[ 56.475724][ T46] bridge0: port 1(bridge_slave_0) entered disabled state
[ 56.486184][ T46] device veth1_macvtap left promiscuous mode
[ 56.492312][ T46] device veth0_macvtap left promiscuous mode
[ 56.498461][ T46] device veth1_vlan left promiscuous mode
[ 56.504218][ T46] device veth0_vlan left promiscuous mode
[ 56.566219][ T46] team0 (unregistering): Port device team_slave_1 removed
[ 56.578644][ T46] team0 (unregistering): Port device team_slave_0 removed
[ 56.591007][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 56.601646][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 56.630506][ T46] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts.
2022/07/26 05:05:21 parsed 1 programs
[ 67.786944][ T26] audit: type=1400 audit(1658811921.340:188): avc: denied { mounton } for pid=3909 comm="syz-executor" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[ 67.787955][ T3909] cgroup: Unknown subsys name 'net'
2022/07/26 05:05:21 executed programs: 0
[ 67.813815][ T26] audit: type=1400 audit(1658811921.360:189): avc: denied { getattr } for pid=3911 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf/eth0.dhcp" dev="tmpfs" ino=1443 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 67.821676][ T3909] cgroup: Unknown subsys name 'rlimit'
[ 67.850048][ T26] audit: type=1400 audit(1658811921.400:190): avc: denied { mounton } for pid=3909 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 67.888258][ T26] audit: type=1400 audit(1658811921.400:191): avc: denied { read } for pid=3913 comm="sed" name="eth0.dhcp" dev="tmpfs" ino=1443 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 67.916571][ T26] audit: type=1400 audit(1658811921.400:192): avc: denied { open } for pid=3913 comm="sed" path="/run/dhcpcd/hook-state/resolv.conf/eth0.dhcp" dev="tmpfs" ino=1443 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 67.942392][ T26] audit: type=1400 audit(1658811921.430:193): avc: denied { mount } for pid=3909 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 67.966510][ T26] audit: type=1400 audit(1658811921.430:194): avc: denied { create } for pid=3909 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 67.987461][ T26] audit: type=1400 audit(1658811921.430:195): avc: denied { write } for pid=3909 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 68.008707][ T26] audit: type=1400 audit(1658811921.430:196): avc: denied { read } for pid=3909 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 68.029377][ T26] audit: type=1400 audit(1658811921.460:197): avc: denied { create } for pid=3922 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 71.016866][ T3613] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 71.738007][ T142] cfg80211: failed to load regulatory.db
[ 75.176848][ T3613] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 79.336856][ T3613] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 83.496842][ T3613] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 87.656955][ T3613] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 91.816854][ T3613] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 95.976870][ T3613] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 100.136883][ T3613] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 104.296844][ T3613] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 108.456873][ T3613] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 110.541644][ T3610] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 110.541720][ T26] kauditd_printk_skb: 4 callbacks suppressed
[ 110.541726][ T26] audit: type=1400 audit(1658811964.090:202): avc: denied { ioctl } for pid=4091 comm="syz-executor.0" path="socket:[29541]" dev="sockfs" ino=29541 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 110.548804][ T3610] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 110.587124][ T3610] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 110.594522][ T3610] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 110.602174][ T3610] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 110.609356][ T3610] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 110.620919][ T26] audit: type=1400 audit(1658811964.170:203): avc: denied { read } for pid=4091 comm="syz-executor.0" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 110.644305][ T26] audit: type=1400 audit(1658811964.170:204): avc: denied { open } for pid=4091 comm="syz-executor.0" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 110.668524][ T26] audit: type=1400 audit(1658811964.170:205): avc: denied { mounton } for pid=4091 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 110.685069][ T4091] chnl_net:caif_netlink_parms(): no params data found
