DUID 00:04:c2:14:a9:3f:3d:94:29:63:70:45:79:7c:3d:d2:41:a3
forked to background, child pid 3174
[   27.602987][ T3175] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.614139][ T3175] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.122' (ECDSA) to the list of known hosts.
syzkaller login: [   48.961500][ T3591] chnl_net:caif_netlink_parms(): no params data found
[   49.002663][ T3591] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.010348][ T3591] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.018342][ T3591] device bridge_slave_0 entered promiscuous mode
[   49.028371][ T3591] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.035568][ T3591] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.043224][ T3591] device bridge_slave_1 entered promiscuous mode
[   49.064089][ T3591] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   49.075059][ T3591] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   49.099003][ T3591] team0: Port device team_slave_0 added
[   49.107068][ T3591] team0: Port device team_slave_1 added
[   49.123400][ T3591] batman_adv: batadv0: Adding interface: batadv_slave_0
[   49.131228][ T3591] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   49.157553][ T3591] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   49.170217][ T3591] batman_adv: batadv0: Adding interface: batadv_slave_1
[   49.177645][ T3591] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   49.203732][ T3591] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   49.230518][ T3591] device hsr_slave_0 entered promiscuous mode
[   49.237675][ T3591] device hsr_slave_1 entered promiscuous mode
[   49.322109][ T3591] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   49.332703][ T3591] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   49.342295][ T3591] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   49.351080][ T3591] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   49.372827][ T3591] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.380135][ T3591] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.388148][ T3591] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.395214][ T3591] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.441802][ T3591] 8021q: adding VLAN 0 to HW filter on device bond0
[   49.454521][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.464861][ T3315] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.474284][ T3315] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.483158][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   49.497790][ T3591] 8021q: adding VLAN 0 to HW filter on device team0
[   49.510021][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   49.518577][ T3315] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.525680][ T3315] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.537272][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   49.546522][    T6] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.553592][    T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.577384][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   49.586451][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   49.594806][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   49.605693][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   49.614109][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   49.626466][ T3591] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   49.642655][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   49.650558][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   49.662208][ T3591] 8021q: adding VLAN 0 to HW filter on device batadv0
[   49.768775][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   49.787695][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   49.796093][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   49.803691][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   49.814128][ T3591] device veth0_vlan entered promiscuous mode
[   49.824995][ T3591] device veth1_vlan entered promiscuous mode
[   49.843365][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   49.851592][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   49.860362][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   49.872035][ T3591] device veth0_macvtap entered promiscuous mode
[   49.881212][ T3591] device veth1_macvtap entered promiscuous mode
[   49.898169][ T3591] batman_adv: batadv0: Interface activated: batadv_slave_0
[   49.905672][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   49.914998][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   49.926750][ T3591] batman_adv: batadv0: Interface activated: batadv_slave_1
[   49.935816][ T3315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   49.945073][ T3591] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   49.954306][ T3591] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.964043][ T3591] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   49.973073][ T3591] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   50.245651][    C1] general protection fault, probably for non-canonical address 0xdffffc00000000cd: 0000 [#1] PREEMPT SMP KASAN
[   50.257387][    C1] KASAN: null-ptr-deref in range [0x0000000000000668-0x000000000000066f]
