./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3304801582

<...>
Warning: Permanently added '10.128.0.106' (ED25519) to the list of known hosts.
execve("./syz-executor3304801582", ["./syz-executor3304801582"], 0x7ffc10ae9630 /* 10 vars */) = 0
brk(NULL)                               = 0x55558d74e000
brk(0x55558d74ed00)                     = 0x55558d74ed00
arch_prctl(ARCH_SET_FS, 0x55558d74e380) = 0
set_tid_address(0x55558d74e650)         = 5839
set_robust_list(0x55558d74e660, 24)     = 0
rseq(0x55558d74eca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3304801582", 4096) = 28
getrandom("\xa6\xe0\xef\xba\xf3\x47\x4b\x57", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55558d74ed00
brk(0x55558d76fd00)                     = 0x55558d76fd00
brk(0x55558d770000)                     = 0x55558d770000
mprotect(0x7f85f5941000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5840 attached
, child_tidptr=0x55558d74e650) = 5840
[pid  5840] set_robust_list(0x55558d74e660, 24) = 0
[pid  5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5840] getppid()                   = 0
[pid  5840] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5840] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5840] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5840] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5840] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5840] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5840] unshare(CLONE_NEWNS)        = 0
[pid  5840] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5840] unshare(CLONE_NEWIPC)       = 0
[pid  5840] unshare(CLONE_NEWCGROUP)    = 0
[pid  5840] unshare(CLONE_NEWUTS)       = 0
[pid  5840] unshare(CLONE_SYSVSEM)      = 0
[pid  5840] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5840] write(3, "16777216", 8)     = 8
[pid  5840] close(3)                    = 0
[pid  5840] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5840] write(3, "536870912", 9)    = 9
[pid  5840] close(3)                    = 0
[pid  5840] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5840] write(3, "1024", 4)         = 4
[pid  5840] close(3)                    = 0
[pid  5840] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5840] write(3, "8192", 4)         = 4
[pid  5840] close(3)                    = 0
[pid  5840] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5840] write(3, "1024", 4)         = 4
[pid  5840] close(3)                    = 0
[pid  5840] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5840] write(3, "1024", 4)         = 4
[pid  5840] close(3)                    = 0
[pid  5840] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5840] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5840] close(3)                    = 0
[pid  5840] getpid()                    = 1
[pid  5840] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5840] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5840] unshare(CLONE_NEWNET)       = 0
[pid  5840] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5840] write(3, "0 65535", 7)      = 7
[pid  5840] close(3)                    = 0
[pid  5840] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid  5840] dup2(3, 200)                = 200
[pid  5840] close(3)                    = 0
[pid  5840] ioctl(200, TUNSETIFF, 0x7ffff4cd0900) = 0
[pid  5840] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid  5840] write(3, "0", 1)            = 1
[pid  5840] close(3)                    = 0
[pid  5840] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid  5840] write(3, "0", 1)            = 1
[pid  5840] close(3)                    = 0
[pid  5840] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  5840] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5840] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5840] close(4)                    = 0
[pid  5840] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5840] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5840] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5840] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5840] close(4)                    = 0