[ 110.719352][ T4091] bridge0: port 1(bridge_slave_0) entered blocking state
[ 110.726622][ T4091] bridge0: port 1(bridge_slave_0) entered disabled state
[ 110.734510][ T4091] device bridge_slave_0 entered promiscuous mode
[ 110.742173][ T4091] bridge0: port 2(bridge_slave_1) entered blocking state
[ 110.749452][ T4091] bridge0: port 2(bridge_slave_1) entered disabled state
[ 110.757257][ T4091] device bridge_slave_1 entered promiscuous mode
[ 110.773567][ T4091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 110.784083][ T4091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 110.802833][ T4091] team0: Port device team_slave_0 added
[ 110.809910][ T4091] team0: Port device team_slave_1 added
[ 110.823804][ T4091] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 110.830795][ T4091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 110.856879][ T4091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 110.868378][ T4091] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 110.875435][ T4091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 110.901955][ T4091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 110.923156][ T4091] device hsr_slave_0 entered promiscuous mode
[ 110.930292][ T4091] device hsr_slave_1 entered promiscuous mode
[ 110.972197][ T4091] bridge0: port 2(bridge_slave_1) entered blocking state
[ 110.979494][ T4091] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 110.986885][ T4091] bridge0: port 1(bridge_slave_0) entered blocking state
[ 110.994017][ T4091] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 111.020906][ T4091] 8021q: adding VLAN 0 to HW filter on device bond0
[ 111.031851][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 111.040278][ T3628] bridge0: port 1(bridge_slave_0) entered disabled state
[ 111.048391][ T3628] bridge0: port 2(bridge_slave_1) entered disabled state
[ 111.055756][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 111.065749][ T4091] 8021q: adding VLAN 0 to HW filter on device team0
[ 111.074404][ T142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 111.082794][ T142] bridge0: port 1(bridge_slave_0) entered blocking state
[ 111.089934][ T142] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 111.107191][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 111.115629][ T3628] bridge0: port 2(bridge_slave_1) entered blocking state
[ 111.122868][ T3628] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 111.130770][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 111.139462][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 111.148809][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 111.157279][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 111.167379][ T142] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 111.177366][ T4091] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 111.192807][ T4091] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 111.200021][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 111.208010][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 111.297082][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 111.305810][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 111.314724][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 111.322617][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 111.330800][ T4091] device veth0_vlan entered promiscuous mode
[ 111.340173][ T4091] device veth1_vlan entered promiscuous mode
[ 111.354262][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 111.362574][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 111.371866][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 111.381399][ T4091] device veth0_macvtap entered promiscuous mode
[ 111.390778][ T4091] device veth1_macvtap entered promiscuous mode
