syzkaller login: [  253.976833][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  254.027639][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  254.146059][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  262.236169][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:63012' (ECDSA) to the list of known hosts.
1970/01/01 00:05:30 fuzzer started
1970/01/01 00:05:45 dialing manager at localhost:43397
[  350.922723][ T2027] cgroup: Unknown subsys name 'net'
[  351.964150][ T2027] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:05:51 syscalls: 2918
1970/01/01 00:05:51 code coverage: enabled
1970/01/01 00:05:51 comparison tracing: enabled
1970/01/01 00:05:51 extra coverage: enabled
1970/01/01 00:05:51 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:05:51 setuid sandbox: enabled
1970/01/01 00:05:51 namespace sandbox: enabled
1970/01/01 00:05:51 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:05:51 fault injection: enabled
1970/01/01 00:05:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:05:51 net packet injection: enabled
1970/01/01 00:05:51 net device setup: enabled
1970/01/01 00:05:51 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:05:51 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:05:51 NIC VF setup: PCI device 0000:00:11.0 is not available
1970/01/01 00:05:51 USB emulation: enabled
1970/01/01 00:05:51 hci packet injection: /dev/vhci does not exist
1970/01/01 00:05:51 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:05:51 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:05:52 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:05:57 fetching corpus: 50, signal 28356/31715 (executing program)
1970/01/01 00:06:00 fetching corpus: 100, signal 44733/49257 (executing program)
1970/01/01 00:06:04 fetching corpus: 149, signal 50324/56087 (executing program)
1970/01/01 00:06:06 fetching corpus: 199, signal 55854/62731 (executing program)
1970/01/01 00:06:08 fetching corpus: 248, signal 61582/69430 (executing program)
1970/01/01 00:06:13 fetching corpus: 297, signal 70224/78728 (executing program)
1970/01/01 00:06:16 fetching corpus: 346, signal 78831/87772 (executing program)
1970/01/01 00:06:19 fetching corpus: 396, signal 82243/92005 (executing program)
1970/01/01 00:06:21 fetching corpus: 446, signal 87062/97380 (executing program)
1970/01/01 00:06:24 fetching corpus: 496, signal 90251/101183 (executing program)
1970/01/01 00:06:26 fetching corpus: 546, signal 93304/104822 (executing program)
1970/01/01 00:06:29 fetching corpus: 596, signal 96929/108843 (executing program)
1970/01/01 00:06:31 fetching corpus: 644, signal 100404/112686 (executing program)
1970/01/01 00:06:34 fetching corpus: 694, signal 103299/115960 (executing program)
1970/01/01 00:06:37 fetching corpus: 744, signal 105909/118939 (executing program)
1970/01/01 00:06:41 fetching corpus: 794, signal 108011/121503 (executing program)
1970/01/01 00:06:43 fetching corpus: 844, signal 110058/123943 (executing program)
1970/01/01 00:06:46 fetching corpus: 894, signal 111481/125855 (executing program)
1970/01/01 00:06:49 fetching corpus: 943, signal 114507/128952 (executing program)
1970/01/01 00:06:51 fetching corpus: 993, signal 116340/131044 (executing program)
1970/01/01 00:06:54 fetching corpus: 1043, signal 117811/132814 (executing program)
1970/01/01 00:06:56 fetching corpus: 1093, signal 119246/134551 (executing program)
1970/01/01 00:06:59 fetching corpus: 1143, signal 120674/136275 (executing program)
1970/01/01 00:07:00 fetching corpus: 1193, signal 122200/138024 (executing program)
1970/01/01 00:07:03 fetching corpus: 1243, signal 123844/139839 (executing program)
1970/01/01 00:07:05 fetching corpus: 1292, signal 125521/141584 (executing program)
1970/01/01 00:07:07 fetching corpus: 1341, signal 126851/143081 (executing program)
1970/01/01 00:07:09 fetching corpus: 1391, signal 128161/144553 (executing program)
