./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3018662750

<...>
Warning: Permanently added '10.128.10.30' (ED25519) to the list of known hosts.
execve("./syz-executor3018662750", ["./syz-executor3018662750"], 0x7fffd63a1290 /* 10 vars */) = 0
brk(NULL)                               = 0x555576808000
brk(0x555576808d00)                     = 0x555576808d00
arch_prctl(ARCH_SET_FS, 0x555576808380) = 0
set_tid_address(0x555576808650)         = 5829
set_robust_list(0x555576808660, 24)     = 0
rseq(0x555576808ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3018662750", 4096) = 28
getrandom("\x55\x51\x2e\xbb\xdd\xdd\x7d\x59", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555576808d00
brk(0x555576829d00)                     = 0x555576829d00
brk(0x55557682a000)                     = 0x55557682a000
mprotect(0x7fb7bfcb5000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5830 attached
, child_tidptr=0x555576808650) = 5830
[pid  5830] set_robust_list(0x555576808660, 24) = 0
[pid  5830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5830] getppid()                   = 0
[pid  5830] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5830] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5830] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5830] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5830] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5830] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5830] unshare(CLONE_NEWNS)        = 0
[pid  5830] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5830] unshare(CLONE_NEWIPC)       = 0
[pid  5830] unshare(CLONE_NEWCGROUP)    = 0
[pid  5830] unshare(CLONE_NEWUTS)       = 0
[pid  5830] unshare(CLONE_SYSVSEM)      = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "16777216", 8)     = 8
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "536870912", 9)    = 9
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "1024", 4)         = 4
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "8192", 4)         = 4
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "1024", 4)         = 4
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "1024", 4)         = 4
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5830] close(3)                    = 0
[pid  5830] getpid()                    = 1
[pid  5830] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5830] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5830] unshare(CLONE_NEWNET)       = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "0 65535", 7)      = 7
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid  5830] dup2(3, 200)                = 200
[pid  5830] close(3)                    = 0
[pid  5830] ioctl(200, TUNSETIFF, 0x7ffd0c787bc0) = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "0", 1)            = 1
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "0", 1)            = 1
[pid  5830] close(3)                    = 0
[pid  5830] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  5830] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5830] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5830] close(4)                    = 0
[pid  5830] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5830] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5830] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5830] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5830] close(4)                    = 0
[pid  5830] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5830] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5830] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5830] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5830] close(4)                    = 0
[pid  5830] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid  5830] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5830] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5830] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5830] close(4)                    = 0
[pid  5830] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid  5830] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5830] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5830] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5830] close(4)                    = 0
[pid  5830] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid  5830] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "100000", 6)       = 6
[pid  5830] close(3)                    = 0
[pid  5830] mkdir("./syz-tmp", 0777)    = 0
[pid  5830] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5830] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5830] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5830] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5830] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5830] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5830] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5830] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5830] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5830] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5830] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5830] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5830] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5830] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5830] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5830] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5830] chdir("/")                  = 0
[pid  5830] umount2("./pivot", MNT_DETACH) = 0
[pid  5830] chroot("./newroot")         = 0
[pid  5830] chdir("/")                  = 0
[pid  5830] mkdir("/dev/gadgetfs", 0777) = 0
[pid  5830] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = 0
[pid  5830] mkdir("/dev/binderfs", 0777) = 0
[pid  5830] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5830] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5830] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
executing program
[pid  5830] write(1, "executing program\n", 18) = 18
[pid  5830] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
[pid  5830] close(3)                    = 0
[pid  5830] socket(AF_ALG, SOCK_SEQPACKET, 0) = 3
[pid  5830] bind(3, {sa_family=AF_ALG, salg_type="aead", salg_feat=0, salg_mask=0, salg_name="gcm_base(ctr(aes-aesni),ghash-generic)"}, 88) = 0
[pid  5830] setsockopt(3, SOL_SOCKET, SO_REUSEPORT, [-192], 4) = 0
[pid  5830] setsockopt(3, SOL_SOCKET, SO_ATTACH_REUSEPORT_CBPF, {len=1, filter=0x20f07000}, 16) = 0
[pid  5830] close(3)                    = 0
[pid  5830] close(4)                    = -1 EBADF (Bad file descriptor)
[pid  5830] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5830] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5830] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5830] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5830] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5830] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5830] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5830] exit_group(1)               = ?
