./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor615646574

<...>
Warning: Permanently added '10.128.1.165' (ED25519) to the list of known hosts.
execve("./syz-executor615646574", ["./syz-executor615646574"], 0x7ffd1df8a850 /* 10 vars */) = 0
brk(NULL)                               = 0x555558bd4000
brk(0x555558bd4d40)                     = 0x555558bd4d40
arch_prctl(ARCH_SET_FS, 0x555558bd43c0) = 0
set_tid_address(0x555558bd4690)         = 5868
set_robust_list(0x555558bd46a0, 24)     = 0
rseq(0x555558bd4ce0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor615646574", 4096) = 27
getrandom("\x13\xd9\xb1\x05\x7d\xda\x03\xfd", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555558bd4d40
brk(0x555558bf5d40)                     = 0x555558bf5d40
brk(0x555558bf6000)                     = 0x555558bf6000
mprotect(0x7f1ac2a97000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5869 attached
, child_tidptr=0x555558bd4690) = 5869
[pid  5869] set_robust_list(0x555558bd46a0, 24) = 0
[pid  5869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5869] getppid()                   = 0
[pid  5869] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5869] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5869] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5869] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5869] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5869] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5869] unshare(CLONE_NEWNS)        = 0
[pid  5869] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5869] unshare(CLONE_NEWIPC)       = 0
[pid  5869] unshare(CLONE_NEWCGROUP)    = 0
[pid  5869] unshare(CLONE_NEWUTS)       = 0
[pid  5869] unshare(CLONE_SYSVSEM)      = 0
[pid  5869] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5869] write(3, "16777216", 8)     = 8
[pid  5869] close(3)                    = 0
[pid  5869] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5869] write(3, "536870912", 9)    = 9
[pid  5869] close(3)                    = 0
[pid  5869] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5869] write(3, "1024", 4)         = 4
[pid  5869] close(3)                    = 0
[pid  5869] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5869] write(3, "8192", 4)         = 4
[pid  5869] close(3)                    = 0
[pid  5869] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5869] write(3, "1024", 4)         = 4
[pid  5869] close(3)                    = 0
[pid  5869] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5869] write(3, "1024", 4)         = 4
[pid  5869] close(3)                    = 0
[pid  5869] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5869] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5869] close(3)                    = 0
[pid  5869] getpid()                    = 1
[pid  5869] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5869] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5869] unshare(CLONE_NEWNET)       = 0
[pid  5869] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5869] write(3, "0 65535", 7)      = 7
[pid  5869] close(3)                    = 0
[pid  5869] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid  5869] dup2(3, 200)                = 200
[pid  5869] close(3)                    = 0
[pid  5869] ioctl(200, TUNSETIFF, 0x7ffc234fd060) = 0
[pid  5869] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid  5869] write(3, "0", 1)            = 1
[pid  5869] close(3)                    = 0
[pid  5869] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid  5869] write(3, "0", 1)            = 1
[pid  5869] close(3)                    = 0
[pid  5869] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  5869] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5869] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5869] close(4)                    = 0
[pid  5869] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5869] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5869] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5869] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5869] close(4)                    = 0
[pid  5869] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5869] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5869] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5869] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5869] close(4)                    = 0
[pid  5869] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid  5869] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5869] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5869] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5869] close(4)                    = 0
