./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1384534634 <...> Warning: Permanently added '10.128.0.242' (ECDSA) to the list of known hosts. execve("./syz-executor1384534634", ["./syz-executor1384534634"], 0x7ffde2b08220 /* 10 vars */) = 0 brk(NULL) = 0x555556670000 brk(0x555556670c40) = 0x555556670c40 arch_prctl(ARCH_SET_FS, 0x555556670300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1384534634", 4096) = 28 brk(0x555556691c40) = 0x555556691c40 brk(0x555556692000) = 0x555556692000 mprotect(0x7f5f3a34b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3612 attached , child_tidptr=0x5555566705d0) = 3612 [pid 3612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3612] setpgid(0, 0) = 0 [pid 3612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "1000", 4) = 4 [pid 3612] close(3) = 0 [pid 3612] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 3612] ioctl(-1, TIOCMIWAIT, 0) = -1 EBADF (Bad file descriptor) [pid 3612] socket(AF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 [pid 3612] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3612] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3612] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 6 [pid 3612] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 3612] getsockname(6, {sa_family=AF_NETLINK, nl_pid=3612, nl_groups=00000000}, [20 => 12]) = 0 [pid 3612] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x20\x00\xfe\x61\x22\x33\xca\x00\x08\x00\x1c\x0e\x00\x00\x23\x77\xf2\x9e\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x34\xe7\x30", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 syzkaller login: [ 38.070199][ T3612] netlink: 'syz-executor138': attribute type 1 has an invalid length. [ 38.094874][ T3612] device bond1 entered promiscuous mode [ 38.105867][ T3612] 8021q: adding VLAN 0 to HW filter on device bond1 [ 38.126675][ T3612] bond1: (slave gre1): The slave device specified does not support setting the MAC address [pid 3612] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x58\x00\x00\x00\x10\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x28\x00\x12\x80\x08\x00\x01\x00\x67\x72\x65\x00\x1c\x00\x02\x80\x08\x00\x06\x00\xff\xff\xff\xff\x05\x00\x09\x00\x08\x00\x00\x00\x08\x00\x05\x00\x08\x00\x00\x00\x08\x00\x0a\x00\x1c\x0e\x00\x00\x08\x00\x1b\x00\x00\x80\x00\x00", iov_len=88}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL|MSG_ZEROCOPY) = 88 [pid 3612] bind(3, {sa_family=AF_PACKET, sll_protocol=htons(0 /* ETH_P_??? */), sll_ifindex=if_nametoindex("bond1"), sll_hatype=ARPHRD_ETHER, sll_pkttype=PACKET_HOST, sll_halen=6, sll_addr=[0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xbb]}, 20) = 0 [pid 3612] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 0 [pid 3612] exit_group(0) = ? [pid 3612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3612, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566705d0) = 3626 ./strace-static-x86_64: Process 3626 attached [pid 3626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3626] setpgid(0, 0) = 0 [pid 3626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3626] write(3, "1000", 4) = 4 [pid 3626] close(3) = 0 [pid 3626] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 3626] ioctl(-1, TIOCMIWAIT, 0) = -1 EBADF (Bad file descriptor) [pid 3626] socket(AF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 [pid 3626] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3626] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3626] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 6 [pid 3626] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 3626] getsockname(6, {sa_family=AF_NETLINK, nl_pid=3626, nl_groups=00000000}, [20 => 12]) = 0 [ 38.185330][ T3612] bond1: (slave gre1): Setting fail_over_mac to active for active-backup mode [ 38.197275][ T3612] bond1: (slave gre1): making interface the new active one [ 38.205547][ T3612] device gre1 entered promiscuous mode [ 