syzkaller login: [   61.218530][    C0] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562
[   61.228076][    C0] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5830, name: syz-executor301
[   61.237616][    C0] preempt_count: 101, expected: 0
[   61.242676][    C0] RCU nest depth: 0, expected: 0
[   61.247630][    C0] 2 locks held by syz-executor301/5830:
[   61.253209][    C0]  #0: ffffffff8fcb2a88 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0
[   61.262323][    C0]  #1: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xa37/0x17a0
[   61.271278][    C0] Preemption disabled at:
[   61.271292][    C0] [<0000000000000000>] 0x0
[   61.280098][    C0] CPU: 0 UID: 0 PID: 5830 Comm: syz-executor301 Not tainted 6.13.0-rc3-syzkaller-00174-ga024e377efed #0
[   61.291203][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   61.301256][    C0] Call Trace:
[   61.304535][    C0]  <IRQ>
[   61.307384][    C0]  dump_stack_lvl+0x241/0x360
[   61.312116][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   61.317304][    C0]  ? __pfx__printk+0x10/0x10
[   61.321899][    C0]  __might_resched+0x5d4/0x780
[   61.326656][    C0]  ? kasan_save_track+0x51/0x80
[   61.331498][    C0]  ? kasan_save_track+0x3f/0x80
[   61.336342][    C0]  ? __pfx___might_resched+0x10/0x10
[   61.341627][    C0]  ? do_softirq+0x11b/0x1e0
[   61.346121][    C0]  ? addrconf_ifdown+0x68f/0x1bd0
[   61.351148][    C0]  ? addrconf_notify+0x3cb/0x1020
[   61.356158][    C0]  ? notifier_call_chain+0x1a5/0x3f0
[   61.361433][    C0]  ? unregister_netdevice_many_notify+0x530/0x1da0
[   61.367926][    C0]  ? unregister_netdevice_queue+0x303/0x370
[   61.374083][    C0]  ? __tun_detach+0x6b9/0x1600
[   61.378951][    C0]  ? tun_chr_close+0x105/0x1b0
[   61.383720][    C0]  ? __fput+0x23c/0xa50
[   61.388400][    C0]  ? task_work_run+0x24f/0x310
[   61.393176][    C0]  ? do_exit+0xa2f/0x28e0
[   61.397505][    C0]  ? __x64_sys_exit_group+0x3f/0x40
[   61.402696][    C0]  __mutex_lock+0x131/0xee0
[   61.407192][    C0]  ? mark_lock+0x9a/0x360
[   61.411590][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   61.417612][    C0]  ? crypto_put_default_null_skcipher+0x18/0x70
[   61.423861][    C0]  ? __pfx___mutex_lock+0x10/0x10
[   61.428890][    C0]  ? aead_release+0x38/0x50
[   61.433384][    C0]  ? kfree+0x196/0x430
[   61.437440][    C0]  ? __phys_addr+0xba/0x170
[   61.441933][    C0]  ? aead_release+0x38/0x50
[   61.446427][    C0]  ? rcu_core+0xa37/0x17a0
[   61.450836][    C0]  crypto_put_default_null_skcipher+0x18/0x70
[   61.456916][    C0]  aead_release+0x3d/0x50
[   61.461236][    C0]  alg_sock_destruct+0x86/0xc0
[   61.465995][    C0]  ? __pfx_alg_sock_destruct+0x10/0x10
[   61.471531][    C0]  __sk_destruct+0x58/0x5f0
[   61.476028][    C0]  ? rcu_core+0xa37/0x17a0
[   61.480451][    C0]  ? __pfx___sk_destruct+0x10/0x10
[   61.485565][    C0]  rcu_core+0xaaa/0x17a0
[   61.489839][    C0]  ? __pfx_rcu_core+0x10/0x10
[   61.494536][    C0]  ? sched_balance_domains+0x91b/0xa90
[   61.500016][    C0]  ? sched_balance_domains+0x1b2/0xa90
[   61.505476][    C0]  ? __pfx_sched_balance_domains+0x10/0x10
