DUID 00:04:03:2c:e5:fc:a2:19:b8:8b:c5:bf:62:63:19:3a:75:c6 forked to background, child pid 3186 [ 22.848008][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 22.861775][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.194' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.712767][ T3603] netlink: 'syz-executor346': attribute type 1 has an invalid length. [ 41.728982][ T3603] device bond1 entered promiscuous mode [ 41.742300][ T3603] 8021q: adding VLAN 0 to HW filter on device bond1 [ 41.756408][ T3603] bond1: (slave gre1): The slave device specified does not support setting the MAC address [ 41.781607][ T3603] bond1: (slave gre1): Setting fail_over_mac to active for active-backup mode [ 41.792255][ T3603] bond1: (slave gre1): making interface the new active one [ 41.802825][ T3603] device gre1 entered promiscuous mode [ 41.810309][ T3603] bond1: (slave gre1): Enslaving as an active interface with an up link [ 41.818823][ T3603] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN [ 41.830554][ T3603] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 41.838968][ T3603] CPU: 0 PID: 3603 Comm: syz-executor346 Not tainted 6.0.0-rc6-next-20220923-syzkaller #0 [ 41.848869][ T3603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 41.858927][ T3603] RIP: 0010:skb_release_data+0x449/0x870 [ 41.864582][ T3603] Code: e8 7c 89 15 00 31 ff 41 89 c4 89 c6 e8 70 ba 51 fa 45 84 e4 0f 85 4f ff ff ff e8 d2 bd 51 fa 48 8d 7d 08 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 0f 85 4a 03 00 00 48 8b 45 08 31 ff 49 89 c4 48 89 [ 41.884190][ T3603] RSP: 0018:ffffc90003b6f660 EFLAGS: 00010202 [ 41.890256][ T3603] RAX: 0000000000000001 RBX: ffff8880172a8a00 RCX: 0000000000000000 [ 41.898228][ T3603] RDX: ffff888075603a80 RSI: ffffffff872ad62e RDI: 0000000000000008 [ 41.906201][ T3603] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 41.914179][ T3603] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 41.922146][ T3603] R13: ffff88801c3ca0f0 R14: 0000000000000000 R15: dffffc0000000000 [ 41.930116][ T3603] FS: 00005555566d7300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 41.939049][ T3603] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.945633][ T3603] CR2: 000055c5ad45a0e0 CR3: 000000007af9e000 CR4: 00000000003506f0 [ 41.953609][ T3603] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.961581][ T3603] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.969551][ T3603] Call Trace: [ 41.972823][ T3603] [ 41.975755][ T3603] ? kfree_skb_list_reason+0x47/0x70 [ 41.981050][ T3603] kfree_skb_reason+0x186/0x4b0 [ 41.985912][ T3603] kfree_skb_list_reason+0x47/0x70 [ 41.991046][ T3603] __dev_queue_xmit+0x237b/0x3b60 [ 41.996076][ T3603] ? skb_set_owner_w+0x269/0x420 [ 42.001028][ T3603] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 42.006318][ T3603] ? sock_alloc_send_pskb+0x382/0x930 [ 42.011689][ T3603] ? ref_tracker_alloc+0x2c3/0x550 [ 42.016809][ T3603] ? packet_parse_headers+0x43c/0x980 [ 42.022183][ T3603] ? packet_parse_headers+0x200/0x980 [ 42.027562][ T3603] ? task_cls_classid+0x370/0x370 [ 42.032588][ T3603] ? packet_sock_destruct+0x150/0x150 [ 42.037962][ T3603] ? skb_copy_datagram_from_iter+0x474/0x6c0 [ 42.043958][ T3603] packet_sendmsg+0x3354/0x5500 [ 42.048815][ T3603] ? lock_downgrade+0x670/0x6e0 [ 42.053668][ T3603] ? __stack_depot_save+0x3a/0x560 [ 42.058790][ T3603] ? aa_sk_perm+0x30f/0xaa0 [ 42.063319][ T3603] ? packet_lookup_frame.isra.0+0x1c0/0x1c0 [ 42.069216][ T3603] ? aa_af_perm+0x230/0x230 [ 42.073732][ T3603] ? __import_iovec+0x1f7/0x610 [ 42.078592][ T3603] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 42.083897][ T3603] ? packet_lookup_frame.isra.0+0x1c0/0x1c0 [ 42.089799][ T3603] sock_sendmsg+0xcf/0x120 [ 42.094223][ T3603] ____sys_sendmsg+0x712/0x8c0 [ 42.098993][ T3603] ? copy_msghdr_from_user+0xfc/0x150 [ 42.104374][ T3603] ? kernel_sendmsg+0x50/0x50 [ 42.109054][ T3603] ? lock_release+0x5cb/0x810 [ 42.113735][ T3603] ? rwlock_bug.part.0+0x90/0x90 [ 42.118677][ T3603] ? __stack_depot_save+0x3a/0x560 [ 42.123794][ T3603] ? ref_tracker_alloc+0x14c/0x550 [ 42.128913][ T3603] ___sys_sendmsg+0x110/0x1b0 [ 42.133599][ T3603] ? do_recvmmsg+0x6e0/0x6e0 [ 42.138209][ T3603] ? rcu_read_lock_sched_held+0xd/0x70 [ 42.143691][ T3603] ? lock_release+0x5cb/0x810 [ 42.148380][ T3603] ? packet_do_bind+0x2bb/0xdc0 [ 42.153248][ T3603] ? lock_downgrade+0x6e0/0x6e0 [ 42.158106][ T3603] ? rwlock_bug.part.0+0x90/0x90 [ 42.163050][ T3603] ? rwlock_bug.part.0+0x90/0x90 [ 42.167994][ T3603] ? __local_bh_enable_ip+0xa0/0x120 [ 42.173286][ T3603] ? trace_hardirqs_on+0x2d/0x160 [ 42.178310][ T3603] ? packet_do_bind+0x2bb/0xdc0 [ 42.183164][ T3603] ? __local_bh_enable_ip+0xa0/0x120 [ 42.188453][ T3603] ? packet_do_bind+0x2bb/0xdc0 [ 42.193310][ T3603] ? __fget_light+0x20a/0x270 [ 42.197999][ T3603] __sys_sendmsg+0xf3/0x1c0 [ 42.202514][ T3603] ? __sys_sendmsg_sock+0x30/0x30 [ 42.207547][ T3603] ? lock_downgrade+0x6e0/0x6e0 [ 42.212401][ T3603] ? restore_fpregs_from_fpstate+0xbd/0x1c0 [ 42.218330][ T3603] ? syscall_enter_from_user_mode+0x22/0xb0 [ 42.224237][ T3603] ? trace_hardirqs_on+0x2d/0x160 [ 42.229265][ T3603] do_syscall_64+0x35/0xb0 [ 42.233685][ T3603] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.239603][ T3603] RIP: 0033:0x7f9fbd7ab1f9 [ 42.244028][ T3603] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 42.263641][ T3603] RSP: 002b:00007ffe2e98e498 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 42.272055][ T3603] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9fbd7ab1f9 [ 42.280035][ T3603] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 42.288028][ T3603] RBP: 0000000000000000 R08: 00007ffe2e98e638 R09: 00007ffe2e98e638 [ 42.296004][ T3603] R10: 00007ffe2e98e638 R11: 0000000000000246 R12: 00007f9fbd76ea80 [ 42.303981][ T3603] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 42.311961][ T3603] [ 42.314975][ T3603] Modules linked in: [ 42.318924][ T3603] ---[ end trace 0000000000000000 ]--- [ 42.324401][ T3603] RIP: 0010:skb_release_data+0x449/0x870 [ 42.330091][ T3603] Code: e8 7c 89 15 00 31 ff 41 89 c4 89 c6 e8 70 ba 51 fa 45 84 e4 0f 85 4f ff ff ff e8 d2 bd 51 fa 48 8d 7d 08 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 0f 85 4a 03 00 00 48 8b 45 08 31 ff 49 89 c4 48 89 [ 42.349739][ T3603] RSP: 0018:ffffc90003b6f660 EFLAGS: 00010202 [ 42.355812][ T3603] RAX: 0000000000000001 RBX: ffff8880172a8a00 RCX: 0000000000000000 [ 42.363818][ T3603] RDX: ffff888075603a80 RSI: ffffffff872ad62e RDI: 0000000000000008 [ 42.371814][ T3603] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 42.379821][ T3603] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 42.387802][ T3603] R13: ffff88801c3ca0f0 R14: 0000000000000000 R15: dffffc0000000000 [ 42.395802][ T3603] FS: 00005555566d7300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 42.404768][ T3603] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.411397][ T3603] CR2: 000055c5ad45a0e0 CR3: 000000007af9e000 CR4: 00000000003506f0 [ 42.419388][ T3603] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.427389][ T3603] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.435391][ T3603] Kernel panic - not syncing: Fatal exception in interrupt [ 42.442736][ T3603] Kernel Offset: disabled [ 42.447054][ T3603] Rebooting in 86400 seconds..