[pid  5840] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5840] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5840] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5840] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5840] close(4)                    = 0
[pid  5840] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid  5840] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5840] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5840] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5840] close(4)                    = 0
[pid  5840] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid  5840] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5840] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5840] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5840] close(4)                    = 0
[pid  5840] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid  5840] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5840] close(3)                    = 0
[pid  5840] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5840] write(3, "100000", 6)       = 6
[pid  5840] close(3)                    = 0
[pid  5840] mkdir("./syz-tmp", 0777)    = 0
[pid  5840] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5840] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5840] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5840] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5840] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5840] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5840] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5840] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5840] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5840] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5840] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5840] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5840] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5840] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5840] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5840] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5840] chdir("/")                  = 0
[pid  5840] umount2("./pivot", MNT_DETACH) = 0
[pid  5840] chroot("./newroot")         = 0
[pid  5840] chdir("/")                  = 0
[pid  5840] mkdir("/dev/binderfs", 0777) = 0
[pid  5840] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5840] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5840] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
executing program
[pid  5840] write(1, "executing program\n", 18) = 18
[pid  5840] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  5840] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid  5840] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LRU_PERCPU_HASH, key_size=5, value_size=2, max_entries=7, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 4
[pid  5840] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address)
[pid  5840] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 5
[pid  5840] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_free_percpu", prog_fd=5}}, 16) = 6
[pid  5840] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 7
[pid  5840] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_free_percpu", prog_fd=7}}, 16) = 8
[pid  5840] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP_HASH, key_size=4, value_size=8, max_entries=5, map_flags=0, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 9
[pid  5840] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=12, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148) = 10
[pid  5840] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=4, insns=0x20000580, license="GPL"}, 21) = 11
[pid  5840] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=9, key=0x20000480, value=0x200004c0, flags=BPF_ANY}, 32) = 0
[pid  5840] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=0x20000280, func_info_cnt=8, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 E2BIG (Argument list too long)
