./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor937803287

<...>
DUID 00:04:e7:a9:54:ba:d6:ca:b0:a9:a8:44:aa:dd:15:41:58:fb
forked to background, child pid 4671
[   50.821789][ T4672] 8021q: adding VLAN 0 to HW filter on device bond0
[   50.843222][ T4672] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.176' (ECDSA) to the list of known hosts.
execve("./syz-executor937803287", ["./syz-executor937803287"], 0x7fff34cac680 /* 10 vars */) = 0
brk(NULL)                               = 0x555556595000
brk(0x555556595c40)                     = 0x555556595c40
arch_prctl(ARCH_SET_FS, 0x555556595300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor937803287", 4096) = 27
brk(0x5555565b6c40)                     = 0x5555565b6c40
brk(0x5555565b7000)                     = 0x5555565b7000
mprotect(0x7f2558508000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
socket(AF_INET6, SOCK_RAW, 0x3f /* IPPROTO_??? */) = 3
syzkaller login: [   80.512136][ T5008] ==================================================================
[   80.520238][ T5008] BUG: KASAN: stack-out-of-bounds in ip6mr_ioctl+0xba3/0xcb0
[   80.527650][ T5008] Read of size 16 at addr ffffc900039afb68 by task syz-executor937/5008
[   80.535981][ T5008] 
[   80.538306][ T5008] CPU: 1 PID: 5008 Comm: syz-executor937 Not tainted 6.4.0-rc6-syzkaller-01304-gc08afcdcf952 #0
[   80.548755][ T5008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   80.558825][ T5008] Call Trace:
[   80.562109][ T5008]  <TASK>
[   80.565045][ T5008]  dump_stack_lvl+0xd9/0x150
[   80.569659][ T5008]  print_address_description.constprop.0+0x2c/0x3c0
[   80.576288][ T5008]  ? ip6mr_ioctl+0xba3/0xcb0
[   80.580903][ T5008]  kasan_report+0x11c/0x130
[   80.585434][ T5008]  ? ip6mr_ioctl+0xba3/0xcb0
[   80.590051][ T5008]  ip6mr_ioctl+0xba3/0xcb0
[   80.594494][ T5008]  ? ip6_mroute_getsockopt+0x550/0x550
[   80.599982][ T5008]  ? lock_downgrade+0x690/0x690
[   80.604866][ T5008]  ? mark_held_locks+0x9f/0xe0
[   80.609651][ T5008]  ? rawv6_ioctl+0x4e/0x1e0
[   80.614173][ T5008]  rawv6_ioctl+0x4e/0x1e0
[   80.618525][ T5008]  sk_ioctl+0x151/0x440
[   80.622704][ T5008]  ? sock_ioctl_inout+0x150/0x150
[   80.627757][ T5008]  ? tomoyo_path_number_perm+0x245/0x570
[   80.633407][ T5008]  ? lock_downgrade+0x690/0x690
[   80.638279][ T5008]  inet6_ioctl+0x1b8/0x290
[   80.642715][ T5008]  ? inet6_release+0x70/0x70
[   80.647347][ T5008]  ? tomoyo_path_number_perm+0x166/0x570
[   80.653025][ T5008]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   80.658851][ T5008]  sock_do_ioctl+0xcc/0x230
[   80.663367][ T5008]  ? get_user_ifreq+0x250/0x250
[   80.668232][ T5008]  ? vfs_fileattr_set+0xc40/0xc40
[   80.673290][ T5008]  sock_ioctl+0x1f8/0x680
[   80.677897][ T5008]  ? br_ioctl_call+0xb0/0xb0
[   80.682504][ T5008]  ? lock_downgrade+0x690/0x690
[   80.687379][ T5008]  ? bpf_lsm_file_ioctl+0x9/0x10
[   80.692338][ T5008]  ? br_ioctl_call+0xb0/0xb0
[   80.696942][ T5008]  __x64_sys_ioctl+0x197/0x210
[   80.701825][ T5008]  do_syscall_64+0x39/0xb0
[   80.706253][ T5008]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   80.712174][ T5008] RIP: 0033:0x7f255849bad9
[   80.716600][ T5008] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   80.736228][ T5008] RSP: 002b:00007ffd06792778 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   80.744658][ T5008] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f255849bad9
