./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2199289819 <...> Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts. execve("./syz-executor2199289819", ["./syz-executor2199289819"], 0x7fff62e2b3a0 /* 10 vars */) = 0 brk(NULL) = 0x5555559a1000 brk(0x5555559a1c40) = 0x5555559a1c40 arch_prctl(ARCH_SET_FS, 0x5555559a1300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555559a15d0) = 3606 set_robust_list(0x5555559a15e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fee4cc27630, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fee4cc27d00}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fee4cc276d0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fee4cc27d00}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2199289819", 4096) = 28 brk(0x5555559c2c40) = 0x5555559c2c40 brk(0x5555559c3000) = 0x5555559c3000 mprotect(0x7fee4cce7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3607 attached , child_tidptr=0x5555559a15d0) = 3607 [pid 3607] set_robust_list(0x5555559a15e0, 24) = 0 [pid 3607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3607] setpgid(0, 0) = 0 [pid 3607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1000", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] futex(0x7fee4cced42c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fee4cbf7000 [pid 3607] mprotect(0x7fee4cbf8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3607] clone(child_stack=0x7fee4cc173f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3608 attached , parent_tid=[3608], tls=0x7fee4cc17700, child_tidptr=0x7fee4cc179d0) = 3608 [pid 3608] set_robust_list(0x7fee4cc179e0, 24 [pid 3607] futex(0x7fee4cced428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] <... set_robust_list resumed>) = 0 [pid 3607] <... futex resumed>) = 0 [pid 3608] socket(AF_CAN, SOCK_RAW, CAN_RAW [pid 3607] futex(0x7fee4cced42c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] <... socket resumed>) = 3 [pid 3608] futex(0x7fee4cced42c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3608] <... futex resumed>) = 1 [pid 3607] futex(0x7fee4cced428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7fee4cced42c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3608] futex(0x7fee4cced42c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3608] <... futex resumed>) = 1 [pid 3607] futex(0x7fee4cced428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7fee4cced42c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] <... socket resumed>) = 5 [pid 3608] futex(0x7fee4cced42c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3608] <... futex resumed>) = 1 [pid 3607] futex(0x7fee4cced428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE [pid 3607] <... futex resumed>) = 0 [pid 3608] <... socket resumed>) = 6 [pid 3607] futex(0x7fee4cced42c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] futex(0x7fee4cced42c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3608] <... futex resumed>) = 0 [pid 3607] futex(0x7fee4cced428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7fee4cced42c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 3608] futex(0x7fee4cced42c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3607] <... futex resumed>) = 0 [pid 3608] futex(0x7fee4cced428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3607] futex(0x7fee4cced428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3607] <... futex resumed>) = 0 [pid 3608] getsockname(6, [pid 3607] futex(0x7fee4cced42c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] <... getsockname resumed>{sa_family=AF_NETLINK, nl_pid=3607, nl_groups=00000000}, [20 => 12]) = 0 [pid 3608] futex(0x7fee4cced42c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3607] <... futex resumed>) = 0 [pid 3608] futex(0x7fee4cced428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3607] futex(0x7fee4cced428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3607] <... futex resumed>) = 0 [pid 3608] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x85\x06\x00\x00\x00\x00\xfe\x61\x22\x31\x4a\x00\x08\x00\x17\x0e\x00\x00\x23\x77\xf2\x92\x25\x21\x55\xb2\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x6f\x6e\x64\x00\x00\x00\x00\x0c\x00\x02\x00\x08\x00\x01\x00\x01\x00\x00\x00", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3607] futex(0x7fee4cced42c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3607] futex(0x7fee4cced43c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fee4cbd6000 syzkaller login: [ 49.281800][ T3608] netlink: 'syz-executor219': attribute type 1 has an invalid length. [ 49.312794][ T3608] device bond1 entered promiscuous mode [pid 3607] mprotect(0x7fee4cbd7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3607] clone(child_stack=0x7fee4cbf63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3616], tls=0x7fee4cbf6700, child_tidptr=0x7fee4cbf69d0) = 3616 [pid 3607] futex(0x7fee4cced438, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7fee4cced43c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] <... sendmsg resumed>) = 60 [pid 3608] futex(0x7fee4cced42c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3608] futex(0x7fee4cced428, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3616 attached [pid 3616] set_robust_list(0x7fee4cbf69e0, 24) = 0 [ 49.331485][ T3608] 8021q: adding VLAN 0 to HW filter on device bond1 [pid 3616] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x50\x00\x00\x00\x10\x00\x1f\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x00\x12\x80\x0a\x00\x01\x00\x76\x78\x63\x61\x6e\x00\x00\x00\x18\x00\x02\x80\x14\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x0a\x00\x17\x0e\x00\x00", iov_len=80}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3607] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3607] futex(0x7fee4cced428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] <... futex