./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor141915678 <...> DUID 00:04:98:96:05:40:f2:aa:0a:66:7a:29:c2:20:2e:76:e0:ec forked to background, child pid 3190 [ 25.701507][ T3191] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.708789][ T3191] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.87' (ECDSA) to the list of known hosts. execve("./syz-executor141915678", ["./syz-executor141915678"], 0x7ffd5062e700 /* 10 vars */) = 0 brk(NULL) = 0x55555629e000 brk(0x55555629ec40) = 0x55555629ec40 arch_prctl(ARCH_SET_FS, 0x55555629e300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555629e5d0) = 3618 set_robust_list(0x55555629e5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f5e1b55b5f0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f5e1b55bcc0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f5e1b55b690, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5e1b55bcc0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor141915678", 4096) = 27 brk(0x5555562bfc40) = 0x5555562bfc40 brk(0x5555562c0000) = 0x5555562c0000 mprotect(0x7f5e1b61d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3619 attached , child_tidptr=0x55555629e5d0) = 3619 [pid 3619] set_robust_list(0x55555629e5e0, 24) = 0 [pid 3619] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3619] setsid() = 1 [pid 3619] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3619] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3619] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3619] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3619] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3619] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3619] unshare(CLONE_NEWNS) = 0 [pid 3619] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3619] unshare(CLONE_NEWIPC) = 0 [pid 3619] unshare(CLONE_NEWCGROUP) = 0 [pid 3619] unshare(CLONE_NEWUTS) = 0 [pid 3619] unshare(CLONE_SYSVSEM) = 0 [pid 3619] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3619] write(3, "16777216", 8) = 8 [pid 3619] close(3) = 0 [pid 3619] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3619] write(3, "536870912", 9) = 9 [pid 3619] close(3) = 0 [pid 3619] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3619] write(3, "1024", 4) = 4 [pid 3619] close(3) = 0 [pid 3619] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3619] write(3, "8192", 4) = 4 [pid 3619] close(3) = 0 [pid 3619] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3619] write(3, "1024", 4) = 4 [pid 3619] close(3) = 0 [pid 3619] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3619] write(3, "1024", 4) = 4 [pid 3619] close(3) = 0 [pid 3619] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3619] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3619] close(3) = 0 [pid 3619] getpid() = 1 [pid 3619] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 3620] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3621] <... set_robust_list resumed>) = 0 [pid 3621] openat(AT_FDCWD, "/dev/net/tun", O_RDONLY) = 3 [pid 3621] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3620] <... futex resumed>) = 0 [pid 3621] futex(0x7f5e1b623428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3620] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3620] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3621] <... futex resumed>) = 0 [pid 3621] ioctl(3, TUNSETIFF, 0x20000200) = 0 [pid 3621] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3620] <... futex resumed>) = 0 [pid 3620] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3621] <... futex resumed>) = 1 [pid 3621] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3621] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3620] <... futex resumed>) = 0 [pid 3621] futex(0x7f5e1b623428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3620] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3621] socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) = 5 [pid 