./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1212731236 <...> Warning: Permanently added '10.128.0.41' (ED25519) to the list of known hosts. execve("./syz-executor1212731236", ["./syz-executor1212731236"], 0x7fffd24ddc20 /* 10 vars */) = 0 brk(NULL) = 0x5555807f6000 brk(0x5555807f6d00) = 0x5555807f6d00 arch_prctl(ARCH_SET_FS, 0x5555807f6380) = 0 set_tid_address(0x5555807f6650) = 5221 set_robust_list(0x5555807f6660, 24) = 0 rseq(0x5555807f6ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1212731236", 4096) = 28 getrandom("\xa2\x2b\xb7\x1a\x91\xf3\xeb\x43", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555807f6d00 brk(0x555580817d00) = 0x555580817d00 brk(0x555580818000) = 0x555580818000 mprotect(0x7f04618a8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5222 attached [pid 5222] set_robust_list(0x5555807f6660, 24 [pid 5221] <... clone resumed>, child_tidptr=0x5555807f6650) = 5222 [pid 5222] <... set_robust_list resumed>) = 0 [pid 5222] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5222] setsid() = 1 [pid 5222] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5222] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5222] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5222] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5222] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5222] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5222] unshare(CLONE_NEWNS) = 0 [pid 5222] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5222] unshare(CLONE_NEWIPC) = 0 [pid 5222] unshare(CLONE_NEWCGROUP) = 0 [pid 5222] unshare(CLONE_NEWUTS) = 0 [pid 5222] unshare(CLONE_SYSVSEM) = 0 [pid 5222] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "16777216", 8) = 8 [pid 5222] close(3) = 0 [pid 5222] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "536870912", 9) = 9 [pid 5222] close(3) = 0 [pid 5222] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1024", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "8192", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1024", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1024", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5222] close(3) = 0 [pid 5222] getpid() = 1 [pid 5222] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5225] set_robust_list(0x5555807f6660, 24 [pid 5222] <... clone resumed>, child_tidptr=0x5555807f6650) = 2 [pid 5225] <... set_robust_list resumed>) = 0 [pid 5225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5225] setpgid(0, 0) = 0 [pid 5225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5225] write(3, "1000", 4) = 4 [pid 5225] close(3) = 0 [pid 5225] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110 executing program [pid 5225] read(200, 0x7fff7440ed60, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] write(1, "executing program\n", 18) = 18 [pid 5225] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=3, insns=0x20000140, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_STRICT_ALIGNMENT|BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ|0x20, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = 3 [pid 5225] socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) = 4 [pid 5225] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0 [pid 5225] bpf(BPF_LINK_CREATE, {link_create={prog_fd=3, target_fd=11, attach_type=BPF_XDP, flags=0}}, 64) = 5 [pid 5225] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\x01\x80\xc2\x00\x00\x00\x86\xdd\x60\x2a\x84\x35\x00\x14\x06\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x00\x00\x00\x00\x44\x43\x42\x41\x44\x43\x42\x41\x58\x00\x00\x00\x9c\x75\x00\x00\x00\x00\x00\x00\x00\x00\x95\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 73152) = 73152 [pid 5225] close(3) = 0 [pid 5225] close(4) = 0 [pid 5225] close(5) = 0 [pid 5225] close(6) = -1 EBADF (Bad file descriptor) [pid 5225] close(7) = -1 EBADF (Bad file descriptor) [pid 5225] close(8) = -1 EBADF (Bad file descriptor) [pid 5225] close(9) = -1 EBADF (Bad file descriptor) [pid 5225] close(10) = -1 EBADF (Bad file descriptor) [pid 5225] close(11) = -1 EBADF (Bad file descriptor) [pid 5225] close(12) = -1 EBADF (Bad file descriptor) [pid 5225] close(13) = -1 EBADF (Bad file descriptor) [pid 5225] close(14) = -1 EBADF (Bad file descriptor) [pid 5225] close(15) = -1 EBADF (Bad file descriptor) [pid 5225] close(16) = -1 EBADF (Bad file descriptor) [pid 5225] close(17) = -1 EBADF (Bad file descriptor) [pid 5225] close(18) = -1 