./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1561971869

<...>
Warning: Permanently added '10.128.1.140' (ED25519) to the list of known hosts.
execve("./syz-executor1561971869", ["./syz-executor1561971869"], 0x7ffe48ca5140 /* 10 vars */) = 0
brk(NULL)                               = 0x55558c827000
brk(0x55558c827d00)                     = 0x55558c827d00
arch_prctl(ARCH_SET_FS, 0x55558c827380) = 0
set_tid_address(0x55558c827650)         = 5103
set_robust_list(0x55558c827660, 24)     = 0
rseq(0x55558c827ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1561971869", 4096) = 28
getrandom("\xf4\x66\x76\x2a\x8f\xc1\xcc\xc1", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55558c827d00
brk(0x55558c848d00)                     = 0x55558c848d00
brk(0x55558c849000)                     = 0x55558c849000
mprotect(0x7f26cdc13000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached
, child_tidptr=0x55558c827650) = 5104
[pid  5104] set_robust_list(0x55558c827660, 24) = 0
[pid  5104] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5104] setsid()                    = 1
[pid  5104] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5104] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5104] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5104] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5104] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5104] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5104] unshare(CLONE_NEWNS)        = 0
[pid  5104] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5104] unshare(CLONE_NEWIPC)       = 0
[pid  5104] unshare(CLONE_NEWCGROUP)    = 0
[pid  5104] unshare(CLONE_NEWUTS)       = 0
[pid  5104] unshare(CLONE_SYSVSEM)      = 0
[pid  5104] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5104] write(3, "16777216", 8)     = 8
[pid  5104] close(3)                    = 0
[pid  5104] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5104] write(3, "536870912", 9)    = 9
[pid  5104] close(3)                    = 0
[pid  5104] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5104] write(3, "1024", 4)         = 4
[pid  5104] close(3)                    = 0
[pid  5104] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5104] write(3, "8192", 4)         = 4
[pid  5104] close(3)                    = 0
[pid  5104] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5104] write(3, "1024", 4)         = 4
[pid  5104] close(3)                    = 0
[pid  5104] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5104] write(3, "1024", 4)         = 4
[pid  5104] close(3)                    = 0
[pid  5104] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5104] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5104] close(3)                    = 0
[pid  5104] getpid()                    = 1
[pid  5104] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5104] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5104] unshare(CLONE_NEWNET)       = 0
[pid  5104] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5104] write(3, "0 65535", 7)      = 7
[pid  5104] close(3)                    = 0
[pid  5104] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid  5104] dup2(3, 200)                = 200
[pid  5104] close(3)                    = 0
[pid  5104] ioctl(200, TUNSETIFF, 0x7ffd1139eb70) = 0
[pid  5104] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid  5104] write(3, "0", 1)            = 1
[pid  5104] close(3)                    = 0
[pid  5104] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid  5104] write(3, "0", 1)            = 1
[pid  5104] close(3)                    = 0
[pid  5104] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  5104] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5104] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5104] close(4)                    = 0
[pid  5104] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5104] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5104] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5104] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5104] close(4)                    = 0
[pid  5104] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5104] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5104] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5104] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5104] close(4)                    = 0
[pid  5104] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid  5104] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5104] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5104] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5104] close(4)                    = 0
[pid  5104] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid  5104] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5104] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5104] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5104] close(4)                    = 0