[ 111.404162][ T4091] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 111.412576][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 111.422355][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 111.432919][ T4091] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 111.440556][ T142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 111.472023][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.483898][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.492651][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 111.500868][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.509853][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.518200][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 111.528129][ T26] audit: type=1400 audit(1658811965.070:206): avc: denied { mounton } for pid=4091 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=2313 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 111.563850][ T26] audit: type=1400 audit(1658811965.110:207): avc: denied { bpf } for pid=4109 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 111.586014][ T26] audit: type=1400 audit(1658811965.110:208): avc: denied { prog_load } for pid=4109 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 111.589166][ T4110] ==================================================================
[ 111.606324][ T26] audit: type=1400 audit(1658811965.110:209): avc: denied { perfmon } for pid=4109 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 111.613342][ T4110] BUG: KASAN: slab-out-of-bounds in sk_psock_get+0xe4/0x2c0
[ 111.613359][ T4110] Read of size 4 at addr ffff8880225c3e78 by task syz-executor.0/4110
[ 111.613369][ T4110]
[ 111.613374][ T4110] CPU: 1 PID: 4110 Comm: syz-executor.0 Not tainted 5.19.0-rc8-syzkaller #0
[ 111.613380][ T4110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[ 111.613384][ T4110] Call Trace:
[ 111.613388][ T4110]
[ 111.613392][ T4110] dump_stack_lvl+0x57/0x7d
[ 111.635145][ T26] audit: type=1400 audit(1658811965.110:210): avc: denied { prog_run } for pid=4109 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 111.641715][ T4110] print_address_description.constprop.0.cold+0xeb/0x467
[ 111.641732][ T4110] ? sk_psock_get+0xe4/0x2c0
[ 111.641740][ T4110] kasan_report.cold+0xf4/0x1c6
[ 111.641746][ T4110] ? sk_psock_get+0xe4/0x2c0
[ 111.641751][ T4110] kasan_check_range+0x13d/0x180
[ 111.650327][ T26] audit: type=1400 audit(1658811965.140:211): avc: denied { ioctl } for pid=4109 comm="syz-executor.0" path="socket:[30806]" dev="sockfs" ino=30806 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 111.652200][ T4110] sk_psock_get+0xe4/0x2c0
[ 111.652212][ T4110] ? process_rx_list+0x560/0x560
[ 111.761738][ T4110] ? rcu_read_lock_sched_held+0xd/0x70
[ 111.767181][ T4110] tls_sw_recvmsg+0x134/0x1330
[ 111.772390][ T4110] ? avc_has_perm_noaudit+0x2c0/0x2c0
[ 111.778094][ T4110] ? decrypt_skb+0x90/0x90
[ 111.782497][ T4110] ? rcu_read_lock_sched_held+0xd/0x70
[ 111.787941][ T4110] ? selinux_socket_sendmsg+0x2a0/0x2a0
[ 111.793548][ T4110] ? rcu_read_lock_sched_held+0xd/0x70
[ 111.798980][ T4110] ? rcu_read_lock_sched_held+0xd/0x70
[ 111.804407][ T4110] inet6_recvmsg+0xf0/0x490
[ 111.808885][ T4110] ? lock_release+0x780/0x780
[ 111.813881][ T4110] ? inet6_sk_rebuild_header+0x9c0/0x9c0
[ 111.819632][ T4110] ____sys_recvmsg+0x262/0x630
[ 111.824449][ T4110] ? __sock_recv_cmsgs+0x580/0x580
[ 111.829561][ T4110] ? __import_iovec+0x51/0x670
[ 111.834303][ T4110] ? import_iovec+0xa4/0x150
[ 111.838880][ T4110] ___sys_recvmsg+0xe2/0x1a0
[ 111.843449][ T4110] ? __copy_msghdr_from_user+0x3f0/0x3f0
[ 111.849053][ T4110] ? rcu_read_lock_sched_held+0xd/0x70
[ 111.854922][ T4110] ? lock_release+0x560/0x780
[ 111.859666][ T4110] ? __fget_files+0x1a7/0x3a0
[ 111.864410][ T4110] ? lock_downgrade+0x6e0/0x6e0
[ 111.869244][ T4110] ? preempt_schedule_thunk+0x16/0x18
[ 111.874599][ T4110] ? __fget_files+0x1bf/0x3a0
[ 111.879254][ T4110] ? __fget_light+0xb9/0x210
[ 111.883821][ T4110] do_recvmmsg+0x1cf/0x550
[ 111.888214][ T4110] ? ___sys_recvmsg+0x1a0/0x1a0
[ 111.893034][ T4110] ? rcu_read_lock_sched_held+0xd/0x70
[ 111.898486][ T4110] ? lock_downgrade+0x6e0/0x6e0
[ 111.903401][ T4110] __x64_sys_recvmmsg+0x19a/0x200
[ 111.908499][ T4110] ? __do_sys_socketcall+0x450/0x450
[ 111.913765][ T4110] ? rcu_read_lock_sched_held+0xd/0x70
[ 111.919193][ T4110] do_syscall_64+0x35/0xb0
[ 111.923583][ T4110] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 111.929447][ T4110] RIP: 0033:0x7fa8984890e9
[ 111.933848][ T4110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 111.954038][ T4110] RSP: 002b:00007fa899683168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 111.962603][ T4110] RAX: ffffffffffffffda RBX: 00007fa89859bf60 RCX: 00007fa8984890e9
[ 111.970567][ T4110] RDX: 000000000000000a RSI: 00000000200030c0 RDI: 0000000000000005
[ 111.978536][ T4110] RBP: 00007fa8984e308d R08: 0000000000000000 R09: 0000000000000000
[ 111.986505][ T4110] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000