3621] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3620] <... futex resumed>) = 0 [pid 3620] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3621] ioctl(5, SIOCGIFINDEX, {ifr_name="rose0" [pid 3620] <... futex resumed>) = 0 [pid 3620] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3621] <... ioctl resumed>, ifr_ifindex=11}) = 0 [pid 3621] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3620] <... futex resumed>) = 0 [pid 3621] ioctl(3, TUNSETQUEUE, 0x20000340 [pid 3620] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3621] <... ioctl resumed>) = 0 [pid 3621] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3620] <... futex resumed>) = 0 [pid 3620] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3621] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x34\x00\x00\x00\x11\x00\x01\xe9\x0d\x7d\x1f\xc7\x4e\x1b\xed\x42\xec\x45\xb2\xfc\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=53}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3620] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3621] <... sendmsg resumed>) = 53 [pid 3621] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3621] futex(0x7f5e1b623428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3620] <... futex resumed>) = 0 [pid 3620] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3621] <... futex resumed>) = 0 [pid 3620] <... futex resumed>) = 1 [pid 3621] ioctl(3, TUNSETIFF, 0x20000200 [pid 3620] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3621] <... ioctl resumed>) = 0 [pid 3621] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3620] <... futex resumed>) = 0 [pid 3621] futex(0x7f5e1b623428, FUTEX_WAIT_PRIVATE, 0, NULL syzkaller login: [ 48.054107][ T3621] netlink: 20 bytes leftover after parsing attributes in process `syz-executor141'. [pid 3620] close(3) = 0 [pid 3620] close(4) = 0 [pid 3620] close(5) = 0 [pid 3620] close(6) = -1 EBADF (Bad file descriptor) [pid 3620] close(7) = -1 EBADF (Bad file descriptor) [pid 3620] close(8) = -1 EBADF (Bad file descriptor) [pid 3620] close(9) = -1 EBADF (Bad file descriptor) [pid 3620] close(10) = -1 EBADF (Bad file descriptor) [pid 3620] close(11) = -1 EBADF (Bad file descriptor) [pid 3620] close(12) = -1 EBADF (Bad file descriptor) [pid 3620] close(13) = -1 EBADF (Bad file descriptor) [pid 3620] close(14) = -1 EBADF (Bad file descriptor) [pid 3620] close(15) = -1 EBADF (Bad file descriptor) [pid 3620] close(16) = -1 EBADF (Bad file descriptor) [pid 3620] close(17) = -1 EBADF (Bad file descriptor) [pid 3620] close(18) = -1 EBADF (Bad file descriptor) [pid 3620] close(19) = -1 EBADF (Bad file descriptor) [pid 3620] close(20) = -1 EBADF (Bad file descriptor) [pid 3620] close(21) = -1 EBADF (Bad file descriptor) [pid 3620] close(22) = -1 EBADF (Bad file descriptor) [pid 3620] close(23) = -1 EBADF (Bad file descriptor) [pid 3620] close(24) = -1 EBADF (Bad file descriptor) [pid 3620] close(25) = -1 EBADF (Bad file descriptor) [pid 3620] close(26) = -1 EBADF (Bad file descriptor) [pid 3620] close(27) = -1 EBADF (Bad file descriptor) [pid 3620] close(28) = -1 EBADF (Bad file descriptor) [pid 3620] close(29) = -1 EBADF (Bad file descriptor) [pid 3620] exit_group(0 [pid 3621] <... futex resumed>) = ? [pid 3620] <... exit_group resumed>) = ? [pid 3621] +++ exited with 0 +++ [pid 3620] +++ exited with 0 +++ [pid 3619] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3619] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3619] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3622 attached , child_tidptr=0x55555629e5d0) = 4 [pid 3622] set_robust_list(0x55555629e5e0, 24) = 0 [pid 3622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3622] setpgid(0, 0) = 0 [pid 3622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3622] write(3, "1000", 4) = 4 [pid 3622] close(3) = 0 [pid 3622] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5e1b52b000 [pid 3622] mprotect(0x7f5e1b52c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3622] clone(child_stack=0x7f5e1b54b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3623 