[pid  5840] bpf(BPF_PROG_TEST_RUN, {test={prog_fd=10, retval=4294967295, data_size_in=0, data_size_out=0, data_in=NULL, data_out=NULL, repeat=0, duration=0, ctx_size_in=0, ctx_size_out=0, ctx_in=NULL, ctx_out=NULL, flags=BPF_F_TEST_XDP_LIVE_FRAMES, cpu=128, batch_size=0}}, 87) = 0
[pid  5840] ioctl(3, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[   60.346571][ T5840] ------------[ cut here ]------------
[   60.352176][ T5840] WARNING: CPU: 0 PID: 5840 at net/core/page_pool.c:753 page_pool_put_unrefed_netmem+0x175/0xb00
[   60.362709][ T5840] Modules linked in:
[   60.366622][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor330 Not tainted 6.12.0-rc4-syzkaller-00168-ge31a8219fbfc #0
[   60.377709][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   60.387766][ T5840] RIP: 0010:page_pool_put_unrefed_netmem+0x175/0xb00
[   60.394438][ T5840] Code: 74 0e e8 ce 21 ee f7 eb 43 e8 c7 21 ee f7 eb 3c 65 8b 1d 3a d1 5b 76 31 ff 89 de e8 f5 25 ee f7 85 db 74 0b e8 ac 21 ee f7 90 <0f> 0b 90 eb 1d 65 8b 1d 17 d1 5b 76 31 ff 89 de e8 d6 25 ee f7 85
[   60.414029][ T5840] RSP: 0018:ffffc90003d66b50 EFLAGS: 00010093
[   60.420084][ T5840] RAX: ffffffff89a6bc85 RBX: 0000000000000000 RCX: ffff88803401da00
[   60.428040][ T5840] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   60.435995][ T5840] RBP: dffffc0000000000 R08: ffffffff89a6b62a R09: 1ffffd400012b5fd
[   60.443950][ T5840] R10: dffffc0000000000 R11: fffff9400012b5fe R12: 0000000000000000
[   60.451916][ T5840] R13: ffff888034f9f000 R14: ffffea000095afc0 R15: 00000000ffffffff
[   60.459882][ T5840] FS:  000055558d74e380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[   60.468799][ T5840] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   60.475386][ T5840] CR2: 0000000020001040 CR3: 0000000032fd2000 CR4: 00000000003526f0
[   60.483367][ T5840] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   60.491331][ T5840] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   60.499295][ T5840] Call Trace:
[   60.502561][ T5840]  <TASK>
[   60.505478][ T5840]  ? __warn+0x168/0x4e0
[   60.509620][ T5840]  ? page_pool_put_unrefed_netmem+0x175/0xb00
[   60.515690][ T5840]  ? report_bug+0x2b3/0x500
[   60.520197][ T5840]  ? page_pool_put_unrefed_netmem+0x175/0xb00
[   60.526254][ T5840]  ? handle_bug+0x60/0x90
[   60.530565][ T5840]  ? exc_invalid_op+0x1a/0x50
[   60.535223][ T5840]  ? asm_exc_invalid_op+0x1a/0x20
[   60.540251][ T5840]  ? page_pool_put_unrefed_netmem+0x18a/0xb00
[   60.546318][ T5840]  ? page_pool_put_unrefed_netmem+0x7e5/0xb00
[   60.552382][ T5840]  ? page_pool_put_unrefed_netmem+0x175/0xb00
[   60.558443][ T5840]  ? __xdp_return+0x3e8/0x9d0
[   60.563117][ T5840]  tun_device_event+0xaaf/0x1080
[   60.568069][ T5840]  notifier_call_chain+0x19f/0x3e0
[   60.573175][ T5840]  dev_change_tx_queue_len+0x158/0x2a0
[   60.578626][ T5840]  ? __pfx_dev_change_tx_queue_len+0x10/0x10
[   60.584592][ T5840]  ? __pfx_validate_chain+0x10/0x10
[   60.589820][ T5840]  do_setlink+0xff9/0x41f0
[   60.594229][ T5840]  ? __pfx_validate_chain+0x10/0x10
[   60.599410][ T5840]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.605503][ T5840]  ? unwind_next_frame+0x18e6/0x22d0
[   60.610787][ T5840]  ? __pfx_do_setlink+0x10/0x10
[   60.615633][ T5840]  ? __nla_validate_parse+0x26ce/0x3090
[   60.621174][ T5840]  ? __pfx___nla_validate_parse+0x10/0x10
[   60.626876][ T5840]  ? __pfx_validate_chain+0x10/0x10
[   60.632070][ T5840]  ? __lock_acquire+0x1384/0x2050
[   60.637087][ T5840]  ? validate_linkmsg+0x71e/0x900
[   60.642098][ T5840]  rtnl_setlink+0x40d/0x5a0
[   60.646583][ T5840]  ? mark_lock+0x9a/0x360
[   60.650902][ T5840]  ? __pfx_rtnl_setlink+0x10/0x10
[   60.655947][ T5840]  ? __pfx_lock_release+0x10/0x10
[   60.660981][ T5840]  ? __pfx___mutex_lock+0x10/0x10
[   60.665999][ T5840]  ? __pfx_rtnl_setlink+0x10/0x10
[   60.671009][ T5840]  rtnetlink_rcv_msg+0x73f/0xcf0
[   60.675935][ T5840]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[   60.681032][ T5840]  ? __lock_acquire+0x1384/0x2050
