[ 24.031526][ T3176] 8021q: adding VLAN 0 to HW filter on device bond0
[ 24.048382][ T3176] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
syzkaller login: [ 33.455047][ T27] kauditd_printk_skb: 37 callbacks suppressed
[ 33.455075][ T27] audit: type=1400 audit(1648661278.249:73): avc: denied { transition } for pid=3390 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 33.486692][ T27] audit: type=1400 audit(1648661278.259:74): avc: denied { write } for pid=3390 comm="sh" path="pipe:[27935]" dev="pipefs" ino=27935 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts.
[ 76.166868][ T27] audit: type=1400 audit(1648661320.969:75): avc: denied { execmem } for pid=3597 comm="syz-executor200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 76.186425][ T27] audit: type=1400 audit(1648661320.969:76): avc: denied { create } for pid=3597 comm="syz-executor200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 76.210291][ T27] audit: type=1400 audit(1648661320.969:77): avc: denied { write } for pid=3597 comm="syz-executor200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 76.231298][ T27] audit: type=1400 audit(1648661320.969:78): avc: denied { read } for pid=3597 comm="syz-executor200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 76.252324][ T14] cfg80211: failed to load regulatory.db
[ 76.269838][ T3599] chnl_net:caif_netlink_parms(): no params data found
[ 76.278914][ T27] audit: type=1400 audit(1648661320.999:79): avc: denied { mounton } for pid=3599 comm="syz-executor200" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 76.304973][ T27] audit: type=1400 audit(1648661320.999:80): avc: denied { mount } for pid=3599 comm="syz-executor200" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 76.331351][ T27] audit: type=1400 audit(1648661320.999:81): avc: denied { mounton } for pid=3599 comm="syz-executor200" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 76.402776][ T3599] bridge0: port 1(bridge_slave_0) entered blocking state
[ 76.410160][ T3599] bridge0: port 1(bridge_slave_0) entered disabled state
[ 76.417860][ T3599] device bridge_slave_0 entered promiscuous mode
[ 76.425401][ T3599] bridge0: port 2(bridge_slave_1) entered blocking state
[ 76.432535][ T3599] bridge0: port 2(bridge_slave_1) entered disabled state
[ 76.440142][ T3599] device bridge_slave_1 entered promiscuous mode
[ 76.456091][ T3599] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 76.466757][ T3599] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 76.485345][ T3599] team0: Port device team_slave_0 added
[ 76.492547][ T3599] team0: Port device team_slave_1 added
[ 76.507171][ T3599] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 76.514127][ T3599] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 76.540113][ T3599] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 76.551652][ T3599] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 76.558693][ T3599] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 76.584617][ T3599] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 76.607234][ T3599] device hsr_slave_0 entered promiscuous mode
[ 76.613724][ T3599] device hsr_slave_1 entered promiscuous mode
[ 76.673273][ T3599] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 76.682064][ T3599] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 76.690551][ T3599] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 76.699667][ T3599] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 76.715592][ T3599] bridge0: port 2(bridge_slave_1) entered blocking state
[ 76.722669][ T3599] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 76.729976][ T3599] bridge0: port 1(bridge_slave_0) entered blocking state
[ 76.737121][ T3599] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 76.770533][ T3599] 8021q: adding VLAN 0 to HW filter on device bond0
[ 76.780602][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 76.788726][ T14] bridge0: port 1(bridge_slave_0) entered disabled state
[ 76.796309][ T14] bridge0: port 2(bridge_slave_1) entered disabled state
