./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1930471296

<...>
Warning: Permanently added '10.128.1.113' (ECDSA) to the list of known hosts.
execve("./syz-executor1930471296", ["./syz-executor1930471296"], 0x7ffd63d9bd80 /* 10 vars */) = 0
brk(NULL)                               = 0x555556185000
brk(0x555556185c40)                     = 0x555556185c40
arch_prctl(ARCH_SET_FS, 0x555556185300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1930471296", 4096) = 28
brk(0x5555561a6c40)                     = 0x5555561a6c40
brk(0x5555561a7000)                     = 0x5555561a7000
mprotect(0x7fba0bfa3000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
pipe([3, 4])                            = 0
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 5
close(5)                                = 0
write(4, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x23\x25\x2d\x72\x40\x25\x20\x20\x6d\x65\x6d\x6f\x72\x79\x2e\x65\x76\x65\x6e\x74\x73\x00\x20\x6d\x65\x6d\x6f\x72\x79\x2e\x65\x76\x65\x6e\x74\x73\x00\x20\x20\x2d\x5c\x27\x2e\x20\x6d\x65\x6d\x6f\x72\x79\x2e\x65\x76\x65\x6e\x74\x73\x00\x20\x73\x79\x7a\x30\x0a", 75) = 75
socket(AF_INET, SOCK_RAW, IPPROTO_ICMP) = 5
bind(5, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("172.20.20.170")}, 16) = -1 EADDRNOTAVAIL (Cannot assign requested address)
connect(5, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("224.0.0.1")}, 16) = 0
syzkaller login: [   59.046775][ T5001] ==================================================================
[   59.054856][ T5001] BUG: KASAN: stack-out-of-bounds in skb_splice_from_iter+0xcd6/0xd70
[   59.063017][ T5001] Read of size 8 at addr ffffc900039bf8f8 by task syz-executor193/5001
[   59.071265][ T5001] 
[   59.073589][ T5001] CPU: 1 PID: 5001 Comm: syz-executor193 Not tainted 6.4.0-rc5-syzkaller-00915-ge7c5433c5aaa #0
[   59.084424][ T5001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   59.094476][ T5001] Call Trace:
[   59.097805][ T5001]  <TASK>
[   59.100757][ T5001]  dump_stack_lvl+0xd9/0x150
[   59.105360][ T5001]  print_address_description.constprop.0+0x2c/0x3c0
[   59.112040][ T5001]  ? skb_splice_from_iter+0xcd6/0xd70
[   59.117424][ T5001]  kasan_report+0x11c/0x130
[   59.122030][ T5001]  ? skb_splice_from_iter+0xcd6/0xd70
[   59.127430][ T5001]  skb_splice_from_iter+0xcd6/0xd70
[   59.132675][ T5001]  ? skb_copy_expand+0x400/0x400
[   59.137662][ T5001]  ? __alloc_skb+0x1c4/0x330
[   59.142261][ T5001]  ? __napi_build_skb+0x50/0x50
[   59.147121][ T5001]  ? __lock_acquire+0x28bf/0x5f30
[   59.152159][ T5001]  __ip_append_data+0x1439/0x3c20
[   59.157194][ T5001]  ? print_usage_bug.part.0+0x660/0x660
[   59.162751][ T5001]  ? raw_destroy+0x30/0x30
[   59.167193][ T5001]  ? ip_output+0x320/0x320
[   59.171710][ T5001]  ? ipv4_mtu+0x37d/0x4b0
[   59.176058][ T5001]  ? raw_destroy+0x30/0x30
[   59.180477][ T5001]  ip_append_data+0x115/0x1a0
[   59.185219][ T5001]  raw_sendmsg+0xb50/0x30a0
[   59.194902][ T5001]  ? print_usage_bug.part.0+0x650/0x660
[   59.200689][ T5001]  ? raw_recvmsg+0x790/0x790
[   59.205502][ T5001]  ? aa_profile_af_perm+0x470/0x470
[   59.211231][ T5001]  ? aa_sk_perm+0x31d/0xb10
[   59.215766][ T5001]  ? mutex_lock_io_nested+0x11a0/0x11a0
