./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor674515170 <...> Warning: Permanently added '10.128.1.95' (ED25519) to the list of known hosts. execve("./syz-executor674515170", ["./syz-executor674515170"], 0x7fff7623ceb0 /* 10 vars */) = 0 brk(NULL) = 0x5555716ec000 brk(0x5555716ecd40) = 0x5555716ecd40 arch_prctl(ARCH_SET_FS, 0x5555716ec3c0) = 0 set_tid_address(0x5555716ec690) = 5831 set_robust_list(0x5555716ec6a0, 24) = 0 rseq(0x5555716ecce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor674515170", 4096) = 27 getrandom("\x47\xb4\x63\xe8\x80\x75\x29\x8e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555716ecd40 brk(0x55557170dd40) = 0x55557170dd40 brk(0x55557170e000) = 0x55557170e000 mprotect(0x7fcb533aa000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5832 attached [pid 5832] set_robust_list(0x5555716ec6a0, 24 [pid 5831] <... clone resumed>, child_tidptr=0x5555716ec690) = 5832 [pid 5832] <... set_robust_list resumed>) = 0 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] setpgid(0, 0) = 0 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1000", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] write(1, "executing program\n", 18executing program ) = 18 [pid 5832] futex(0x7fcb533b032c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb5334c360, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb5333d9e0}, NULL, 8) = 0 [pid 5832] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb532c1000 [pid 5832] mprotect(0x7fcb532c2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb532e1990, parent_tid=0x7fcb532e1990, exit_signal=0, stack=0x7fcb532c1000, stack_size=0x20300, tls=0x7fcb532e16c0}./strace-static-x86_64: Process 5833 attached [pid 5833] rseq(0x7fcb532e1fe0, 0x20, 0, 0x53053053) = 0 [pid 5832] <... clone3 resumed> => {parent_tid=[5833]}, 88) = 5833 [pid 5833] set_robust_list(0x7fcb532e19a0, 24 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... set_robust_list resumed>) = 0 [pid 5832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] futex(0x7fcb533b0328, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 5832] <... futex resumed>) = 0 [pid 5833] <... socketpair resumed>[3, 4]) = 0 [pid 5832] futex(0x7fcb533b032c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] futex(0x7fcb533b032c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] futex(0x7fcb533b0328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] futex(0x7fcb533b0328, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = 0 [pid 5832] <... futex resumed>) = 1 [pid 5833] ioctl(4, SIOCGIFINDEX, {ifr_name="lo" [pid 5832] futex(0x7fcb533b032c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... ioctl resumed>, ifr_ifindex=1}) = 0 [pid 5833] futex(0x7fcb533b032c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5833] futex(0x7fcb533b0328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7fcb533b0328, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5833] <... futex resumed>) = 0 [pid 5832] futex(0x7fcb533b032c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] socket(AF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_SCO) = 5 [pid 5833] futex(0x7fcb533b032c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] futex(0x7fcb533b0328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] futex(0x7fcb533b0328, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] <... futex resumed>) = 0 [pid 5833] setsockopt(-1, SOL_AX25, SO_BINDTODEVICE, "\x62\x70\x71\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 