[ 52.323063][ T1088] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.365508][ T1088] device veth1_macvtap left promiscuous mode
[ 52.365629][ T1088] device veth0_macvtap left promiscuous mode
[ 52.365738][ T1088] device veth1_vlan left promiscuous mode
[ 52.365885][ T1088] device veth0_vlan left promiscuous mode
[ 52.567301][ T1088] team0 (unregistering): Port device team_slave_1 removed
[ 52.573610][ T1088] team0 (unregistering): Port device team_slave_0 removed
[ 52.590114][ T1088] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 52.607250][ T1088] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 52.648475][ T1088] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.0.182' (ECDSA) to the list of known hosts.
2022/06/14 15:49:06 parsed 1 programs
[ 65.504829][ T27] audit: type=1400 audit(1655221746.801:188): avc: denied { mounton } for pid=4017 comm="syz-executor" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[ 65.530871][ T4017] cgroup: Unknown subsys name 'net'
[ 65.534658][ T4017] cgroup: Unknown subsys name 'rlimit'
2022/06/14 15:49:06 executed programs: 0
[ 65.542873][ T27] audit: type=1400 audit(1655221746.841:189): avc: denied { mounton } for pid=4017 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 65.544197][ T27] audit: type=1400 audit(1655221746.841:190): avc: denied { mount } for pid=4017 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 65.547889][ T27] audit: type=1400 audit(1655221746.851:191): avc: denied { create } for pid=4017 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 65.548152][ T27] audit: type=1400 audit(1655221746.851:192): avc: denied { write } for pid=4017 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 65.548461][ T27] audit: type=1400 audit(1655221746.851:193): avc: denied { read } for pid=4017 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 65.610043][ T27] audit: type=1400 audit(1655221746.911:194): avc: denied { create } for pid=4022 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 65.612777][ T27] audit: type=1400 audit(1655221746.911:195): avc: denied { read } for pid=3189 comm="dhcpcd" name="n79" dev="tmpfs" ino=1539 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 65.612797][ T27] audit: type=1400 audit(1655221746.911:196): avc: denied { open } for pid=3189 comm="dhcpcd" path="/run/udev/data/n79" dev="tmpfs" ino=1539 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 65.612811][ T27] audit: type=1400 audit(1655221746.911:197): avc: denied { getattr } for pid=3189 comm="dhcpcd" path="/run/udev/data/n79" dev="tmpfs" ino=1539 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 66.117758][ T1229] ieee802154 phy0 wpan0: encryption failed: -22
[ 66.117796][ T1229] ieee802154 phy1 wpan1: encryption failed: -22
[ 68.745611][ T3612] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 71.227504][ T144] cfg80211: failed to load regulatory.db
[ 72.905524][ T3612] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 74.989635][ T27] kauditd_printk_skb: 4 callbacks suppressed
[ 74.989646][ T27] audit: type=1400 audit(1655221756.291:202): avc: denied { ioctl } for pid=4072 comm="syz-executor.0" path="socket:[29211]" dev="sockfs" ino=29211 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 74.990045][ T3615] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 74.990894][ T3615] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 74.991430][ T3615] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 74.992075][ T3615] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 74.992468][ T3615] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 74.992666][ T3615] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 75.000865][ T27] audit: type=1400 audit(1655221756.291:203): avc: denied { read } for pid=4072 comm="syz-executor.0" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 75.000887][ T27] audit: type=1400 audit(1655221756.301:204): avc: denied { open } for pid=4072 comm="syz-executor.0" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 75.000903][ T27] audit: type=1400 audit(1655221756.301:205): avc: denied { mounton } for pid=4072 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 75.091419][ T4072] chnl_net:caif_netlink_parms(): no params data found