resumed>) = 0 [pid 3607] <... futex resumed>) = 1 [pid 3608] bind(3, {sa_family=AF_CAN, sa_data="\x00\x00\x17\x0e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, 16 [ 49.384620][ T3616] bond1: (slave vxcan1): The slave device specified does not support setting the MAC address [ 49.398629][ T3608] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN [ 49.407309][ T3616] bond1: (slave vxcan1): Setting fail_over_mac to active for active-backup mode [ 49.410348][ T3608] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 49.410363][ T3608] CPU: 0 PID: 3608 Comm: syz-executor219 Not tainted 6.0.0-rc1-syzkaller-00025-g274a2eebf80c #0 [ 49.438165][ T3608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 49.448226][ T3608] RIP: 0010:can_rx_register+0x480/0x660 [ 49.453801][ T3608] Code: 8b 6c 24 70 49 89 5f 30 49 8d 7f 38 48 89 f8 48 c1 e8 03 42 80 3c 28 00 74 05 e8 5b d3 9b f8 49 89 6f 38 4c 89 f3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 f7 e8 c1 d2 9b f8 4d 8b 26 4c 89 f8 48 [ 49.473411][ T3608] RSP: 0018:ffffc900038ffcb8 EFLAGS: 00010202 [ 49.479498][ T3608] RAX: 1ffff1100e44be07 RBX: 0000000000000001 RCX: ffff888027638000 [ 49.487808][ T3608] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88807225f038 [ 49.495766][ T3608] RBP: ffff888018226000 R08: ffffffff8941621c R09: fffff5200071ff88 [ 49.503827][ T3608] R10: fffff5200071ff89 R11: 1ffff9200071ff88 R12: 0000000000000000 [ 49.511808][ T3608] R13: dffffc0000000000 R14: 0000000000000008 R15: ffff88807225f000 [ 49.519769][ T3608] FS: 00007fee4cc17700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 49.528688][ T3608] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.535260][ T3608] CR2: 00007fac7f82eff8 CR3: 000000001f7af000 CR4: 00000000003506f0 [ 49.543223][ T3608] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.551196][ T3608] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.559155][ T3608] Call Trace: [ 49.562424][ T3608] [ 49.565344][ T3608] ? dev_put+0x80/0x80 [ 49.569408][ T3608] raw_bind+0x352/0xfe0 [ 49.573556][ T3608] __sys_bind+0x233/0x2e0 [ 49.577877][ T3608] ? __ia32_sys_socketpair+0xb0/0xb0 [ 49.583153][ T3608] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 49.589125][ T3608] __x64_sys_bind+0x76/0x80 [ 49.593640][ T3608] do_syscall_64+0x2b/0x70 [ 49.598048][ T3608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.603940][ T3608] RIP: 0033:0x7fee4cc65d19 [ 49.608345][ T3608] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 49.627942][ T3608] RSP: 002b:00007fee4cc17318 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 49.636359][ T3608] RAX: ffffffffffffffda RBX: 00007fee4cced428 RCX: 00007fee4cc65d19 [ 49.644317][ T3608] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003 [ 49.652280][ T3608] RBP: 00007fee4cced420 R08: 0000000000000000 R09: 0000000000000000 [ 49.660242][ T3608] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee4ccbb064 [ 49.668215][ T3608] R13: 00007ffe7f6d3b7f R14: 00007fee4cc17400 R15: 0000000000022000 [ 49.676180][ T3608] [ 49.679186][ T3608] Modules linked in: [pid 3607] futex(0x7fee4cced42c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3607] futex(0x7fee4cced44c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fee4cbb5000 [pid 3607] mprotect(0x7fee4cbb6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3607] clone(child_stack=0x7fee4cbd53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3625], tls=0x7fee4cbd5700, child_tidptr=0x7fee4cbd59d0) = 3625 [pid 3607] futex(0x7fee4cced448, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 49.683115][ T3608] ---[ end trace 0000000000000000 ]--- [ 49.688595][ T3608] RIP: 0010:can_rx_register+0x480/0x660 [ 49.690117][ T3616] bond1: (slave vxcan1): Error -22 calling dev_set_mtu [ 49.694135][ T3608] Code: 8b 6c 24 70 49 89 5f 30 49 8d 7f 38 48 89 f8 48 c1 e8 03 42 80 3c 28 00 74 05 e8 5b d3 9b f8 49 89 6f 38 4c 89 f3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 f7 e8 c1 d2 9b f8 4d 8b 26 4c 89 f8 48 [ 49.720633][ T3608] RSP: 0018:ffffc900038ffcb8 EFLAGS: 00010202 [ 49.726708][ T3608] RAX: 1ffff1100e44be07 RBX: 0000000000000001 RCX: ffff888027638000 [pid 3607] futex(0x7fee4cced44c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 3625 attached [pid 3625] set_robust_list(0x7fee4cbd59e0, 24) = 0 [pid 3625] splice(-1, NULL, -1, NULL, 32768, 0) = -1 EBADF (Bad file descriptor) [pid 3625] futex(0x7fee4cced44c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 49.734721][ T3608] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88807225f038 [ 49.742718][ T3608] RBP: ffff888018226000 R08: ffffffff8941621c R09: fffff5200071ff88 [ 49.750718][ T3608] R10: fffff5200071ff89 R11: 1ffff9200071ff88 R12: 0000000000000000 [ 49.758713][ T3608] R13: dffffc0000000000 R14: 0000000000000008 R15: ffff88807225f000 [ 49.766698][ T3608] FS: 00007fee4cc17700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 49.775682][ T3608] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.782289][ T3608] CR2: 00007fac7f82eff8 CR3: 000000001f7af000 CR4: 00000000003506f0 [ 49.790295][ T3608] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.798290][ T3608] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.806259][ T3608] Kernel panic - not syncing: Fatal exception in interrupt [ 49.813589][ T3608] Kernel Offset: disabled [ 49.817941][ T3608] Rebooting in 86400 seconds..