./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3596559171 <...> Warning: Permanently added '10.128.0.180' (ECDSA) to the list of known hosts. execve("./syz-executor3596559171", ["./syz-executor3596559171"], 0x7fffd8346990 /* 10 vars */) = 0 brk(NULL) = 0x5555567f4000 brk(0x5555567f4c40) = 0x5555567f4c40 arch_prctl(ARCH_SET_FS, 0x5555567f4300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3596559171", 4096) = 28 brk(0x555556815c40) = 0x555556815c40 brk(0x555556816000) = 0x555556816000 mprotect(0x7f3edb078000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached , child_tidptr=0x5555567f45d0) = 5071 [pid 5071] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setsid() = 1 [pid 5071] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5071] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5071] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5071] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5071] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5071] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5071] unshare(CLONE_NEWNS) = 0 [pid 5071] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5071] unshare(CLONE_NEWIPC) = 0 [pid 5071] unshare(CLONE_NEWCGROUP) = 0 [pid 5071] unshare(CLONE_NEWUTS) = 0 [pid 5071] unshare(CLONE_SYSVSEM) = 0 [pid 5071] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "16777216", 8) = 8 [pid 5071] close(3) = 0 [pid 5071] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "536870912", 9) = 9 [pid 5071] close(3) = 0 [pid 5071] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1024", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "8192", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1024", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1024", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5071] close(3) = 0 [pid 5071] getpid() = 1 [pid 5071] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<) = 0 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567f45d0) = 3 ./strace-static-x86_64: Process 5075 attached [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5075] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("172.20.20.170")}}}, 36) = 0 [pid 5075] close(3) = 0 [pid 5075] close(4) = -1 EBADF (Bad file descriptor) [pid 5075] close(5) = -1 EBADF (Bad file descriptor) [pid 5075] close(6) = -1 EBADF (Bad file descriptor) [pid 5075] close(7) = -1 EBADF (Bad file descriptor) [pid 5075] close(8) = -1 EBADF (Bad file descriptor) [pid 5075] close(9) = -1 EBADF (Bad file descriptor) [pid 5075] close(10) = -1 EBADF (Bad file descriptor) [pid 5075] close(11) = -1 EBADF (Bad file descriptor) [pid 5075] close(12) = -1 EBADF (Bad file descriptor) [pid 5075] close(13) = -1 EBADF (Bad file descriptor) [pid 5075] close(14) = -1 EBADF (Bad file descriptor) [pid 5075] close(15) = -1 EBADF (Bad file descriptor) [pid 5075] close(16) = -1 EBADF (Bad file descriptor) [pid 5075] close(17) = -1 EBADF (Bad file descriptor) [pid 5075] close(18) = -1 EBADF (Bad file descriptor) [pid 5075] close(19) = -1 EBADF (Bad file descriptor) [pid 5075] close(20) = -1 EBADF (Bad file descriptor) [pid 5075] close(21) = -1 EBADF (Bad file descriptor) [pid 5075] close(22) = -1 EBADF (Bad file descriptor) [pid 5075] close(23) = -1 EBADF (Bad file descriptor) [pid 5075] close(24) = -1 EBADF (Bad file descriptor) [pid 5075] close(25) = -1 EBADF (Bad file descriptor) [pid 5075] close(26) = -1 EBADF (Bad file descriptor) [pid 5075] close(27) = -1 EBADF (Bad file descriptor) [pid 5075] close(28) = -1 EBADF (Bad file descriptor) [pid 5075] close(29) = -1 EBADF (Bad file descriptor) [pid 5075] exit_group(0) = ? [pid 5075] +++ exited with 0 +++ [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5071] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached , child_tidptr=0x5555567f45d0) = 4 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5077] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("172.20.20.170")}}}, 36) = 0 [pid 5077] close(3) = 0 [pid 5077] close(4) = -1 EBADF (Bad file descriptor) [pid 5077] close(5) = -1 EBADF (Bad file descriptor) [pid 5077] close(6) = -1 