attached [pid 3623] set_robust_list(0x7f5e1b54b9e0, 24) = 0 [pid 3622] <... clone resumed>, parent_tid=[5], tls=0x7f5e1b54b700, child_tidptr=0x7f5e1b54b9d0) = 5 [pid 3623] futex(0x7f5e1b623428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3622] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3623] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3623] openat(AT_FDCWD, "/dev/net/tun", O_RDONLY) = 3 [pid 3622] <... futex resumed>) = 0 [pid 3622] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3623] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3623] futex(0x7f5e1b623428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3622] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3623] <... futex resumed>) = 0 [pid 3622] <... futex resumed>) = 1 [pid 3623] ioctl(3, TUNSETIFF, 0x20000200 [pid 3622] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3623] <... ioctl resumed>) = 0 [pid 3623] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3623] futex(0x7f5e1b623428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3622] <... futex resumed>) = 0 [pid 3622] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3623] <... futex resumed>) = 0 [pid 3622] <... futex resumed>) = 1 [pid 3623] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3623] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3622] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3623] futex(0x7f5e1b623428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3622] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3623] <... futex resumed>) = 0 [pid 3622] <... futex resumed>) = 1 [pid 3623] socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL) [pid 3622] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3623] <... socket resumed>) = 5 [pid 3623] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3622] <... futex resumed>) = 0 [pid 3623] futex(0x7f5e1b623428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3622] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3623] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3622] <... futex resumed>) = 0 [pid 3623] ioctl(5, SIOCGIFINDEX, {ifr_name="rose0" [pid 3622] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3623] <... ioctl resumed>, ifr_ifindex=13}) = 0 [pid 3623] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3622] <... futex resumed>) = 0 [pid 3623] futex(0x7f5e1b623428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3622] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3623] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3622] <... futex resumed>) = 0 [pid 3622] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3623] ioctl(3, TUNSETQUEUE, 0x20000340) = 0 [pid 3623] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3622] <... futex resumed>) = 0 [pid 3623] futex(0x7f5e1b623428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3622] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3622] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3623] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3623] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x34\x00\x00\x00\x11\x00\x01\xe9\x0d\x7d\x1f\xc7\x4e\x1b\xed\x42\xec\x45\xb2\xfc\x0d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=53}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 53 [pid 3623] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3622] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3623] <... futex resumed>) = 0 [pid 3622] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000 [pid 3623] ioctl(3, TUNSETIFF, 0x20000200) = 0 [pid 3622] <... futex resumed>) = 0 [pid 3622] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3623] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3623] futex(0x7f5e1b623428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3622] <... futex resumed>) = 0 [ 48.194453][ T3623] netlink: 20 bytes leftover