./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2327467232

<...>
[   46.643381][    C1] net_ratelimit: 91 callbacks suppressed
[   46.643396][    C1] eth0: bad gso: type: 1, size: 1408
[   46.656183][    C1] eth0: bad gso: type: 1, size: 1408
[   46.661532][    C1] eth0: bad gso: type: 1, size: 1408
[   46.667315][    C1] eth0: bad gso: type: 1, size: 1408
[   46.674181][    C1] eth0: bad gso: type: 1, size: 1408
[   46.682966][    C1] eth0: bad gso: type: 1, size: 1408
[   46.688641][    C1] eth0: bad gso: type: 1, size: 1408
[   46.893382][    C1] eth0: bad gso: type: 1, size: 1408
[   46.899303][    C1] eth0: bad gso: type: 1, size: 1408
Warning: Permanently added '10.128.1.7' (ED25519) to the list of known hosts.
execve("./syz-executor2327467232", ["./syz-executor2327467232"], 0x7fff137376e0 /* 10 vars */) = 0
brk(NULL)                               = 0x555580e9c000
brk(0x555580e9cd00)                     = 0x555580e9cd00
arch_prctl(ARCH_SET_FS, 0x555580e9c380) = 0
set_tid_address(0x555580e9c650)         = 5096
set_robust_list(0x555580e9c660, 24)     = 0
rseq(0x555580e9cca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2327467232", 4096) = 28
getrandom("\x8c\x8b\x34\x88\x0a\x30\xf6\xe1", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555580e9cd00
brk(0x555580ebdd00)                     = 0x555580ebdd00
brk(0x555580ebe000)                     = 0x555580ebe000
mprotect(0x7f708ec5a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9c650) = 5097
./strace-static-x86_64: Process 5097 attached
[pid  5097] set_robust_list(0x555580e9c660, 24) = 0
[pid  5097] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5097] setsid()                    = 1
[pid  5097] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5097] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5097] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5097] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5097] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5097] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5097] unshare(CLONE_NEWNS)        = 0
[pid  5097] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5097] unshare(CLONE_NEWIPC)       = 0
[pid  5097] unshare(CLONE_NEWCGROUP)    = 0
[pid  5097] unshare(CLONE_NEWUTS)       = 0
[pid  5097] unshare(CLONE_SYSVSEM)      = 0
[pid  5097] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5097] write(3, "16777216", 8)     = 8
[pid  5097] close(3)                    = 0
[pid  5097] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5097] write(3, "536870912", 9)    = 9
[pid  5097] close(3)                    = 0
[pid  5097] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5097] write(3, "1024", 4)         = 4
[pid  5097] close(3)                    = 0
[pid  5097] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5097] write(3, "8192", 4)         = 4
[pid  5097] close(3)                    = 0
[pid  5097] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5097] write(3, "1024", 4)         = 4
[pid  5097] close(3)                    = 0
[pid  5097] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5097] write(3, "1024", 4)         = 4
[pid  5097] close(3)                    = 0
[pid  5097] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5097] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5097] close(3)                    = 0
[pid  5097] getpid()                    = 1
[pid  5097] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5097] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5097] unshare(CLONE_NEWNET)       = 0
[pid  5097] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5097] write(3, "0 65535", 7)      = 7
[pid  5097] close(3)                    = 0
[pid  5097] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid  5097] dup2(3, 200)                = 200
[pid  5097] close(3)                    = 0
[pid  5097] ioctl(200, TUNSETIFF, 0x7ffd97b2a8e0) = 0
[pid  5097] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid  5097] write(3, "0", 1)            = 1
[pid  5097] close(3)                    = 0
[pid  5097] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid  5097] write(3, "0", 1)            = 1
[pid  5097] close(3)                    = 0
[pid  5097] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  5097] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5097] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5097] close(4)                    = 0
[pid  5097] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5097] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5097] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5097] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5097] close(4)                    = 0
[pid  5097] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5097] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5097] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5097] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5097] close(4)                    = 0
[pid  5097] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid  5097] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5097] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5097] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5097] close(4)                    = 0
[pid  5097] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid  5097] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5097] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5097] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5097] close(4)                    = 0
[pid  5097] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid  5097] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5097] close(3)                    = 0
[pid  5097] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5097] write(3, "100000", 6)       = 6
[pid  5097] close(3)                    = 0
[pid  5097] mkdir("./syz-tmp", 0777)    = 0
[pid  5097] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5097] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5097] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5097] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5097] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5097] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5097] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5097] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5097] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5097] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5097] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5097] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5097] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5097] chdir("/")                  = 0
[pid  5097] umount2("./pivot", MNT_DETACH) = 0
[pid  5097] chroot("./newroot")         = 0
[pid  5097] chdir("/")                  = 0
[pid  5097] mkdir("/dev/binderfs", 0777) = 0
[pid  5097] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5097] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5097] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5100 attached
, child_tidptr=0x555580e9c650) = 2
[pid  5100] set_robust_list(0x555580e9c660, 24) = 0
[pid  5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5100] setpgid(0, 0)               = 0
[pid  5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5100] write(3, "1000", 4)         = 4
[pid  5100] close(3)                    = 0
[pid  5100] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid  5100] read(200, 0x7ffd97b2a480, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid  5100] write(1, "executing program\n", 18executing program
) = 18
[pid  5100] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = 3
[pid  5100] socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) = 4
[pid  5100] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5100] bpf(BPF_LINK_CREATE, {link_create={prog_fd=3, target_fd=11, attach_type=BPF_XDP, flags=0x2}}, 64) = 5
[pid  5100] write(200, "\x18\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x6b\x79\x00\x95\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 54) = 54
[pid  5100] close(3)                    = 0
[pid  5100] close(4)                    = 0
[pid  5100] close(5)                    = 0
[pid  5100] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5100] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5100] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5100] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5100] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5100] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5100] exit_group(0)               = ?