[pid  5104] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid  5104] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5104] close(3)                    = 0
[pid  5104] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5104] write(3, "100000", 6)       = 6
[pid  5104] close(3)                    = 0
[pid  5104] mkdir("./syz-tmp", 0777)    = 0
[pid  5104] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5104] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5104] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5104] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5104] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5104] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5104] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5104] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5104] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5104] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5104] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5104] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5104] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5104] chdir("/")                  = 0
[pid  5104] umount2("./pivot", MNT_DETACH) = 0
[pid  5104] chroot("./newroot")         = 0
[pid  5104] chdir("/")                  = 0
[pid  5104] mkdir("/dev/binderfs", 0777) = 0
[pid  5104] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5104] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5104] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5107 attached
, child_tidptr=0x55558c827650) = 2
[pid  5107] set_robust_list(0x55558c827660, 24) = 0
[pid  5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5107] setpgid(0, 0)               = 0
[pid  5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5107] write(3, "1000", 4)         = 4
[pid  5107] close(3)                    = 0
[pid  5107] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid  5107] read(200, 0x7ffd1139e710, 1000) = -1 EAGAIN (Resource temporarily unavailable)
executing program
[pid  5107] write(1, "executing program\n", 18) = 18
[pid  5107] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=3, insns=0x20000140, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_STRICT_ALIGNMENT|BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ|0x20, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = 3
[pid  5107] socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) = 4
[pid  5107] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5107] bpf(BPF_LINK_CREATE, {link_create={prog_fd=3, target_fd=11, attach_type=BPF_XDP, flags=0}}, 64) = 5
[   56.332744][    C0] ==================================================================
[   56.340843][    C0] BUG: KASAN: stack-out-of-bounds in xdp_do_check_flushed+0x231/0x240
[   56.349012][    C0] Read of size 4 at addr ffffc90003def7f8 by task syz-executor156/5107
[   56.357239][    C0] 
[   56.359561][    C0] CPU: 0 UID: 0 PID: 5107 Comm: syz-executor156 Not tainted 6.10.0-rc7-next-20240710-syzkaller #0
[   56.370143][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   56.380201][    C0] Call Trace:
[   56.383486][    C0]  <IRQ>
[   56.386330][    C0]  dump_stack_lvl+0x241/0x360
[   56.391002][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   56.396212][    C0]  ? __pfx__printk+0x10/0x10
[   56.400800][    C0]  ? _printk+0xd5/0x120
[   56.404959][    C0]  print_report+0x169/0x550
[   56.409466][    C0]  ? __virt_addr_valid+0xbd/0x530
[   56.414503][    C0]  ? xdp_do_check_flushed+0x231/0x240
[   56.419885][    C0]  kasan_report+0x143/0x180
[   56.424392][    C0]  ? xdp_do_check_flushed+0x231/0x240
[   56.429763][    C0]  xdp_do_check_flushed+0x231/0x240
[   56.434959][    C0]  __napi_poll+0xe4/0x490
[   56.439333][    C0]  net_rx_action+0x89b/0x1240
[   56.444022][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   56.449143][    C0]  ? sched_clock+0x4a/0x70
[   56.453559][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[   56.459358][    C0]  ? sched_clock_cpu+0x76/0x490
[   56.464198][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   56.470519][    C0]  ? rcu_is_watching+0x15/0xb0
[   56.475278][    C0]  handle_softirqs+0x2c4/0x970
[   56.480057][    C0]  ? do_softirq+0x11b/0x1e0
[   56.484552][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   56.489840][    C0]  do_softirq+0x11b/0x1e0
[   56.494168][    C0]  </IRQ>
[   56.497093][    C0]  <TASK>
[   56.500023][    C0]  ? __pfx_do_softirq+0x10/0x10
[   56.504876][    C0]  ? lock_release+0xbf/0x9f0
[   56.509556][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[   56.515183][    C0]  ? rcu_is_watching+0x15/0xb0
[   56.519966][    C0]  __local_bh_enable_ip+0x1bb/0x200
[   56.525157][    C0]  ? tun_get_user+0x270a/0x4720
[   56.530006][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   56.535719][    C0]  ? tun_get_user+0x270a/0x4720
[   56.540559][    C0]  tun_get_user+0x2884/0x4720
[   56.545254][    C0]  ? rcu_is_watching+0x15/0xb0
[   56.550112][    C0]  ? lock_release+0xbf/0x9f0