EBADF (Bad file descriptor) [pid 5077] close(7) = -1 EBADF (Bad file descriptor) [pid 5077] close(8) = -1 EBADF (Bad file descriptor) [pid 5077] close(9) = -1 EBADF (Bad file descriptor) [pid 5077] close(10) = -1 EBADF (Bad file descriptor) [pid 5077] close(11) = -1 EBADF (Bad file descriptor) [pid 5077] close(12) = -1 EBADF (Bad file descriptor) [pid 5077] close(13) = -1 EBADF (Bad file descriptor) [pid 5077] close(14) = -1 EBADF (Bad file descriptor) [pid 5077] close(15) = -1 EBADF (Bad file descriptor) [pid 5077] close(16) = -1 EBADF (Bad file descriptor) [pid 5077] close(17) = -1 EBADF (Bad file descriptor) [pid 5077] close(18) = -1 EBADF (Bad file descriptor) [pid 5077] close(19) = -1 EBADF (Bad file descriptor) [pid 5077] close(20) = -1 EBADF (Bad file descriptor) [pid 5077] close(21) = -1 EBADF (Bad file descriptor) [pid 5077] close(22) = -1 EBADF (Bad file descriptor) [pid 5077] close(23) = -1 EBADF (Bad file descriptor) [pid 5077] close(24) = -1 EBADF (Bad file descriptor) [pid 5077] close(25) = -1 EBADF (Bad file descriptor) [pid 5077] close(26) = -1 EBADF (Bad file descriptor) [pid 5077] close(27) = -1 EBADF (Bad file descriptor) [pid 5077] close(28) = -1 EBADF (Bad file descriptor) [pid 5077] close(29) = -1 EBADF (Bad file descriptor) [pid 5077] exit_group(0) = ? [pid 5077] +++ exited with 0 +++ [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5079 attached , child_tidptr=0x5555567f45d0) = 5 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5079] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("172.20.20.170")}}}, 36) = 0 [pid 5079] close(3) = 0 [pid 5079] close(4) = -1 EBADF (Bad file descriptor) [pid 5079] close(5) = -1 EBADF (Bad file descriptor) [pid 5079] close(6) = -1 EBADF (Bad file descriptor) [pid 5079] close(7) = -1 EBADF (Bad file descriptor) [pid 5079] close(8) = -1 EBADF (Bad file descriptor) [pid 5079] close(9) = -1 EBADF (Bad file descriptor) [pid 5079] close(10) = -1 EBADF (Bad file descriptor) [pid 5079] close(11) = -1 EBADF (Bad file descriptor) [pid 5079] close(12) = -1 EBADF (Bad file descriptor) [pid 5079] close(13) = -1 EBADF (Bad file descriptor) [pid 5079] close(14) = -1 EBADF (Bad file descriptor) [pid 5079] close(15) = -1 EBADF (Bad file descriptor) [pid 5079] close(16) = -1 EBADF (Bad file descriptor) [pid 5079] close(17) = -1 EBADF (Bad file descriptor) [pid 5079] close(18) = -1 EBADF (Bad file descriptor) [pid 5079] close(19) = -1 EBADF (Bad file descriptor) [pid 5079] close(20) = -1 EBADF (Bad file descriptor) [pid 5079] close(21) = -1 EBADF (Bad file descriptor) [pid 5079] close(22) = -1 EBADF (Bad file descriptor) [pid 5079] close(23) = -1 EBADF (Bad file descriptor) [pid 5079] close(24) = -1 EBADF (Bad file descriptor) [pid 5079] close(25) = -1 EBADF (Bad file descriptor) [pid 5079] close(26) = -1 EBADF (Bad file descriptor) [pid 5079] close(27) = -1 EBADF (Bad file descriptor) [pid 5079] close(28) = -1 EBADF (Bad file descriptor) [pid 5079] close(29) = -1 EBADF (Bad file descriptor) [pid 5079] exit_group(0) = ? [pid 5079] +++ exited with 0 +++ [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567f45d0) = 6 ./strace-static-x86_64: Process 5081 attached [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5081] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("172.20.20.170")}}}, 36) = 0 [pid 5081] close(3) = 0 [pid 5081] close(4) = -1 EBADF (Bad file descriptor) [pid 5081] close(5) = -1 EBADF (Bad file descriptor) [pid 5081] close(6) = -1 EBADF (Bad file descriptor) [pid 5081] close(7) = -1 EBADF (Bad file descriptor) [pid 5081] close(8) = -1 EBADF (Bad file descriptor) [pid 5081] close(9) = -1 EBADF (Bad file descriptor) [pid 5081] close(10) = -1 EBADF (Bad file descriptor) [pid 5081] close(11) = -1 EBADF (Bad file descriptor) [pid 5081] close(12) = -1 EBADF (Bad file descriptor) [pid 5081] close(13) = -1 EBADF (Bad file descriptor) [pid 5081] close(14) = -1 EBADF (Bad file descriptor) [pid 5081] close(15) = -1 EBADF (Bad file descriptor) [pid 5081] close(16) = -1 EBADF (Bad file descriptor) [pid 5081] close(17) = -1 EBADF (Bad file descriptor) [pid 