1970/01/01 00:07:11 fetching corpus: 1441, signal 129687/146150 (executing program)
1970/01/01 00:07:14 fetching corpus: 1491, signal 131425/147848 (executing program)
1970/01/01 00:07:16 fetching corpus: 1541, signal 133000/149337 (executing program)
1970/01/01 00:07:19 fetching corpus: 1591, signal 134157/150568 (executing program)
1970/01/01 00:07:21 fetching corpus: 1641, signal 135255/151770 (executing program)
1970/01/01 00:07:24 fetching corpus: 1691, signal 136839/153260 (executing program)
1970/01/01 00:07:26 fetching corpus: 1741, signal 138625/154805 (executing program)
1970/01/01 00:07:29 fetching corpus: 1791, signal 139850/156000 (executing program)
1970/01/01 00:07:31 fetching corpus: 1841, signal 140890/157028 (executing program)
1970/01/01 00:07:33 fetching corpus: 1891, signal 142220/158192 (executing program)
1970/01/01 00:07:36 fetching corpus: 1941, signal 142979/159029 (executing program)
1970/01/01 00:07:39 fetching corpus: 1991, signal 144441/160212 (executing program)
1970/01/01 00:07:42 fetching corpus: 2041, signal 145879/161379 (executing program)
1970/01/01 00:07:44 fetching corpus: 2091, signal 147153/162423 (executing program)
1970/01/01 00:07:47 fetching corpus: 2141, signal 148074/163255 (executing program)
1970/01/01 00:07:50 fetching corpus: 2191, signal 148891/164026 (executing program)
1970/01/01 00:07:53 fetching corpus: 2241, signal 150001/164894 (executing program)
1970/01/01 00:07:56 fetching corpus: 2290, signal 151580/165988 (executing program)
1970/01/01 00:07:58 fetching corpus: 2340, signal 153092/166974 (executing program)
1970/01/01 00:08:00 fetching corpus: 2389, signal 154633/167952 (executing program)
1970/01/01 00:08:03 fetching corpus: 2439, signal 155893/168800 (executing program)
1970/01/01 00:08:06 fetching corpus: 2487, signal 156819/169440 (executing program)
1970/01/01 00:08:08 fetching corpus: 2537, signal 157991/170183 (executing program)
1970/01/01 00:08:11 fetching corpus: 2587, signal 158979/170788 (executing program)
1970/01/01 00:08:14 fetching corpus: 2637, signal 160075/171382 (executing program)
1970/01/01 00:08:15 fetching corpus: 2687, signal 161033/171979 (executing program)
1970/01/01 00:08:18 fetching corpus: 2737, signal 162276/172633 (executing program)
1970/01/01 00:08:20 fetching corpus: 2785, signal 163101/173125 (executing program)
1970/01/01 00:08:23 fetching corpus: 2835, signal 163873/173596 (executing program)
1970/01/01 00:08:25 fetching corpus: 2884, signal 164940/174123 (executing program)
1970/01/01 00:08:28 fetching corpus: 2934, signal 165520/174483 (executing program)
1970/01/01 00:08:31 fetching corpus: 2983, signal 166353/174885 (executing program)
1970/01/01 00:08:33 fetching corpus: 3033, signal 167137/175273 (executing program)
1970/01/01 00:08:36 fetching corpus: 3083, signal 168455/175793 (executing program)
1970/01/01 00:08:38 fetching corpus: 3133, signal 169482/176196 (executing program)
1970/01/01 00:08:41 fetching corpus: 3182, signal 170142/176497 (executing program)
1970/01/01 00:08:43 fetching corpus: 3232, signal 171383/176877 (executing program)
1970/01/01 00:08:46 fetching corpus: 3282, signal 172125/177163 (executing program)
1970/01/01 00:08:49 fetching corpus: 3331, signal 173207/177476 (executing program)
1970/01/01 00:08:52 fetching corpus: 3381, signal 174150/177763 (executing program)
1970/01/01 00:08:55 fetching corpus: 3430, signal 174742/177948 (executing program)
1970/01/01 00:08:57 fetching corpus: 3479, signal 175558/178169 (executing program)
1970/01/01 00:08:58 fetching corpus: 3529, signal 175931/178267 (executing program)
1970/01/01 00:09:01 fetching corpus: 3572, signal 176567/178434 (executing program)
1970/01/01 00:09:01 fetching corpus: 3572, signal 176567/178461 (executing program)
1970/01/01 00:09:01 fetching corpus: 3572, signal 176567/178489 (executing program)
1970/01/01 00:09:01 fetching corpus: 3572, signal 176567/178528 (executing program)