[ 76.804226][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 76.814631][ T3599] 8021q: adding VLAN 0 to HW filter on device team0
[ 76.824117][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 76.832982][ T14] bridge0: port 1(bridge_slave_0) entered blocking state
[ 76.840061][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 76.858563][ T141] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 76.867144][ T141] bridge0: port 2(bridge_slave_1) entered blocking state
[ 76.874190][ T141] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 76.882319][ T141] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 76.890894][ T141] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 76.903785][ T3599] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 76.914903][ T3599] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 76.927722][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 76.935386][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 76.944025][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 76.953360][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 76.968908][ T3599] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 76.976876][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 76.984246][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 76.993325][ T27] audit: type=1400 audit(1648661321.789:82): avc: denied { module_request } for pid=3599 comm="syz-executor200" kmod="netdev-xfrm0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 77.016663][ T27] audit: type=1400 audit(1648661321.809:83): avc: denied { sys_module } for pid=3599 comm="syz-executor200" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 77.075859][ T3599] device veth0_vlan entered promiscuous mode
[ 77.082880][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 77.092335][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 77.101014][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 77.108806][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 77.119316][ T3599] device veth1_vlan entered promiscuous mode
[ 77.127536][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 77.142458][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 77.150478][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 77.160821][ T3599] device veth0_macvtap entered promiscuous mode
[ 77.170168][ T3599] device veth1_macvtap entered promiscuous mode
[ 77.182684][ T3599] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 77.190533][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 77.199845][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 77.211218][ T3599] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 77.218716][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[ 77.229231][ T3599] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.238755][ T3599] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.247896][ T3599] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.256798][ T3599] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.279645][ T27] audit: type=1400 audit(1648661322.079:84): avc: denied { mounton } for pid=3599 comm="syz-executor200" path="/dev/binderfs" dev="devtmpfs" ino=2313 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 77.281321][ T3599] ==================================================================
[ 77.310829][ T3599] BUG: KASAN: use-after-free in vxlan_vnifilter_dump_dev+0x9a0/0xb40
[ 77.318884][ T3599] Read of size 4 at addr ffff88807eb9ce70 by task syz-executor200/3599
[ 77.327114][ T3599]
[ 77.329430][ T3599] CPU: 0 PID: 3599 Comm: syz-executor200 Tainted: G W 5.17.0-syzkaller-13034-gd888c83fcec7 #0
[ 77.340944][ T3599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 77.350981][ T3599] Call Trace:
[ 77.354249][ T3599]
[ 77.357165][ T3599] dump_stack_lvl+0xcd/0x134
[ 77.361837][ T3599] print_address_description.constprop.0.cold+0xeb/0x467
[ 77.368856][ T3599] ? vxlan_vnifilter_dump_dev+0x9a0/0xb40
[ 77.374564][ T3599] kasan_report.cold+0xf4/0x1c6
[ 77.379403][ T3599] ? vxlan_vnifilter_dump_dev+0x9a0/0xb40
[ 77.385107][ T3599] vxlan_vnifilter_dump_dev+0x9a0/0xb40
[ 77.390652][ T3599] ? rcu_read_lock_sched_held+0xd/0x70
