./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1519876376
<...>
DUID 00:04:22:6a:1f:62:54:25:21:a9:cf:52:ab:bd:c7:70:d9:1c
forked to background, child pid 3177
[ 26.696851][ T3178] 8021q: adding VLAN 0 to HW filter on device bond0
[ 26.706381][ T3178] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.14' (ECDSA) to the list of known hosts.
execve("./syz-executor1519876376", ["./syz-executor1519876376"], 0x7ffe84af04b0 /* 10 vars */) = 0
brk(NULL) = 0x55555626d000
brk(0x55555626dc40) = 0x55555626dc40
arch_prctl(ARCH_SET_FS, 0x55555626d300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1519876376", 4096) = 28
brk(0x55555628ec40) = 0x55555628ec40
brk(0x55555628f000) = 0x55555628f000
mprotect(0x7fe36ea4e000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
syzkaller login: [ 49.072034][ T3606] netlink: 28 bytes leftover after parsing attributes in process `syz-executor151'.
[ 49.081739][ T3606] netlink: 28 bytes leftover after parsing attributes in process `syz-executor151'.
[ 49.091615][ T3606] ================================================================================
[ 49.100994][ T3606] UBSAN: shift-out-of-bounds in net/sched/act_pedit.c:238:43
[ 49.108393][ T3606] shift exponent 1400735974 is too large for 32-bit type 'unsigned int'
[ 49.116737][ T3606] CPU: 0 PID: 3606 Comm: syz-executor151 Not tainted 5.18.0-rc5-syzkaller-00165-g810c2f0a3f86 #0
[ 49.127224][ T3606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 49.137262][ T3606] Call Trace:
[ 49.140522][ T3606]
[ 49.143436][ T3606] dump_stack_lvl+0xcd/0x134
[ 49.148028][ T3606] ubsan_epilogue+0xb/0x50
[ 49.152458][ T3606] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187
[ 49.159295][ T3606] ? rcu_read_lock_sched_held+0x3a/0x70
[ 49.164866][ T3606] ? trace_kmalloc+0x32/0xf0
[ 49.169440][ T3606] ? __kmalloc+0x19d/0x350
[ 49.173841][ T3606] ? tcf_pedit_init+0x100b/0x1540
[ 49.178857][ T3606] tcf_pedit_init.cold+0x1a/0x1f
[ 49.183787][ T3606] ? tcf_pedit_offload_act_setup+0x560/0x560
[ 49.189756][ T3606] ? nla_get_range_signed+0x520/0x520
[ 49.195122][ T3606] ? __nla_parse+0x3d/0x50
[ 49.199523][ T3606] tcf_action_init_1+0x414/0x690
[ 49.204449][ T3606] ? tc_action_load_ops+0x3a0/0x3a0
[ 49.209641][ T3606] ? __nla_parse+0x3d/0x50
[ 49.214043][ T3606] tcf_action_init+0x530/0x8d0
[ 49.218795][ T3606] ? tcf_action_init_1+0x690/0x690
[ 49.223888][ T3606] ? lock_chain_count+0x20/0x20
[ 49.228743][ T3606] ? is_bpf_text_address+0x77/0x170
[ 49.234010][ T3606] ? lock_downgrade+0x6e0/0x6e0
[ 49.238873][ T3606] tcf_action_add+0xf9/0x480
[ 49.243466][ T3606] ? tca_action_gd+0xe70/0xe70
[ 49.248233][ T3606] ? hugetlb_cgroup_migrate+0x1310/0x1310
[ 49.253971][ T3606] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 49.260209][ T3606] ? __nla_parse+0x3d/0x50
[ 49.264625][ T3606] tc_ctl_action+0x346/0x470
[ 49.269208][ T3606] ? tcf_action_add+0x480/0x480
[ 49.274046][ T3606] ? rtnetlink_rcv_msg+0x388/0xb80
[ 49.279174][ T3606] ? tcf_action_add+0x480/0x480
[ 49.284017][ T3606] rtnetlink_rcv_msg+0x413/0xb80
[ 49.288946][ T3606] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 49.293697][ T3606] ? asm_common_interrupt+0x1e/0x40
[ 49.298886][ T3606] ? netlink_rcv_skb+0x131/0x420
[ 49.303816][ T3606] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 49.308574][ T3606] netlink_rcv_skb+0x153/0x420
[ 49.313332][ T3606] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 49.318085][ T3606] ? netlink_ack+0xa80/0xa80
[ 49.322665][ T3606] ? netlink_deliver_tap+0x1a2/0xc40
[ 49.327943][ T3606] ? netlink_deliver_tap+0x1b1/0xc40
[ 49.333221][ T3606] netlink_unicast+0x543/0x7f0
[ 49.337973][ T3606] ? netlink_attachskb+0x880/0x880
[ 49.343068][ T3606] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 49.349294][ T3606] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 49.355515][ T3606] ? __phys_addr_symbol+0x2c/0x70
