DUID 00:04:f2:2d:62:da:c3:85:a0:c9:3a:ab:4f:1c:2c:dc:65:98
forked to background, child pid 3175
[   26.982228][ T3176] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.992055][ T3176] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.75' (ECDSA) to the list of known hosts.
syzkaller login: [   47.798561][ T3591] chnl_net:caif_netlink_parms(): no params data found
[   47.838312][ T3591] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.845708][ T3591] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.853672][ T3591] device bridge_slave_0 entered promiscuous mode
[   47.863238][ T3591] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.870320][ T3591] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.878202][ T3591] device bridge_slave_1 entered promiscuous mode
[   47.897417][ T3591] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.908205][ T3591] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.930218][ T3591] team0: Port device team_slave_0 added
[   47.937259][ T3591] team0: Port device team_slave_1 added
[   47.954461][ T3591] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.961456][ T3591] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.987429][ T3591] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.999794][ T3591] batman_adv: batadv0: Adding interface: batadv_slave_1
[   48.006911][ T3591] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.032968][ T3591] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   48.058725][ T3591] device hsr_slave_0 entered promiscuous mode
[   48.065757][ T3591] device hsr_slave_1 entered promiscuous mode
[   48.145497][ T3591] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   48.157540][ T3591] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   48.166152][ T3591] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   48.176009][ T3591] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   48.196426][ T3591] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.203582][ T3591] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.211169][ T3591] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.218250][ T3591] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.260395][ T3591] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.273278][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   48.283696][    T6] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.291908][    T6] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.299682][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   48.312637][ T3591] 8021q: adding VLAN 0 to HW filter on device team0
[   48.325551][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   48.334201][ T3597] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.341297][ T3597] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.352294][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   48.360758][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.367830][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.385290][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   48.396356][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   48.406704][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   48.420328][ T3591] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   48.432159][ T3591] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   48.443658][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   48.452928][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   48.470919][ T3591] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.478059][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   48.485610][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   48.494023][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   48.603922][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   48.613329][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   48.621702][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   48.629351][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   48.639682][ T3591] device veth0_vlan entered promiscuous mode
[   48.650470][ T3591] device veth1_vlan entered promiscuous mode
[   48.669136][ T3591] device veth0_macvtap entered promiscuous mode
[   48.677035][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   48.685066][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   48.693288][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   48.701751][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   48.712538][ T3591] device veth1_macvtap entered promiscuous mode
[   48.727471][ T3591] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.736199][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
executing program
[   48.748665][ T3591] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.756320][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   48.767832][ T3591] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.777190][ T3591] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.786166][ T3591] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.795449][ T3591] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   48.836067][ T3607] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
executing program
executing program
[   48.877644][ T3608] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
[   48.911775][ T3609] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
executing program
executing program
[   48.943600][ T3610] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
[   48.972348][ T3611] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
executing program
executing program
[   49.012188][ T3612] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
[   49.047384][ T3613] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
executing program
[   49.082807][ T3614] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
executing program
executing program
[   49.124270][ T3615] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
[   49.152395][ T3616] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   49.833478][ T3631] ==================================================================
[   49.841694][ T3631] BUG: KASAN: stack-out-of-bounds in packet_recvmsg+0x56c/0x1150
[   49.849428][ T3631] Write of size 165 at addr ffffc9000385fb78 by task syz-executor233/3631
[   49.857913][ T3631] 
[   49.860224][ T3631] CPU: 0 PID: 3631 Comm: syz-executor233 Not tainted 5.17.0-rc7-syzkaller-02396-g0b3660695e80 #0
[   49.870707][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.880750][ T3631] Call Trace:
[   49.884014][ T3631]  <TASK>
[   49.886932][ T3631]  dump_stack_lvl+0xcd/0x134
[   49.891512][ T3631]  print_address_description.constprop.0.cold+0xf/0x336
[   49.898436][ T3631]  ? packet_recvmsg+0x56c/0x1150
