./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3442385649
<...>
Warning: Permanently added '10.128.0.253' (ECDSA) to the list of known hosts.
execve("./syz-executor3442385649", ["./syz-executor3442385649"], 0x7fff7d3c4df0 /* 10 vars */) = 0
brk(NULL) = 0x5555560ce000
brk(0x5555560cec40) = 0x5555560cec40
arch_prctl(ARCH_SET_FS, 0x5555560ce300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3442385649", 4096) = 28
brk(0x5555560efc40) = 0x5555560efc40
brk(0x5555560f0000) = 0x5555560f0000
mprotect(0x7fc8b86ae000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
syzkaller login: [ 49.971786][ T3598] netlink: 28 bytes leftover after parsing attributes in process `syz-executor344'.
[ 49.981418][ T3598] netlink: 28 bytes leftover after parsing attributes in process `syz-executor344'.
[ 49.991775][ T3598] ================================================================================
[ 50.001156][ T3598] UBSAN: shift-out-of-bounds in net/sched/act_pedit.c:238:43
[ 50.008512][ T3598] shift exponent 1400735974 is too large for 32-bit type 'unsigned int'
[ 50.016859][ T3598] CPU: 1 PID: 3598 Comm: syz-executor344 Not tainted 5.18.0-rc5-syzkaller-00165-g810c2f0a3f86 #0
[ 50.027342][ T3598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 50.037383][ T3598] Call Trace:
[ 50.040649][ T3598]
[ 50.043564][ T3598] dump_stack_lvl+0xcd/0x134
[ 50.048158][ T3598] ubsan_epilogue+0xb/0x50
[ 50.052560][ T3598] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187
[ 50.059313][ T3598] ? rcu_read_lock_sched_held+0x3a/0x70
[ 50.064848][ T3598] ? trace_kmalloc+0x32/0xf0
[ 50.069424][ T3598] ? __kmalloc+0x19d/0x350
[ 50.073822][ T3598] ? tcf_pedit_init+0x100b/0x1540
[ 50.078834][ T3598] tcf_pedit_init.cold+0x1a/0x1f
[ 50.083779][ T3598] ? tcf_pedit_offload_act_setup+0x560/0x560
[ 50.089748][ T3598] ? nla_get_range_signed+0x520/0x520
[ 50.095116][ T3598] ? __nla_parse+0x3d/0x50
[ 50.099518][ T3598] tcf_action_init_1+0x414/0x690
[ 50.104445][ T3598] ? tc_action_load_ops+0x3a0/0x3a0
[ 50.109638][ T3598] ? __nla_parse+0x3d/0x50
[ 50.114048][ T3598] tcf_action_init+0x530/0x8d0
[ 50.118805][ T3598] ? tcf_action_init_1+0x690/0x690
[ 50.123910][ T3598] ? lock_chain_count+0x20/0x20
[ 50.128765][ T3598] ? mark_lock.part.0+0xee/0x1910
[ 50.133793][ T3598] ? lock_chain_count+0x20/0x20
[ 50.138648][ T3598] tcf_action_add+0xf9/0x480
[ 50.143238][ T3598] ? tca_action_gd+0xe70/0xe70
[ 50.148023][ T3598] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.154263][ T3598] ? __nla_parse+0x3d/0x50
[ 50.158678][ T3598] tc_ctl_action+0x346/0x470
[ 50.163257][ T3598] ? tcf_action_add+0x480/0x480
[ 50.168092][ T3598] ? rtnetlink_rcv_msg+0x388/0xb80
[ 50.173198][ T3598] ? tcf_action_add+0x480/0x480
[ 50.178034][ T3598] rtnetlink_rcv_msg+0x413/0xb80
[ 50.182964][ T3598] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 50.187725][ T3598] netlink_rcv_skb+0x153/0x420
[ 50.192482][ T3598] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 50.197238][ T3598] ? netlink_ack+0xa80/0xa80
[ 50.201817][ T3598] ? netlink_deliver_tap+0x1a2/0xc40
[ 50.207095][ T3598] ? netlink_deliver_tap+0x1b1/0xc40
[ 50.212371][ T3598] netlink_unicast+0x543/0x7f0
[ 50.217126][ T3598] ? netlink_attachskb+0x880/0x880
[ 50.222224][ T3598] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 50.228454][ T3598] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 50.234677][ T3598] ? __phys_addr_symbol+0x2c/0x70
[ 50.239685][ T3598] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 50.245384][ T3598] ? __check_object_size+0x16c/0x4f0
[ 50.250658][ T3598] netlink_sendmsg+0x904/0xe00
