./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3406532710 <...> forked to background, child pid 4878 no interfaces have a carrier [ 34.444469][ T4879] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.455712][ T4879] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.143' (ECDSA) to the list of known hosts. execve("./syz-executor3406532710", ["./syz-executor3406532710"], 0x7fff000a2540 /* 10 vars */) = 0 brk(NULL) = 0x555555814000 brk(0x555555814c40) = 0x555555814c40 arch_prctl(ARCH_SET_FS, 0x555555814300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3406532710", 4096) = 28 brk(0x555555835c40) = 0x555555835c40 brk(0x555555836000) = 0x555555836000 mprotect(0x7f0656eea000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5310 attached , child_tidptr=0x5555558145d0) = 5310 [pid 5310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5310] setpgid(0, 0) = 0 [pid 5310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5310] write(3, "1000", 4) = 4 [pid 5310] close(3) = 0 [pid 5310] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5310] bind(3, {sa_family=AF_RXRPC, srx_service=0 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=28, transport={sin6={sin6_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}}}, 36) = 0 [pid 5310] exit_group(0) = ? [pid 5310] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5310, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5312 attached , child_tidptr=0x5555558145d0) = 5312 [pid 5312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5312] setpgid(0, 0) = 0 [pid 5312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5312] write(3, "1000", 4) = 4 [pid 5312] close(3) = 0 [pid 5312] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5312] bind(3, {sa_family=AF_RXRPC, srx_service=0 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=28, transport={sin6={sin6_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}}}, 36) = 0 [pid 5312] exit_group(0) = ? [pid 5312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5312, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5314 attached , child_tidptr=0x5555558145d0) = 5314 [pid 5314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5314] setpgid(0, 0) = 0 [pid 5314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5314] write(3, "1000", 4) = 4 [pid 5314] close(3) = 0 [pid 5314] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5314] bind(3, {sa_family=AF_RXRPC, srx_service=0 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=28, transport={sin6={sin6_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}}}, 36) = 0 [pid 5314] exit_group(0) = ? [pid 5314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5314, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5316 attached [pid 5316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5316] setpgid(0, 0) = 0 [pid 5316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5309] <... clone resumed>, child_tidptr=0x5555558145d0) = 5316 [pid 5316] write(3, "1000", 4) = 4 [pid 5316] close(3) = 0 [pid 5316] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5316] bind(3, {sa_family=AF_RXRPC, srx_service=0 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=28, transport={sin6={sin6_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}}}, 36) = 0 [pid 5316] exit_group(0) = ? [pid 5316] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5316, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5318 attached [pid 5318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5318] setpgid(0, 0) = 0 [pid 5318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5318] write(3, "1000", 4) = 4 [pid 5318] close(3) = 0 [pid 5318] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5318] bind(3, {sa_family=AF_RXRPC, srx_service=0 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=28, transport={sin6={sin6_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}}}, 36 [pid 5309] <... clone resumed>, child_tidptr=0x5555558145d0) = 