[   50.265884][    C1] CPU: 1 PID: 3597 Comm: kworker/1:4 Not tainted 5.18.0-rc1-syzkaller-00450-g9386ebccfc59 #0
[   50.276037][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.286090][    C1] Workqueue: ipv6_addrconf addrconf_dad_work
[   50.292090][    C1] RIP: 0010:ip6_rcv_core+0x12e8/0x1dd0
[   50.297554][    C1] Code: c1 ea 03 80 3c 02 00 0f 85 39 09 00 00 4c 89 f2 49 8b 85 b0 02 00 00 48 c1 ea 03 65 48 ff 40 68 48 b8 00 00 00 00 00 fc ff df <0f> b6 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 f6
[   50.317157][    C1] RSP: 0018:ffffc900001e0c58 EFLAGS: 00010203
[   50.323228][    C1] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000100
[   50.331211][    C1] RDX: 00000000000000cd RSI: 0000000000000101 RDI: 0000000000000000
[   50.339195][    C1] RBP: ffff88801987d3c0 R08: 0000000000000001 R09: ffff88801987d49f
[   50.347160][    C1] R10: ffffffff87fa0cee R11: 0000000000000000 R12: 0000000000000000
[   50.355134][    C1] R13: ffff88801e888000 R14: 000000000000066c R15: 0000000000000001
[   50.363112][    C1] FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[   50.372046][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   50.378634][    C1] CR2: 00007f09eeb8cc68 CR3: 000000000ba8e000 CR4: 00000000003506e0
[   50.386635][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   50.394603][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   50.402568][    C1] Call Trace:
[   50.405835][    C1]  <IRQ>
[   50.408676][    C1]  ipv6_rcv+0x75/0x3b0
[   50.412762][    C1]  ? ip6_rcv_core+0x1dd0/0x1dd0
[   50.417617][    C1]  __netif_receive_skb_one_core+0x114/0x180
[   50.423515][    C1]  ? __netif_receive_skb_core+0x3a10/0x3a10
[   50.429406][    C1]  ? mark_held_locks+0x9f/0xe0
[   50.434170][    C1]  ? rwlock_bug.part.0+0x90/0x90
[   50.439114][    C1]  __netif_receive_skb+0x24/0x1b0
[   50.444139][    C1]  process_backlog+0x3a0/0x7c0
[   50.448903][    C1]  ? mark_held_locks+0x9f/0xe0
[   50.453665][    C1]  __napi_poll+0xb3/0x6e0
[   50.457997][    C1]  net_rx_action+0x8ec/0xc60
[   50.462588][    C1]  ? napi_threaded_poll+0x520/0x520
[   50.467790][    C1]  __do_softirq+0x29b/0x9c2
[   50.472297][    C1]  do_softirq.part.0+0xde/0x130
[   50.477153][    C1]  </IRQ>
[   50.480078][    C1]  <TASK>
[   50.482997][    C1]  ? ip6_finish_output2+0x58e/0x1500
[   50.488288][    C1]  __local_bh_enable_ip+0x102/0x120
[   50.493487][    C1]  ip6_finish_output2+0x5bc/0x1500
[   50.498606][    C1]  __ip6_finish_output+0x61e/0xe90
[   50.503719][    C1]  ip6_finish_output+0x32/0x280
[   50.508570][    C1]  ip6_output+0x1e4/0x530
[   50.512914][    C1]  ndisc_send_skb+0xa92/0x17f0
[   50.517692][    C1]  ? ndisc_ifinfo_sysctl_change+0x5f0/0x5f0
[   50.523592][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   50.529842][    C1]  ? __x64_sys_recvfrom+0xe3/0x1b0
[   50.534961][    C1]  ? ndisc_net_init+0x220/0x220
[   50.539815][    C1]  ? memcpy+0x39/0x60
[   50.543798][    C1]  ? find_held_lock+0x2d/0x110
[   50.548562][    C1]  ndisc_send_ns+0xa6/0x120
[   50.553065][    C1]  ? pndisc_redo+0x20/0x20
[   50.557480][    C1]  ? __local_bh_enable_ip+0xa0/0x120
[   50.562781][    C1]  addrconf_dad_work+0xc3f/0x1340
[   50.567822][    C1]  ? do_raw_spin_lock+0x120/0x2a0
[   50.572871][    C1]  ? addrconf_dad_completed+0xd30/0xd30
[   50.578424][    C1]  process_one_work+0x996/0x1610
[   50.583369][    C1]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   50.588741][    C1]  ? rwlock_bug.part.0+0x90/0x90
[   50.593677][    C1]  ? _raw_spin_lock_irq+0x41/0x50
[   50.598703][    C1]  worker_thread+0x665/0x1080
[   50.603383][    C1]  ? __kthread_parkme+0x15f/0x220
[   50.608410][    C1]  ? process_one_work+0x1610/0x1610
[   50.613605][    C1]  kthread+0x2e9/0x3a0
[   50.617663][    C1]  ? kthread_complete_and_exit+0x40/0x40
[   50.623290][    C1]  ret_from_fork+0x1f/0x30
[   50.627710][    C1]  </TASK>
[   50.630715][    C1] Modules linked in:
[   50.634697][    C1] ---[ end trace 0000000000000000 ]---
[   50.640270][    C1] RIP: 0010:ip6_rcv_core+0x12e8/0x1dd0
[   50.645773][    C1] Code: c1 ea 03 80 3c 02 00 0f 85 39 09 00 00 4c 89 f2 49 8b 85 b0 02 00 00 48 c1 ea 03 65 48 ff 40 68 48 b8 00 00 00 00 00 fc ff df <0f> b6 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 f6
[   50.665413][    C1] RSP: 0018:ffffc900001e0c58 EFLAGS: 00010203
[   50.671494][    C1] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000100
[   50.679485][    C1] RDX: 00000000000000cd RSI: 0000000000000101 RDI: 0000000000000000
[   50.687481][    C1] RBP: ffff88801987d3c0 R08: 0000000000000001 R09: ffff88801987d49f
[   50.695478][    C1] R10: ffffffff87fa0cee R11: 0000000000000000 R12: 0000000000000000
[   50.703450][    C1] R13: ffff88801e888000 R14: 000000000000066c R15: 0000000000000001
[   50.711440][    C1] FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[   50.720397][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   50.726997][    C1] CR2: 00007f09eeb8cc68 CR3: 000000000ba8e000 CR4: 00000000003506e0
[   50.734981][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   50.743107][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   50.751100][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[   50.758463][    C1] Kernel Offset: disabled
[   50.762782][    C1] Rebooting in 86400 seconds..