5081] close(18) = -1 EBADF (Bad file descriptor) [pid 5081] close(19) = -1 EBADF (Bad file descriptor) [pid 5081] close(20) = -1 EBADF (Bad file descriptor) [pid 5081] close(21) = -1 EBADF (Bad file descriptor) [pid 5081] close(22) = -1 EBADF (Bad file descriptor) [pid 5081] close(23) = -1 EBADF (Bad file descriptor) [pid 5081] close(24) = -1 EBADF (Bad file descriptor) [pid 5081] close(25) = -1 EBADF (Bad file descriptor) [pid 5081] close(26) = -1 EBADF (Bad file descriptor) [pid 5081] close(27) = -1 EBADF (Bad file descriptor) [pid 5081] close(28) = -1 EBADF (Bad file descriptor) [pid 5081] close(29) = -1 EBADF (Bad file descriptor) [pid 5081] exit_group(0) = ? [pid 5081] +++ exited with 0 +++ [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached , child_tidptr=0x5555567f45d0) = 7 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5083] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("172.20.20.170")}}}, 36) = 0 [pid 5083] close(3) = 0 [pid 5083] close(4) = -1 EBADF (Bad file descriptor) [pid 5083] close(5) = -1 EBADF (Bad file descriptor) [pid 5083] close(6) = -1 EBADF (Bad file descriptor) [pid 5083] close(7) = -1 EBADF (Bad file descriptor) [pid 5083] close(8) = -1 EBADF (Bad file descriptor) [pid 5083] close(9) = -1 EBADF (Bad file descriptor) [pid 5083] close(10) = -1 EBADF (Bad file descriptor) [pid 5083] close(11) = -1 EBADF (Bad file descriptor) [pid 5083] close(12) = -1 EBADF (Bad file descriptor) [pid 5083] close(13) = -1 EBADF (Bad file descriptor) [pid 5083] close(14) = -1 EBADF (Bad file descriptor) [pid 5083] close(15) = -1 EBADF (Bad file descriptor) [pid 5083] close(16) = -1 EBADF (Bad file descriptor) [pid 5083] close(17) = -1 EBADF (Bad file descriptor) [pid 5083] close(18) = -1 EBADF (Bad file descriptor) [pid 5083] close(19) = -1 EBADF (Bad file descriptor) [pid 5083] close(20) = -1 EBADF (Bad file descriptor) [pid 5083] close(21) = -1 EBADF (Bad file descriptor) [pid 5083] close(22) = -1 EBADF (Bad file descriptor) [pid 5083] close(23) = -1 EBADF (Bad file descriptor) [pid 5083] close(24) = -1 EBADF (Bad file descriptor) [pid 5083] close(25) = -1 EBADF (Bad file descriptor) [pid 5083] close(26) = -1 EBADF (Bad file descriptor) [pid 5083] close(27) = -1 EBADF (Bad file descriptor) [pid 5083] close(28) = -1 EBADF (Bad file descriptor) [pid 5083] close(29) = -1 EBADF (Bad file descriptor) [pid 5083] exit_group(0) = ? [pid 5083] +++ exited with 0 +++ [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5071] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567f45d0) = 8 ./strace-static-x86_64: Process 5085 attached [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5085] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("172.20.20.170")}}}, 36) = 0 [pid 5085] close(3) = 0 [pid 5085] close(4) = -1 EBADF (Bad file descriptor) [pid 5085] close(5) = -1 EBADF (Bad file descriptor) [pid 5085] close(6) = -1 EBADF (Bad file descriptor) [pid 5085] close(7) = -1 EBADF (Bad file descriptor) [pid 5085] close(8) = -1 EBADF (Bad file descriptor) [pid 5085] close(9) = -1 EBADF (Bad file descriptor) [pid 5085] close(10) = -1 EBADF (Bad file descriptor) [pid 5085] close(11) = -1 EBADF (Bad file descriptor) [pid 5085] close(12) = -1 EBADF (Bad file descriptor) [pid 5085] close(13) = -1 EBADF (Bad file descriptor) [pid 5085] close(14) = -1 EBADF (Bad file descriptor) [pid 5085] close(15) = -1 EBADF (Bad file descriptor) [pid 5085] close(16) = -1 EBADF (Bad file descriptor) [pid 5085] close(17) = -1 EBADF (Bad file descriptor) [pid 5085] close(18) = -1 EBADF (Bad file descriptor) [pid 5085] close(19) = -1 EBADF (Bad file descriptor) [pid 5085] close(20) = -1 EBADF (Bad file descriptor) [pid 5085] close(21) = -1 EBADF (Bad file descriptor) [pid 5085] close(22) = -1 EBADF (Bad file descriptor) [pid 5085] close(23) = -1 EBADF (Bad file descriptor) [pid 5085] close(24) = -1 EBADF (Bad file descriptor) [pid 5085] close(25) = -1 EBADF (Bad file descriptor) [pid 5085] close(26) = -1 EBADF (Bad file descriptor) [pid 5085] close(27) = -1 EBADF (Bad file descriptor) [pid 5085] close(28) = -1 EBADF (Bad file