forked to background, child pid 3174
no interfaces have a carrier
[   21.158147][ T3175] 8021q: adding VLAN 0 to HW filter on device bond0
[   21.168984][ T3175] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.42' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   58.360417][ T3589] ==================================================================
[   58.368627][ T3589] BUG: KASAN: slab-out-of-bounds in sk_psock_get+0x123/0x410
[   58.375991][ T3589] Read of size 4 at addr ffff88807907c2b8 by task syz-executor796/3589
[   58.384201][ T3589] 
[   58.386501][ T3589] CPU: 1 PID: 3589 Comm: syz-executor796 Not tainted 5.17.0-rc6-syzkaller-00251-gdcde98da9970 #0
[   58.396972][ T3589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.407018][ T3589] Call Trace:
[   58.410279][ T3589]  <TASK>
[   58.413191][ T3589]  dump_stack_lvl+0xcd/0x134
[   58.417778][ T3589]  print_address_description.constprop.0.cold+0x8d/0x336
[   58.424792][ T3589]  ? sk_psock_get+0x123/0x410
[   58.429450][ T3589]  ? sk_psock_get+0x123/0x410
[   58.434111][ T3589]  kasan_report.cold+0x83/0xdf
[   58.438864][ T3589]  ? sk_psock_get+0x123/0x410
[   58.443529][ T3589]  kasan_check_range+0x13d/0x180
[   58.448451][ T3589]  sk_psock_get+0x123/0x410
[   58.452941][ T3589]  ? padding_length.part.0+0x270/0x270
[   58.458387][ T3589]  ? kernel_text_address+0x39/0x80
[   58.463486][ T3589]  ? aa_profile_af_perm+0x2e0/0x2e0
[   58.469190][ T3589]  ? unwind_get_return_address+0x51/0x90
[   58.474809][ T3589]  ? create_prof_cpu_mask+0x20/0x20
[   58.479999][ T3589]  tls_sw_recvmsg+0x195/0x15a0
[   58.484766][ T3589]  ? decrypt_skb+0xc0/0xc0
[   58.489174][ T3589]  ? aa_sk_perm+0x30f/0xaa0
[   58.493668][ T3589]  inet6_recvmsg+0x11b/0x5e0
[   58.498244][ T3589]  ? inet6_sk_rebuild_header+0xd00/0xd00
[   58.504037][ T3589]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   58.510267][ T3589]  ? security_socket_recvmsg+0x8f/0xc0
[   58.515711][ T3589]  ? inet6_sk_rebuild_header+0xd00/0xd00
[   58.521334][ T3589]  ____sys_recvmsg+0x2c4/0x600
[   58.526091][ T3589]  ? kernel_recvmsg+0x160/0x160
[   58.530929][ T3589]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   58.537158][ T3589]  ? __import_iovec+0x293/0x590
[   58.541994][ T3589]  ? __lock_acquire+0x1666/0x56c0
[   58.547009][ T3589]  ? import_iovec+0x10c/0x150
[   58.551670][ T3589]  ___sys_recvmsg+0x127/0x200
[   58.556330][ T3589]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[   58.561949][ T3589]  ? lock_chain_count+0x20/0x20
[   58.566881][ T3589]  ? find_held_lock+0x2d/0x110
[   58.571639][ T3589]  ? __lock_acquire+0x1666/0x56c0
[   58.576738][ T3589]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   58.582963][ T3589]  ? __fget_light+0x215/0x280
[   58.587625][ T3589]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   58.593946][ T3589]  do_recvmmsg+0x24d/0x6d0
[   58.598354][ T3589]  ? ___sys_recvmsg+0x200/0x200
[   58.603202][ T3589]  ? find_held_lock+0x2d/0x110
[   58.607958][ T3589]  ? __context_tracking_exit+0xb9/0xe0
[   58.613416][ T3589]  __x64_sys_recvmmsg+0x20b/0x260
[   58.618513][ T3589]  ? __do_sys_socketcall+0x590/0x590
[   58.624219][ T3589]  ? syscall_enter_from_user_mode+0x21/0x70
[   58.630111][ T3589]  do_syscall_64+0x35/0xb0
[   58.634665][ T3589]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   58.640654][ T3589] RIP: 0033:0x7f4682cb46a9
[   58.645056][ T3589] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   58.664743][ T3589] RSP: 002b:00007ffc342ae008 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   58.673147][ T3589] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4682cb46a9
[   58.681212][ T3589] RDX: 000000000000000a RSI: 00000000200030c0 RDI: 0000000000000005
[   58.689171][ T3589] RBP: 00007f4682c78690 R08: 0000000000000000 R09: 0000000000000000
[   58.697296][ T3589] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f4682c78720
[   58.705249][ T3589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   58.713216][ T3589]  </TASK>
[   58.716233][ T3589] 
[   58.718538][ T3589] Allocated by task 3589:
[   58.722841][ T3589]  kasan_save_stack+0x1e/0x40
[   58.727525][ T3589]  __kasan_slab_alloc+0x90/0xc0
[   58.732365][ T3589]  kmem_cache_alloc+0x271/0x4b0
[   58.737198][ T3589]  kcm_ioctl+0x7f1/0x1180
[   58.741513][ T3589]  sock_do_ioctl+0xcc/0x230