[   59.221348][ T5001]  ? aa_af_perm+0x240/0x240
[   59.225888][ T5001]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   59.231899][ T5001]  inet_sendmsg+0x9d/0xe0
[   59.236360][ T5001]  ? inet_send_prepare+0x530/0x530
[   59.241504][ T5001]  sock_sendmsg+0xde/0x190
[   59.245973][ T5001]  splice_to_socket+0x954/0xe30
[   59.250865][ T5001]  ? splice_from_pipe+0x140/0x140
[   59.256055][ T5001]  ? aa_path_link+0x2f0/0x2f0
[   59.260964][ T5001]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   59.266992][ T5001]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   59.273003][ T5001]  ? apparmor_file_permission+0x272/0x4e0
[   59.278742][ T5001]  ? bpf_lsm_file_permission+0x9/0x10
[   59.284128][ T5001]  ? security_file_permission+0xaf/0xd0
[   59.289682][ T5001]  ? splice_from_pipe+0x140/0x140
[   59.294706][ T5001]  do_splice+0xb8c/0x1e50
[   59.299041][ T5001]  ? spin_bug+0x1c0/0x1c0
[   59.303399][ T5001]  ? splice_file_to_pipe+0x120/0x120
[   59.308712][ T5001]  ? direct_file_splice_eof+0xa0/0xa0
[   59.314118][ T5001]  ? find_held_lock+0x2d/0x110
[   59.318899][ T5001]  __do_splice+0x14e/0x270
[   59.323318][ T5001]  ? do_splice+0x1e50/0x1e50
[   59.327909][ T5001]  ? _raw_spin_unlock_irq+0x23/0x50
[   59.333125][ T5001]  __x64_sys_splice+0x19c/0x250
[   59.338085][ T5001]  do_syscall_64+0x39/0xb0
[   59.342518][ T5001]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.348427][ T5001] RIP: 0033:0x7fba0bf36d29
[   59.352845][ T5001] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   59.372456][ T5001] RSP: 002b:00007ffe0d4bac38 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   59.380871][ T5001] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fba0bf36d29
[   59.388966][ T5001] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[   59.397039][ T5001] RBP: 00007fba0befaed0 R08: 000000000004ffdd R09: 000000000000000d
[   59.405187][ T5001] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba0befaf60
[   59.413161][ T5001] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   59.421142][ T5001]  </TASK>
[   59.424159][ T5001] 
[   59.426491][ T5001] The buggy address belongs to stack of task syz-executor193/5001
[   59.434371][ T5001]  and is located at offset 408 in frame:
[   59.440080][ T5001]  raw_sendmsg+0x0/0x30a0
[   59.444427][ T5001] 
[   59.446749][ T5001] This frame has 8 objects:
[   59.451249][ T5001]  [48, 52) 'hdrincl'
[   59.451264][ T5001]  [64, 68) 'err'
[   59.455237][ T5001]  [80, 88) 'rt'
[   59.458866][ T5001]  [112, 152) 'ipc'
[   59.462410][ T5001]  [192, 240) 'state'
[   59.466218][ T5001]  [272, 336) 'fl4'
[   59.470290][ T5001]  [368, 392) 'rfv'
[   59.474107][ T5001]  [432, 504) 'opt_copy'
[   59.478000][ T5001] 
[   59.484549][ T5001] The buggy address belongs to the virtual mapping at
[   59.484549][ T5001]  [ffffc900039b8000, ffffc900039c1000) created by:
[   59.484549][ T5001]  kernel_clone+0xeb/0x890
[   59.502204][ T5001] 
[   59.504527][ T5001] The buggy address belongs to the physical page:
[   59.511712][ T5001] page:ffffea0001d6c880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75b22
[   59.521859][ T5001] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   59.528972][ T5001] page_type: 0xffffffff()