[   56.554713][    C0]  ? aa_file_perm+0x137/0xf60
[   56.559491][    C0]  ? __pfx_tun_get_user+0x10/0x10
[   56.564517][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[   56.569712][    C0]  ? tun_get+0x1e/0x2f0
[   56.573858][    C0]  ? rcu_is_watching+0x15/0xb0
[   56.578608][    C0]  ? tun_get+0x1e/0x2f0
[   56.582754][    C0]  ? lock_release+0xbf/0x9f0
[   56.587337][    C0]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   56.592785][    C0]  ? __pfx_lock_release+0x10/0x10
[   56.597846][    C0]  ? end_current_label_crit_section+0x14e/0x180
[   56.604082][    C0]  ? common_file_perm+0x1a6/0x210
[   56.609103][    C0]  ? tun_get+0x1e/0x2f0
[   56.613247][    C0]  ? tun_get+0x27d/0x2f0
[   56.617480][    C0]  tun_chr_write_iter+0x113/0x1f0
[   56.622501][    C0]  vfs_write+0xa72/0xc90
[   56.626740][    C0]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   56.632279][    C0]  ? __pfx_vfs_write+0x10/0x10
[   56.637044][    C0]  ksys_write+0x1a0/0x2c0
[   56.641378][    C0]  ? __pfx_ksys_write+0x10/0x10
[   56.646225][    C0]  ? rcu_is_watching+0x15/0xb0
[   56.650982][    C0]  do_syscall_64+0xf3/0x230
[   56.655481][    C0]  ? clear_bhb_loop+0x35/0x90
[   56.660151][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.666494][    C0] RIP: 0033:0x7f26cdb99d90
[   56.671511][    C0] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d 11 e3 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   56.691107][    C0] RSP: 002b:00007ffd1139eb08 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   56.699526][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f26cdb99d90
[   56.707489][    C0] RDX: 000000000000fdef RSI: 0000000020000200 RDI: 00000000000000c8
[   56.715450][    C0] RBP: 0000000000000000 R08: 00007ffd1139ec38 R09: 00007ffd1139ec38
[   56.723409][    C0] R10: 00007ffd1139ec38 R11: 0000000000000202 R12: 0000000000000000
[   56.731387][    C0] R13: 0000000000000000 R14: 00007ffd1139eb40 R15: 00007ffd1139eb30
[   56.739391][    C0]  </TASK>
[   56.742409][    C0] 
[   56.744726][    C0] The buggy address belongs to stack of task syz-executor156/5107
[   56.752538][    C0]  and is located at offset 88 in frame:
[   56.758166][    C0]  do_softirq+0x0/0x1e0
[   56.762325][    C0] 
[   56.764640][    C0] This frame has 2 objects:
[   56.769157][    C0]  [32, 40) 'flags.i.i.i105'
[   56.769174][    C0]  [64, 72) 'flags.i.i.i'
[   56.773753][    C0] 
[   56.780375][    C0] The buggy address belongs to the virtual mapping at
[   56.780375][    C0]  [ffffc90003de8000, ffffc90003df1000) created by:
[   56.780375][    C0]  copy_process+0x5d1/0x3d90
[   56.798002][    C0] 
[   56.800316][    C0] The buggy address belongs to the physical page:
[   56.806734][    C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6b798
[   56.815498][    C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   56.822601][    C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   56.831272][    C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   56.839857][    C0] page dumped because: kasan: bad access detected
[   56.846263][    C0] page_owner tracks the page as allocated
[   56.851966][    C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5089, tgid 5089 (sshd), ts 45267990588, free_ts 13316620078
[   56.870452][    C0]  post_alloc_hook+0x1f3/0x230
[   56.875215][    C0]  get_page_from_freelist+0x2ccb/0x2d80
[   56.880749][    C0]  __alloc_pages_noprof+0x256/0x6c0
[   56.885944][    C0]  alloc_pages_mpol_noprof+0x3e8/0x680
[   56.891406][    C0]  __vmalloc_node_range_noprof+0x971/0x1460
[   56.897291][    C0]  dup_task_struct+0x444/0x8c0
[   56.902048][    C0]  copy_process+0x5d1/0x3d90
[   56.906632][    C0]  kernel_clone+0x226/0x8f0
[   56.911128][    C0]  __x64_sys_clone+0x258/0x2a0
[   56.915890][    C0]  do_syscall_64+0xf3/0x230
[   56.920385][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.926296][    C0] page last free pid 1 tgid 1 stack trace:
[   56.932099][    C0]  free_unref_page+0xd22/0xea0
[   56.936872][    C0]  free_contig_range+0x9e/0x160
[   56.941729][    C0]  destroy_args+0x8a/0x890
[   56.946147][    C0]  debug_vm_pgtable+0x4be/0x550
[   56.950992][    C0]  do_one_initcall+0x248/0x880
[   56.955749][    C0]  do_initcall_level+0x157/0x210
[   56.960682][    C0]  do_initcalls+0x3f/0x80
[   56.965003][    C0]  kernel_init_freeable+0x435/0x5d0
[   56.970195][    C0]  kernel_init+0x1d/0x2b0
[   56.974519][    C0]  ret_from_fork+0x4b/0x80
[   56.978931][    C0]  ret_from_fork_asm+0x1a/0x30
[   56.983689][    C0] 
[   56.986024][    C0] Memory state around the buggy address:
[   56.991675][    C0]  ffffc90003def680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   56.999724][    C0]  ffffc90003def700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.007772][    C0] >ffffc90003def780: 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 f3 f3 f3
[   57.015819][    C0]                                                                 ^