[   58.745999][ T3589]  sock_ioctl+0x2f1/0x640
[   58.750309][ T3589]  __x64_sys_ioctl+0x193/0x200
[   58.755056][ T3589]  do_syscall_64+0x35/0xb0
[   58.759454][ T3589]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   58.765331][ T3589] 
[   58.767633][ T3589] Last potentially related work creation:
[   58.773323][ T3589]  kasan_save_stack+0x1e/0x40
[   58.777985][ T3589]  __kasan_record_aux_stack+0xbe/0xd0
[   58.783338][ T3589]  insert_work+0x48/0x370
[   58.787671][ T3589]  __queue_work+0x5ca/0xf30
[   58.792163][ T3589]  queue_work_on+0xee/0x110
[   58.796645][ T3589]  kcm_ioctl+0xede/0x1180
[   58.800955][ T3589]  sock_do_ioctl+0xcc/0x230
[   58.805532][ T3589]  sock_ioctl+0x2f1/0x640
[   58.809844][ T3589]  __x64_sys_ioctl+0x193/0x200
[   58.814697][ T3589]  do_syscall_64+0x35/0xb0
[   58.819095][ T3589]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   58.824970][ T3589] 
[   58.827270][ T3589] The buggy address belongs to the object at ffff88807907c000
[   58.827270][ T3589]  which belongs to the cache kcm_psock_cache of size 568
[   58.842044][ T3589] The buggy address is located 128 bytes to the right of
[   58.842044][ T3589]  568-byte region [ffff88807907c000, ffff88807907c238)
[   58.855847][ T3589] The buggy address belongs to the page:
[   58.861465][ T3589] page:ffffea0001e41f00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7907c
[   58.871598][ T3589] head:ffffea0001e41f00 order:2 compound_mapcount:0 compound_pincount:0
[   58.879987][ T3589] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   58.887955][ T3589] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff8880225aedc0
[   58.896521][ T3589] raw: 0000000000000000 0000000080170017 00000001ffffffff 0000000000000000
[   58.905339][ T3589] page dumped because: kasan: bad access detected
[   58.911741][ T3589] page_owner tracks the page as allocated
[   58.917435][ T3589] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3589, ts 58360265320, free_ts 33905142243
[   58.936641][ T3589]  get_page_from_freelist+0xa72/0x2f50
[   58.942175][ T3589]  __alloc_pages+0x1b2/0x500
[   58.946751][ T3589]  alloc_pages+0x1aa/0x310
[   58.951153][ T3589]  allocate_slab+0x27f/0x3c0
[   58.955728][ T3589]  ___slab_alloc+0xbe1/0x12b0
[   58.960393][ T3589]  __slab_alloc.constprop.0+0x4d/0xa0
[   58.965751][ T3589]  kmem_cache_alloc+0x3cb/0x4b0
[   58.970584][ T3589]  kcm_ioctl+0x7f1/0x1180
[   58.974898][ T3589]  sock_do_ioctl+0xcc/0x230
[   58.979389][ T3589]  sock_ioctl+0x2f1/0x640
[   58.983703][ T3589]  __x64_sys_ioctl+0x193/0x200
[   58.988626][ T3589]  do_syscall_64+0x35/0xb0
[   58.993024][ T3589]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   58.998898][ T3589] page last free stack trace:
[   59.003549][ T3589]  free_pcp_prepare+0x374/0x870
[   59.008381][ T3589]  free_unref_page+0x19/0x690
[   59.013054][ T3589]  __unfreeze_partials+0x320/0x340
[   59.018155][ T3589]  qlist_free_all+0x6d/0x160
[   59.022728][ T3589]  kasan_quarantine_reduce+0x180/0x200
[   59.028170][ T3589]  __kasan_slab_alloc+0xa2/0xc0
[   59.033007][ T3589]  kmem_cache_alloc+0x1b1/0x4b0
[   59.037840][ T3589]  alloc_inode+0x161/0x230
[   59.042239][ T3589]  new_inode_pseudo+0x14/0xe0
[   59.046894][ T3589]  create_pipe_files+0x4d/0x880
[   59.051734][ T3589]  do_pipe2+0x96/0x1b0
[   59.055795][ T3589]  __x64_sys_pipe+0x2f/0x40
[   59.060280][ T3589]  do_syscall_64+0x35/0xb0
[   59.064682][ T3589]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   59.070559][ T3589] 
[   59.072947][ T3589] Memory state around the buggy address:
[   59.078555][ T3589]  ffff88807907c180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.086595][ T3589]  ffff88807907c200: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   59.094636][ T3589] >ffff88807907c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   59.102676][ T3589]                                         ^
[   59.108543][ T3589]  ffff88807907c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   59.116583][ T3589]  ffff88807907c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   59.124619][ T3589] ==================================================================
[   59.132654][ T3589] Disabling lock debugging due to kernel taint
[   59.138891][ T3589] Kernel panic - not syncing: panic_on_warn set ...