[ 50.255412][ T3598] ? netlink_unicast+0x7f0/0x7f0
[ 50.260340][ T3598] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.266567][ T3598] ? netlink_unicast+0x7f0/0x7f0
[ 50.271492][ T3598] sock_sendmsg+0xcf/0x120
[ 50.275900][ T3598] ____sys_sendmsg+0x6e2/0x800
[ 50.280655][ T3598] ? kernel_sendmsg+0x50/0x50
[ 50.285316][ T3598] ? do_recvmmsg+0x6d0/0x6d0
[ 50.289893][ T3598] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 50.295863][ T3598] ? lockdep_hardirqs_on+0x79/0x100
[ 50.301045][ T3598] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 50.307012][ T3598] ___sys_sendmsg+0xf3/0x170
[ 50.311706][ T3598] ? sendmsg_copy_msghdr+0x160/0x160
[ 50.316983][ T3598] ? lock_release+0x720/0x720
[ 50.321652][ T3598] ? ptrace_stop+0x590/0xb30
[ 50.326233][ T3598] ? do_raw_spin_lock+0x120/0x2a0
[ 50.331247][ T3598] ? rwlock_bug.part.0+0x90/0x90
[ 50.336198][ T3598] ? _raw_spin_lock_irq+0x41/0x50
[ 50.341217][ T3598] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 50.347447][ T3598] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.353677][ T3598] ? __fget_light+0x20f/0x270
[ 50.358345][ T3598] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 50.364572][ T3598] __sys_sendmsg+0xe5/0x1b0
[ 50.369065][ T3598] ? __sys_sendmsg_sock+0x30/0x30
[ 50.374097][ T3598] ? _raw_spin_unlock_irq+0x2a/0x40
[ 50.379283][ T3598] ? ptrace_notify+0xfa/0x140
[ 50.383955][ T3598] do_syscall_64+0x35/0xb0
[ 50.388360][ T3598] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 50.394241][ T3598] RIP: 0033:0x7fc8b8641b59
[ 50.398646][ T3598] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 50.418240][ T3598] RSP: 002b:00007ffd04b44b58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 50.426644][ T3598] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8b8641b59
[ 50.434605][ T3598] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[ 50.442559][ T3598] RBP: 00007fc8b8605d00 R08: 0000000000000000 R09: 0000000000000000
[ 50.450513][ T3598] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc8b8605d90
[ 50.458468][ T3598] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 50.466433][ T3598]
[ 50.469553][ T3598] ================================================================================
[ 50.478844][ T3598] Kernel panic - not syncing: panic_on_warn set ...
[ 50.485412][ T3598] CPU: 1 PID: 3598 Comm: syz-executor344 Not tainted 5.18.0-rc5-syzkaller-00165-g810c2f0a3f86 #0
[ 50.495894][ T3598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 50.505946][ T3598] Call Trace:
[ 50.509216][ T3598]
[ 50.512148][ T3598] dump_stack_lvl+0xcd/0x134
[ 50.516730][ T3598] panic+0x2d7/0x636
[ 50.520613][ T3598] ? panic_print_sys_info.part.0+0x10b/0x10b
[ 50.526583][ T3598] ? dump_stack_lvl+0x120/0x134
[ 50.531427][ T3598] ? ubsan_epilogue+0x3e/0x50
[ 50.536106][ T3598] ubsan_epilogue+0x4a/0x50
[ 50.541029][ T3598] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187
[ 50.547777][ T3598] ? rcu_read_lock_sched_held+0x3a/0x70
[ 50.553313][ T3598] ? trace_kmalloc+0x32/0xf0
[ 50.557890][ T3598] ? __kmalloc+0x19d/0x350
[ 50.562295][ T3598] ? tcf_pedit_init+0x100b/0x1540
[ 50.567396][ T3598] tcf_pedit_init.cold+0x1a/0x1f
[ 50.572327][ T3598] ? tcf_pedit_offload_act_setup+0x560/0x560
[ 50.578300][ T3598] ? nla_get_range_signed+0x520/0x520
[ 50.583673][ T3598] ? __nla_parse+0x3d/0x50
[ 50.588077][ T3598] tcf_action_init_1+0x414/0x690
[ 50.593008][ T3598] ? tc_action_load_ops+0x3a0/0x3a0
[ 50.598200][ T3598] ? __nla_parse+0x3d/0x50
[ 50.602604][ T3598] tcf_action_init+0x530/0x8d0
[ 50.607358][ T3598] ? tcf_action_init_1+0x690/0x690
[ 50.612453][ T3598] ? lock_chain_count+0x20/0x20
