./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4153101624 <...> DUID 00:04:64:fe:60:40:6b:21:45:e2:2b:76:87:02:d2:43:fb:60 forked to background, child pid 4671 [ 49.463547][ T4672] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.473900][ T4672] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.177' (ECDSA) to the list of known hosts. execve("./syz-executor4153101624", ["./syz-executor4153101624"], 0x7ffd60c69870 /* 10 vars */) = 0 brk(NULL) = 0x555555ba9000 brk(0x555555ba9c40) = 0x555555ba9c40 arch_prctl(ARCH_SET_FS, 0x555555ba9300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555ba95d0) = 5013 set_robust_list(0x555555ba95e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f8d651533a0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f8d65153a70}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f8d65153440, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8d65153a70}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4153101624", 4096) = 28 brk(0x555555bcac40) = 0x555555bcac40 brk(0x555555bcb000) = 0x555555bcb000 mprotect(0x7f8d65213000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5014 attached , child_tidptr=0x555555ba95d0) = 5014 [pid 5014] set_robust_list(0x555555ba95e0, 24) = 0 [pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5014] setpgid(0, 0) = 0 [pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5014] write(3, "1000", 4) = 4 [pid 5014] close(3) = 0 [pid 5014] futex(0x7f8d6521940c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8d65123000 [pid 5014] mprotect(0x7f8d65124000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5014] clone(child_stack=0x7f8d651433f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5015 attached , parent_tid=[5015], tls=0x7f8d65143700, child_tidptr=0x7f8d651439d0) = 5015 [pid 5014] futex(0x7f8d65219408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f8d6521940c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] set_robust_list(0x7f8d651439e0, 24) = 0 [pid 5015] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5015] futex(0x7f8d6521940c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f8d65219408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f8d6521940c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5014] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5014] futex(0x7f8d6521940c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5014] futex(0x7f8d6521941c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8d65102000 [pid 5014] mprotect(0x7f8d65103000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5014] clone(child_stack=0x7f8d651223f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5016 attached , parent_tid=[5016], tls=0x7f8d65122700, child_tidptr=0x7f8d651229d0) = 5016 [pid 5014] futex(0x7f8d65219418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f8d6521941c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] set_robust_list(0x7f8d651229e0, 24) = 0 [pid 5016] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5016] futex(0x7f8d6521941c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f8d65219418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f8d6521941c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] bind(4, {sa_family=AF_ALG, salg_type="skcipher", salg_feat=0, salg_mask=0, salg_name="ecb-serpent-avx2"}, 88 [pid 5014] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5014] futex(0x7f8d6521942c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8d650e1000 [pid 5014] mprotect(0x7f8d650e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5014] clone(child_stack=0x7f8d651013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5018], tls=0x7f8d65101700, child_tidptr=0x7f8d651019d0) = 5018 [pid 5014] futex(0x7f8d65219428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f8d6521942c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5018 attached [pid 5018] set_robust_list(0x7f8d651019e0, 24) = 0 [pid 5018] setsockopt(4, SOL_ALG, ALG_SET_KEY, NULL, 0) = -1 ENOPROTOOPT (Protocol not available) [pid 5018] futex(0x7f8d6521942c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f8d65219428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f8d6521942c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] <... futex resumed>) = 1 [pid 5018] accept(4, NULL, NULL) = -1 