[   59.145467][ T3589] CPU: 0 PID: 3589 Comm: syz-executor796 Tainted: G    B             5.17.0-rc6-syzkaller-00251-gdcde98da9970 #0
[   59.157424][ T3589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.167456][ T3589] Call Trace:
[   59.170713][ T3589]  <TASK>
[   59.173628][ T3589]  dump_stack_lvl+0xcd/0x134
[   59.178203][ T3589]  panic+0x2b0/0x6dd
[   59.182083][ T3589]  ? __warn_printk+0xf3/0xf3
[   59.186743][ T3589]  ? preempt_schedule_common+0x59/0xc0
[   59.192184][ T3589]  ? sk_psock_get+0x123/0x410
[   59.196927][ T3589]  ? preempt_schedule_thunk+0x16/0x18
[   59.202297][ T3589]  ? trace_hardirqs_on+0x38/0x1c0
[   59.207473][ T3589]  ? trace_hardirqs_on+0x51/0x1c0
[   59.212478][ T3589]  ? sk_psock_get+0x123/0x410
[   59.217135][ T3589]  ? sk_psock_get+0x123/0x410
[   59.221794][ T3589]  end_report.cold+0x63/0x6f
[   59.226542][ T3589]  kasan_report.cold+0x71/0xdf
[   59.231289][ T3589]  ? sk_psock_get+0x123/0x410
[   59.235950][ T3589]  kasan_check_range+0x13d/0x180
[   59.240869][ T3589]  sk_psock_get+0x123/0x410
[   59.245353][ T3589]  ? padding_length.part.0+0x270/0x270
[   59.250794][ T3589]  ? kernel_text_address+0x39/0x80
[   59.255887][ T3589]  ? aa_profile_af_perm+0x2e0/0x2e0
[   59.261063][ T3589]  ? unwind_get_return_address+0x51/0x90
[   59.266677][ T3589]  ? create_prof_cpu_mask+0x20/0x20
[   59.271857][ T3589]  tls_sw_recvmsg+0x195/0x15a0
[   59.276609][ T3589]  ? decrypt_skb+0xc0/0xc0
[   59.281009][ T3589]  ? aa_sk_perm+0x30f/0xaa0
[   59.285516][ T3589]  inet6_recvmsg+0x11b/0x5e0
[   59.290088][ T3589]  ? inet6_sk_rebuild_header+0xd00/0xd00
[   59.295703][ T3589]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   59.301953][ T3589]  ? security_socket_recvmsg+0x8f/0xc0
[   59.307392][ T3589]  ? inet6_sk_rebuild_header+0xd00/0xd00
[   59.313010][ T3589]  ____sys_recvmsg+0x2c4/0x600
[   59.317847][ T3589]  ? kernel_recvmsg+0x160/0x160
[   59.322682][ T3589]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   59.328906][ T3589]  ? __import_iovec+0x293/0x590
[   59.333739][ T3589]  ? __lock_acquire+0x1666/0x56c0
[   59.338750][ T3589]  ? import_iovec+0x10c/0x150
[   59.343404][ T3589]  ___sys_recvmsg+0x127/0x200
[   59.348060][ T3589]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[   59.353673][ T3589]  ? lock_chain_count+0x20/0x20
[   59.358683][ T3589]  ? find_held_lock+0x2d/0x110
[   59.363429][ T3589]  ? __lock_acquire+0x1666/0x56c0
[   59.368530][ T3589]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   59.374942][ T3589]  ? __fget_light+0x215/0x280
[   59.379601][ T3589]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   59.386003][ T3589]  do_recvmmsg+0x24d/0x6d0
[   59.390414][ T3589]  ? ___sys_recvmsg+0x200/0x200
[   59.395245][ T3589]  ? find_held_lock+0x2d/0x110
[   59.399988][ T3589]  ? __context_tracking_exit+0xb9/0xe0
[   59.405437][ T3589]  __x64_sys_recvmmsg+0x20b/0x260
[   59.410440][ T3589]  ? __do_sys_socketcall+0x590/0x590
[   59.415705][ T3589]  ? syscall_enter_from_user_mode+0x21/0x70
[   59.421590][ T3589]  do_syscall_64+0x35/0xb0
[   59.425988][ T3589]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   59.431860][ T3589] RIP: 0033:0x7f4682cb46a9
[   59.436255][ T3589] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   59.455839][ T3589] RSP: 002b:00007ffc342ae008 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   59.464230][ T3589] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4682cb46a9
[   59.472181][ T3589] RDX: 000000000000000a RSI: 00000000200030c0 RDI: 0000000000000005
[   59.480128][ T3589] RBP: 00007f4682c78690 R08: 0000000000000000 R09: 0000000000000000
[   59.488077][ T3589] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f4682c78720
[   59.496115][ T3589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   59.504069][ T3589]  </TASK>
[   59.507705][ T3589] Kernel Offset: disabled
[   59.512030][ T3589] Rebooting in 86400 seconds..