1970/01/01 00:09:02 fetching corpus: 3572, signal 176567/178552 (executing program)
1970/01/01 00:09:02 fetching corpus: 3572, signal 176567/178583 (executing program)
1970/01/01 00:09:02 fetching corpus: 3572, signal 176567/178601 (executing program)
1970/01/01 00:09:02 fetching corpus: 3572, signal 176567/178630 (executing program)
1970/01/01 00:09:02 fetching corpus: 3572, signal 176567/178665 (executing program)
1970/01/01 00:09:02 fetching corpus: 3572, signal 176567/178686 (executing program)
1970/01/01 00:09:03 fetching corpus: 3572, signal 176567/178706 (executing program)
1970/01/01 00:09:03 fetching corpus: 3572, signal 176567/178735 (executing program)
1970/01/01 00:09:03 fetching corpus: 3572, signal 176567/178763 (executing program)
1970/01/01 00:09:03 fetching corpus: 3572, signal 176567/178784 (executing program)
1970/01/01 00:09:03 fetching corpus: 3572, signal 176567/178813 (executing program)
1970/01/01 00:09:03 fetching corpus: 3572, signal 176567/178835 (executing program)
1970/01/01 00:09:04 fetching corpus: 3573, signal 176591/178872 (executing program)
1970/01/01 00:09:04 fetching corpus: 3573, signal 176591/178880 (executing program)
1970/01/01 00:09:04 fetching corpus: 3573, signal 176591/178880 (executing program)
1970/01/01 00:10:59 starting 2 fuzzer processes
00:10:59 executing program 0:
syz_mount_image$fuse(0x0, &(0x7f0000002440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0xe0be000000000000, 0x0)

00:10:59 executing program 1:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f00000002c0)={{0x10, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000400)=""/206, 0x1a, 0xce, 0x1}, 0x20)

[  684.928596][ T2040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  685.509627][ T2040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  685.635387][ T2041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  686.223413][ T2041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  697.363565][ T2040] device hsr_slave_0 entered promiscuous mode
[  697.405548][ T2040] device hsr_slave_1 entered promiscuous mode
[  698.983655][ T2041] device hsr_slave_0 entered promiscuous mode
[  699.148064][ T2041] device hsr_slave_1 entered promiscuous mode
[  699.217489][ T2041] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  699.224858][ T2041] Cannot create hsr debugfs directory
[  705.498001][ T2040] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  705.668838][ T2040] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  706.411826][ T2040] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  706.799116][ T2040] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  707.688346][ T2041] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  707.912197][ T2041] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  708.061696][ T2041] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  708.258752][ T2041] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  715.014699][ T2040] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[  715.021320][ T2040] CPU: 0 PID: 2040 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  715.024308][ T2040] Hardware name: riscv-virtio,qemu (DT)
[  715.025447][ T2040] Call Trace:
[  715.026371][ T2040] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  715.027773][ T2040] [<ffffffff831668cc>] show_stack+0x34/0x40
[  715.028919][ T2040] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  715.030796][ T2040] [<ffffffff83175742>] dump_stack+0x1c/0x24
[  715.032034][ T2040] [<ffffffff83166fa8>] panic+0x24a/0x634
[  715.033627][ T2040] [<ffffffff831a688a>] schedule+0x0/0x14c
[  715.035540][ T2040] [<ffffffff831a6b00>] preempt_schedule_common+0x4e/0xde
[  715.037180][ T2040] [<ffffffff831a6bc4>] preempt_schedule+0x34/0x36
[  715.038664][ T2040] [<ffffffff831afd78>] _raw_spin_unlock_irqrestore+0x8c/0x98
[  715.040108][ T2040] [<ffffffff800f78dc>] __wake_up_common_lock+0xe4/0x136