[   80.752637][ T5008] RDX: 0000000000000000 RSI: 00000000000089e1 RDI: 0000000000000003
[   80.760614][ T5008] RBP: 00007f255845fc80 R08: 0000000000000000 R09: 0000000000000000
[   80.768594][ T5008] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255845fd10
[   80.776663][ T5008] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   80.784653][ T5008]  </TASK>
[   80.787676][ T5008] 
[   80.789998][ T5008] The buggy address belongs to stack of task syz-executor937/5008
[   80.797803][ T5008]  and is located at offset 40 in frame:
[   80.803430][ T5008]  sk_ioctl+0x0/0x440
[   80.807456][ T5008] 
[   80.809781][ T5008] This frame has 2 objects:
[   80.814289][ T5008]  [32, 36) 'karg'
[   80.814304][ T5008]  [48, 88) 'buffer'
[   80.818021][ T5008] 
[   80.824229][ T5008] The buggy address belongs to the virtual mapping at
[   80.824229][ T5008]  [ffffc900039a8000, ffffc900039b1000) created by:
[   80.824229][ T5008]  kernel_clone+0xeb/0x890
[   80.841789][ T5008] 
[   80.844114][ T5008] The buggy address belongs to the physical page:
[   80.850523][ T5008] page:ffffea0001df0840 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77c21
[   80.860682][ T5008] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   80.867800][ T5008] page_type: 0xffffffff()
[   80.872142][ T5008] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   80.880733][ T5008] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   80.889315][ T5008] page dumped because: kasan: bad access detected
[   80.895746][ T5008] page_owner tracks the page as allocated
[   80.901564][ T5008] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 4946, tgid 4946 (dhcpcd-run-hook), ts 65899342674, free_ts 65897349005
[   80.921041][ T5008]  post_alloc_hook+0x2db/0x350
[   80.925838][ T5008]  get_page_from_freelist+0xf41/0x2c00
[   80.931322][ T5008]  __alloc_pages+0x1cb/0x4a0
[   80.935933][ T5008]  alloc_pages+0x1aa/0x270
[   80.940388][ T5008]  __vmalloc_node_range+0xb1c/0x14a0
[   80.945713][ T5008]  copy_process+0x13bb/0x75c0
[   80.950419][ T5008]  kernel_clone+0xeb/0x890
[   80.954918][ T5008]  __do_sys_clone+0xba/0x100
[   80.959528][ T5008]  do_syscall_64+0x39/0xb0
[   80.963958][ T5008]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   80.969913][ T5008] page last free stack trace:
[   80.974585][ T5008]  free_unref_page_prepare+0x62e/0xcb0
[   80.980066][ T5008]  free_unref_page_list+0xe3/0xa70
[   80.985203][ T5008]  release_pages+0xcd8/0x1380
[   80.989900][ T5008]  tlb_batch_pages_flush+0xa8/0x1a0
[   80.995208][ T5008]  tlb_finish_mmu+0x14b/0x7e0
[   80.999911][ T5008]  exit_mmap+0x2b2/0x930
[   81.004177][ T5008]  __mmput+0x128/0x4c0
[   81.008266][ T5008]  mmput+0x60/0x70
[   81.012002][ T5008]  do_exit+0x9b0/0x29b0
[   81.016167][ T5008]  do_group_exit+0xd4/0x2a0
[   81.020690][ T5008]  __x64_sys_exit_group+0x3e/0x50
[   81.025901][ T5008]  do_syscall_64+0x39/0xb0
[   81.030584][ T5008]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   81.036501][ T5008] 
[   81.038911][ T5008] Memory state around the buggy address:
[   81.044558][ T5008]  ffffc900039afa00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
[   81.052651][ T5008]  ffffc900039afa80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   81.060740][ T5008] >ffffc900039afb00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 00 00