[ 77.396101][ T3599] vxlan_vnifilter_dump+0x3ff/0x650
[ 77.401285][ T3599] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 77.407518][ T3599] netlink_dump+0x4b5/0xb70
[ 77.412016][ T3599] ? netlink_deliver_tap+0xc40/0xc40
[ 77.417302][ T3599] ? lock_downgrade+0x6e0/0x6e0
[ 77.422141][ T3599] __netlink_dump_start+0x647/0x900
[ 77.427331][ T3599] rtnetlink_rcv_msg+0x70c/0xb80
[ 77.432352][ T3599] ? vxlan_vnifilter_process+0x5b0/0x5b0
[ 77.437973][ T3599] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 77.442813][ T3599] ? netdev_core_pick_tx+0x2e0/0x2e0
[ 77.448096][ T3599] ? kasan_save_stack+0x2e/0x40
[ 77.452940][ T3599] ? vxlan_vnifilter_process+0x5b0/0x5b0
[ 77.458558][ T3599] ? ref_tracker_dir_exit+0x3e0/0x3e0
[ 77.463921][ T3599] ? lock_acquire+0x442/0x510
[ 77.468590][ T3599] netlink_rcv_skb+0x153/0x420
[ 77.473351][ T3599] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 77.478108][ T3599] ? netlink_ack+0xa80/0xa80
[ 77.482689][ T3599] ? netlink_deliver_tap+0x1a2/0xc40
[ 77.487968][ T3599] ? netlink_deliver_tap+0x1b1/0xc40
[ 77.493242][ T3599] netlink_unicast+0x543/0x7f0
[ 77.497995][ T3599] ? netlink_attachskb+0x880/0x880
[ 77.503097][ T3599] netlink_sendmsg+0x904/0xe00
[ 77.507852][ T3599] ? netlink_unicast+0x7f0/0x7f0
[ 77.512787][ T3599] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 77.519021][ T3599] ? netlink_unicast+0x7f0/0x7f0
[ 77.523950][ T3599] sock_sendmsg+0xcf/0x120
[ 77.528365][ T3599] ____sys_sendmsg+0x6e2/0x800
[ 77.533120][ T3599] ? kernel_sendmsg+0x50/0x50
[ 77.537785][ T3599] ? do_recvmmsg+0x6d0/0x6d0
[ 77.542371][ T3599] ? rcu_read_lock_sched_held+0xd/0x70
[ 77.547819][ T3599] ? lock_release+0x522/0x720
[ 77.552487][ T3599] ? lock_downgrade+0x6e0/0x6e0
[ 77.557328][ T3599] ? lock_release+0x522/0x720
[ 77.561998][ T3599] ? lock_release+0x720/0x720
[ 77.566664][ T3599] ? kmem_cache_alloc+0x45/0x560
[ 77.571594][ T3599] ? lock_downgrade+0x6e0/0x6e0
[ 77.576431][ T3599] ___sys_sendmsg+0xf3/0x170
[ 77.581009][ T3599] ? sendmsg_copy_msghdr+0x160/0x160
[ 77.586281][ T3599] ? lockdep_init_map_type+0x21a/0x7f0
[ 77.591732][ T3599] ? __raw_spin_lock_init+0x36/0x110
[ 77.597006][ T3599] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 77.603237][ T3599] ? percpu_counter_add_batch+0xbd/0x180
[ 77.608863][ T3599] ? alloc_empty_file+0xd7/0x170
[ 77.613795][ T3599] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 77.620027][ T3599] ? errseq_sample+0x56/0x70
[ 77.624604][ T3599] ? rcu_read_lock_sched_held+0xd/0x70
[ 77.630051][ T3599] ? lock_acquire+0x442/0x510
[ 77.634715][ T3599] ? rcu_read_lock_sched_held+0xd/0x70
[ 77.640162][ T3599] ? lock_release+0x522/0x720
[ 77.644837][ T3599] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 77.651073][ T3599] ? fd_install+0x1c7/0x640
[ 77.655563][ T3599] ? lock_downgrade+0x6e0/0x6e0
[ 77.660404][ T3599] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 77.666633][ T3599] ? __fget_light+0x20f/0x270
[ 77.671296][ T3599] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 77.677530][ T3599] __sys_sendmsg+0xe5/0x1b0
[ 77.682026][ T3599] ? __sys_sendmsg_sock+0x30/0x30
[ 77.687043][ T3599] ? syscall_enter_from_user_mode+0x21/0x70
[ 77.692930][ T3599] ? trace_hardirqs_on+0x5b/0x1c0
[ 77.697951][ T3599] do_syscall_64+0x35/0x80
[ 77.702359][ T3599] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 77.708247][ T3599] RIP: 0033:0x7efd69b6e779
[ 77.712649][ T3599] Code: 46 01 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 77.732243][ T3599] RSP: 002b:00007ffc4d9e4648 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 77.740647][ T3599] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007efd69b6e779
[ 77.748606][ T3599] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000004
[ 77.756567][ T3599] RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000001
[ 77.764527][ T3599] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc4d9e46a0
[ 77.772488][ T3599] R13: 0000000000000003 R14: 00007ffc4d9e4680 R15: 0000000000000001
[ 77.780447][ T3599]
[ 77.783451][ T3599]
[ 77.785775][ T3599] Allocated by task 3328:
[ 77.790081][ T3599] kasan_save_stack+0x1e/0x40
