./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3984144034 <...> Warning: Permanently added '10.128.1.55' (ECDSA) to the list of known hosts. execve("./syz-executor3984144034", ["./syz-executor3984144034"], 0x7ffff23974b0 /* 10 vars */) = 0 brk(NULL) = 0x555555d0f000 brk(0x555555d0fc40) = 0x555555d0fc40 arch_prctl(ARCH_SET_FS, 0x555555d0f300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3984144034", 4096) = 28 brk(0x555555d30c40) = 0x555555d30c40 brk(0x555555d31000) = 0x555555d31000 mprotect(0x7f6d923c4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3613 attached , child_tidptr=0x555555d0f5d0) = 3613 [pid 3613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3613] setpgid(0, 0) = 0 [pid 3613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3613] write(3, "1000", 4) = 4 [pid 3613] close(3) = 0 [pid 3613] socket(AF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 [pid 3613] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3613] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3613] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 6 [pid 3613] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 3613] getsockname(6, {sa_family=AF_NETLINK, nl_pid=3613, nl_groups=00000000}, [20 => 12]) = 0 [pid 3613] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x20\x00\xfe\x61\x22\x33\xca\x00\x08\x00\x1d\x0e\x00\x00\x23\x77\xf2\x9e\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x34\xe7\x30", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 syzkaller login: [ 35.948414][ T3613] netlink: 'syz-executor398': attribute type 1 has an invalid length. [ 35.965426][ T3613] device bond1 entered promiscuous mode [ 35.975911][ T3613] 8021q: adding VLAN 0 to HW filter on device bond1 [pid 3613] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x58\x00\x00\x00\x10\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x28\x00\x12\x80\x08\x00\x01\x00\x67\x72\x65\x00\x1c\x00\x02\x80\x08\x00\x06\x00\xff\xff\xff\xff\x05\x00\x09\x00\x08\x00\x00\x00\x08\x00\x05\x00\x08\x00\x00\x00\x08\x00\x0a\x00\x1d\x0e\x00\x00\x08\x00\x1b\x00\x00\x80\x00\x00", iov_len=88}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL|MSG_ZEROCOPY) = 88 [pid 3613] bind(3, {sa_family=AF_PACKET, sll_protocol=htons(0 /* ETH_P_??? */), sll_ifindex=if_nametoindex("bond1"), sll_hatype=ARPHRD_ETHER, sll_pkttype=PACKET_HOST, sll_halen=6, sll_addr=[0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xbb]}, 20) = 0 [pid 3613] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 0 [pid 3613] exit_group(0) = ? [pid 3613] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3613, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3627 attached , child_tidptr=0x555555d0f5d0) = 3627 [pid 3627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3627] setpgid(0, 0) = 0 [pid 3627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3627] write(3, "1000", 4) = 4 [pid 3627] close(3) = 0 [pid 3627] socket(AF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 [pid 3627] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3627] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3627] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 6 [pid 3627] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 3627] getsockname(6, {sa_family=AF_NETLINK, nl_pid=3627, nl_groups=00000000}, [20 => 12]) = 0 [ 35.991699][ T3613] bond1: (slave gre1): The slave device specified does not support setting the MAC address [ 36.005062][ T3613] bond1: (slave gre1): Setting fail_over_mac to active for active-backup mode [ 36.015901][ T3613] bond1: (slave gre1): making interface the new active one [ 36.023385][ T3613] device gre1 entered promiscuous mode [ 36.029951][ T3613] bond1: (slave gre1): Enslaving as an active interface with an up link [ 36.040693][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 36.074160][ T3627] netlink: 'syz-executor398': attribute type 1 has an invalid length. [ 36.090666][ T3627] device bond2 entered promiscuous mode [pid 3627] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x20\x00\xfe\x61\x22\x33\xca\x00\x08\x00\x2b\x0e\x00\x00\x23\x77\xf2\x9e\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x34\xe7\x30", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 [pid 