38.212208][ T3612] bond1: (slave gre1): Enslaving as an active interface with an up link [ 38.226743][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [pid 3626] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x20\x00\xfe\x61\x22\x33\xca\x00\x08\x00\x2a\x0e\x00\x00\x23\x77\xf2\x9e\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x34\xe7\x30", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 [pid 3626] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x58\x00\x00\x00\x10\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x28\x00\x12\x80\x08\x00\x01\x00\x67\x72\x65\x00\x1c\x00\x02\x80\x08\x00\x06\x00\xff\xff\xff\xff\x05\x00\x09\x00\x08\x00\x00\x00\x08\x00\x05\x00\x08\x00\x00\x00\x08\x00\x0a\x00\x2a\x0e\x00\x00\x08\x00\x1b\x00\x00\x80\x00\x00", iov_len=88}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL|MSG_ZEROCOPY) = 88 [pid 3626] bind(3, {sa_family=AF_PACKET, sll_protocol=htons(0 /* ETH_P_??? */), sll_ifindex=if_nametoindex("bond2"), sll_hatype=ARPHRD_ETHER, sll_pkttype=PACKET_HOST, sll_halen=6, sll_addr=[0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xbb]}, 20) = 0 [pid 3626] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EINVAL (Invalid argument) [pid 3626] exit_group(0) = ? [pid 3626] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3626, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566705d0) = 3629 ./strace-static-x86_64: Process 3629 attached [pid 3629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3629] setpgid(0, 0) = 0 [pid 3629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3629] write(3, "1000", 4) = 4 [pid 3629] close(3) = 0 [pid 3629] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 3629] ioctl(-1, TIOCMIWAIT, 0) = -1 EBADF (Bad file descriptor) [pid 3629] socket(AF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 [pid 3629] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3629] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3629] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 6 [pid 3629] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 3629] getsockname(6, {sa_family=AF_NETLINK, nl_pid=3629, nl_groups=00000000}, [20 => 12]) = 0 [ 38.260308][ T3626] netlink: 'syz-executor138': attribute type 1 has an invalid length. [ 38.281176][ T3626] device bond2 entered promiscuous mode [ 38.292275][ T3626] 8021q: adding VLAN 0 to HW filter on device bond2 [pid 3629] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x20\x00\xfe\x61\x22\x33\xca\x00\x08\x00\x2d\x0e\x00\x00\x23\x77\xf2\x9e\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x34\xe7\x30", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 [pid 3629] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x58\x00\x00\x00\x10\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x28\x00\x12\x80\x08\x00\x01\x00\x67\x72\x65\x00\x1c\x00\x02\x80\x08\x00\x06\x00\xff\xff\xff\xff\x05\x00\x09\x00\x08\x00\x00\x00\x08\x00\x05\x00\x08\x00\x00\x00\x08\x00\x0a\x00\x2d\x0e\x00\x00\x08\x00\x1b\x00\x00\x80\x00\x00", iov_len=88}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL|MSG_ZEROCOPY) = 88 [pid 3629] bind(3, {sa_family=AF_PACKET, sll_protocol=htons(0 /* ETH_P_??? */), sll_ifindex=if_nametoindex("bond3"), sll_hatype=ARPHRD_ETHER, sll_pkttype=PACKET_HOST, sll_halen=6, sll_addr=[0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xbb]}, 20) = 0 [pid 3629] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EINVAL (Invalid argument) [pid 3629] exit_group(0) = ? [pid 3629] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3629, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566705d0) = 3632 ./strace-static-x86_64: Process 3632 attached [pid 3632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3632] setpgid(0, 0) = 0 [pid 3632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3632] write(3, "1000", 4) = 4 [pid 3632] close(3) = 0 [pid 3632] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 