5318 [pid 5318] <... bind resumed>) = -1 EADDRINUSE (Address already in use) [pid 5318] exit_group(0) = ? [pid 5318] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5318, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558145d0) = 5319 ./strace-static-x86_64: Process 5319 attached [pid 5319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5319] setpgid(0, 0) = 0 [pid 5319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5319] write(3, "1000", 4) = 4 [pid 5319] close(3) = 0 [pid 5319] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5319] bind(3, {sa_family=AF_RXRPC, srx_service=0 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=28, transport={sin6={sin6_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}}}, 36) = -1 EADDRINUSE (Address already in use) [pid 5319] exit_group(0) = ? [pid 5319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5319, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558145d0) = 5320 ./strace-static-x86_64: Process 5320 attached [pid 5320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5320] setpgid(0, 0) = 0 [pid 5320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5320] write(3, "1000", 4) = 4 [pid 5320] close(3) = 0 [pid 5320] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5320] bind(3, {sa_family=AF_RXRPC, srx_service=0 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=28, transport={sin6={sin6_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}}}, 36) = -1 EADDRINUSE (Address already in use) [pid 5320] exit_group(0) = ? [pid 5320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5320, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5321 attached , child_tidptr=0x5555558145d0) = 5321 [pid 5321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5321] setpgid(0, 0) = 0 [pid 5321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5321] write(3, "1000", 4) = 4 [pid 5321] close(3) = 0 [pid 5321] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5321] bind(3, {sa_family=AF_RXRPC, srx_service=0 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=28, transport={sin6={sin6_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}}}, 36) = -1 EADDRINUSE (Address already in use) [pid 5321] exit_group(0) = ? [pid 5321] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5321, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5322 attached , child_tidptr=0x5555558145d0) = 5322 [pid 5322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5322] setpgid(0, 0) = 0 [pid 5322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5322] write(3, "1000", 4) = 4 [pid 5322] close(3) = 0 [pid 5322] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 syzkaller login: [ 53.718782][ T5322] ================================================================== [ 53.726976][ T5322] BUG: KASAN: use-after-free in rxrpc_lookup_local+0xdcf/0xfb0 [ 53.734540][ T5322] Read of size 2 at addr ffff88802b75c21c by task syz-executor340/5322 [ 53.742787][ T5322] [ 53.745117][ T5322] CPU: 0 PID: 5322 Comm: syz-executor340 Not tainted 6.1.0-syzkaller-09671-g89529367293c #0 [ 53.755354][ T5322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 53.765407][ T5322] Call Trace: [ 53.768764][ T5322] [ 53.771696][ T5322] dump_stack_lvl+0xd1/0x138 [ 53.776294][ T5322] print_report+0x15e/0x45d [ 53.780833][ T5322] ? __phys_addr+0xc8/0x140 [ 53.785358][ T5322] ? rxrpc_lookup_local+0xdcf/0xfb0 [ 53.790651][ T5322] kasan_report+0xbf/0x1f0 [ 53.795092][ T5322] ? rxrpc_lookup_local+0xdcf/0xfb0 [ 53.800305][ T5322] rxrpc_lookup_local+0xdcf/0xfb0 [ 53.805350][ T5322] rxrpc_bind+0x35e/0x5c0 [ 53.809691][ T5322] __sys_bind+0x1ed/0x260 [ 53.814026][ T5322] ? __ia32_sys_socketpair+0x100/0x100 [ 53.819509][ T5322] ? _raw_spin_unlock_irq+0x23/0x50 [ 53.824710][ T5322] ? lockdep_hardirqs_on+0x7d/0x100 [ 53.829918][ T5322] ? _raw_spin_unlock_irq+0x2e/0x50 [ 53.835116][ T5322] __x64_sys_bind+0x73/0xb0 [ 53.839712][ T5322] do_syscall_64+0x39/0xb0 [ 53.844132][ T5322] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.850032][ T5322] RIP: 0033:0x7f0656e7dd59 [ 53.854446][ T5322] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 53.874228][ T5322] RSP: 002b:00007fff732f3cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 53.882639][ T5322] RAX: ffffffffffffffda RBX: 000000000000d194 RCX: 00007f0656e7dd59 [ 53.890608][ T5322] RDX: 0000000000000024 RSI: 0000000020000080 RDI: 0000000000000003 [ 53.898572][ T5322] RBP: 0000000000000000 R08: 00007fff732f3e68 R09: 00007fff732f3e68 [ 53.906539][ T5322] R10: 00007fff732f3740 R11: 0000000000000246 R12: 00007fff732f3cdc [ 53.914516][ T5322] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 53.922490][ T5322] [ 53.925588][ T5322] [ 53.927910][ T5322] Allocated by task 5316: [ 53.932260][ T5322] kasan_save_stack+0x22/0x40 [ 53.936939][ T5322] kasan_set_track+0x25/0x30 [ 53.941527][ T5322] __kasan_kmalloc+0xa5/0xb0 [ 53.946115][ T5322] rxrpc_lookup_local+0x4d9/0xfb0 [ 53.951139][ T5322] rxrpc_bind+0x35e/0x5c0 [ 53.955469][ T5322] __sys_bind+0x1ed/0x260 [ 53.959805][ T5322] __x64_sys_bind+0x73/0xb0 [ 53.966998][ T5322] do_syscall_64+0x39/0xb0 [ 53.971424][ T5322] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.977320][ T5322] [ 53.979637][ T5322] Freed by task 5304: [ 53.983608][ T5322] kasan_save_stack+0x22/0x40 [ 53.988281][ T5322] kasan_set_track+0x25/0x30 [ 53.992871][ T5322] kasan_save_free_info+0x2e/0x40 [ 53.997907][ T5322] ____kasan_slab_free+0x160/0x1c0 [ 54.003014][ T5322] slab_free_freelist_hook+0x8b/0x1c0 [ 54.008406][ T5322] __kmem_cache_free+0xaf/0x3b0 [ 54.013268][ T5322] rcu_core+0x81f/0x1980 [ 54.017514][ T5322] __do_softirq+0x1fb/0xadc [ 54.022039][ T5322] [ 54.024356][ T5322] Last potentially related work creation: [ 54.030058][ T5322] kasan_save_stack+0x22/0x40 [ 54.034733][ T5322] __kasan_record_aux_stack+0xbc/0xd0 [ 54.040107][ T5322] __call_rcu_common.constprop.0+0x99/0x820 [ 54.046006][ T5322] rxrpc_put_local.part.0+0x128/0x170 [ 54.051376][ T5322] rxrpc_put_local+0x25/0x30 [ 54.055961][ T5322] rxrpc_release+0x237/0x550 [ 54.062029][ T5322] __sock_release+0xcd/0x280 [ 54.066618][ T5322] sock_close+0x1c/0x20 [ 54.070774][ T5322] __fput+0x27c/0xa90 [ 54.074846][ T5322] task_work_run+0x16f/0x270 [ 54.079475][ T5322] do_exit+0xb3d/0x2a30 [ 54.083723][ T5322] do_group_exit+0xd4/0x2a0 [ 54.088230][ T5322] __x64_sys_exit_group+0x3e/0x50 [ 54.093260][ T5322] do_syscall_64+0x39/0xb0 [ 54.097679][ T5322] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.103573][ T5322] [ 54.105889][ T5322] The buggy address belongs to the object at ffff88802b75c000 [ 54.105889][ T5322] which belongs to the cache kmalloc-1k of size 1024 [ 54.120118][ T5322] The buggy address is located 540 bytes inside of [ 54.120118][ T5322] 1024-byte region [ffff88802b75c000, ffff88802b75c400) [ 54.133473][ T5322] [ 54.135824][ T5322] The buggy address belongs to the physical page: [ 54.142315][ T5322] page:ffffea0000add600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b758 [ 54.152476][ T5322] head:ffffea0000add600 order:3 compound_mapcount:0 compound_pincount:0 [ 54.160880][ T5322] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 54.168861][ T5322] raw: 00fff00000010200 ffff888012441dc0 dead000000000122 0000000000000000 [ 54.177452][ T5322] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 54.186112][ T5322] page dumped because: kasan: bad access detected [ 54.192691][ T5322] page_owner tracks the page as allocated [ 54.198503][ T5322] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5304, tgid 5304 (sshd), ts 53630326968, free_ts 53554685607 [ 54.219344][ T5322] get_page_from_freelist+0x10b5/0x2d50 [ 54.224895][ T5322] __alloc_pages+0x1cb/0x5b0 [ 54.229761][ T5322] alloc_pages+0x1aa/0x270 [ 54.234188][ T5322] allocate_slab+0x25f/0x350 [ 54.238800][ T5322] ___slab_alloc+0xa91/0x1400 [ 54.243842][ T5322] __slab_alloc.constprop.0+0x56/0xa0 [ 54.249225][ T5322] __kmem_cache_alloc_node+0x1a4/0x430 [ 54.254873][ T5322] __kmalloc_node_track_caller+0x4b/0xc0 [ 54.260510][ T5322] __alloc_skb+0xe9/0x310 [ 54.264869][ T5322] tcp_stream_alloc_skb+0x3c/0x580 [ 54.269992][ T5322] tcp_sendmsg_locked+0xc4c/0x2960 [ 54.275110][ T5322] tcp_sendmsg+0x2f/0x50 [ 54.279360][ T5322] inet_sendmsg+0x9d/0xe0 [ 54.283778][ T5322] sock_sendmsg+0xd3/0x120 [ 54.288199][ T5322] sock_write_iter+0x295/0x3d0 [ 54.292979][ T5322] vfs_write+0x9ed/0xdd0 [ 54.297244][ T5322] page last free stack trace: [ 54.301915][ T5322] free_pcp_prepare+0x65c/0xd90 [ 54.306774][ T5322] free_unref_page+0x1d/0x4d0 [ 54.311452][ T5322] qlist_free_all+0x6a/0x170 [ 54.316060][ T5322] kasan_quarantine_reduce+0x192/0x220 [ 54.321521][ T5322] __kasan_slab_alloc+0x66/0x90 [ 54.326370][ T5322] __kmem_cache_alloc_node+0x1ea/0x430 [ 54.332011][ T5322] __kmalloc+0x4a/0xd0 [ 54.336084][ T5322] tomoyo_supervisor+0xb60/0xf10 [ 54.341034][ T5322] tomoyo_env_perm+0x183/0x200 [ 54.345828][ T5322] tomoyo_find_next_domain+0x13d2/0x1f80 [ 54.351738][ T5322] tomoyo_bprm_check_security+0x133/0x1c0 [ 54.357468][ T5322] security_bprm_check+0x49/0xb0 [ 54.362404][ T5322] bprm_execve+0x732/0x19f0 [ 54.366905][ T5322] do_execveat_common+0x724/0x890 [ 54.371932][ T5322] __x64_sys_execve+0x93/0xc0 [ 54.376606][ T5322] do_syscall_64+0x39/0xb0 [ 54.381030][ T5322] [ 54.383345][ T5322] Memory state around the buggy address: [ 54.388968][ T5322] ffff88802b75c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.397025][ T5322] ffff88802b75c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.405207][ T5322] >ffff88802b75c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.413368][ T5322] ^ [ 54.418225][ T5322] ffff88802b75c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.426294][ T5322] ffff88802b75c300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.434441][ T5322] ================================================================== [ 54.443195][ T5322] Kernel panic - not syncing: panic_on_warn set ... [ 54.449797][ T5322] CPU: 1 PID: 5322 Comm: syz-executor340 Not tainted 6.1.0-syzkaller-09671-g89529367293c #0 [ 54.459879][ T5322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 54.470048][ T5322] Call Trace: [ 54.473414][ T5322] [ 54.476342][ T5322] dump_stack_lvl+0xd1/0x138 [ 54.480947][ T5322] panic+0x2cc/0x626 [ 54.484853][ T5322] ? panic_print_sys_info.part.0+0x110/0x110 [ 54.491012][ T5322] ? preempt_schedule_common+0x59/0xc0 [ 54.496517][ T5322] ? preempt_schedule_thunk+0x1a/0x1c [ 54.501989][ T5322] end_report.part.0+0x3f/0x7c [ 54.506762][ T5322] ? rxrpc_lookup_local+0xdcf/0xfb0 [ 54.511960][ T5322] kasan_report.cold+0xa/0xf [ 54.516560][ T5322] ? rxrpc_lookup_local+0xdcf/0xfb0 [ 54.521761][ T5322] rxrpc_lookup_local+0xdcf/0xfb0 [ 54.526792][ T5322] rxrpc_bind+0x35e/0x5c0 [ 54.531132][ T5322] __sys_bind+0x1ed/0x260 [ 54.535473][ T5322] ? __ia32_sys_socketpair+0x100/0x100 [ 54.540948][ T5322] ? _raw_spin_unlock_irq+0x23/0x50 [ 54.546153][ T5322] ? lockdep_hardirqs_on+0x7d/0x100 [ 54.551357][ T5322] ? _raw_spin_unlock_irq+0x2e/0x50 [ 54.556554][ T5322] __x64_sys_bind+0x73/0xb0 [ 54.561060][ T5322] do_syscall_64+0x39/0xb0 [ 54.565482][ T5322] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.571389][ T5322] RIP: 0033:0x7f0656e7dd59 [ 54.575801][ T5322] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 54.595497][ T5322] RSP: 002b:00007fff732f3cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 54.603963][ T5322] RAX: ffffffffffffffda RBX: 000000000000d194 RCX: 00007f0656e7dd59 [ 54.612018][ T5322] RDX: 0000000000000024 RSI: 0000000020000080 RDI: 0000000000000003 [ 54.619988][ T5322] RBP: 0000000000000000 R08: 00007fff732f3e68 R09: 00007fff732f3e68 [ 54.627976][ T5322] R10: 00007fff732f3740 R11: 0000000000000246 R12: 00007fff732f3cdc [ 54.636033][ T5322] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 54.644184][ T5322] [ 54.647258][ T5322] Kernel Offset: disabled [ 54.651579][ T5322] Rebooting in 86400 seconds..