./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor260435679 <...> forked to background, child pid 3191 no interfaces have a carrier [ 25.694052][ T3192] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.702501][ T3192] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.128' (ECDSA) to the list of known hosts. execve("./syz-executor260435679", ["./syz-executor260435679"], 0x7ffd5d0abe50 /* 10 vars */) = 0 brk(NULL) = 0x55555572f000 brk(0x55555572fc40) = 0x55555572fc40 arch_prctl(ARCH_SET_FS, 0x55555572f300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555572f5d0) = 3612 set_robust_list(0x55555572f5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f9605fd0a00, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f9605fd10d0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f9605fd0aa0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9605fd10d0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor260435679", 4096) = 27 brk(0x555555750c40) = 0x555555750c40 brk(0x555555751000) = 0x555555751000 mprotect(0x7f9606092000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=680, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3612}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1c\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x25\x00\x00\x00\x48\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 680 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3612}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 access("/proc/net", R_OK) = 0 access("/proc/net/unix", R_OK) = 0 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3612}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3612}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3612}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3612}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3612}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 getpid() = 3612 mkdir("./syzkaller.qQeyHl", 0700) = 0 chmod("./syzkaller.qQeyHl", 0777) = 0 chdir("./syzkaller.qQeyHl") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555572f5d0) = 3614 ./strace-static-x86_64: Process 3614 attached [pid 3614] set_robust_list(0x55555572f5e0, 24) = 0 [pid 3614] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3614] setsid() = 1 [pid 3614] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3614] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3614] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3614] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3614] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3614] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3614] unshare(CLONE_NEWNS) = 0 [pid 3614] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3614] unshare(CLONE_NEWIPC) = 0 [pid 3614] unshare(CLONE_NEWCGROUP) = 0 [pid 3614] unshare(CLONE_NEWUTS) = 0 [pid 3614] unshare(CLONE_SYSVSEM) = 0 [pid 3614] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "16777216", 8) = 8 [pid 3614] close(3) = 0 [pid 3614] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "536870912", 9) = 9 [pid 3614] close(3) = 0 [pid 3614] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "1024", 4) = 4 [pid 3614] close(3) = 0 [pid 3614] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "8192", 4) = 4 [pid 3614] close(3) = 0 [pid 3614] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "1024", 4) = 4 [pid 3614] close(3) = 0 [pid 3614] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "1024", 4) = 4 [pid 3614] close(3) = 0 [pid 3614] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3614] close(3) = 0 [pid 3614] getpid() = 1 [pid 3614] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 3616] set_robust_list(0x7f9605fc09e0, 24) = 0 [pid 3616] openat(AT_FDCWD, "/dev/net/tun", O_RDONLY) = 3 [pid 