DUID 00:04:f2:2d:62:da:c3:85:a0:c9:3a:ab:4f:1c:2c:dc:65:98
forked to background, child pid 3175
[ 26.982228][ T3176] 8021q: adding VLAN 0 to HW filter on device bond0
[ 26.992055][ T3176] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.75' (ECDSA) to the list of known hosts.
syzkaller login: [ 47.798561][ T3591] chnl_net:caif_netlink_parms(): no params data found
[ 47.838312][ T3591] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.845708][ T3591] bridge0: port 1(bridge_slave_0) entered disabled state
[ 47.853672][ T3591] device bridge_slave_0 entered promiscuous mode
[ 47.863238][ T3591] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.870320][ T3591] bridge0: port 2(bridge_slave_1) entered disabled state
[ 47.878202][ T3591] device bridge_slave_1 entered promiscuous mode
[ 47.897417][ T3591] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 47.908205][ T3591] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 47.930218][ T3591] team0: Port device team_slave_0 added
[ 47.937259][ T3591] team0: Port device team_slave_1 added
[ 47.954461][ T3591] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 47.961456][ T3591] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 47.987429][ T3591] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 47.999794][ T3591] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 48.006911][ T3591] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 48.032968][ T3591] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 48.058725][ T3591] device hsr_slave_0 entered promiscuous mode
[ 48.065757][ T3591] device hsr_slave_1 entered promiscuous mode
[ 48.145497][ T3591] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 48.157540][ T3591] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 48.166152][ T3591] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 48.176009][ T3591] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 48.196426][ T3591] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.203582][ T3591] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.211169][ T3591] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.218250][ T3591] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 48.260395][ T3591] 8021q: adding VLAN 0 to HW filter on device bond0
[ 48.273278][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 48.283696][ T6] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.291908][ T6] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.299682][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 48.312637][ T3591] 8021q: adding VLAN 0 to HW filter on device team0
[ 48.325551][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 48.334201][ T3597] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.341297][ T3597] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 48.352294][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 48.360758][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.367830][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.385290][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 48.396356][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 48.406704][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 48.420328][ T3591] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 48.432159][ T3591] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 48.443658][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 48.452928][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 48.470919][ T3591] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 48.478059][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 48.485610][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 48.494023][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 48.603922][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 48.613329][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 48.621702][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 48.629351][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 48.639682][ T3591] device veth0_vlan entered promiscuous mode
[ 48.650470][ T3591] device veth1_vlan entered promiscuous mode
[ 48.669136][ T3591] device veth0_macvtap entered promiscuous mode
[ 48.677035][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 48.685066][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 48.693288][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 48.701751][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 48.712538][ T3591] device veth1_macvtap entered promiscuous mode
[ 48.727471][ T3591] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 48.736199][ T3598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
executing program
[ 48.748665][ T3591] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 48.756320][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 48.767832][ T3591] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 48.777190][ T3591] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 48.786166][ T3591] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 48.795449][ T3591] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[ 48.836067][ T3607] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
executing program
executing program
[ 48.877644][ T3608] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
[ 48.911775][ T3609] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
executing program
executing program
[ 48.943600][ T3610] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
[ 48.972348][ T3611] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
executing program
executing program
[ 49.012188][ T3612] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
[ 49.047384][ T3613] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
executing program
[ 49.082807][ T3614] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
executing program
executing program
[ 49.124270][ T3615] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
[ 49.152395][ T3616] netlink: 244 bytes leftover after parsing attributes in process `syz-executor233'.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 49.833478][ T3631] ==================================================================
[ 49.841694][ T3631] BUG: KASAN: stack-out-of-bounds in packet_recvmsg+0x56c/0x1150
[ 49.849428][ T3631] Write of size 165 at addr ffffc9000385fb78 by task syz-executor233/3631
[ 49.857913][ T3631]
[ 49.860224][ T3631] CPU: 0 PID: 3631 Comm: syz-executor233 Not tainted 5.17.0-rc7-syzkaller-02396-g0b3660695e80 #0
[ 49.870707][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 49.880750][ T3631] Call Trace:
[ 49.884014][ T3631]
[ 49.886932][ T3631] dump_stack_lvl+0xcd/0x134
[ 49.891512][ T3631] print_address_description.constprop.0.cold+0xf/0x336
[ 49.898436][ T3631] ? packet_recvmsg+0x56c/0x1150
[ 49.903358][ T3631] ? packet_recvmsg+0x56c/0x1150
[ 49.908276][ T3631] kasan_report.cold+0x83/0xdf
[ 49.913038][ T3631] ? packet_recvmsg+0x56c/0x1150
[ 49.917984][ T3631] kasan_check_range+0x13d/0x180
[ 49.922909][ T3631] memcpy+0x39/0x60
[ 49.926702][ T3631] packet_recvmsg+0x56c/0x1150
[ 49.931456][ T3631] ? __packet_rcv_has_room+0x700/0x700
[ 49.936904][ T3631] ? __might_fault+0xd1/0x170
[ 49.941587][ T3631] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 49.947815][ T3631] ? security_socket_recvmsg+0x8f/0xc0
[ 49.953260][ T3631] ? __packet_rcv_has_room+0x700/0x700
[ 49.958726][ T3631] ____sys_recvmsg+0x2c4/0x600
[ 49.963479][ T3631] ? kernel_recvmsg+0x160/0x160
[ 49.968314][ T3631] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 49.974540][ T3631] ? __import_iovec+0x293/0x590
[ 49.979381][ T3631] ? import_iovec+0x10c/0x150
[ 49.984047][ T3631] ___sys_recvmsg+0x127/0x200
[ 49.988712][ T3631] ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 49.994336][ T3631] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 50.000305][ T3631] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 50.006274][ T3631] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.012509][ T3631] ? __fget_light+0x215/0x280
[ 50.017194][ T3631] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 50.023427][ T3631] __sys_recvmsg+0xe2/0x1a0
[ 50.027917][ T3631] ? __sys_recvmsg_sock+0x40/0x40
[ 50.032952][ T3631] ? syscall_enter_from_user_mode+0x21/0x70
[ 50.038841][ T3631] do_syscall_64+0x35/0xb0
[ 50.043241][ T3631] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 50.049125][ T3631] RIP: 0033:0x7fdfd5954c29
[ 50.053524][ T3631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 50.073126][ T3631] RSP: 002b:00007ffcf8e71e48 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 50.081561][ T3631] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfd5954c29
[ 50.089515][ T3631] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005
[ 50.097467][ T3631] RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d
[ 50.105421][ T3631] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf8e71e60
[ 50.113387][ T3631] R13: 00000000000f4240 R14: 000000000000c1ff R15: 00007ffcf8e71e54
[ 50.121373][ T3631]
[ 50.124381][ T3631]
[ 50.126689][ T3631]
[ 50.128996][ T3631] addr ffffc9000385fb78 is located in stack of task syz-executor233/3631 at offset 32 in frame:
[ 50.139391][ T3631] ____sys_recvmsg+0x0/0x600
[ 50.143973][ T3631]
[ 50.146280][ T3631] this frame has 1 object:
[ 50.150673][ T3631] [32, 160) 'addr'
[ 50.150683][ T3631]
[ 50.156781][ T3631] Memory state around the buggy address:
[ 50.162394][ T3631] ffffc9000385fa80: 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00
[ 50.170438][ T3631] ffffc9000385fb00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00
[ 50.178480][ T3631] >ffffc9000385fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3
[ 50.186520][ T3631] ^
[ 50.194476][ T3631] ffffc9000385fc00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1
[ 50.202516][ T3631] ffffc9000385fc80: f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00
[ 50.210557][ T3631] ==================================================================
[ 50.218594][ T3631] Disabling lock debugging due to kernel taint
[ 50.225792][ T3631] Kernel panic - not syncing: panic_on_warn set ...
[ 50.232386][ T3631] CPU: 1 PID: 3631 Comm: syz-executor233 Tainted: G B 5.17.0-rc7-syzkaller-02396-g0b3660695e80 #0
[ 50.244280][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 50.254327][ T3631] Call Trace:
[ 50.257586][ T3631]
[ 50.260498][ T3631] dump_stack_lvl+0xcd/0x134
[ 50.265072][ T3631] panic+0x2b0/0x6dd
[ 50.268991][ T3631] ? __warn_printk+0xf3/0xf3
[ 50.273580][ T3631] ? preempt_schedule_common+0x59/0xc0
[ 50.279022][ T3631] ? packet_recvmsg+0x56c/0x1150
[ 50.283939][ T3631] ? preempt_schedule_thunk+0x16/0x18
[ 50.289294][ T3631] ? trace_hardirqs_on+0x38/0x1c0
[ 50.294298][ T3631] ? trace_hardirqs_on+0x51/0x1c0
[ 50.299306][ T3631] ? packet_recvmsg+0x56c/0x1150
[ 50.304228][ T3631] ? packet_recvmsg+0x56c/0x1150
[ 50.309149][ T3631] end_report.cold+0x63/0x6f
[ 50.313745][ T3631] kasan_report.cold+0x71/0xdf
[ 50.318490][ T3631] ? packet_recvmsg+0x56c/0x1150
[ 50.323409][ T3631] kasan_check_range+0x13d/0x180
[ 50.328325][ T3631] memcpy+0x39/0x60
[ 50.332113][ T3631] packet_recvmsg+0x56c/0x1150
[ 50.336864][ T3631] ? __packet_rcv_has_room+0x700/0x700
[ 50.342321][ T3631] ? __might_fault+0xd1/0x170
[ 50.347006][ T3631] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.353237][ T3631] ? security_socket_recvmsg+0x8f/0xc0
[ 50.358695][ T3631] ? __packet_rcv_has_room+0x700/0x700
[ 50.364154][ T3631] ____sys_recvmsg+0x2c4/0x600
[ 50.368902][ T3631] ? kernel_recvmsg+0x160/0x160
[ 50.373736][ T3631] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.379959][ T3631] ? __import_iovec+0x293/0x590
[ 50.384796][ T3631] ? import_iovec+0x10c/0x150
[ 50.389469][ T3631] ___sys_recvmsg+0x127/0x200
[ 50.394126][ T3631] ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 50.399756][ T3631] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 50.405729][ T3631] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 50.411693][ T3631] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.417919][ T3631] ? __fget_light+0x215/0x280
[ 50.422582][ T3631] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 50.428813][ T3631] __sys_recvmsg+0xe2/0x1a0
[ 50.433304][ T3631] ? __sys_recvmsg_sock+0x40/0x40
[ 50.438312][ T3631] ? syscall_enter_from_user_mode+0x21/0x70
[ 50.444200][ T3631] do_syscall_64+0x35/0xb0
[ 50.448610][ T3631] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 50.454496][ T3631] RIP: 0033:0x7fdfd5954c29
[ 50.458892][ T3631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 50.478484][ T3631] RSP: 002b:00007ffcf8e71e48 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 50.486882][ T3631] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfd5954c29
[ 50.494836][ T3631] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005
[ 50.502790][ T3631] RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d
[ 50.510745][ T3631] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf8e71e60
[ 50.518710][ T3631] R13: 00000000000f4240 R14: 000000000000c1ff R15: 00007ffcf8e71e54
[ 50.526670][ T3631]
[ 50.529860][ T3631] Kernel Offset: disabled
[ 50.534171][ T3631] Rebooting in 86400 seconds..