[ 50.617311][ T3598] ? mark_lock.part.0+0xee/0x1910
[ 50.622339][ T3598] ? lock_chain_count+0x20/0x20
[ 50.627186][ T3598] tcf_action_add+0xf9/0x480
[ 50.631764][ T3598] ? tca_action_gd+0xe70/0xe70
[ 50.636539][ T3598] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.642768][ T3598] ? __nla_parse+0x3d/0x50
[ 50.647174][ T3598] tc_ctl_action+0x346/0x470
[ 50.651838][ T3598] ? tcf_action_add+0x480/0x480
[ 50.656673][ T3598] ? rtnetlink_rcv_msg+0x388/0xb80
[ 50.661781][ T3598] ? tcf_action_add+0x480/0x480
[ 50.666617][ T3598] rtnetlink_rcv_msg+0x413/0xb80
[ 50.671542][ T3598] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 50.676302][ T3598] netlink_rcv_skb+0x153/0x420
[ 50.681063][ T3598] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 50.685814][ T3598] ? netlink_ack+0xa80/0xa80
[ 50.690391][ T3598] ? netlink_deliver_tap+0x1a2/0xc40
[ 50.695664][ T3598] ? netlink_deliver_tap+0x1b1/0xc40
[ 50.700957][ T3598] netlink_unicast+0x543/0x7f0
[ 50.705715][ T3598] ? netlink_attachskb+0x880/0x880
[ 50.710812][ T3598] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 50.717041][ T3598] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 50.723266][ T3598] ? __phys_addr_symbol+0x2c/0x70
[ 50.728275][ T3598] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 50.733979][ T3598] ? __check_object_size+0x16c/0x4f0
[ 50.739254][ T3598] netlink_sendmsg+0x904/0xe00
[ 50.744013][ T3598] ? netlink_unicast+0x7f0/0x7f0
[ 50.748941][ T3598] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.755168][ T3598] ? netlink_unicast+0x7f0/0x7f0
[ 50.760094][ T3598] sock_sendmsg+0xcf/0x120
[ 50.764501][ T3598] ____sys_sendmsg+0x6e2/0x800
[ 50.769254][ T3598] ? kernel_sendmsg+0x50/0x50
[ 50.773916][ T3598] ? do_recvmmsg+0x6d0/0x6d0
[ 50.778499][ T3598] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 50.784469][ T3598] ? lockdep_hardirqs_on+0x79/0x100
[ 50.789653][ T3598] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 50.795643][ T3598] ___sys_sendmsg+0xf3/0x170
[ 50.800238][ T3598] ? sendmsg_copy_msghdr+0x160/0x160
[ 50.805514][ T3598] ? lock_release+0x720/0x720
[ 50.810177][ T3598] ? ptrace_stop+0x590/0xb30
[ 50.814758][ T3598] ? do_raw_spin_lock+0x120/0x2a0
[ 50.819770][ T3598] ? rwlock_bug.part.0+0x90/0x90
[ 50.824693][ T3598] ? _raw_spin_lock_irq+0x41/0x50
[ 50.829710][ T3598] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 50.835954][ T3598] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.842179][ T3598] ? __fget_light+0x20f/0x270
[ 50.846846][ T3598] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 50.853077][ T3598] __sys_sendmsg+0xe5/0x1b0
[ 50.857565][ T3598] ? __sys_sendmsg_sock+0x30/0x30
[ 50.862582][ T3598] ? _raw_spin_unlock_irq+0x2a/0x40
[ 50.867766][ T3598] ? ptrace_notify+0xfa/0x140
[ 50.872434][ T3598] do_syscall_64+0x35/0xb0
[ 50.876844][ T3598] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 50.882745][ T3598] RIP: 0033:0x7fc8b8641b59
[ 50.887156][ T3598] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 50.907460][ T3598] RSP: 002b:00007ffd04b44b58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 50.915865][ T3598] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8b8641b59
[ 50.923826][ T3598] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[ 50.931781][ T3598] RBP: 00007fc8b8605d00 R08: 0000000000000000 R09: 0000000000000000
[ 50.939738][ T3598] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc8b8605d90
[ 50.947693][ T3598] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 50.955781][ T3598]
[ 50.959075][ T3598] Kernel Offset: disabled
[ 50.963468][ T3598] Rebooting in 86400 seconds..