./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3672368127

<...>
forked to background, child pid 3189
no interfaces have a carrier
[   25.527762][ T3190] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.539564][ T3190] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.74' (ECDSA) to the list of known hosts.
execve("./syz-executor3672368127", ["./syz-executor3672368127"], 0x7ffd71f789e0 /* 10 vars */) = 0
brk(NULL)                               = 0x555556df1000
brk(0x555556df1c40)                     = 0x555556df1c40
arch_prctl(ARCH_SET_FS, 0x555556df1300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x555556df15d0)         = 3610
set_robust_list(0x555556df15e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7fb9c832c5d0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fb9c832cca0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7fb9c832c670, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb9c832cca0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3672368127", 4096) = 28
brk(0x555556e12c40)                     = 0x555556e12c40
brk(0x555556e13000)                     = 0x555556e13000
mprotect(0x7fb9c83ee000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3611 attached
, child_tidptr=0x555556df15d0) = 3611
[pid  3611] set_robust_list(0x555556df15e0, 24) = 0
[pid  3611] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  3611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3611] setsid()                    = 1
[pid  3611] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3611] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  3611] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3611] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3611] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  3611] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3611] unshare(CLONE_NEWNS)        = 0
[pid  3611] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3611] unshare(CLONE_NEWIPC)       = 0
[pid  3611] unshare(CLONE_NEWCGROUP)    = 0
[pid  3611] unshare(CLONE_NEWUTS)       = 0
[pid  3611] unshare(CLONE_SYSVSEM)      = 0
[pid  3611] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3611] write(3, "16777216", 8)     = 8
[pid  3611] close(3)                    = 0
[pid  3611] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3611] write(3, "536870912", 9)    = 9
[pid  3611] close(3)                    = 0
[pid  3611] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3611] write(3, "1024", 4)         = 4
[pid  3611] close(3)                    = 0
[pid  3611] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3611] write(3, "8192", 4)         = 4
[pid  3611] close(3)                    = 0
[pid  3611] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3611] write(3, "1024", 4)         = 4
[pid  3611] close(3)                    = 0
[pid  3611] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3611] write(3, "1024", 4)         = 4
[pid  3611] close(3)                    = 0
[pid  3611] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3611] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3611] close(3)                    = 0
[pid  3611] getpid()                    = 1
[pid  3611] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3611] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3611] unshare(CLONE_NEWNET)       = 0
[pid  3611] mkdir("/dev/binderfs", 0777) = 0
[pid  3611] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3611] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556df15d0) = 2
./strace-static-x86_64: Process 3612 attached
[pid  3612] set_robust_list(0x555556df15e0, 24) = 0
[pid  3612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3612] setpgid(0, 0)               = 0
[pid  3612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3612] write(3, "1000", 4)         = 4
[pid  3612] close(3)                    = 0
[pid  3612] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb9c82fc000
[pid  3612] mprotect(0x7fb9c82fd000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3612] clone(child_stack=0x7fb9c831c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3], tls=0x7fb9c831c700, child_tidptr=0x7fb9c831c9d0) = 3
[pid  3612] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3612] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3613 attached
 <unfinished ...>
[pid  3613] set_robust_list(0x7fb9c831c9e0, 24) = 0
[pid  3613] openat(AT_FDCWD, "/dev/net/tun", O_RDONLY) = 3
[pid  3613] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3612] <... futex resumed>)        = 0
[pid  3612] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3612] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3613] <... futex resumed>)        = 1
[pid  3613] ioctl(3, TUNSETIFF, 0x20000200) = 0
[pid  3613] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3612] <... futex resumed>)        = 0
[pid  3612] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3612] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3613] <... futex resumed>)        = 1
[pid  3613] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  3613] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3612] <... futex resumed>)        = 0
[pid  3612] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3612] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3613] <... futex resumed>)        = 1
[pid  3613] socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) = 5
[pid  3613] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3612] <... futex resumed>)        = 0
[pid  3612] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3612] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3613] <... futex resumed>)        = 1
[pid  3613] ioctl(3, TUNSETQUEUE, 0x20000000) = 0
[pid  3613] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3612] <... futex resumed>)        = 0
[pid  3613] futex(0x7fb9c83f4428, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable)
[pid  3612] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3613] ioctl(5, SIOCGIFINDEX, {ifr_name="rose0" <unfinished ...>
[pid  3612] <... futex resumed>)        = 0
[pid  3612] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3613] <... ioctl resumed>, ifr_ifindex=11}) = 0