3616] futex(0x7f96060984ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3614] <... futex resumed>) = 0 [pid 3614] futex(0x7f96060984e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3614] futex(0x7f96060984ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] ioctl(3, TUNSETIFF, 0x20000200) = 0 [pid 3616] futex(0x7f96060984ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = 0 [pid 3614] futex(0x7f96060984e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3614] futex(0x7f96060984ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... futex resumed>) = 1 [pid 3616] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3616] futex(0x7f96060984ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = 0 [pid 3614] futex(0x7f96060984e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3614] futex(0x7f96060984ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... futex resumed>) = 1 [pid 3616] socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) = 5 [pid 3616] futex(0x7f96060984ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = 0 [pid 3614] futex(0x7f96060984e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3614] futex(0x7f96060984ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... futex resumed>) = 1 [pid 3616] ioctl(3, TUNSETQUEUE, 0x20000000) = 0 [pid 3616] futex(0x7f96060984ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = 0 [pid 3614] futex(0x7f96060984e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3614] futex(0x7f96060984ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... futex resumed>) = 1 [pid 3616] ioctl(5, SIOCGIFINDEX, {ifr_name="rose0", ifr_ifindex=11}) = 0 [pid 3616] futex(0x7f96060984ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = 0 [pid 3614] futex(0x7f96060984e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3614] futex(0x7f96060984ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... futex resumed>) = 1 [pid 3616] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x34\x00\x00\x00\x11\x00\x01\xe9\x0d\x7d\x1f\x07\xde\x1c\x8b\x3e\xec\x45\xb2\xfc\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=52}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3614] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3614] futex(0x7f96060984ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3614] futex(0x7f96060984fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9605f7f000 [pid 3614] mprotect(0x7f9605f80000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3614] clone(child_stack=0x7f9605f9f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3], tls=0x7f9605f9f700, child_tidptr=0x7f9605f9f9d0) = 3 [pid 3614] futex(0x7f96060984f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3614] futex(0x7f96060984fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3617 attached [pid 3617] set_robust_list(0x7f9605f9f9e0, 24) = 0 syzkaller login: [ 41.779160][ T3616] netlink: 20 bytes leftover after parsing attributes in process `syz-executor260'. [pid 3617] ioctl(3, TUNSETIFF, 0x20000200 [pid 3616] <... sendmsg resumed>) = 52 [pid 3616] futex(0x7f96060984ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 41.832695][ T3617] ------------[ cut here ]------------ [ 41.832703][ T3617] WARNING: CPU: 0 PID: 3617 at net/core/dev.c:6359 netif_napi_add_weight+0x7e8/0x9e0 [ 41.848815][ T3617] Modules linked in: [ 41.852730][ T3617] CPU: 0 PID: 3617 Comm: syz-executor260 Not tainted 5.19.0-rc2-syzkaller-00103-gb4a028c4d031 #0 [ 41.863296][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.873430][ T3617] RIP: 0010:netif_napi_add_weight+0x7e8/0x9e0 [pid 3616] futex(0x7f96060984e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3614] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 41.879584][ T3617] Code: b6 04 02 48 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f 