[ 49.360524][ T3606] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 49.366224][ T3606] ? __check_object_size+0x16c/0x4f0
[ 49.371496][ T3606] netlink_sendmsg+0x904/0xe00
[ 49.376261][ T3606] ? netlink_unicast+0x7f0/0x7f0
[ 49.381189][ T3606] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 49.387412][ T3606] ? netlink_unicast+0x7f0/0x7f0
[ 49.392337][ T3606] sock_sendmsg+0xcf/0x120
[ 49.396741][ T3606] ____sys_sendmsg+0x6e2/0x800
[ 49.401492][ T3606] ? kernel_sendmsg+0x50/0x50
[ 49.406151][ T3606] ? do_recvmmsg+0x6d0/0x6d0
[ 49.410726][ T3606] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 49.416692][ T3606] ? lockdep_hardirqs_on+0x79/0x100
[ 49.421872][ T3606] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 49.427839][ T3606] ___sys_sendmsg+0xf3/0x170
[ 49.432415][ T3606] ? sendmsg_copy_msghdr+0x160/0x160
[ 49.437700][ T3606] ? lock_release+0x720/0x720
[ 49.442374][ T3606] ? ptrace_stop+0x590/0xb30
[ 49.446954][ T3606] ? do_raw_spin_lock+0x120/0x2a0
[ 49.451968][ T3606] ? rwlock_bug.part.0+0x90/0x90
[ 49.456905][ T3606] ? _raw_spin_lock_irq+0x41/0x50
[ 49.461925][ T3606] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 49.468172][ T3606] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 49.474420][ T3606] ? __fget_light+0x20f/0x270
[ 49.479095][ T3606] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 49.485439][ T3606] __sys_sendmsg+0xe5/0x1b0
[ 49.489941][ T3606] ? __sys_sendmsg_sock+0x30/0x30
[ 49.494958][ T3606] ? _raw_spin_unlock_irq+0x2a/0x40
[ 49.500143][ T3606] ? ptrace_notify+0xfa/0x140
[ 49.504814][ T3606] do_syscall_64+0x35/0xb0
[ 49.509220][ T3606] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 49.515097][ T3606] RIP: 0033:0x7fe36e9e1b59
[ 49.519499][ T3606] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 49.539097][ T3606] RSP: 002b:00007ffef796fe88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 49.547493][ T3606] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe36e9e1b59
[ 49.555446][ T3606] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[ 49.563397][ T3606] RBP: 00007fe36e9a5d00 R08: 0000000000000000 R09: 0000000000000000
[ 49.571349][ T3606] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe36e9a5d90
[ 49.579301][ T3606] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 49.587440][ T3606]
[ 49.590501][ T3606] ================================================================================
[ 49.599800][ T3606] Kernel panic - not syncing: panic_on_warn set ...
[ 49.606366][ T3606] CPU: 0 PID: 3606 Comm: syz-executor151 Not tainted 5.18.0-rc5-syzkaller-00165-g810c2f0a3f86 #0
[ 49.616841][ T3606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 49.626877][ T3606] Call Trace:
[ 49.630141][ T3606]
[ 49.633056][ T3606] dump_stack_lvl+0xcd/0x134
[ 49.637638][ T3606] panic+0x2d7/0x636
[ 49.641520][ T3606] ? panic_print_sys_info.part.0+0x10b/0x10b
[ 49.647510][ T3606] ? dump_stack_lvl+0x120/0x134
[ 49.652361][ T3606] ? ubsan_epilogue+0x3e/0x50
[ 49.657027][ T3606] ubsan_epilogue+0x4a/0x50
[ 49.661514][ T3606] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187
[ 49.668267][ T3606] ? rcu_read_lock_sched_held+0x3a/0x70
[ 49.673797][ T3606] ? trace_kmalloc+0x32/0xf0
[ 49.678370][ T3606] ? __kmalloc+0x19d/0x350
[ 49.682766][ T3606] ? tcf_pedit_init+0x100b/0x1540
[ 49.687778][ T3606] tcf_pedit_init.cold+0x1a/0x1f
[ 49.692718][ T3606] ? tcf_pedit_offload_act_setup+0x560/0x560
[ 49.698686][ T3606] ? nla_get_range_signed+0x520/0x520
[ 49.704050][ T3606] ? __nla_parse+0x3d/0x50
[ 49.708452][ T3606] tcf_action_init_1+0x414/0x690
[ 49.713375][ T3606] ? tc_action_load_ops+0x3a0/0x3a0
[ 49.718563][ T3606] ? __nla_parse+0x3d/0x50
[ 49.722971][ T3606] tcf_action_init+0x530/0x8d0
[ 49.727729][ T3606] ? tcf_action_init_1+0x690/0x690
[ 49.732820][ T3606] ? lock_chain_count+0x20/0x20
