./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3793582327

<...>
Warning: Permanently added '10.128.1.76' (ED25519) to the list of known hosts.
execve("./syz-executor3793582327", ["./syz-executor3793582327"], 0x7ffefed38160 /* 10 vars */) = 0
brk(NULL)                               = 0x5555697ee000
brk(0x5555697eed00)                     = 0x5555697eed00
arch_prctl(ARCH_SET_FS, 0x5555697ee380) = 0
set_tid_address(0x5555697ee650)         = 5225
set_robust_list(0x5555697ee660, 24)     = 0
rseq(0x5555697eeca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3793582327", 4096) = 28
getrandom("\x3c\x3a\x89\xab\xd5\xb4\x85\xc8", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555697eed00
brk(0x55556980fd00)                     = 0x55556980fd00
brk(0x555569810000)                     = 0x555569810000
mprotect(0x7f7692d85000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5226 attached
, child_tidptr=0x5555697ee650) = 5226
[pid  5226] set_robust_list(0x5555697ee660, 24) = 0
[pid  5226] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5226] setsid()                    = 1
[pid  5226] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5226] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5226] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5226] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5226] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5226] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5226] unshare(CLONE_NEWNS)        = 0
[pid  5226] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5226] unshare(CLONE_NEWIPC)       = 0
[pid  5226] unshare(CLONE_NEWCGROUP)    = 0
[pid  5226] unshare(CLONE_NEWUTS)       = 0
[pid  5226] unshare(CLONE_SYSVSEM)      = 0
[pid  5226] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5226] write(3, "16777216", 8)     = 8
[pid  5226] close(3)                    = 0
[pid  5226] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5226] write(3, "536870912", 9)    = 9
[pid  5226] close(3)                    = 0
[pid  5226] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5226] write(3, "1024", 4)         = 4
[pid  5226] close(3)                    = 0
[pid  5226] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5226] write(3, "8192", 4)         = 4
[pid  5226] close(3)                    = 0
[pid  5226] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5226] write(3, "1024", 4)         = 4
[pid  5226] close(3)                    = 0
[pid  5226] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5226] write(3, "1024", 4)         = 4
[pid  5226] close(3)                    = 0
[pid  5226] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5226] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5226] close(3)                    = 0
[pid  5226] getpid()                    = 1
[pid  5226] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5226] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5226] unshare(CLONE_NEWNET)       = 0
[pid  5226] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5226] write(3, "0 65535", 7)      = 7
[pid  5226] close(3)                    = 0
[pid  5226] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid  5226] dup2(3, 200)                = 200
[pid  5226] close(3)                    = 0
[pid  5226] ioctl(200, TUNSETIFF, 0x7ffc4073c270) = 0
[pid  5226] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid  5226] write(3, "0", 1)            = 1
[pid  5226] close(3)                    = 0
[pid  5226] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid  5226] write(3, "0", 1)            = 1
[pid  5226] close(3)                    = 0
[pid  5226] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  5226] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5226] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5226] close(4)                    = 0
[pid  5226] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5226] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5226] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5226] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5226] close(4)                    = 0
[pid  5226] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5226] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5226] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5226] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5226] close(4)                    = 0
[pid  5226] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid  5226] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5226] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5226] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5226] close(4)                    = 0
[pid  5226] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid  5226] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5226] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5226] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5226] close(4)                    = 0
[pid  5226] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid  5226] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5226] close(3)                    = 0