[   61.511294][    C0]  ? sched_clock_cpu+0x76/0x490
[   61.516142][    C0]  handle_softirqs+0x2d4/0x9b0
[   61.520919][    C0]  ? do_softirq+0x11b/0x1e0
[   61.525432][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   61.530722][    C0]  do_softirq+0x11b/0x1e0
[   61.535048][    C0]  </IRQ>
[   61.537965][    C0]  <TASK>
[   61.540889][    C0]  ? __pfx_do_softirq+0x10/0x10
[   61.545730][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[   61.551381][    C0]  ? rcu_is_watching+0x15/0xb0
[   61.556140][    C0]  __local_bh_enable_ip+0x1bb/0x200
[   61.561338][    C0]  ? addrconf_ifdown+0x68f/0x1bd0
[   61.566381][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   61.572126][    C0]  ? addrconf_ifdown+0x3b4/0x1bd0
[   61.577146][    C0]  addrconf_ifdown+0x68f/0x1bd0
[   61.582000][    C0]  ? __pfx_addrconf_ifdown+0x10/0x10
[   61.587278][    C0]  ? tls_dev_event+0x8f6/0x10c0
[   61.592131][    C0]  addrconf_notify+0x3cb/0x1020
[   61.596977][    C0]  notifier_call_chain+0x1a5/0x3f0
[   61.602091][    C0]  dev_close_many+0x33c/0x4c0
[   61.606762][    C0]  ? __pfx_dev_close_many+0x10/0x10
[   61.611969][    C0]  ? try_to_wake_up+0x959/0x1470
[   61.616902][    C0]  unregister_netdevice_many_notify+0x530/0x1da0
[   61.623224][    C0]  ? __queue_work+0x199/0xf50
[   61.627891][    C0]  ? __pfx_lock_release+0x10/0x10
[   61.632909][    C0]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[   61.639690][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   61.645668][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   61.651995][    C0]  ? __queue_work+0x199/0xf50
[   61.656661][    C0]  ? queue_delayed_work_on+0x1eb/0x390
[   61.662112][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[   61.667321][    C0]  unregister_netdevice_queue+0x303/0x370
[   61.673065][    C0]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[   61.679303][    C0]  ? linkwatch_urgent_event+0x324/0x450
[   61.684861][    C0]  __tun_detach+0x6b9/0x1600
[   61.689453][    C0]  tun_chr_close+0x105/0x1b0
[   61.694110][    C0]  ? __pfx_tun_chr_close+0x10/0x10
[   61.699237][    C0]  __fput+0x23c/0xa50
[   61.703246][    C0]  task_work_run+0x24f/0x310
[   61.707857][    C0]  ? __pfx_task_work_run+0x10/0x10
[   61.712965][    C0]  ? do_exit+0xa2a/0x28e0
[   61.717307][    C0]  ? do_exit+0xa2a/0x28e0
[   61.721654][    C0]  do_exit+0xa2f/0x28e0
[   61.725916][    C0]  ? __pfx_do_exit+0x10/0x10
[   61.730531][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   61.736516][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   61.742854][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[   61.748082][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[   61.753296][    C0]  do_group_exit+0x207/0x2c0
[   61.757880][    C0]  __x64_sys_exit_group+0x3f/0x40
[   61.762923][    C0]  x64_sys_call+0x26a8/0x26b0
[   61.767589][    C0]  do_syscall_64+0xf3/0x230
[   61.772097][    C0]  ? clear_bhb_loop+0x35/0x90
[   61.776767][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.782672][    C0] RIP: 0033:0x7fb7bfc3a589
[   61.787142][    C0] Code: Unable to access opcode bytes at 0x7fb7bfc3a55f.