[pid  5869] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid  5869] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5869] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5869] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5869] close(4)                    = 0
[pid  5869] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid  5869] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5869] close(3)                    = 0
[pid  5869] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5869] write(3, "100000", 6)       = 6
[pid  5869] close(3)                    = 0
[pid  5869] mkdir("./syz-tmp", 0777)    = 0
[pid  5869] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5869] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5869] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5869] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5869] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5869] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5869] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5869] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5869] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5869] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5869] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5869] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5869] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5869] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5869] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5869] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5869] chdir("/")                  = 0
[pid  5869] umount2("./pivot", MNT_DETACH) = 0
[pid  5869] chroot("./newroot")         = 0
[pid  5869] chdir("/")                  = 0
[pid  5869] mkdir("/dev/binderfs", 0777) = 0
[pid  5869] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5869] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5869] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558bd4690) = 2
./strace-static-x86_64: Process 5872 attached
[pid  5872] set_robust_list(0x555558bd46a0, 24) = 0
[pid  5872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5872] setpgid(0, 0)               = 0
[pid  5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5872] write(3, "1000", 4)         = 4
[pid  5872] close(3)                    = 0
[pid  5872] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid  5872] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid  5872] read(200, 0x7ffc234fcbc0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid  5872] write(1, "executing program\n", 18executing program
) = 18
[pid  5872] futex(0x7f1ac2a9d40c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5872] rt_sigaction(SIGRT_1, {sa_handler=0x7f1ac2a3b220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f1ac2a2c8a0}, NULL, 8) = 0
[pid  5872] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid  5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1ac29ad000
[pid  5872] mprotect(0x7f1ac29ae000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f1ac29cd990, parent_tid=0x7f1ac29cd990, exit_signal=0, stack=0x7f1ac29ad000, stack_size=0x20300, tls=0x7f1ac29cd6c0}./strace-static-x86_64: Process 5873 attached
 <unfinished ...>
[pid  5873] rseq(0x7f1ac29cdfe0, 0x20, 0, 0x53053053) = 0
[pid  5873] set_robust_list(0x7f1ac29cd9a0, 24) = 0
[pid  5872] <... clone3 resumed> => {parent_tid=[3]}, 88) = 3
[pid  5873] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5872] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5873] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5872] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5873] futex(0x7f1ac2a9d408, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable)
[pid  5872] futex(0x7f1ac2a9d408, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5872] futex(0x7f1ac2a9d40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} <unfinished ...>
[pid  5873] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name=NULL, prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor)
[pid  5873] futex(0x7f1ac2a9d40c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5872] <... futex resumed>)        = 0
[pid  5873] pipe( <unfinished ...>
[pid  5872] futex(0x7f1ac2a9d408, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5873] <... pipe resumed>[3, 4])   = 0
[pid  5872] <... futex resumed>)        = 0
