DUID 00:04:c5:78:79:07:21:f0:b3:e0:09:b6:1a:d6:4d:97:86:4f
forked to background, child pid 3182
[ 31.961414][ T3183] 8021q: adding VLAN 0 to HW filter on device bond0
[ 31.976631][ T3183] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.237' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 50.526891][ T3604] ==================================================================
[ 50.535183][ T3604] BUG: KASAN: slab-out-of-bounds in decrypt_internal+0x1471/0x1d90
[ 50.543087][ T3604] Read of size 16 at addr ffff88801c43cd20 by task syz-executor849/3604
[ 50.551436][ T3604]
[ 50.553796][ T3604] CPU: 0 PID: 3604 Comm: syz-executor849 Not tainted 5.16.0-rc8-syzkaller #0
[ 50.562550][ T3604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 50.572636][ T3604] Call Trace:
[ 50.575905][ T3604]
[ 50.579170][ T3604] dump_stack_lvl+0xcd/0x134
[ 50.583764][ T3604] print_address_description.constprop.0.cold+0x8d/0x320
[ 50.590796][ T3604] ? decrypt_internal+0x1471/0x1d90
[ 50.595993][ T3604] ? decrypt_internal+0x1471/0x1d90
[ 50.601228][ T3604] kasan_report.cold+0x83/0xdf
[ 50.605986][ T3604] ? decrypt_internal+0x1471/0x1d90
[ 50.611173][ T3604] kasan_check_range+0x13d/0x180
[ 50.616099][ T3604] memcpy+0x20/0x60
[ 50.619890][ T3604] decrypt_internal+0x1471/0x1d90
[ 50.624956][ T3604] ? tls_get_rec+0x5a0/0x5a0
[ 50.629536][ T3604] ? padding_length.part.0+0x270/0x270
[ 50.634985][ T3604] decrypt_skb_update+0x141/0xbc0
[ 50.640003][ T3604] tls_sw_recvmsg+0x5f2/0x1570
[ 50.644763][ T3604] ? decrypt_skb+0xc0/0xc0
[ 50.649169][ T3604] ? aa_sk_perm+0x30f/0xaa0
[ 50.653663][ T3604] inet6_recvmsg+0x11b/0x5e0
[ 50.658242][ T3604] ? lock_downgrade+0x6e0/0x6e0
[ 50.663080][ T3604] ? inet6_sk_rebuild_header+0xcf0/0xcf0
[ 50.668701][ T3604] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.674930][ T3604] ? security_socket_recvmsg+0x8f/0xc0
[ 50.680375][ T3604] ? inet6_sk_rebuild_header+0xcf0/0xcf0
[ 50.685994][ T3604] ____sys_recvmsg+0x2c4/0x600
[ 50.690751][ T3604] ? kernel_recvmsg+0x160/0x160
[ 50.695592][ T3604] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.701822][ T3604] ? __import_iovec+0x293/0x590
[ 50.706681][ T3604] ? import_iovec+0x10c/0x150
[ 50.711360][ T3604] ___sys_recvmsg+0x127/0x200
[ 50.716033][ T3604] ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 50.721650][ T3604] ? mark_lock+0xef/0x17b0
[ 50.726052][ T3604] ? slab_free_freelist_hook+0x8b/0x1c0
[ 50.731584][ T3604] ? lock_chain_count+0x20/0x20
[ 50.736428][ T3604] ? ___sys_sendmsg+0x105/0x170
[ 50.741264][ T3604] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.747503][ T3604] ? __fget_light+0x215/0x280
[ 50.752342][ T3604] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 50.758574][ T3604] do_recvmmsg+0x24d/0x6d0
[ 50.762996][ T3604] ? ___sys_recvmsg+0x200/0x200
[ 50.767831][ T3604] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 50.773798][ T3604] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 50.779778][ T3604] ? __context_tracking_exit+0xb8/0xe0
[ 50.785228][ T3604] ? lock_downgrade+0x6e0/0x6e0
[ 50.790065][ T3604] ? lock_downgrade+0x6e0/0x6e0
[ 50.794924][ T3604] __x64_sys_recvmmsg+0x20b/0x260
[ 50.799943][ T3604] ? __do_sys_socketcall+0x590/0x590
[ 50.805214][ T3604] ? syscall_enter_from_user_mode+0x21/0x70
[ 50.811100][ T3604] do_syscall_64+0x35/0xb0
[ 50.815503][ T3604] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 50.821386][ T3604] RIP: 0033:0x7ff1a54a33f9
[ 50.825787][ T3604] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 50.845379][ T3604] RSP: 002b:00007fff2a46a138 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 50.853864][ T3604] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff1a54a33f9
[ 50.861822][ T3604] RDX: 0000000000000001 RSI: 0000000020002900 RDI: 0000000000000003
