./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2949054948 <...> Warning: Permanently added '10.128.1.55' (ED25519) to the list of known hosts. execve("./syz-executor2949054948", ["./syz-executor2949054948"], 0x7fffe8b12280 /* 10 vars */) = 0 brk(NULL) = 0x555556e67000 brk(0x555556e67d00) = 0x555556e67d00 arch_prctl(ARCH_SET_FS, 0x555556e67380) = 0 set_tid_address(0x555556e67650) = 5027 set_robust_list(0x555556e67660, 24) = 0 rseq(0x555556e67ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2949054948", 4096) = 28 getrandom("\x19\xfb\x6c\xaa\xf2\x62\x9c\x69", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556e67d00 brk(0x555556e88d00) = 0x555556e88d00 brk(0x555556e89000) = 0x555556e89000 mprotect(0x7fa80c04b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [ 56.196103][ T5027] netlink: 'syz-executor294': attribute type 9 has an invalid length. [ 56.205917][ T5027] BUG: unable to handle page fault for address: fffffbfff412f978 [ 56.213636][ T5027] #PF: supervisor read access in kernel mode [ 56.219592][ T5027] #PF: error_code(0x0000) - not-present page [ 56.225551][ T5027] PGD 23ffe4067 P4D 23ffe4067 PUD 23ffe3067 PMD 19e75067 PTE 0 [ 56.233092][ T5027] Oops: 0000 [#1] PREEMPT SMP KASAN [ 56.238271][ T5027] CPU: 0 PID: 5027 Comm: syz-executor294 Not tainted 6.5.0-rc4-syzkaller-01306-g29afcd69672a #0 [ 56.248658][ T5027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 56.258697][ T5027] RIP: 0010:ovs_vport_add+0x17a/0x4c0 [ 56.264081][ T5027] Code: 89 c6 e8 39 16 78 f7 48 81 fd 00 f0 ff ff 0f 87 5b 02 00 00 e8 97 1a 78 f7 48 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 11 03 00 00 48 8d 7d 10 48 8b 75 00 48 b8 00 00 [ 56.283672][ T5027] RSP: 0018:ffffc900038f73d0 EFLAGS: 00010a06 [ 56.289719][ T5027] RAX: dffffc0000000000 RBX: ffffffff8e8df240 RCX: 0000000000000000 [ 56.297674][ T5027] RDX: 1ffffffff412f978 RSI: ffffffff8a0e0579 RDI: 0000000000000007 [ 56.305624][ T5027] RBP: ffffffffa097cbc2 R08: 0000000000000007 R09: fffffffffffff000 [ 56.313578][ T5027] R10: ffffffffa097cbc2 R11: ffffffff8a40008b R12: ffffffff8e8df270 [ 56.321534][ T5027] R13: dffffc0000000000 R14: ffffc900038f74d0 R15: ffffc900038f74d8 [ 56.329485][ T5027] FS: 0000555556e67380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 56.338401][ T5027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.344969][ T5027] CR2: fffffbfff412f978 CR3: 000000007ab37000 CR4: 00000000003506f0 [ 56.352929][ T5027] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.360882][ T5027] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.368834][ T5027] Call Trace: [ 56.372097][ T5027] [ 56.375010][ T5027] ? __die+0x1e/0x60 [ 56.378890][ T5027] ? page_fault_oops+0x398/0xad0 [ 56.383812][ T5027] ? reacquire_held_locks+0x4b0/0x4b0 [ 56.389170][ T5027] ? dump_pagetable+0x530/0x530 [ 56.394003][ T5027] ? search_extable+0x83/0xb0 [ 56.398667][ T5027] ? is_prefetch.constprop.0+0xb6/0x550 [ 56.404198][ T5027] ? __module_address+0x55/0x3b0 [ 56.409118][ T5027] ? bpf_ksym_find+0x124/0x1b0 [ 56.413869][ T5027] ? pgtable_bad+0x80/0x80 [ 56.418271][ T5027] ? fixup_exception+0x110/0xc90 [ 56.423196][ T5027] ? kernelmode_fixup_or_oops+0x23c/0x2b0 [ 56.428898][ T5027] ? __bad_area_nosemaphore+0x390/0x6a0 [ 56.434426][ T5027] ? spurious_kernel_fault+0x376/0x550 [ 56.439868][ T5027] ? do_kern_addr_fault+0x5b/0x70 [ 56.444877][ T5027] ? exc_page_fault+0xba/0xd0 [ 56.449535][ T5027] ? asm_exc_page_fault+0x26/0x30 [ 56.454547][ T5027] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.460602][ T5027] ? ovs_vport_add+0x169/0x4c0 [ 56.465349][ T5027] ? ovs_vport_add+0x17a/0x4c0 [ 56.470093][ T5027] new_vport+0x16/0x1c0 [ 56.474233][ T5027] ovs_dp_cmd_new+0x6a1/0xe70 [ 56.478896][ T5027] ? ovs_dp_cmd_get+0x350/0x350 [ 56.483732][ T5027] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x280 [ 56.491085][ T5027] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x280 [ 56.498442][ T5027] genl_family_rcv_msg_doit.isra.0+0x1ef/0x2d0 [ 56.504577][ T5027] ? genl_start+0x650/0x650 [ 