[  715.041396][ T2040] [<ffffffff800f793e>] __wake_up+0x10/0x18
[  715.042617][ T2040] [<ffffffff82969e54>] netlink_broadcast+0x6d0/0xab6
[  715.043840][ T2040] [<ffffffff8296e110>] nlmsg_notify+0x78/0x22e
[  715.045031][ T2040] [<ffffffff827600e0>] rtnl_notify+0x80/0x98
[  715.046205][ T2040] [<ffffffff82be20ae>] rtmsg_fib+0x204/0x2be
[  715.047308][ T2040] [<ffffffff82bed266>] fib_table_insert+0x52a/0xebe
[  715.048421][ T2040] [<ffffffff82bd1222>] fib_magic+0x3f4/0x438
[  715.049763][ T2040] [<ffffffff82bd6178>] fib_add_ifaddr+0xd2/0x2e2
[  715.051311][ T2040] [<ffffffff82bd797e>] fib_inetaddr_event+0xfe/0x19e
[  715.052653][ T2040] [<ffffffff800aac84>] notifier_call_chain+0xb8/0x188
[  715.053841][ T2040] [<ffffffff800ab16c>] blocking_notifier_call_chain+0x50/0x78
[  715.055091][ T2040] [<ffffffff82baf09c>] __inet_insert_ifa+0x6ca/0x7e4
[  715.056298][ T2040] [<ffffffff82bb200c>] inet_rtm_newaddr+0x7c2/0xbc2
[  715.057456][ T2040] [<ffffffff8276b46c>] rtnetlink_rcv_msg+0x338/0x9a0
[  715.058758][ T2040] [<ffffffff8296ded2>] netlink_rcv_skb+0xf8/0x2be
[  715.060194][ T2040] [<ffffffff827624f4>] rtnetlink_rcv+0x26/0x30
[  715.061435][ T2040] [<ffffffff8296cbcc>] netlink_unicast+0x40e/0x5fe
[  715.062610][ T2040] [<ffffffff8296d29c>] netlink_sendmsg+0x4e0/0x994
[  715.063754][ T2040] [<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4
[  715.064965][ T2040] [<ffffffff826d7026>] __sys_sendto+0x1f2/0x2e0
[  715.066080][ T2040] [<ffffffff826d7152>] sys_sendto+0x3e/0x52
[  715.067268][ T2040] [<ffffffff80005716>] ret_from_syscall+0x0/0x2
[  715.068799][ T2040] SMP: stopping secondary CPUs
[  715.072349][ T2040] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:34:58  Registers:
info registers vcpu 0
 pc       000000008000231e
 mhartid  0000000000000000
 mstatus  0000000000000920
 mip      00000000000000a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000f97a
 sepc     ffffffff8010b26a
 mcause   0000000000000009
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra 00000000800067ce x2/sp 0000000080018d48 x3/gp ffffffff85863ac0
 x4/tp ffffaf800eb2c8c0 x5/t0 0000000000000000 x6/t1 0000000000000000 x7/t2 0000000000000000
 x8/s0 0000000080018d58 x9/s1 0000000080018ee8 x10/a0 00000001aee051a1 x11/a1 0000000000000000
 x12/a2 0000000080018dd8 x13/a3 0000000080018da8 x14/a4 0000000080019000 x15/a5 00000000800067be
 x16/a6 0000000000000000 x17/a7 0000000080012158 x18/s2 0000000054494d45 x19/s3 0000000000000000
 x20/s4 0000000000000000 x21/s5 0000000000000000 x22/s6 0000000000000000 x23/s7 0000000000000000
 x24/s8 0000000000000000 x25/s9 0000000000000000 x26/s10 0000000000000000 x27/s11 0000000000000045
 x28/t3 0000000000000000 x29/t4 0000000000000000 x30/t5 0000000000000000 x31/t6 0000000000000000
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff80c2db8a
 mhartid  0000000000000001
 mstatus  00000000000000a0
 mip      00000000000000a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff80475986
 sepc     ffffffff831afd22
 mcause   8000000000000007
 scause   8000000000000009
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff80c2db84 x2/sp ffffaf80113f23a0 x3/gp ffffffff85863ac0
 x4/tp ffffaf800bec48c0 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef0227e4a0 x7/t2 0000000000000000
 x8/s0 ffffaf80113f2490 x9/s1 ffffffff838d2e87 x10/a0 0000000000000000 x11/a1 ffffaf800bec58c0
 x12/a2 0000000000000002 x13/a3 ffffffff80c2db70 x14/a4 0000000000000003 x15/a5 0000000000000009
 x16/a6 0000000000f00000 x17/a7 ffffaf80113f2507 x18/s2 000000000000002a x19/s3 ffffaf80113f2500
 x20/s4 ffffaf80113f2420 x21/s5 ffffffff838d2e86 x22/s6 ffffffff838d2e88 x23/s7 1ffff5f00227e478
 x24/s8 ffffffff85889780 x25/s9 fffffffffffffffa x26/s10 fffffffffffffffe x27/s11 ffffffff838d6d80
 x28/t3 1ffff5f00227e508 x29/t4 fffff5ef0227e4a0 x30/t5 fffff5ef0227e4a1 x31/t6 ffffaf80113f26c8
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000