./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2917071350 <...> Warning: Permanently added '10.128.10.31' (ED25519) to the list of known hosts. execve("./syz-executor2917071350", ["./syz-executor2917071350"], 0x7ffdfb0b2920 /* 10 vars */) = 0 brk(NULL) = 0x5555558df000 brk(0x5555558dfd00) = 0x5555558dfd00 arch_prctl(ARCH_SET_FS, 0x5555558df380) = 0 set_tid_address(0x5555558df650) = 5060 set_robust_list(0x5555558df660, 24) = 0 rseq(0x5555558dfca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2917071350", 4096) = 28 getrandom("\xcc\xa3\x40\x92\x63\xf8\xd5\x2f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555558dfd00 brk(0x555555900d00) = 0x555555900d00 brk(0x555555901000) = 0x555555901000 mprotect(0x7f5179ea5000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558df650) = 5061 ./strace-static-x86_64: Process 5061 attached [pid 5061] set_robust_list(0x5555558df660, 24) = 0 [pid 5061] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5061] setsid() = 1 [pid 5061] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5061] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5061] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5061] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5061] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5061] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5061] unshare(CLONE_NEWNS) = 0 [pid 5061] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5061] unshare(CLONE_NEWIPC) = 0 [pid 5061] unshare(CLONE_NEWCGROUP) = 0 [pid 5061] unshare(CLONE_NEWUTS) = 0 [pid 5061] unshare(CLONE_SYSVSEM) = 0 [pid 5061] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "16777216", 8) = 8 [pid 5061] close(3) = 0 [pid 5061] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "536870912", 9) = 9 [pid 5061] close(3) = 0 [pid 5061] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "1024", 4) = 4 [pid 5061] close(3) = 0 [pid 5061] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "8192", 4) = 4 [pid 5061] close(3) = 0 [pid 5061] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "1024", 4) = 4 [pid 5061] close(3) = 0 [pid 5061] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "1024", 4) = 4 [pid 5061] close(3) = 0 [pid 5061] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5061] close(3) = 0 [pid 5061] getpid() = 1 [pid 5061] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< 12]) = 0 [pid 5070] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x44\x00\x00\x00\x10\x00\x13\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x14\x00\x12\x80\x0c\x00\x01\x00\x6d\x61\x63\x76\x6c\x61\x6e\x00\x04\x00\x02\x80\x08\x00\x05\x00\x02\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", iov_len=68}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 68 [pid 5070] close(3) = 0 [pid 5070] close(4) = 0 [pid 5070] close(5) = -1 EBADF (Bad file descriptor) [pid 5070] close(6) = -1 EBADF (Bad file descriptor) [pid 5070] close(7) = -1 EBADF (Bad file descriptor) [pid 5070] close(8) = -1 EBADF (Bad file descriptor) [pid 5070] close(9) = -1 EBADF (Bad file descriptor) [pid 5070] close(10) = -1 EBADF (Bad file descriptor) [pid 5070] close(11) = -1 EBADF (Bad file descriptor) [pid 5070] close(12) = -1 EBADF (Bad file descriptor) [pid 5070] close(13) = -1 EBADF (Bad file descriptor) [pid 5070] close(14) = -1 EBADF (Bad file descriptor) [pid 5070] close(15) = -1 EBADF (Bad file descriptor) [pid 5070] close(16) = -1 EBADF (Bad file descriptor) [pid 5070] close(17) = -1 EBADF (Bad file descriptor) [pid 5070] close(18) = -1 EBADF (Bad file descriptor) [pid 5070] close(19) = -1 EBADF (Bad file descriptor) [pid 5070] close(20) = -1 EBADF (Bad file descriptor) [pid 5070] close(21) = -1 EBADF (Bad file descriptor) [pid 5070] close(22) = -1 EBADF (Bad file descriptor) [pid 5070] close(23) = -1 EBADF (Bad file descriptor) [ 74.206119][ T5070] netlink: 8 bytes leftover after parsing attributes in process `syz-executor291'. [pid 5070] close(24) = -1 EBADF (Bad file descriptor) [pid 5070] close(25) = -1 EBADF (Bad file descriptor) [pid 5070] close(26) = -1 EBADF (Bad file descriptor) [pid 5070] close(27) = -1 EBADF (Bad file descriptor) [pid 5070] close(28) = -1 EBADF (Bad file descriptor) [pid 5070] close(29) = -1 EBADF (Bad file descriptor) [pid 5070] exit_group(0) = ? [pid 5070] +++ exited with 0 +++ [pid 5061] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5061] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x5555558df660, 24 [pid 5061] <... clone resumed>, child_tidptr=0x5555558df650) = 3 [pid 5071] <... set_robust_list resumed>) = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5071] socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE) = 4 [pid 5071] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 5071] getsockname(4, {sa_family=AF_NETLINK, nl_pid=3, nl_groups=00000000}, [20 => 12]) = 0 [pid 5071] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x44\x00\x00\x00\x10\x00\x13\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x14\x00\x12\x80\x0c\x00\x01\x00\x6d\x61\x63\x76\x6c\x61\x6e\x00\x04\x00\x02\x80\x08\x00\x05\x00\x03\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", iov_len=68}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 68 [pid 5071] close(3) = 0 [pid 5071] close(4) = 0 [pid 5071] close(5) = -1 EBADF (Bad file descriptor) [pid 5071] close(6) = -1 EBADF (Bad file descriptor) [pid 5071] close(7) = -1 EBADF (Bad file descriptor) [pid 5071] close(8) = -1 EBADF (Bad file descriptor) [pid 5071] close(9) = -1 EBADF (Bad file descriptor) [pid 5071] close(10) = -1 EBADF (Bad file descriptor) [pid 5071] close(11) = -1 EBADF (Bad file descriptor) [pid 5071] close(12) = -1 EBADF (Bad file descriptor) [pid 5071] close(13) = -1 EBADF (Bad file descriptor) [ 74.416139][ T5071] netlink: 8 bytes leftover after parsing attributes in process `syz-executor291'. [pid 5071] close(14) = -1 EBADF (Bad file descriptor) [pid 5071] close(15) = -1 EBADF (Bad file descriptor) [pid 5071] close(16) = -1 EBADF (Bad file descriptor) [pid 5071] close(17) = -1 EBADF (Bad file descriptor) [pid 5071] close(18) = -1 EBADF (Bad file descriptor) [pid 5071] close(19) = -1 EBADF (Bad file descriptor) [pid 5071] close(20) = -1 EBADF (Bad file descriptor) [pid 5071] close(21) = -1 EBADF (Bad file descriptor) [pid 5071] close(22) = -1 