DUID 00:04:ac:03:58:10:d0:76:5c:28:30:a7:8a:8b:4a:a3:06:e2
forked to background, child pid 3143
[ 28.915159][ T3144] 8021q: adding VLAN 0 to HW filter on device bond0
[ 28.934087][ T3144] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.110' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 50.499232][ T3559] ==================================================================
[ 50.507346][ T3559] BUG: KASAN: slab-out-of-bounds in sk_psock_get+0x123/0x410
[ 50.514705][ T3559] Read of size 4 at addr ffff88801c6d02b8 by task syz-executor104/3559
[ 50.522939][ T3559]
[ 50.525252][ T3559] CPU: 1 PID: 3559 Comm: syz-executor104 Not tainted 5.17.0-next-20220401-syzkaller #0
[ 50.534858][ T3559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 50.545007][ T3559] Call Trace:
[ 50.548276][ T3559]
[ 50.551310][ T3559] dump_stack_lvl+0xcd/0x134
[ 50.555889][ T3559] print_address_description.constprop.0.cold+0xeb/0x495
[ 50.562912][ T3559] ? sk_psock_get+0x123/0x410
[ 50.567586][ T3559] kasan_report.cold+0xf4/0x1c6
[ 50.572441][ T3559] ? sk_psock_get+0x123/0x410
[ 50.577109][ T3559] kasan_check_range+0x13d/0x180
[ 50.582041][ T3559] sk_psock_get+0x123/0x410
[ 50.586535][ T3559] ? padding_length.part.0+0x270/0x270
[ 50.591985][ T3559] ? aa_profile_af_perm+0x2e0/0x2e0
[ 50.597176][ T3559] ? is_bpf_text_address+0x99/0x170
[ 50.602379][ T3559] tls_sw_recvmsg+0x195/0x15a0
[ 50.607153][ T3559] ? decrypt_skb+0xc0/0xc0
[ 50.611585][ T3559] ? aa_sk_perm+0x30f/0xaa0
[ 50.616107][ T3559] inet6_recvmsg+0x11b/0x5e0
[ 50.620702][ T3559] ? inet6_sk_rebuild_header+0xce0/0xce0
[ 50.626332][ T3559] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.632575][ T3559] ? security_socket_recvmsg+0x8f/0xc0
[ 50.638042][ T3559] ? inet6_sk_rebuild_header+0xce0/0xce0
[ 50.643682][ T3559] ____sys_recvmsg+0x2be/0x5f0
[ 50.648516][ T3559] ? __sock_recv_ts_and_drops+0x5c0/0x5c0
[ 50.654242][ T3559] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.660494][ T3559] ? __import_iovec+0x1f7/0x5d0
[ 50.665355][ T3559] ? import_iovec+0x83/0xb0
[ 50.669856][ T3559] ___sys_recvmsg+0x127/0x200
[ 50.674528][ T3559] ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 50.680160][ T3559] ? lock_chain_count+0x20/0x20
[ 50.685014][ T3559] ? find_held_lock+0x2d/0x110
[ 50.689777][ T3559] ? find_held_lock+0x2d/0x110
[ 50.694537][ T3559] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.700780][ T3559] ? __fget_light+0x20f/0x270
[ 50.705474][ T3559] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 50.711719][ T3559] do_recvmmsg+0x24d/0x6d0
[ 50.716140][ T3559] ? ___sys_recvmsg+0x200/0x200
[ 50.720988][ T3559] ? find_held_lock+0x2d/0x110
[ 50.725749][ T3559] ? __context_tracking_exit+0xb9/0xe0
[ 50.731217][ T3559] __x64_sys_recvmmsg+0x20b/0x260
[ 50.736253][ T3559] ? __do_sys_socketcall+0x590/0x590
[ 50.741531][ T3559] ? syscall_enter_from_user_mode+0x21/0x70
[ 50.747437][ T3559] do_syscall_64+0x35/0x80
[ 50.751862][ T3559] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 50.757771][ T3559] RIP: 0033:0x7fc1ae78a6a9
[ 50.762181][ T3559] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 50.781783][ T3559] RSP: 002b:00007fff71c678e8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 50.790194][ T3559] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc1ae78a6a9
[ 50.798293][ T3559] RDX: 000000000000000a RSI: 00000000200030c0 RDI: 0000000000000005
[ 50.806255][ T3559] RBP: 00007fc1ae74e690 R08: 0000000000000000 R09: 0000000000000000
[ 50.814214][ T3559] R10: 0000000000010000 R11: 0000000000000246 R12: 00007fc1ae74e720
[ 50.822186][ T3559] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 50.830163][ T3559]
[ 50.833182][ T3559]
[ 50.835496][ T3559] Allocated by task 3559:
[ 50.839810][ T3559] kasan_save_stack+0x1e/0x40
[ 50.844483][ T3559] __kasan_slab_alloc+0x90/0xc0
[ 50.849326][ T3559] kmem_cache_alloc+0x204/0x3b0
[ 50.854178][ T3559] kcm_ioctl+0x7f1/0x1180
[ 50.858501][ T3559] sock_do_ioctl+0xcc/0x230
[ 50.862999][ T3559] sock_ioctl+0x2f1/0x640
[ 50.867325][ T3559] __x64_sys_ioctl+0x193/0x200
[ 50.872088][ T3559] do_syscall_64+0x35/0x80