3627] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x58\x00\x00\x00\x10\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x28\x00\x12\x80\x08\x00\x01\x00\x67\x72\x65\x00\x1c\x00\x02\x80\x08\x00\x06\x00\xff\xff\xff\xff\x05\x00\x09\x00\x08\x00\x00\x00\x08\x00\x05\x00\x08\x00\x00\x00\x08\x00\x0a\x00\x2b\x0e\x00\x00\x08\x00\x1b\x00\x00\x80\x00\x00", iov_len=88}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL|MSG_ZEROCOPY) = 88 [pid 3627] bind(3, {sa_family=AF_PACKET, sll_protocol=htons(0 /* ETH_P_??? */), sll_ifindex=if_nametoindex("bond2"), sll_hatype=ARPHRD_ETHER, sll_pkttype=PACKET_HOST, sll_halen=6, sll_addr=[0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xbb]}, 20) = 0 [pid 3627] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EINVAL (Invalid argument) [pid 3627] exit_group(0) = ? [pid 3627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3627, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3629 attached , child_tidptr=0x555555d0f5d0) = 3629 [pid 3629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3629] setpgid(0, 0) = 0 [pid 3629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3629] write(3, "1000", 4) = 4 [pid 3629] close(3) = 0 [pid 3629] socket(AF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 [pid 3629] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3629] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3629] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 6 [pid 3629] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 3629] getsockname(6, {sa_family=AF_NETLINK, nl_pid=3629, nl_groups=00000000}, [20 => 12]) = 0 [ 36.120334][ T3627] 8021q: adding VLAN 0 to HW filter on device bond2 [ 36.149570][ T3629] netlink: 'syz-executor398': attribute type 1 has an invalid length. [pid 3629] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x20\x00\xfe\x61\x22\x33\xca\x00\x08\x00\x2d\x0e\x00\x00\x23\x77\xf2\x9e\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x34\xe7\x30", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 [pid 3629] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x58\x00\x00\x00\x10\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x28\x00\x12\x80\x08\x00\x01\x00\x67\x72\x65\x00\x1c\x00\x02\x80\x08\x00\x06\x00\xff\xff\xff\xff\x05\x00\x09\x00\x08\x00\x00\x00\x08\x00\x05\x00\x08\x00\x00\x00\x08\x00\x0a\x00\x2d\x0e\x00\x00\x08\x00\x1b\x00\x00\x80\x00\x00", iov_len=88}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL|MSG_ZEROCOPY) = 88 [pid 3629] bind(3, {sa_family=AF_PACKET, sll_protocol=htons(0 /* ETH_P_??? */), sll_ifindex=if_nametoindex("bond3"), sll_hatype=ARPHRD_ETHER, sll_pkttype=PACKET_HOST, sll_halen=6, sll_addr=[0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xbb]}, 20) = 0 [pid 3629] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EINVAL (Invalid argument) [pid 3629] exit_group(0) = ? [pid 3629] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3629, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0f5d0) = 3636 ./strace-static-x86_64: Process 3636 attached [pid 3636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3636] setpgid(0, 0) = 0 [pid 3636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3636] write(3, "1000", 4) = 4 [pid 3636] close(3) = 0 [pid 3636] socket(AF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 [pid 3636] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3636] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3636] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 6 [pid 3636] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 3636] getsockname(6, {sa_family=AF_NETLINK, nl_pid=3636, nl_groups=00000000}, [20 => 12]) = 0 [ 36.201919][ T3629] device bond3 entered promiscuous mode [ 36.217511][ T3629] 8021q: adding VLAN 0 to HW filter on device bond3 [ 36.242180][ T3636] netlink: 'syz-executor398': attribute type 1 has an invalid length. [pid 3636] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x20\x00\xfe\x61\x22\x33\xca\x00\x08\x00\x34\x0e\x00\x00\x23\x77\xf2\x9e\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x34\xe7\x30", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 [pid 3636] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x58\x00\x00\x00\x10\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x28\x00\x12\x80\x08\x00\x01\x00\x67\x72\x65\x00\x1c\x00\x02\x80\x08\x00\x06\x00\xff\xff\xff\xff\x05\x00\x09\x00\x08\x00\x00\x00\x08\x00\x05\x00\x08\x00\x00\x00\x08\x00\x0a\x00\x34\x0e\x00\x00\x08\x00\x1b\x00\x00\x80\x00\x00", iov_len=88}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL|MSG_ZEROCOPY) = 