EBADF (Bad file descriptor) [pid 5071] close(23) = -1 EBADF (Bad file descriptor) [pid 5071] close(24) = -1 EBADF (Bad file descriptor) [pid 5071] close(25) = -1 EBADF (Bad file descriptor) [pid 5071] close(26) = -1 EBADF (Bad file descriptor) [pid 5071] close(27) = -1 EBADF (Bad file descriptor) [pid 5071] close(28) = -1 EBADF (Bad file descriptor) [pid 5071] close(29) = -1 EBADF (Bad file descriptor) [pid 5071] exit_group(0) = ? [pid 5071] +++ exited with 0 +++ [pid 5061] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558df650) = 4 ./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x5555558df660, 24) = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5072] socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE) = 4 [pid 5072] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 5072] getsockname(4, {sa_family=AF_NETLINK, nl_pid=4, nl_groups=00000000}, [20 => 12]) = 0 [pid 5072] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x44\x00\x00\x00\x10\x00\x13\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x14\x00\x12\x80\x0c\x00\x01\x00\x6d\x61\x63\x76\x6c\x61\x6e\x00\x04\x00\x02\x80\x08\x00\x05\x00\x04\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", iov_len=68}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 68 [pid 5072] close(3) = 0 [pid 5072] close(4) = 0 [pid 5072] close(5) = -1 EBADF (Bad file descriptor) [pid 5072] close(6) = -1 EBADF (Bad file descriptor) [pid 5072] close(7) = -1 EBADF (Bad file descriptor) [pid 5072] close(8) = -1 EBADF (Bad file descriptor) [pid 5072] close(9) = -1 EBADF (Bad file descriptor) [ 74.614091][ T5072] netlink: 8 bytes leftover after parsing attributes in process `syz-executor291'. [ 74.627537][ T5072] gretap0: entered promiscuous mode [pid 5072] close(10) = -1 EBADF (Bad file descriptor) [pid 5072] close(11) = -1 EBADF (Bad file descriptor) [pid 5072] close(12) = -1 EBADF (Bad file descriptor) [pid 5072] close(13) = -1 EBADF (Bad file descriptor) [pid 5072] close(14) = -1 EBADF (Bad file descriptor) [pid 5072] close(15) = -1 EBADF (Bad file descriptor) [pid 5072] close(16) = -1 EBADF (Bad file descriptor) [pid 5072] close(17) = -1 EBADF (Bad file descriptor) [pid 5072] close(18) = -1 EBADF (Bad file descriptor) [pid 5072] close(19) = -1 EBADF (Bad file descriptor) [pid 5072] close(20) = -1 EBADF (Bad file descriptor) [pid 5072] close(21) = -1 EBADF (Bad file descriptor) [pid 5072] close(22) = -1 EBADF (Bad file descriptor) [pid 5072] close(23) = -1 EBADF (Bad file descriptor) [pid 5072] close(24) = -1 EBADF (Bad file descriptor) [pid 5072] close(25) = -1 EBADF (Bad file descriptor) [pid 5072] close(26) = -1 EBADF (Bad file descriptor) [pid 5072] close(27) = -1 EBADF (Bad file descriptor) [pid 5072] close(28) = -1 EBADF (Bad file descriptor) [pid 5072] close(29) = -1 EBADF (Bad file descriptor) [pid 5072] exit_group(0) = ? [pid 5072] +++ exited with 0 +++ [pid 5061] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5061] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558df650) = 5 ./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x5555558df660, 24) = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5073] socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE) = 4 [pid 5073] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 5073] getsockname(4, {sa_family=AF_NETLINK, nl_pid=5, nl_groups=00000000}, [20 => 12]) = 0 [pid 5073] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x44\x00\x00\x00\x10\x00\x13\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x14\x00\x12\x80\x0c\x00\x01\x00\x6d\x61\x63\x76\x6c\x61\x6e\x00\x04\x00\x02\x80\x08\x00\x05\x00\x05\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", iov_len=68}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 68 [pid 5073] close(3) = 0 [pid 5073] close(4) = 0 [pid 5073] close(5) = -1 EBADF (Bad file descriptor) [pid 5073] close(6) = -1 EBADF (Bad file descriptor) [pid 5073] close(7) = -1 EBADF (Bad file descriptor) [pid 5073] close(8) = -1 EBADF (Bad file descriptor) [pid 5073] close(9) = -1 EBADF (Bad file descriptor) [pid 5073] close(10) = -1 EBADF (Bad file descriptor) [pid 5073] close(11) = -1 EBADF (Bad file descriptor) [pid 5073] close(12) = -1 EBADF (Bad file descriptor) [pid 5073] close(13) = -1 EBADF (Bad file descriptor) [ 74.809894][ T5073] netlink: 8 bytes leftover after parsing attributes in process `syz-executor291'. [ 74.823346][ T5073] erspan0: entered promiscuous mode [pid 5073] close(14) = -1 EBADF (Bad file descriptor) [pid 5073] close(15) = -1 EBADF (Bad file descriptor) [pid 5073] close(16) = -1 EBADF (Bad file descriptor) [pid 5073] close(17) = -1 EBADF (Bad file descriptor) [pid 5073] close(18) = -1 EBADF (Bad file descriptor) [pid 5073] close(19) = -1 EBADF (Bad file descriptor) [pid 5073] close(20) = -1 EBADF (Bad file descriptor) [pid 5073] close(21) = -1 EBADF (Bad file descriptor) [pid 5073] close(22) = -1 EBADF (Bad file descriptor) [pid 5073] close(23) = -1 EBADF (Bad file descriptor) [pid 5073] close(24) = -1 EBADF (Bad file descriptor) [pid 5073] close(25) = -1 EBADF (Bad file descriptor) [pid 5073] close(26) = -1 EBADF (Bad file descriptor) [pid 5073] close(27) = -1 EBADF (Bad file descriptor) [pid 5073] close(28) = -1 EBADF (Bad file descriptor) [pid 5073] close(29) = -1 EBADF (Bad file descriptor) [pid 5073] exit_group(0) = ? [pid 5073] +++ exited with 0 +++ [pid 5061] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558df650) = 6 ./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x5555558df660, 24) = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5074] socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE) = 4 [pid 5074] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 5074] getsockname(4, {sa_family=AF_NETLINK, nl_pid=6, nl_groups=00000000}, [20 => 12]) = 0 [pid 5074] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x44\x00\x00\x00\x10\x00\x13\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x14\x00\x12\x80\x0c\x00\x01\x00\x6d\x61\x63\x76\x6c\x61\x6e\x00\x04\x00\x02\x80\x08\x00\x05\x00\x06\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", iov_len=68}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 68 [pid 5074] close(3) = 0 [pid 5074] close(4) = 0 [pid 5074] close(5) = -1 EBADF (Bad file descriptor) [pid 5074] close(6) = -1 EBADF (Bad