[   49.903358][ T3631]  ? packet_recvmsg+0x56c/0x1150
[   49.908276][ T3631]  kasan_report.cold+0x83/0xdf
[   49.913038][ T3631]  ? packet_recvmsg+0x56c/0x1150
[   49.917984][ T3631]  kasan_check_range+0x13d/0x180
[   49.922909][ T3631]  memcpy+0x39/0x60
[   49.926702][ T3631]  packet_recvmsg+0x56c/0x1150
[   49.931456][ T3631]  ? __packet_rcv_has_room+0x700/0x700
[   49.936904][ T3631]  ? __might_fault+0xd1/0x170
[   49.941587][ T3631]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   49.947815][ T3631]  ? security_socket_recvmsg+0x8f/0xc0
[   49.953260][ T3631]  ? __packet_rcv_has_room+0x700/0x700
[   49.958726][ T3631]  ____sys_recvmsg+0x2c4/0x600
[   49.963479][ T3631]  ? kernel_recvmsg+0x160/0x160
[   49.968314][ T3631]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   49.974540][ T3631]  ? __import_iovec+0x293/0x590
[   49.979381][ T3631]  ? import_iovec+0x10c/0x150
[   49.984047][ T3631]  ___sys_recvmsg+0x127/0x200
[   49.988712][ T3631]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[   49.994336][ T3631]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   50.000305][ T3631]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   50.006274][ T3631]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   50.012509][ T3631]  ? __fget_light+0x215/0x280
[   50.017194][ T3631]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   50.023427][ T3631]  __sys_recvmsg+0xe2/0x1a0
[   50.027917][ T3631]  ? __sys_recvmsg_sock+0x40/0x40
[   50.032952][ T3631]  ? syscall_enter_from_user_mode+0x21/0x70
[   50.038841][ T3631]  do_syscall_64+0x35/0xb0
[   50.043241][ T3631]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.049125][ T3631] RIP: 0033:0x7fdfd5954c29
[   50.053524][ T3631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   50.073126][ T3631] RSP: 002b:00007ffcf8e71e48 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[   50.081561][ T3631] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfd5954c29
[   50.089515][ T3631] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005
[   50.097467][ T3631] RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d
[   50.105421][ T3631] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf8e71e60
[   50.113387][ T3631] R13: 00000000000f4240 R14: 000000000000c1ff R15: 00007ffcf8e71e54
[   50.121373][ T3631]  </TASK>
[   50.124381][ T3631] 
[   50.126689][ T3631] 
[   50.128996][ T3631] addr ffffc9000385fb78 is located in stack of task syz-executor233/3631 at offset 32 in frame:
[   50.139391][ T3631]  ____sys_recvmsg+0x0/0x600
[   50.143973][ T3631] 
[   50.146280][ T3631] this frame has 1 object:
[   50.150673][ T3631]  [32, 160) 'addr'
[   50.150683][ T3631] 
[   50.156781][ T3631] Memory state around the buggy address:
[   50.162394][ T3631]  ffffc9000385fa80: 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00
[   50.170438][ T3631]  ffffc9000385fb00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00
[   50.178480][ T3631] >ffffc9000385fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3
[   50.186520][ T3631]                                                                 ^
[   50.194476][ T3631]  ffffc9000385fc00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1
[   50.202516][ T3631]  ffffc9000385fc80: f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00
[   50.210557][ T3631] ==================================================================
[   50.218594][ T3631] Disabling lock debugging due to kernel taint
[   50.225792][ T3631] Kernel panic - not syncing: panic_on_warn set ...
[   50.232386][ T3631] CPU: 1 PID: 3631 Comm: syz-executor233 Tainted: G    B             5.17.0-rc7-syzkaller-02396-g0b3660695e80 #0
[   50.244280][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.254327][ T3631] Call Trace:
[   50.257586][ T3631]  <TASK>
[   50.260498][ T3631]  dump_stack_lvl+0xcd/0x134
[   50.265072][ T3631]  panic+0x2b0/0x6dd
[   50.268991][ T3631]  ? __warn_printk+0xf3/0xf3
[   50.273580][ T3631]  ? preempt_schedule_common+0x59/0xc0
[   50.279022][ T3631]  ? packet_recvmsg+0x56c/0x1150
[   50.283939][ T3631]  ? preempt_schedule_thunk+0x16/0x18
[   50.289294][ T3631]  ? trace_hardirqs_on+0x38/0x1c0
[   50.294298][ T3631]  ? trace_hardirqs_on+0x51/0x1c0
[   50.299306][ T3631]  ? packet_recvmsg+0x56c/0x1150
[   50.304228][ T3631]  ? packet_recvmsg+0x56c/0x1150
[   50.309149][ T3631]  end_report.cold+0x63/0x6f
[   50.313745][ T3631]  kasan_report.cold+0x71/0xdf
[   50.318490][ T3631]  ? packet_recvmsg+0x56c/0x1150
[   50.323409][ T3631]  kasan_check_range+0x13d/0x180
[   50.328325][ T3631]  memcpy+0x39/0x60
[   50.332113][ T3631]  packet_recvmsg+0x56c/0x1150
[   50.336864][ T3631]  ? __packet_rcv_has_room+0x700/0x700
[   50.342321][ T3631]  ? __might_fault+0xd1/0x170
[   50.347006][ T3631]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   50.353237][ T3631]  ? security_socket_recvmsg+0x8f/0xc0
[   50.358695][ T3631]  ? __packet_rcv_has_room+0x700/0x700
[   50.364154][ T3631]  ____sys_recvmsg+0x2c4/0x600
[   50.368902][ T3631]  ? kernel_recvmsg+0x160/0x160
[   50.373736][ T3631]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   50.379959][ T3631]  ? __import_iovec+0x293/0x590
[   50.384796][ T3631]  ? import_iovec+0x10c/0x150
[   50.389469][ T3631]  ___sys_recvmsg+0x127/0x200
[   50.394126][ T3631]  ? __copy_msghdr_from_user+0x4b0/0x4b0
[   50.399756][ T3631]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   50.405729][ T3631]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   50.411693][ T3631]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   50.417919][ T3631]  ? __fget_light+0x215/0x280
[   50.422582][ T3631]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   50.428813][ T3631]  __sys_recvmsg+0xe2/0x1a0
[   50.433304][ T3631]  ? __sys_recvmsg_sock+0x40/0x40
[   50.438312][ T3631]  ? syscall_enter_from_user_mode+0x21/0x70
[   50.444200][ T3631]  do_syscall_64+0x35/0xb0
[   50.448610][ T3631]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.454496][ T3631] RIP: 0033:0x7fdfd5954c29
[   50.458892][ T3631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   50.478484][ T3631] RSP: 002b:00007ffcf8e71e48 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[   50.486882][ T3631] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfd5954c29
[   50.494836][ T3631] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005
[   50.502790][ T3631] RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d
[   50.510745][ T3631] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf8e71e60
[   50.518710][ T3631] R13: 00000000000f4240 R14: 000000000000c1ff R15: 00007ffcf8e71e54
[   50.526670][ T3631]  </TASK>
[   50.529860][ T3631] Kernel Offset: disabled
[   50.534171][ T3631] Rebooting in 86400 seconds..