[ 75.163838][ T4072] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.163909][ T4072] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.164409][ T4072] device bridge_slave_0 entered promiscuous mode
[ 75.166668][ T4072] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.166770][ T4072] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.167634][ T4072] device bridge_slave_1 entered promiscuous mode
[ 75.210043][ T4072] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 75.211464][ T4072] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 75.243545][ T4072] team0: Port device team_slave_0 added
[ 75.244829][ T4072] team0: Port device team_slave_1 added
[ 75.263323][ T4072] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 75.263329][ T4072] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 75.263333][ T4072] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 75.264510][ T4072] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 75.264513][ T4072] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 75.264516][ T4072] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 75.357503][ T4072] device hsr_slave_0 entered promiscuous mode
[ 75.358073][ T4072] device hsr_slave_1 entered promiscuous mode
[ 75.413743][ T4072] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.413777][ T4072] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 75.413869][ T4072] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.413900][ T4072] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.457614][ T4072] 8021q: adding VLAN 0 to HW filter on device bond0
[ 75.461317][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 75.462674][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.462955][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.463392][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 75.469335][ T4072] 8021q: adding VLAN 0 to HW filter on device team0
[ 75.480070][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 75.480507][ T144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.480554][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.484301][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 75.484657][ T6] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.484701][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 75.500397][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 75.500937][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 75.506615][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 75.512774][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 75.518158][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 75.521439][ T4072] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 75.533897][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 75.533984][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 75.541654][ T4072] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 75.738586][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 75.739222][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 75.740683][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 75.741044][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 75.743521][ T4072] device veth0_vlan entered promiscuous mode
[ 75.748601][ T4072] device veth1_vlan entered promiscuous mode
[ 75.763689][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 75.764117][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 75.764609][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 75.769102][ T4072] device veth0_macvtap entered promiscuous mode
[ 75.772060][ T4072] device veth1_macvtap entered promiscuous mode
[ 75.783552][ T4072] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 75.783622][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 75.787104][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 75.792189][ T4072] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 75.792404][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 75.891855][ T1353] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.891862][ T1353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.893012][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 75.915122][ T1353] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.915131][ T1353] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.926230][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 75.935196][ T27] audit: type=1400 audit(1655221757.231:206): avc: denied { mounton } for pid=4072 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=2313 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 75.981495][ T27] audit: type=1400 audit(1655221757.271:207): avc: denied { bpf } for pid=4090 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 75.981522][ T27] audit: type=1400 audit(1655221757.281:208): avc: denied { prog_load } for pid=4090 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 75.981539][ T27] audit: type=1400 audit(1655221757.281:209): avc: denied { perfmon } for pid=4090 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 75.981539][ T27] audit: type=1400 audit(1655221757.281:209): avc: denied { perfmon } for pid=4090 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 75.981555][ T27] audit: type=1400 audit(1655221757.281:210): avc: denied { prog_run } for pid=4090 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 76.032066][ T27] audit: type=1400 audit(1655221757.331:211): avc: denied { ioctl } for pid=4090 comm="syz-executor.0" path="socket:[30302]" dev="sockfs" ino=30302 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 76.034068][ T4091] ==================================================================
[ 76.034073][ T4091] BUG: KASAN: slab-out-of-bounds in sk_psock_get+0xe4/0x2c0
[ 76.034086][ T4091] Read of size 4 at addr ffff88807d2cfe78 by task syz-executor.0/4091
[ 76.034101][ T4091]
[ 76.034104][ T4091] CPU: 0 PID: 4091 Comm: syz-executor.0 Not tainted 5.19.0-rc2-syzkaller #0
[ 76.034111][ T4091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 76.034114][ T4091] Call Trace:
[ 76.034118][ T4091]
[ 76.034120][ T4091] dump_stack_lvl+0x57/0x7d
[ 76.034130][ T4091] print_address_description.constprop.0.cold+0xeb/0x467
[ 76.034138][ T4091] ? sk_psock_get+0xe4/0x2c0
[ 76.034143][ T4091] kasan_report.cold+0xf4/0x1c6
[ 76.034148][ T4091] ? sk_psock_get+0xe4/0x2c0
[ 76.034153][ T4091] kasan_check_range+0x13d/0x180
[ 76.034161][ T4091] sk_psock_get+0xe4/0x2c0
[ 76.034166][ T4091] ? process_rx_list+0x560/0x560
[ 76.034177][ T4091] tls_sw_recvmsg+0x134/0x1330
[ 76.034183][ T4091] ? avc_has_perm_noaudit+0x2c0/0x2c0
[ 76.034191][ T4091] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 76.034199][ T4091] ? decrypt_skb+0x90/0x90
[ 76.034203][ T4091] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 76.034209][ T4091] ? selinux_socket_sendmsg+0x2a0/0x2a0
[ 76.034216][ T4091] inet6_recvmsg+0xf0/0x490
[ 76.034223][ T4091] ? inet6_sk_rebuild_header+0x9c0/0x9c0
[ 76.034229][ T4091] ____sys_recvmsg+0x262/0x630
[ 76.034236][ T4091] ? __sock_recv_cmsgs+0x580/0x580
[ 76.034240][ T4091] ? __import_iovec+0x51/0x670
[ 76.034247][ T4091] ? import_iovec+0xa4/0x150
[ 76.034251][ T4091] ___sys_recvmsg+0xe2/0x1a0
[ 76.034256][ T4091] ? __copy_msghdr_from_user+0x3f0/0x3f0
[ 76.034261][ T4091] ? __fget_files+0x1a7/0x3a0
[ 76.034267][ T4091] ? lock_downgrade+0x6e0/0x6e0
[ 76.034273][ T4091] ? __fget_files+0x1bf/0x3a0
[ 76.034278][ T4091] ? __fget_light+0xb9/0x210
[ 76.034283][ T4091] do_recvmmsg+0x1cf/0x550
[ 76.034288][ T4091] ? ___sys_recvmsg+0x1a0/0x1a0
[ 76.034293][ T4091] ? find_held_lock+0x2d/0x110
[ 76.034299][ T4091] ? lock_downgrade+0x6e0/0x6e0
[ 76.034305][ T4091] __x64_sys_recvmmsg+0x19a/0x200
[ 76.034310][ T4091] ? __do_sys_socketcall+0x450/0x450
[ 76.034315][ T4091] ? lockdep_hardirqs_on_prepare+0x17b/0x400
[ 76.034321][ T4091] ? syscall_enter_from_user_mode+0x21/0x70
[ 76.034328][ T4091] do_syscall_64+0x35/0xb0
[ 76.034334][ T4091] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 76.034341][ T4091] RIP: 0033:0x7f5cc1c890e9
[ 76.034346][ T4091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 76.034352][ T4091] RSP: 002b:00007f5cc13fe168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 76.034359][ T4091] RAX: ffffffffffffffda RBX: 00007f5cc1d9bf60 RCX: 00007f5cc1c890e9
[ 76.034363][ T4091] RDX: 000000000000000a RSI: 00000000200030c0 RDI: 0000000000000005
[ 76.034366][ T4091] RBP: 00007f5cc1ce308d R08: 0000000000000000 R09: 0000000000000000
[ 76.034370][ T4091] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000
[ 76.034372][ T4091] R13: 00007ffd626d7c0f R14: 00007f5cc13fe300 R15: 0000000000022000
[ 76.034377][ T4091]
[ 76.034379][ T4091]
[ 76.034381][ T4091] Allocated by task 4095:
[ 76.034384][ T4091] kasan_save_stack+0x1e/0x40