descriptor) [pid 5085] close(29) = -1 EBADF (Bad file descriptor) [pid 5085] exit_group(0) = ? [pid 5085] +++ exited with 0 +++ [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5087 attached , child_tidptr=0x5555567f45d0) = 9 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5087] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("172.20.20.170")}}}, 36) = 0 [pid 5087] close(3) = 0 [pid 5087] close(4) = -1 EBADF (Bad file descriptor) [pid 5087] close(5) = -1 EBADF (Bad file descriptor) [pid 5087] close(6) = -1 EBADF (Bad file descriptor) [pid 5087] close(7) = -1 EBADF (Bad file descriptor) [pid 5087] close(8) = -1 EBADF (Bad file descriptor) [pid 5087] close(9) = -1 EBADF (Bad file descriptor) [pid 5087] close(10) = -1 EBADF (Bad file descriptor) [pid 5087] close(11) = -1 EBADF (Bad file descriptor) [pid 5087] close(12) = -1 EBADF (Bad file descriptor) [pid 5087] close(13) = -1 EBADF (Bad file descriptor) [pid 5087] close(14) = -1 EBADF (Bad file descriptor) [pid 5087] close(15) = -1 EBADF (Bad file descriptor) [pid 5087] close(16) = -1 EBADF (Bad file descriptor) [pid 5087] close(17) = -1 EBADF (Bad file descriptor) [pid 5087] close(18) = -1 EBADF (Bad file descriptor) [pid 5087] close(19) = -1 EBADF (Bad file descriptor) [pid 5087] close(20) = -1 EBADF (Bad file descriptor) [pid 5087] close(21) = -1 EBADF (Bad file descriptor) [pid 5087] close(22) = -1 EBADF (Bad file descriptor) [pid 5087] close(23) = -1 EBADF (Bad file descriptor) [pid 5087] close(24) = -1 EBADF (Bad file descriptor) [pid 5087] close(25) = -1 EBADF (Bad file descriptor) [pid 5087] close(26) = -1 EBADF (Bad file descriptor) [pid 5087] close(27) = -1 EBADF (Bad file descriptor) [pid 5087] close(28) = -1 EBADF (Bad file descriptor) [pid 5087] close(29) = -1 EBADF (Bad file descriptor) [pid 5087] exit_group(0) = ? [pid 5087] +++ exited with 0 +++ [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5089 attached , child_tidptr=0x5555567f45d0) = 10 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5089] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("172.20.20.170")}}}, 36) = 0 [pid 5089] close(3) = 0 [pid 5089] close(4) = -1 EBADF (Bad file descriptor) [pid 5089] close(5) = -1 EBADF (Bad file descriptor) [pid 5089] close(6) = -1 EBADF (Bad file descriptor) [pid 5089] close(7) = -1 EBADF (Bad file descriptor) [pid 5089] close(8) = -1 EBADF (Bad file descriptor) [pid 5089] close(9) = -1 EBADF (Bad file descriptor) [pid 5089] close(10) = -1 EBADF (Bad file descriptor) [pid 5089] close(11) = -1 EBADF (Bad file descriptor) [pid 5089] close(12) = -1 EBADF (Bad file descriptor) [pid 5089] close(13) = -1 EBADF (Bad file descriptor) [pid 5089] close(14) = -1 EBADF (Bad file descriptor) [pid 5089] close(15) = -1 EBADF (Bad file descriptor) [pid 5089] close(16) = -1 EBADF (Bad file descriptor) [pid 5089] close(17) = -1 EBADF (Bad file descriptor) [pid 5089] close(18) = -1 EBADF (Bad file descriptor) [pid 5089] close(19) = -1 EBADF (Bad file descriptor) [pid 5089] close(20) = -1 EBADF (Bad file descriptor) [pid 5089] close(21) = -1 EBADF (Bad file descriptor) [pid 5089] close(22) = -1 EBADF (Bad file descriptor) [pid 5089] close(23) = -1 EBADF (Bad file descriptor) [pid 5089] close(24) = -1 EBADF (Bad file descriptor) [pid 5089] close(25) = -1 EBADF (Bad file descriptor) [pid 5089] close(26) = -1 EBADF (Bad file descriptor) [pid 5089] close(27) = -1 EBADF (Bad file descriptor) [pid 5089] close(28) = -1 EBADF (Bad file descriptor) [pid 5089] close(29) = -1 EBADF (Bad file descriptor) [pid 5089] exit_group(0) = ? [pid 5089] +++ exited with 0 +++ [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached , child_tidptr=0x5555567f45d0) = 11 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0) = 0 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5091] close(3) = 0 [pid 5091] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5091] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("172.20.20.170")}}}, 36) = 0 [pid 5091] close(3) = 0 [pid 5091] close(4) = -1 EBADF (Bad file descriptor) [pid 5091] close(5) = -1 EBADF (Bad file descriptor) [pid 