./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1123606454
<...>
DUID 00:04:8a:84:28:17:ce:93:6d:14:d5:a0:40:fa:67:36:71:42
forked to background, child pid 3207
[ 31.827853][ T3208] 8021q: adding VLAN 0 to HW filter on device bond0
[ 31.837503][ T3208] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts.
execve("./syz-executor1123606454", ["./syz-executor1123606454"], 0x7ffd9787bea0 /* 10 vars */) = 0
brk(NULL) = 0x5555561ab000
brk(0x5555561abc40) = 0x5555561abc40
arch_prctl(ARCH_SET_FS, 0x5555561ab300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1123606454", 4096) = 28
brk(0x5555561ccc40) = 0x5555561ccc40
brk(0x5555561cd000) = 0x5555561cd000
mprotect(0x7f9f1c65a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3630 attached
, child_tidptr=0x5555561ab5d0) = 3630
[pid 3630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3630] setpgid(0, 0) = 0
[pid 3630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3630] write(3, "1000", 4) = 4
[pid 3630] close(3) = 0
[pid 3630] socket(AF_RXRPC, SOCK_DGRAM, AF_INET) = 3
[pid 3630] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("255.255.255.255")}}}, 36) = 0
[pid 3630] exit_group(0) = ?
[pid 3630] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3630, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3632 attached
, child_tidptr=0x5555561ab5d0) = 3632
[pid 3632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3632] setpgid(0, 0) = 0
[pid 3632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3632] write(3, "1000", 4) = 4
[pid 3632] close(3) = 0
[pid 3632] socket(AF_RXRPC, SOCK_DGRAM, AF_INET) = 3
[pid 3632] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("255.255.255.255")}}}, 36) = 0
[pid 3632] exit_group(0) = ?
[pid 3632] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3632, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561ab5d0) = 3634
./strace-static-x86_64: Process 3634 attached
[pid 3634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3634] setpgid(0, 0) = 0
[pid 3634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3634] write(3, "1000", 4) = 4
[pid 3634] close(3) = 0
[pid 3634] socket(AF_RXRPC, SOCK_DGRAM, AF_INET) = 3
[pid 3634] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("255.255.255.255")}}}, 36) = 0
[pid 3634] exit_group(0) = ?
[pid 3634] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3634, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561ab5d0) = 3636
./strace-static-x86_64: Process 3636 attached
[pid 3636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3636] setpgid(0, 0) = 0
[pid 3636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3636] write(3, "1000", 4) = 4
[pid 3636] close(3) = 0
[pid 3636] socket(AF_RXRPC, SOCK_DGRAM, AF_INET) = 3
[pid 3636] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("255.255.255.255")}}}, 36) = -1 EADDRINUSE (Address already in use)
[pid 3636] exit_group(0) = ?
[pid 3636] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3636, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561ab5d0) = 3637
./strace-static-x86_64: Process 3637 attached
[pid 3637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3637] setpgid(0, 0) = 0
[pid 3637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3637] write(3, "1000", 4) = 4
[pid 3637] close(3) = 0
[pid 3637] socket(AF_RXRPC, SOCK_DGRAM, AF_INET) = 3
[pid 3637] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("255.255.255.255")}}}, 36) = -1 EADDRINUSE (Address already in use)
[pid 3637] exit_group(0) = ?
[pid 3637] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3637, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3638 attached
, child_tidptr=0x5555561ab5d0) = 3638
[pid 3638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3638] setpgid(0, 0) = 0
[pid 3638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3638] write(3, "1000", 4) = 4
[pid 3638] close(3) = 0
[pid 3638] socket(AF_RXRPC, SOCK_DGRAM, AF_INET) = 3
[pid 3638] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("255.255.255.255")}}}, 36) = -1 EADDRINUSE (Address already in use)
[pid 3638] exit_group(0) = ?
[pid 3638] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3638, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561ab5d0) = 3639
./strace-static-x86_64: Process 3639 attached
[pid 3639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3639] setpgid(0, 0) = 0
[pid 3639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3639] write(3, "1000", 4) = 4
[pid 3639] close(3) = 0
[pid 3639] socket(AF_RXRPC, SOCK_DGRAM, AF_INET) = 3
[pid 3639] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("255.255.255.255")}}}, 36) = -1 EADDRINUSE (Address already in use)
[pid 3639] exit_group(0) = ?