EINVAL (Invalid argument) [pid 5018] futex(0x7f8d6521942c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f8d65219428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f8d6521942c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] recvmmsg(-1, 0x200005c0, 43264, 0, NULL) = -1 EBADF (Bad file descriptor) [pid 5018] futex(0x7f8d6521942c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f8d65219428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f8d6521942c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] sendfile(-1, 3, [7], 4294967295) = -1 EBADF (Bad file descriptor) [pid 5018] futex(0x7f8d6521942c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5018] futex(0x7f8d65219428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5016] <... bind resumed>) = 0 [pid 5016] futex(0x7f8d6521941c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] futex(0x7f8d65219418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5014] exit_group(0 [pid 5018] <... futex resumed>) = ? [pid 5016] <... futex resumed>) = ? [pid 5015] <... write resumed>) = ? [pid 5014] <... exit_group resumed>) = ? [pid 5015] +++ exited with 0 +++ [pid 5018] +++ exited with 0 +++ [pid 5016] +++ exited with 0 +++ [pid 5014] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5014, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5021 attached , child_tidptr=0x555555ba95d0) = 5021 [pid 5021] set_robust_list(0x555555ba95e0, 24) = 0 [pid 5021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5021] setpgid(0, 0) = 0 [pid 5021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5021] write(3, "1000", 4) = 4 [pid 5021] close(3) = 0 [pid 5021] futex(0x7f8d6521940c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8d65123000 [pid 5021] mprotect(0x7f8d65124000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5021] clone(child_stack=0x7f8d651433f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5022 attached , parent_tid=[5022], tls=0x7f8d65143700, child_tidptr=0x7f8d651439d0) = 5022 [pid 5021] futex(0x7f8d65219408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f8d6521940c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] set_robust_list(0x7f8d651439e0, 24) = 0 [pid 5022] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5021] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5021] futex(0x7f8d6521941c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8d65102000 [pid 5021] mprotect(0x7f8d65103000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5021] clone(child_stack=0x7f8d651223f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5023 attached , parent_tid=[5023], tls=0x7f8d65122700, child_tidptr=0x7f8d651229d0) = 5023 [pid 5023] set_robust_list(0x7f8d651229e0, 24) = 0 [pid 5023] futex(0x7f8d65219418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5021] futex(0x7f8d65219418, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5023] <... futex resumed>) = 0 [pid 5023] write(-1, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 5023] futex(0x7f8d6521941c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] futex(0x7f8d6521941c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... futex resumed>) = 0 [pid 5021] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5023] futex(0x7f8d65219418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5021] futex(0x7f8d65219418, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... futex resumed>) = 0 [pid 5021] <... futex resumed>) = 1 [pid 5021] futex(0x7f8d6521941c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5023] futex(0x7f8d6521941c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5021] <... futex resumed>) = 0 [pid 5023] bind(4, {sa_family=AF_ALG, salg_type="skcipher", salg_feat=0, salg_mask=0, salg_name="ecb-serpent-avx2"}, 88 [pid 5021] futex(0x7f8d65219418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f8d6521941c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... bind resumed>) = 0 [pid 5023] futex(0x7f8d6521941c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5021] <... futex resumed>) = 0 [pid 5023] futex(0x7f8d65219418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5021] futex(0x7f8d65219418, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5021] <... futex resumed>) = 0 [pid 5023] setsockopt(4, SOL_ALG, ALG_SET_KEY, NULL, 0 [pid 5021] futex(0x7f8d6521941c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... setsockopt resumed>) = 0 [pid 5023] futex(0x7f8d6521941c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5021] <... futex resumed>) = 0 [pid 5023] accept(4, NULL, NULL [pid 5021] futex(0x7f8d65219418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f8d6521941c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... accept resumed>) = 5 [pid 5023] futex(0x7f8d6521941c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5021] <... futex resumed>) = 0 [pid 5023] recvmmsg(5, [pid 5021] futex(0x7f8d65219418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f8d6521941c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5021] futex(0x7f8d6521942c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8d650e1000 [pid 5021] mprotect(0x7f8d650e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5021] clone(child_stack=0x7f8d651013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5024 attached , parent_tid=[5024], tls=0x7f8d65101700, child_tidptr=0x7f8d651019d0) = 5024 [pid 5024] set_robust_list(0x7f8d651019e0, 24) = 0 [pid 5024] futex(0x7f8d65219428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5021] futex(0x7f8d65219428, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5024] <... futex resumed>) = 0 [pid 5024] sendfile(5, -1, [7], 4294967295) = -1 EBADF (Bad file descriptor) [pid 5024] futex(0x7f8d6521942c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7f8d65219428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5021] futex(0x7f8d6521942c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5022] <... openat resumed>) = 3 [pid 5022] futex(0x7f8d6521940c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7f8d65219408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5021] exit_group(0) = ? [pid 5024] <... futex resumed>) = ? [pid 5023] <... recvmmsg resumed> ) = ? [pid 5022] <... futex resumed>) = ? [pid 5024] +++ exited with 0 +++ [pid 5023] +++ exited with 0 +++ [pid 5022] +++ exited with 0 +++ [pid 5021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5021, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba95d0) = 5025 ./strace-static-x86_64: Process 5025 attached [pid 5025] set_robust_list(0x555555ba95e0, 24) = 0 [pid 5025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5025] setpgid(0, 0) = 0 [pid 5025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5025] write(3, "1000", 4) = 4 [pid 5025] close(3) = 0 [pid 5025] futex(0x7f8d6521940c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8d65123000 [pid 5025] mprotect(0x7f8d65124000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5025] clone(child_stack=0x7f8d651433f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5026], tls=0x7f8d65143700, child_tidptr=0x7f8d651439d0) = 5026 [pid 5025] futex(0x7f8d65219408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f8d6521940c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5026 attached [pid 5026] set_robust_list(0x7f8d651439e0, 24) = 0 [pid 5026] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5026] futex(0x7f8d6521940c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... futex resumed>) = 0 [pid 5025] futex(0x7f8d65219408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f8d6521940c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] <... futex resumed>) = 1 [pid 5026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5025] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5025] futex(0x7f8d6521940c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5025] futex(0x7f8d6521941c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8d65102000 [pid 5025] mprotect(0x7f8d65103000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5025] clone(child_stack=0x7f8d651223f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5027], tls=0x7f8d65122700, child_tidptr=0x7f8d651229d0) = 5027 ./strace-static-x86_64: Process 5027 attached [pid 5025] futex(0x7f8d65219418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f8d6521941c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] set_robust_list(0x7f8d651229e0, 24) = 0 [pid 5027] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5027] futex(0x7f8d6521941c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] <... futex resumed>) = 0 [pid 5025] futex(0x7f8d65219418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f8d6521941c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] bind(4, {sa_family=AF_ALG, salg_type="skcipher", salg_feat=0, salg_mask=0, salg_name="ecb-serpent-avx2"}, 88) = 0 [pid 5027] futex(0x7f8d6521941c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] <... futex resumed>) = 0 [pid 5025] futex(0x7f8d65219418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f8d6521941c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] setsockopt(4, SOL_ALG, ALG_SET_KEY, NULL, 0) = 0 [pid 5027] futex(0x7f8d6521941c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] <... futex resumed>) = 0 [pid 5025] futex(0x7f8d65219418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f8d6521941c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] accept(4, NULL, NULL) = 5 [pid 5027] futex(0x7f8d6521941c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] <... futex resumed>) = 0 [pid 5027] recvmmsg(5, [pid 5025] futex(0x7f8d65219418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f8d6521941c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5025] futex(0x7f8d6521941c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5025] futex(0x7f8d6521942c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8d650e1000 [pid 5025] mprotect(0x7f8d650e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5025] clone(child_stack=0x7f8d651013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5028 attached , parent_tid=[5028], tls=0x7f8d65101700, child_tidptr=0x7f8d651019d0) = 5028 [pid 5025] futex(0x7f8d65219428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f8d6521942c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] set_robust_list(0x7f8d651019e0, 24) = 0 syzkaller login: [ 81.077883][ T5028] ================================================================== [ 81.086363][ T5028] BUG: KASAN: slab-out-of-bounds in extract_iter_to_sg+0x17a6/0x1960 [ 81.094522][ T5028] Read of size 8 at addr ffff88807e016ff8 by task syz-executor415/5028 [ 81.102806][ T5028] [ 81.105156][ T5028] CPU: 1 PID: 5028 Comm: syz-executor415 Not tainted 6.4.0-rc5-syzkaller-00915-ge7c5433c5aaa #0 [ 81.115789][ T5028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 81.125882][ T5028] Call Trace: [ 81.129197][ T5028] [ 81.132173][ T5028] dump_stack_lvl+0xd9/0x150 [ 81.136827][ T5028] print_address_description.constprop.0+0x2c/0x3c0 [ 81.143492][ T5028] ? extract_iter_to_sg+0x17a6/0x1960 [ 81.148945][ T5028] kasan_report+0x11c/0x130 [ 81.153523][ T5028] ? extract_iter_to_sg+0x17a6/0x1960 [ 81.158970][ T5028] extract_iter_to_sg+0x17a6/0x1960 [ 81.164255][ T5028] ? sg_init_one+0x140/0x140 [ 81.168916][ T5028] ? af_alg_sendmsg+0x310/0x2990 [pid 5028] sendfile(5, 3, [7] [pid 5025] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5025] futex(0x7f8d6521942c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 81.173910][ T5028] ? lock_downgrade+0x690/0x690 [ 81.178823][ T5028] ? mark_held_locks+0x9f/0xe0 [ 81.183673][ T5028] ? __local_bh_enable_ip+0xa4/0x130 [ 81.189369][ T5028] af_alg_sendmsg+0x1917/0x2990 [ 81.194283][ T5028] ? aa_sk_perm+0x31d/0xb10 [ 81.198834][ T5028] ? af_alg_pull_tsgl+0xc50/0xc50 [ 81.203922][ T5028] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 81.209257][ T5028] ? hash_sendpage_nokey+0xa0/0xa0 [ 81.214426][ T5028] sock_sendmsg+0xde/0x190 [ 81.218895][ T5028] splice_to_socket+0x954/0xe30 [pid 5025] exit_group(0) = ? [pid 5026] <... write resumed>) = ? [pid 5026] +++ exited with 0 +++ [ 81.223805][ T5028] ? splice_from_pipe+0x140/0x140 [ 81.228914][ T5028] ? security_file_permission+0xaf/0xd0 [ 81.234529][ T5028] ? splice_from_pipe+0x140/0x140 [ 81.239613][ T5028] direct_splice_actor+0x114/0x180 [ 81.244888][ T5028] splice_direct_to_actor+0x34a/0x9c0 [ 81.250321][ T5028] ? folio_flags.constprop.0+0x150/0x150 [ 81.255987][ T5028] ? direct_splice_actor+0x180/0x180 [ 81.261391][ T5028] ? bpf_lsm_file_permission+0x9/0x10 [ 81.266790][ T5028] ? security_file_permission+0xaf/0xd0 [ 81.272354][ T5028] do_splice_direct+0x1ad/0x280 [ 81.277232][ T5028] ? splice_direct_to_actor+0x9c0/0x9c0 [ 81.282819][ T5028] ? propagate_umount+0x19f0/0x19f0 [ 81.288054][ T5028] ? bpf_lsm_file_permission+0x9/0x10 [ 81.293479][ T5028] ? security_file_permission+0xaf/0xd0 [ 81.299063][ T5028] do_sendfile+0xb19/0x12c0 [ 81.303598][ T5028] ? vfs_iocb_iter_write+0x480/0x480 [ 81.308913][ T5028] __x64_sys_sendfile64+0x14d/0x210 [ 81.314123][ T5028] ? __ia32_sys_sendfile+0x220/0x220 [ 81.319417][ T5028] ? lockdep_hardirqs_on+0x7d/0x100 [ 81.324644][ T5028] ? _raw_spin_unlock_irq+0x2e/0x50 [ 81.329865][ T5028] ? ptrace_notify+0xfe/0x140 [ 81.334560][ T5028] do_syscall_64+0x39/0xb0 [ 81.338984][ T5028] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.344910][ T5028] RIP: 0033:0x7f8d65191a89 [ 81.349421][ T5028] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 81.369044][ T5028] RSP: 002b:00007f8d65101308 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 81.377468][ T5028] RAX: ffffffffffffffda RBX: 00007f8d65219428 RCX: 00007f8d65191a89 [ 81.385446][ T5028] RDX: 0000000020000180 RSI: 0000000000000003 RDI: 0000000000000005 [ 81.393426][ T5028] RBP: 00007f8d65219420 R08: 00007f8d65101700 R09: 0000000000000000 [ 81.401413][ T5028] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007f8d6521942c [ 81.409391][ T5028] R13: 00007f8d651e7064 R14: 7265687069636b73 R15: 0000000000022000 [ 81.417377][ T5028] [ 81.420396][ T5028] [ 81.422717][ T5028] Allocated by task 5028: [ 81.427042][ T5028] kasan_save_stack+0x22/0x40 [ 81.431738][ T5028] kasan_set_track+0x25/0x30 [ 81.436344][ T5028] __kasan_kmalloc+0xa2/0xb0 [ 81.440951][ T5028] __kmalloc+0x5e/0x190 [ 81.445110][ T5028] sock_kmalloc+0xb2/0x100 [ 81.449540][ T5028] af_alg_sendmsg+0x17a4/0x2990 [ 81.454401][ T5028] sock_sendmsg+0xde/0x190 [ 81.458911][ T5028] splice_to_socket+0x954/0xe30 [ 81.463766][ T5028] direct_splice_actor+0x114/0x180 [ 81.468899][ T5028] splice_direct_to_actor+0x34a/0x9c0 [ 81.474292][ T5028] do_splice_direct+0x1ad/0x280 [ 81.479161][ T5028] do_sendfile+0xb19/0x12c0 [ 81.483693][ T5028] __x64_sys_sendfile64+0x14d/0x210 [ 81.489077][ T5028] do_syscall_64+0x39/0xb0 [ 81.493499][ T5028] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.499410][ T5028] [ 81.501747][ T5028] The buggy address belongs to the object at ffff88807e016000 [ 81.501747][ T5028] which belongs to the cache kmalloc-4k of size 4096 [ 81.515803][ T5028] The buggy address is located 0 bytes to the right of [ 81.515803][ T5028] allocated 4088-byte region [ffff88807e016000, ffff88807e016ff8) [ 81.530388][ T5028] [ 81.532719][ T5028] The buggy address belongs to the physical page: [ 81.539128][ T5028] page:ffffea0001f80400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e010 [ 81.549375][ T5028] head:ffffea0001f80400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 81.558311][ T5028] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 81.566289][ T5028] page_type: 0xffffffff() [ 81.570626][ T5028] raw: 00fff00000010200 ffff888012442140 dead000000000122 0000000000000000 [ 81.579225][ T5028] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000 [ 81.587809][ T5028] page dumped because: kasan: bad access detected [ 81.594216][ T5028] page_owner tracks the page as allocated [ 81.599932][ T5028] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5019, tgid 5019 (modprobe), ts 80491362379, free_ts 80455993447 [ 81.620174][ T5028] post_alloc_hook+0x2db/0x350 [ 81.624960][ T5028] get_page_from_freelist+0xf41/0x2c00 [ 81.630440][ T5028] __alloc_pages+0x1cb/0x4a0 [ 81.635054][ T5028] alloc_pages+0x1aa/0x270 [ 81.639493][ T5028] allocate_slab+0x25f/0x390 [ 81.644105][ T5028] ___slab_alloc+0xa91/0x1400 [ 81.648799][ T5028] __slab_alloc.constprop.0+0x56/0xa0 [ 81.654188][ T5028] __kmem_cache_alloc_node+0x136/0x320 [ 81.659664][ T5028] __kmalloc+0x4e/0x190 [ 81.663833][ T5028] tomoyo_realpath_from_path+0xc3/0x600 [ 81.669393][ T5028] tomoyo_path_perm+0x230/0x430 [ 81.674256][ T5028] security_inode_getattr+0xd3/0x140 [ 81.679559][ T5028] vfs_statx+0x16e/0x430 [ 81.683832][ T5028] vfs_fstatat+0x90/0xb0 [ 81.688106][ T5028] __do_sys_newfstatat+0x8a/0x110 [ 81.693161][ T5028] do_syscall_64+0x39/0xb0 [ 81.697591][ T5028] page last free stack trace: [ 81.702262][ T5028] free_unref_page_prepare+0x62e/0xcb0 [ 81.707754][ T5028] free_unref_page+0x33/0x370 [ 81.712464][ T5028] __folio_put+0x109/0x140 [ 81.716920][ T5028] put_page+0x21b/0x280 [ 81.721099][ T5028] page_to_skb+0x810/0xa10 [ 81.725534][ T5028] receive_buf+0x1128/0x5020 [ 81.730144][ T5028] virtnet_poll+0x742/0x14b0 [ 81.734760][ T5028] __napi_poll+0xb7/0x6f0 [ 81.739879][ T5028] net_rx_action+0x8a9/0xcb0 [ 81.744480][ T5028] __do_softirq+0x1d4/0x905 [ 81.749014][ T5028] [ 81.751358][ T5028] Memory state around the buggy address: [ 81.756994][ T5028] ffff88807e016e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 81.765056][ T5028] ffff88807e016f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 81.773135][ T5028] >ffff88807e016f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 81.781202][ T5028] ^ [ 81.789266][ T5028] ffff88807e017000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.797419][ T5028] ffff88807e017080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.805477][ T5028] ================================================================== [ 81.815640][ T5028] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 81.822886][ T5028] CPU: 1 PID: 5028 Comm: syz-executor415 Not tainted 6.4.0-rc5-syzkaller-00915-ge7c5433c5aaa #0 [ 81.833338][ T5028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 81.843511][ T5028] Call Trace: [ 81.846800][ T5028] [ 81.849739][ T5028] dump_stack_lvl+0xd9/0x150 [ 81.854356][ T5028] panic+0x686/0x730 [ 81.858298][ T5028] ? panic_smp_self_stop+0xa0/0xa0 [ 81.863471][ T5028] ? preempt_schedule_thunk+0x1a/0x20 [ 81.868890][ T5028] ? preempt_schedule_common+0x45/0xb0 [ 81.874392][ T5028] check_panic_on_warn+0xb1/0xc0 [ 81.879483][ T5028] end_report+0xe9/0x120 [ 81.883757][ T5028] ? extract_iter_to_sg+0x17a6/0x1960 [ 81.889245][ T5028] kasan_report+0xf9/0x130 [ 81.893693][ T5028] ? extract_iter_to_sg+0x17a6/0x1960 [ 81.899122][ T5028] extract_iter_to_sg+0x17a6/0x1960 [ 81.904390][ T5028] ? sg_init_one+0x140/0x140 [ 81.909032][ T5028] ? af_alg_sendmsg+0x310/0x2990 [ 81.914020][ T5028] ? lock_downgrade+0x690/0x690 [ 81.918905][ T5028] ? mark_held_locks+0x9f/0xe0 [ 81.923705][ T5028] ? __local_bh_enable_ip+0xa4/0x130 [ 81.929026][ T5028] af_alg_sendmsg+0x1917/0x2990 [ 81.933910][ T5028] ? aa_sk_perm+0x31d/0xb10 [ 81.938448][ T5028] ? af_alg_pull_tsgl+0xc50/0xc50 [ 81.943589][ T5028] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 81.948900][ T5028] ? hash_sendpage_nokey+0xa0/0xa0 [ 81.954040][ T5028] sock_sendmsg+0xde/0x190 [ 81.958484][ T5028] splice_to_socket+0x954/0xe30 [ 81.963365][ T5028] ? splice_from_pipe+0x140/0x140 [ 81.968440][ T5028] ? security_file_permission+0xaf/0xd0 [ 81.974021][ T5028] ? splice_from_pipe+0x140/0x140 [ 81.979081][ T5028] direct_splice_actor+0x114/0x180 [ 81.984328][ T5028] splice_direct_to_actor+0x34a/0x9c0 [ 81.989745][ T5028] ? folio_flags.constprop.0+0x150/0x150 [ 81.995417][ T5028] ? direct_splice_actor+0x180/0x180 [ 82.000738][ T5028] ? bpf_lsm_file_permission+0x9/0x10 [ 82.006139][ T5028] ? security_file_permission+0xaf/0xd0 [ 82.011711][ T5028] do_splice_direct+0x1ad/0x280 [ 82.016596][ T5028] ? splice_direct_to_actor+0x9c0/0x9c0 [ 82.022178][ T5028] ? propagate_umount+0x19f0/0x19f0 [ 82.027414][ T5028] ? bpf_lsm_file_permission+0x9/0x10 [ 82.032832][ T5028] ? security_file_permission+0xaf/0xd0 [ 82.038422][ T5028] do_sendfile+0xb19/0x12c0 [ 82.042981][ T5028] ? vfs_iocb_iter_write+0x480/0x480 [ 82.048335][ T5028] __x64_sys_sendfile64+0x14d/0x210 [ 82.053570][ T5028] ? __ia32_sys_sendfile+0x220/0x220 [ 82.058875][ T5028] ? lockdep_hardirqs_on+0x7d/0x100 [ 82.064100][ T5028] ? _raw_spin_unlock_irq+0x2e/0x50 [ 82.069331][ T5028] ? ptrace_notify+0xfe/0x140 [ 82.074034][ T5028] do_syscall_64+0x39/0xb0 [ 82.078473][ T5028] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.084401][ T5028] RIP: 0033:0x7f8d65191a89 [ 82.088834][ T5028] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 82.108465][ T5028] RSP: 002b:00007f8d65101308 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 82.116896][ T5028] RAX: ffffffffffffffda RBX: 00007f8d65219428 RCX: 00007f8d65191a89 [ 82.124882][ T5028] RDX: 0000000020000180 RSI: 0000000000000003 RDI: 0000000000000005 [ 82.132865][ T5028] RBP: 00007f8d65219420 R08: 00007f8d65101700 R09: 0000000000000000 [ 82.140853][ T5028] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007f8d6521942c [ 82.148837][ T5028] R13: 00007f8d651e7064 R14: 7265687069636b73 R15: 0000000000022000 [ 82.156850][ T5028] [ 82.160093][ T5028] Kernel Offset: disabled [ 82.164429][ T5028] Rebooting in 86400 seconds..