[ 76.034389][ T4091] __kasan_slab_alloc+0x85/0xb0
[ 76.034394][ T4091] kmem_cache_alloc+0x265/0x560
[ 76.034398][ T4091] kcm_ioctl+0x3d2/0x10b0
[ 76.034404][ T4091] sock_do_ioctl+0xc9/0x1c0
[ 76.034407][ T4091] sock_ioctl+0x278/0x510
[ 76.034411][ T4091] __x64_sys_ioctl+0x11f/0x190
[ 76.034416][ T4091] do_syscall_64+0x35/0xb0
[ 76.034420][ T4091] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 76.034425][ T4091]
[ 76.034426][ T4091] Last potentially related work creation:
[ 76.034428][ T4091] kasan_save_stack+0x1e/0x40
[ 76.034432][ T4091] __kasan_record_aux_stack+0x7e/0x90
[ 76.034437][ T4091] insert_work+0x43/0x2e0
[ 76.034441][ T4091] __queue_work+0x4e6/0xdc0
[ 76.034445][ T4091] queue_work_on+0x70/0x80
[ 76.034449][ T4091] kcm_ioctl+0xc79/0x10b0
[ 76.034453][ T4091] sock_do_ioctl+0xc9/0x1c0
[ 76.034456][ T4091] sock_ioctl+0x278/0x510
[ 76.034459][ T4091] __x64_sys_ioctl+0x11f/0x190
[ 76.034462][ T4091] do_syscall_64+0x35/0xb0
[ 76.034467][ T4091] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 76.034471][ T4091]
[ 76.034472][ T4091] The buggy address belongs to the object at ffff88807d2cfbc0
[ 76.034472][ T4091] which belongs to the cache kcm_psock_cache of size 568
[ 76.034476][ T4091] The buggy address is located 128 bytes to the right of
[ 76.034476][ T4091] 568-byte region [ffff88807d2cfbc0, ffff88807d2cfdf8)
[ 76.034480][ T4091]
[ 76.034482][ T4091] The buggy address belongs to the physical page:
[ 76.034484][ T4091] page:ffffea0001f4b380 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d2ce
[ 76.034491][ T4091] head:ffffea0001f4b380 order:1 compound_mapcount:0 compound_pincount:0
[ 76.034494][ T4091] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 76.034504][ T4091] raw: 00fff00000010200 ffff888027505a50 ffff888027505a50 ffff8880258b0900
[ 76.034509][ T4091] raw: 0000000000000000 ffff88807d2ce040 000000010000000b 0000000000000000
[ 76.034511][ T4091] page dumped because: kasan: bad access detected
[ 76.034514][ T4091] page_owner tracks the page as allocated
[ 76.034516][ T4091] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x3420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_HARDWALL|__GFP_THISNODE), pid 4095, tgid 4090 (syz-executor.0), ts 76033585090, free_ts 76008148912
[ 76.034525][ T4091] get_page_from_freelist+0x19d3/0x3b30
[ 76.034531][ T4091] __alloc_pages+0x1c7/0x510
[ 76.034534][ T4091] cache_grow_begin+0x75/0x350
[ 76.034538][ T4091] cache_alloc_refill+0x27f/0x380
[ 76.034542][ T4091] kmem_cache_alloc+0x450/0x560
[ 76.034546][ T4091] kcm_ioctl+0x3d2/0x10b0
[ 76.034550][ T4091] sock_do_ioctl+0xc9/0x1c0
[ 76.034553][ T4091] sock_ioctl+0x278/0x510
[ 76.034556][ T4091] __x64_sys_ioctl+0x11f/0x190
[ 76.034560][ T4091] do_syscall_64+0x35/0xb0
[ 76.034564][ T4091] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 76.034568][ T4091] page last free stack trace:
[ 76.034570][ T4091] free_pcp_prepare+0x549/0xd20
[ 76.034576][ T4091] free_unref_page+0x19/0x6a0
[ 76.034580][ T4091] slabs_destroy+0x89/0xc0
[ 76.034584][ T4091] ___cache_free+0x34e/0x670
[ 76.034588][ T4091] qlist_free_all+0x4f/0x1b0
[ 76.034593][ T4091] kasan_quarantine_reduce+0x180/0x200
[ 76.034598][ T4091] __kasan_slab_alloc+0x97/0xb0
[ 76.034602][ T4091] kmem_cache_alloc_node+0x2a0/0x590
[ 76.034606][ T4091] __alloc_skb+0x151/0x270
[ 76.034611][ T4091] alloc_skb_with_frags+0x73/0x6f0
[ 76.034615][ T4091] sock_alloc_send_pskb+0x636/0x7c0
[ 76.034620][ T4091] mld_newpack.isra.0+0x1b4/0x760
[ 76.034625][ T4091] add_grhead+0x265/0x350
[ 76.034629][ T4091] add_grec+0xc80/0x1050
[ 76.034633][ T4091] mld_ifc_work+0x3bb/0xa90
[ 76.034638][ T4091] process_one_work+0x865/0x13d0
[ 76.034642][ T4091]
[ 76.034643][ T4091] Memory state around the buggy address:
[ 76.034645][ T4091] ffff88807d2cfd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 76.034648][ T4091] ffff88807d2cfd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 76.034651][ T4091] >ffff88807d2cfe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 76.034653][ T4091] ^
[ 76.034656][ T4091] ffff88807d2cfe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 76.034659][ T4091] ffff88807d2cff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 76.034661][ T4091] ==================================================================
[ 76.034665][ T4091] Kernel panic - not syncing: panic_on_warn set ...