[ 50.876496][ T3559] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 50.882389][ T3559]
[ 50.884694][ T3559] Last potentially related work creation:
[ 50.890389][ T3559] kasan_save_stack+0x1e/0x40
[ 50.895054][ T3559] __kasan_record_aux_stack+0xbe/0xd0
[ 50.900417][ T3559] insert_work+0x48/0x350
[ 50.904734][ T3559] __queue_work+0x62e/0x1140
[ 50.909311][ T3559] queue_work_on+0xee/0x110
[ 50.913807][ T3559] kcm_ioctl+0xede/0x1180
[ 50.918124][ T3559] sock_do_ioctl+0xcc/0x230
[ 50.922625][ T3559] sock_ioctl+0x2f1/0x640
[ 50.926963][ T3559] __x64_sys_ioctl+0x193/0x200
[ 50.931749][ T3559] do_syscall_64+0x35/0x80
[ 50.936157][ T3559] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 50.942053][ T3559]
[ 50.944376][ T3559] The buggy address belongs to the object at ffff88801c6d0000
[ 50.944376][ T3559] which belongs to the cache kcm_psock_cache of size 568
[ 50.958775][ T3559] The buggy address is located 128 bytes to the right of
[ 50.958775][ T3559] 568-byte region [ffff88801c6d0000, ffff88801c6d0238)
[ 50.972573][ T3559]
[ 50.974890][ T3559] The buggy address belongs to the physical page:
[ 50.981283][ T3559] page:ffffea000071b400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c6d0
[ 50.991427][ T3559] head:ffffea000071b400 order:2 compound_mapcount:0 compound_pincount:0
[ 50.999754][ T3559] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 51.007738][ T3559] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888022f8a640
[ 51.016326][ T3559] raw: 0000000000000000 0000000080170017 00000001ffffffff 0000000000000000
[ 51.024898][ T3559] page dumped because: kasan: bad access detected
[ 51.031427][ T3559] page_owner tracks the page as allocated
[ 51.037132][ T3559] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3559, tgid 3559 (syz-executor104), ts 50498933954, free_ts 42635232987
[ 51.058752][ T3559] get_page_from_freelist+0xba2/0x3de0
[ 51.064231][ T3559] __alloc_pages+0x1b2/0x500
[ 51.068816][ T3559] alloc_pages+0x1aa/0x310
[ 51.073223][ T3559] allocate_slab+0x26c/0x3c0
[ 51.077811][ T3559] ___slab_alloc+0x8df/0xf20
[ 51.082404][ T3559] __slab_alloc.constprop.0+0x4d/0xa0
[ 51.087776][ T3559] kmem_cache_alloc+0x360/0x3b0
[ 51.092641][ T3559] kcm_ioctl+0x7f1/0x1180
[ 51.096958][ T3559] sock_do_ioctl+0xcc/0x230
[ 51.101463][ T3559] sock_ioctl+0x2f1/0x640
[ 51.105790][ T3559] __x64_sys_ioctl+0x193/0x200
[ 51.110550][ T3559] do_syscall_64+0x35/0x80
[ 51.114959][ T3559] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 51.120853][ T3559] page last free stack trace:
[ 51.125507][ T3559] free_pcp_prepare+0x549/0xd20
[ 51.130349][ T3559] free_unref_page+0x19/0x690
[ 51.135016][ T3559] qlist_free_all+0x6a/0x170
[ 51.139600][ T3559] kasan_quarantine_reduce+0x180/0x200
[ 51.145051][ T3559] __kasan_slab_alloc+0xa2/0xc0
[ 51.149903][ T3559] kmem_cache_alloc_trace+0x26d/0x3f0
[ 51.155271][ T3559] tomoyo_init_log+0x18a/0x1ed0
[ 51.160111][ T3559] tomoyo_supervisor+0x34d/0xf00
[ 51.165040][ T3559] tomoyo_path_permission+0x270/0x3a0
[ 51.170404][ T3559] tomoyo_path_perm+0x2f0/0x400
[ 51.175249][ T3559] security_inode_getattr+0xcf/0x140
[ 51.180528][ T3559] vfs_statx+0x16a/0x390
[ 51.184765][ T3559] vfs_fstatat+0x8c/0xb0
[ 51.189024][ T3559] __do_sys_newfstatat+0x91/0x110
[ 51.194068][ T3559] do_syscall_64+0x35/0x80
[ 51.198478][ T3559] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 51.204373][ T3559]
[ 51.206682][ T3559] Memory state around the buggy address:
[ 51.212316][ T3559] ffff88801c6d0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 51.220473][ T3559] ffff88801c6d0200: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[ 51.228610][ T3559] >ffff88801c6d0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 51.236655][ T3559] ^
[ 51.242532][ T3559] ffff88801c6d0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 51.250579][ T3559] ffff88801c6d0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 51.258622][ T3559] ==================================================================
[ 51.267642][ T3559] Kernel panic - not syncing: panic_on_warn set ...