3632] ioctl(-1, TIOCMIWAIT, 0) = -1 EBADF (Bad file descriptor) [pid 3632] socket(AF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 [pid 3632] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3632] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3632] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 6 [pid 3632] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 3632] getsockname(6, {sa_family=AF_NETLINK, nl_pid=3632, nl_groups=00000000}, [20 => 12]) = 0 [ 38.337036][ T3629] netlink: 'syz-executor138': attribute type 1 has an invalid length. [ 38.360893][ T3629] device bond3 entered promiscuous mode [ 38.372148][ T3629] 8021q: adding VLAN 0 to HW filter on device bond3 [ 38.411721][ T3632] netlink: 'syz-executor138': attribute type 1 has an invalid length. [pid 3632] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x20\x00\xfe\x61\x22\x33\xca\x00\x08\x00\x30\x0e\x00\x00\x23\x77\xf2\x9e\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x34\xe7\x30", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 [pid 3632] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x58\x00\x00\x00\x10\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x28\x00\x12\x80\x08\x00\x01\x00\x67\x72\x65\x00\x1c\x00\x02\x80\x08\x00\x06\x00\xff\xff\xff\xff\x05\x00\x09\x00\x08\x00\x00\x00\x08\x00\x05\x00\x08\x00\x00\x00\x08\x00\x0a\x00\x30\x0e\x00\x00\x08\x00\x1b\x00\x00\x80\x00\x00", iov_len=88}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL|MSG_ZEROCOPY) = 88 [pid 3632] bind(3, {sa_family=AF_PACKET, sll_protocol=htons(0 /* ETH_P_??? */), sll_ifindex=if_nametoindex("bond4"), sll_hatype=ARPHRD_ETHER, sll_pkttype=PACKET_HOST, sll_halen=6, sll_addr=[0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xbb]}, 20) = 0 [pid 3632] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EINVAL (Invalid argument) [pid 3632] exit_group(0) = ? [pid 3632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3632, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566705d0) = 3638 ./strace-static-x86_64: Process 3638 attached [pid 3638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3638] setpgid(0, 0) = 0 [pid 3638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3638] write(3, "1000", 4) = 4 [pid 3638] close(3) = 0 [pid 3638] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 3638] ioctl(-1, TIOCMIWAIT, 0) = -1 EBADF (Bad file descriptor) [pid 3638] socket(AF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 [pid 3638] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3638] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3638] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 6 [pid 3638] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 3638] getsockname(6, {sa_family=AF_NETLINK, nl_pid=3638, nl_groups=00000000}, [20 => 12]) = 0 [ 38.478616][ T3632] device bond4 entered promiscuous mode [ 38.501840][ T3632] 8021q: adding VLAN 0 to HW filter on device bond4 [ 38.524289][ T3638] netlink: 'syz-executor138': attribute type 1 has an invalid length. [pid 3638] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x20\x00\xfe\x61\x22\x33\xca\x00\x08\x00\x36\x0e\x00\x00\x23\x77\xf2\x9e\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x34\xe7\x30", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 [pid 3638] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x58\x00\x00\x00\x10\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x28\x00\x12\x80\x08\x00\x01\x00\x67\x72\x65\x00\x1c\x00\x02\x80\x08\x00\x06\x00\xff\xff\xff\xff\x05\x00\x09\x00\x08\x00\x00\x00\x08\x00\x05\x00\x08\x00\x00\x00\x08\x00\x0a\x00\x36\x0e\x00\x00\x08\x00\x1b\x00\x00\x80\x00\x00", iov_len=88}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL|MSG_ZEROCOPY) = 88 [pid 3638] bind(3, {sa_family=AF_PACKET, sll_protocol=htons(0 /* ETH_P_??? */), sll_ifindex=if_nametoindex("bond5"), sll_hatype=ARPHRD_ETHER, sll_pkttype=PACKET_HOST, sll_halen=6, sll_addr=[0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xbb]}, 