[   61.794159][    C0] RSP: 002b:00007ffd0c787b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   61.802572][    C0] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb7bfc3a589
[   61.810538][    C0] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   61.818501][    C0] RBP: 00007fb7bfcbb390 R08: ffffffffffffffb8 R09: 0000000000000000
[   61.826460][    C0] R10: 00000000200a2000 R11: 0000000000000246 R12: 00007fb7bfcbb390
[   61.834433][    C0] R13: 0000000000000000 R14: 00007fb7bfcbce60 R15: 00007fb7bfc0b7a0
[   61.842409][    C0]  </TASK>
[   61.845495][    C0] 
[   61.847859][    C0] =============================
[   61.852718][    C0] [ BUG: Invalid wait context ]
[   61.857596][    C0] 6.13.0-rc3-syzkaller-00174-ga024e377efed #0 Tainted: G        W         
[   61.866171][    C0] -----------------------------
[   61.871010][    C0] syz-executor301/5830 is trying to lock:
[   61.876705][    C0] ffffffff8f035d88 (crypto_default_null_skcipher_lock){+.+.}-{4:4}, at: crypto_put_default_null_skcipher+0x18/0x70
[   61.888798][    C0] other info that might help us debug this:
[   61.894666][    C0] context-{3:3}
[   61.898107][    C0] 2 locks held by syz-executor301/5830:
[   61.903646][    C0]  #0: ffffffff8fcb2a88 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0
[   61.912622][    C0]  #1: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xa37/0x17a0
[   61.921527][    C0] stack backtrace:
[   61.925247][    C0] CPU: 0 UID: 0 PID: 5830 Comm: syz-executor301 Tainted: G        W          6.13.0-rc3-syzkaller-00174-ga024e377efed #0
[   61.937831][    C0] Tainted: [W]=WARN
[   61.941623][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   61.951759][    C0] Call Trace:
[   61.955028][    C0]  <IRQ>
[   61.957859][    C0]  dump_stack_lvl+0x241/0x360
[   61.962552][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   61.967741][    C0]  ? __pfx__printk+0x10/0x10
[   61.972327][    C0]  __lock_acquire+0x15a8/0x2100
[   61.977530][    C0]  lock_acquire+0x1ed/0x550
[   61.982026][    C0]  ? crypto_put_default_null_skcipher+0x18/0x70
[   61.988277][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   61.993317][    C0]  ? __pfx___might_resched+0x10/0x10
[   61.998630][    C0]  ? do_softirq+0x11b/0x1e0
[   62.003400][    C0]  ? addrconf_ifdown+0x68f/0x1bd0
[   62.008454][    C0]  ? addrconf_notify+0x3cb/0x1020
[   62.013488][    C0]  ? notifier_call_chain+0x1a5/0x3f0
[   62.018771][    C0]  ? unregister_netdevice_many_notify+0x530/0x1da0
[   62.025266][    C0]  ? unregister_netdevice_queue+0x303/0x370
[   62.031182][    C0]  ? __tun_detach+0x6b9/0x1600
[   62.035965][    C0]  ? tun_chr_close+0x105/0x1b0
[   62.040720][    C0]  ? __fput+0x23c/0xa50
[   62.044860][    C0]  ? task_work_run+0x24f/0x310
[   62.049630][    C0]  ? do_exit+0xa2f/0x28e0
[   62.053951][    C0]  ? __x64_sys_exit_group+0x3f/0x40
[   62.059134][    C0]  __mutex_lock+0x1ac/0xee0
[   62.063648][    C0]  ? crypto_put_default_null_skcipher+0x18/0x70
[   62.069878][    C0]  ? mark_lock+0x9a/0x360
[   62.074192][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   62.080172][    C0]  ? crypto_put_default_null_skcipher+0x18/0x70
[   62.086412][    C0]  ? __pfx___mutex_lock+0x10/0x10
[   62.091425][    C0]  ? aead_release+0x38/0x50
[   62.095913][    C0]  ? kfree+0x196/0x430
[   62.099990][    C0]  ? __phys_addr+0xba/0x170
[   62.104481][    C0]  ? aead_release+0x38/0x50
[   62.108969][    C0]  ? rcu_core+0xa37/0x17a0
[   62.113369][    C0]  crypto_put_default_null_skcipher+0x18/0x70
[   62.119421][    C0]  aead_release+0x3d/0x50
[   62.123730][    C0]  alg_sock_destruct+0x86/0xc0
[   62.128499][    C0]  ? __pfx_alg_sock_destruct+0x10/0x10
[   62.133941][    C0]  __sk_destruct+0x58/0x5f0
[   62.138446][    C0]  ? rcu_core+0xa37/0x17a0
[   62.142846][    C0]  ? __pfx___sk_destruct+0x10/0x10
[   62.147942][    C0]  rcu_core+0xaaa/0x17a0
[   62.152171][    C0]  ? __pfx_rcu_core+0x10/0x10
[   62.156832][    C0]  ? sched_balance_domains+0x91b/0xa90