5832] futex(0x7fcb533b032c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... setsockopt resumed>) = -1 EBADF (Bad file descriptor) [pid 5833] futex(0x7fcb533b032c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] ioctl(5, SIOCSIFFLAGS, {ifr_name="bpq0", ifr_flags=IFF_UP} [pid 5832] futex(0x7fcb533b0328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] futex(0x7fcb533b032c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... ioctl resumed>) = 0 [pid 5833] futex(0x7fcb533b032c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5833] futex(0x7fcb533b0328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... futex resumed>) = 0 [pid 5833] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] futex(0x7fcb533b0328, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] socket(AF_AX25, SOCK_DGRAM, 0x9 /* AX25_P_??? */ [pid 5832] <... futex resumed>) = 0 [pid 5833] <... socket resumed>) = 6 [pid 5832] futex(0x7fcb533b032c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] futex(0x7fcb533b032c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] futex(0x7fcb533b0328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] futex(0x7fcb533b0328, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = 0 [pid 5832] <... futex resumed>) = 1 [pid 5833] setsockopt(6, SOL_AX25, SO_BINDTODEVICE, "\x62\x70\x71\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 5832] futex(0x7fcb533b032c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... setsockopt resumed>) = 0 [pid 5833] futex(0x7fcb533b032c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = 0 [pid 5833] <... futex resumed>) = 1 [pid 5832] exit_group(0) = ? [ 63.638831][ T5833] ------------[ cut here ]------------ [ 63.644406][ T5833] refcount_t: decrement hit 0; leaking memory. [ 63.651081][ T5833] WARNING: CPU: 1 PID: 5833 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 [ 63.660531][ T5833] Modules linked in: [ 63.664471][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: syz-executor674 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 63.675660][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 63.685834][ T5833] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 63.692073][ T5833] Code: b2 00 00 00 e8 07 43 dd fc 5b 5d c3 cc cc cc cc e8 fb 42 dd fc c6 05 0a 2b 42 0b 01 90 48 c7 c7 40 53 5f 8c e8 57 ec 9d fc 90 <0f> 0b 90 90 eb d9 e8 db 42 dd fc c6 05 e7 2a 42 0b 01 90 48 c7 c7 [ 63.711853][ T5833] RSP: 0018:ffffc90003e27728 EFLAGS: 00010246 [ 63.717983][ T5833] RAX: 095a2025559a8c00 RBX: ffff88807968664c RCX: ffff888035333c00 [ 63.725978][ T5833] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 63.734136][ T5833] RBP: 0000000000000004 R08: ffffffff81600a42 R09: fffffbfff1cfa210 [ 63.742167][ T5833] R10: dffffc0000000000 R11: fffffbfff1cfa210 R12: ffff888079686608 [ 63.750281][ T5833] R13: 0000000000000000 R14: ffff88807968664c R15: dffffc0000000000 [ 63.758325][ T5833] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 63.767320][ T5833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.773919][ T5833] CR2: 00007fcb5337cab8 CR3: 000000000e736000 CR4: 00000000003526f0 [ 63.781958][ T5833] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.789981][ T5833] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.798134][ T5833] Call Trace: [ 63.801524][ T5833] [ 63.804479][ T5833] ? __warn+0x165/0x4d0 [ 63.808682][ T5833] ? refcount_warn_saturate+0xfa/0x1d0 [ 63.814141][ T5833] ? report_bug+0x2b3/0x500 [ 63.818727][ T5833] ? refcount_warn_saturate+0xfa/0x1d0 [ 63.824208][ T5833] ? handle_bug+0x60/0x90 [ 63.828587][ T5833] ? exc_invalid_op+0x1a/0x50 [ 63.833284][ T5833] ? asm_exc_invalid_op+0x1a/0x20 [ 63.838378][ T5833] ? __warn_printk+0x292/0x360 [ 63.843157][ T5833] ? refcount_warn_saturate+0xfa/0x1d0 [ 63.848668][ T5833] ? refcount_warn_saturate+0xf9/0x1d0 [ 63.854142][ T5833] ref_tracker_free+0x6af/0x7e0 [ 63.859047][ T5833] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 63.864971][ T5833] ? __pfx_ref_tracker_free+0x10/0x10 [ 63.870505][ T5833] ? ax25_destroy_socket+0x551/0x5c0 [ 63.875805][ T5833] ax25_release+0x368/0x950 [ 63.880365][ T5833] sock_close+0xbc/0x240 [ 63.884712][ T5833] ? __pfx_sock_close+0x10/0x10 [ 63.889671][ T5833] __fput+0x23c/0xa50 [ 63.893691][ T5833] task_work_run+0x24f/0x310 [ 63.898361][ T5833] ? __pfx_task_work_run+0x10/0x10 [ 63.903493][ T5833] ? switch_task_namespaces+0xe4/0x110 [ 63.909026][ T5833] do_exit+0xa2f/0x28e0 [ 63.913202][ T5833] ? __pfx_do_exit+0x10/0x10 [ 63.917862][ T5833] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 63.923270][ T5833] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 63.929339][ T5833] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 63.935686][ T5833] ? _raw_spin_lock_irq+0xdf/0x120 [ 63.940858][ T5833] do_group_exit+0x207/0x2c0 [ 63.945467][ T5833] ? _raw_spin_unlock_irq+0x23/0x50 [ 63.950717][ T5833] ? lockdep_hardirqs_on+0x99/0x150 [ 63.955940][ T5833] get_signal+0x16b2/0x1750 [ 63.960542][ T5833] ? __pfx_get_signal+0x10/0x10 [ 63.965418][ T5833] ? _raw_spin_unlock_irq+0x23/0x50 [ 63.970671][ T5833] arch_do_signal_or_restart+0x96/0x860 [ 63.976331][ T5833] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 63.982565][ T5833] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 63.988597][ T5833] ? syscall_exit_to_user_mode+0xa3/0x340 [ 63.994324][ T5833] syscall_exit_to_user_mode+0xce/0x340 [ 63.999929][ T5833] do_syscall_64+0x100/0x230 [ 64.004548][ T5833] ? clear_bhb_loop+0x35/0x90 [ 64.009304][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.015216][ T5833] RIP: 0033:0x7fcb53326429 [ 64.019731][ T5833] Code: Unable to access opcode bytes at 0x7fcb533263ff. [ 64.026754][ T5833] RSP: 002b:00007fcb532e1238 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 64.035242][ T5833] RAX: ffffffffffffffda RBX: 00007fcb533b0328 RCX: 00007fcb53326429 [ 64.043292][ T5833] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fcb533b0328 [ 64.051352][ T5833] RBP: 00007fcb533b0320 R08: 00007fcb532e16c0 R09: 00007fcb532e16c0 [ 64.059460][ T5833] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcb5337d074 [ 64.067498][ T5833] R13: 0000000000000000 R14: 00007ffee88c0030 R15: 00007ffee88c0118 [ 64.075583][ T5833] [ 64.078666][ T5833] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 64.085960][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: syz-executor674 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 64.097068][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 64.107217][ T5833] Call Trace: [ 64.110488][ T5833] [ 64.113413][ T5833] dump_stack_lvl+0x241/0x360 [ 64.118089][ T5833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 64.123280][ T5833] ? __pfx__printk+0x10/0x10 [ 64.127859][ T5833] ? _printk+0xd5/0x120 [ 64.132005][ T5833] ? __init_begin+0x41000/0x41000 [ 64.137032][ T5833] ? vscnprintf+0x5d/0x90 [ 64.141370][ T5833] panic+0x349/0x880 [ 64.145260][ T5833] ? __warn+0x174/0x4d0 [ 64.149406][ T5833] ? __pfx_panic+0x10/0x10 [ 64.153909][ T5833] __warn+0x344/0x4d0 [ 64.157882][ T5833] ? refcount_warn_saturate+0xfa/0x1d0 [ 64.163378][ T5833] report_bug+0x2b3/0x500 [ 64.167697][ T5833] ? refcount_warn_saturate+0xfa/0x1d0 [ 64.173210][ T5833] handle_bug+0x60/0x90 [ 64.177381][ T5833] exc_invalid_op+0x1a/0x50 [ 64.181882][ T5833] asm_exc_invalid_op+0x1a/0x20 [ 64.186833][ T5833] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 64.192904][ T5833] Code: b2 00 00 00 e8 07 43 dd fc 5b 5d c3 cc cc cc cc e8 fb 42 dd fc c6 05 0a 2b 42 0b 01 90 48 c7 c7 40 53 5f 8c e8 57 ec 9d fc 90 <0f> 0b 90 90 eb d9 e8 db 42 dd fc c6 05 e7 2a 42 0b 01 90 48 c7 c7 [ 64.212513][ T5833] RSP: 0018:ffffc90003e27728 EFLAGS: 00010246 [ 64.218584][ T5833] RAX: 095a2025559a8c00 RBX: ffff88807968664c RCX: ffff888035333c00 [ 64.226571][ T5833] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 64.234535][ T5833] RBP: 0000000000000004 R08: ffffffff81600a42 R09: fffffbfff1cfa210 [ 64.242508][ T5833] R10: dffffc0000000000 R11: fffffbfff1cfa210 R12: ffff888079686608 [ 64.250477][ T5833] R13: 0000000000000000 R14: ffff88807968664c R15: dffffc0000000000 [ 64.258450][ T5833] ? __warn_printk+0x292/0x360 [ 64.263304][ T5833] ? refcount_warn_saturate+0xf9/0x1d0 [ 64.268762][ T5833] ref_tracker_free+0x6af/0x7e0 [ 64.273611][ T5833] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 64.279504][ T5833] ? __pfx_ref_tracker_free+0x10/0x10 [ 64.284885][ T5833] ? ax25_destroy_socket+0x551/0x5c0 [ 64.290168][ T5833] ax25_release+0x368/0x950 [ 64.294695][ T5833] sock_close+0xbc/0x240 [ 64.298969][ T5833] ? __pfx_sock_close+0x10/0x10 [ 64.303842][ T5833] __fput+0x23c/0xa50 [ 64.307833][ T5833] task_work_run+0x24f/0x310 [ 64.312426][ T5833] ? __pfx_task_work_run+0x10/0x10 [ 64.317536][ T5833] ? switch_task_namespaces+0xe4/0x110 [ 64.323079][ T5833] do_exit+0xa2f/0x28e0 [ 64.327237][ T5833] ? __pfx_do_exit+0x10/0x10 [ 64.331821][ T5833] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 64.337189][ T5833] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 64.343169][ T5833] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 64.349490][ T5833] ? _raw_spin_lock_irq+0xdf/0x120 [ 64.354615][ T5833] do_group_exit+0x207/0x2c0 [ 64.359203][ T5833] ? _raw_spin_unlock_irq+0x23/0x50 [ 64.364397][ T5833] ? lockdep_hardirqs_on+0x99/0x150 [ 64.369593][ T5833] get_signal+0x16b2/0x1750 [ 64.374105][ T5833] ? __pfx_get_signal+0x10/0x10 [ 64.378950][ T5833] ? _raw_spin_unlock_irq+0x23/0x50 [ 64.384150][ T5833] arch_do_signal_or_restart+0x96/0x860 [ 64.389701][ T5833] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 64.395854][ T5833] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 64.401838][ T5833] ? syscall_exit_to_user_mode+0xa3/0x340 [ 64.407551][ T5833] syscall_exit_to_user_mode+0xce/0x340 [ 64.413097][ T5833] do_syscall_64+0x100/0x230 [ 64.417682][ T5833] ? clear_bhb_loop+0x35/0x90 [ 64.422359][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.428244][ T5833] RIP: 0033:0x7fcb53326429 [ 64.432648][ T5833] Code: Unable to access opcode bytes at 0x7fcb533263ff. [ 64.439675][ T5833] RSP: 002b:00007fcb532e1238 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 64.448084][ T5833] RAX: ffffffffffffffda RBX: 00007fcb533b0328 RCX: 00007fcb53326429 [ 64.456047][ T5833] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fcb533b0328 [ 64.464009][ T5833] RBP: 00007fcb533b0320 R08: 00007fcb532e16c0 R09: 00007fcb532e16c0 [ 64.471971][ T5833] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcb5337d074 [ 64.479956][ T5833] R13: 0000000000000000 R14: 00007ffee88c0030 R15: 00007ffee88c0118 [ 64.487956][ T5833] [ 64.491394][ T5833] Kernel Offset: disabled [ 64.495771][ T5833] Rebooting in 86400 seconds..