[ 49.737670][ T3606] ? is_bpf_text_address+0x77/0x170
[ 49.742851][ T3606] ? lock_downgrade+0x6e0/0x6e0
[ 49.747712][ T3606] tcf_action_add+0xf9/0x480
[ 49.752291][ T3606] ? tca_action_gd+0xe70/0xe70
[ 49.757045][ T3606] ? hugetlb_cgroup_migrate+0x1310/0x1310
[ 49.762862][ T3606] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 49.769087][ T3606] ? __nla_parse+0x3d/0x50
[ 49.773508][ T3606] tc_ctl_action+0x346/0x470
[ 49.778086][ T3606] ? tcf_action_add+0x480/0x480
[ 49.782918][ T3606] ? rtnetlink_rcv_msg+0x388/0xb80
[ 49.788023][ T3606] ? tcf_action_add+0x480/0x480
[ 49.792856][ T3606] rtnetlink_rcv_msg+0x413/0xb80
[ 49.797780][ T3606] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 49.802533][ T3606] ? asm_common_interrupt+0x1e/0x40
[ 49.807829][ T3606] ? netlink_rcv_skb+0x131/0x420
[ 49.812751][ T3606] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 49.817503][ T3606] netlink_rcv_skb+0x153/0x420
[ 49.822259][ T3606] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 49.827009][ T3606] ? netlink_ack+0xa80/0xa80
[ 49.831580][ T3606] ? netlink_deliver_tap+0x1a2/0xc40
[ 49.836853][ T3606] ? netlink_deliver_tap+0x1b1/0xc40
[ 49.842129][ T3606] netlink_unicast+0x543/0x7f0
[ 49.846881][ T3606] ? netlink_attachskb+0x880/0x880
[ 49.851976][ T3606] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 49.858213][ T3606] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 49.864434][ T3606] ? __phys_addr_symbol+0x2c/0x70
[ 49.869442][ T3606] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 49.875148][ T3606] ? __check_object_size+0x16c/0x4f0
[ 49.880421][ T3606] netlink_sendmsg+0x904/0xe00
[ 49.885179][ T3606] ? netlink_unicast+0x7f0/0x7f0
[ 49.890106][ T3606] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 49.896328][ T3606] ? netlink_unicast+0x7f0/0x7f0
[ 49.901255][ T3606] sock_sendmsg+0xcf/0x120
[ 49.905657][ T3606] ____sys_sendmsg+0x6e2/0x800
[ 49.910407][ T3606] ? kernel_sendmsg+0x50/0x50
[ 49.915064][ T3606] ? do_recvmmsg+0x6d0/0x6d0
[ 49.919638][ T3606] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 49.925689][ T3606] ? lockdep_hardirqs_on+0x79/0x100
[ 49.930870][ T3606] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 49.936844][ T3606] ___sys_sendmsg+0xf3/0x170
[ 49.941417][ T3606] ? sendmsg_copy_msghdr+0x160/0x160
[ 49.946778][ T3606] ? lock_release+0x720/0x720
[ 49.951440][ T3606] ? ptrace_stop+0x590/0xb30
[ 49.956016][ T3606] ? do_raw_spin_lock+0x120/0x2a0
[ 49.961030][ T3606] ? rwlock_bug.part.0+0x90/0x90
[ 49.965954][ T3606] ? _raw_spin_lock_irq+0x41/0x50
[ 49.970964][ T3606] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 49.977192][ T3606] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 49.983413][ T3606] ? __fget_light+0x20f/0x270
[ 49.988079][ T3606] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 49.994307][ T3606] __sys_sendmsg+0xe5/0x1b0
[ 49.998793][ T3606] ? __sys_sendmsg_sock+0x30/0x30
[ 50.003807][ T3606] ? _raw_spin_unlock_irq+0x2a/0x40
[ 50.009104][ T3606] ? ptrace_notify+0xfa/0x140
[ 50.013770][ T3606] do_syscall_64+0x35/0xb0
[ 50.018174][ T3606] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 50.024052][ T3606] RIP: 0033:0x7fe36e9e1b59
[ 50.028452][ T3606] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 50.048043][ T3606] RSP: 002b:00007ffef796fe88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 50.056436][ T3606] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe36e9e1b59
[ 50.064390][ T3606] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[ 50.072365][ T3606] RBP: 00007fe36e9a5d00 R08: 0000000000000000 R09: 0000000000000000
[ 50.080327][ T3606] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe36e9a5d90
[ 50.088290][ T3606] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 50.096271][ T3606]
[ 50.099547][ T3606] Kernel Offset: disabled
[ 50.103929][ T3606] Rebooting in 86400 seconds..