[   62.162277][    C0]  ? sched_balance_domains+0x1b2/0xa90
[   62.167740][    C0]  ? __pfx_sched_balance_domains+0x10/0x10
[   62.173529][    C0]  ? sched_clock_cpu+0x76/0x490
[   62.178390][    C0]  handle_softirqs+0x2d4/0x9b0
[   62.183143][    C0]  ? do_softirq+0x11b/0x1e0
[   62.187631][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   62.192945][    C0]  do_softirq+0x11b/0x1e0
[   62.197260][    C0]  </IRQ>
[   62.200195][    C0]  <TASK>
[   62.203107][    C0]  ? __pfx_do_softirq+0x10/0x10
[   62.207944][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[   62.213587][    C0]  ? rcu_is_watching+0x15/0xb0
[   62.218346][    C0]  __local_bh_enable_ip+0x1bb/0x200
[   62.223538][    C0]  ? addrconf_ifdown+0x68f/0x1bd0
[   62.228568][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   62.234283][    C0]  ? addrconf_ifdown+0x3b4/0x1bd0
[   62.239307][    C0]  addrconf_ifdown+0x68f/0x1bd0
[   62.244146][    C0]  ? __pfx_addrconf_ifdown+0x10/0x10
[   62.249437][    C0]  ? tls_dev_event+0x8f6/0x10c0
[   62.254290][    C0]  addrconf_notify+0x3cb/0x1020
[   62.259146][    C0]  notifier_call_chain+0x1a5/0x3f0
[   62.264269][    C0]  dev_close_many+0x33c/0x4c0
[   62.269036][    C0]  ? __pfx_dev_close_many+0x10/0x10
[   62.274229][    C0]  ? try_to_wake_up+0x959/0x1470
[   62.279159][    C0]  unregister_netdevice_many_notify+0x530/0x1da0
[   62.285498][    C0]  ? __queue_work+0x199/0xf50
[   62.290163][    C0]  ? __pfx_lock_release+0x10/0x10
[   62.295193][    C0]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[   62.301946][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   62.307922][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   62.314239][    C0]  ? __queue_work+0x199/0xf50
[   62.318906][    C0]  ? queue_delayed_work_on+0x1eb/0x390
[   62.324352][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[   62.329543][    C0]  unregister_netdevice_queue+0x303/0x370
[   62.335249][    C0]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[   62.341480][    C0]  ? linkwatch_urgent_event+0x324/0x450
[   62.347012][    C0]  __tun_detach+0x6b9/0x1600
[   62.351591][    C0]  tun_chr_close+0x105/0x1b0
[   62.356274][    C0]  ? __pfx_tun_chr_close+0x10/0x10
[   62.361394][    C0]  __fput+0x23c/0xa50
[   62.365375][    C0]  task_work_run+0x24f/0x310
[   62.369968][    C0]  ? __pfx_task_work_run+0x10/0x10
[   62.375065][    C0]  ? do_exit+0xa2a/0x28e0
[   62.379409][    C0]  ? do_exit+0xa2a/0x28e0
[   62.383737][    C0]  do_exit+0xa2f/0x28e0
[   62.387877][    C0]  ? __pfx_do_exit+0x10/0x10
[   62.392455][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   62.398440][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   62.404773][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[   62.409978][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[   62.415175][    C0]  do_group_exit+0x207/0x2c0
[   62.419758][    C0]  __x64_sys_exit_group+0x3f/0x40
[   62.424788][    C0]  x64_sys_call+0x26a8/0x26b0
[   62.429463][    C0]  do_syscall_64+0xf3/0x230
[   62.433962][    C0]  ? clear_bhb_loop+0x35/0x90
[   62.438645][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.444539][    C0] RIP: 0033:0x7fb7bfc3a589
[   62.448936][    C0] Code: Unable to access opcode bytes at 0x7fb7bfc3a55f.
[   62.455958][    C0] RSP: 002b:00007ffd0c787b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   62.464363][    C0] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb7bfc3a589
[pid  5830] +++ exited with 1 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5830, si_uid=0, si_status=1, si_utime=0, si_stime=7 /* 0.07 s */} ---
[   62.472321][    C0] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   62.480283][    C0] RBP: 00007fb7bfcbb390 R08: ffffffffffffffb8 R09: 0000000000000000
[   62.488240][    C0] R10: 00000000200a2000 R11: 0000000000000246 R12: 00007fb7bfcbb390
[   62.496201][    C0] R13: 0000000000000000 R14: 00007fb7bfcbce60 R15: 00007fb7bfc0b7a0
[   62.504161][    C0]  </TASK>
exit_group(0)                           = ?
+++ exited with 0 +++