[   57.023781][    C0]  ffffc90003def800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.031826][    C0]  ffffc90003def880: f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00 00 00 00 00
[   57.039964][    C0] ==================================================================
[   57.048111][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   57.055355][    C0] CPU: 0 UID: 0 PID: 5107 Comm: syz-executor156 Not tainted 6.10.0-rc7-next-20240710-syzkaller #0
[   57.066032][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   57.076084][    C0] Call Trace:
[   57.079355][    C0]  <IRQ>
[   57.082189][    C0]  dump_stack_lvl+0x241/0x360
[   57.086873][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   57.092061][    C0]  ? __pfx__printk+0x10/0x10
[   57.096643][    C0]  ? __irq_exit_rcu+0x100/0x1c0
[   57.101485][    C0]  ? vscnprintf+0x5d/0x90
[   57.105810][    C0]  panic+0x349/0x870
[   57.109710][    C0]  ? check_panic_on_warn+0x21/0xb0
[   57.114810][    C0]  ? __pfx_panic+0x10/0x10
[   57.119226][    C0]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[   57.125104][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   57.130985][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   57.137331][    C0]  check_panic_on_warn+0x86/0xb0
[   57.142279][    C0]  ? xdp_do_check_flushed+0x231/0x240
[   57.147692][    C0]  end_report+0x77/0x160
[   57.151938][    C0]  kasan_report+0x154/0x180
[   57.156456][    C0]  ? xdp_do_check_flushed+0x231/0x240
[   57.161844][    C0]  xdp_do_check_flushed+0x231/0x240
[   57.167053][    C0]  __napi_poll+0xe4/0x490
[   57.171389][    C0]  net_rx_action+0x89b/0x1240
[   57.176076][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   57.181193][    C0]  ? sched_clock+0x4a/0x70
[   57.185629][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[   57.191430][    C0]  ? sched_clock_cpu+0x76/0x490
[   57.196272][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   57.202593][    C0]  ? rcu_is_watching+0x15/0xb0
[   57.207349][    C0]  handle_softirqs+0x2c4/0x970
[   57.212112][    C0]  ? do_softirq+0x11b/0x1e0
[   57.216610][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   57.221891][    C0]  do_softirq+0x11b/0x1e0
[   57.226215][    C0]  </IRQ>
[   57.229137][    C0]  <TASK>
[   57.232062][    C0]  ? __pfx_do_softirq+0x10/0x10
[   57.236907][    C0]  ? lock_release+0xbf/0x9f0
[   57.241491][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[   57.247126][    C0]  ? rcu_is_watching+0x15/0xb0
[   57.251884][    C0]  __local_bh_enable_ip+0x1bb/0x200
[   57.257077][    C0]  ? tun_get_user+0x270a/0x4720
[   57.261927][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   57.267643][    C0]  ? tun_get_user+0x270a/0x4720
[   57.272485][    C0]  tun_get_user+0x2884/0x4720
[   57.277164][    C0]  ? rcu_is_watching+0x15/0xb0
[   57.281923][    C0]  ? lock_release+0xbf/0x9f0
[   57.286508][    C0]  ? aa_file_perm+0x137/0xf60
[   57.291183][    C0]  ? __pfx_tun_get_user+0x10/0x10
[   57.296202][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[   57.301392][    C0]  ? tun_get+0x1e/0x2f0
[   57.305542][    C0]  ? rcu_is_watching+0x15/0xb0
[   57.310294][    C0]  ? tun_get+0x1e/0x2f0
[   57.314557][    C0]  ? lock_release+0xbf/0x9f0
[   57.319139][    C0]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   57.324589][    C0]  ? __pfx_lock_release+0x10/0x10
[   57.329632][    C0]  ? end_current_label_crit_section+0x14e/0x180
[   57.335866][    C0]  ? common_file_perm+0x1a6/0x210
[   57.340880][    C0]  ? tun_get+0x1e/0x2f0
[   57.345027][    C0]  ? tun_get+0x27d/0x2f0
[   57.349258][    C0]  tun_chr_write_iter+0x113/0x1f0
[   57.354278][    C0]  vfs_write+0xa72/0xc90
[   57.358518][    C0]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   57.364058][    C0]  ? __pfx_vfs_write+0x10/0x10
[   57.368828][    C0]  ksys_write+0x1a0/0x2c0
[   57.373285][    C0]  ? __pfx_ksys_write+0x10/0x10
[   57.378173][    C0]  ? rcu_is_watching+0x15/0xb0
[   57.382955][    C0]  do_syscall_64+0xf3/0x230
[   57.387486][    C0]  ? clear_bhb_loop+0x35/0x90
[   57.392194][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.398117][    C0] RIP: 0033:0x7f26cdb99d90
[   57.402555][    C0] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d 11 e3 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[   57.422179][    C0] RSP: 002b:00007ffd1139eb08 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[   57.430618][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f26cdb99d90
[   57.438580][    C0] RDX: 000000000000fdef RSI: 0000000020000200 RDI: 00000000000000c8
[   57.446543][    C0] RBP: 0000000000000000 R08: 00007ffd1139ec38 R09: 00007ffd1139ec38
[   57.454679][    C0] R10: 00007ffd1139ec38 R11: 0000000000000202 R12: 0000000000000000
[   57.462638][    C0] R13: 0000000000000000 R14: 00007ffd1139eb40 R15: 00007ffd1139eb30
[   57.470607][    C0]  </TASK>
[   57.475078][    C0] Kernel Offset: disabled
[   57.479396][    C0] Rebooting in 86400 seconds..