[pid  5872] futex(0x7f1ac2a9d40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5873] futex(0x7f1ac2a9d40c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5872] <... futex resumed>)        = 0
[pid  5873] futex(0x7f1ac2a9d408, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5872] futex(0x7f1ac2a9d408, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5873] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  5872] <... futex resumed>)        = 0
[pid  5873] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 5
[pid  5872] futex(0x7f1ac2a9d40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5873] futex(0x7f1ac2a9d40c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5873] futex(0x7f1ac2a9d408, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5872] <... futex resumed>)        = 0
[pid  5873] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  5872] futex(0x7f1ac2a9d408, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5873] close(5 <unfinished ...>
[pid  5872] <... futex resumed>)        = 0
[pid  5873] <... close resumed>)        = 0
[pid  5872] futex(0x7f1ac2a9d40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5873] futex(0x7f1ac2a9d40c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5872] <... futex resumed>)        = 0
[pid  5873] futex(0x7f1ac2a9d408, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5872] futex(0x7f1ac2a9d408, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5873] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  5872] <... futex resumed>)        = 0
[pid  5873] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP <unfinished ...>
[pid  5872] futex(0x7f1ac2a9d40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5873] <... socket resumed>)       = 5
[pid  5873] futex(0x7f1ac2a9d40c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5873] futex(0x7f1ac2a9d408, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5872] <... futex resumed>)        = 0
[pid  5872] futex(0x7f1ac2a9d408, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5873] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  5872] <... futex resumed>)        = 0
[pid  5873] bind(5, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("172.20.20.170")}, 16 <unfinished ...>
[pid  5872] futex(0x7f1ac2a9d40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5873] <... bind resumed>)         = 0
[pid  5873] futex(0x7f1ac2a9d40c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5872] <... futex resumed>)        = 0
[pid  5873] futex(0x7f1ac2a9d408, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5872] futex(0x7f1ac2a9d408, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5873] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  5872] futex(0x7f1ac2a9d40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5873] sendmmsg(5, [{msg_hdr={msg_name={sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("224.0.0.1")}, msg_namelen=16, msg_iov=NULL, msg_iovlen=0, msg_control=[{cmsg_len=112, cmsg_level=0xffffffff /* SOL_??? */, cmsg_type=0}], msg_controllen=112, msg_flags=0}, msg_len=0}], 1, MSG_DONTROUTE|MSG_DONTWAIT|MSG_NOSIGNAL|MSG_MORE|MSG_FASTOPEN) = 1
[pid  5873] futex(0x7f1ac2a9d40c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5872] <... futex resumed>)        = 0
[pid  5873] futex(0x7f1ac2a9d408, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable)
[pid  5872] futex(0x7f1ac2a9d408, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5873] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294966988 <unfinished ...>
[pid  5872] <... futex resumed>)        = 0
[pid  5872] futex(0x7f1ac2a9d40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  5872] futex(0x7f1ac2a9d40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  5872] futex(0x7f1ac2a9d41c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1ac298c000
[pid  5872] mprotect(0x7f1ac298d000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f1ac29ac990, parent_tid=0x7f1ac29ac990, exit_signal=0, stack=0x7f1ac298c000, stack_size=0x20300, tls=0x7f1ac29ac6c0}./strace-static-x86_64: Process 5874 attached
 <unfinished ...>
[pid  5874] rseq(0x7f1ac29acfe0, 0x20, 0, 0x53053053) = 0
[pid  5874] set_robust_list(0x7f1ac29ac9a0, 24 <unfinished ...>
[pid  5872] <... clone3 resumed> => {parent_tid=[4]}, 88) = 4
[pid  5874] <... set_robust_list resumed>) = 0
[pid  5872] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5874] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5872] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5874] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5872] futex(0x7f1ac2a9d418, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5874] splice(3, NULL, 5, NULL, 29009, 0 <unfinished ...>