EBADF (Bad file descriptor) [pid 5225] close(19) = -1 EBADF (Bad file descriptor) [pid 5225] close(20) = -1 EBADF (Bad file descriptor) [pid 5225] close(21) = -1 EBADF (Bad file descriptor) [pid 5225] close(22) = -1 EBADF (Bad file descriptor) [pid 5225] close(23) = -1 EBADF (Bad file descriptor) [pid 5225] close(24) = -1 EBADF (Bad file descriptor) [pid 5225] close(25) = -1 EBADF (Bad file descriptor) [pid 5225] close(26) = -1 EBADF (Bad file descriptor) [pid 5225] close(27) = -1 EBADF (Bad file descriptor) [pid 5225] close(28) = -1 EBADF (Bad file descriptor) [ 82.181638][ C0] ------------[ cut here ]------------ [ 82.187318][ C0] UBSAN: array-index-out-of-bounds in ./kernel/bpf/devmap.c:385:28 [ 82.195330][ C0] index 16 is out of range for type 'struct xdp_frame *[16]' [ 82.202756][ C0] CPU: 0 UID: 0 PID: 5225 Comm: syz-executor121 Not tainted 6.10.0-syzkaller-12708-g2f8c4f506285 #0 [ 82.213559][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 82.223654][ C0] Call Trace: [ 82.226964][ C0] [ 82.229834][ C0] dump_stack_lvl+0x241/0x360 [ 82.234726][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 82.239954][ C0] ? __pfx__printk+0x10/0x10 [ 82.244581][ C0] ? napi_complete_done+0x572/0x8e0 [ 82.249855][ C0] ? __pfx_napi_complete_done+0x10/0x10 [ 82.255429][ C0] __ubsan_handle_out_of_bounds+0x121/0x150 [ 82.261415][ C0] bq_xmit_all+0x157/0x11d0 [ 82.265980][ C0] ? virtnet_poll+0x2f35/0x3870 [ 82.270916][ C0] ? rcu_is_watching+0x15/0xb0 [ 82.275755][ C0] ? validate_chain+0x11e/0x5900 [ 82.280738][ C0] ? __pfx_virtnet_poll+0x10/0x10 [ 82.285789][ C0] ? validate_chain+0x11e/0x5900 [ 82.290838][ C0] ? __pfx_bq_xmit_all+0x10/0x10 [ 82.295822][ C0] ? __pfx_validate_chain+0x10/0x10 [ 82.301058][ C0] __dev_flush+0x81/0x160 [ 82.305424][ C0] xdp_do_check_flushed+0x129/0x240 [ 82.310749][ C0] __napi_poll+0xe4/0x490 [ 82.315103][ C0] net_rx_action+0x89b/0x1240 [ 82.319812][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 82.324941][ C0] ? sched_clock+0x4a/0x70 [ 82.329406][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 82.335765][ C0] handle_softirqs+0x2c4/0x970 [ 82.340569][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 82.345354][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 82.350660][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 82.355887][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 82.360496][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 82.365721][ C0] irq_exit_rcu+0x9/0x30 [ 82.369977][ C0] common_interrupt+0xaa/0xd0 [ 82.374697][ C0] [ 82.377633][ C0] [ 82.380568][ C0] asm_common_interrupt+0x26/0x40 [ 82.385649][ C0] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 [ 82.391491][ C0] Code: 90 f3 0f 1e fa 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 7a 26 b9 f5 48 89 df e8 52 69 ba f5 e8 0d 3c e4 f5 fb bf 01 00 00 00 22 35 ac f5 65 8b 05 63 2b 4d 74 85 c0 74 06 5b c3 cc cc cc cc [ 82.411206][ C0] RSP: 0018:ffffc9000347fd48 EFLAGS: 00000286 [ 82.417314][ C0] RAX: 5dae3de087a45100 RBX: ffff88801cb39bc0 RCX: ffffffff94ce1903 [ 82.425296][ C0] RDX: dffffc0000000000 RSI: ffffffff8bead5a0 RDI: 0000000000000001 [ 82.433283][ C0] RBP: ffff88807dd45f70 R08: ffffffff8ff66fef R09: 1ffffffff1fecdfd [ 82.441264][ C0] R10: dffffc0000000000 R11: fffffbfff1fecdfe R12: 1ffff1100fba8c63 [ 82.449260][ C0] R13: ffff88807dd45a00 R14: ffff88807dd46318 R15: 1ffff1100fba8b46 [ 82.457315][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 82.462550][ C0] ptrace_stop+0x414/0x930 [ 82.467096][ C0] ptrace_notify+0x255/0x380 [ 82.471714][ C0] ? __pfx_ptrace_notify+0x10/0x10 [ 82.476850][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 82.483198][ C0] ? do_syscall_64+0x100/0x230 [ 82.488018][ C0] syscall_trace_enter+0x5d/0x150 [ 82.493065][ C0] do_syscall_64+0xcc/0x230 [ 82.497635][ C0] ? clear_bhb_loop+0x35/0x90 [ 82.502349][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.508263][ C0] RIP: 0033:0x7f046182f020 [ 82.512705][ C0] Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 80 3d 81 e0 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c [ 82.532326][ C0] RSP: 002b:00007fff7440f158 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 [ 82.540757][ C0] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f046182f020 [ 82.548736][ C0] RDX: ffffffffffffffb8 RSI: 0000000020000100 RDI: 000000000000001d [ 82.556716][ C0] RBP: 00007fff7440f1a0 R08: 00007fff7440f180 R09: 00007fff7440f180 [ 82.564746][ C0] R10: 00007fff7440f180 R11: 0000000000000202 R12: 0000000000000000 [ 82.572735][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 82.580756][ C0] [ 82.583903][ C0] ---[ end trace ]--- [ 82.587912][ C0] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 82.595311][ C0] CPU: 0 UID: 0 PID: 5225 Comm: syz-executor121 Not tainted 6.10.0-syzkaller-12708-g2f8c4f506285 #0 [ 82.606096][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 82.616172][ C0] Call Trace: [ 82.619469][ C0] [ 82.622334][ C0] dump_stack_lvl+0x241/0x360 [ 82.627062][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 82.632299][ C0] ? __pfx__printk+0x10/0x10 [ 82.636909][ C0] ? vprintk_emit+0x631/0x770 [ 82.641628][ C0] ? vscnprintf+0x5d/0x90 [ 82.646002][ C0] panic+0x349/0x860 [ 82.649950][ C0] ? check_panic_on_warn+0x21/0xb0 [ 82.655115][ C0] ? __pfx_panic+0x10/0x10 [ 82.659566][ C0] ? _printk+0xd5/0x120 [ 82.663762][ C0] ? __pfx__printk+0x10/0x10 [ 82.668378][ C0] ? napi_complete_done+0x572/0x8e0 [ 82.673628][ C0] check_panic_on_warn+0x86/0xb0 [ 82.678593][ C0] __ubsan_handle_out_of_bounds+0x141/0x150 [ 82.684528][ C0] bq_xmit_all+0x157/0x11d0 [ 82.689058][ C0] ? virtnet_poll+0x2f35/0x3870 [ 82.693953][ C0] ? rcu_is_watching+0x15/0xb0 [ 82.698754][ C0] ? validate_chain+0x11e/0x5900 [ 82.703716][ C0] ? __pfx_virtnet_poll+0x10/0x10 [ 82.708765][ C0] ? validate_chain+0x11e/0x5900 [ 82.713727][ C0] ? __pfx_bq_xmit_all+0x10/0x10 [ 82.718702][ C0] ? __pfx_validate_chain+0x10/0x10 [ 82.723950][ C0] __dev_flush+0x81/0x160 [ 82.728322][ C0] xdp_do_check_flushed+0x129/0x240 [ 82.733594][ C0] __napi_poll+0xe4/0x490 [ 82.737957][ C0] net_rx_action+0x89b/0x1240 [ 82.742688][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 82.747836][ C0] ? sched_clock+0x4a/0x70 [ 82.752295][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 82.758675][ C0] handle_softirqs+0x2c4/0x970 [ 82.763488][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 82.768290][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 82.773612][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 82.778846][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 82.783474][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 82.788720][ C0] irq_exit_rcu+0x9/0x30 [ 82.792994][ C0] common_interrupt+0xaa/0xd0 [ 82.797723][ C0] [ 82.800666][ C0] [ 82.803615][ C0] asm_common_interrupt+0x26/0x40 [ 82.808670][ C0] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 [ 82.814517][ C0] Code: 90 f3 0f 1e fa 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 7a 26 b9 f5 48 89 df e8 52 69 ba f5 e8 0d 3c e4 f5 fb bf 01 00 00 00 22 35 ac f5 65 8b 05 63 2b 4d 74 85 c0 74 06 5b c3 cc cc cc cc [ 82.834169][ C0] RSP: 0018:ffffc9000347fd48 EFLAGS: 00000286 [ 82.840273][ C0] RAX: 5dae3de087a45100 RBX: ffff88801cb39bc0 RCX: ffffffff94ce1903 [ 82.848270][ C0] RDX: dffffc0000000000 RSI: ffffffff8bead5a0 RDI: 0000000000000001 [ 82.856352][ C0] RBP: ffff88807dd45f70 R08: ffffffff8ff66fef R09: 1ffffffff1fecdfd [ 82.864331][ C0] R10: dffffc0000000000 R11: fffffbfff1fecdfe R12: 1ffff1100fba8c63 [ 82.872312][ C0] R13: ffff88807dd45a00 R14: ffff88807dd46318 R15: 1ffff1100fba8b46 [ 82.880310][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 82.885539][ C0] ptrace_stop+0x414/0x930 [ 82.889983][ C0] ptrace_notify+0x255/0x380 [ 82.894594][ C0] ? __pfx_ptrace_notify+0x10/0x10 [ 82.899723][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 82.906068][ C0] ? do_syscall_64+0x100/0x230 [ 82.910849][ C0] syscall_trace_enter+0x5d/0x150 [ 82.915883][ C0] do_syscall_64+0xcc/0x230 [ 82.920402][ C0] ? clear_bhb_loop+0x35/0x90 [ 82.925097][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.931009][ C0] RIP: 0033:0x7f046182f020 [ 82.935434][ C0] Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 80 3d 81 e0 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c [ 82.955059][ C0] RSP: 002b:00007fff7440f158 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 [ 82.963495][ C0] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f046182f020 [ 82.971488][ C0] RDX: ffffffffffffffb8 RSI: 0000000020000100 RDI: 000000000000001d [ 82.979474][ C0] RBP: 00007fff7440f1a0 R08: 00007fff7440f180 R09: 00007fff7440f180 [ 82.987460][ C0] R10: 00007fff7440f180 R11: 0000000000000202 R12: 0000000000000000 [ 82.995439][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 83.003431][ C0] [ 83.006592][ C0] Kernel Offset: disabled [ 83.010962][ C0] Rebooting in 86400 seconds..