DUID 00:04:a1:84:1b:e0:48:24:35:f8:15:f9:55:b5:79:ea:e6:3e
forked to background, child pid 3173
[   21.167245][ T3174] 8021q: adding VLAN 0 to HW filter on device bond0
[   21.178366][ T3174] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   35.928769][ T3594] ==================================================================
[   35.936852][ T3594] BUG: KASAN: slab-out-of-bounds in sk_psock_get+0x150/0x470
[   35.944204][ T3594] Read of size 4 at addr ffff8880193b02b8 by task syz-executor272/3594
[   35.952415][ T3594] 
[   35.954754][ T3594] CPU: 0 PID: 3594 Comm: syz-executor272 Tainted: G        W         5.17.0-syzkaller-13430-g787af64d05cd #0
[   35.966270][ T3594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.976313][ T3594] Call Trace:
[   35.979577][ T3594]  <TASK>
[   35.982498][ T3594]  dump_stack_lvl+0x1dc/0x2d8
[   35.987172][ T3594]  ? show_regs_print_info+0x12/0x12
[   35.992351][ T3594]  ? _printk+0xcf/0x118
[   35.996507][ T3594]  ? wake_up_klogd+0xb2/0xf0
[   36.001204][ T3594]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[   36.006914][ T3594]  ? _printk+0xcf/0x118
[   36.011050][ T3594]  print_address_description+0x65/0x4b0
[   36.016582][ T3594]  print_report+0xf4/0x200
[   36.020982][ T3594]  ? sk_psock_get+0x150/0x470
[   36.025642][ T3594]  kasan_report+0x109/0x140
[   36.030131][ T3594]  ? sk_psock_get+0x150/0x470
[   36.034791][ T3594]  kasan_check_range+0x2b5/0x2f0
[   36.039712][ T3594]  sk_psock_get+0x150/0x470
[   36.044196][ T3594]  ? tls_sw_recvmsg+0x1f00/0x1f00
[   36.049205][ T3594]  tls_sw_recvmsg+0x1f5/0x1f00
[   36.053951][ T3594]  ? save_stack+0x123/0x200
[   36.058459][ T3594]  ? get_page_from_freelist+0x708/0xa80
[   36.063995][ T3594]  ? __alloc_pages+0x255/0x580
[   36.068739][ T3594]  ? alloc_pages_vma+0x968/0x1150
[   36.073756][ T3594]  ? decrypt_internal+0x24e0/0x24e0
[   36.078933][ T3594]  ? asm_exc_page_fault+0x1e/0x30
[   36.083940][ T3594]  ? strlcpy+0x75/0xb0
[   36.087990][ T3594]  ? memcpy+0x3c/0x60
[   36.091952][ T3594]  ? rcu_read_lock_sched_held+0x5f/0x130
[   36.097564][ T3594]  ? sock_rps_record_flow+0x12/0x370
[   36.102831][ T3594]  inet6_recvmsg+0x156/0x270
[   36.107466][ T3594]  ? inet6_sendmsg+0xc0/0xc0
[   36.112033][ T3594]  ? rcu_read_lock_sched_held+0x5f/0x130
[   36.117645][ T3594]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   36.123606][ T3594]  ? bpf_lsm_socket_recvmsg+0x5/0x10
[   36.128873][ T3594]  ? security_socket_recvmsg+0xb1/0xd0
[   36.134320][ T3594]  ? inet6_sendmsg+0xc0/0xc0
[   36.139066][ T3594]  ____sys_recvmsg+0x2b0/0x5e0
[   36.143815][ T3594]  ? memcpy+0x3c/0x60
[   36.147781][ T3594]  ? __sys_recvmsg_sock+0x40/0x40
[   36.152813][ T3594]  ? import_iovec+0x77/0xa0
[   36.157298][ T3594]  do_recvmmsg+0x6e4/0x1680
[   36.161789][ T3594]  ? __sys_recvmmsg+0x270/0x270
[   36.166622][ T3594]  ? handle_mm_fault+0x2eec/0x39e0
[   36.171716][ T3594]  ? rcu_read_lock_sched_held+0x5f/0x130
[   36.177329][ T3594]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   36.183288][ T3594]  ? rcu_read_lock_sched_held+0x5f/0x130
[   36.188901][ T3594]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   36.194877][ T3594]  ? rcu_read_lock_sched_held+0x5f/0x130
[   36.200530][ T3594]  ? __context_tracking_exit+0x7a/0xd0