[ 51.274246][ T3559] CPU: 0 PID: 3559 Comm: syz-executor104 Not tainted 5.17.0-next-20220401-syzkaller #0
[ 51.283889][ T3559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 51.293932][ T3559] Call Trace:
[ 51.297251][ T3559]
[ 51.300165][ T3559] dump_stack_lvl+0xcd/0x134
[ 51.304746][ T3559] panic+0x2d7/0x636
[ 51.308678][ T3559] ? panic_print_sys_info.part.0+0x10b/0x10b
[ 51.314650][ T3559] ? preempt_schedule_common+0x59/0xc0
[ 51.320100][ T3559] ? sk_psock_get+0x123/0x410
[ 51.324764][ T3559] ? preempt_schedule_thunk+0x16/0x18
[ 51.330139][ T3559] ? trace_hardirqs_on+0x38/0x1c0
[ 51.335147][ T3559] ? sk_psock_get+0x123/0x410
[ 51.339805][ T3559] end_report.part.0+0x3f/0x7c
[ 51.344560][ T3559] kasan_report.cold+0x93/0x1c6
[ 51.349401][ T3559] ? sk_psock_get+0x123/0x410
[ 51.354062][ T3559] kasan_check_range+0x13d/0x180
[ 51.358989][ T3559] sk_psock_get+0x123/0x410
[ 51.363473][ T3559] ? padding_length.part.0+0x270/0x270
[ 51.368918][ T3559] ? aa_profile_af_perm+0x2e0/0x2e0
[ 51.374100][ T3559] ? is_bpf_text_address+0x99/0x170
[ 51.379299][ T3559] tls_sw_recvmsg+0x195/0x15a0
[ 51.384057][ T3559] ? decrypt_skb+0xc0/0xc0
[ 51.388456][ T3559] ? aa_sk_perm+0x30f/0xaa0
[ 51.392946][ T3559] inet6_recvmsg+0x11b/0x5e0
[ 51.397521][ T3559] ? inet6_sk_rebuild_header+0xce0/0xce0
[ 51.403139][ T3559] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 51.409372][ T3559] ? security_socket_recvmsg+0x8f/0xc0
[ 51.415344][ T3559] ? inet6_sk_rebuild_header+0xce0/0xce0
[ 51.420964][ T3559] ____sys_recvmsg+0x2be/0x5f0
[ 51.425721][ T3559] ? __sock_recv_ts_and_drops+0x5c0/0x5c0
[ 51.431431][ T3559] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 51.437659][ T3559] ? __import_iovec+0x1f7/0x5d0
[ 51.442496][ T3559] ? import_iovec+0x83/0xb0
[ 51.446989][ T3559] ___sys_recvmsg+0x127/0x200
[ 51.451649][ T3559] ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 51.457282][ T3559] ? lock_chain_count+0x20/0x20
[ 51.462118][ T3559] ? find_held_lock+0x2d/0x110
[ 51.466874][ T3559] ? find_held_lock+0x2d/0x110
[ 51.471645][ T3559] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 51.477876][ T3559] ? __fget_light+0x20f/0x270
[ 51.482540][ T3559] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 51.488768][ T3559] do_recvmmsg+0x24d/0x6d0
[ 51.493169][ T3559] ? ___sys_recvmsg+0x200/0x200
[ 51.498004][ T3559] ? find_held_lock+0x2d/0x110
[ 51.502753][ T3559] ? __context_tracking_exit+0xb9/0xe0
[ 51.508209][ T3559] __x64_sys_recvmmsg+0x20b/0x260
[ 51.513218][ T3559] ? __do_sys_socketcall+0x590/0x590
[ 51.518486][ T3559] ? syscall_enter_from_user_mode+0x21/0x70
[ 51.524367][ T3559] do_syscall_64+0x35/0x80
[ 51.528770][ T3559] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 51.534657][ T3559] RIP: 0033:0x7fc1ae78a6a9
[ 51.539052][ T3559] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 51.558643][ T3559] RSP: 002b:00007fff71c678e8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 51.567038][ T3559] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc1ae78a6a9
[ 51.575339][ T3559] RDX: 000000000000000a RSI: 00000000200030c0 RDI: 0000000000000005
[ 51.583290][ T3559] RBP: 00007fc1ae74e690 R08: 0000000000000000 R09: 0000000000000000
[ 51.591245][ T3559] R10: 0000000000010000 R11: 0000000000000246 R12: 00007fc1ae74e720
[ 51.599199][ T3559] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 51.607158][ T3559]
[ 51.610341][ T3559] Kernel Offset: disabled
[ 51.614655][ T3559] Rebooting in 86400 seconds..