88 [pid 3636] bind(3, {sa_family=AF_PACKET, sll_protocol=htons(0 /* ETH_P_??? */), sll_ifindex=if_nametoindex("bond4"), sll_hatype=ARPHRD_ETHER, sll_pkttype=PACKET_HOST, sll_halen=6, sll_addr=[0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xbb]}, 20) = 0 [pid 3636] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EINVAL (Invalid argument) [pid 3636] exit_group(0) = ? [pid 3636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3636, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0f5d0) = 3644 ./strace-static-x86_64: Process 3644 attached [pid 3644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3644] setpgid(0, 0) = 0 [pid 3644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3644] write(3, "1000", 4) = 4 [pid 3644] close(3) = 0 [pid 3644] socket(AF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 [pid 3644] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3644] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3644] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 6 [pid 3644] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 3644] getsockname(6, {sa_family=AF_NETLINK, nl_pid=3644, nl_groups=00000000}, [20 => 12]) = 0 [ 36.288300][ T3636] device bond4 entered promiscuous mode [ 36.312737][ T3636] 8021q: adding VLAN 0 to HW filter on device bond4 [ 36.336480][ T3644] netlink: 'syz-executor398': attribute type 1 has an invalid length. [pid 3644] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x20\x00\xfe\x61\x22\x33\xca\x00\x08\x00\x3c\x0e\x00\x00\x23\x77\xf2\x9e\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x34\xe7\x30", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 [pid 3644] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x58\x00\x00\x00\x10\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x28\x00\x12\x80\x08\x00\x01\x00\x67\x72\x65\x00\x1c\x00\x02\x80\x08\x00\x06\x00\xff\xff\xff\xff\x05\x00\x09\x00\x08\x00\x00\x00\x08\x00\x05\x00\x08\x00\x00\x00\x08\x00\x0a\x00\x3c\x0e\x00\x00\x08\x00\x1b\x00\x00\x80\x00\x00", iov_len=88}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL|MSG_ZEROCOPY) = 88 [pid 3644] bind(3, {sa_family=AF_PACKET, sll_protocol=htons(0 /* ETH_P_??? */), sll_ifindex=if_nametoindex("bond5"), sll_hatype=ARPHRD_ETHER, sll_pkttype=PACKET_HOST, sll_halen=6, sll_addr=[0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xbb]}, 20) = 0 [pid 3644] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EINVAL (Invalid argument) [pid 3644] exit_group(0) = ? [pid 3644] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3644, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0f5d0) = 3654 ./strace-static-x86_64: Process 3654 attached [pid 3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3654] setpgid(0, 0) = 0 [pid 3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3654] write(3, "1000", 4) = 4 [pid 3654] close(3) = 0 [pid 3654] socket(AF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 [pid 3654] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3654] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3654] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 6 [pid 3654] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 3654] getsockname(6, {sa_family=AF_NETLINK, nl_pid=3654, nl_groups=00000000}, [20 => 12]) = 0 [ 36.383078][ T3644] device bond5 entered promiscuous mode [ 36.420577][ T3644] 8021q: adding VLAN 0 to HW filter on device bond5 [pid 3654] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x20\x00\xfe\x61\x22\x33\xca\x00\x08\x00\x46\x0e\x00\x00\x23\x77\xf2\x9e\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x34\xe7\x30", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 [pid 3654] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x58\x00\x00\x00\x10\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x28\x00\x12\x80\x08\x00\x01\x00\x67\x72\x65\x00\x1c\x00\x02\x80\x08\x00\x06\x00\xff\xff\xff\xff\x05\x00\x09\x00\x08\x00\x00\x00\x08\x00\x05\x00\x08\x00\x00\x00\x08\x00\x0a\x00\x46\x0e\x00\x00\x08\x00\x1b\x00\x00\x80\x00\x00", iov_len=88}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL|MSG_ZEROCOPY) = 88 [pid 3654] bind(3, {sa_family=AF_PACKET, sll_protocol=htons(0 /* ETH_P_??? */), sll_ifindex=if_nametoindex("bond6"), sll_hatype=ARPHRD_ETHER, sll_pkttype=PACKET_HOST, sll_halen=6, sll_addr=[0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xbb]}, 20) = 0 [pid 3654] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EINVAL (Invalid argument) [pid 3654] exit_group(0) = ? [pid 3654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3654, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0f5d0) = 3657 ./strace-static-x86_64: Process 3657 attached [pid 3657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3657] setpgid(0, 0) = 0 [pid 3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3657] write(3, "1000", 4) = 4 [pid 3657] close(3) = 0 [pid 3657] socket(AF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 [pid 3657] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3657] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 3657] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 6 [pid 3657] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 3657] getsockname(6, {sa_family=AF_NETLINK, nl_pid=3657, nl_groups=00000000}, [20 => 12]) = 0 [ 36.443113][ T3654] netlink: 'syz-executor398': attribute type 1 has an invalid length. [ 36.465057][ T3654] device bond6 entered promiscuous mode [ 36.476171][ T3654] 8021q: adding VLAN 0 to HW filter on device bond6 [ 36.503777][ T3657] netlink: 'syz-executor398': attribute type 1 has an invalid length. [ 36.520840][ T3657] device bond7 entered promiscuous mode [ 36.540527][ T3657] 8021q: adding VLAN 0 to HW filter on device bond7 [pid 3657] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x20\x00\xfe\x61\x22\x33\xca\x00\x08\x00\x49\x0e\x00\x00\x23\x77\xf2\x9e\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x34\xe7\x30", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60 [pid 3657] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x58\x00\x00\x00\x10\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x28\x00\x12\x80\x08\x00\x01\x00\x67\x72\x65\x00\x1c\x00\x02\x80\x08\x00\x06\x00\xff\xff\xff\xff\x05\x00\x09\x00\x08\x00\x00\x00\x08\x00\x05\x00\x08\x00\x00\x00\x08\x00\x0a\x00\x49\x0e\x00\x00\x08\x00\x1b\x00\x00\x80\x00\x00", iov_len=88}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL|MSG_ZEROCOPY) = 88 [pid 3657] bind(3, {sa_family=AF_PACKET, sll_protocol=htons(0 /* ETH_P_??? */), sll_ifindex=if_nametoindex("bond7"), sll_hatype=ARPHRD_ETHER, sll_pkttype=PACKET_HOST, sll_halen=6, sll_addr=[0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xbb]}, 20) = 0 [pid 3657] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EINVAL (Invalid argument) [pid 3657] exit_group(0) = ? [ 36.554144][ T3185] skbuff: skb_under_panic: text:ffffffff88e7dca6 len:23 put:19 head:ffff88807993d800 data:ffff88807993d7ff tail:0x16 end:0xc0 dev:bond1 [ 36.568396][ T3185] ------------[ cut here ]------------ [ 36.573876][ T3185] kernel BUG at net/core/skbuff.c:120! [ 36.579360][ T3185] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 36.585444][ T3185] CPU: 1 PID: 3185 Comm: dhcpcd Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0 [ 36.594812][ T3185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 36.604851][ T3185] RIP: 0010:skb_panic+0x14a/0x150 [ 36.609864][ T3185] Code: 51 b9 8b 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 49 89 e9 31 c0 53 41 55 41 54 41 57 e8 dc 01 04 02 48 83 c4 20 <0f> 0b 0f 1f 40 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 40 4d 89 [ 36.629466][ T3185] RSP: 0018:ffffc900034ef6c0 EFLAGS: 00010286 [ 36.635537][ T3185] RAX: 0000000000000085 RBX: ffff88802888c000 RCX: 8968f61da6150400 [ 36.643512][ T3185] RDX: 0000000000000000 RSI: 0000000000000201 RDI: 0000000000000000 [ 36.651470][ T3185] RBP: ffff88807993d800 R08: ffffffff816c0f4d R09: ffffed10173667f1 [ 36.659428][ T3185] R10: ffffed10173667f1 R11: 1ffff110173667f0 R12: 0000000000000016 [ 36.667386][ T3185] R13: 00000000000000c0 R14: dffffc0000000000 R15: ffff88807993d7ff [ 36.675362][ T3185] FS: 00007f018b529740(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 36.684277][ T3185] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.690845][ T3185] CR2: 00007f6c555e2a70 CR3: 000000002709a000 CR4: 00000000003506e0 [ 36.698814][ T3185] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 36.706782][ T3185] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 36.714746][ T3185] Call Trace: [ 36.718023][ T3185] [ 36.720953][ T3185] ? ipgre_header+0x66/0x470 [ 36.725548][ T3185] ? ipgre_header+0x66/0x470 [ 36.730143][ T3185] skb_push+0xb9/0xd0 [ 36.734138][ T3185] ipgre_header+0x66/0x470 [ 36.738579][ T3185] ? ipgre_tunnel_ctl+0xaf0/0xaf0 [ 36.743655][ T3185] lapbeth_data_transmit+0x1ec/0x2a0 [ 36.748939][ T3185] ? lapbeth_data_indication+0x3d0/0x3d0 [ 36.754567][ T3185] lapb_data_transmit+0x85/0xa0 [ 36.759411][ T3185] lapb_transmit_buffer+0x162/0x1e0 [ 36.764598][ T3185] lapb_establish_data_link+0x7d/0xd0 [ 36.769959][ T3185] lapb_device_event+0x4aa/0x640 [ 36.774885][ T3185] raw_notifier_call_chain+0xe7/0x170 [ 36.780257][ T3185] __dev_notify_flags+0x2ef/0x5f0 [ 36.785328][ T3185] ? __dev_change_flags+0x6d0/0x6d0 [ 36.790534][ T3185] ? __dev_change_flags+0x512/0x6d0 [ 36.795722][ T3185] ? dev_get_flags+0x1c0/0x1c0 [ 36.800474][ T3185] ? safesetid_security_capable+0xab/0x1b0 [ 36.806279][ T3185] dev_change_flags+0xe3/0x190 [ 36.811062][ T3185] devinet_ioctl+0x933/0x1ab0 [ 36.815733][ T3185] inet_ioctl+0x32d/0x400 [ 36.820055][ T3185] ? inet_shutdown+0x370/0x370 [ 36.824822][ T3185] ? slab_free_freelist_hook+0x12e/0x1a0 [ 36.830615][ T3185] ? tomoyo_path_number_perm+0x628/0x790 [ 36.836408][ T3185] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 36.842378][ T3185] sock_do_ioctl+0x151/0x450 [ 36.847226][ T3185] ? sock_show_fdinfo+0xb0/0xb0 [ 36.852107][ T3185] ? memset+0x1f/0x40 [ 36.856105][ T3185] sock_ioctl+0x481/0x770 [ 36.860453][ T3185] ? smack_file_alloc_security+0xd0/0xd0 [ 36.866110][ T3185] ? sock_poll+0x400/0x400 [ 36.870607][ T3185] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 36.876576][ T3185] ? rcu_read_lock_sched_held+0x5f/0x130 [ 36.882196][ T3185] ? print_irqtrace_events+0x220/0x220 [ 36.887910][ T3185] ? vtime_user_exit+0x2b2/0x3e0 [ 36.892837][ T3185] ? __ct_user_exit+0x81/0xe0 [ 36.897524][ T3185] ? bpf_lsm_file_ioctl+0x5/0x10 [ 36.902458][ T3185] ? security_file_ioctl+0x9d/0xb0 [ 36.907554][ T3185] ? sock_poll+0x400/0x400 [ 36.912043][ T3185] __se_sys_ioctl+0xfb/0x170 [ 36.916673][ T3185] do_syscall_64+0x2b/0x70 [ 36.921087][ T3185] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 36.926993][ T3185] RIP: 0033:0x7f018b6170e7 [ 36.931397][ T3185] Code: 3c 1c e8 1c ff ff ff 85 c0 79 87 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 61 9d 0c 00 f7 d8 64 89 01 48 [ 36.951006][ T3185] RSP: 002b:00007ffd101ff1b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 36.959418][ T3185] RAX: ffffffffffffffda RBX: 00007f018b5296c8 RCX: 00007f018b6170e7 [ 36.967376][ T3185] RDX: 00007ffd1020f3a8 RSI: 0000000000008914 RDI: 0000000000000018 [ 36.975336][ T3185] RBP: 00007ffd1021f558 R08: 00007ffd1020f368 R09: 00007ffd1020f318 [ 36.983301][ T3185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 36.991262][ T3185] R13: 00007ffd1020f3a8 R14: 0000000000000028 R15: 0000000000008914 [ 36.999239][ T3185] [ 37.002253][ T3185] Modules linked in: [ 37.006171][ T3185] ---[ end trace 0000000000000000 ]--- [ 37.011643][ T3185] RIP: 0010:skb_panic+0x14a/0x150 [ 37.016694][ T3185] Code: 51 b9 8b 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 49 89 e9 31 c0 53 41 55 41 54 41 57 e8 dc 01 04 02 48 83 c4 20 <0f> 0b 0f 1f 40 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 40 4d 89 [ 37.036345][ T3185] RSP: 0018:ffffc900034ef6c0 EFLAGS: 00010286 [ 37.042407][ T3185] RAX: 0000000000000085 RBX: ffff88802888c000 RCX: 8968f61da6150400 [ 37.050413][ T3185] RDX: 0000000000000000 RSI: 0000000000000201 RDI: 0000000000000000 [ 37.058404][ T3185] RBP: ffff88807993d800 R08: ffffffff816c0f4d R09: ffffed10173667f1 [ 37.066396][ T3185] R10: ffffed10173667f1 R11: 1ffff110173667f0 R12: 0000000000000016 [ 37.075445][ T3185] R13: 00000000000000c0 R14: dffffc0000000000 R15: ffff88807993d7ff [ 37.083495][ T3185] FS: 00007f018b529740(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 37.092428][ T3185] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.099032][ T3185] CR2: 00007f6c555e2a70 CR3: 000000002709a000 CR4: 00000000003506e0 [ 37.107020][ T3185] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.115009][ T3185] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.122991][ T3185] Kernel panic - not syncing: Fatal exception in interrupt [ 37.130345][ T3185] Kernel Offset: disabled [ 37.134665][ T3185] Rebooting in 86400 seconds..