[pid  5226] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5226] write(3, "100000", 6)       = 6
[pid  5226] close(3)                    = 0
[pid  5226] mkdir("./syz-tmp", 0777)    = 0
[pid  5226] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5226] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5226] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5226] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5226] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5226] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5226] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5226] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5226] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5226] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5226] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5226] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5226] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5226] chdir("/")                  = 0
[pid  5226] umount2("./pivot", MNT_DETACH) = 0
[pid  5226] chroot("./newroot")         = 0
[pid  5226] chdir("/")                  = 0
[pid  5226] mkdir("/dev/binderfs", 0777) = 0
[pid  5226] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5226] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5226] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5229 attached
 <unfinished ...>
[pid  5229] set_robust_list(0x5555697ee660, 24 <unfinished ...>
[pid  5226] <... clone resumed>, child_tidptr=0x5555697ee650) = 2
[pid  5229] <... set_robust_list resumed>) = 0
[pid  5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5229] setpgid(0, 0)               = 0
[pid  5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5229] write(3, "1000", 4)         = 4
[pid  5229] close(3)                    = 0
[pid  5229] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid  5229] read(200, 0x7ffc4073be10, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid  5229] write(1, "executing program\n", 18executing program
) = 18
[pid  5229] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=3, insns=0x20000140, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=BPF_F_STRICT_ALIGNMENT|BPF_F_TEST_RND_HI32|BPF_F_TEST_STATE_FREQ|0x20, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = 3
[pid  5229] socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) = 4
[pid  5229] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5229] bpf(BPF_LINK_CREATE, {link_create={prog_fd=3, target_fd=11, attach_type=BPF_XDP, flags=0}}, 64) = 5
[pid  5229] write(200, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65007) = 65007
[pid  5229] close(3)                    = 0
[pid  5229] close(4)                    = 0
[pid  5229] close(5)                    = 0
[pid  5229] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5229] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5229] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5229] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5229] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5229] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5229] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5229] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5229] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5229] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5229] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5229] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5229] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5229] close(19)                   = -1 EBADF (Bad file descriptor)
[   67.158280][    C0] Oops: general protection fault, probably for non-canonical address 0xe3fffa2202e4cfad: 0000 [#1] PREEMPT SMP KASAN PTI
[   67.158308][    C0] KASAN: maybe wild-memory-access in range [0x1ffff11017267d68-0x1ffff11017267d6f]
[   67.158334][    C0] CPU: 0 UID: 0 PID: 5229 Comm: syz-executor379 Not tainted 6.10.0-next-20240726-syzkaller #0
[   67.158356][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   67.158370][    C0] RIP: 0010:__cpu_map_flush+0x42/0xd0
[   67.158418][    C0] Code: e8 13 8c d6 ff 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 8d 10 3e 00 49 8b 1e 4c 39 f3 74 77 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 6f 10 3e 00 4c 8b 23 48 8d 7b c0
[   67.158436][    C0] RSP: 0018:ffffc90000007b10 EFLAGS: 00010202
[   67.158454][    C0] RAX: 03fffe2202e4cfad RBX: 1ffff11017267d6b RCX: ffff888026d15a00
[   67.158469][    C0] RDX: 0000000080000102 RSI: 0000000000000000 RDI: ffffc900035a7800
[   67.158482][    C0] RBP: dffffc0000000000 R08: ffffffff8992342a R09: 1ffffffff202fc75
[   67.158497][    C0] R10: dffffc0000000000 R11: fffffbfff202fc76 R12: ffffc900035a7800
[   67.158511][    C0] R13: ffffc900035a77c0 R14: ffffc900035a7800 R15: dffffc0000000000
[   67.158526][    C0] FS:  00005555697ee380(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
[   67.158543][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   67.158556][    C0] CR2: 000000002000f000 CR3: 0000000076e4c000 CR4: 00000000003506f0
[   67.158572][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   67.158583][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   67.158595][    C0] Call Trace:
[   67.158602][    C0]  <IRQ>
[   67.158610][    C0]  ? __die_body+0x88/0xe0
[   67.158638][    C0]  ? die_addr+0x108/0x140
[   67.158663][    C0]  ? exc_general_protection+0x3dd/0x5d0
[   67.158702][    C0]  ? asm_exc_general_protection+0x26/0x30
[   67.158725][    C0]  ? xdp_do_check_flushed+0x10a/0x240
[   67.158754][    C0]  ? __cpu_map_flush+0x42/0xd0
[   67.158780][    C0]  xdp_do_check_flushed+0x136/0x240
[   67.158809][    C0]  __napi_poll+0xe4/0x490
[   67.158835][    C0]  net_rx_action+0x89b/0x1240
[   67.158872][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   67.158912][    C0]  ? sched_clock+0x4a/0x70
[   67.158942][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   67.158974][    C0]  handle_softirqs+0x2c4/0x970
[   67.159001][    C0]  ? __irq_exit_rcu+0xf4/0x1c0
[   67.159027][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   67.159053][    C0]  ? irqtime_account_irq+0xd4/0x1e0
[   67.159081][    C0]  __irq_exit_rcu+0xf4/0x1c0
[   67.159104][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[   67.159132][    C0]  irq_exit_rcu+0x9/0x30
[   67.159154][    C0]  common_interrupt+0xaa/0xd0
[   67.159174][    C0]  </IRQ>
[   67.159180][    C0]  <TASK>
[   67.159188][    C0]  asm_common_interrupt+0x26/0x40
[   67.159207][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140
[   67.159234][    C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 8e be 37 f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 83 4f 9f f5 65 8b 05 04 46 40 74 85 c0 74 43 48 c7 04 24 0e 36
[   67.159249][    C0] RSP: 0018:ffffc900035a7b60 EFLAGS: 00000206
[   67.159264][    C0] RAX: c97183fe8872c200 RBX: 1ffff920006b4f70 RCX: ffffffff817022aa
[   67.159279][    C0] RDX: dffffc0000000000 RSI: ffffffff8c0ad540 RDI: 0000000000000001
[   67.159292][    C0] RBP: ffffc900035a7bf0 R08: ffffffff93737817 R09: 1ffffffff26e6f02
[   67.159306][    C0] R10: dffffc0000000000 R11: fffffbfff26e6f03 R12: dffffc0000000000
[   67.159320][    C0] R13: 1ffff920006b4f6c R14: ffffc900035a7b80 R15: 0000000000000246
[   67.159338][    C0]  ? mark_lock+0x9a/0x360
[   67.159367][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   67.159394][    C0]  ? __wake_up_common_lock+0x18c/0x1e0
[   67.159423][    C0]  do_notify_parent_cldstop+0x9ab/0xb50
[   67.159449][    C0]  ? __pfx_do_notify_parent_cldstop+0x10/0x10
[   67.159483][    C0]  ptrace_stop+0x465/0x940
[   67.159510][    C0]  ptrace_notify+0x255/0x380
[   67.159532][    C0]  ? __pfx_ptrace_notify+0x10/0x10
[   67.159557][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   67.159583][    C0]  ? do_syscall_64+0x100/0x230
[   67.159612][    C0]  syscall_trace_enter+0x5d/0x150
[   67.159634][    C0]  do_syscall_64+0xcc/0x230
[   67.159660][    C0]  ? clear_bhb_loop+0x35/0x90
[   67.159682][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.159702][    C0] RIP: 0033:0x7f7692d0be60
[   67.159721][    C0] Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 80 3d 41 e2 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c
[   67.159735][    C0] RSP: 002b:00007ffc4073c208 EFLAGS: 00000202 ORIG_RAX: 0000000000000003
[   67.159753][    C0] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 00007f7692d0be60
[   67.159766][    C0] RDX: ffffffffffffffb8 RSI: 0000000020000200 RDI: 0000000000000014
[   67.159779][    C0] RBP: 0000000000000000 R08: 00007ffc4073c338 R09: 00007ffc4073c338
[   67.159792][    C0] R10: 00007ffc4073c338 R11: 0000000000000202 R12: 0000000000000000
[   67.159804][    C0] R13: 0000000000000000 R14: 00007ffc4073c240 R15: 00007ffc4073c230
[   67.159825][    C0]  </TASK>
[   67.159831][    C0] Modules linked in:
[   67.159843][    C0] ---[ end trace 0000000000000000 ]---
[   67.657342][    C0] RIP: 0010:__cpu_map_flush+0x42/0xd0
[   67.662733][    C0] Code: e8 13 8c d6 ff 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 8d 10 3e 00 49 8b 1e 4c 39 f3 74 77 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 6f 10 3e 00 4c 8b 23 48 8d 7b c0
[   67.682364][    C0] RSP: 0018:ffffc90000007b10 EFLAGS: 00010202
[   67.688453][    C0] RAX: 03fffe2202e4cfad RBX: 1ffff11017267d6b RCX: ffff888026d15a00
[   67.696441][    C0] RDX: 0000000080000102 RSI: 0000000000000000 RDI: ffffc900035a7800
[   67.704434][    C0] RBP: dffffc0000000000 R08: ffffffff8992342a R09: 1ffffffff202fc75
[   67.712422][    C0] R10: dffffc0000000000 R11: fffffbfff202fc76 R12: ffffc900035a7800
[   67.720428][    C0] R13: ffffc900035a77c0 R14: ffffc900035a7800 R15: dffffc0000000000
[   67.728423][    C0] FS:  00005555697ee380(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
[   67.737373][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   67.743958][    C0] CR2: 000000002000f000 CR3: 0000000076e4c000 CR4: 00000000003506f0
[   67.751954][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   67.759946][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   67.767954][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[   67.775355][    C0] Kernel Offset: disabled
[   67.779665][    C0] Rebooting in 86400 seconds..