[ 50.869777][ T3604] RBP: 00007ff1a54673e0 R08: 0000000000000000 R09: 0000000000000000
[ 50.877730][ T3604] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff1a5467470
[ 50.885770][ T3604] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 50.893828][ T3604]
[ 50.896831][ T3604]
[ 50.899136][ T3604] Allocated by task 3604:
[ 50.903442][ T3604] kasan_save_stack+0x1e/0x50
[ 50.908106][ T3604] __kasan_kmalloc+0xa9/0xd0
[ 50.912677][ T3604] tls_set_sw_offload+0x800/0x1430
[ 50.917776][ T3604] tls_setsockopt+0xb39/0xe70
[ 50.922437][ T3604] __sys_setsockopt+0x2db/0x610
[ 50.927268][ T3604] __x64_sys_setsockopt+0xba/0x150
[ 50.932367][ T3604] do_syscall_64+0x35/0xb0
[ 50.936777][ T3604] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 50.942652][ T3604]
[ 50.944954][ T3604] The buggy address belongs to the object at ffff88801c43cd20
[ 50.944954][ T3604] which belongs to the cache kmalloc-16 of size 16
[ 50.958818][ T3604] The buggy address is located 0 bytes inside of
[ 50.958818][ T3604] 16-byte region [ffff88801c43cd20, ffff88801c43cd30)
[ 50.971817][ T3604] The buggy address belongs to the page:
[ 50.977456][ T3604] page:ffffea0000710f00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801c43c000 pfn:0x1c43c
[ 50.988893][ T3604] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 50.996430][ T3604] raw: 00fff00000000200 0000000000000000 dead000000000001 ffff888010c413c0
[ 51.004995][ T3604] raw: ffff88801c43c000 0000000080800075 00000001ffffffff 0000000000000000
[ 51.013554][ T3604] page dumped because: kasan: bad access detected
[ 51.019945][ T3604] page_owner tracks the page as allocated
[ 51.025635][ T3604] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 9186592737, free_ts 9182344961
[ 51.041242][ T3604] get_page_from_freelist+0xa72/0x2f50
[ 51.046688][ T3604] __alloc_pages+0x1b2/0x500
[ 51.051264][ T3604] alloc_page_interleave+0x1e/0x200
[ 51.056539][ T3604] alloc_pages+0x29f/0x300
[ 51.060940][ T3604] new_slab+0x32d/0x4a0
[ 51.065084][ T3604] ___slab_alloc+0x918/0xfe0
[ 51.069656][ T3604] __slab_alloc.constprop.0+0x4d/0xa0
[ 51.075117][ T3604] __kmalloc+0x2fb/0x340
[ 51.079344][ T3604] usb_hcd_submit_urb+0x661/0x22c0
[ 51.084439][ T3604] usb_submit_urb+0x86d/0x18a0
[ 51.089193][ T3604] usb_start_wait_urb+0x101/0x4c0
[ 51.094198][ T3604] usb_control_msg+0x31c/0x4a0
[ 51.098942][ T3604] usb_get_descriptor+0xdd/0x1d0
[ 51.103860][ T3604] usb_get_configuration+0x296/0x3b30
[ 51.109223][ T3604] usb_new_device+0x583/0x7d0
[ 51.113884][ T3604] usb_add_hcd.cold+0x132b/0x16fd
[ 51.118912][ T3604] page last free stack trace:
[ 51.123580][ T3604] free_pcp_prepare+0x374/0x870
[ 51.128424][ T3604] free_unref_page+0x19/0x690
[ 51.133087][ T3604] __vunmap+0x781/0xb70
[ 51.137226][ T3604] free_work+0x58/0x70
[ 51.141278][ T3604] process_one_work+0x9b2/0x1660
[ 51.146201][ T3604] worker_thread+0x65d/0x1130
[ 51.151036][ T3604] kthread+0x405/0x4f0
[ 51.155087][ T3604] ret_from_fork+0x1f/0x30
[ 51.159488][ T3604]
[ 51.161793][ T3604] Memory state around the buggy address:
[ 51.167407][ T3604] ffff88801c43cc00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 51.175448][ T3604] ffff88801c43cc80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 51.183489][ T3604] >ffff88801c43cd00: fa fb fc fc 00 04 fc fc fa fb fc fc fa fb fc fc
[ 51.191527][ T3604] ^
[ 51.196876][ T3604] ffff88801c43cd80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[ 51.204933][ T3604] ffff88801c43ce00: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 51.212984][ T3604] ==================================================================
[ 51.221118][ T3604] Disabling lock debugging due to kernel taint
[ 51.227957][ T3604] Kernel panic - not syncing: panic_on_warn set ...