file descriptor) [pid 5074] close(7) = -1 EBADF (Bad file descriptor) [pid 5074] close(8) = -1 EBADF (Bad file descriptor) [pid 5074] close(9) = -1 EBADF (Bad file descriptor) [pid 5074] close(10) = -1 EBADF (Bad file descriptor) [pid 5074] close(11) = -1 EBADF (Bad file descriptor) [pid 5074] close(12) = -1 EBADF (Bad file descriptor) [pid 5074] close(13) = -1 EBADF (Bad file descriptor) [pid 5074] close(14) = -1 EBADF (Bad file descriptor) [ 74.990261][ T5074] netlink: 8 bytes leftover after parsing attributes in process `syz-executor291'. [pid 5074] close(15) = -1 EBADF (Bad file descriptor) [pid 5074] close(16) = -1 EBADF (Bad file descriptor) [pid 5074] close(17) = -1 EBADF (Bad file descriptor) [pid 5074] close(18) = -1 EBADF (Bad file descriptor) [pid 5074] close(19) = -1 EBADF (Bad file descriptor) [pid 5074] close(20) = -1 EBADF (Bad file descriptor) [pid 5074] close(21) = -1 EBADF (Bad file descriptor) [pid 5074] close(22) = -1 EBADF (Bad file descriptor) [pid 5074] close(23) = -1 EBADF (Bad file descriptor) [pid 5074] close(24) = -1 EBADF (Bad file descriptor) [pid 5074] close(25) = -1 EBADF (Bad file descriptor) [pid 5074] close(26) = -1 EBADF (Bad file descriptor) [pid 5074] close(27) = -1 EBADF (Bad file descriptor) [pid 5074] close(28) = -1 EBADF (Bad file descriptor) [pid 5074] close(29) = -1 EBADF (Bad file descriptor) [pid 5074] exit_group(0) = ? [pid 5074] +++ exited with 0 +++ [pid 5061] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558df650) = 7 ./strace-static-x86_64: Process 5075 attached [pid 5075] set_robust_list(0x5555558df660, 24) = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5075] socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE) = 4 [pid 5075] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 5075] getsockname(4, {sa_family=AF_NETLINK, nl_pid=7, nl_groups=00000000}, [20 => 12]) = 0 [pid 5075] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x44\x00\x00\x00\x10\x00\x13\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x14\x00\x12\x80\x0c\x00\x01\x00\x6d\x61\x63\x76\x6c\x61\x6e\x00\x04\x00\x02\x80\x08\x00\x05\x00\x07\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", iov_len=68}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 68 [pid 5075] close(3) = 0 [pid 5075] close(4) = 0 [pid 5075] close(5) = -1 EBADF (Bad file descriptor) [pid 5075] close(6) = -1 EBADF (Bad file descriptor) [pid 5075] close(7) = -1 EBADF (Bad file descriptor) [pid 5075] close(8) = -1 EBADF (Bad file descriptor) [pid 5075] close(9) = -1 EBADF (Bad file descriptor) [pid 5075] close(10) = -1 EBADF (Bad file descriptor) [pid 5075] close(11) = -1 EBADF (Bad file descriptor) [ 75.158625][ T5075] netlink: 8 bytes leftover after parsing attributes in process `syz-executor291'. [pid 5075] close(12) = -1 EBADF (Bad file descriptor) [pid 5075] close(13) = -1 EBADF (Bad file descriptor) [pid 5075] close(14) = -1 EBADF (Bad file descriptor) [pid 5075] close(15) = -1 EBADF (Bad file descriptor) [pid 5075] close(16) = -1 EBADF (Bad file descriptor) [pid 5075] close(17) = -1 EBADF (Bad file descriptor) [pid 5075] close(18) = -1 EBADF (Bad file descriptor) [pid 5075] close(19) = -1 EBADF (Bad file descriptor) [pid 5075] close(20) = -1 EBADF (Bad file descriptor) [pid 5075] close(21) = -1 EBADF (Bad file descriptor) [pid 5075] close(22) = -1 EBADF (Bad file descriptor) [pid 5075] close(23) = -1 EBADF (Bad file descriptor) [pid 5075] close(24) = -1 EBADF (Bad file descriptor) [pid 5075] close(25) = -1 EBADF (Bad file descriptor) [pid 5075] close(26) = -1 EBADF (Bad file descriptor) [pid 5075] close(27) = -1 EBADF (Bad file descriptor) [pid 5075] close(28) = -1 EBADF (Bad file descriptor) [pid 5075] close(29) = -1 EBADF (Bad file descriptor) [pid 5075] exit_group(0) = ? [pid 5075] +++ exited with 0 +++ [pid 5061] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5061] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached , child_tidptr=0x5555558df650) = 8 [pid 5076] set_robust_list(0x5555558df660, 24) = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5076] socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE) = 4 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 5076] getsockname(4, {sa_family=AF_NETLINK, nl_pid=8, nl_groups=00000000}, [20 => 12]) = 0 [pid 5076] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x44\x00\x00\x00\x10\x00\x13\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x14\x00\x12\x80\x0c\x00\x01\x00\x6d\x61\x63\x76\x6c\x61\x6e\x00\x04\x00\x02\x80\x08\x00\x05\x00\x08\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", iov_len=68}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 68 [pid 5076] close(3) = 0 [pid 5076] close(4) = 0 [pid 5076] close(5) = -1 EBADF (Bad file descriptor) [pid 5076] close(6) = -1 EBADF (Bad file descriptor) [pid 5076] close(7) = -1 EBADF (Bad file descriptor) [pid 5076] close(8) = -1 EBADF (Bad file descriptor) [pid 5076] close(9) = -1 EBADF (Bad file descriptor) [pid 5076] close(10) = -1 EBADF (Bad file descriptor) [pid 5076] close(11) = -1 EBADF (Bad file descriptor) [pid 5076] close(12) = -1 EBADF (Bad file descriptor) [pid 5076] close(13) = -1 EBADF (Bad file descriptor) [pid 5076] close(14) = -1 EBADF (Bad file descriptor) [pid 5076] close(15) = -1 EBADF (Bad file descriptor) [pid 5076] close(16) = -1 EBADF (Bad file descriptor) [pid 5076] close(17) = -1 EBADF (Bad file descriptor) [pid 5076] close(18) = -1 EBADF (Bad file descriptor) [pid 5076] close(19) = -1 EBADF (Bad file descriptor) [pid 5076] close(20) = -1 EBADF (Bad file descriptor) [ 75.374158][ T5076] netlink: 8 bytes leftover after parsing attributes in process `syz-executor291'. [pid 5076] close(21) = -1 EBADF (Bad file descriptor) [pid 5076] close(22) = -1 EBADF (Bad file descriptor) [pid 5076] close(23) = -1 EBADF (Bad file descriptor) [pid 5076] close(24) = -1 EBADF (Bad file descriptor) [pid 5076] close(25) = -1 EBADF (Bad file descriptor) [pid 5076] close(26) = -1 EBADF (Bad file descriptor) [pid 5076] close(27) = -1 EBADF (Bad file descriptor) [pid 5076] close(28) = -1 EBADF (Bad file descriptor) [pid 5076] close(29) = -1 EBADF (Bad file descriptor) [pid 5076] exit_group(0) = ? [pid 5076] +++ exited with 0 +++ [pid 5061] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5061] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558df650) = 