[   59.533384][ T5001] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   59.542057][ T5001] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   59.550638][ T5001] page dumped because: kasan: bad access detected
[   59.557043][ T5001] page_owner tracks the page as allocated
[   59.562754][ T5001] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 4968, tgid 4968 (dhcpcd-run-hook), ts 47435778840, free_ts 47434086594
[   59.582232][ T5001]  post_alloc_hook+0x2db/0x350
[   59.587008][ T5001]  get_page_from_freelist+0xf41/0x2c00
[   59.592483][ T5001]  __alloc_pages+0x1cb/0x4a0
[   59.597080][ T5001]  alloc_pages+0x1aa/0x270
[   59.601502][ T5001]  __vmalloc_node_range+0xb1c/0x14a0
[   59.606796][ T5001]  copy_process+0x13bb/0x75c0
[   59.611485][ T5001]  kernel_clone+0xeb/0x890
[   59.616010][ T5001]  __do_sys_clone+0xba/0x100
[   59.620625][ T5001]  do_syscall_64+0x39/0xb0
[   59.625051][ T5001]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.630958][ T5001] page last free stack trace:
[   59.635641][ T5001]  free_unref_page_prepare+0x62e/0xcb0
[   59.641158][ T5001]  free_unref_page_list+0xe3/0xa70
[   59.646291][ T5001]  release_pages+0xcd8/0x1380
[   59.650980][ T5001]  tlb_batch_pages_flush+0xa8/0x1a0
[   59.656188][ T5001]  tlb_finish_mmu+0x14b/0x7e0
[   59.660889][ T5001]  exit_mmap+0x2b2/0x930
[   59.665148][ T5001]  __mmput+0x128/0x4c0
[   59.669233][ T5001]  mmput+0x60/0x70
[   59.672965][ T5001]  do_exit+0x9b0/0x29b0
[   59.677132][ T5001]  do_group_exit+0xd4/0x2a0
[   59.681634][ T5001]  __x64_sys_exit_group+0x3e/0x50
[   59.686920][ T5001]  do_syscall_64+0x39/0xb0
[   59.691335][ T5001]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.697237][ T5001] 
[   59.699558][ T5001] Memory state around the buggy address:
[   59.705181][ T5001]  ffffc900039bf780: f1 f1 04 f2 00 00 00 f2 f2 f2 00 00 00 00 00 f2
[   59.713323][ T5001]  ffffc900039bf800: f2 f2 f2 f2 00 00 00 00 00 00 f2 f2 f2 f2 00 00
[   59.721379][ T5001] >ffffc900039bf880: 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 f2 f2 f2
[   59.729441][ T5001]                                                                 ^
[   59.737414][ T5001]  ffffc900039bf900: f2 f2 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3
[   59.745469][ T5001]  ffffc900039bf980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.753520][ T5001] ==================================================================
[   59.761838][ T5001] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   59.769050][ T5001] CPU: 0 PID: 5001 Comm: syz-executor193 Not tainted 6.4.0-rc5-syzkaller-00915-ge7c5433c5aaa #0
[   59.779480][ T5001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   59.789540][ T5001] Call Trace:
[   59.792820][ T5001]  <TASK>
[   59.795759][ T5001]  dump_stack_lvl+0xd9/0x150
[   59.800364][ T5001]  panic+0x686/0x730
[   59.804268][ T5001]  ? panic_smp_self_stop+0xa0/0xa0
[   59.809389][ T5001]  ? preempt_schedule_thunk+0x1a/0x20
[   59.814785][ T5001]  ? preempt_schedule_common+0x45/0xb0
[   59.820358][ T5001]  check_panic_on_warn+0xb1/0xc0
[   59.825482][ T5001]  end_report+0xe9/0x120
[   59.829743][ T5001]  ? skb_splice_from_iter+0xcd6/0xd70