[ 77.794753][ T3599] __kasan_slab_alloc+0x85/0xb0
[ 77.799594][ T3599] kmem_cache_alloc+0x265/0x560
[ 77.804432][ T3599] getname_flags.part.0+0x50/0x4f0
[ 77.809533][ T3599] getname_flags+0x9a/0xe0
[ 77.814027][ T3599] vfs_fstatat+0x73/0xb0
[ 77.818270][ T3599] __do_sys_newfstatat+0x91/0x110
[ 77.823289][ T3599] do_syscall_64+0x35/0x80
[ 77.828045][ T3599] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 77.833941][ T3599]
[ 77.836265][ T3599] Freed by task 3328:
[ 77.840225][ T3599] kasan_save_stack+0x1e/0x40
[ 77.844995][ T3599] kasan_set_track+0x21/0x30
[ 77.849577][ T3599] kasan_set_free_info+0x20/0x30
[ 77.854505][ T3599] ____kasan_slab_free+0x13d/0x180
[ 77.859611][ T3599] kmem_cache_free.part.0+0xa9/0x240
[ 77.864886][ T3599] putname+0xfe/0x140
[ 77.868859][ T3599] vfs_fstatat+0x97/0xb0
[ 77.873102][ T3599] __do_sys_newfstatat+0x91/0x110
[ 77.878126][ T3599] do_syscall_64+0x35/0x80
[ 77.882539][ T3599] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 77.888438][ T3599]
[ 77.890759][ T3599] The buggy address belongs to the object at ffff88807eb9cc00
[ 77.890759][ T3599] which belongs to the cache names_cache of size 4096
[ 77.904890][ T3599] The buggy address is located 624 bytes inside of
[ 77.904890][ T3599] 4096-byte region [ffff88807eb9cc00, ffff88807eb9dc00)
[ 77.918239][ T3599]
[ 77.920545][ T3599] The buggy address belongs to the physical page:
[ 77.926935][ T3599] page:ffffea0001fae700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7eb9c
[ 77.937071][ T3599] head:ffffea0001fae700 order:1 compound_mapcount:0 compound_pincount:0
[ 77.945393][ T3599] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 77.953369][ T3599] raw: 00fff00000010200 ffffea0001f87208 ffffea0001fae888 ffff8881400a3000
[ 77.961939][ T3599] raw: 0000000000000000 ffff88807eb9cc00 0000000100000001 0000000000000000
[ 77.970514][ T3599] page dumped because: kasan: bad access detected
[ 77.976908][ T3599] page_owner tracks the page as allocated
[ 77.982599][ T3599] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 3328, tgid 3328 (dhcpcd-run-hook), ts 24926066536, free_ts 24925069594
[ 78.003167][ T3599] get_page_from_freelist+0xba2/0x3df0
[ 78.008617][ T3599] __alloc_pages+0x1b2/0x500
[ 78.013193][ T3599] cache_grow_begin+0x75/0x350
[ 78.017944][ T3599] cache_alloc_refill+0x27f/0x380
[ 78.022971][ T3599] kmem_cache_alloc+0x450/0x560
[ 78.027809][ T3599] getname_flags.part.0+0x50/0x4f0
[ 78.032915][ T3599] getname_flags+0x9a/0xe0
[ 78.037351][ T3599] vfs_fstatat+0x73/0xb0
[ 78.041584][ T3599] __do_sys_newfstatat+0x91/0x110
[ 78.046593][ T3599] do_syscall_64+0x35/0x80
[ 78.051005][ T3599] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 78.056890][ T3599] page last free stack trace:
[ 78.061544][ T3599] free_pcp_prepare+0x549/0xd20
[ 78.066394][ T3599] free_unref_page+0x19/0x690
[ 78.071058][ T3599] slabs_destroy+0x89/0xc0
[ 78.075496][ T3599] ___cache_free+0x34e/0x670
[ 78.080083][ T3599] qlist_free_all+0x4f/0x1b0
[ 78.084662][ T3599] kasan_quarantine_reduce+0x180/0x200
[ 78.090105][ T3599] __kasan_slab_alloc+0x97/0xb0
[ 78.094942][ T3599] kmem_cache_alloc+0x265/0x560
[ 78.099795][ T3599] getname_flags.part.0+0x50/0x4f0
[ 78.104903][ T3599] getname_flags+0x9a/0xe0
[ 78.109330][ T3599] vfs_fstatat+0x73/0xb0
[ 78.113564][ T3599] __do_sys_newfstatat+0x91/0x110
[ 78.118574][ T3599] do_syscall_64+0x35/0x80
[ 78.122976][ T3599] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 78.128863][ T3599]
[ 78.131167][ T3599] Memory state around the buggy address:
[ 78.136778][ T3599] ffff88807eb9cd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.144831][ T3599] ffff88807eb9cd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.152876][ T3599] >ffff88807eb9ce00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.160916][ T3599] ^
[ 78.168614][ T3599] ffff88807eb9ce80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.176659][ T3599] ffff88807eb9cf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.184698][ T3599] ==================================================================
[ 78.196206][ T3599] Kernel panic - not syncing: panic_on_warn set ...