[pid  3613] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3612] <... futex resumed>)        = 0
[pid  3613] futex(0x7fb9c83f4428, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3612] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3613] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3612] <... futex resumed>)        = 0
[pid  3613] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x34\x00\x00\x00\x11\x00\x01\xe9\x0d\x7d\x1f\x07\xde\x1c\x8b\x3e\xec\x45\xb2\xfc\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=52}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 <unfinished ...>
[pid  3612] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3613] <... sendmsg resumed>)      = 52
[pid  3613] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3613] futex(0x7fb9c83f4428, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3612] <... futex resumed>)        = 0
[pid  3612] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3613] <... futex resumed>)        = 0
[pid  3612] <... futex resumed>)        = 1
[pid  3613] ioctl(3, TUNSETIFF, 0x20000200 <unfinished ...>
[pid  3612] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3613] <... ioctl resumed>)        = 0
[pid  3613] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3612] <... futex resumed>)        = 0
[pid  3613] futex(0x7fb9c83f4428, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
syzkaller login: [   49.322858][ T3613] netlink: 20 bytes leftover after parsing attributes in process `syz-executor367'.
[pid  3612] close(3)                    = 0
[pid  3612] close(4)                    = 0
[pid  3612] close(5)                    = 0
[pid  3612] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  3612] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  3612] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  3612] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  3612] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  3612] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  3612] exit_group(0 <unfinished ...>
[pid  3613] <... futex resumed>)        = ?
[pid  3612] <... exit_group resumed>)   = ?
[pid  3613] +++ exited with 0 +++
[pid  3612] +++ exited with 0 +++
[pid  3611] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
[pid  3611] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556df15d0) = 4
./strace-static-x86_64: Process 3614 attached
[pid  3614] set_robust_list(0x555556df15e0, 24) = 0
[pid  3614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3614] setpgid(0, 0)               = 0
[pid  3614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3614] write(3, "1000", 4)         = 4
[pid  3614] close(3)                    = 0
[pid  3614] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb9c82fc000
[pid  3614] mprotect(0x7fb9c82fd000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3614] clone(child_stack=0x7fb9c831c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5], tls=0x7fb9c831c700, child_tidptr=0x7fb9c831c9d0) = 5
[pid  3614] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3614] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3615 attached
 <unfinished ...>
[pid  3615] set_robust_list(0x7fb9c831c9e0, 24) = 0
[pid  3615] openat(AT_FDCWD, "/dev/net/tun", O_RDONLY) = 3
[pid  3615] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3614] <... futex resumed>)        = 0
[pid  3614] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3614] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3615] <... futex resumed>)        = 1
[pid  3615] ioctl(3, TUNSETIFF, 0x20000200) = 0
[pid  3615] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3614] <... futex resumed>)        = 0
[pid  3614] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3614] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3615] <... futex resumed>)        = 1
[pid  3615] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  3615] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3614] <... futex resumed>)        = 0
[pid  3614] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3614] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3615] <... futex resumed>)        = 1
[pid  3615] socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) = 5
[pid  3615] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3614] <... futex resumed>)        = 0
[pid  3614] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3614] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3615] <... futex resumed>)        = 1
[pid  3615] ioctl(3, TUNSETQUEUE, 0x20000000) = 0
[pid  3615] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3614] <... futex resumed>)        = 0
[pid  3614] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3614] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3615] <... futex resumed>)        = 1
[pid  3615] ioctl(5, SIOCGIFINDEX, {ifr_name="rose0", ifr_ifindex=13}) = 0
[pid  3615] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3614] <... futex resumed>)        = 0
[pid  3614] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3614] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3615] <... futex resumed>)        = 1
[pid  3615] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x34\x00\x00\x00\x11\x00\x01\xe9\x0d\x7d\x1f\x07\xde\x1c\x8b\x3e\xec\x45\xb2\xfc\x0d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=52}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 52
[pid  3615] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3614] <... futex resumed>)        = 0
[pid  3615] futex(0x7fb9c83f4428, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3614] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3615] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3614] <... futex resumed>)        = 0
[pid  3615] ioctl(3, TUNSETIFF, 0x20000200 <unfinished ...>
[pid  3614] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3615] <... ioctl resumed>)        = 0
[pid  3615] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3614] <... futex resumed>)        = 0
[pid  3615] futex(0x7fb9c83f4428, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[   49.462602][ T3615] netlink: 20 bytes leftover after parsing attributes in process `syz-executor367'.