[   60.686049][ T5840]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   60.691505][ T5840]  netlink_rcv_skb+0x1e3/0x430
[   60.696256][ T5840]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   60.701701][ T5840]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   60.706980][ T5840]  ? netlink_deliver_tap+0x2e/0x1b0
[   60.712161][ T5840]  netlink_unicast+0x7f6/0x990
[   60.716914][ T5840]  ? __pfx_netlink_unicast+0x10/0x10
[   60.722186][ T5840]  ? __virt_addr_valid+0x183/0x530
[   60.727283][ T5840]  ? __check_object_size+0x48e/0x900
[   60.732558][ T5840]  netlink_sendmsg+0x8e4/0xcb0
[   60.737311][ T5840]  ? __pfx_netlink_sendmsg+0x10/0x10
[   60.742582][ T5840]  ? aa_sock_msg_perm+0x91/0x160
[   60.747509][ T5840]  ? __pfx_netlink_sendmsg+0x10/0x10
[   60.752778][ T5840]  __sock_sendmsg+0x221/0x270
[   60.757443][ T5840]  ____sys_sendmsg+0x52a/0x7e0
[   60.762197][ T5840]  ? __pfx_____sys_sendmsg+0x10/0x10
[   60.767470][ T5840]  ? do_raw_spin_lock+0x14f/0x370
[   60.772487][ T5840]  __sys_sendmsg+0x292/0x380
[   60.777069][ T5840]  ? __pfx___sys_sendmsg+0x10/0x10
[   60.782171][ T5840]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.788521][ T5840]  ? _raw_spin_unlock_irq+0x2e/0x50
[   60.793736][ T5840]  ? ptrace_notify+0x279/0x380
[   60.798510][ T5840]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.804956][ T5840]  ? do_syscall_64+0x100/0x230
[   60.809768][ T5840]  do_syscall_64+0xf3/0x230
[   60.814265][ T5840]  ? clear_bhb_loop+0x35/0x90
[   60.818932][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.824810][ T5840] RIP: 0033:0x7f85f58c80e9
[   60.829224][ T5840] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   60.848817][ T5840] RSP: 002b:00007ffff4cd08a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   60.857219][ T5840] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f85f58c80e9
[   60.865175][ T5840] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
[   60.873132][ T5840] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   60.881114][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   60.889069][ T5840] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   60.897035][ T5840]  </TASK>
[   60.900041][ T5840] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   60.907311][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor330 Not tainted 6.12.0-rc4-syzkaller-00168-ge31a8219fbfc #0
[   60.918394][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   60.928430][ T5840] Call Trace:
[   60.931692][ T5840]  <TASK>
[   60.934608][ T5840]  dump_stack_lvl+0x241/0x360
[   60.939300][ T5840]  ? __pfx_dump_stack_lvl+0x10/0x10
[   60.944482][ T5840]  ? __pfx__printk+0x10/0x10
[   60.949057][ T5840]  ? _printk+0xd5/0x120
[   60.953192][ T5840]  ? __init_begin+0x41000/0x41000
[   60.958220][ T5840]  ? vscnprintf+0x5d/0x90
[   60.962534][ T5840]  panic+0x349/0x880
[   60.966414][ T5840]  ? __warn+0x177/0x4e0
[   60.970553][ T5840]  ? __pfx_panic+0x10/0x10
[   60.974949][ T5840]  ? show_trace_log_lvl+0x3b2/0x410
[   60.980136][ T5840]  __warn+0x34b/0x4e0
[   60.984189][ T5840]  ? page_pool_put_unrefed_netmem+0x175/0xb00
[   60.990242][ T5840]  report_bug+0x2b3/0x500
[   60.994552][ T5840]  ? page_pool_put_unrefed_netmem+0x175/0xb00
[   61.000606][ T5840]  handle_bug+0x60/0x90
[   61.004759][ T5840]  exc_invalid_op+0x1a/0x50
[   61.009245][ T5840]  asm_exc_invalid_op+0x1a/0x20
[   61.014084][ T5840] RIP: 0010:page_pool_put_unrefed_netmem+0x175/0xb00
[   61.020772][ T5840] Code: 74 0e e8 ce 21 ee f7 eb 43 e8 c7 21 ee f7 eb 3c 65 8b 1d 3a d1 5b 76 31 ff 89 de e8 f5 25 ee f7 85 db 74 0b e8 ac 21 ee f7 90 <0f> 0b 90 eb 1d 65 8b 1d 17 d1 5b 76 31 ff 89 de e8 d6 25 ee f7 85
[   61.040386][ T5840] RSP: 0018:ffffc90003d66b50 EFLAGS: 00010093
[   61.046447][ T5840] RAX: ffffffff89a6bc85 RBX: 0000000000000000 RCX: ffff88803401da00
[   61.054406][ T5840] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   61.062366][ T5840] RBP: dffffc0000000000 R08: ffffffff89a6b62a R09: 1ffffd400012b5fd