[ 51.234557][ T3604] CPU: 1 PID: 3604 Comm: syz-executor849 Tainted: G B 5.16.0-rc8-syzkaller #0
[ 51.244846][ T3604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 51.254970][ T3604] Call Trace:
[ 51.258232][ T3604]
[ 51.261149][ T3604] dump_stack_lvl+0xcd/0x134
[ 51.265735][ T3604] panic+0x2b0/0x6dd
[ 51.269630][ T3604] ? __warn_printk+0xf3/0xf3
[ 51.274202][ T3604] ? preempt_schedule_common+0x59/0xc0
[ 51.279901][ T3604] ? decrypt_internal+0x1471/0x1d90
[ 51.285124][ T3604] ? preempt_schedule_thunk+0x16/0x18
[ 51.290477][ T3604] ? trace_hardirqs_on+0x38/0x1c0
[ 51.295484][ T3604] ? trace_hardirqs_on+0x51/0x1c0
[ 51.300677][ T3604] ? decrypt_internal+0x1471/0x1d90
[ 51.305873][ T3604] ? decrypt_internal+0x1471/0x1d90
[ 51.311092][ T3604] end_report.cold+0x63/0x6f
[ 51.315671][ T3604] kasan_report.cold+0x71/0xdf
[ 51.320434][ T3604] ? decrypt_internal+0x1471/0x1d90
[ 51.325635][ T3604] kasan_check_range+0x13d/0x180
[ 51.330574][ T3604] memcpy+0x20/0x60
[ 51.334371][ T3604] decrypt_internal+0x1471/0x1d90
[ 51.339434][ T3604] ? tls_get_rec+0x5a0/0x5a0
[ 51.344008][ T3604] ? padding_length.part.0+0x270/0x270
[ 51.349449][ T3604] decrypt_skb_update+0x141/0xbc0
[ 51.354531][ T3604] tls_sw_recvmsg+0x5f2/0x1570
[ 51.359323][ T3604] ? decrypt_skb+0xc0/0xc0
[ 51.363760][ T3604] ? aa_sk_perm+0x30f/0xaa0
[ 51.368260][ T3604] inet6_recvmsg+0x11b/0x5e0
[ 51.372843][ T3604] ? lock_downgrade+0x6e0/0x6e0
[ 51.377693][ T3604] ? inet6_sk_rebuild_header+0xcf0/0xcf0
[ 51.383317][ T3604] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 51.389561][ T3604] ? security_socket_recvmsg+0x8f/0xc0
[ 51.395098][ T3604] ? inet6_sk_rebuild_header+0xcf0/0xcf0
[ 51.400805][ T3604] ____sys_recvmsg+0x2c4/0x600
[ 51.405563][ T3604] ? kernel_recvmsg+0x160/0x160
[ 51.410396][ T3604] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 51.416622][ T3604] ? __import_iovec+0x293/0x590
[ 51.421548][ T3604] ? import_iovec+0x10c/0x150
[ 51.426238][ T3604] ___sys_recvmsg+0x127/0x200
[ 51.430894][ T3604] ? __copy_msghdr_from_user+0x4b0/0x4b0
[ 51.436507][ T3604] ? mark_lock+0xef/0x17b0
[ 51.440903][ T3604] ? slab_free_freelist_hook+0x8b/0x1c0
[ 51.446484][ T3604] ? lock_chain_count+0x20/0x20
[ 51.451323][ T3604] ? ___sys_sendmsg+0x105/0x170
[ 51.456165][ T3604] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 51.462434][ T3604] ? __fget_light+0x215/0x280
[ 51.467113][ T3604] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 51.473338][ T3604] do_recvmmsg+0x24d/0x6d0
[ 51.477740][ T3604] ? ___sys_recvmsg+0x200/0x200
[ 51.482569][ T3604] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 51.488534][ T3604] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 51.494586][ T3604] ? __context_tracking_exit+0xb8/0xe0
[ 51.500030][ T3604] ? lock_downgrade+0x6e0/0x6e0
[ 51.504861][ T3604] ? lock_downgrade+0x6e0/0x6e0
[ 51.509695][ T3604] __x64_sys_recvmmsg+0x20b/0x260
[ 51.514704][ T3604] ? __do_sys_socketcall+0x590/0x590
[ 51.519970][ T3604] ? syscall_enter_from_user_mode+0x21/0x70
[ 51.525936][ T3604] do_syscall_64+0x35/0xb0
[ 51.530342][ T3604] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 51.536217][ T3604] RIP: 0033:0x7ff1a54a33f9
[ 51.540612][ T3604] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 51.560196][ T3604] RSP: 002b:00007fff2a46a138 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 51.568586][ T3604] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff1a54a33f9
[ 51.576537][ T3604] RDX: 0000000000000001 RSI: 0000000020002900 RDI: 0000000000000003
[ 51.584485][ T3604] RBP: 00007ff1a54673e0 R08: 0000000000000000 R09: 0000000000000000
[ 51.592435][ T3604] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff1a5467470
[ 51.600391][ T3604] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 51.608355][ T3604]
[ 51.611629][ T3604] Kernel Offset: disabled
[ 51.615936][ T3604] Rebooting in 86400 seconds..