after parsing attributes in process `syz-executor141'. [pid 3622] close(3) = 0 [pid 3622] close(4) = 0 [pid 3622] close(5) = 0 [pid 3622] close(6) = -1 EBADF (Bad file descriptor) [pid 3622] close(7) = -1 EBADF (Bad file descriptor) [pid 3622] close(8) = -1 EBADF (Bad file descriptor) [pid 3622] close(9) = -1 EBADF (Bad file descriptor) [pid 3622] close(10) = -1 EBADF (Bad file descriptor) [pid 3622] close(11) = -1 EBADF (Bad file descriptor) [pid 3622] close(12) = -1 EBADF (Bad file descriptor) [pid 3622] close(13) = -1 EBADF (Bad file descriptor) [pid 3622] close(14) = -1 EBADF (Bad file descriptor) [pid 3622] close(15) = -1 EBADF (Bad file descriptor) [pid 3622] close(16) = -1 EBADF (Bad file descriptor) [pid 3622] close(17) = -1 EBADF (Bad file descriptor) [pid 3622] close(18) = -1 EBADF (Bad file descriptor) [pid 3622] close(19) = -1 EBADF (Bad file descriptor) [pid 3622] close(20) = -1 EBADF (Bad file descriptor) [pid 3622] close(21) = -1 EBADF (Bad file descriptor) [pid 3622] close(22) = -1 EBADF (Bad file descriptor) [pid 3622] close(23) = -1 EBADF (Bad file descriptor) [pid 3622] close(24) = -1 EBADF (Bad file descriptor) [pid 3622] close(25) = -1 EBADF (Bad file descriptor) [pid 3622] close(26) = -1 EBADF (Bad file descriptor) [pid 3622] close(27) = -1 EBADF (Bad file descriptor) [pid 3622] close(28) = -1 EBADF (Bad file descriptor) [pid 3622] close(29) = -1 EBADF (Bad file descriptor) [pid 3622] exit_group(0 [pid 3623] <... futex resumed>) = ? [pid 3622] <... exit_group resumed>) = ? [pid 3623] +++ exited with 0 +++ [pid 3622] +++ exited with 0 +++ [pid 3619] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3619] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3619] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555629e5d0) = 6 ./strace-static-x86_64: Process 3624 attached [pid 3624] set_robust_list(0x55555629e5e0, 24) = 0 [pid 3624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3624] setpgid(0, 0) = 0 [pid 3624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3624] write(3, "1000", 4) = 4 [pid 3624] close(3) = 0 [pid 3624] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5e1b52b000 [pid 3624] mprotect(0x7f5e1b52c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3624] clone(child_stack=0x7f5e1b54b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7], tls=0x7f5e1b54b700, child_tidptr=0x7f5e1b54b9d0) = 7 [pid 3624] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3625 attached [pid 3625] set_robust_list(0x7f5e1b54b9e0, 24) = 0 [pid 3625] openat(AT_FDCWD, "/dev/net/tun", O_RDONLY) = 3 [pid 3625] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = 0 [pid 3624] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3625] <... futex resumed>) = 1 [pid 3625] ioctl(3, TUNSETIFF, 0x20000200) = 0 [pid 3625] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = 0 [pid 3624] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3625] <... futex resumed>) = 1 [pid 3625] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3625] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = 0 [pid 3624] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3625] <... futex resumed>) = 1 [pid 3625] socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) = 5 [pid 3625] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = 0 [pid 3624] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3625] <... futex resumed>) = 1 [pid 3625] ioctl(5, SIOCGIFINDEX, {ifr_name="rose0", ifr_ifindex=15}) = 0 [pid 3625] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = 0 [pid 3624] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3625] <... futex resumed>) = 1 [pid 3625] ioctl(3, TUNSETQUEUE, 0x20000340) = 0 [pid 3625] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = 0 [pid 3624] futex(0x7f5e1b623428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] futex(0x7f5e1b62342c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3625] <... futex resumed>) = 1 [pid 