20) = 0 [pid 3638] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EINVAL (Invalid argument) [pid 3638] exit_group(0) = ? [pid 3638] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3638, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566705d0) = 3645 ./strace-static-x86_64: Process 3645 attached [pid 3645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3645] setpgid(0, 0) = 0 [pid 3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3645] write(3, "1000", 4) = 4 [pid 3645] close(3) = 0 [pid 3645] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 3645] ioctl(-1, TIOCMIWAIT, 0) = -1 EBADF (Bad file descriptor) [pid 3645] socket(AF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 [pid 3645] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3645] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3645] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 6 [pid 3645] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 3645] getsockname(6, {sa_family=AF_NETLINK, nl_pid=3645, nl_groups=00000000}, [20 => 12]) = 0 [ 38.585800][ T3638] device bond5 entered promiscuous mode [ 38.608755][ T3638] 8021q: adding VLAN 0 to HW filter on device bond5 [ 38.633623][ T3645] netlink: 'syz-executor138': attribute type 1 has an invalid length. [pid 3645] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x20\x00\xfe\x61\x22\x33\xca\x00\x08\x00\x3d\x0e\x00\x00\x23\x77\xf2\x9e\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x34\xe7\x30", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 [pid 3645] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x58\x00\x00\x00\x10\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x28\x00\x12\x80\x08\x00\x01\x00\x67\x72\x65\x00\x1c\x00\x02\x80\x08\x00\x06\x00\xff\xff\xff\xff\x05\x00\x09\x00\x08\x00\x00\x00\x08\x00\x05\x00\x08\x00\x00\x00\x08\x00\x0a\x00\x3d\x0e\x00\x00\x08\x00\x1b\x00\x00\x80\x00\x00", iov_len=88}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL|MSG_ZEROCOPY) = 88 [pid 3645] bind(3, {sa_family=AF_PACKET, sll_protocol=htons(0 /* ETH_P_??? */), sll_ifindex=if_nametoindex("bond6"), sll_hatype=ARPHRD_ETHER, sll_pkttype=PACKET_HOST, sll_halen=6, sll_addr=[0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xbb]}, 20) = 0 [pid 3645] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EINVAL (Invalid argument) [pid 3645] exit_group(0) = ? [pid 3645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3645, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566705d0) = 3650 ./strace-static-x86_64: Process 3650 attached [pid 3650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3650] setpgid(0, 0) = 0 [pid 3650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3650] write(3, "1000", 4) = 4 [pid 3650] close(3) = 0 [pid 3650] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 3650] ioctl(-1, TIOCMIWAIT, 0) = -1 EBADF (Bad file descriptor) [pid 3650] socket(AF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 [pid 3650] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3650] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3650] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 6 [pid 3650] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 3650] getsockname(6, {sa_family=AF_NETLINK, nl_pid=3650, nl_groups=00000000}, [20 => 12]) = 0 [ 38.680125][ T3645] device bond6 entered promiscuous mode [ 38.697647][ T3645] 8021q: adding VLAN 0 to HW filter on device bond6 [ 38.727131][ T3650] netlink: 'syz-executor138': attribute type 1 has an invalid length. [pid 3650] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x20\x00\xfe\x61\x22\x33\xca\x00\x08\x00\x42\x0e\x00\x00\x23\x77\xf2\x9e\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x34\xe7\x30", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 [pid 