85 a4 00 00 00 48 8b 04 24 80 a0 b1 0b 00 00 fd e9 6c fd ff ff e8 48 21 27 fa <0f> 0b e9 60 fd ff ff e8 dc e5 73 fa e9 4c fe ff ff e8 c2 e5 73 fa [ 41.899303][ T3617] RSP: 0018:ffffc9000314fb18 EFLAGS: 00010293 [ 41.905382][ T3617] RAX: 0000000000000000 RBX: ffff88802224e001 RCX: 0000000000000000 [ 41.913440][ T3617] RDX: ffff88802677bb00 RSI: ffffffff875350b8 RDI: 0000000000000001 [ 41.921497][ T3617] RBP: ffff88802224e5d8 R08: 0000000000000001 R09: 0000000000000000 [ 41.929542][ T3617] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88802224e5e8 [ 41.937594][ T3617] R13: ffff88802224e5d8 R14: ffff888025cbcc80 R15: 0000000000000000 [ 41.945564][ T3617] FS: 00007f9605f9f700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 41.954567][ T3617] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.961246][ T3617] CR2: 00007f9605f9f718 CR3: 000000001c840000 CR4: 00000000003506f0 [ 41.969359][ T3617] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.977465][ T3617] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.985457][ T3617] Call Trace: [ 41.988864][ T3617] [ 41.991806][ T3617] ? owner_show+0x130/0x130 [ 41.996405][ T3617] ? __xdp_rxq_info_reg+0x189/0x340 [ 42.001624][ T3617] tun_attach.isra.0+0x1096/0x16c0 [ 42.006859][ T3617] tun_net_init+0x45e/0x660 [ 42.011395][ T3617] ? tun_attach.isra.0+0x16c0/0x16c0 [ 42.016766][ T3617] register_netdevice+0x57d/0x15e0 [ 42.021894][ T3617] ? netdev_change_features+0xb0/0xb0 [ 42.027349][ T3617] ? dev_addr_mod+0x2c9/0x3f0 [pid 3614] close(3) = 0 [pid 3614] close(4) = 0 [pid 3614] close(5) = 0 [pid 3614] close(6) = -1 EBADF (Bad file descriptor) [pid 3614] close(7) = -1 EBADF (Bad file descriptor) [pid 3614] close(8) = -1 EBADF (Bad file descriptor) [pid 3614] close(9) = -1 EBADF (Bad file descriptor) [pid 3614] close(10) = -1 EBADF (Bad file descriptor) [pid 3614] close(11) = -1 EBADF (Bad file descriptor) [pid 3614] close(12) = -1 EBADF (Bad file descriptor) [pid 3614] close(13) = -1 EBADF (Bad file descriptor) [pid 3614] close(14) = -1 EBADF (Bad file descriptor) [pid 3614] close(15) = -1 EBADF (Bad file descriptor) [pid 3614] close(16) = -1 EBADF (Bad file descriptor) [pid 3614] close(17) = -1 EBADF (Bad file descriptor) [pid 3614] close(18) = -1 EBADF (Bad file descriptor) [pid 3614] close(19) = -1 EBADF (Bad file descriptor) [pid 3614] close(20) = -1 EBADF (Bad file descriptor) [pid 3614] close(21) = -1 EBADF (Bad file descriptor) [pid 3614] close(22) = -1 EBADF (Bad file descriptor) [pid 3614] close(23) = -1 EBADF (Bad file descriptor) [pid 3614] close(24) = -1 EBADF (Bad file descriptor) [pid 3614] close(25) = -1 EBADF (Bad file descriptor) [ 42.032047][ T3617] __tun_chr_ioctl+0x2a19/0x3da0 [ 42.037097][ T3617] ? tun_chr_read_iter+0x270/0x270 [ 42.042240][ T3617] ? calibrate_delay+0xd83/0x1120 [ 42.047387][ T3617] ? __fget_files+0x26a/0x440 [ 42.052088][ T3617] ? bpf_lsm_file_ioctl+0x5/0x10 [ 42.057109][ T3617] ? tun_chr_compat_ioctl+0x30/0x30 [ 42.062325][ T3617] __x64_sys_ioctl+0x193/0x200 [ 42.067220][ T3617] do_syscall_64+0x35/0xb0 [ 42.071669][ T3617] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 42.077711][ T3617] RIP: 0033:0x7f960600eda9 [pid 3614] close(26) = -1 EBADF (Bad file descriptor) [pid 3614] close(27) = -1 EBADF (Bad file descriptor) [pid 3614] close(28) = -1 EBADF (Bad file descriptor) [pid 3614] close(29) = -1 EBADF (Bad file descriptor) [pid 3614] exit_group(1 [pid 3616] <... futex resumed>) = ? [pid 3616] +++ exited with 1 +++ [pid 3614] <... exit_group resumed>) = ? [ 42.082151][ T3617] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 42.101912][ T3617] RSP: 002b:00007f9605f9f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 42.110466][ T3617] RAX: ffffffffffffffda RBX: 00007f96060984f8 RCX: 00007f960600eda9 [ 