DUID 00:04:08:6f:95:b8:7a:da:47:d5:ae:28:d8:4d:e4:58:2e:6d forked to background, child pid 4870 [ 35.380605][ T4871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.390302][ T4871] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.191' (ECDSA) to the list of known hosts. 2022/11/22 17:53:21 fuzzer started 2022/11/22 17:53:21 connecting to host at 10.128.0.169:39941 2022/11/22 17:53:21 checking machine... 2022/11/22 17:53:21 checking revisions... 2022/11/22 17:53:21 testing simple program... syzkaller login: [ 58.404705][ T5295] cgroup: Unknown subsys name 'net' [ 58.485820][ T5295] cgroup: Unknown subsys name 'rlimit' [ 58.704817][ T5298] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 58.713961][ T5298] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 58.721862][ T5298] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 58.729937][ T5298] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 58.737674][ T5298] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 58.745503][ T5298] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 58.865883][ T5297] chnl_net:caif_netlink_parms(): no params data found [ 58.910652][ T5297] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.918782][ T5297] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.926795][ T5297] device bridge_slave_0 entered promiscuous mode [ 58.936844][ T5297] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.944263][ T5297] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.952195][ T5297] device bridge_slave_1 entered promiscuous mode [ 58.974207][ T5297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.986703][ T5297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.010423][ T5297] team0: Port device team_slave_0 added [ 59.018950][ T5297] team0: Port device team_slave_1 added [ 59.038741][ T5297] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.045874][ T5297] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.071845][ T5297] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.084336][ T5297] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.091392][ T5297] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.117403][ T5297] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.131570][ T4959] general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN [ 59.143296][ T4959] KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf] [ 59.151884][ T4959] CPU: 0 PID: 4959 Comm: kworker/0:3 Not tainted 6.1.0-rc6-next-20221122-syzkaller #0 [ 59.161425][ T4959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 59.171575][ T4959] Workqueue: ipv6_addrconf addrconf_dad_work [ 59.177561][ T4959] RIP: 0010:xfrm_policy_lookup_bytype.cold+0x1c/0x54 [ 59.184245][ T4959] Code: c0 55 28 8e e8 ec 8d 37 fa e9 6a f3 7b fe e8 32 f2 79 f7 49 8d bf cc 00 00 00 b8 ff ff 37 00 48 89 fa 48 c1 e0 2a 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1c 41 [ 59.203856][ T4959] RSP: 0018:ffffc900031bf1e0 EFLAGS: 00010203 [ 59.209970][ T4959] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 59.218032][ T4959] RDX: 0000000000000019 RSI: ffffffff8a06cc4e RDI: 00000000000000cc [ 59.226003][ T4959] RBP: 0000000000000000 R08: 0000000000000007 R09: fffffffffffff000 [ 59.234065][ T4959] R10: 0000000000000000 R11: 1ffffffff21513b1 R12: 0000000000000000 [ 59.242042][ T4959] R13: ffff888075560000 R14: ffffed100eaac2ff R15: 0000000000000000 [ 59.250014][ T4959] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 59.258954][ T4959] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.265541][ T4959] CR2: 00007f0610559300 CR3: 000000007169b000 CR4: 00000000003506f0 [ 59.273517][ T4959] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.281496][ T4959] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.289470][ T4959] Call Trace: [ 59.292759][ T4959] [ 59.295710][ T4959] ? mark_lock.part.0+0xee/0x1910 [ 59.300758][ T4959] ? xfrm_policy_match+0x2e0/0x2e0 [ 59.305981][ T4959] ? lock_chain_count+0x20/0x20 [ 59.310855][ T4959] ? lock_chain_count+0x20/0x20 [ 59.315817][ T4959] xfrm_lookup_with_ifid+0x39b/0x20f0 [ 59.321199][ T4959] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 59.327120][ T4959] ? xfrm_expand_policies+0x680/0x680 [ 59.332588][ T4959] ? decode_session6+0x677/0x1880 [ 59.337627][ T4959] ? bpf_lsm_xfrm_decode_session+0x9/0x10 [ 59.343399][ T4959] ? security_xfrm_decode_session+0x84/0xb0 [ 59.349323][ T4959] xfrmi_xmit+0x3c7/0x1b90 [ 59.353758][ T4959] ? xfrmi_exit_batch_net+0x5c0/0x5c0 [ 59.359146][ T4959] dev_hard_start_xmit+0x1c2/0x990 [ 59.364366][ T4959] __dev_queue_xmit+0x2cdf/0x3ba0 [ 59.369418][ T4959] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 59.374720][ T4959] ? find_held_lock+0x2d/0x110 [ 59.379501][ T4959] ? ip6_finish_output2+0x56c/0x1530 [ 59.385011][ T4959] ? mark_held_locks+0x9f/0xe0 [ 59.389793][ T4959] ? ___neigh_create+0x188e/0x2a20 [ 59.395014][ T4959] ? neigh_connected_output+0x41e/0x520 [ 59.400593][ T4959] neigh_connected_output+0x3c4/0x520 [ 59.406034][ T4959] ip6_finish_output2+0x56c/0x1530 [ 59.411171][ T4959] ip6_finish_output+0x694/0x1170 [ 59.416332][ T4959] ip6_output+0x1f1/0x540 [ 59.420681][ T4959] ndisc_send_skb+0xa63/0x1740 [ 59.425553][ T4959] ? ndisc_ifinfo_sysctl_change+0x600/0x600 [ 59.431558][ T4959] ? ndisc_net_init+0x220/0x220 [ 59.436447][ T4959] ? skb_set_owner_w+0x26d/0x420 [ 59.441417][ T4959] ndisc_send_rs+0x132/0x6f0 [ 59.446023][ T4959] addrconf_dad_completed+0x37a/0xda0 [ 59.451429][ T4959] ? addrconf_rs_timer+0x870/0x870 [ 59.456639][ T4959] ? __local_bh_enable_ip+0xa4/0x130 [ 59.461949][ T4959] addrconf_dad_work+0x820/0x12d0 [ 59.466990][ T4959] ? addrconf_dad_completed+0xda0/0xda0 [ 59.472558][ T4959] process_one_work+0x9bf/0x1710 [ 59.477513][ T4959] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 59.482898][ T4959] ? rwlock_bug.part.0+0x90/0x90 [ 59.487841][ T4959] ? _raw_spin_lock_irq+0x45/0x50 [ 59.492889][ T4959] worker_thread+0x669/0x1090 [ 59.497581][ T4959] ? __kthread_parkme+0x163/0x220 [ 59.502638][ T4959] ? process_one_work+0x1710/0x1710 [ 59.507846][ T4959] kthread+0x2e8/0x3a0 [ 59.511965][ T4959] ? kthread_complete_and_exit+0x40/0x40 [ 59.517626][ T4959] ret_from_fork+0x1f/0x30 [ 59.522069][ T4959] [ 59.525095][ T4959] Modules linked in: [ 59.529041][ T4959] ---[ end trace 0000000000000000 ]--- [ 59.534509][ T4959] RIP: 0010:xfrm_policy_lookup_bytype.cold+0x1c/0x54 [ 59.541277][ T4959] Code: c0 55 28 8e e8 ec 8d 37 fa e9 6a f3 7b fe e8 32 f2 79 f7 49 8d bf cc 00 00 00 b8 ff ff 37 00 48 89 fa 48 c1 e0 2a 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1c 41 [ 59.561206][ T4959] RSP: 0018:ffffc900031bf1e0 EFLAGS: 00010203 [ 59.567773][ T4959] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 59.575814][ T4959] RDX: 0000000000000019 RSI: ffffffff8a06cc4e RDI: 00000000000000cc [ 59.583803][ T4959] RBP: 0000000000000000 R08: 0000000000000007 R09: fffffffffffff000 [ 59.591845][ T4959] R10: 0000000000000000 R11: 1ffffffff21513b1 R12: 0000000000000000 [ 59.599874][ T4959] R13: ffff888075560000 R14: ffffed100eaac2ff R15: 0000000000000000 [ 59.608005][ T4959] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 59.616988][ T4959] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.623567][ T4959] CR2: 00007f0610559300 CR3: 000000007169b000 CR4: 00000000003506f0 [ 59.631573][ T4959] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.639575][ T4959] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.647699][ T4959] Kernel panic - not syncing: Fatal exception in interrupt [ 59.654984][ T4959] Kernel Offset: disabled [ 59.659305][ T4959] Rebooting in 86400 seconds..