[pid  3614] close(3)                    = 0
[pid  3614] close(4)                    = 0
[pid  3614] close(5)                    = 0
[pid  3614] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  3614] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  3614] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  3614] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  3614] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  3614] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  3614] exit_group(0 <unfinished ...>
[pid  3615] <... futex resumed>)        = ?
[pid  3614] <... exit_group resumed>)   = ?
[pid  3615] +++ exited with 0 +++
[pid  3614] +++ exited with 0 +++
[pid  3611] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
[pid  3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3616 attached
, child_tidptr=0x555556df15d0) = 6
[pid  3616] set_robust_list(0x555556df15e0, 24) = 0
[pid  3616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3616] setpgid(0, 0)               = 0
[pid  3616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3616] write(3, "1000", 4)         = 4
[pid  3616] close(3)                    = 0
[pid  3616] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb9c82fc000
[pid  3616] mprotect(0x7fb9c82fd000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3616] clone(child_stack=0x7fb9c831c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7], tls=0x7fb9c831c700, child_tidptr=0x7fb9c831c9d0) = 7
./strace-static-x86_64: Process 3617 attached
[pid  3616] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3616] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3617] set_robust_list(0x7fb9c831c9e0, 24) = 0
[pid  3617] openat(AT_FDCWD, "/dev/net/tun", O_RDONLY) = 3
[pid  3617] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3616] <... futex resumed>)        = 0
[pid  3617] futex(0x7fb9c83f4428, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable)
[pid  3616] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3617] ioctl(3, TUNSETIFF, 0x20000200 <unfinished ...>
[pid  3616] <... futex resumed>)        = 0
[pid  3616] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3617] <... ioctl resumed>)        = 0
[pid  3617] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3616] <... futex resumed>)        = 0
[pid  3617] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE <unfinished ...>
[pid  3616] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3616] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3617] <... socket resumed>)       = 4
[pid  3617] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3616] <... futex resumed>)        = 0
[pid  3617] socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL) <unfinished ...>
[pid  3616] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3616] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3617] <... socket resumed>)       = 5
[pid  3617] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3616] <... futex resumed>)        = 0
[pid  3616] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3616] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3617] ioctl(3, TUNSETQUEUE, 0x20000000) = 0
[pid  3617] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3616] <... futex resumed>)        = 0
[pid  3616] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3617] ioctl(5, SIOCGIFINDEX, {ifr_name="rose0" <unfinished ...>
[pid  3616] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3617] <... ioctl resumed>, ifr_ifindex=15}) = 0
[pid  3617] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3616] <... futex resumed>)        = 0
[pid  3617] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x34\x00\x00\x00\x11\x00\x01\xe9\x0d\x7d\x1f\x07\xde\x1c\x8b\x3e\xec\x45\xb2\xfc\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=52}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 <unfinished ...>
[pid  3616] futex(0x7fb9c83f4428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3616] futex(0x7fb9c83f442c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3616] futex(0x7fb9c83f443c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb9c82db000
[pid  3616] mprotect(0x7fb9c82dc000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3616] clone(child_stack=0x7fb9c82fb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[8], tls=0x7fb9c82fb700, child_tidptr=0x7fb9c82fb9d0) = 8
[pid  3616] futex(0x7fb9c83f4438, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3616] futex(0x7fb9c83f443c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3618 attached
 <unfinished ...>
[pid  3618] set_robust_list(0x7fb9c82fb9e0, 24) = 0
[pid  3618] ioctl(3, TUNSETIFF, 0x20000200 <unfinished ...>
[pid  3617] <... sendmsg resumed>)      = 52
[pid  3617] futex(0x7fb9c83f442c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   49.588857][ T3617] netlink: 20 bytes leftover after parsing attributes in process `syz-executor367'.