[   81.068898][ T5008]                                                           ^
[   81.076363][ T5008]  ffffc900039afb80: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
[   81.084522][ T5008]  ffffc900039afc00: 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 00 00 00 00
[   81.092681][ T5008] ==================================================================
[   81.101853][ T5008] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   81.109083][ T5008] CPU: 1 PID: 5008 Comm: syz-executor937 Not tainted 6.4.0-rc6-syzkaller-01304-gc08afcdcf952 #0
[   81.119540][ T5008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   81.129605][ T5008] Call Trace:
[   81.132897][ T5008]  <TASK>
[   81.135843][ T5008]  dump_stack_lvl+0xd9/0x150
[   81.140465][ T5008]  panic+0x686/0x730
[   81.144397][ T5008]  ? panic_smp_self_stop+0xa0/0xa0
[   81.149544][ T5008]  ? preempt_schedule_thunk+0x1a/0x20
[   81.154949][ T5008]  ? preempt_schedule_common+0x45/0xb0
[   81.160444][ T5008]  check_panic_on_warn+0xb1/0xc0
[   81.165404][ T5008]  end_report+0xe9/0x120
[   81.169673][ T5008]  ? ip6mr_ioctl+0xba3/0xcb0
[   81.174304][ T5008]  kasan_report+0xf9/0x130
[   81.178744][ T5008]  ? ip6mr_ioctl+0xba3/0xcb0
[   81.183359][ T5008]  ip6mr_ioctl+0xba3/0xcb0
[   81.187797][ T5008]  ? ip6_mroute_getsockopt+0x550/0x550
[   81.193276][ T5008]  ? lock_downgrade+0x690/0x690
[   81.198148][ T5008]  ? mark_held_locks+0x9f/0xe0
[   81.202933][ T5008]  ? rawv6_ioctl+0x4e/0x1e0
[   81.207454][ T5008]  rawv6_ioctl+0x4e/0x1e0
[   81.211801][ T5008]  sk_ioctl+0x151/0x440
[   81.215978][ T5008]  ? sock_ioctl_inout+0x150/0x150
[   81.221023][ T5008]  ? tomoyo_path_number_perm+0x245/0x570
[   81.226669][ T5008]  ? lock_downgrade+0x690/0x690
[   81.231541][ T5008]  inet6_ioctl+0x1b8/0x290
[   81.235988][ T5008]  ? inet6_release+0x70/0x70
[   81.240594][ T5008]  ? tomoyo_path_number_perm+0x166/0x570
[   81.246243][ T5008]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   81.256578][ T5008]  sock_do_ioctl+0xcc/0x230
[   81.261091][ T5008]  ? get_user_ifreq+0x250/0x250
[   81.265957][ T5008]  ? vfs_fileattr_set+0xc40/0xc40
[   81.271013][ T5008]  sock_ioctl+0x1f8/0x680
[   81.275354][ T5008]  ? br_ioctl_call+0xb0/0xb0
[   81.279955][ T5008]  ? lock_downgrade+0x690/0x690
[   81.284828][ T5008]  ? bpf_lsm_file_ioctl+0x9/0x10
[   81.289788][ T5008]  ? br_ioctl_call+0xb0/0xb0
[   81.294408][ T5008]  __x64_sys_ioctl+0x197/0x210
[   81.299194][ T5008]  do_syscall_64+0x39/0xb0
[   81.303620][ T5008]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   81.309564][ T5008] RIP: 0033:0x7f255849bad9
[   81.313984][ T5008] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   81.333597][ T5008] RSP: 002b:00007ffd06792778 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   81.342026][ T5008] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f255849bad9
[   81.350014][ T5008] RDX: 0000000000000000 RSI: 00000000000089e1 RDI: 0000000000000003
[   81.358125][ T5008] RBP: 00007f255845fc80 R08: 0000000000000000 R09: 0000000000000000
[   81.366205][ T5008] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255845fd10
[   81.374185][ T5008] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   81.382169][ T5008]  </TASK>
[   81.385402][ T5008] Kernel Offset: disabled
[   81.389736][ T5008] Rebooting in 86400 seconds..