[ 111.994648][ T4110] R13: 00007ffc95cd236f R14: 00007fa899683300 R15: 0000000000022000
[ 112.002721][ T4110]
[ 112.005822][ T4110]
[ 112.008121][ T4110] Allocated by task 4110:
[ 112.012431][ T4110] kasan_save_stack+0x1e/0x40
[ 112.017083][ T4110] __kasan_slab_alloc+0x85/0xb0
[ 112.021913][ T4110] kmem_cache_alloc+0x265/0x560
[ 112.026750][ T4110] kcm_ioctl+0x3d2/0x10b0
[ 112.031121][ T4110] sock_do_ioctl+0xc9/0x1c0
[ 112.035816][ T4110] sock_ioctl+0x278/0x510
[ 112.040225][ T4110] __x64_sys_ioctl+0x11f/0x190
[ 112.044967][ T4110] do_syscall_64+0x35/0xb0
[ 112.049364][ T4110] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 112.055246][ T4110]
[ 112.057604][ T4110] Last potentially related work creation:
[ 112.063309][ T4110] kasan_save_stack+0x1e/0x40
[ 112.067976][ T4110] __kasan_record_aux_stack+0x7e/0x90
[ 112.073447][ T4110] insert_work+0x43/0x2e0
[ 112.077752][ T4110] __queue_work+0x4e6/0xdc0
[ 112.082242][ T4110] queue_work_on+0x70/0x80
[ 112.086651][ T4110] kcm_ioctl+0xc79/0x10b0
[ 112.091142][ T4110] sock_do_ioctl+0xc9/0x1c0
[ 112.095625][ T4110] sock_ioctl+0x278/0x510
[ 112.099932][ T4110] __x64_sys_ioctl+0x11f/0x190
[ 112.104856][ T4110] do_syscall_64+0x35/0xb0
[ 112.109277][ T4110] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 112.115142][ T4110]
[ 112.117441][ T4110] The buggy address belongs to the object at ffff8880225c3bc0
[ 112.117441][ T4110] which belongs to the cache kcm_psock_cache of size 568
[ 112.131824][ T4110] The buggy address is located 128 bytes to the right of
[ 112.131824][ T4110] 568-byte region [ffff8880225c3bc0, ffff8880225c3df8)
[ 112.145596][ T4110]
[ 112.147906][ T4110] The buggy address belongs to the physical page:
[ 112.154302][ T4110] page:ffffea0000897080 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x225c2
[ 112.164519][ T4110] head:ffffea0000897080 order:1 compound_mapcount:0 compound_pincount:0
[ 112.172853][ T4110] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 112.180939][ T4110] raw: 00fff00000010200 ffff888025981c50 ffff888025981c50 ffff88814a66ff00
[ 112.189660][ T4110] raw: 0000000000000000 ffff8880225c2040 000000010000000b 0000000000000000
[ 112.198222][ T4110] page dumped because: kasan: bad access detected
[ 112.204620][ T4110] page_owner tracks the page as allocated
[ 112.210410][ T4110] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x3420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_HARDWALL|__GFP_THISNODE), pid 4110, tgid 4109 (syz-executor.0), ts 111589089151, free_ts 111578898793
[ 112.232529][ T4110] get_page_from_freelist+0x19d3/0x3b30
[ 112.238056][ T4110] __alloc_pages+0x1c7/0x510
[ 112.242643][ T4110] cache_grow_begin+0x75/0x350
[ 112.247386][ T4110] cache_alloc_refill+0x27f/0x380
[ 112.252382][ T4110] kmem_cache_alloc+0x450/0x560
[ 112.257237][ T4110] kcm_ioctl+0x3d2/0x10b0
[ 112.261898][ T4110] sock_do_ioctl+0xc9/0x1c0
[ 112.266369][ T4110] sock_ioctl+0x278/0x510
[ 112.270666][ T4110] __x64_sys_ioctl+0x11f/0x190
[ 112.275396][ T4110] do_syscall_64+0x35/0xb0
[ 112.279780][ T4110] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 112.285670][ T4110] page last free stack trace:
[ 112.290400][ T4110] free_pcp_prepare+0x549/0xd20
[ 112.295330][ T4110] free_unref_page+0x19/0x6a0
[ 112.300069][ T4110] slabs_destroy+0x89/0xc0
[ 112.304567][ T4110] ___cache_free+0x34e/0x670
[ 112.309130][ T4110] qlist_free_all+0x4f/0x1b0
[ 112.313896][ T4110] kasan_quarantine_reduce+0x180/0x200
[ 112.319436][ T4110] __kasan_slab_alloc+0x97/0xb0
[ 112.324801][ T4110] kmem_cache_alloc+0x265/0x560
[ 112.329634][ T4110] getname_flags.part.0+0x4a/0x440
[ 112.334831][ T4110] do_sys_openat2+0xd2/0x3f0
[ 112.339401][ T4110] __x64_sys_openat+0x11b/0x1d0
[ 112.344222][ T4110] do_syscall_64+0x35/0xb0
[ 112.348609][ T4110] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 112.354485][ T4110]
[ 112.356788][ T4110] Memory state around the buggy address:
[ 112.362406][ T4110] ffff8880225c3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 112.370464][ T4110] ffff8880225c3d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 112.378525][ T4110] >ffff8880225c3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 112.386578][ T4110] ^
[ 112.394525][ T4110] ffff8880225c3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 112.402573][ T4110] ffff8880225c3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 112.410602][ T4110] ==================================================================
[ 112.421655][ T4110] Kernel panic - not syncing: panic_on_warn set ...