3650] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x58\x00\x00\x00\x10\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x28\x00\x12\x80\x08\x00\x01\x00\x67\x72\x65\x00\x1c\x00\x02\x80\x08\x00\x06\x00\xff\xff\xff\xff\x05\x00\x09\x00\x08\x00\x00\x00\x08\x00\x05\x00\x08\x00\x00\x00\x08\x00\x0a\x00\x42\x0e\x00\x00\x08\x00\x1b\x00\x00\x80\x00\x00", iov_len=88}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL|MSG_ZEROCOPY) = 88 [pid 3650] bind(3, {sa_family=AF_PACKET, sll_protocol=htons(0 /* ETH_P_??? */), sll_ifindex=if_nametoindex("bond7"), sll_hatype=ARPHRD_ETHER, sll_pkttype=PACKET_HOST, sll_halen=6, sll_addr=[0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xbb]}, 20) = 0 [pid 3650] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EINVAL (Invalid argument) [pid 3650] exit_group(0) = ? [pid 3650] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3650, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566705d0) = 3657 ./strace-static-x86_64: Process 3657 attached [pid 3657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3657] setpgid(0, 0) = 0 [pid 3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3657] write(3, "1000", 4) = 4 [pid 3657] close(3) = 0 [pid 3657] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 3657] ioctl(-1, TIOCMIWAIT, 0) = -1 EBADF (Bad file descriptor) [pid 3657] socket(AF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 [pid 3657] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3657] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3657] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 6 [pid 3657] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 3657] getsockname(6, {sa_family=AF_NETLINK, nl_pid=3657, nl_groups=00000000}, [20 => 12]) = 0 [ 38.779529][ T3650] device bond7 entered promiscuous mode [ 38.805027][ T3650] 8021q: adding VLAN 0 to HW filter on device bond7 [ 38.846673][ T3657] netlink: 'syz-executor138': attribute type 1 has an invalid length. [ 38.901226][ T3657] device bond8 entered promiscuous mode [pid 3657] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x20\x00\xfe\x61\x22\x33\xca\x00\x08\x00\x49\x0e\x00\x00\x23\x77\xf2\x9e\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x34\xe7\x30", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 [ 38.941768][ T3657] 8021q: adding VLAN 0 to HW filter on device bond8 [ 38.949212][ T3184] skbuff: skb_under_panic: text:ffffffff87f983b7 len:23 put:19 head:ffff888146198400 data:ffff8881461983ff tail:0x16 end:0xc0 dev:bond1 [ 38.963869][ T3184] ------------[ cut here ]------------ [ 38.969332][ T3184] kernel BUG at net/core/skbuff.c:116! [ 38.974841][ T3184] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 38.980915][ T3184] CPU: 1 PID: 3184 Comm: dhcpcd Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0 [ 38.990445][ T3184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 39.000496][ T3184] RIP: 0010:skb_panic+0x16c/0x16e [ 39.005544][ T3184] Code: f8 4c 8b 4c 24 10 8b 4b 70 41 56 45 89 e8 4c 89 e2 41 57 48 89 ee 48 c7 c7 c0 b5 f3 8a ff 74 24 10 ff 74 24 20 e8 5b ef c0 ff <0f> 0b e8 f2 79 02 f8 4c 8b 64 24 18 e8 e8 c7 4e f8 48 c7 c1 a0 c2 [ 39.025154][ T3184] RSP: 0018:ffffc900031ff728 EFLAGS: 00010282 [ 39.031208][ T3184] RAX: 0000000000000085 RBX: ffff88801ca16500 RCX: 0000000000000000 [ 39.039163][ T3184] RDX: ffff888026175880 RSI: ffffffff8161f148 RDI: fffff5200063fed7 [ 39.047117][ T3184] RBP: ffffffff8af3c2a0 R08: 0000000000000085 R09: 0000000000000000 [ 39.055093][ T3184] R10: 0000000000000201 R11: 0000000000000000 R12: ffffffff87f983b7 [ 39.063238][ T3184] R13: 0000000000000013 R14: ffff888017138000 R15: 00000000000000c0 [ 39.071220][ T3184] FS: 00007fed4d50e740(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 39.080138][ T3184] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.086707][ T3184] CR2: 00007f75ff5b9a70 CR3: 000000001c833000 CR4: 0000000000350ee0 [ 39.094668][ T3184] Call Trace: [ 39.097940][ T3184] [ 39.100862][ T3184] ? ipgre_xmit+0x900/0x900 [ 39.105364][ T3184] ? ipgre_header+0x67/0x3c0 [ 39.109975][ T3184] skb_push.cold+0x24/0x24 [ 39.114479][ T3184] ipgre_header+0x67/0x3c0 [ 39.118917][ T3184] ? ipgre_xmit+0x900/0x900 [ 39.123685][ T3184] lapbeth_data_transmit+0x29f/0x350 [ 39.128959][ T3184] ? lapbeth_data_indication+0x4a0/0x4a0 [ 39.134596][ T3184] lapb_data_transmit+0x8f/0xc0 [ 39.139437][ T3184] lapb_transmit_buffer+0x183/0x390 [ 39.144971][ T3184] lapb_send_control+0x1c7/0x370 [ 39.149903][ T3184] lapb_establish_data_link+0xe7/0x110 [ 39.155357][ T3184] lapb_device_event+0x395/0x560 [ 39.160312][ T3184] notifier_call_chain+0xb5/0x200 [ 39.165326][ T3184] call_netdevice_notifiers_info+0xb5/0x130 [ 39.171209][ T3184] __dev_notify_flags+0x110/0x2b0 [ 39.176581][ T3184] ? dev_change_name+0x820/0x820 [ 39.181509][ T3184] ? dev_set_allmulti+0x30/0x30 [ 39.186354][ T3184] ? full_name_hash+0x11d/0x170 [ 39.191247][ T3184] dev_change_flags+0x112/0x170 [ 39.196295][ T3184] devinet_ioctl+0x1601/0x1ce0 [ 39.201056][ T3184] ? inet_ifa_byprefix+0x2a0/0x2a0 [ 39.206160][ T3184] ? _copy_from_user+0xf9/0x170 [ 39.211003][ T3184] inet_ioctl+0x1e6/0x320 [ 39.215325][ T3184] ? ipip_gro_complete+0x100/0x100 [ 39.220436][ T3184] ? lock_downgrade+0x6e0/0x6e0 [ 39.226426][ T3184] ? tomoyo_path_number_perm+0x24e/0x590 [ 39.232086][ T3184] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 39.237884][ T3184] sock_do_ioctl+0xcc/0x230 [ 39.242378][ T3184] ? get_user_ifreq+0x250/0x250 [ 39.247216][ T3184] ? vfs_fileattr_set+0xbe0/0xbe0 [ 39.252250][ T3184] sock_ioctl+0x2f1/0x640 [ 39.256593][ T3184] ? br_ioctl_call+0xa0/0xa0 [ 39.261349][ T3184] ? lock_downgrade+0x6e0/0x6e0 [ 39.266625][ T3184] ? fd_install+0x1f9/0x640 [ 39.271128][ T3184] ? bpf_lsm_file_ioctl+0x5/0x10 [ 39.276072][ T3184] ? br_ioctl_call+0xa0/0xa0 [ 39.280946][ T3184] __x64_sys_ioctl+0x193/0x200 [ 39.285717][ T3184] do_syscall_64+0x35/0xb0 [ 39.290149][ T3184] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 39.296208][ T3184] RIP: 0033:0x7fed4d5fc0e7 [ 39.300608][ T3184] Code: 3c 1c e8 1c ff ff ff 85 c0 79 87 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 61 9d 0c 00 f7 d8 64 89 01 48 [ 39.320199][ T3184] RSP: 002b:00007ffffc8fc788 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 39.328599][ T3184] RAX: ffffffffffffffda RBX: 00007fed4d50e6c8 RCX: 00007fed4d5fc0e7 [ 39.336641][ T3184] RDX: 00007ffffc90c978 RSI: 0000000000008914 RDI: 0000000000000018 [ 39.344785][ T3184] RBP: 00007ffffc91cb28 R08: 00007ffffc90c938 R09: 00007ffffc90c8e8 [ 39.352756][ T3184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 39.360733][ T3184] R13: 00007ffffc90c978 R14: 0000000000000028 R15: 0000000000008914 [ 39.368695][ T3184] [ 39.371892][ T3184] Modules linked in: [ 39.375823][ T3184] ---[ end trace 0000000000000000 ]--- [ 39.381272][ T3184] RIP: 0010:skb_panic+0x16c/0x16e [ 39.386317][ T3184] Code: f8 4c 8b 4c 24 10 8b 4b 70 41 56 45 89 e8 4c 89 e2 41 57 48 89 ee 48 c7 c7 c0 b5 f3 8a ff 74 24 10 ff 74 24 20 e8 5b ef c0 ff <0f> 0b e8 f2 79 02 f8 4c 8b 64 24 18 e8 e8 c7 4e f8 48 c7 c1 a0 c2 [ 39.405970][ T3184] RSP: 0018:ffffc900031ff728 EFLAGS: 00010282 [ 39.412137][ T3184] RAX: 0000000000000085 RBX: ffff88801ca16500 RCX: 0000000000000000 [ 39.420233][ T3184] RDX: ffff888026175880 RSI: ffffffff8161f148 RDI: fffff5200063fed7 [ 39.428578][ T3184] RBP: ffffffff8af3c2a0 R08: 0000000000000085 R09: 0000000000000000 [ 39.436591][ T3184] R10: 0000000000000201 R11: 0000000000000000 R12: ffffffff87f983b7 [ 39.444580][ T3184] R13: 0000000000000013 R14: ffff888017138000 R15: 00000000000000c0 [ 39.452564][ T3184] FS: 00007fed4d50e740(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 39.461546][ T3184] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.468149][ T3184] CR2: 00007f75ff5b9a70 CR3: 000000001c833000 CR4: 0000000000350ee0 [ 39.476152][ T3184] Kernel panic - not syncing: Fatal exception in interrupt [ 39.484156][ T3184] Kernel Offset: disabled [ 39.488560][ T3184] Rebooting in 86400 seconds..