[ 78.202807][ T3599] CPU: 1 PID: 3599 Comm: syz-executor200 Tainted: G W 5.17.0-syzkaller-13034-gd888c83fcec7 #0
[ 78.214335][ T3599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 78.224374][ T3599] Call Trace:
[ 78.227769][ T3599]
[ 78.230696][ T3599] dump_stack_lvl+0xcd/0x134
[ 78.235284][ T3599] panic+0x2d7/0x636
[ 78.239182][ T3599] ? panic_print_sys_info.part.0+0x10b/0x10b
[ 78.245160][ T3599] ? preempt_schedule_common+0x59/0xc0
[ 78.250611][ T3599] ? vxlan_vnifilter_dump_dev+0x9a0/0xb40
[ 78.256320][ T3599] ? preempt_schedule_thunk+0x16/0x18
[ 78.261684][ T3599] ? trace_hardirqs_on+0x38/0x1c0
[ 78.266700][ T3599] ? trace_hardirqs_on+0x51/0x1c0
[ 78.271737][ T3599] ? vxlan_vnifilter_dump_dev+0x9a0/0xb40
[ 78.277448][ T3599] end_report.part.0+0x3f/0x7c
[ 78.282211][ T3599] kasan_report.cold+0x93/0x1c6
[ 78.287051][ T3599] ? vxlan_vnifilter_dump_dev+0x9a0/0xb40
[ 78.292756][ T3599] vxlan_vnifilter_dump_dev+0x9a0/0xb40
[ 78.298291][ T3599] ? rcu_read_lock_sched_held+0xd/0x70
[ 78.303753][ T3599] vxlan_vnifilter_dump+0x3ff/0x650
[ 78.308952][ T3599] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 78.315186][ T3599] netlink_dump+0x4b5/0xb70
[ 78.319696][ T3599] ? netlink_deliver_tap+0xc40/0xc40
[ 78.324974][ T3599] ? lock_downgrade+0x6e0/0x6e0
[ 78.329825][ T3599] __netlink_dump_start+0x647/0x900
[ 78.335016][ T3599] rtnetlink_rcv_msg+0x70c/0xb80
[ 78.339950][ T3599] ? vxlan_vnifilter_process+0x5b0/0x5b0
[ 78.345572][ T3599] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 78.350340][ T3599] ? netdev_core_pick_tx+0x2e0/0x2e0
[ 78.355619][ T3599] ? kasan_save_stack+0x2e/0x40
[ 78.360463][ T3599] ? vxlan_vnifilter_process+0x5b0/0x5b0
[ 78.366081][ T3599] ? ref_tracker_dir_exit+0x3e0/0x3e0
[ 78.371446][ T3599] ? lock_acquire+0x442/0x510
[ 78.376116][ T3599] netlink_rcv_skb+0x153/0x420
[ 78.380872][ T3599] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 78.385626][ T3599] ? netlink_ack+0xa80/0xa80
[ 78.390208][ T3599] ? netlink_deliver_tap+0x1a2/0xc40
[ 78.395483][ T3599] ? netlink_deliver_tap+0x1b1/0xc40
[ 78.400760][ T3599] netlink_unicast+0x543/0x7f0
[ 78.405520][ T3599] ? netlink_attachskb+0x880/0x880
[ 78.410625][ T3599] netlink_sendmsg+0x904/0xe00
[ 78.415397][ T3599] ? netlink_unicast+0x7f0/0x7f0
[ 78.420328][ T3599] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 78.426561][ T3599] ? netlink_unicast+0x7f0/0x7f0
[ 78.431497][ T3599] sock_sendmsg+0xcf/0x120
[ 78.435903][ T3599] ____sys_sendmsg+0x6e2/0x800
[ 78.440659][ T3599] ? kernel_sendmsg+0x50/0x50
[ 78.445355][ T3599] ? do_recvmmsg+0x6d0/0x6d0