5091] close(6) = -1 EBADF (Bad file descriptor) [pid 5091] close(7) = -1 EBADF (Bad file descriptor) [pid 5091] close(8) = -1 EBADF (Bad file descriptor) [pid 5091] close(9) = -1 EBADF (Bad file descriptor) [pid 5091] close(10) = -1 EBADF (Bad file descriptor) [pid 5091] close(11) = -1 EBADF (Bad file descriptor) [pid 5091] close(12) = -1 EBADF (Bad file descriptor) [pid 5091] close(13) = -1 EBADF (Bad file descriptor) [pid 5091] close(14) = -1 EBADF (Bad file descriptor) [pid 5091] close(15) = -1 EBADF (Bad file descriptor) [pid 5091] close(16) = -1 EBADF (Bad file descriptor) [pid 5091] close(17) = -1 EBADF (Bad file descriptor) [pid 5091] close(18) = -1 EBADF (Bad file descriptor) [pid 5091] close(19) = -1 EBADF (Bad file descriptor) [pid 5091] close(20) = -1 EBADF (Bad file descriptor) [pid 5091] close(21) = -1 EBADF (Bad file descriptor) [pid 5091] close(22) = -1 EBADF (Bad file descriptor) [pid 5091] close(23) = -1 EBADF (Bad file descriptor) [pid 5091] close(24) = -1 EBADF (Bad file descriptor) [pid 5091] close(25) = -1 EBADF (Bad file descriptor) [pid 5091] close(26) = -1 EBADF (Bad file descriptor) [pid 5091] close(27) = -1 EBADF (Bad file descriptor) [pid 5091] close(28) = -1 EBADF (Bad file descriptor) [pid 5091] close(29) = -1 EBADF (Bad file descriptor) [pid 5091] exit_group(0) = ? [pid 5091] +++ exited with 0 +++ [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5071] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567f45d0) = 12 ./strace-static-x86_64: Process 5093 attached [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5093] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("172.20.20.170")}}}, 36) = 0 [pid 5093] close(3) = 0 [pid 5093] close(4) = -1 EBADF (Bad file descriptor) [pid 5093] close(5) = -1 EBADF (Bad file descriptor) [pid 5093] close(6) = -1 EBADF (Bad file descriptor) [pid 5093] close(7) = -1 EBADF (Bad file descriptor) [pid 5093] close(8) = -1 EBADF (Bad file descriptor) [pid 5093] close(9) = -1 EBADF (Bad file descriptor) [pid 5093] close(10) = -1 EBADF (Bad file descriptor) [pid 5093] close(11) = -1 EBADF (Bad file descriptor) [pid 5093] close(12) = -1 EBADF (Bad file descriptor) [pid 5093] close(13) = -1 EBADF (Bad file descriptor) [pid 5093] close(14) = -1 EBADF (Bad file descriptor) [pid 5093] close(15) = -1 EBADF (Bad file descriptor) [pid 5093] close(16) = -1 EBADF (Bad file descriptor) [pid 5093] close(17) = -1 EBADF (Bad file descriptor) [pid 5093] close(18) = -1 EBADF (Bad file descriptor) [pid 5093] close(19) = -1 EBADF (Bad file descriptor) [pid 5093] close(20) = -1 EBADF (Bad file descriptor) [pid 5093] close(21) = -1 EBADF (Bad file descriptor) [pid 5093] close(22) = -1 EBADF (Bad file descriptor) [pid 5093] close(23) = -1 EBADF (Bad file descriptor) [pid 5093] close(24) = -1 EBADF (Bad file descriptor) [pid 5093] close(25) = -1 EBADF (Bad file descriptor) [pid 5093] close(26) = -1 EBADF (Bad file descriptor) [pid 5093] close(27) = -1 EBADF (Bad file descriptor) [pid 5093] close(28) = -1 EBADF (Bad file descriptor) [pid 5093] close(29) = -1 EBADF (Bad file descriptor) [pid 5093] exit_group(0) = ? [pid 5093] +++ exited with 0 +++ [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567f45d0) = 13 ./strace-static-x86_64: Process 5095 attached [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5095] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("172.20.20.170")}}}, 36) = -1 EADDRINUSE (Address already in use) [pid 5095] close(3) = 0 [pid 5095] close(4) = -1 EBADF (Bad file descriptor) [pid 5095] close(5) = -1 EBADF (Bad file descriptor) [pid 5095] close(6) = -1 EBADF (Bad file descriptor) [pid 5095] close(7) = -1 EBADF (Bad file descriptor) [pid 5095] close(8) = -1 EBADF (Bad file descriptor) [pid 5095] close(9) = -1 EBADF (Bad file descriptor) [pid 5095] close(10) = -1 EBADF (Bad file descriptor) [pid 5095] close(11) = -1 EBADF (Bad file descriptor) [pid 5095] close(12) = -1 EBADF (Bad file descriptor) [pid 5095] close(13) = -1 EBADF (Bad file descriptor) [pid 5095] close(14) = -1 EBADF (Bad file descriptor) [pid 5095] close(15) = -1 EBADF (Bad file