56.509066][ T5027] ? ns_capable+0xd5/0x110 [ 56.513473][ T5027] genl_rcv_msg+0x559/0x800 [ 56.517963][ T5027] ? genl_family_rcv_msg_doit.isra.0+0x2d0/0x2d0 [ 56.524273][ T5027] ? ovs_dp_cmd_get+0x350/0x350 [ 56.529111][ T5027] netlink_rcv_skb+0x16b/0x440 [ 56.533870][ T5027] ? genl_family_rcv_msg_doit.isra.0+0x2d0/0x2d0 [ 56.540182][ T5027] ? netlink_ack+0x1370/0x1370 [ 56.544938][ T5027] ? down_write+0x200/0x200 [ 56.549428][ T5027] ? netlink_deliver_tap+0x1b1/0xd00 [ 56.554704][ T5027] ? reacquire_held_locks+0x4b0/0x4b0 [ 56.560066][ T5027] genl_rcv+0x28/0x40 [ 56.564030][ T5027] netlink_unicast+0x539/0x800 [ 56.568782][ T5027] ? netlink_attachskb+0x880/0x880 [ 56.573880][ T5027] ? find_vmap_area+0xf8/0x130 [ 56.578628][ T5027] ? __phys_addr_symbol+0x30/0x70 [ 56.583639][ T5027] ? __check_object_size+0x323/0x740 [ 56.588907][ T5027] netlink_sendmsg+0x93c/0xe40 [ 56.593663][ T5027] ? netlink_unicast+0x800/0x800 [ 56.598590][ T5027] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 56.603861][ T5027] ? netlink_unicast+0x800/0x800 [ 56.608787][ T5027] sock_sendmsg+0xd9/0x180 [ 56.613192][ T5027] ____sys_sendmsg+0x6ac/0x940 [ 56.617944][ T5027] ? copy_msghdr_from_user+0x10b/0x160 [ 56.623419][ T5027] ? kernel_sendmsg+0x50/0x50 [ 56.628087][ T5027] ___sys_sendmsg+0x135/0x1d0 [ 56.632754][ T5027] ? do_recvmmsg+0x740/0x740 [ 56.637345][ T5027] ? lock_sync+0x190/0x190 [ 56.641748][ T5027] ? ptrace_stop.part.0+0x4b4/0x8f0 [ 56.646929][ T5027] ? __fget_light+0x1fc/0x260 [ 56.651598][ T5027] __sys_sendmsg+0x117/0x1e0 [ 56.656176][ T5027] ? __sys_sendmsg_sock+0x30/0x30 [ 56.661196][ T5027] ? ptrace_notify+0xf4/0x130 [ 56.665856][ T5027] ? lockdep_hardirqs_on+0x7d/0x100 [ 56.671037][ T5027] ? _raw_spin_unlock_irq+0x2e/0x50 [ 56.676218][ T5027] ? ptrace_notify+0xf4/0x130 [ 56.680877][ T5027] do_syscall_64+0x38/0xb0 [ 56.685283][ T5027] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.691167][ T5027] RIP: 0033:0x7fa80bfd7569 [ 56.695561][ T5027] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 56.715152][ T5027] RSP: 002b:00007ffdf3beb468 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.723546][ T5027] RAX: ffffffffffffffda RBX: 00007ffdf3beb638 RCX: 00007fa80bfd7569 [ 56.731501][ T5027] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 56.739455][ T5027] RBP: 00007fa80c04b610 R08: 000000000000000c R09: 00007ffdf3beb638 [ 56.747408][ T5027] R10: 0000000000001004 R11: 0000000000000246 R12: 0000000000000001 [ 56.755365][ T5027] R13: 00007ffdf3beb628 R14: 0000000000000001 R15: 0000000000000001 [ 56.763322][ T5027] [ 56.766320][ T5027] Modules linked in: [ 56.770199][ T5027] CR2: fffffbfff412f978 [ 56.774334][ T5027] ---[ end trace 0000000000000000 ]--- [ 56.779765][ T5027] RIP: 0010:ovs_vport_add+0x17a/0x4c0 [ 56.785122][ T5027] Code: 89 c6 e8 39 16 78 f7 48 81 fd 00 f0 ff ff 0f 87 5b 02 00 00 e8 97 1a 78 f7 48 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 11 03 00 00 48 8d 7d 10 48 8b 75 00 48 b8 00 00 [ 56.804710][ T5027] RSP: 0018:ffffc900038f73d0 EFLAGS: 00010a06 [ 56.810764][ T5027] RAX: dffffc0000000000 RBX: ffffffff8e8df240 RCX: 0000000000000000 [ 56.818729][ T5027] RDX: 1ffffffff412f978 RSI: ffffffff8a0e0579 RDI: 0000000000000007 [ 56.826681][ T5027] RBP: ffffffffa097cbc2 R08: 0000000000000007 R09: fffffffffffff000 [ 56.834632][ T5027] R10: ffffffffa097cbc2 R11: ffffffff8a40008b R12: ffffffff8e8df270 [ 56.842585][ T5027] R13: dffffc0000000000 R14: ffffc900038f74d0 R15: ffffc900038f74d8 [ 56.850538][ T5027] FS: 0000555556e67380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 56.859454][ T5027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.866022][ T5027] CR2: fffffbfff412f978 CR3: 000000007ab37000 CR4: 00000000003506f0 [ 56.873978][ T5027] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.881934][ T5027] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.889887][ T5027] Kernel panic - not syncing: Fatal exception [ 56.896131][ T5027] Kernel Offset: disabled [ 56.900443][ T5027] Rebooting in 86400 seconds..