[   36.205974][ T3594]  ? trace_lock_release+0x4f/0x150
[   36.211081][ T3594]  ? __context_tracking_exit+0x7a/0xd0
[   36.216528][ T3594]  ? lock_release+0x82/0x810
[   36.221115][ T3594]  ? up_read+0x20/0x20
[   36.225170][ T3594]  __x64_sys_recvmmsg+0x195/0x240
[   36.230176][ T3594]  ? vtime_user_exit+0x2b2/0x3e0
[   36.235098][ T3594]  ? do_recvmmsg+0x1680/0x1680
[   36.239843][ T3594]  ? syscall_enter_from_user_mode+0x2e/0x190
[   36.245817][ T3594]  do_syscall_64+0x2b/0x50
[   36.250217][ T3594]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   36.256210][ T3594] RIP: 0033:0x7f4a17e1c6a9
[   36.260623][ T3594] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   36.280320][ T3594] RSP: 002b:00007fffa33e2338 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   36.288724][ T3594] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4a17e1c6a9
[   36.296733][ T3594] RDX: 000000000000000a RSI: 00000000200030c0 RDI: 0000000000000005
[   36.304690][ T3594] RBP: 00007f4a17de0690 R08: 0000000000000000 R09: 0000000000000000
[   36.312642][ T3594] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f4a17de0720
[   36.320595][ T3594] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   36.328556][ T3594]  </TASK>
[   36.331560][ T3594] 
[   36.333862][ T3594] Allocated by task 3594:
[   36.338339][ T3594]  __kasan_slab_alloc+0xb2/0xe0
[   36.343173][ T3594]  kmem_cache_alloc+0x1c9/0x310
[   36.348005][ T3594]  kcm_ioctl+0xaeb/0x1920
[   36.352316][ T3594]  sock_do_ioctl+0x151/0x3b0
[   36.356888][ T3594]  sock_ioctl+0x4a8/0x7f0
[   36.361212][ T3594]  __se_sys_ioctl+0xfb/0x170
[   36.365784][ T3594]  do_syscall_64+0x2b/0x50
[   36.370181][ T3594]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   36.376065][ T3594] 
[   36.378371][ T3594] Last potentially related work creation:
[   36.384069][ T3594]  kasan_save_stack+0x3b/0x60
[   36.388754][ T3594]  __kasan_record_aux_stack+0xb2/0xc0
[   36.394294][ T3594]  insert_work+0x54/0x3e0
[   36.398611][ T3594]  __queue_work+0x97a/0xcc0
[   36.403093][ T3594]  queue_work_on+0x12b/0x220
[   36.407666][ T3594]  kcm_ioctl+0x14ae/0x1920
[   36.412067][ T3594]  sock_do_ioctl+0x151/0x3b0
[   36.416666][ T3594]  sock_ioctl+0x4a8/0x7f0
[   36.420975][ T3594]  __se_sys_ioctl+0xfb/0x170
[   36.425636][ T3594]  do_syscall_64+0x2b/0x50
[   36.430124][ T3594]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   36.436080][ T3594] 
[   36.438386][ T3594] The buggy address belongs to the object at ffff8880193b0000
[   36.438386][ T3594]  which belongs to the cache kcm_psock_cache of size 568
[   36.452763][ T3594] The buggy address is located 128 bytes to the right of
[   36.452763][ T3594]  568-byte region [ffff8880193b0000, ffff8880193b0238)
[   36.466536][ T3594] 
[   36.468838][ T3594] The buggy address belongs to the physical page:
[   36.475486][ T3594] page:ffffea000064ec00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x193b0
[   36.485612][ T3594] head:ffffea000064ec00 order:2 compound_mapcount:0 compound_pincount:0
[   36.493915][ T3594] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   36.501879][ T3594] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88814bfcd640
[   36.510439][ T3594] raw: 0000000000000000 0000000080170017 00000001ffffffff 0000000000000000