9 ./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x5555558df660, 24) = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5077] socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE) = 4 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 5077] getsockname(4, {sa_family=AF_NETLINK, nl_pid=9, nl_groups=00000000}, [20 => 12]) = 0 [pid 5077] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x44\x00\x00\x00\x10\x00\x13\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x14\x00\x12\x80\x0c\x00\x01\x00\x6d\x61\x63\x76\x6c\x61\x6e\x00\x04\x00\x02\x80\x08\x00\x05\x00\x09\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", iov_len=68}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 68 [pid 5077] close(3) = 0 [pid 5077] close(4) = 0 [pid 5077] close(5) = -1 EBADF (Bad file descriptor) [pid 5077] close(6) = -1 EBADF (Bad file descriptor) [pid 5077] close(7) = -1 EBADF (Bad file descriptor) [pid 5077] close(8) = -1 EBADF (Bad file descriptor) [pid 5077] close(9) = -1 EBADF (Bad file descriptor) [pid 5077] close(10) = -1 EBADF (Bad file descriptor) [pid 5077] close(11) = -1 EBADF (Bad file descriptor) [pid 5077] close(12) = -1 EBADF (Bad file descriptor) [pid 5077] close(13) = -1 EBADF (Bad file descriptor) [pid 5077] close(14) = -1 EBADF (Bad file descriptor) [pid 5077] close(15) = -1 EBADF (Bad file descriptor) [pid 5077] close(16) = -1 EBADF (Bad file descriptor) [pid 5077] close(17) = -1 EBADF (Bad file descriptor) [pid 5077] close(18) = -1 EBADF (Bad file descriptor) [pid 5077] close(19) = -1 EBADF (Bad file descriptor) [pid 5077] close(20) = -1 EBADF (Bad file descriptor) [pid 5077] close(21) = -1 EBADF (Bad file descriptor) [pid 5077] close(22) = -1 EBADF (Bad file descriptor) [pid 5077] close(23) = -1 EBADF (Bad file descriptor) [pid 5077] close(24) = -1 EBADF (Bad file descriptor) [pid 5077] close(25) = -1 EBADF (Bad file descriptor) [ 75.534627][ T5077] netlink: 8 bytes leftover after parsing attributes in process `syz-executor291'. [pid 5077] close(26) = -1 EBADF (Bad file descriptor) [pid 5077] close(27) = -1 EBADF (Bad file descriptor) [pid 5077] close(28) = -1 EBADF (Bad file descriptor) [pid 5077] close(29) = -1 EBADF (Bad file descriptor) [pid 5077] exit_group(0) = ? [pid 5077] +++ exited with 0 +++ [pid 5061] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558df650) = 10 ./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x5555558df660, 24) = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5078] socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE) = 4 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 5078] getsockname(4, {sa_family=AF_NETLINK, nl_pid=10, nl_groups=00000000}, [20 => 12]) = 0 [pid 5078] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x44\x00\x00\x00\x10\x00\x13\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x14\x00\x12\x80\x0c\x00\x01\x00\x6d\x61\x63\x76\x6c\x61\x6e\x00\x04\x00\x02\x80\x08\x00\x05\x00\x0a\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", iov_len=68}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 68 [pid 5078] close(3) = 0 [pid 5078] close(4) = 0 [pid 5078] close(5) = -1 EBADF (Bad file descriptor) [pid 5078] close(6) = -1 EBADF (Bad file descriptor) [pid 5078] close(7) = -1 EBADF (Bad file descriptor) [ 75.656072][ T5078] netlink: 8 bytes leftover after parsing attributes in process `syz-executor291'. [pid 5078] close(8) = -1 EBADF (Bad file descriptor) [pid 5078] close(9) = -1 EBADF (Bad file descriptor) [pid 5078] close(10) = -1 EBADF (Bad file descriptor) [pid 5078] close(11) = -1 EBADF (Bad file descriptor) [pid 5078] close(12) = -1 EBADF (Bad file descriptor) [pid 5078] close(13) = -1 EBADF (Bad file descriptor) [pid 5078] close(14) = -1 EBADF (Bad file descriptor) [pid 5078] close(15) = -1 EBADF (Bad file descriptor) [pid 5078] close(16) = -1 EBADF (Bad file descriptor) [pid 5078] close(17) = -1 EBADF (Bad file descriptor) [pid 5078] close(18) = -1 EBADF (Bad file descriptor) [pid 5078] close(19) = -1 EBADF (Bad file descriptor) [pid 5078] close(20) = -1 EBADF (Bad file descriptor) [pid 5078] close(21) = -1 EBADF (Bad file descriptor) [pid 5078] close(22) = -1 EBADF (Bad file descriptor) [pid 5078] close(23) = -1 EBADF (Bad file descriptor) [pid 5078] close(24) = -1 EBADF (Bad file descriptor) [pid 5078] close(25) = -1 EBADF (Bad file descriptor) [pid 5078] close(26) = -1 EBADF (Bad file descriptor) [pid 5078] close(27) = -1 EBADF (Bad file descriptor) [pid 5078] close(28) = -1 EBADF (Bad file descriptor) [pid 5078] close(29) = -1 EBADF (Bad file descriptor) [pid 5078] exit_group(0) = ? [pid 5078] +++ exited with 0 +++ [pid 5061] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x5555558df660, 24) = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5061] <... clone resumed>, child_tidptr=0x5555558df650) = 11 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5079] socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE) = 4 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 5079] getsockname(4, {sa_family=AF_NETLINK, nl_pid=11, nl_groups=00000000}, [20 => 12]) = 0 [pid 5079] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x44\x00\x00\x00\x10\x00\x13\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x14\x00\x12\x80\x0c\x00\x01\x00\x6d\x61\x63\x76\x6c\x61\x6e\x00\x04\x00\x02\x80\x08\x00\x05\x00\x0b\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", iov_len=68}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 68 [pid 5079] close(3) = 0 [pid 5079] close(4) = 0 [pid 5079] close(5) = -1 EBADF (Bad file descriptor) [pid 5079] close(6) = -1 EBADF (Bad file descriptor) [pid 5079] close(7) = -1 EBADF (Bad file descriptor) [pid 5079] close(8) = -1 EBADF (Bad file descriptor) [pid 5079] close(9) = -1 EBADF (Bad file descriptor) [ 75.866327][ T5079] netlink: 8 bytes leftover after parsing attributes in process `syz-executor291'. [ 75.880959][ T5079] ip6gretap0: entered promiscuous mode [pid 5079] close(10) = -1 EBADF (Bad file descriptor) [pid 5079] close(11) = -1 EBADF (Bad file descriptor) [pid 5079] close(12) = -1 EBADF (Bad file descriptor) [pid 5079] close(13) = -1 EBADF (Bad file descriptor) [pid 5079] close(14) = -1 EBADF (Bad file descriptor) [pid 5079] close(15) = -1 EBADF (Bad file descriptor) [pid 