[pid 3639] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3639, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561ab5d0) = 3640
./strace-static-x86_64: Process 3640 attached
[pid 3640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3640] setpgid(0, 0) = 0
[pid 3640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3640] write(3, "1000", 4) = 4
[pid 3640] close(3) = 0
[pid 3640] socket(AF_RXRPC, SOCK_DGRAM, AF_INET) = 3
[pid 3640] bind(3, {sa_family=AF_RXRPC, srx_service=0x2 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=16, transport={sin={sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("255.255.255.255")}}}, 36) = -1 EADDRINUSE (Address already in use)
[pid 3640] exit_group(0) = ?
[pid 3640] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3640, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3641 attached
, child_tidptr=0x5555561ab5d0) = 3641
[pid 3641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3641] setpgid(0, 0) = 0
[pid 3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3641] write(3, "1000", 4) = 4
[pid 3641] close(3) = 0
[pid 3641] socket(AF_RXRPC, SOCK_DGRAM, AF_INET) = 3
syzkaller login: [ 56.727428][ T3641] ==================================================================
[ 56.735530][ T3641] BUG: KASAN: use-after-free in rxrpc_lookup_local+0xdcf/0xfb0
[ 56.743094][ T3641] Read of size 2 at addr ffff888022b3521c by task syz-executor112/3641
[ 56.751320][ T3641]
[ 56.753632][ T3641] CPU: 0 PID: 3641 Comm: syz-executor112 Not tainted 6.1.0-rc7-syzkaller-01810-gc9f8d73645b6 #0
[ 56.764028][ T3641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 56.774075][ T3641] Call Trace:
[ 56.777358][ T3641]
[ 56.780284][ T3641] dump_stack_lvl+0xd1/0x138
[ 56.784877][ T3641] print_report+0x15e/0x45d
[ 56.789370][ T3641] ? __phys_addr+0xc8/0x140
[ 56.793866][ T3641] ? rxrpc_lookup_local+0xdcf/0xfb0
[ 56.799056][ T3641] kasan_report+0xbf/0x1f0
[ 56.803465][ T3641] ? rxrpc_lookup_local+0xdcf/0xfb0
[ 56.808654][ T3641] rxrpc_lookup_local+0xdcf/0xfb0
[ 56.813687][ T3641] rxrpc_bind+0x35e/0x5c0
[ 56.818016][ T3641] __sys_bind+0x1ed/0x260
[ 56.822344][ T3641] ? __ia32_sys_socketpair+0x100/0x100
[ 56.827803][ T3641] ? _raw_spin_unlock_irq+0x23/0x50
[ 56.833099][ T3641] ? lockdep_hardirqs_on+0x7d/0x100
[ 56.838316][ T3641] ? _raw_spin_unlock_irq+0x2e/0x50
[ 56.843514][ T3641] __x64_sys_bind+0x73/0xb0
[ 56.848009][ T3641] do_syscall_64+0x39/0xb0
[ 56.852420][ T3641] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.858303][ T3641] RIP: 0033:0x7f9f1c5edd39
[ 56.862702][ T3641] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 56.882294][ T3641] RSP: 002b:00007ffdd21e4598 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 56.890692][ T3641] RAX: ffffffffffffffda RBX: 000000000000dd76 RCX: 00007f9f1c5edd39
[ 56.898645][ T3641] RDX: 0000000000000024 RSI: 0000000020000040 RDI: 0000000000000003
[ 56.906623][ T3641] RBP: 0000000000000000 R08: 00007ffdd21e4738 R09: 00007ffdd21e4738
[ 56.914590][ T3641] R10: 00007ffdd21e4010 R11: 0000000000000246 R12: 00007ffdd21e45ac
[ 56.922551][ T3641] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 56.930516][ T3641]
[ 56.933520][ T3641]
[ 56.935825][ T3641] Allocated by task 3634:
[ 56.940136][ T3641] kasan_save_stack+0x22/0x40
[ 56.944814][ T3641] kasan_set_track+0x25/0x30
[ 56.949392][ T3641] __kasan_kmalloc+0xa5/0xb0
[ 56.953969][ T3641] rxrpc_lookup_local+0x4d9/0xfb0
[ 56.958980][ T3641] rxrpc_bind+0x35e/0x5c0