[pid  5100] +++ exited with 0 +++
[pid  5097] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[pid  5097] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5097] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5101 attached
, child_tidptr=0x555580e9c650) = 3
[pid  5101] set_robust_list(0x555580e9c660, 24) = 0
[pid  5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5101] setpgid(0, 0)               = 0
[pid  5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5101] write(3, "1000", 4)         = 4
[pid  5101] close(3)                    = 0
[pid  5101] read(200, 0x7ffd97b2a480, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid  5101] write(1, "executing program\n", 18executing program
) = 18
[pid  5101] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = 3
[pid  5101] socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) = 4
[pid  5101] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5101] bpf(BPF_LINK_CREATE, {link_create={prog_fd=3, target_fd=11, attach_type=BPF_XDP, flags=0x2}}, 64) = 5
[pid  5101] write(200, "\x18\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x6b\x79\x00\x95\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 54) = 54
[pid  5101] close(3)                    = 0
[pid  5101] close(4)                    = 0
[pid  5101] close(5)                    = 0
[pid  5101] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5101] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5101] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5101] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5101] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5101] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5101] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5101] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5101] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5101] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5101] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5101] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5101] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5101] close(19)                   = -1 EBADF (Bad file descriptor)
[   58.438979][    C1] ------------[ cut here ]------------
[   58.444543][    C1] UBSAN: array-index-out-of-bounds in ./kernel/bpf/devmap.c:385:28
[   58.452496][    C1] index 16 is out of range for type 'struct xdp_frame *[16]'
[   58.459890][    C1] CPU: 1 UID: 0 PID: 5101 Comm: syz-executor232 Not tainted 6.10.0-next-20240718-syzkaller #0
[   58.470143][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   58.480219][    C1] Call Trace:
[   58.483506][    C1]  <IRQ>
[   58.486350][    C1]  dump_stack_lvl+0x241/0x360
[   58.491071][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[   58.496284][    C1]  ? __pfx__printk+0x10/0x10
[   58.500886][    C1]  ? napi_complete_done+0x572/0x8e0
[   58.506100][    C1]  ? __pfx_napi_complete_done+0x10/0x10
[   58.511660][    C1]  __ubsan_handle_out_of_bounds+0x121/0x150
[   58.517575][    C1]  ? __lock_acquire+0x1fe0/0x2050
[   58.522613][    C1]  bq_xmit_all+0x157/0x11d0
[   58.527128][    C1]  ? virtnet_poll+0x2f35/0x3870
[   58.531997][    C1]  ? lock_release+0x28/0xa30
[   58.536594][    C1]  ? trace_pelt_se_tp+0x3d/0x140
[   58.541548][    C1]  ? validate_chain+0x11e/0x5920
[   58.546493][    C1]  ? __pfx_virtnet_poll+0x10/0x10
[   58.551517][    C1]  ? validate_chain+0x11e/0x5920
[   58.556458][    C1]  ? __pfx_bq_xmit_all+0x10/0x10
[   58.561418][    C1]  ? mark_lock+0x9a/0x360
[   58.565759][    C1]  ? __pfx_lock_release+0x10/0x10
[   58.570794][    C1]  __dev_flush+0x81/0x160
[   58.575139][    C1]  xdp_do_check_flushed+0x129/0x240
[   58.580354][    C1]  __napi_poll+0xe4/0x490
[   58.584698][    C1]  net_rx_action+0x89b/0x1240
[   58.589407][    C1]  ? __pfx_net_rx_action+0x10/0x10
[   58.594546][    C1]  ? sched_clock+0x4a/0x70
[   58.598993][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   58.605344][    C1]  handle_softirqs+0x2c4/0x970