descriptor) [pid 5095] close(16) = -1 EBADF (Bad file descriptor) [pid 5095] close(17) = -1 EBADF (Bad file descriptor) [pid 5095] close(18) = -1 EBADF (Bad file descriptor) [pid 5095] close(19) = -1 EBADF (Bad file descriptor) [pid 5095] close(20) = -1 EBADF (Bad file descriptor) [pid 5095] close(21) = -1 EBADF (Bad file descriptor) [pid 5095] close(22) = -1 EBADF (Bad file descriptor) [pid 5095] close(23) = -1 EBADF (Bad file descriptor) [pid 5095] close(24) = -1 EBADF (Bad file descriptor) [pid 5095] close(25) = -1 EBADF (Bad file descriptor) [pid 5095] close(26) = -1 EBADF (Bad file descriptor) [pid 5095] close(27) = -1 EBADF (Bad file descriptor) [pid 5095] close(28) = -1 EBADF (Bad file descriptor) [pid 5095] close(29) = -1 EBADF (Bad file descriptor) [pid 5095] exit_group(0) = ? [pid 5095] +++ exited with 0 +++ [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567f45d0) = 14 ./strace-static-x86_64: Process 5096 attached [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5096] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("172.20.20.170")}}}, 36) = -1 EADDRINUSE (Address already in use) [pid 5096] close(3) = 0 [pid 5096] close(4) = -1 EBADF (Bad file descriptor) [pid 5096] close(5) = -1 EBADF (Bad file descriptor) [pid 5096] close(6) = -1 EBADF (Bad file descriptor) [pid 5096] close(7) = -1 EBADF (Bad file descriptor) [pid 5096] close(8) = -1 EBADF (Bad file descriptor) [pid 5096] close(9) = -1 EBADF (Bad file descriptor) [pid 5096] close(10) = -1 EBADF (Bad file descriptor) [pid 5096] close(11) = -1 EBADF (Bad file descriptor) [pid 5096] close(12) = -1 EBADF (Bad file descriptor) [pid 5096] close(13) = -1 EBADF (Bad file descriptor) [pid 5096] close(14) = -1 EBADF (Bad file descriptor) [pid 5096] close(15) = -1 EBADF (Bad file descriptor) [pid 5096] close(16) = -1 EBADF (Bad file descriptor) [pid 5096] close(17) = -1 EBADF (Bad file descriptor) [pid 5096] close(18) = -1 EBADF (Bad file descriptor) [pid 5096] close(19) = -1 EBADF (Bad file descriptor) [pid 5096] close(20) = -1 EBADF (Bad file descriptor) [pid 5096] close(21) = -1 EBADF (Bad file descriptor) [pid 5096] close(22) = -1 EBADF (Bad file descriptor) [pid 5096] close(23) = -1 EBADF (Bad file descriptor) [pid 5096] close(24) = -1 EBADF (Bad file descriptor) [pid 5096] close(25) = -1 EBADF (Bad file descriptor) [pid 5096] close(26) = -1 EBADF (Bad file descriptor) [pid 5096] close(27) = -1 EBADF (Bad file descriptor) [pid 5096] close(28) = -1 EBADF (Bad file descriptor) [pid 5096] close(29) = -1 EBADF (Bad file descriptor) [pid 5096] exit_group(0) = ? [pid 5096] +++ exited with 0 +++ [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567f45d0) = 15 ./strace-static-x86_64: Process 5097 attached [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5097] setpgid(0, 0) = 0 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5097] write(3, "1000", 4) = 4 [pid 5097] close(3) = 0 [pid 5097] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 syzkaller login: [ 56.919179][ T5097] ================================================================== [ 56.927365][ T5097] BUG: KASAN: use-after-free in rxrpc_lookup_local+0xdcf/0xfb0 [ 56.934963][ T5097] Read of size 2 at addr ffff88802af5c21c by task syz-executor359/5097 [ 56.943181][ T5097] [ 56.945491][ T5097] CPU: 0 PID: 5097 Comm: syz-executor359 Not tainted 6.1.0-rc8-next-20221207-syzkaller #0 [ 56.955377][ T5097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 56.965517][ T5097] Call Trace: [ 56.968793][ T5097] [ 56.971713][ T5097] dump_stack_lvl+0xd1/0x138 [ 56.976296][ T5097] print_report+0x15e/0x45d [ 56.980802][ T5097] ? __phys_addr+0xc8/0x140 [ 56.985312][ T5097] ? rxrpc_lookup_local+0xdcf/0xfb0 [ 56.990515][ T5097] kasan_report+0xbf/0x1f0 [ 56.994951][ T5097] ? rxrpc_lookup_local+0xdcf/0xfb0 [ 57.000148][ T5097] rxrpc_lookup_local+0xdcf/0xfb0 [ 57.005164][ T5097] rxrpc_bind+0x35e/0x5c0 [ 57.009486][ T5097] __sys_bind+0x1ed/0x260 [ 57.013810][ T5097] ? __ia32_sys_socketpair+0x100/0x100 [ 57.019265][ T5097] ? _raw_spin_unlock_irq+0x23/0x50 [ 57.024470][ T5097] ? lockdep_hardirqs_on+0x7d/0x100 [ 