netlink: 'syz-executor.1': attribute type 5 has an invalid length. device bond_slave_1 entered promiscuous mode device bond_slave_1 left promiscuous mode BUG: kernel NULL pointer dereference, address: 00000000000000c0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 92116067 P4D 92116067 PUD 90eeb067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 24074 Comm: syz-executor.1 Not tainted 5.14.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:qlink_to_object mm/kasan/quarantine.c:129 [inline] RIP: 0010:qlink_free mm/kasan/quarantine.c:134 [inline] RIP: 0010:qlist_free_all+0x35/0xc0 mm/kasan/quarantine.c:165 Code: f5 48 83 ec 08 48 8b 37 48 85 f6 0f 84 96 00 00 00 49 be 00 00 00 00 00 ea ff ff 49 89 fd 49 bc 00 00 00 00 00 fc ff df eb 2d <48> 63 87 c0 00 00 00 48 c7 c2 95 ea bb 81 4c 8b 3e 48 29 c6 48 89 RSP: 0018:ffffc900189d6c90 EFLAGS: 00010246 RAX: ffffea0000000000 RBX: ffff888064773c00 RCX: ffffea0000000007 RDX: 0000000000000000 RSI: ffff888000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000002e R10: ffffffff81347eca R11: 000000000000003f R12: dffffc0000000000 R13: ffffc900189d6cc8 R14: ffffea0000000000 R15: ffff888000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0063) knlGS:00000000f5507b40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 00000000000000c0 CR3: 00000000a9a9d000 CR4: 00000000001526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kasan_quarantine_reduce+0x180/0x200 mm/kasan/quarantine.c:272 __kasan_slab_alloc+0x8e/0xa0 mm/kasan/common.c:444 kasan_slab_alloc include/linux/kasan.h:254 [inline] slab_post_alloc_hook mm/slab.h:519 [inline] slab_alloc_node mm/slub.c:2956 [inline] __kmalloc_node_track_caller+0x24e/0x360 mm/slub.c:4650 kmalloc_reserve net/core/skbuff.c:355 [inline] __alloc_skb+0xde/0x340 net/core/skbuff.c:426 alloc_skb include/linux/skbuff.h:1112 [inline] nlmsg_new include/net/netlink.h:953 [inline] inet_netconf_notify_devconf+0xdd/0x250 net/ipv4/devinet.c:2093 __devinet_sysctl_unregister net/ipv4/devinet.c:2599 [inline] devinet_sysctl_unregister net/ipv4/devinet.c:2623 [inline] inetdev_destroy net/ipv4/devinet.c:324 [inline] inetdev_event+0xcd6/0x15d0 net/ipv4/devinet.c:1598 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2123 call_netdevice_notifiers_extack net/core/dev.c:2135 [inline] call_netdevice_notifiers net/core/dev.c:2149 [inline] unregister_netdevice_many+0x951/0x1790 net/core/dev.c:11093 __rtnl_newlink+0x143d/0x1760 net/core/rtnetlink.c:3491 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3508 rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5574 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340 netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1929 sock_sendmsg_nosec net/socket.c:703 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:723 ____sys_sendmsg+0x331/0x810 net/socket.c:2392 ___sys_sendmsg+0xf3/0x170 net/socket.c:2446 __sys_sendmmsg+0x297/0x470 net/socket.c:2525 __compat_sys_sendmmsg net/compat.c:361 [inline] __do_compat_sys_sendmmsg net/compat.c:368 [inline] __se_compat_sys_sendmmsg net/compat.c:365 [inline] __ia32_compat_sys_sendmmsg+0x9b/0x100 net/compat.c:365 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7f0d549 Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 RSP: 002b:00000000f55075fc EFLAGS: 00000296 ORIG_RAX: 0000000000000159 RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000000 RDX: 00000000924924cb RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Modules linked in: CR2: 00000000000000c0 ---[ end trace 11043d1bd7d9eacf ]--- RIP: 0010:qlink_to_object mm/kasan/quarantine.c:129 [inline] RIP: 0010:qlink_free mm/kasan/quarantine.c:134 [inline] RIP: 0010:qlist_free_all+0x35/0xc0 mm/kasan/quarantine.c:165 Code: f5 48 83 ec 08 48 8b 37 48 85 f6 0f 84 96 00 00 00 49 be 00 00 00 00 00 ea ff ff 49 89 fd 49 bc 00 00 00 00 00 fc ff df eb 2d <48> 63 87 c0 00 00 00 48 c7 c2 95 ea bb 81 4c 8b 3e 48 29 c6 48 89 RSP: 0018:ffffc900189d6c90 EFLAGS: 00010246 RAX: ffffea0000000000 RBX: ffff888064773c00 RCX: ffffea0000000007 RDX: 0000000000000000 RSI: ffff888000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000002e R10: ffffffff81347eca R11: 000000000000003f R12: dffffc0000000000 R13: ffffc900189d6cc8 R14: ffffea0000000000 R15: ffff888000000000 FS: 0000000000000000(0000) GS:ffff8880b9d00000(0063) knlGS:00000000f5507b40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 000000002bd2d000 CR3: 00000000a9a9d000 CR4: 00000000001526e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: f5 cmc 1: 48 83 ec 08 sub $0x8,%rsp 5: 48 8b 37 mov (%rdi),%rsi 8: 48 85 f6 test %rsi,%rsi b: 0f 84 96 00 00 00 je 0xa7 11: 49 be 00 00 00 00 00 movabs $0xffffea0000000000,%r14 18: ea ff ff 1b: 49 89 fd mov %rdi,%r13 1e: 49 bc 00 00 00 00 00 movabs $0xdffffc0000000000,%r12 25: fc ff df 28: eb 2d jmp 0x57 2a: 48 63 87 c0 00 00 00 movslq 0xc0(%rdi),%rax <-- trapping instruction 31: 48 c7 c2 95 ea bb 81 mov $0xffffffff81bbea95,%rdx 38: 4c 8b 3e mov (%rsi),%r15 3b: 48 29 c6 sub %rax,%rsi 3e: 48 rex.W 3f: 89 .byte 0x89