[   36.518994][ T3594] page dumped because: kasan: bad access detected
[   36.525378][ T3594] page_owner tracks the page as allocated
[   36.531074][ T3594] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3594, tgid 3594 (syz-executor272), ts 35928717197, free_ts 32953184143
[   36.552667][ T3594]  get_page_from_freelist+0x708/0xa80
[   36.558458][ T3594]  __alloc_pages+0x255/0x580
[   36.563041][ T3594]  alloc_slab_page+0x70/0xf0
[   36.567606][ T3594]  allocate_slab+0x5d/0x380
[   36.572091][ T3594]  ___slab_alloc+0x40e/0xcc0
[   36.576664][ T3594]  kmem_cache_alloc+0x276/0x310
[   36.581493][ T3594]  kcm_ioctl+0xaeb/0x1920
[   36.585803][ T3594]  sock_do_ioctl+0x151/0x3b0
[   36.590371][ T3594]  sock_ioctl+0x4a8/0x7f0
[   36.594697][ T3594]  __se_sys_ioctl+0xfb/0x170
[   36.599269][ T3594]  do_syscall_64+0x2b/0x50
[   36.603666][ T3594]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   36.609537][ T3594] page last free stack trace:
[   36.614185][ T3594]  free_pcp_prepare+0xcfc/0xe70
[   36.619012][ T3594]  free_unref_page+0x7d/0x580
[   36.623668][ T3594]  __unfreeze_partials+0x1ab/0x200
[   36.628765][ T3594]  put_cpu_partial+0x116/0x180
[   36.633511][ T3594]  ___cache_free+0x117/0x1c0
[   36.638079][ T3594]  kasan_quarantine_reduce+0x127/0x190
[   36.643517][ T3594]  __kasan_slab_alloc+0x2f/0xe0
[   36.648347][ T3594]  kmem_cache_alloc+0x1c9/0x310
[   36.653178][ T3594]  getname_flags+0xba/0x650
[   36.657672][ T3594]  __se_sys_newfstatat+0xd4/0x7a0
[   36.662677][ T3594]  do_syscall_64+0x2b/0x50
[   36.667095][ T3594]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   36.672969][ T3594] 
[   36.675271][ T3594] Memory state around the buggy address:
[   36.680878][ T3594]  ffff8880193b0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.688915][ T3594]  ffff8880193b0200: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   36.696957][ T3594] >ffff8880193b0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.704989][ T3594]                                         ^
[   36.710855][ T3594]  ffff8880193b0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.718986][ T3594]  ffff8880193b0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.727018][ T3594] ==================================================================
[   36.735405][ T3594] Kernel panic - not syncing: panic_on_warn set ...
[   36.741987][ T3594] CPU: 1 PID: 3594 Comm: syz-executor272 Tainted: G        W         5.17.0-syzkaller-13430-g787af64d05cd #0
[   36.753781][ T3594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.763817][ T3594] Call Trace:
[   36.767082][ T3594]  <TASK>
[   36.770009][ T3594]  dump_stack_lvl+0x1dc/0x2d8
[   36.774667][ T3594]  ? show_regs_print_info+0x12/0x12
[   36.779840][ T3594]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[   36.785536][ T3594]  ? preempt_schedule+0x16b/0x190
[   36.790534][ T3594]  ? vscnprintf+0x59/0x80
[   36.794838][ T3594]  panic+0x313/0x890
[   36.798708][ T3594]  ? trace_hardirqs_on+0x30/0x80
[   36.803639][ T3594]  ? nmi_panic+0x90/0x90
[   36.807859][ T3594]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   36.813816][ T3594]  ? print_report+0x1bc/0x200
[   36.818467][ T3594]  ? sk_psock_get+0x150/0x470
[   36.823115][ T3594]  end_report+0x91/0xa0
[   36.827244][ T3594]  kasan_report+0x114/0x140