[   49.644857][ T3618] ------------[ cut here ]------------
[   49.644867][ T3618] WARNING: CPU: 0 PID: 3618 at net/core/dev.c:6357 netif_napi_add_weight+0x7e8/0x9e0
[   49.660622][ T3618] Modules linked in:
[   49.664907][ T3618] CPU: 0 PID: 3618 Comm: syz-executor367 Not tainted 5.19.0-rc3-syzkaller #0
[   49.673760][ T3618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.683943][ T3618] RIP: 0010:netif_napi_add_weight+0x7e8/0x9e0
[pid  3617] futex(0x7fb9c83f4428, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3616] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[   49.690050][ T3618] Code: b6 04 02 48 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f 85 a4 00 00 00 48 8b 04 24 80 a0 b1 0b 00 00 fd e9 6c fd ff ff e8 78 22 27 fa <0f> 0b e9 60 fd ff ff e8 0c e7 73 fa e9 4c fe ff ff e8 f2 e6 73 fa
[   49.709825][ T3618] RSP: 0018:ffffc9000311fb18 EFLAGS: 00010293
[   49.716242][ T3618] RAX: 0000000000000000 RBX: ffff888020f60001 RCX: 0000000000000000
[   49.724396][ T3618] RDX: ffff8880271fd880 RSI: ffffffff87535308 RDI: 0000000000000001
[   49.732515][ T3618] RBP: ffff888020f605d8 R08: 0000000000000001 R09: 0000000000000000
[   49.740620][ T3618] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888020f605e8
[   49.748733][ T3618] R13: ffff888020f605d8 R14: ffff888025e68c80 R15: 0000000000000000
[   49.756882][ T3618] FS:  00007fb9c82fb700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   49.766030][ T3618] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   49.772794][ T3618] CR2: 00007fb9c83abf90 CR3: 000000001cf6e000 CR4: 00000000003506f0
[   49.780905][ T3618] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   49.788962][ T3618] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   49.797073][ T3618] Call Trace:
[   49.800423][ T3618]  <TASK>
[   49.803709][ T3618]  ? owner_show+0x130/0x130
[   49.808234][ T3618]  ? __xdp_rxq_info_reg+0x189/0x340
[   49.813826][ T3618]  tun_attach.isra.0+0x1096/0x16c0
[   49.818976][ T3618]  tun_net_init+0x45e/0x660
[   49.823897][ T3618]  ? tun_attach.isra.0+0x16c0/0x16c0
[   49.829207][ T3618]  register_netdevice+0x57d/0x15b0
[   49.834606][ T3618]  ? netdev_change_features+0xb0/0xb0
[   49.839982][ T3618]  ? dev_addr_mod+0x2c9/0x3f0
[   49.844930][ T3618]  __tun_chr_ioctl+0x2a19/0x3da0
[   49.849888][ T3618]  ? tun_chr_read_iter+0x270/0x270
[   49.855566][ T3618]  ? calibrate_delay+0xd83/0x1120
[   49.860702][ T3618]  ? __fget_files+0x26a/0x440
[   49.865412][ T3618]  ? bpf_lsm_file_ioctl+0x5/0x10
[   49.870387][ T3618]  ? tun_chr_compat_ioctl+0x30/0x30
[   49.875694][ T3618]  __x64_sys_ioctl+0x193/0x200
[   49.880497][ T3618]  do_syscall_64+0x35/0xb0