[ 56.963290][ T3641] __sys_bind+0x1ed/0x260
[ 56.967600][ T3641] __x64_sys_bind+0x73/0xb0
[ 56.972103][ T3641] do_syscall_64+0x39/0xb0
[ 56.976513][ T3641] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.982392][ T3641]
[ 56.984698][ T3641] Freed by task 3624:
[ 56.988678][ T3641] kasan_save_stack+0x22/0x40
[ 56.993368][ T3641] kasan_set_track+0x25/0x30
[ 56.997955][ T3641] kasan_save_free_info+0x2e/0x40
[ 57.002977][ T3641] ____kasan_slab_free+0x160/0x1c0
[ 57.008077][ T3641] slab_free_freelist_hook+0x8b/0x1c0
[ 57.013465][ T3641] __kmem_cache_free+0xaf/0x3b0
[ 57.018303][ T3641] rcu_core+0x81f/0x1980
[ 57.022616][ T3641] __do_softirq+0x1fb/0xadc
[ 57.027113][ T3641]
[ 57.029424][ T3641] Last potentially related work creation:
[ 57.035130][ T3641] kasan_save_stack+0x22/0x40
[ 57.039829][ T3641] __kasan_record_aux_stack+0xbc/0xd0
[ 57.045201][ T3641] call_rcu+0x9d/0x820
[ 57.049260][ T3641] rxrpc_put_local.part.0+0x128/0x170
[ 57.054636][ T3641] rxrpc_put_local+0x25/0x30
[ 57.059234][ T3641] rxrpc_release+0x237/0x550
[ 57.063851][ T3641] __sock_release+0xcd/0x280
[ 57.068437][ T3641] sock_close+0x1c/0x20
[ 57.072582][ T3641] __fput+0x27c/0xa90
[ 57.076555][ T3641] task_work_run+0x16f/0x270
[ 57.081137][ T3641] do_exit+0xb3d/0x2a30
[ 57.085282][ T3641] do_group_exit+0xd4/0x2a0
[ 57.089774][ T3641] __x64_sys_exit_group+0x3e/0x50
[ 57.094794][ T3641] do_syscall_64+0x39/0xb0
[ 57.099200][ T3641] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.105081][ T3641]
[ 57.107387][ T3641] The buggy address belongs to the object at ffff888022b35000
[ 57.107387][ T3641] which belongs to the cache kmalloc-1k of size 1024
[ 57.121432][ T3641] The buggy address is located 540 bytes inside of
[ 57.121432][ T3641] 1024-byte region [ffff888022b35000, ffff888022b35400)
[ 57.134792][ T3641]
[ 57.137104][ T3641] The buggy address belongs to the physical page:
[ 57.143504][ T3641] page:ffffea00008acc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22b30
[ 57.153649][ T3641] head:ffffea00008acc00 order:3 compound_mapcount:0 compound_pincount:0
[ 57.161959][ T3641] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 57.169925][ T3641] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888012041dc0
[ 57.178495][ T3641] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 57.187143][ T3641] page dumped because: kasan: bad access detected
[ 57.193531][ T3641] page_owner tracks the page as allocated
[ 57.199226][ T3641] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3624, tgid 3624 (sshd), ts 56650444929, free_ts 56632976403
[ 57.220082][ T3641] get_page_from_freelist+0x10b5/0x2d50
[ 57.225795][ T3641] __alloc_pages+0x1cb/0x5b0
[ 57.230364][ T3641] alloc_pages+0x1aa/0x270
[ 57.234767][ T3641] allocate_slab+0x213/0x300
[ 57.239340][ T3641] ___slab_alloc+0xa91/0x1400
[ 57.244002][ T3641] __slab_alloc.constprop.0+0x56/0xa0
[ 57.249360][ T3641] __kmem_cache_alloc_node+0x199/0x3e0
[ 57.254819][ T3641] __kmalloc_node_track_caller+0x4b/0xc0
[ 57.260455][ T3641] __alloc_skb+0xe9/0x310
[ 57.264764][ T3641] tcp_stream_alloc_skb+0x3c/0x580
[ 57.269945][ T3641] tcp_sendmsg_locked+0xc4f/0x2960
[ 57.275046][ T3641] tcp_sendmsg+0x2f/0x50
[ 57.279275][ T3641] inet_sendmsg+0x9d/0xe0
[ 57.283601][ T3641] sock_sendmsg+0xd3/0x120
[ 57.287998][ T3641] sock_write_iter+0x295/0x3d0
[ 57.292759][ T3641] vfs_write+0x9ed/0xdd0
[ 57.296990][ T3641] page last free stack trace:
[ 57.301639][ T3641] free_pcp_prepare+0x65c/0xd90
