DUID 00:04:e7:a9:54:ba:d6:ca:b0:a9:a8:44:aa:dd:15:41:58:fb forked to background, child pid 3175 [ 27.023297][ T3176] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.037656][ T3176] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts. syzkaller login: [ 48.132811][ T3592] chnl_net:caif_netlink_parms(): no params data found [ 48.174451][ T3592] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.182072][ T3592] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.190233][ T3592] device bridge_slave_0 entered promiscuous mode [ 48.199054][ T3592] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.206433][ T3592] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.214174][ T3592] device bridge_slave_1 entered promiscuous mode [ 48.235070][ T3592] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.246628][ T3592] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.269948][ T3592] team0: Port device team_slave_0 added [ 48.277367][ T3592] team0: Port device team_slave_1 added [ 48.294674][ T3592] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.301676][ T3592] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.327592][ T3592] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.340738][ T3592] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.347736][ T3592] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.373860][ T3592] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.400188][ T3592] device hsr_slave_0 entered promiscuous mode [ 48.407450][ T3592] device hsr_slave_1 entered promiscuous mode [ 48.493233][ T3592] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 48.504890][ T3592] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 48.518444][ T3592] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 48.528552][ T3592] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 48.549984][ T3592] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.557302][ T3592] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.565110][ T3592] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.572382][ T3592] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.614383][ T3592] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.630437][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.640733][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.650300][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.658984][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 48.672657][ T3592] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.683209][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.692861][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.699984][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.716929][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.725821][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.732893][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.745645][ T920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.754184][ T920] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.771505][ T3592] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 48.783608][ T3592] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 48.795966][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.804670][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.813726][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.822589][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 48.843854][ T3592] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.851688][ T3599] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 48.859444][ T3599] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 48.969040][ T3261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.983088][ T3599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.993318][ T3599] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.001190][ T3599] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.011680][ T3592] device veth0_vlan entered promiscuous mode [ 49.022681][ T3592] device veth1_vlan entered promiscuous mode [ 49.042227][ T3261] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 49.050334][ T3261] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 49.059415][ T3261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.070046][ T3592] device veth0_macvtap entered promiscuous mode [ 49.079832][ T3592] device veth1_macvtap entered promiscuous mode [ 49.096228][ T3592] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.103707][ T3599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.113368][ T3599] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 49.125230][ T3592] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.133536][ T3599] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.142258][ T3599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.155220][ T3592] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.165137][ T3592] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 49.173917][ T3592] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.183589][ T3592] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.221477][ T3592] netlink: 28 bytes leftover after parsing attributes in process `syz-executor235'. [ 49.278855][ T3592] infiniband syz: set active [ 49.284182][ T3592] infiniband syz: added veth0_vlan [ 49.316567][ T3592] RDS/IB: syz: added [ 49.320889][ T3592] smc: adding ib device syz with port count 1 [ 49.327425][ T3592] smc: ib device syz port 1 has pnetid [ 49.379550][ T3592] general protection fault, probably for non-canonical address 0xdffffc000000000a: 0000 [#1] PREEMPT SMP KASAN [ 49.391321][ T3592] KASAN: null-ptr-deref in range [0x0000000000000050-0x0000000000000057] [ 49.399725][ T3592] CPU: 1 PID: 3592 Comm: syz-executor235 Not tainted 5.17.0-rc6-syzkaller-01979-gd82a6c5ef9dc #0 [ 49.410465][ T3592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.420516][ T3592] RIP: 0010:smc_pnet_add+0xc4b/0x17a0 [ 49.425895][ T3592] Code: 8d be 58 07 00 00 48 89 f8 48 c1 e8 03 80 3c 28 00 0f 85 40 09 00 00 4d 8b