3625] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x34\x00\x00\x00\x11\x00\x01\xe9\x0d\x7d\x1f\xc7\x4e\x1b\xed\x42\xec\x45\xb2\xfc\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=53}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3624] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3624] futex(0x7f5e1b62343c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5e1b50a000 [pid 3624] mprotect(0x7f5e1b50b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3624] clone(child_stack=0x7f5e1b52a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[8], tls=0x7f5e1b52a700, child_tidptr=0x7f5e1b52a9d0) = 8 [pid 3624] futex(0x7f5e1b623438, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] futex(0x7f5e1b62343c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3626 attached [pid 3626] set_robust_list(0x7f5e1b52a9e0, 24) = 0 [ 48.314280][ T3625] netlink: 20 bytes leftover after parsing attributes in process `syz-executor141'. [pid 3626] ioctl(3, TUNSETIFF, 0x20000200 [pid 3625] <... sendmsg resumed>) = 53 [pid 3625] futex(0x7f5e1b62342c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3625] futex(0x7f5e1b623428, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3624] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 48.367509][ T3626] ------------[ cut here ]------------ [ 48.367593][ T3626] WARNING: CPU: 0 PID: 3626 at net/core/dev.c:6357 netif_napi_add_weight+0x7e8/0x9e0 [ 48.384233][ T3626] Modules linked in: [ 48.388263][ T3626] CPU: 0 PID: 3626 Comm: syz-executor141 Not tainted 5.19.0-rc3-syzkaller-00027-g78ca55889a54 #0 [ 48.399272][ T3626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.409957][ T3626] RIP: 0010:netif_napi_add_weight+0x7e8/0x9e0 [ 48.416296][ T3626] Code: b6 04 02 48 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f 85 a4 00 00 00 48 8b 04 24 80 a0 b1 0b 00 00 fd e9 6c fd ff ff e8 18 21 27 fa <0f> 0b e9 60 fd ff ff e8 9c e6 73 fa e9 4c fe ff ff e8 82 e6 73 fa [ 48.436243][ T3626] RSP: 0018:ffffc9000306fb18 EFLAGS: 00010293 [ 48.442376][ T3626] RAX: 0000000000000000 RBX: ffff88801fc04001 RCX: 0000000000000000 [ 48.450543][ T3626] RDX: ffff88801d56bb00 RSI: ffffffff87535468 RDI: 0000000000000001 [ 48.458810][ T3626] RBP: ffff88801fc045d8 R08: 0000000000000001 R09: 0000000000000000 [ 48.467311][ T3626] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88801fc045e8 [ 48.475504][ T3626] R13: ffff88801fc045d8 R14: ffff88801e5acc80 R15: 0000000000000000 [ 48.483602][ T3626] FS: 00007f5e1b52a700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 48.492554][ T3626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.499285][ T3626] CR2: 00007f5e1b5dafb0 CR3: 0000000071ef9000 CR4: 00000000003506f0 [ 48.507388][ T3626] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.515480][ T3626] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.523589][ T3626] Call Trace: [ 48.526883][ T3626] [ 48.529809][ T3626] ? owner_show+0x130/0x130 [ 48.534436][ T3626] ? __xdp_rxq_info_reg+0x189/0x340 [ 48.539672][ T3626] tun_attach.isra.0+0x1096/0x16c0 [ 48.544972][ T3626] tun_net_init+0x45e/0x660 [ 48.549509][ T3626] ? tun_attach.isra.0+0x16c0/0x16c0 [ 48.554942][ T3626] register_netdevice+0x57d/0x15b0 [ 48.560090][ T3626] ? netdev_change_features+0xb0/0xb0 [ 48.565623][ T3626] ? dev_addr_mod+0x2c9/0x3f0 [ 48.570336][ T3626] __tun_chr_ioctl+0x2a19/0x3da0 [ 48.575445][ T3626] ? tun_chr_read_iter+0x270/0x270 [ 48.580602][ T3626] ? calibrate_delay+0xd83/0x1120 [ 48.585815][ T3626] ? __fget_files+0x26a/0x440 [ 48.590602][ T3626] ? bpf_lsm_file_ioctl+0x5/0x10 [ 48.595887][ T3626] ? tun_chr_compat_ioctl+0x30/0x30 [ 48.601165][ T3626] __x64_sys_ioctl+0x193/0x200 [ 48.606081][ T3626] do_syscall_64+0x35/0xb0 [ 48.610560][ T3626] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 48.616709][ T3626] RIP: 0033:0x7f5e1b599da9 [ 48.621203][ T3626] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 48.640964][ T3626] RSP: 002b:00007f5e1b52a308 