[pid  5872] <... futex resumed>)        = 0
[  142.546081][ T5874] ==================================================================
[  142.554256][ T5874] BUG: KASAN: slab-out-of-bounds in skb_copy_and_csum_bits+0x433/0x9c0
[  142.562528][ T5874] Write of size 1144 at addr ffff88807703c324 by task syz-executor615/5874
[  142.571128][ T5874] 
[  142.573466][ T5874] CPU: 1 UID: 0 PID: 5874 Comm: syz-executor615 Not tainted 6.12.0-rc5-next-20241031-syzkaller #0
[  142.584061][ T5874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  142.594139][ T5874] Call Trace:
[  142.597458][ T5874]  <TASK>
[  142.600445][ T5874]  dump_stack_lvl+0x241/0x360
[  142.605149][ T5874]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.610366][ T5874]  ? __pfx__printk+0x10/0x10
[  142.614974][ T5874]  ? _printk+0xd5/0x120
[  142.619153][ T5874]  ? __virt_addr_valid+0x183/0x530
[  142.624275][ T5874]  ? __virt_addr_valid+0x183/0x530
[  142.629481][ T5874]  print_report+0x169/0x550
[  142.633994][ T5874]  ? __virt_addr_valid+0x183/0x530
[  142.639119][ T5874]  ? __virt_addr_valid+0x183/0x530
[  142.644236][ T5874]  ? __virt_addr_valid+0x45f/0x530
[  142.649378][ T5874]  ? __phys_addr+0xba/0x170
[  142.653902][ T5874]  ? skb_copy_and_csum_bits+0x433/0x9c0
[  142.659457][ T5874]  kasan_report+0x143/0x180
[  142.663965][ T5874]  ? skb_copy_and_csum_bits+0x433/0x9c0
[  142.669517][ T5874]  kasan_check_range+0x282/0x290
[  142.674460][ T5874]  ? skb_copy_and_csum_bits+0x433/0x9c0
[  142.680013][ T5874]  __asan_memcpy+0x40/0x70
[  142.684440][ T5874]  skb_copy_and_csum_bits+0x433/0x9c0
[  142.689821][ T5874]  __ip_append_data+0x2fc1/0x40f0
[  142.694874][ T5874]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  142.700437][ T5874]  ? __pfx___ip_append_data+0x10/0x10
[  142.705841][ T5874]  ? lockdep_hardirqs_on+0x99/0x150
[  142.711062][ T5874]  ip_append_data+0x14c/0x190
[  142.715749][ T5874]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  142.721305][ T5874]  udp_sendmsg+0x52c/0x2a50
[  142.725820][ T5874]  ? validate_chain+0x11e/0x5920
[  142.730777][ T5874]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  142.736335][ T5874]  ? __pfx_udp_sendmsg+0x10/0x10
[  142.741292][ T5874]  ? __mutex_trylock_common+0x183/0x2e0
[  142.746869][ T5874]  ? __pfx_aa_sk_perm+0x10/0x10
[  142.751746][ T5874]  ? sock_rps_record_flow+0x1a/0x400
[  142.757043][ T5874]  ? inet_sendmsg+0x2ba/0x390
[  142.761733][ T5874]  __sock_sendmsg+0x1a6/0x270
[  142.766437][ T5874]  sock_sendmsg+0x134/0x200
[  142.770944][ T5874]  ? __pfx_sock_sendmsg+0x10/0x10
[  142.776006][ T5874]  ? iov_iter_bvec+0x4e/0x180
[  142.780695][ T5874]  splice_to_socket+0xa10/0x10b0
[  142.785818][ T5874]  ? __pfx_lock_release+0x10/0x10
[  142.790870][ T5874]  ? __pfx_splice_to_socket+0x10/0x10
[  142.796265][ T5874]  ? __lock_acquire+0x1397/0x2100
[  142.801324][ T5874]  ? bpf_lsm_file_permission+0x9/0x10
[  142.806737][ T5874]  ? security_file_permission+0x74/0x280
[  142.812407][ T5874]  ? rw_verify_area+0x1c3/0x6f0
[  142.817279][ T5874]  ? __pfx_splice_to_socket+0x10/0x10
[  142.822773][ T5874]  do_splice+0xd68/0x18e0
[  142.827144][ T5874]  ? __pfx_lock_release+0x10/0x10
[  142.832204][ T5874]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  142.838224][ T5874]  ? pipe_clear_nowait+0x196/0x220
[  142.843346][ T5874]  ? __pfx_do_splice+0x10/0x10
[  142.848132][ T5874]  ? __fget_files+0x2a/0x410
[  142.852737][ T5874]  __se_sys_splice+0x331/0x4a0
[  142.857524][ T5874]  ? __pfx_ptrace_notify+0x10/0x10
[  142.862662][ T5874]  ? __pfx___se_sys_splice+0x10/0x10
[  142.867980][ T5874]  ? do_syscall_64+0x100/0x230
[  142.872765][ T5874]  ? __x64_sys_splice+0x21/0xf0
[  142.877635][ T5874]  do_syscall_64+0xf3/0x230
[  142.882242][ T5874]  ? clear_bhb_loop+0x35/0x90
[  142.886926][ T5874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.892937][ T5874] RIP: 0033:0x7f1ac2a135e9
[  142.897363][ T5874] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  142.916999][ T5874] RSP: 002b:00007f1ac29ac218 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  142.925433][ T5874] RAX: ffffffffffffffda RBX: 00007f1ac2a9d418 RCX: 00007f1ac2a135e9
[  142.933414][ T5874] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[  142.941398][ T5874] RBP: 00007f1ac2a9d410 R08: 0000000000007151 R09: 0000000000000000
[  142.949385][ T5874] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1ac2a9d41c