[ 112.428341][ T4110] CPU: 0 PID: 4110 Comm: syz-executor.0 Not tainted 5.19.0-rc8-syzkaller #0
[ 112.437000][ T4110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[ 112.447042][ T4110] Call Trace:
[ 112.450313][ T4110]
[ 112.453224][ T4110] dump_stack_lvl+0x57/0x7d
[ 112.457740][ T4110] panic+0x227/0x466
[ 112.461633][ T4110] ? panic_print_sys_info.part.0+0x69/0x69
[ 112.467432][ T4110] ? preempt_schedule_common+0x59/0xc0
[ 112.473220][ T4110] ? sk_psock_get+0xe4/0x2c0
[ 112.478558][ T4110] ? preempt_schedule_thunk+0x16/0x18
[ 112.484128][ T4110] ? sk_psock_get+0xe4/0x2c0
[ 112.488806][ T4110] end_report.part.0+0x3f/0x7c
[ 112.493565][ T4110] kasan_report.cold+0x93/0x1c6
[ 112.498390][ T4110] ? sk_psock_get+0xe4/0x2c0
[ 112.503054][ T4110] kasan_check_range+0x13d/0x180
[ 112.507978][ T4110] sk_psock_get+0xe4/0x2c0
[ 112.512374][ T4110] ? process_rx_list+0x560/0x560
[ 112.517839][ T4110] ? rcu_read_lock_sched_held+0xd/0x70
[ 112.523375][ T4110] tls_sw_recvmsg+0x134/0x1330
[ 112.528130][ T4110] ? avc_has_perm_noaudit+0x2c0/0x2c0
[ 112.533510][ T4110] ? decrypt_skb+0x90/0x90
[ 112.537926][ T4110] ? rcu_read_lock_sched_held+0xd/0x70
[ 112.543460][ T4110] ? selinux_socket_sendmsg+0x2a0/0x2a0
[ 112.548982][ T4110] ? rcu_read_lock_sched_held+0xd/0x70
[ 112.554563][ T4110] ? rcu_read_lock_sched_held+0xd/0x70
[ 112.560361][ T4110] inet6_recvmsg+0xf0/0x490
[ 112.565322][ T4110] ? lock_release+0x780/0x780
[ 112.569983][ T4110] ? inet6_sk_rebuild_header+0x9c0/0x9c0
[ 112.576646][ T4110] ____sys_recvmsg+0x262/0x630
[ 112.581400][ T4110] ? __sock_recv_cmsgs+0x580/0x580
[ 112.586568][ T4110] ? __import_iovec+0x51/0x670
[ 112.591392][ T4110] ? import_iovec+0xa4/0x150
[ 112.595955][ T4110] ___sys_recvmsg+0xe2/0x1a0
[ 112.600613][ T4110] ? __copy_msghdr_from_user+0x3f0/0x3f0
[ 112.606244][ T4110] ? rcu_read_lock_sched_held+0xd/0x70
[ 112.611677][ T4110] ? lock_release+0x560/0x780
[ 112.616349][ T4110] ? __fget_files+0x1a7/0x3a0
[ 112.621029][ T4110] ? lock_downgrade+0x6e0/0x6e0
[ 112.625868][ T4110] ? preempt_schedule_thunk+0x16/0x18
[ 112.631217][ T4110] ? __fget_files+0x1bf/0x3a0
[ 112.635872][ T4110] ? __fget_light+0xb9/0x210
[ 112.640876][ T4110] do_recvmmsg+0x1cf/0x550
[ 112.645266][ T4110] ? ___sys_recvmsg+0x1a0/0x1a0
[ 112.651656][ T4110] ? rcu_read_lock_sched_held+0xd/0x70
[ 112.657441][ T4110] ? lock_downgrade+0x6e0/0x6e0
[ 112.662350][ T4110] __x64_sys_recvmmsg+0x19a/0x200
[ 112.667433][ T4110] ? __do_sys_socketcall+0x450/0x450
[ 112.672786][ T4110] ? rcu_read_lock_sched_held+0xd/0x70
[ 112.678234][ T4110] do_syscall_64+0x35/0xb0
[ 112.682744][ T4110] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 112.688628][ T4110] RIP: 0033:0x7fa8984890e9
[ 112.693092][ T4110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 112.712953][ T4110] RSP: 002b:00007fa899683168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 112.721453][ T4110] RAX: ffffffffffffffda RBX: 00007fa89859bf60 RCX: 00007fa8984890e9
[ 112.729579][ T4110] RDX: 000000000000000a RSI: 00000000200030c0 RDI: 0000000000000005
[ 112.737549][ T4110] RBP: 00007fa8984e308d R08: 0000000000000000 R09: 0000000000000000
[ 112.745842][ T4110] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000
[ 112.753879][ T4110] R13: 00007ffc95cd236f R14: 00007fa899683300 R15: 0000000000022000
[ 112.762001][ T4110]
[ 112.765063][ T4110] Kernel Offset: disabled
[ 112.769366][ T4110] Rebooting in 86400 seconds..