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 48.649532][ T3626] RAX: ffffffffffffffda RBX: 00007f5e1b623438 RCX: 00007f5e1b599da9 [ 48.657647][ T3626] RDX: 0000000020000200 RSI: 00000000400454ca RDI: 0000000000000003 [pid 3624] close(3) = 0 [pid 3624] close(4) = 0 [ 48.665730][ T3626] RBP: 00007f5e1b623430 R08: 00007f5e1b52a700 R09: 0000000000000000 [ 48.673827][ T3626] R10: 00007f5e1b52a700 R11: 0000000000000246 R12: 00007f5e1b62343c [ 48.681819][ T3626] R13: 00007f5e1b5f018c R14: 74656e2f7665642f R15: 0000000000022000 [ 48.689920][ T3626] [ 48.692948][ T3626] Kernel panic - not syncing: panic_on_warn set ... [ 48.699532][ T3626] CPU: 0 PID: 3626 Comm: syz-executor141 Not tainted 5.19.0-rc3-syzkaller-00027-g78ca55889a54 #0 [ 48.710136][ T3626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.720194][ T3626] Call Trace: [ 48.723480][ T3626] [ 48.726403][ T3626] dump_stack_lvl+0xcd/0x134 [ 48.730993][ T3626] panic+0x2d7/0x64a [ 48.734881][ T3626] ? panic_print_sys_info.part.0+0x10b/0x10b [ 48.740862][ T3626] ? __warn.cold+0x1d9/0x2cd [ 48.745453][ T3626] ? netif_napi_add_weight+0x7e8/0x9e0 [ 48.750920][ T3626] __warn.cold+0x1ea/0x2cd [ 48.755340][ T3626] ? netif_napi_add_weight+0x7e8/0x9e0 [ 48.760802][ T3626] report_bug+0x1bc/0x210 [ 48.765141][ T3626] handle_bug+0x3c/0x60 [ 48.769305][ T3626] exc_invalid_op+0x14/0x40 [ 48.773828][ T3626] asm_exc_invalid_op+0x1b/0x20 [ 48.778685][ T3626] RIP: 0010:netif_napi_add_weight+0x7e8/0x9e0 [ 48.784758][ T3626] Code: b6 04 02 48 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f 85 a4 00 00 00 48 8b 04 24 80 a0 b1 0b 00 00 fd e9 6c fd ff ff e8 18 21 27 fa <0f> 0b e9 60 fd ff ff e8 9c e6 73 fa e9 4c fe ff ff e8 82 e6 73 fa [ 48.804371][ T3626] RSP: 0018:ffffc9000306fb18 EFLAGS: 00010293 [ 48.810455][ T3626] RAX: 0000000000000000 RBX: ffff88801fc04001 RCX: 0000000000000000 [ 48.818425][ T3626] RDX: ffff88801d56bb00 RSI: ffffffff87535468 RDI: 0000000000000001 [ 48.826408][ T3626] RBP: ffff88801fc045d8 R08: 0000000000000001 R09: 0000000000000000 [ 48.834396][ T3626] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88801fc045e8 [ 48.842365][ T3626] R13: ffff88801fc045d8 R14: ffff88801e5acc80 R15: 0000000000000000 [ 48.850345][ T3626] ? netif_napi_add_weight+0x7e8/0x9e0 [ 48.855818][ T3626] ? netif_napi_add_weight+0x7e8/0x9e0 [ 48.861282][ T3626] ? owner_show+0x130/0x130 [ 48.865784][ T3626] ? __xdp_rxq_info_reg+0x189/0x340 [ 48.870987][ T3626] tun_attach.isra.0+0x1096/0x16c0 [ 48.876130][ T3626] tun_net_init+0x45e/0x660 [ 48.880641][ T3626] ? tun_attach.isra.0+0x16c0/0x16c0 [ 48.885931][ T3626] register_netdevice+0x57d/0x15b0 [ 48.891048][ T3626] ? netdev_change_features+0xb0/0xb0 [ 48.896423][ T3626] ? dev_addr_mod+0x2c9/0x3f0 [ 48.901106][ T3626] __tun_chr_ioctl+0x2a19/0x3da0 [ 48.906049][ T3626] ? tun_chr_read_iter+0x270/0x270 [ 48.911168][ T3626] ? calibrate_delay+0xd83/0x1120 [ 48.916214][ T3626] ? __fget_files+0x26a/0x440 [ 48.920910][ T3626] ? bpf_lsm_file_ioctl+0x5/0x10 [ 48.926111][ T3626] ? tun_chr_compat_ioctl+0x30/0x30 [ 48.931411][ T3626] __x64_sys_ioctl+0x193/0x200 [ 48.936183][ T3626] do_syscall_64+0x35/0xb0 [ 48.940607][ T3626] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 48.946500][ T3626] RIP: 0033:0x7f5e1b599da9 [ 48.950915][ T3626] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 48.970522][ T3626] RSP: 002b:00007f5e1b52a308 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 48.978983][ T3626] RAX: ffffffffffffffda RBX: 00007f5e1b623438 RCX: 00007f5e1b599da9 [ 48.986953][ T3626] RDX: 0000000020000200 RSI: 00000000400454ca RDI: 0000000000000003 [ 48.994927][ T3626] RBP: 00007f5e1b623430 R08: 00007f5e1b52a700 R09: 0000000000000000 [ 49.002896][ T3626] R10: 00007f5e1b52a700 R11: 0000000000000246 R12: 00007f5e1b62343c [ 49.010867][ T3626] R13: 00007f5e1b5f018c R14: 74656e2f7665642f R15: 0000000000022000 [ 49.018867][ T3626] [ 49.022188][ T3626] Kernel Offset: disabled [ 49.026573][ T3626] Rebooting in 86400 seconds..