[   36.831743][ T3594]  ? sk_psock_get+0x150/0x470
[   36.836395][ T3594]  kasan_check_range+0x2b5/0x2f0
[   36.841306][ T3594]  sk_psock_get+0x150/0x470
[   36.845784][ T3594]  ? tls_sw_recvmsg+0x1f00/0x1f00
[   36.850797][ T3594]  tls_sw_recvmsg+0x1f5/0x1f00
[   36.855537][ T3594]  ? save_stack+0x123/0x200
[   36.860017][ T3594]  ? get_page_from_freelist+0x708/0xa80
[   36.865535][ T3594]  ? __alloc_pages+0x255/0x580
[   36.870270][ T3594]  ? alloc_pages_vma+0x968/0x1150
[   36.875282][ T3594]  ? decrypt_internal+0x24e0/0x24e0
[   36.880452][ T3594]  ? asm_exc_page_fault+0x1e/0x30
[   36.885451][ T3594]  ? strlcpy+0x75/0xb0
[   36.889501][ T3594]  ? memcpy+0x3c/0x60
[   36.893457][ T3594]  ? rcu_read_lock_sched_held+0x5f/0x130
[   36.899064][ T3594]  ? sock_rps_record_flow+0x12/0x370
[   36.904326][ T3594]  inet6_recvmsg+0x156/0x270
[   36.908904][ T3594]  ? inet6_sendmsg+0xc0/0xc0
[   36.913466][ T3594]  ? rcu_read_lock_sched_held+0x5f/0x130
[   36.919161][ T3594]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   36.925134][ T3594]  ? bpf_lsm_socket_recvmsg+0x5/0x10
[   36.930392][ T3594]  ? security_socket_recvmsg+0xb1/0xd0
[   36.935825][ T3594]  ? inet6_sendmsg+0xc0/0xc0
[   36.940405][ T3594]  ____sys_recvmsg+0x2b0/0x5e0
[   36.945151][ T3594]  ? memcpy+0x3c/0x60
[   36.949118][ T3594]  ? __sys_recvmsg_sock+0x40/0x40
[   36.954564][ T3594]  ? import_iovec+0x77/0xa0
[   36.959045][ T3594]  do_recvmmsg+0x6e4/0x1680
[   36.963532][ T3594]  ? __sys_recvmmsg+0x270/0x270
[   36.968360][ T3594]  ? handle_mm_fault+0x2eec/0x39e0
[   36.973448][ T3594]  ? rcu_read_lock_sched_held+0x5f/0x130
[   36.979058][ T3594]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   36.985017][ T3594]  ? rcu_read_lock_sched_held+0x5f/0x130
[   36.990624][ T3594]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   36.996580][ T3594]  ? rcu_read_lock_sched_held+0x5f/0x130
[   37.002190][ T3594]  ? __context_tracking_exit+0x7a/0xd0
[   37.007626][ T3594]  ? trace_lock_release+0x4f/0x150
[   37.012713][ T3594]  ? __context_tracking_exit+0x7a/0xd0
[   37.018146][ T3594]  ? lock_release+0x82/0x810
[   37.022731][ T3594]  ? up_read+0x20/0x20
[   37.026780][ T3594]  __x64_sys_recvmmsg+0x195/0x240
[   37.031785][ T3594]  ? vtime_user_exit+0x2b2/0x3e0
[   37.036699][ T3594]  ? do_recvmmsg+0x1680/0x1680
[   37.041438][ T3594]  ? syscall_enter_from_user_mode+0x2e/0x190
[   37.047407][ T3594]  do_syscall_64+0x2b/0x50
[   37.051808][ T3594]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   37.057851][ T3594] RIP: 0033:0x7f4a17e1c6a9
[   37.062243][ T3594] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   37.081825][ T3594] RSP: 002b:00007fffa33e2338 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   37.090223][ T3594] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4a17e1c6a9
[   37.098184][ T3594] RDX: 000000000000000a RSI: 00000000200030c0 RDI: 0000000000000005
[   37.106138][ T3594] RBP: 00007f4a17de0690 R08: 0000000000000000 R09: 0000000000000000
[   37.114108][ T3594] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f4a17de0720
[   37.122060][ T3594] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   37.130014][ T3594]  </TASK>
[   37.133248][ T3594] Kernel Offset: disabled
[   37.137667][ T3594] Rebooting in 86400 seconds..