[   58.610129][    C1]  ? __irq_exit_rcu+0xf4/0x1c0
[   58.614908][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[   58.620208][    C1]  ? irqtime_account_irq+0xd4/0x1e0
[   58.625422][    C1]  __irq_exit_rcu+0xf4/0x1c0
[   58.630022][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[   58.635239][    C1]  irq_exit_rcu+0x9/0x30
[   58.639489][    C1]  common_interrupt+0xaa/0xd0
[   58.644172][    C1]  </IRQ>
[   58.647103][    C1]  <TASK>
[   58.650041][    C1]  asm_common_interrupt+0x26/0x40
[   58.655077][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140
[   58.661594][    C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 ce cf 5c f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> c3 69 c4 f5 65 8b 05 04 5f 65 74 85 c0 74 43 48 c7 04 24 0e 36
[   58.681217][    C1] RSP: 0018:ffffc9000369fb60 EFLAGS: 00000206
[   58.687295][    C1] RAX: 3e45100d05912800 RBX: 1ffff920006d3f70 RCX: ffffffff817023ea
[   58.695270][    C1] RDX: dffffc0000000000 RSI: ffffffff8bcad5c0 RDI: 0000000000000001
[   58.703244][    C1] RBP: ffffc9000369fbf0 R08: ffffffff9300f817 R09: 1ffffffff2601f02
[   58.711216][    C1] R10: dffffc0000000000 R11: fffffbfff2601f03 R12: dffffc0000000000
[   58.719192][    C1] R13: 1ffff920006d3f6c R14: ffffc9000369fb80 R15: 0000000000000246
[   58.727178][    C1]  ? mark_lock+0x9a/0x360
[   58.731531][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   58.737867][    C1]  ? __wake_up_common_lock+0x18c/0x1e0
[   58.743348][    C1]  do_notify_parent_cldstop+0x9ab/0xb50
[   58.748913][    C1]  ? __pfx_do_notify_parent_cldstop+0x10/0x10
[   58.755011][    C1]  ptrace_stop+0x465/0x940
[   58.759442][    C1]  ptrace_notify+0x255/0x380
[   58.764043][    C1]  ? __pfx_ptrace_notify+0x10/0x10
[   58.769167][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   58.775508][    C1]  ? do_syscall_64+0x100/0x230
[   58.780290][    C1]  syscall_trace_enter+0x5d/0x150
[   58.785323][    C1]  do_syscall_64+0xcc/0x230
[   58.789838][    C1]  ? clear_bhb_loop+0x35/0x90
[   58.794526][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.800425][    C1] RIP: 0033:0x7f708ebe0e20
[   58.804848][    C1] Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 80 3d 81 e2 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c
[   58.824458][    C1] RSP: 002b:00007ffd97b2a878 EFLAGS: 00000202 ORIG_RAX: 0000000000000003
[   58.832878][    C1] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 00007f708ebe0e20
[   58.840849][    C1] RDX: ffffffffffffffb8 RSI: 0000000020000240 RDI: 0000000000000014
[   58.848834][    C1] RBP: 0000000000000000 R08: 00007ffd97b2a9a8 R09: 00007ffd97b2a9a8
[   58.856819][    C1] R10: 00007ffd97b2a9a8 R11: 0000000000000202 R12: 0000000000000000
[   58.864795][    C1] R13: 0000000000000000 R14: 00007ffd97b2a8b0 R15: 00007ffd97b2a8a0
[   58.872792][    C1]  </TASK>
[   58.875941][    C1] ---[ end trace ]---
[   58.879928][    C1] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[   58.887125][    C1] CPU: 1 UID: 0 PID: 5101 Comm: syz-executor232 Not tainted 6.10.0-next-20240718-syzkaller #0
[   58.897368][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   58.907426][    C1] Call Trace:
[   58.910705][    C1]  <IRQ>
[   58.913550][    C1]  dump_stack_lvl+0x241/0x360
[   58.918245][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[   58.923457][    C1]  ? __pfx__printk+0x10/0x10
[   58.928065][    C1]  ? vscnprintf+0x5d/0x90
[   58.932398][    C1]  panic+0x349/0x870
[   58.936307][    C1]  ? check_panic_on_warn+0x21/0xb0
[   58.941428][    C1]  ? __pfx_panic+0x10/0x10
[   58.945851][    C1]  ? _printk+0xd5/0x120
[   58.950024][    C1]  ? __pfx__printk+0x10/0x10
[   58.954625][    C1]  ? napi_complete_done+0x572/0x8e0
[   58.959837][    C1]  check_panic_on_warn+0x86/0xb0
[   58.964792][    C1]  __ubsan_handle_out_of_bounds+0x141/0x150