[ 78.449932][ T3599] ? rcu_read_lock_sched_held+0xd/0x70
[ 78.455383][ T3599] ? lock_release+0x522/0x720
[ 78.460064][ T3599] ? lock_downgrade+0x6e0/0x6e0
[ 78.464915][ T3599] ? lock_release+0x522/0x720
[ 78.469580][ T3599] ? lock_release+0x720/0x720
[ 78.474255][ T3599] ? kmem_cache_alloc+0x45/0x560
[ 78.479183][ T3599] ? lock_downgrade+0x6e0/0x6e0
[ 78.484023][ T3599] ___sys_sendmsg+0xf3/0x170
[ 78.488773][ T3599] ? sendmsg_copy_msghdr+0x160/0x160
[ 78.494044][ T3599] ? lockdep_init_map_type+0x21a/0x7f0
[ 78.499500][ T3599] ? __raw_spin_lock_init+0x36/0x110
[ 78.504788][ T3599] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 78.511022][ T3599] ? percpu_counter_add_batch+0xbd/0x180
[ 78.516648][ T3599] ? alloc_empty_file+0xd7/0x170
[ 78.521589][ T3599] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 78.527827][ T3599] ? errseq_sample+0x56/0x70
[ 78.532404][ T3599] ? rcu_read_lock_sched_held+0xd/0x70
[ 78.537854][ T3599] ? lock_acquire+0x442/0x510
[ 78.542531][ T3599] ? rcu_read_lock_sched_held+0xd/0x70
[ 78.547976][ T3599] ? lock_release+0x522/0x720
[ 78.552642][ T3599] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 78.558878][ T3599] ? fd_install+0x1c7/0x640
[ 78.563368][ T3599] ? lock_downgrade+0x6e0/0x6e0
[ 78.568222][ T3599] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 78.574464][ T3599] ? __fget_light+0x20f/0x270
[ 78.579127][ T3599] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 78.585358][ T3599] __sys_sendmsg+0xe5/0x1b0
[ 78.589849][ T3599] ? __sys_sendmsg_sock+0x30/0x30
[ 78.594861][ T3599] ? syscall_enter_from_user_mode+0x21/0x70
[ 78.600747][ T3599] ? trace_hardirqs_on+0x5b/0x1c0
[ 78.605763][ T3599] do_syscall_64+0x35/0x80
[ 78.610169][ T3599] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 78.616054][ T3599] RIP: 0033:0x7efd69b6e779
[ 78.620457][ T3599] Code: 46 01 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 78.640049][ T3599] RSP: 002b:00007ffc4d9e4648 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 78.648450][ T3599] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007efd69b6e779
[ 78.656493][ T3599] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000004
[ 78.664454][ T3599] RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000001
[ 78.672407][ T3599] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc4d9e46a0
[ 78.680366][ T3599] R13: 0000000000000003 R14: 00007ffc4d9e4680 R15: 0000000000000001
[ 78.688327][ T3599]
[ 78.691391][ T3599] Kernel Offset: disabled
[ 78.695698][ T3599] Rebooting in 86400 seconds..