[  142.957367][ T5874] R13: 00007f1ac2a6a44c R14: 00000000fffffecc R15: 00007ffc234fced8
[  142.965353][ T5874]  </TASK>
[  142.968377][ T5874] 
[  142.970726][ T5874] Allocated by task 5874:
[  142.975084][ T5874]  kasan_save_track+0x3f/0x80
[  142.979801][ T5874]  __kasan_slab_alloc+0x66/0x80
[  142.984692][ T5874]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  142.990610][ T5874]  kmalloc_reserve+0xa8/0x2a0
[  142.995303][ T5874]  __alloc_skb+0x1f3/0x440
[  142.999733][ T5874]  __ip_append_data+0x2da7/0x40f0
[  143.004764][ T5874]  ip_append_data+0x14c/0x190
[  143.009450][ T5874]  udp_sendmsg+0x52c/0x2a50
[  143.013963][ T5874]  __sock_sendmsg+0x1a6/0x270
[  143.018643][ T5874]  sock_sendmsg+0x134/0x200
[  143.023149][ T5874]  splice_to_socket+0xa10/0x10b0
[  143.028101][ T5874]  do_splice+0xd68/0x18e0
[  143.032442][ T5874]  __se_sys_splice+0x331/0x4a0
[  143.037223][ T5874]  do_syscall_64+0xf3/0x230
[  143.041748][ T5874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.047655][ T5874] 
[  143.049981][ T5874] The buggy address belongs to the object at ffff88807703c300
[  143.049981][ T5874]  which belongs to the cache skbuff_small_head of size 640
[  143.064557][ T5874] The buggy address is located 36 bytes inside of
[  143.064557][ T5874]  allocated 640-byte region [ffff88807703c300, ffff88807703c580)
[  143.078639][ T5874] 
[  143.080975][ T5874] The buggy address belongs to the physical page:
[  143.087400][ T5874] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7703c
[  143.096178][ T5874] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  143.104684][ T5874] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  143.112244][ T5874] page_type: f5(slab)
[  143.116233][ T5874] raw: 00fff00000000040 ffff88801ea8ea00 dead000000000122 0000000000000000
[  143.124819][ T5874] raw: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000
[  143.133407][ T5874] head: 00fff00000000040 ffff88801ea8ea00 dead000000000122 0000000000000000
[  143.142167][ T5874] head: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000
[  143.150863][ T5874] head: 00fff00000000002 ffffea0001dc0f01 ffffffffffffffff 0000000000000000
[  143.159546][ T5874] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[  143.168217][ T5874] page dumped because: kasan: bad access detected
[  143.174646][ T5874] page_owner tracks the page as allocated
[  143.180359][ T5874] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5874, tgid 5872 (syz-executor615), ts 142545840878, free_ts 134222079251
[  143.202161][ T5874]  post_alloc_hook+0x1f3/0x230
[  143.206937][ T5874]  get_page_from_freelist+0x3725/0x3870
[  143.212497][ T5874]  __alloc_pages_noprof+0x292/0x710
[  143.217708][ T5874]  alloc_pages_mpol_noprof+0x3e8/0x680
[  143.223170][ T5874]  alloc_slab_page+0x6a/0x140
[  143.227857][ T5874]  allocate_slab+0x5a/0x2f0
[  143.232374][ T5874]  ___slab_alloc+0xcd1/0x14b0
[  143.237062][ T5874]  __slab_alloc+0x58/0xa0
[  143.241400][ T5874]  kmem_cache_alloc_node_noprof+0x269/0x380
[  143.247303][ T5874]  kmalloc_reserve+0xa8/0x2a0
[  143.251992][ T5874]  __alloc_skb+0x1f3/0x440
[  143.256415][ T5874]  __ip_append_data+0x2da7/0x40f0
[  143.261448][ T5874]  ip_append_data+0x14c/0x190
[  143.266131][ T5874]  udp_sendmsg+0x52c/0x2a50
[  143.270639][ T5874]  __sock_sendmsg+0x1a6/0x270
[  143.275319][ T5874]  sock_sendmsg+0x134/0x200
[  143.279824][ T5874] page last free pid 5859 tgid 5859 stack trace:
[  143.286150][ T5874]  free_unref_page+0xcfb/0xf20
[  143.290928][ T5874]  __folio_put+0x2c7/0x440
[  143.295350][ T5874]  pipe_read+0x6ed/0x13e0
[  143.299686][ T5874]  vfs_read+0x991/0xb70
[  143.303854][ T5874]  ksys_read+0x183/0x2b0
[  143.308107][ T5874]  do_syscall_64+0xf3/0x230
[  143.312635][ T5874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.318546][ T5874] 
[  143.320875][ T5874] Memory state around the buggy address:
[  143.326527][ T5874]  ffff88807703c480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  143.334598][ T5874]  ffff88807703c500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pid  5872] futex(0x7f1ac2a9d41c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[  143.342668][ T5874] >ffff88807703c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  143.350736][ T5874]                    ^
[  143.354891][ T5874]  ffff88807703c600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  143.362974][ T5874]  ffff88807703c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  143.371054][ T5874] ==================================================================