a6 58 07 00 00 49 8d 7c 24 50 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 19 09 00 00 4d 8b 74 24 50 4d 85 f6 0f 85 21 ff [ 49.445512][ T3592] RSP: 0018:ffffc9000399f540 EFLAGS: 00010206 [ 49.451567][ T3592] RAX: 000000000000000a RBX: ffff888076902800 RCX: 0000000000000000 [ 49.459520][ T3592] RDX: ffff8880226f0000 RSI: ffffffff88cadba0 RDI: 0000000000000050 [ 49.467480][ T3592] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffc9000399f47f [ 49.475444][ T3592] R10: ffffffff88cadb92 R11: 1ffffffff1eb5307 R12: 0000000000000000 [ 49.483398][ T3592] R13: ffff88807066cc18 R14: ffff88801abc4000 R15: ffff888076902810 [ 49.491356][ T3592] FS: 0000555555e61300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 49.500268][ T3592] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.506847][ T3592] CR2: 000056492c9e2ff8 CR3: 0000000018900000 CR4: 00000000003506e0 [ 49.514808][ T3592] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.522775][ T3592] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.530725][ T3592] Call Trace: [ 49.533985][ T3592] [ 49.536896][ T3592] ? smc_pnet_find_ndev_pnetid_by_table+0x400/0x400 [ 49.543471][ T3592] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 49.549696][ T3592] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 49.557052][ T3592] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 49.564346][ T3592] genl_family_rcv_msg_doit+0x228/0x320 [ 49.569877][ T3592] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 49.577315][ T3592] ? mutex_lock_io_nested+0x1150/0x1150 [ 49.582862][ T3592] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 49.589085][ T3592] ? ns_capable+0xd9/0x100 [ 49.595131][ T3592] genl_rcv_msg+0x328/0x580 [ 49.599631][ T3592] ? genl_get_cmd+0x480/0x480 [ 49.604290][ T3592] ? smc_pnet_find_ndev_pnetid_by_table+0x400/0x400 [ 49.610863][ T3592] ? lock_release+0x720/0x720 [ 49.615524][ T3592] netlink_rcv_skb+0x153/0x420 [ 49.620271][ T3592] ? genl_get_cmd+0x480/0x480 [ 49.624924][ T3592] ? netlink_ack+0xa60/0xa60 [ 49.629506][ T3592] ? netlink_deliver_tap+0x1b1/0xc40 [ 49.634796][ T3592] genl_rcv+0x24/0x40 [ 49.638883][ T3592] netlink_unicast+0x539/0x7e0 [ 49.643651][ T3592] ? netlink_attachskb+0x880/0x880 [ 49.648765][ T3592] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 49.654996][ T3592] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 49.661220][ T3592] ? __phys_addr_symbol+0x2c/0x70 [ 49.666229][ T3592] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 49.671931][ T3592] ? __check_object_size+0x16e/0x310 [ 49.677333][ T3592] netlink_sendmsg+0x904/0xe00 [ 49.682100][ T3592] ? netlink_unicast+0x7e0/0x7e0 [ 49.687037][ T3592] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 49.693287][ T3592] ? netlink_unicast+0x7e0/0x7e0 [ 49.698237][ T3592] sock_sendmsg+0xcf/0x120 [ 49.702638][ T3592] ____sys_sendmsg+0x6e8/0x810 [ 49.707383][ T3592] ? kernel_sendmsg+0x50/0x50 [ 49.712040][ T3592] ? do_recvmmsg+0x6d0/0x6d0 [ 49.716610][ T3592] ? __stack_depot_save+0x35/0x500 [ 49.721705][ T3592] ? lock_downgrade+0x6e0/0x6e0 [ 49.726539][ T3592] ___sys_sendmsg+0xf3/0x170 [ 49.731112][ T3592] ? sendmsg_copy_msghdr+0x160/0x160 [ 49.736380][ T3592] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 49.742539][ T3592] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 49.748663][ T3592] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 49.754629][ T3592] ? lockdep_hardirqs_on+0x79/0x100 [ 49.759824][ T3592] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 49.766049][ T3592] ? __fget_light+0x215/0x280 [ 49.770707][ T3592] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 49.776942][ T3592] __sys_sendmsg+0xe5/0x1b0 [ 49.781429][ T3592] ? __sys_sendmsg_sock+0x30/0x30 [ 49.786438][ T3592] ? syscall_enter_from_user_mode+0x21/0x70 [ 49.792492][ T3592] do_syscall_64+0x35/0xb0 [ 49.796898][ T3592] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 49.802774][ T3592] RIP: 0033:0x7f02fa3ae5d9 [ 49.807254][ T3592] Code: 28 c3 e8 7a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 49.826849][ T3592] RSP: 002b:00007ffd0d649788 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 49.835239][ T3592] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f02fa3ae5d9 [ 49.843194][ T3592] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005 [ 49.851144][ T3592] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 49.859090][ T3592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000555555e612c0 [ 49.867040][ T3592] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 49.874996][ T3592] [ 49.877993][ T3592] Modules linked in: [ 49.884381][ T3592] ---[ end trace 0000000000000000 ]--- [ 49.895295][ T3592] RIP: 0010:smc_pnet_add+0xc4b/0x17a0 [ 49.900823][ T3592] Code: 8d be 58 07 00 00 48 89 f8 48 c1 e8 03 80 3c 28 00 0f 85 40 09 00 00 4d 8b a6 58 07 00 00 49 8d 7c 24 50 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 19 09 00 00 4d 8b 74 24 50 4d 85 f6 0f 85 21 ff [ 49.920842][ T3592] RSP: 0018:ffffc9000399f540 EFLAGS: 00010206 [ 49.927572][ T3592] RAX: 000000000000000a RBX: ffff888076902800 RCX: 0000000000000000 [ 49.935750][ T3592] RDX: ffff8880226f0000 RSI: ffffffff88cadba0 RDI: 0000000000000050 [ 49.943740][ T3592] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffc9000399f47f [ 49.952259][ T3592] R10: ffffffff88cadb92 R11: 1ffffffff1eb5307 R12: 0000000000000000 [ 49.960563][ T3592] R13: ffff88807066cc18 R14: ffff88801abc4000 R15: ffff888076902810 [ 49.968644][ T3592] FS: 0000555555e61300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 49.977760][ T3592] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.984341][ T3592] CR2: 000056492c9f13a8 CR3: 0000000018900000 CR4: 00000000003506f0 [ 49.992357][ T3592] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 50.000664][ T3592] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 50.009016][ T3592] Kernel panic - not syncing: Fatal exception [ 50.015272][ T3592] Kernel Offset: disabled [ 50.019601][ T3592] Rebooting in 86400 seconds..