[ 76.034669][ T4091] CPU: 0 PID: 4091 Comm: syz-executor.0 Not tainted 5.19.0-rc2-syzkaller #0
[ 76.034674][ T4091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 76.034677][ T4091] Call Trace:
[ 76.034679][ T4091]
[ 76.034681][ T4091] dump_stack_lvl+0x57/0x7d
[ 76.034687][ T4091] panic+0x227/0x466
[ 76.034694][ T4091] ? panic_print_sys_info.part.0+0x69/0x69
[ 76.034700][ T4091] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 76.034706][ T4091] ? sk_psock_get+0xe4/0x2c0
[ 76.034710][ T4091] end_report.part.0+0x3f/0x7c
[ 76.034716][ T4091] kasan_report.cold+0x93/0x1c6
[ 76.034721][ T4091] ? sk_psock_get+0xe4/0x2c0
[ 76.034725][ T4091] kasan_check_range+0x13d/0x180
[ 76.034731][ T4091] sk_psock_get+0xe4/0x2c0
[ 76.034736][ T4091] ? process_rx_list+0x560/0x560
[ 76.034742][ T4091] tls_sw_recvmsg+0x134/0x1330
[ 76.034748][ T4091] ? avc_has_perm_noaudit+0x2c0/0x2c0
[ 76.034753][ T4091] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 76.034760][ T4091] ? decrypt_skb+0x90/0x90
[ 76.034765][ T4091] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 76.034771][ T4091] ? selinux_socket_sendmsg+0x2a0/0x2a0
[ 76.034778][ T4091] inet6_recvmsg+0xf0/0x490
[ 76.034784][ T4091] ? inet6_sk_rebuild_header+0x9c0/0x9c0
[ 76.034790][ T4091] ____sys_recvmsg+0x262/0x630
[ 76.034795][ T4091] ? __sock_recv_cmsgs+0x580/0x580
[ 76.034799][ T4091] ? __import_iovec+0x51/0x670
[ 76.034805][ T4091] ? import_iovec+0xa4/0x150
[ 76.034810][ T4091] ___sys_recvmsg+0xe2/0x1a0
[ 76.034815][ T4091] ? __copy_msghdr_from_user+0x3f0/0x3f0
[ 76.034820][ T4091] ? __fget_files+0x1a7/0x3a0
[ 76.034824][ T4091] ? lock_downgrade+0x6e0/0x6e0
[ 76.034831][ T4091] ? __fget_files+0x1bf/0x3a0
[ 76.034836][ T4091] ? __fget_light+0xb9/0x210
[ 76.034841][ T4091] do_recvmmsg+0x1cf/0x550
[ 76.034846][ T4091] ? ___sys_recvmsg+0x1a0/0x1a0
[ 76.034852][ T4091] ? find_held_lock+0x2d/0x110
[ 76.034858][ T4091] ? lock_downgrade+0x6e0/0x6e0
[ 76.034864][ T4091] __x64_sys_recvmmsg+0x19a/0x200
[ 76.034869][ T4091] ? __do_sys_socketcall+0x450/0x450
[ 76.034874][ T4091] ? lockdep_hardirqs_on_prepare+0x17b/0x400
[ 76.034880][ T4091] ? syscall_enter_from_user_mode+0x21/0x70
[ 76.034885][ T4091] do_syscall_64+0x35/0xb0
[ 76.034891][ T4091] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 76.034897][ T4091] RIP: 0033:0x7f5cc1c890e9
[ 76.034901][ T4091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 76.034905][ T4091] RSP: 002b:00007f5cc13fe168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 76.034911][ T4091] RAX: ffffffffffffffda RBX: 00007f5cc1d9bf60 RCX: 00007f5cc1c890e9
[ 76.034915][ T4091] RDX: 000000000000000a RSI: 00000000200030c0 RDI: 0000000000000005
[ 76.034919][ T4091] RBP: 00007f5cc1ce308d R08: 0000000000000000 R09: 0000000000000000
[ 76.034922][ T4091] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000
[ 76.034926][ T4091] R13: 00007ffd626d7c0f R14: 00007f5cc13fe300 R15: 0000000000022000
[ 76.034930][ T4091]
[ 76.052188][ T4091] Kernel Offset: disabled