5079] close(16) = -1 EBADF (Bad file descriptor) [pid 5079] close(17) = -1 EBADF (Bad file descriptor) [pid 5079] close(18) = -1 EBADF (Bad file descriptor) [pid 5079] close(19) = -1 EBADF (Bad file descriptor) [pid 5079] close(20) = -1 EBADF (Bad file descriptor) [pid 5079] close(21) = -1 EBADF (Bad file descriptor) [pid 5079] close(22) = -1 EBADF (Bad file descriptor) [pid 5079] close(23) = -1 EBADF (Bad file descriptor) [pid 5079] close(24) = -1 EBADF (Bad file descriptor) [pid 5079] close(25) = -1 EBADF (Bad file descriptor) [pid 5079] close(26) = -1 EBADF (Bad file descriptor) [pid 5079] close(27) = -1 EBADF (Bad file descriptor) [pid 5079] close(28) = -1 EBADF (Bad file descriptor) [pid 5079] close(29) = -1 EBADF (Bad file descriptor) [pid 5079] exit_group(0) = ? [pid 5079] +++ exited with 0 +++ [pid 5061] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558df650) = 12 ./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x5555558df660, 24) = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5080] socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE) = 4 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 5080] getsockname(4, {sa_family=AF_NETLINK, nl_pid=12, nl_groups=00000000}, [20 => 12]) = 0 [pid 5080] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x44\x00\x00\x00\x10\x00\x13\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x14\x00\x12\x80\x0c\x00\x01\x00\x6d\x61\x63\x76\x6c\x61\x6e\x00\x04\x00\x02\x80\x08\x00\x05\x00\x0c\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", iov_len=68}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 68 [pid 5080] close(3) = 0 [pid 5080] close(4) = 0 [pid 5080] close(5) = -1 EBADF (Bad file descriptor) [pid 5080] close(6) = -1 EBADF (Bad file descriptor) [pid 5080] close(7) = -1 EBADF (Bad file descriptor) [pid 5080] close(8) = -1 EBADF (Bad file descriptor) [pid 5080] close(9) = -1 EBADF (Bad file descriptor) [pid 5080] close(10) = -1 EBADF (Bad file descriptor) [pid 5080] close(11) = -1 EBADF (Bad file descriptor) [pid 5080] close(12) = -1 EBADF (Bad file descriptor) [ 76.083517][ T5080] bridge0: entered promiscuous mode [pid 5080] close(13) = -1 EBADF (Bad file descriptor) [pid 5080] close(14) = -1 EBADF (Bad file descriptor) [pid 5080] close(15) = -1 EBADF (Bad file descriptor) [pid 5080] close(16) = -1 EBADF (Bad file descriptor) [pid 5080] close(17) = -1 EBADF (Bad file descriptor) [pid 5080] close(18) = -1 EBADF (Bad file descriptor) [pid 5080] close(19) = -1 EBADF (Bad file descriptor) [pid 5080] close(20) = -1 EBADF (Bad file descriptor) [pid 5080] close(21) = -1 EBADF (Bad file descriptor) [pid 5080] close(22) = -1 EBADF (Bad file descriptor) [pid 5080] close(23) = -1 EBADF (Bad file descriptor) [pid 5080] close(24) = -1 EBADF (Bad file descriptor) [pid 5080] close(25) = -1 EBADF (Bad file descriptor) [pid 5080] close(26) = -1 EBADF (Bad file descriptor) [pid 5080] close(27) = -1 EBADF (Bad file descriptor) [pid 5080] close(28) = -1 EBADF (Bad file descriptor) [pid 5080] close(29) = -1 EBADF (Bad file descriptor) [pid 5080] exit_group(0) = ? [pid 5080] +++ exited with 0 +++ [pid 5061] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x5555558df660, 24 [pid 5061] <... clone resumed>, child_tidptr=0x5555558df650) = 13 [pid 5081] <... set_robust_list resumed>) = 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5081] socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE) = 4 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 5081] getsockname(4, {sa_family=AF_NETLINK, nl_pid=13, nl_groups=00000000}, [20 => 12]) = 0 [pid 5081] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x44\x00\x00\x00\x10\x00\x13\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x14\x00\x12\x80\x0c\x00\x01\x00\x6d\x61\x63\x76\x6c\x61\x6e\x00\x04\x00\x02\x80\x08\x00\x05\x00\x0d\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", iov_len=68}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 68 [pid 5081] close(3) = 0 [pid 5081] close(4) = 0 [pid 5081] close(5) = -1 EBADF (Bad file descriptor) [pid 5081] close(6) = -1 EBADF (Bad file descriptor) [pid 5081] close(7) = -1 EBADF (Bad file descriptor) [pid 5081] close(8) = -1 EBADF (Bad file descriptor) [pid 5081] close(9) = -1 EBADF (Bad file descriptor) [pid 5081] close(10) = -1 EBADF (Bad file descriptor) [pid 5081] close(11) = -1 EBADF (Bad file descriptor) [pid 5081] close(12) = -1 EBADF (Bad file descriptor) [pid 5081] close(13) = -1 EBADF (Bad file descriptor) [pid 5081] close(14) = -1 EBADF (Bad file descriptor) [pid 5081] close(15) = -1 EBADF (Bad file descriptor) [pid 5081] close(16) = -1 EBADF (Bad file descriptor) [pid 5081] close(17) = -1 EBADF (Bad file descriptor) [pid 5081] close(18) = -1 EBADF (Bad file descriptor) [pid 5081] close(19) = -1 EBADF (Bad file descriptor) [pid 5081] close(20) = -1 EBADF (Bad file descriptor) [pid 5081] close(21) = -1 EBADF (Bad file descriptor) [pid 5081] close(22) = -1 EBADF (Bad file descriptor) [pid 5081] close(23) = -1 EBADF (Bad file descriptor) [pid 5081] close(24) = -1 EBADF (Bad file descriptor) [pid 5081] close(25) = -1 EBADF (Bad file descriptor) [pid 5081] close(26) = -1 EBADF (Bad file descriptor) [pid 5081] close(27) = -1 EBADF (Bad file descriptor) [pid 5081] close(28) = -1 EBADF (Bad file descriptor) [pid 5081] close(29) = -1 EBADF (Bad file descriptor) [pid 5081] exit_group(0) = ? [pid 5081] +++ exited with 0 +++ [pid 5061] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5061] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached [pid 5082] set_robust_list(0x5555558df660, 24 [pid 5061] <... clone resumed>, child_tidptr=0x5555558df650) = 14 [pid 5082] <... set_robust_list resumed>) = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5082] socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE) = 4 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 5082] getsockname(4, {sa_family=AF_NETLINK, nl_pid=14, nl_groups=00000000}, [20 => 12]) = 0 [pid 5082] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x44\x00\x00\x00\x10\x00\x13\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x14\x00\x12\x80\x0c\x00\x01\x00\x6d\x61\x63\x76\x6c\x61\x6e\x00\x04\x00\x02\x80\x08\x00\x05\x00\x0e\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", iov_len=68}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 