[ 57.306478][ T3641] free_unref_page+0x1d/0x4d0
[ 57.311142][ T3641] __unfreeze_partials+0x17c/0x1a0
[ 57.316239][ T3641] qlist_free_all+0x6a/0x170
[ 57.320828][ T3641] kasan_quarantine_reduce+0x184/0x210
[ 57.326272][ T3641] __kasan_slab_alloc+0x66/0x90
[ 57.331112][ T3641] __kmem_cache_alloc_node+0x2e2/0x3e0
[ 57.336555][ T3641] __kmalloc+0x4a/0xd0
[ 57.340614][ T3641] tomoyo_supervisor+0xb60/0xf10
[ 57.345535][ T3641] tomoyo_env_perm+0x183/0x200
[ 57.350285][ T3641] tomoyo_find_next_domain+0x13d2/0x1f80
[ 57.355907][ T3641] tomoyo_bprm_check_security+0x125/0x1b0
[ 57.361617][ T3641] security_bprm_check+0x49/0xb0
[ 57.366543][ T3641] bprm_execve+0x732/0x19f0
[ 57.371031][ T3641] do_execveat_common+0x724/0x890
[ 57.376049][ T3641] __x64_sys_execve+0x93/0xc0
[ 57.380715][ T3641]
[ 57.383029][ T3641] Memory state around the buggy address:
[ 57.388669][ T3641] ffff888022b35100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.396722][ T3641] ffff888022b35180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.404764][ T3641] >ffff888022b35200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.412805][ T3641] ^
[ 57.417631][ T3641] ffff888022b35280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.425761][ T3641] ffff888022b35300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.433799][ T3641] ==================================================================
[ 57.442137][ T3641] Kernel panic - not syncing: panic_on_warn set ...
[ 57.448736][ T3641] CPU: 1 PID: 3641 Comm: syz-executor112 Not tainted 6.1.0-rc7-syzkaller-01810-gc9f8d73645b6 #0
[ 57.459145][ T3641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 57.469192][ T3641] Call Trace:
[ 57.472465][ T3641]
[ 57.475389][ T3641] dump_stack_lvl+0xd1/0x138
[ 57.479983][ T3641] panic+0x2cc/0x626
[ 57.483884][ T3641] ? panic_print_sys_info.part.0+0x110/0x110
[ 57.489874][ T3641] ? preempt_schedule_common+0x59/0xc0
[ 57.495341][ T3641] ? preempt_schedule_thunk+0x1a/0x1c
[ 57.500732][ T3641] end_report.part.0+0x3f/0x7c
[ 57.505490][ T3641] ? rxrpc_lookup_local+0xdcf/0xfb0
[ 57.510696][ T3641] kasan_report.cold+0xa/0xf
[ 57.515284][ T3641] ? rxrpc_lookup_local+0xdcf/0xfb0
[ 57.520500][ T3641] rxrpc_lookup_local+0xdcf/0xfb0
[ 57.525538][ T3641] rxrpc_bind+0x35e/0x5c0
[ 57.529863][ T3641] __sys_bind+0x1ed/0x260
[ 57.534188][ T3641] ? __ia32_sys_socketpair+0x100/0x100
[ 57.539651][ T3641] ? _raw_spin_unlock_irq+0x23/0x50
[ 57.544847][ T3641] ? lockdep_hardirqs_on+0x7d/0x100
[ 57.550053][ T3641] ? _raw_spin_unlock_irq+0x2e/0x50
[ 57.555249][ T3641] __x64_sys_bind+0x73/0xb0
[ 57.559754][ T3641] do_syscall_64+0x39/0xb0
[ 57.564172][ T3641] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.570066][ T3641] RIP: 0033:0x7f9f1c5edd39
[ 57.574476][ T3641] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.594087][ T3641] RSP: 002b:00007ffdd21e4598 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 57.602498][ T3641] RAX: ffffffffffffffda RBX: 000000000000dd76 RCX: 00007f9f1c5edd39
[ 57.610471][ T3641] RDX: 0000000000000024 RSI: 0000000020000040 RDI: 0000000000000003
[ 57.618435][ T3641] RBP: 0000000000000000 R08: 00007ffdd21e4738 R09: 00007ffdd21e4738
[ 57.626399][ T3641] R10: 00007ffdd21e4010 R11: 0000000000000246 R12: 00007ffdd21e45ac
[ 57.634363][ T3641] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 57.642348][ T3641]
[ 57.645530][ T3641] Kernel Offset: disabled
[ 57.649851][ T3641] Rebooting in 86400 seconds..