42.118550][ T3617] RDX: 0000000020000200 RSI: 00000000400454ca RDI: 0000000000000003 [ 42.126654][ T3617] RBP: 00007f96060984f0 R08: 00007f9605f9f700 R09: 0000000000000000 [ 42.134654][ T3617] R10: 00007f9605f9f700 R11: 0000000000000246 R12: 00007f96060984fc [ 42.142738][ T3617] R13: 00007f9606065004 R14: 74656e2f7665642f R15: 0000000000022000 [ 42.150810][ T3617] [ 42.153832][ T3617] Kernel panic - not syncing: panic_on_warn set ... [ 42.160399][ T3617] CPU: 0 PID: 3617 Comm: syz-executor260 Not tainted 5.19.0-rc2-syzkaller-00103-gb4a028c4d031 #0 [ 42.170878][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.180917][ T3617] Call Trace: [ 42.184188][ T3617] [ 42.187112][ T3617] dump_stack_lvl+0xcd/0x134 [ 42.191695][ T3617] panic+0x2d7/0x636 [ 42.195578][ T3617] ? panic_print_sys_info.part.0+0x10b/0x10b [ 42.201549][ T3617] ? __warn.cold+0x1d9/0x2cd [ 42.206134][ T3617] ? netif_napi_add_weight+0x7e8/0x9e0 [ 42.211609][ T3617] __warn.cold+0x1ea/0x2cd [ 42.216013][ T3617] ? netif_napi_add_weight+0x7e8/0x9e0 [ 42.221463][ T3617] report_bug+0x1bc/0x210 [ 42.225787][ T3617] handle_bug+0x3c/0x60 [ 42.229934][ T3617] exc_invalid_op+0x14/0x40 [ 42.234428][ T3617] asm_exc_invalid_op+0x1b/0x20 [ 42.239272][ T3617] RIP: 0010:netif_napi_add_weight+0x7e8/0x9e0 [ 42.245362][ T3617] Code: b6 04 02 48 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f 85 a4 00 00 00 48 8b 04 24 80 a0 b1 0b 00 00 fd e9 6c fd ff ff e8 48 21 27 fa <0f> 0b e9 60 fd ff ff e8 dc e5 73 fa e9 4c fe ff ff e8 c2 e5 73 fa [ 42.264983][ T3617] RSP: 0018:ffffc9000314fb18 EFLAGS: 00010293 [ 42.271051][ T3617] RAX: 0000000000000000 RBX: ffff88802224e001 RCX: 0000000000000000 [ 42.279021][ T3617] RDX: ffff88802677bb00 RSI: ffffffff875350b8 RDI: 0000000000000001 [ 42.286998][ T3617] RBP: ffff88802224e5d8 R08: 0000000000000001 R09: 0000000000000000 [ 42.294968][ T3617] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88802224e5e8 [ 42.302944][ T3617] R13: ffff88802224e5d8 R14: ffff888025cbcc80 R15: 0000000000000000 [ 42.310927][ T3617] ? netif_napi_add_weight+0x7e8/0x9e0 [ 42.316405][ T3617] ? netif_napi_add_weight+0x7e8/0x9e0 [ 42.321886][ T3617] ? owner_show+0x130/0x130 [ 42.326399][ T3617] ? __xdp_rxq_info_reg+0x189/0x340 [ 42.331614][ T3617] tun_attach.isra.0+0x1096/0x16c0 [ 42.336761][ T3617] tun_net_init+0x45e/0x660 [ 42.341275][ T3617] ? tun_attach.isra.0+0x16c0/0x16c0 [ 42.346568][ T3617] register_netdevice+0x57d/0x15e0 [ 42.351691][ T3617] ? netdev_change_features+0xb0/0xb0 [ 42.357071][ T3617] ? dev_addr_mod+0x2c9/0x3f0 [ 42.361759][ T3617] __tun_chr_ioctl+0x2a19/0x3da0 [ 42.366708][ T3617] ? tun_chr_read_iter+0x270/0x270 [ 42.371828][ T3617] ? calibrate_delay+0xd83/0x1120 [ 42.376869][ T3617] ? __fget_files+0x26a/0x440 [ 42.381564][ T3617] ? bpf_lsm_file_ioctl+0x5/0x10 [ 42.386512][ T3617] ? tun_chr_compat_ioctl+0x30/0x30 [ 42.391722][ T3617] __x64_sys_ioctl+0x193/0x200 [ 42.396498][ T3617] do_syscall_64+0x35/0xb0 [ 42.400924][ T3617] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 42.406834][ T3617] RIP: 0033:0x7f960600eda9 [ 42.411251][ T3617] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 42.430861][ T3617] RSP: 002b:00007f9605f9f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 42.439277][ T3617] RAX: ffffffffffffffda RBX: 00007f96060984f8 RCX: 00007f960600eda9 [ 42.447250][ T3617] RDX: 0000000020000200 RSI: 00000000400454ca RDI: 0000000000000003 [ 42.455224][ T3617] RBP: 00007f96060984f0 R08: 00007f9605f9f700 R09: 0000000000000000 [ 42.463217][ T3617] R10: 00007f9605f9f700 R11: 0000000000000246 R12: 00007f96060984fc [ 42.471188][ T3617] R13: 00007f9606065004 R14: 74656e2f7665642f R15: 0000000000022000 [ 42.479180][ T3617] [ 42.482520][ T3617] Kernel Offset: disabled [ 42.486900][ T3617] Rebooting in 86400 seconds..