57.029671][ T5097] ? _raw_spin_unlock_irq+0x2e/0x50 [ 57.034894][ T5097] __x64_sys_bind+0x73/0xb0 [ 57.039415][ T5097] do_syscall_64+0x39/0xb0 [ 57.043849][ T5097] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.049761][ T5097] RIP: 0033:0x7f3edb00b0b9 [ 57.054179][ T5097] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.073791][ T5097] RSP: 002b:00007ffdc300b998 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 57.082217][ T5097] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3edb00b0b9 [ 57.090276][ T5097] RDX: 0000000000000024 RSI: 0000000020000840 RDI: 0000000000000003 [ 57.098250][ T5097] RBP: 0000000000000000 R08: 00000000db078e40 R09: 00000000db078e40 [ 57.106221][ T5097] R10: 00007ffdc300b410 R11: 0000000000000246 R12: 000000000000de2a [ 57.114194][ T5097] R13: 00007ffdc300b9c0 R14: 00007ffdc300b9b0 R15: 00007ffdc300b9a4 [ 57.122177][ T5097] [ 57.125193][ T5097] [ 57.127512][ T5097] Allocated by task 5093: [ 57.131833][ T5097] kasan_save_stack+0x22/0x40 [ 57.136607][ T5097] kasan_set_track+0x25/0x30 [ 57.141200][ T5097] __kasan_kmalloc+0xa5/0xb0 [ 57.145790][ T5097] rxrpc_lookup_local+0x4d9/0xfb0 [ 57.150817][ T5097] rxrpc_bind+0x35e/0x5c0 [ 57.155153][ T5097] __sys_bind+0x1ed/0x260 [ 57.159494][ T5097] __x64_sys_bind+0x73/0xb0 [ 57.164005][ T5097] do_syscall_64+0x39/0xb0 [ 57.168431][ T5097] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.174340][ T5097] [ 57.176699][ T5097] Freed by task 5097: [ 57.180674][ T5097] kasan_save_stack+0x22/0x40 [ 57.185359][ T5097] kasan_set_track+0x25/0x30 [ 57.189953][ T5097] kasan_save_free_info+0x2e/0x40 [ 57.194988][ T5097] ____kasan_slab_free+0x160/0x1c0 [ 57.200105][ T5097] slab_free_freelist_hook+0x8b/0x1c0 [ 57.205498][ T5097] __kmem_cache_free+0xaf/0x3b0 [ 57.210359][ T5097] rcu_core+0x81f/0x1980 [ 57.214616][ T5097] __do_softirq+0x1fb/0xadc [ 57.219125][ T5097] [ 57.221558][ T5097] Last potentially related work creation: [ 57.227279][ T5097] kasan_save_stack+0x22/0x40 [ 57.231967][ T5097] __kasan_record_aux_stack+0xbc/0xd0 [ 57.237359][ T5097] __call_rcu_common.constprop.0+0x99/0x820 [ 57.243266][ T5097] rxrpc_put_local.part.0+0x128/0x170 [ 57.248660][ T5097] rxrpc_put_local+0x25/0x30 [ 57.253252][ T5097] rxrpc_release+0x237/0x550 [ 57.257851][ T5097] __sock_release+0xcd/0x280 [ 57.262465][ T5097] sock_close+0x1c/0x20 [ 57.266626][ T5097] __fput+0x27c/0xa90 [ 57.270624][ T5097] task_work_run+0x16f/0x270 [ 57.275230][ T5097] ptrace_notify+0x118/0x140 [ 57.279996][ T5097] syscall_exit_to_user_mode_prepare+0x129/0x280 [ 57.286335][ T5097] syscall_exit_to_user_mode+0xd/0x50 [ 57.291809][ T5097] do_syscall_64+0x46/0xb0 [ 57.296231][ T5097] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.302170][ T5097] [ 57.304527][ T5097] The buggy address belongs to the object at ffff88802af5c000 [ 57.304527][ T5097] which belongs to the cache kmalloc-1k of size 1024 [ 57.318687][ T5097] The buggy address is located 540 bytes inside of [ 57.318687][ T5097] 1024-byte region [ffff88802af5c000, ffff88802af5c400) [ 57.332070][ T5097] [ 57.334395][ T5097] The buggy address belongs to the physical page: [ 57.340805][ T5097] page:ffffea0000abd600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2af58 [ 57.350963][ T5097] head:ffffea0000abd600 order:3 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0 [ 57.361040][ T5097] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 57.369032][ T5097] raw: 00fff00000010200 ffff888012441dc0 dead000000000122 0000000000000000 [ 57.378065][ T5097] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 57.386645][ T5097] page dumped because: kasan: bad access detected [ 57.393140][ T5097] page_owner tracks the page as allocated [ 57.398847][ T5097] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5065, tgid 5065 (sshd), ts 56835071872, free_ts 56822175355 [ 57.419539][ T5097] get_page_from_freelist+0x119c/0x2ce0 [ 57.425106][ T5097] __alloc_pages+0x1cb/0x5b0 [ 57.429709][ T5097] alloc_pages+0x1aa/0x270 [ 57.434132][ T5097] allocate_slab+0x25f/0x350 [ 57.438740][ T5097] ___slab_alloc+0xa91/0x1400 [ 57.443418][ T5097] __slab_alloc.constprop.0+0x56/0xa0 [ 57.448817][ T5097] __kmem_cache_alloc_node+0x1a4/0x430 [ 57.454278][ T5097] __kmalloc_node_track_caller+0x4b/0xc0 [ 57.459928][ T5097] __alloc_skb+0xe9/0x310 [ 57.464268][ T5097] tcp_stream_alloc_skb+0x3c/0x580 [ 57.469392][ T5097] tcp_sendmsg_locked+0xc4f/0x2960 [ 57.474522][ T5097] tcp_sendmsg+0x2f/0x50 [ 57.478782][ T5097] inet_sendmsg+0x9d/0xe0 [ 57.483113][ T5097] sock_sendmsg+0xd3/0x120 [ 57.487537][ T5097] sock_write_iter+0x295/0x3d0 [ 57.492310][ T5097] vfs_write+0xa45/0xe40 [ 57.496558][ T5097] page last free stack trace: [ 57.501220][ T5097] free_pcp_prepare+0x65c/0xc00 [ 57.506080][ T5097] free_unref_page+0x1d/0x490 [ 57.510767][ T5097] qlist_free_all+0x6a/0x170 [ 57.515371][ T5097] kasan_quarantine_reduce+0x192/0x220 [ 57.520842][ T5097] __kasan_slab_alloc+0x66/0x90 [ 57.525698][ T5097] __kmem_cache_alloc_node+0x1ea/0x430 [ 57.531248][ T5097] kmalloc_trace+0x26/0x60 [ 57.535677][ T5097] __kthread_create_on_node+0xe2/0x550 [ 57.541141][ T5097] kthread_create_on_node+0xbf/0x100 [ 57.546431][ T5097] rxrpc_open_socket+0x47d/0x750 [ 57.551392][ T5097] rxrpc_lookup_local+0x860/0xfb0 [ 57.556421][ T5097] rxrpc_bind+0x35e/0x5c0 [ 57.560761][ T5097] __sys_bind+0x1ed/0x260 [ 57.565540][ T5097] __x64_sys_bind+0x73/0xb0 [ 57.570055][ T5097] do_syscall_64+0x39/0xb0 [ 57.574481][ T5097] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.580392][ T5097] [ 57.582715][ T5097] Memory state around the buggy address: [ 57.588340][ T5097] ffff88802af5c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.596404][ T5097] ffff88802af5c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.604465][ T5097] >ffff88802af5c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.612526][ T5097] ^ [ 57.617370][ T5097] ffff88802af5c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.625433][ T5097] ffff88802af5c300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.633489][ T5097] ================================================================== [ 57.648157][ T5097] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 57.655368][ T5097] CPU: 0 PID: 5097 Comm: syz-executor359 Not tainted 6.1.0-rc8-next-20221207-syzkaller #0 [ 57.665248][ T5097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 57.675652][ T5097] Call Trace: [ 57.678935][ T5097] [ 57.681871][ T5097] dump_stack_lvl+0xd1/0x138 [ 57.686481][ T5097] panic+0x2cc/0x626 [ 57.690386][ T5097] ? panic_print_sys_info.part.0+0x110/0x110 [ 57.696379][ T5097] ? preempt_schedule_thunk+0x1a/0x20 [ 57.701772][ T5097] ? preempt_schedule_common+0x59/0xc0 [ 57.707256][ T5097] check_panic_on_warn.cold+0x19/0x35 [ 57.712654][ T5097] end_report.part.0+0x36/0x73 [ 57.717434][ T5097] ? rxrpc_lookup_local+0xdcf/0xfb0 [ 57.722638][ T5097] kasan_report.cold+0xa/0xf [ 57.727244][ T5097] ? rxrpc_lookup_local+0xdcf/0xfb0 [ 57.732454][ T5097] rxrpc_lookup_local+0xdcf/0xfb0 [ 57.737495][ T5097] rxrpc_bind+0x35e/0x5c0 [ 57.741838][ T5097] __sys_bind+0x1ed/0x260 [ 57.746186][ T5097] ? __ia32_sys_socketpair+0x100/0x100 [ 57.751667][ T5097] ? _raw_spin_unlock_irq+0x23/0x50 [ 57.756974][ T5097] ? lockdep_hardirqs_on+0x7d/0x100 [ 57.762193][ T5097] ? _raw_spin_unlock_irq+0x2e/0x50 [ 57.767416][ T5097] __x64_sys_bind+0x73/0xb0 [ 57.771932][ T5097] do_syscall_64+0x39/0xb0 [ 57.776362][ T5097] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.782277][ T5097] RIP: 0033:0x7f3edb00b0b9 [ 57.786698][ T5097] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.806312][ T5097] RSP: 002b:00007ffdc300b998 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 57.814731][ T5097] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3edb00b0b9 [ 57.822704][ T5097] RDX: 0000000000000024 RSI: 0000000020000840 RDI: 0000000000000003 [ 57.830678][ T5097] RBP: 0000000000000000 R08: 00000000db078e40 R09: 00000000db078e40 [ 57.838653][ T5097] R10: 00007ffdc300b410 R11: 0000000000000246 R12: 000000000000de2a [ 57.846625][ T5097] R13: 00007ffdc300b9c0 R14: 00007ffdc300b9b0 R15: 00007ffdc300b9a4 [ 57.854614][ T5097] [ 57.857810][ T5097] Kernel Offset: disabled [ 57.862133][ T5097] Rebooting in 86400 seconds..