[   59.835213][ T5001]  kasan_report+0xf9/0x130
[   59.839650][ T5001]  ? skb_splice_from_iter+0xcd6/0xd70
[   59.845032][ T5001]  skb_splice_from_iter+0xcd6/0xd70
[   59.850243][ T5001]  ? skb_copy_expand+0x400/0x400
[   59.855207][ T5001]  ? __alloc_skb+0x1c4/0x330
[   59.859803][ T5001]  ? __napi_build_skb+0x50/0x50
[   59.864662][ T5001]  ? __lock_acquire+0x28bf/0x5f30
[   59.869786][ T5001]  __ip_append_data+0x1439/0x3c20
[   59.874827][ T5001]  ? print_usage_bug.part.0+0x660/0x660
[   59.887018][ T5001]  ? raw_destroy+0x30/0x30
[   59.891441][ T5001]  ? ip_output+0x320/0x320
[   59.895866][ T5001]  ? ipv4_mtu+0x37d/0x4b0
[   59.900203][ T5001]  ? raw_destroy+0x30/0x30
[   59.904621][ T5001]  ip_append_data+0x115/0x1a0
[   59.909304][ T5001]  raw_sendmsg+0xb50/0x30a0
[   59.913825][ T5001]  ? print_usage_bug.part.0+0x650/0x660
[   59.919385][ T5001]  ? raw_recvmsg+0x790/0x790
[   59.924150][ T5001]  ? aa_profile_af_perm+0x470/0x470
[   59.929577][ T5001]  ? aa_sk_perm+0x31d/0xb10
[   59.934089][ T5001]  ? mutex_lock_io_nested+0x11a0/0x11a0
[   59.939647][ T5001]  ? aa_af_perm+0x240/0x240
[   59.944152][ T5001]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   59.950146][ T5001]  inet_sendmsg+0x9d/0xe0
[   59.954476][ T5001]  ? inet_send_prepare+0x530/0x530
[   59.959587][ T5001]  sock_sendmsg+0xde/0x190
[   59.964004][ T5001]  splice_to_socket+0x954/0xe30
[   59.968865][ T5001]  ? splice_from_pipe+0x140/0x140
[   59.973896][ T5001]  ? aa_path_link+0x2f0/0x2f0
[   59.978598][ T5001]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   59.984584][ T5001]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   59.990686][ T5001]  ? apparmor_file_permission+0x272/0x4e0
[   59.996422][ T5001]  ? bpf_lsm_file_permission+0x9/0x10
[   60.001801][ T5001]  ? security_file_permission+0xaf/0xd0
[   60.007351][ T5001]  ? splice_from_pipe+0x140/0x140
[   60.012470][ T5001]  do_splice+0xb8c/0x1e50
[   60.016809][ T5001]  ? spin_bug+0x1c0/0x1c0
[   60.021149][ T5001]  ? splice_file_to_pipe+0x120/0x120
[   60.026434][ T5001]  ? direct_file_splice_eof+0xa0/0xa0
[   60.031816][ T5001]  ? find_held_lock+0x2d/0x110
[   60.036585][ T5001]  __do_splice+0x14e/0x270
[   60.041002][ T5001]  ? do_splice+0x1e50/0x1e50
[   60.045605][ T5001]  ? _raw_spin_unlock_irq+0x23/0x50
[   60.050817][ T5001]  __x64_sys_splice+0x19c/0x250
[   60.055701][ T5001]  do_syscall_64+0x39/0xb0
[   60.060127][ T5001]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.066032][ T5001] RIP: 0033:0x7fba0bf36d29
[   60.070450][ T5001] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   60.090059][ T5001] RSP: 002b:00007ffe0d4bac38 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   60.098497][ T5001] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fba0bf36d29
[   60.106476][ T5001] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[   60.114888][ T5001] RBP: 00007fba0befaed0 R08: 000000000004ffdd R09: 000000000000000d
[   60.122885][ T5001] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba0befaf60
[   60.130866][ T5001] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   60.138928][ T5001]  </TASK>
[   60.142157][ T5001] Kernel Offset: disabled
[   60.146481][ T5001] Rebooting in 86400 seconds..