[   61.070334][ T5840] R10: dffffc0000000000 R11: fffff9400012b5fe R12: 0000000000000000
[   61.078308][ T5840] R13: ffff888034f9f000 R14: ffffea000095afc0 R15: 00000000ffffffff
[   61.086273][ T5840]  ? page_pool_put_unrefed_netmem+0x18a/0xb00
[   61.092330][ T5840]  ? page_pool_put_unrefed_netmem+0x7e5/0xb00
[   61.098389][ T5840]  ? __xdp_return+0x3e8/0x9d0
[   61.103074][ T5840]  tun_device_event+0xaaf/0x1080
[   61.108035][ T5840]  notifier_call_chain+0x19f/0x3e0
[   61.113148][ T5840]  dev_change_tx_queue_len+0x158/0x2a0
[   61.118615][ T5840]  ? __pfx_dev_change_tx_queue_len+0x10/0x10
[   61.124703][ T5840]  ? __pfx_validate_chain+0x10/0x10
[   61.129912][ T5840]  do_setlink+0xff9/0x41f0
[   61.134763][ T5840]  ? __pfx_validate_chain+0x10/0x10
[   61.139968][ T5840]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.146044][ T5840]  ? unwind_next_frame+0x18e6/0x22d0
[   61.151325][ T5840]  ? __pfx_do_setlink+0x10/0x10
[   61.156185][ T5840]  ? __nla_validate_parse+0x26ce/0x3090
[   61.161738][ T5840]  ? __pfx___nla_validate_parse+0x10/0x10
[   61.167455][ T5840]  ? __pfx_validate_chain+0x10/0x10
[   61.172670][ T5840]  ? __lock_acquire+0x1384/0x2050
[   61.177794][ T5840]  ? validate_linkmsg+0x71e/0x900
[   61.182819][ T5840]  rtnl_setlink+0x40d/0x5a0
[   61.187488][ T5840]  ? mark_lock+0x9a/0x360
[   61.191845][ T5840]  ? __pfx_rtnl_setlink+0x10/0x10
[   61.196906][ T5840]  ? __pfx_lock_release+0x10/0x10
[   61.202118][ T5840]  ? __pfx___mutex_lock+0x10/0x10
[   61.207143][ T5840]  ? __pfx_rtnl_setlink+0x10/0x10
[   61.212157][ T5840]  rtnetlink_rcv_msg+0x73f/0xcf0
[   61.217085][ T5840]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[   61.222183][ T5840]  ? __lock_acquire+0x1384/0x2050
[   61.227197][ T5840]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   61.232648][ T5840]  netlink_rcv_skb+0x1e3/0x430
[   61.237397][ T5840]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   61.242842][ T5840]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   61.248130][ T5840]  ? netlink_deliver_tap+0x2e/0x1b0
[   61.253312][ T5840]  netlink_unicast+0x7f6/0x990
[   61.258067][ T5840]  ? __pfx_netlink_unicast+0x10/0x10
[   61.263335][ T5840]  ? __virt_addr_valid+0x183/0x530
[   61.268430][ T5840]  ? __check_object_size+0x48e/0x900
[   61.273798][ T5840]  netlink_sendmsg+0x8e4/0xcb0
[   61.278550][ T5840]  ? __pfx_netlink_sendmsg+0x10/0x10
[   61.283822][ T5840]  ? aa_sock_msg_perm+0x91/0x160
[   61.288760][ T5840]  ? __pfx_netlink_sendmsg+0x10/0x10
[   61.294111][ T5840]  __sock_sendmsg+0x221/0x270
[   61.298791][ T5840]  ____sys_sendmsg+0x52a/0x7e0
[   61.303556][ T5840]  ? __pfx_____sys_sendmsg+0x10/0x10
[   61.308833][ T5840]  ? do_raw_spin_lock+0x14f/0x370
[   61.313847][ T5840]  __sys_sendmsg+0x292/0x380
[   61.318427][ T5840]  ? __pfx___sys_sendmsg+0x10/0x10
[   61.323527][ T5840]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   61.329851][ T5840]  ? _raw_spin_unlock_irq+0x2e/0x50
[   61.335040][ T5840]  ? ptrace_notify+0x279/0x380
[   61.339803][ T5840]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   61.346139][ T5840]  ? do_syscall_64+0x100/0x230
[   61.350891][ T5840]  do_syscall_64+0xf3/0x230
[   61.355387][ T5840]  ? clear_bhb_loop+0x35/0x90
[   61.360056][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.365930][ T5840] RIP: 0033:0x7f85f58c80e9
[   61.370331][ T5840] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   61.389932][ T5840] RSP: 002b:00007ffff4cd08a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   61.398367][ T5840] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f85f58c80e9
[   61.406333][ T5840] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
[   61.414309][ T5840] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   61.422271][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   61.430226][ T5840] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   61.438197][ T5840]  </TASK>
[   61.441453][ T5840] Kernel Offset: disabled
[   61.445809][ T5840] Rebooting in 86400 seconds..