68 [pid 5082] close(3) = 0 [pid 5082] close(4) = 0 [pid 5082] close(5) = -1 EBADF (Bad file descriptor) [pid 5082] close(6) = -1 EBADF (Bad file descriptor) [pid 5082] close(7) = -1 EBADF (Bad file descriptor) [pid 5082] close(8) = -1 EBADF (Bad file descriptor) [pid 5082] close(9) = -1 EBADF (Bad file descriptor) [pid 5082] close(10) = -1 EBADF (Bad file descriptor) [pid 5082] close(11) = -1 EBADF (Bad file descriptor) [pid 5082] close(12) = -1 EBADF (Bad file descriptor) [ 76.300081][ T5082] bond_slave_0: entered promiscuous mode [ 76.305920][ T5082] bond_slave_1: entered promiscuous mode [ 76.312995][ T5082] 8021q: adding VLAN 0 to HW filter on device macvlan6 [pid 5082] close(13) = -1 EBADF (Bad file descriptor) [pid 5082] close(14) = -1 EBADF (Bad file descriptor) [pid 5082] close(15) = -1 EBADF (Bad file descriptor) [pid 5082] close(16) = -1 EBADF (Bad file descriptor) [pid 5082] close(17) = -1 EBADF (Bad file descriptor) [pid 5082] close(18) = -1 EBADF (Bad file descriptor) [pid 5082] close(19) = -1 EBADF (Bad file descriptor) [pid 5082] close(20) = -1 EBADF (Bad file descriptor) [pid 5082] close(21) = -1 EBADF (Bad file descriptor) [pid 5082] close(22) = -1 EBADF (Bad file descriptor) [pid 5082] close(23) = -1 EBADF (Bad file descriptor) [pid 5082] close(24) = -1 EBADF (Bad file descriptor) [pid 5082] close(25) = -1 EBADF (Bad file descriptor) [pid 5082] close(26) = -1 EBADF (Bad file descriptor) [pid 5082] close(27) = -1 EBADF (Bad file descriptor) [pid 5082] close(28) = -1 EBADF (Bad file descriptor) [pid 5082] close(29) = -1 EBADF (Bad file descriptor) [pid 5082] exit_group(0) = ? [pid 5082] +++ exited with 0 +++ [pid 5061] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558df650) = 15 ./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x5555558df660, 24) = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5083] socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE) = 4 [pid 5083] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 5083] getsockname(4, {sa_family=AF_NETLINK, nl_pid=15, nl_groups=00000000}, [20 => 12]) = 0 [pid 5083] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x44\x00\x00\x00\x10\x00\x13\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x14\x00\x12\x80\x0c\x00\x01\x00\x6d\x61\x63\x76\x6c\x61\x6e\x00\x04\x00\x02\x80\x08\x00\x05\x00\x0f\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", iov_len=68}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 68 [pid 5083] close(3) = 0 [pid 5083] close(4) = 0 [pid 5083] close(5) = -1 EBADF (Bad file descriptor) [pid 5083] close(6) = -1 EBADF (Bad file descriptor) [pid 5083] close(7) = -1 EBADF (Bad file descriptor) [ 76.513571][ T5083] team_slave_0: entered promiscuous mode [ 76.519283][ T5083] team_slave_1: entered promiscuous mode [ 76.526287][ T5083] 8021q: adding VLAN 0 to HW filter on device macvlan7 [pid 5083] close(8) = -1 EBADF (Bad file descriptor) [pid 5083] close(9) = -1 EBADF (Bad file descriptor) [pid 5083] close(10) = -1 EBADF (Bad file descriptor) [pid 5083] close(11) = -1 EBADF (Bad file descriptor) [pid 5083] close(12) = -1 EBADF (Bad file descriptor) [pid 5083] close(13) = -1 EBADF (Bad file descriptor) [pid 5083] close(14) = -1 EBADF (Bad file descriptor) [pid 5083] close(15) = -1 EBADF (Bad file descriptor) [pid 5083] close(16) = -1 EBADF (Bad file descriptor) [pid 5083] close(17) = -1 EBADF (Bad file descriptor) [pid 5083] close(18) = -1 EBADF (Bad file descriptor) [pid 5083] close(19) = -1 EBADF (Bad file descriptor) [pid 5083] close(20) = -1 EBADF (Bad file descriptor) [pid 5083] close(21) = -1 EBADF (Bad file descriptor) [pid 5083] close(22) = -1 EBADF (Bad file descriptor) [pid 5083] close(23) = -1 EBADF (Bad file descriptor) [pid 5083] close(24) = -1 EBADF (Bad file descriptor) [pid 5083] close(25) = -1 EBADF (Bad file descriptor) [pid 5083] close(26) = -1 EBADF (Bad file descriptor) [pid 5083] close(27) = -1 EBADF (Bad file descriptor) [pid 5083] close(28) = -1 EBADF (Bad file descriptor) [pid 5083] close(29) = -1 EBADF (Bad file descriptor) [pid 5083] exit_group(0) = ? [pid 5083] +++ exited with 0 +++ [pid 5061] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558df650) = 16 ./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x5555558df660, 24) = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5084] socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE) = 4 [pid 5084] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 5084] getsockname(4, {sa_family=AF_NETLINK, nl_pid=16, nl_groups=00000000}, [20 => 12]) = 0 [ 76.714732][ T5084] ================================================================== [ 76.723086][ T5084] BUG: KASAN: slab-out-of-bounds in dsa_user_changeupper+0x61a/0x6e0 [ 76.731162][ T5084] Read of size 8 at addr ffff888024470c90 by task syz-executor291/5084 [ 76.739393][ T5084] [ 76.741731][ T5084] CPU: 0 PID: 5084 Comm: syz-executor291 Not tainted 6.7.0-syzkaller-04629-g3e7aeb78ab01 #0 [ 76.751797][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 76.761842][ T5084] Call Trace: [ 76.765200][ T5084] [ 76.768120][ T5084] dump_stack_lvl+0xd9/0x1b0 [ 76.772737][ T5084] print_report+0xc4/0x620 [ 76.777193][ T5084] ? __virt_addr_valid+0x5e/0x580 [ 76.782306][ T5084] ? __phys_addr+0xc6/0x140 [ 76.786812][ T5084] kasan_report+0xda/0x110 [ 76.791229][ T5084] ? dsa_user_changeupper+0x61a/0x6e0 [ 76.796612][ T5084] ? dsa_user_changeupper+0x61a/0x6e0 [ 76.802082][ T5084] dsa_user_changeupper+0x61a/0x6e0 [ 76.807368][ T5084] dsa_user_netdevice_event+0xd04/0x3480 [ 76.813000][ T5084] ? rcu_is_watching+0x12/0xb0 [ 76.817939][ T5084] ? lock_release+0x4bf/0x690 [ 76.823137][ T5084] ? packet_notifier+0x1b2/0x8c0 [ 76.828078][ T5084] ? reacquire_held_locks+0x4c0/0x4c0 [ 76.833460][ T5084] ? tls_dev_event+0xfe/0x1110 [ 76.838673][ T5084] ? dsa_user_change_conduit+0x7e0/0x7e0 [ 76.844583][ T5084] ? tun_device_event+0x74/0x1260 [ 76.849719][ T5084] ? br_device_event+0x245/0x910 [ 76.854806][ T5084] ? br_switchdev_event+0x5b0/0x5b0 [ 76.860015][ T5084] ? packet_notifier+0x1b7/0x8c0 [ 76.864996][ T5084] notifier_call_chain+0xb6/0x3b0 [ 76.870030][ T5084] ? dsa_user_change_conduit+0x7e0/0x7e0 [ 76.875676][ T5084] call_netdevice_notifiers_info+0xbe/0x130 [ 76.881583][ T5084] __netdev_upper_dev_link+0x439/0x850 [ 76.887048][ T5084] ? ndisc_netdev_event+0xa1/0x580 [ 76.892175][ T5084] ? __dev_change_net_namespace+0x12f0/0x12f0 [ 76.898253][ T5084] ? call_netdevice_notifiers_info+0xc5/0x130 [ 76.904538][ T5084] ? register_netdevice+0x189/0x1da0 [ 76.909821][ T5084] netdev_upper_dev_link+0x92/0xc0 [ 76.914936][ T5084] ? __netdev_upper_dev_link+0x850/0x850 [ 76.920573][ T5084] ? rtnl_is_locked+0x15/0x20 [ 76.926468][ T5084] ? netdev_is_rx_handler_busy+0x83/0x160 [ 76.932812][ T5084] macvlan_common_newlink+0x111e/0x1a10 [ 76.938520][ T5084] ? macvlan_compute_filter+0x3b0/0x3b0 [ 76.944061][ T5084] ? rtnl_create_link+0xa4f/0xfb0 [ 76.949189][ T5084] ? macvlan_common_newlink+0x1a10/0x1a10 [ 76.954913][ T5084] __rtnl_newlink+0x118a/0x1940 [ 76.959767][ T5084] ? rtnl_link_unregister+0x260/0x260 [ 76.975141][ T5084] rtnl_newlink+0x67/0xa0 [ 76.979480][ T5084] ? __rtnl_newlink+0x1940/0x1940 [ 76.984517][ T5084] rtnetlink_rcv_msg+0x3c7/0xe00 [ 76.989483][ T5084] ? rtnl_fill_vf+0x490/0x490 [ 76.994172][ T5084] netlink_rcv_skb+0x16b/0x440 [ 76.998953][ T5084] ? rtnl_fill_vf+0x490/0x490 [ 77.003715][ T5084] ? netlink_ack+0x1380/0x1380 [ 77.008510][ T5084] ? netlink_deliver_tap+0x1a0/0xd00 [ 77.013798][ T5084] netlink_unicast+0x53b/0x810 [ 77.018663][ T5084] ? netlink_attachskb+0x880/0x880 [ 77.023770][ T5084] ? __phys_addr_symbol+0x30/0x70 [ 77.028794][ T5084] ? __check_object_size+0x323/0x730 [ 77.034085][ T5084] netlink_sendmsg+0x8b7/0xd70 [ 77.038852][ T5084] ? netlink_unicast+0x810/0x810 [ 77.043884][ T5084] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 77.049177][ T5084] ? netlink_unicast+0x810/0x810 [ 77.054123][ T5084] __sock_sendmsg+0xd5/0x180 [ 77.058719][ T5084] ____sys_sendmsg+0x6ac/0x940 [ 77.063492][ T5084] ? copy_msghdr_from_user+0x10b/0x160 [ 77.068950][ T5084] ? kernel_sendmsg+0x50/0x50 [ 77.073723][ T5084] ? finish_task_switch.isra.0+0x219/0xca0 [ 77.079537][ T5084] ? __switch_to+0x75d/0x1380 [ 77.084308][ T5084] ___sys_sendmsg+0x135/0x1d0 [ 77.089017][ T5084] ? do_recvmmsg+0x740/0x740 [ 77.093639][ T5084] ? lock_sync+0x190/0x190 [ 77.098093][ T5084] ? ptrace_stop.part.0+0x457/0x950 [ 77.103322][ T5084] ? __fget_light+0x173/0x200 [ 77.108028][ T5084] __sys_sendmsg+0x117/0x1e0 [ 77.112628][ T5084] ? __sys_sendmsg_sock+0x30/0x30 [ 77.117692][ T5084] ? ptrace_notify+0xf4/0x130 [ 77.122386][ T5084] ? _raw_spin_unlock_irq+0x2e/0x50 [ 77.127594][ T5084] ? ptrace_notify+0xf4/0x130 [ 77.132273][ T5084] do_syscall_64+0xd3/0x250 [ 77.136784][ T5084] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 77.142699][ T5084] RIP: 0033:0x7f5179e2cb69 [ 77.147108][ T5084] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 77.166811][ T5084] RSP: 002b:00007ffc916296c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 77.175312][ T5084] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5179e2cb69 [ 77.183281][ T5084] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 77.191247][ T5084] RBP: 0000000000000000 R08: 0000000100000000 R09: 0000000100000000 [ 77.199308][ T5084] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc91629720 [ 77.207359][ T5084] R13: 0000000000012a7f R14: 00007ffc916296ec R15: 0000000000000003 [ 77.215334][ T5084] [ 77.218348][ T5084] [ 77.220763][ T5084] Allocated by task 5061: [ 77.225083][ T5084] kasan_save_stack+0x33/0x50 [ 77.229770][ T5084] kasan_save_track+0x14/0x30 [ 77.234559][ T5084] __kasan_kmalloc+0xa2/0xb0 [ 77.239155][ T5084] __kmalloc_node+0x21b/0x460 [ 77.243842][ T5084] kvmalloc_node+0x99/0x1a0 [ 77.248348][ T5084] alloc_netdev_mqs+0xb3/0x12a0 [ 77.253294][ T5084] rtnl_create_link+0xc82/0xfb0 [ 77.258153][ T5084] __rtnl_newlink+0x10a1/0x1940 [ 77.263001][ T5084] rtnl_newlink+0x67/0xa0 [ 77.267325][ T5084] rtnetlink_rcv_msg+0x3c7/0xe00 [ 77.272254][ T5084] netlink_rcv_skb+0x16b/0x440 [ 77.277015][ T5084] netlink_unicast+0x53b/0x810 [ 77.281859][ T5084] netlink_sendmsg+0x8b7/0xd70 [ 77.286620][ T5084] __sock_sendmsg+0xd5/0x180 [ 77.292533][ T5084] __sys_sendto+0x225/0x310 [ 77.297041][ T5084] __x64_sys_sendto+0xe0/0x1b0 [ 77.301801][ T5084] do_syscall_64+0xd3/0x250 [ 77.306304][ T5084] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 77.312215][ T5084] [ 77.314528][ T5084] The buggy address belongs to the object at ffff888024470000 [ 77.314528][ T5084] which belongs to the cache kmalloc-cg-4k of size 4096 [ 77.329011][ T5084] The buggy address is located 3216 bytes inside of [ 77.329011][ T5084] allocated 3223-byte region [ffff888024470000, ffff888024470c97) [ 77.346898][ T5084] [ 77.349313][ T5084] The buggy address belongs to the physical page: [ 77.355738][ T5084] page:ffffea0000911c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24470 [ 77.365889][ T5084] head:ffffea0000911c00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 77.374818][ T5084] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 77.382896][ T5084] page_type: 0xffffffff() [ 77.387226][ T5084] raw: 00fff00000000840 ffff88801304f500 ffffea0000901800 dead000000000002 [ 77.395820][ T5084] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 77.404418][ T5084] page dumped because: kasan: bad access detected [ 77.410830][ T5084] page_owner tracks the page as allocated [ 77.416532][ T5084] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4519, tgid 4519 (udevd), ts 28264494504, free_ts 28249931406 [ 77.437284][ T5084] post_alloc_hook+0x2d0/0x350 [ 77.442060][ T5084] get_page_from_freelist+0xa28/0x3780 [ 77.447536][ T5084] __alloc_pages+0x22f/0x2440 [ 77.452231][ T5084] new_slab+0xcc/0x3a0 [ 77.456319][ T5084] ___slab_alloc+0x4af/0x19a0 [ 77.461020][ T5084] __slab_alloc.constprop.0+0x56/0xa0 [ 77.466502][ T5084] __kmalloc_node+0x35d/0x460 [ 77.471200][ T5084] kvmalloc_node+0x99/0x1a0 [ 77.475725][ T5084] seq_read_iter+0x80b/0x1280 [ 77.480439][ T5084] kernfs_fop_read_iter+0x410/0x580 [ 77.485657][ T5084] vfs_read+0x4d4/0x8f0 [ 77.489912][ T5084] ksys_read+0x12f/0x250 [ 77.494160][ T5084] do_syscall_64+0xd3/0x250 [ 77.498679][ T5084] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 77.504584][ T5084] page last free pid 4517 tgid 4517 stack trace: [ 77.510907][ T5084] free_unref_page_prepare+0x51f/0xb10 [ 77.516396][ T5084] free_unref_page+0x33/0x3c0 [ 77.521121][ T5084] __put_partials+0x14c/0x160 [ 77.525980][ T5084] qlist_free_all+0x58/0x150 [ 