[   58.970700][    C1]  ? __lock_acquire+0x1fe0/0x2050
[   58.975733][    C1]  bq_xmit_all+0x157/0x11d0
[   58.980243][    C1]  ? virtnet_poll+0x2f35/0x3870
[   58.985111][    C1]  ? lock_release+0x28/0xa30
[   58.989713][    C1]  ? trace_pelt_se_tp+0x3d/0x140
[   58.994665][    C1]  ? validate_chain+0x11e/0x5920
[   58.999605][    C1]  ? __pfx_virtnet_poll+0x10/0x10
[   59.004630][    C1]  ? validate_chain+0x11e/0x5920
[   59.009569][    C1]  ? __pfx_bq_xmit_all+0x10/0x10
[   59.014526][    C1]  ? mark_lock+0x9a/0x360
[   59.018868][    C1]  ? __pfx_lock_release+0x10/0x10
[   59.023904][    C1]  __dev_flush+0x81/0x160
[   59.028246][    C1]  xdp_do_check_flushed+0x129/0x240
[   59.033458][    C1]  __napi_poll+0xe4/0x490
[   59.037799][    C1]  net_rx_action+0x89b/0x1240
[   59.042508][    C1]  ? __pfx_net_rx_action+0x10/0x10
[   59.047633][    C1]  ? sched_clock+0x4a/0x70
[   59.052071][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   59.058417][    C1]  handle_softirqs+0x2c4/0x970
[   59.063196][    C1]  ? __irq_exit_rcu+0xf4/0x1c0
[   59.067972][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[   59.073268][    C1]  ? irqtime_account_irq+0xd4/0x1e0
[   59.078478][    C1]  __irq_exit_rcu+0xf4/0x1c0
[   59.083076][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[   59.088291][    C1]  irq_exit_rcu+0x9/0x30
[   59.092539][    C1]  common_interrupt+0xaa/0xd0
[   59.097223][    C1]  </IRQ>
[   59.100153][    C1]  <TASK>
[   59.103087][    C1]  asm_common_interrupt+0x26/0x40
[   59.108120][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140
[   59.114626][    C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 ce cf 5c f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> c3 69 c4 f5 65 8b 05 04 5f 65 74 85 c0 74 43 48 c7 04 24 0e 36
[   59.134239][    C1] RSP: 0018:ffffc9000369fb60 EFLAGS: 00000206
[   59.140329][    C1] RAX: 3e45100d05912800 RBX: 1ffff920006d3f70 RCX: ffffffff817023ea
[   59.148314][    C1] RDX: dffffc0000000000 RSI: ffffffff8bcad5c0 RDI: 0000000000000001
[   59.156289][    C1] RBP: ffffc9000369fbf0 R08: ffffffff9300f817 R09: 1ffffffff2601f02
[   59.164265][    C1] R10: dffffc0000000000 R11: fffffbfff2601f03 R12: dffffc0000000000
[   59.172236][    C1] R13: 1ffff920006d3f6c R14: ffffc9000369fb80 R15: 0000000000000246
[   59.180221][    C1]  ? mark_lock+0x9a/0x360
[   59.184577][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   59.190913][    C1]  ? __wake_up_common_lock+0x18c/0x1e0
[   59.196389][    C1]  do_notify_parent_cldstop+0x9ab/0xb50
[   59.201947][    C1]  ? __pfx_do_notify_parent_cldstop+0x10/0x10
[   59.208044][    C1]  ptrace_stop+0x465/0x940
[   59.212479][    C1]  ptrace_notify+0x255/0x380
[   59.217078][    C1]  ? __pfx_ptrace_notify+0x10/0x10
[   59.222202][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   59.228540][    C1]  ? do_syscall_64+0x100/0x230
[   59.233323][    C1]  syscall_trace_enter+0x5d/0x150
[   59.238356][    C1]  do_syscall_64+0xcc/0x230
[   59.242874][    C1]  ? clear_bhb_loop+0x35/0x90
[   59.247559][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.253458][    C1] RIP: 0033:0x7f708ebe0e20
[   59.257872][    C1] Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 80 3d 81 e2 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c
[   59.277478][    C1] RSP: 002b:00007ffd97b2a878 EFLAGS: 00000202 ORIG_RAX: 0000000000000003
[   59.285898][    C1] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 00007f708ebe0e20
[   59.293870][    C1] RDX: ffffffffffffffb8 RSI: 0000000020000240 RDI: 0000000000000014
[   59.301844][    C1] RBP: 0000000000000000 R08: 00007ffd97b2a9a8 R09: 00007ffd97b2a9a8
[   59.309814][    C1] R10: 00007ffd97b2a9a8 R11: 0000000000000202 R12: 0000000000000000
[   59.317790][    C1] R13: 0000000000000000 R14: 00007ffd97b2a8b0 R15: 00007ffd97b2a8a0
[   59.325778][    C1]  </TASK>
[   59.328996][    C1] Kernel Offset: disabled
[   59.333330][    C1] Rebooting in 86400 seconds..