[  143.379328][ T5874] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  143.386559][ T5874] CPU: 1 UID: 0 PID: 5874 Comm: syz-executor615 Not tainted 6.12.0-rc5-next-20241031-syzkaller #0
[  143.397179][ T5874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  143.407269][ T5874] Call Trace:
[  143.410559][ T5874]  <TASK>
[  143.413498][ T5874]  dump_stack_lvl+0x241/0x360
[  143.418203][ T5874]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.423435][ T5874]  ? __pfx__printk+0x10/0x10
[  143.428106][ T5874]  ? vscnprintf+0x5d/0x90
[  143.432459][ T5874]  panic+0x349/0x880
[  143.436378][ T5874]  ? check_panic_on_warn+0x21/0xb0
[  143.441517][ T5874]  ? __pfx_panic+0x10/0x10
[  143.445967][ T5874]  ? mark_lock+0x9a/0x360
[  143.450318][ T5874]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  143.456241][ T5874]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  143.462173][ T5874]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  143.468543][ T5874]  ? print_report+0x502/0x550
[  143.473257][ T5874]  check_panic_on_warn+0x86/0xb0
[  143.478221][ T5874]  ? skb_copy_and_csum_bits+0x433/0x9c0
[  143.483794][ T5874]  end_report+0x77/0x160
[  143.488054][ T5874]  kasan_report+0x154/0x180
[  143.492591][ T5874]  ? skb_copy_and_csum_bits+0x433/0x9c0
[  143.498251][ T5874]  kasan_check_range+0x282/0x290
[  143.503202][ T5874]  ? skb_copy_and_csum_bits+0x433/0x9c0
[  143.508771][ T5874]  __asan_memcpy+0x40/0x70
[  143.513202][ T5874]  skb_copy_and_csum_bits+0x433/0x9c0
[  143.518587][ T5874]  __ip_append_data+0x2fc1/0x40f0
[  143.523634][ T5874]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  143.529195][ T5874]  ? __pfx___ip_append_data+0x10/0x10
[  143.534582][ T5874]  ? lockdep_hardirqs_on+0x99/0x150
[  143.539799][ T5874]  ip_append_data+0x14c/0x190
[  143.544489][ T5874]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  143.550073][ T5874]  udp_sendmsg+0x52c/0x2a50
[  143.554618][ T5874]  ? validate_chain+0x11e/0x5920
[  143.559595][ T5874]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  143.565167][ T5874]  ? __pfx_udp_sendmsg+0x10/0x10
[  143.570131][ T5874]  ? __mutex_trylock_common+0x183/0x2e0
[  143.575689][ T5874]  ? __pfx_aa_sk_perm+0x10/0x10
[  143.580553][ T5874]  ? sock_rps_record_flow+0x1a/0x400
[  143.585859][ T5874]  ? inet_sendmsg+0x2ba/0x390
[  143.590573][ T5874]  __sock_sendmsg+0x1a6/0x270
[  143.595260][ T5874]  sock_sendmsg+0x134/0x200
[  143.599771][ T5874]  ? __pfx_sock_sendmsg+0x10/0x10
[  143.604808][ T5874]  ? iov_iter_bvec+0x4e/0x180
[  143.609502][ T5874]  splice_to_socket+0xa10/0x10b0
[  143.614467][ T5874]  ? __pfx_lock_release+0x10/0x10
[  143.619541][ T5874]  ? __pfx_splice_to_socket+0x10/0x10
[  143.624952][ T5874]  ? __lock_acquire+0x1397/0x2100
[  143.630017][ T5874]  ? bpf_lsm_file_permission+0x9/0x10
[  143.635421][ T5874]  ? security_file_permission+0x74/0x280
[  143.641099][ T5874]  ? rw_verify_area+0x1c3/0x6f0
[  143.645968][ T5874]  ? __pfx_splice_to_socket+0x10/0x10
[  143.651384][ T5874]  do_splice+0xd68/0x18e0
[  143.655763][ T5874]  ? __pfx_lock_release+0x10/0x10
[  143.660807][ T5874]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  143.666806][ T5874]  ? pipe_clear_nowait+0x196/0x220
[  143.671928][ T5874]  ? __pfx_do_splice+0x10/0x10
[  143.676708][ T5874]  ? __fget_files+0x2a/0x410
[  143.681310][ T5874]  __se_sys_splice+0x331/0x4a0
[  143.686091][ T5874]  ? __pfx_ptrace_notify+0x10/0x10
[  143.691216][ T5874]  ? __pfx___se_sys_splice+0x10/0x10
[  143.696522][ T5874]  ? do_syscall_64+0x100/0x230
[  143.701302][ T5874]  ? __x64_sys_splice+0x21/0xf0
[  143.706171][ T5874]  do_syscall_64+0xf3/0x230
[  143.710690][ T5874]  ? clear_bhb_loop+0x35/0x90
[  143.715372][ T5874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.721277][ T5874] RIP: 0033:0x7f1ac2a135e9
[  143.725701][ T5874] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  143.745315][ T5874] RSP: 002b:00007f1ac29ac218 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  143.753744][ T5874] RAX: ffffffffffffffda RBX: 00007f1ac2a9d418 RCX: 00007f1ac2a135e9
[  143.761751][ T5874] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[  143.769729][ T5874] RBP: 00007f1ac2a9d410 R08: 0000000000007151 R09: 0000000000000000
[  143.777705][ T5874] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1ac2a9d41c
[  143.785681][ T5874] R13: 00007f1ac2a6a44c R14: 00000000fffffecc R15: 00007ffc234fced8
[  143.793668][ T5874]  </TASK>
[  143.796953][ T5874] Kernel Offset: disabled
[  143.801409][ T5874] Rebooting in 86400 seconds..