77.530568][ T5084] kasan_quarantine_reduce+0x18e/0x1d0 [ 77.536032][ T5084] __kasan_slab_alloc+0x65/0x90 [ 77.540890][ T5084] kmalloc_trace+0x148/0x340 [ 77.545495][ T5084] kernfs_fop_open+0x28b/0xd30 [ 77.550280][ T5084] do_dentry_open+0x8d6/0x18c0 [ 77.555038][ T5084] path_openat+0x1df6/0x2990 [ 77.559719][ T5084] do_filp_open+0x1de/0x430 [ 77.564220][ T5084] do_sys_openat2+0x176/0x1e0 [ 77.568891][ T5084] __x64_sys_openat+0x175/0x210 [ 77.573746][ T5084] do_syscall_64+0xd3/0x250 [ 77.578249][ T5084] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 77.584138][ T5084] [ 77.586451][ T5084] Memory state around the buggy address: [ 77.592072][ T5084] ffff888024470b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.600125][ T5084] ffff888024470c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.608201][ T5084] >ffff888024470c80: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.616269][ T5084] ^ [ 77.620853][ T5084] ffff888024470d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.628924][ T5084] ffff888024470d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.636986][ T5084] ================================================================== [ 77.649858][ T5084] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 77.657074][ T5084] CPU: 1 PID: 5084 Comm: syz-executor291 Not tainted 6.7.0-syzkaller-04629-g3e7aeb78ab01 #0 [ 77.667147][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 77.677212][ T5084] Call Trace: [ 77.680492][ T5084] [ 77.683416][ T5084] dump_stack_lvl+0xd9/0x1b0 [ 77.688013][ T5084] panic+0x6dc/0x790 [ 77.691913][ T5084] ? panic_smp_self_stop+0xa0/0xa0 [ 77.697027][ T5084] ? rcu_is_watching+0x12/0xb0 [ 77.701821][ T5084] ? trace_irq_enable.constprop.0+0xd0/0x100 [ 77.707815][ T5084] ? preempt_schedule_thunk+0x1a/0x30 [ 77.713292][ T5084] ? preempt_schedule_common+0x45/0xc0 [ 77.718762][ T5084] ? check_panic_on_warn+0x1f/0xb0 [ 77.723886][ T5084] check_panic_on_warn+0xab/0xb0 [ 77.728834][ T5084] end_report+0x108/0x150 [ 77.733161][ T5084] kasan_report+0xea/0x110 [ 77.737586][ T5084] ? dsa_user_changeupper+0x61a/0x6e0 [ 77.742969][ T5084] ? dsa_user_changeupper+0x61a/0x6e0 [ 77.748434][ T5084] dsa_user_changeupper+0x61a/0x6e0 [ 77.753675][ T5084] dsa_user_netdevice_event+0xd04/0x3480 [ 77.759332][ T5084] ? rcu_is_watching+0x12/0xb0 [ 77.764126][ T5084] ? lock_release+0x4bf/0x690 [ 77.768823][ T5084] ? packet_notifier+0x1b2/0x8c0 [ 77.773771][ T5084] ? reacquire_held_locks+0x4c0/0x4c0 [ 77.779152][ T5084] ? tls_dev_event+0xfe/0x1110 [ 77.783925][ T5084] ? dsa_user_change_conduit+0x7e0/0x7e0 [ 77.789666][ T5084] ? tun_device_event+0x74/0x1260 [ 77.794718][ T5084] ? br_device_event+0x245/0x910 [ 77.799716][ T5084] ? br_switchdev_event+0x5b0/0x5b0 [ 77.804925][ T5084] ? packet_notifier+0x1b7/0x8c0 [ 77.809951][ T5084] notifier_call_chain+0xb6/0x3b0 [ 77.814985][ T5084] ? dsa_user_change_conduit+0x7e0/0x7e0 [ 77.820625][ T5084] call_netdevice_notifiers_info+0xbe/0x130 [ 77.826531][ T5084] __netdev_upper_dev_link+0x439/0x850 [ 77.831999][ T5084] ? ndisc_netdev_event+0xa1/0x580 [ 77.837121][ T5084] ? __dev_change_net_namespace+0x12f0/0x12f0 [ 77.843199][ T5084] ? call_netdevice_notifiers_info+0xc5/0x130 [ 77.849362][ T5084] ? register_netdevice+0x189/0x1da0 [ 77.854671][ T5084] netdev_upper_dev_link+0x92/0xc0 [ 77.859802][ T5084] ? __netdev_upper_dev_link+0x850/0x850 [ 77.865464][ T5084] ? rtnl_is_locked+0x15/0x20 [ 77.870155][ T5084] ? netdev_is_rx_handler_busy+0x83/0x160 [ 77.875883][ T5084] macvlan_common_newlink+0x111e/0x1a10 [ 77.881436][ T5084] ? macvlan_compute_filter+0x3b0/0x3b0 [ 77.887003][ T5084] ? rtnl_create_link+0xa4f/0xfb0 [ 77.892053][ T5084] ? macvlan_common_newlink+0x1a10/0x1a10 [ 77.897945][ T5084] __rtnl_newlink+0x118a/0x1940 [ 77.902800][ T5084] ? rtnl_link_unregister+0x260/0x260 [ 77.908194][ T5084] rtnl_newlink+0x67/0xa0 [ 77.912527][ T5084] ? __rtnl_newlink+0x1940/0x1940 [ 77.917717][ T5084] rtnetlink_rcv_msg+0x3c7/0xe00 [ 77.922681][ T5084] ? rtnl_fill_vf+0x490/0x490 [ 77.927465][ T5084] netlink_rcv_skb+0x16b/0x440 [ 77.932235][ T5084] ? rtnl_fill_vf+0x490/0x490 [ 77.936908][ T5084] ? netlink_ack+0x1380/0x1380 [ 77.941731][ T5084] ? netlink_deliver_tap+0x1a0/0xd00 [ 77.947191][ T5084] netlink_unicast+0x53b/0x810 [ 77.951960][ T5084] ? netlink_attachskb+0x880/0x880 [ 77.957070][ T5084] ? __phys_addr_symbol+0x30/0x70 [ 77.962099][ T5084] ? __check_object_size+0x323/0x730 [ 77.967400][ T5084] netlink_sendmsg+0x8b7/0xd70 [ 77.972170][ T5084] ? netlink_unicast+0x810/0x810 [ 77.977198][ T5084] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 77.982492][ T5084] ? netlink_unicast+0x810/0x810 [ 77.987430][ T5084] __sock_sendmsg+0xd5/0x180 [ 77.992030][ T5084] ____sys_sendmsg+0x6ac/0x940 [ 77.996805][ T5084] ? copy_msghdr_from_user+0x10b/0x160 [ 78.002263][ T5084] ? kernel_sendmsg+0x50/0x50 [ 78.006951][ T5084] ? finish_task_switch.isra.0+0x219/0xca0 [ 78.012761][ T5084] ? __switch_to+0x75d/0x1380 [ 78.017549][ T5084] ___sys_sendmsg+0x135/0x1d0 [ 78.022228][ T5084] ? do_recvmmsg+0x740/0x740 [ 78.026820][ T5084] ? lock_sync+0x190/0x190 [ 78.031229][ T5084] ? ptrace_stop.part.0+0x457/0x950 [ 78.036432][ T5084] ? __fget_light+0x173/0x200 [ 78.041112][ T5084] __sys_sendmsg+0x117/0x1e0 [ 78.045707][ T5084] ? __sys_sendmsg_sock+0x30/0x30 [ 78.050737][ T5084] ? ptrace_notify+0xf4/0x130 [ 78.055417][ T5084] ? _raw_spin_unlock_irq+0x2e/0x50 [ 78.060616][ T5084] ? ptrace_notify+0xf4/0x130 [ 78.065382][ T5084] do_syscall_64+0xd3/0x250 [ 78.069898][ T5084] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 78.075794][ T5084] RIP: 0033:0x7f5179e2cb69 [ 78.080203][ T5084] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 78.099810][ T5084] RSP: 002b:00007ffc916296c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 78.108652][ T5084] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5179e2cb69 [ 78.116617][ T5084] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 78.124582][ T5084] RBP: 0000000000000000 R08: 0000000100000000 R09: 0000000100000000 [ 78.132554][ T5084] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc91629720 [ 78.140524][ T5084] R13: 0000000000012a7f R14: 00007ffc916296ec R15: 0000000000000003 [ 78.148498][ T5084] [ 78.151712][ T5084] Kernel Offset: disabled [ 78.156042][ T5084] Rebooting in 86400 seconds..