syzkaller login: [ 256.059687][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 256.114651][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 272.555691][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 289.695440][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:61198' (ECDSA) to the list of known hosts. 1970/01/01 00:05:49 fuzzer started 1970/01/01 00:06:00 dialing manager at localhost:43965 [ 365.447166][ T2044] cgroup: Unknown subsys name 'net' [ 366.478162][ T2044] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:06 syscalls: 2918 1970/01/01 00:06:06 code coverage: enabled 1970/01/01 00:06:06 comparison tracing: enabled 1970/01/01 00:06:06 extra coverage: enabled 1970/01/01 00:06:06 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:06 setuid sandbox: enabled 1970/01/01 00:06:06 namespace sandbox: enabled 1970/01/01 00:06:06 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:06 fault injection: enabled 1970/01/01 00:06:06 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:06 net packet injection: enabled 1970/01/01 00:06:06 net device setup: enabled 1970/01/01 00:06:06 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:06 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:06 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:06 USB emulation: enabled 1970/01/01 00:06:06 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:06 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:06 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:06 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:11 fetching corpus: 49, signal 29126/32326 (executing program) 1970/01/01 00:06:14 fetching corpus: 98, signal 46447/50563 (executing program) 1970/01/01 00:06:18 fetching corpus: 146, signal 54721/59733 (executing program) 1970/01/01 00:06:21 fetching corpus: 195, signal 63469/69202 (executing program) 1970/01/01 00:06:24 fetching corpus: 244, signal 69784/76204 (executing program) 1970/01/01 00:06:27 fetching corpus: 293, signal 74971/81993 (executing program) 1970/01/01 00:06:30 fetching corpus: 343, signal 79696/87208 (executing program) 1970/01/01 00:06:33 fetching corpus: 392, signal 82571/90697 (executing program) 1970/01/01 00:06:35 fetching corpus: 442, signal 86544/94955 (executing program) 1970/01/01 00:06:38 fetching corpus: 492, signal 88848/97715 (executing program) 1970/01/01 00:06:41 fetching corpus: 542, signal 93346/102287 (executing program) 1970/01/01 00:06:44 fetching corpus: 589, signal 97768/106706 (executing program) 1970/01/01 00:06:47 fetching corpus: 638, signal 101096/110044 (executing program) 1970/01/01 00:06:49 fetching corpus: 688, signal 103399/112531 (executing program) 1970/01/01 00:06:54 fetching corpus: 738, signal 106840/115815 (executing program) 1970/01/01 00:06:57 fetching corpus: 787, signal 108547/117759 (executing program) 1970/01/01 00:07:00 fetching corpus: 837, signal 110340/119633 (executing program) 1970/01/01 00:07:03 fetching corpus: 887, signal 112332/121673 (executing program) 1970/01/01 00:07:06 fetching corpus: 935, signal 114051/123437 (executing program) 1970/01/01 00:07:09 fetching corpus: 985, signal 116082/125334 (executing program) 1970/01/01 00:07:12 fetching corpus: 1034, signal 118477/127424 (executing program) 1970/01/01 00:07:15 fetching corpus: 1082, signal 119757/128695 (executing program) 1970/01/01 00:07:17 fetching corpus: 1131, signal 121624/130330 (executing program) 1970/01/01 00:07:19 fetching corpus: 1181, signal 123236/131773 (executing program) 1970/01/01 00:07:22 fetching corpus: 1230, signal 125217/133411 (executing program) 1970/01/01 00:07:24 fetching corpus: 1280, signal 126959/134818 (executing program) 1970/01/01 00:07:27 fetching corpus: 1328, signal 128178/135849 (executing program) 1970/01/01 00:07:30 fetching corpus: 1378, signal 130284/137445 (executing program) 1970/01/01 00:07:32 fetching corpus: 1428, signal 131875/138615 (executing program) 1970/01/01 00:07:34 fetching corpus: 1478, signal 133280/139656 (executing program) 1970/01/01 00:07:37 fetching corpus: 1528, signal 134506/140583 (executing program) 1970/01/01 00:07:39 fetching corpus: 1578, signal 136151/141691 (executing program) 1970/01/01 00:07:43 fetching corpus: 1627, signal 137350/142525 (executing program) 1970/01/01 00:07:45 fetching corpus: 1677, signal 138715/143398 (executing program) 1970/01/01 00:07:48 fetching corpus: 1727, signal 141392/144987 (executing program) 1970/01/01 00:07:52 fetching corpus: 1776, signal 143271/146062 (executing program) 1970/01/01 00:07:55 fetching corpus: 1826, signal 144351/146689 (executing program) 1970/01/01 00:07:58 fetching corpus: 1875, signal 145365/147233 (executing program) 1970/01/01 00:08:00 fetching corpus: 1915, signal 146356/147732 (executing program) 1970/01/01 00:08:00 fetching corpus: 1916, signal 146366/147772 (executing program) 1970/01/01 00:08:01 fetching corpus: 1916, signal 146366/147803 (executing program) 1970/01/01 00:08:01 fetching corpus: 1916, signal 146366/147830 (executing program) 1970/01/01 00:08:01 fetching corpus: 1916, signal 146366/147873 (executing program) 1970/01/01 00:08:01 fetching corpus: 1916, signal 146366/147908 (executing program) 1970/01/01 00:08:01 fetching corpus: 1916, signal 146366/147938 (executing program) 1970/01/01 00:08:01 fetching corpus: 1916, signal 146366/147977 (executing program) 1970/01/01 00:08:01 fetching corpus: 1916, signal 146366/148019 (executing program) 1970/01/01 00:08:02 fetching corpus: 1916, signal 146366/148057 (executing program) 1970/01/01 00:08:02 fetching corpus: 1916, signal 146366/148076 (executing program) 1970/01/01 00:08:02 fetching corpus: 1916, signal 146366/148114 (executing program) 1970/01/01 00:08:02 fetching corpus: 1916, signal 146366/148152 (executing program) 1970/01/01 00:08:02 fetching corpus: 1916, signal 146366/148178 (executing program) 1970/01/01 00:08:02 fetching corpus: 1916, signal 146366/148208 (executing program) 1970/01/01 00:08:02 fetching corpus: 1916, signal 146366/148250 (executing program) 1970/01/01 00:08:03 fetching corpus: 1916, signal 146366/148286 (executing program) 1970/01/01 00:08:03 fetching corpus: 1916, signal 146366/148319 (executing program) 1970/01/01 00:08:03 fetching corpus: 1916, signal 146367/148354 (executing program) 1970/01/01 00:08:03 fetching corpus: 1916, signal 146367/148393 (executing program) 1970/01/01 00:08:03 fetching corpus: 1916, signal 146367/148419 (executing program) 1970/01/01 00:08:03 fetching corpus: 1916, signal 146367/148450 (executing program) 1970/01/01 00:08:04 fetching corpus: 1916, signal 146367/148494 (executing program) 1970/01/01 00:08:04 fetching corpus: 1916, signal 146367/148533 (executing program) 1970/01/01 00:08:04 fetching corpus: 1916, signal 146367/148565 (executing program) 1970/01/01 00:08:04 fetching corpus: 1916, signal 146367/148596 (executing program) 1970/01/01 00:08:04 fetching corpus: 1917, signal 146384/148638 (executing program) 1970/01/01 00:08:04 fetching corpus: 1917, signal 146384/148670 (executing program) 1970/01/01 00:08:04 fetching corpus: 1917, signal 146384/148703 (executing program) 1970/01/01 00:08:05 fetching corpus: 1917, signal 146384/148733 (executing program) 1970/01/01 00:08:05 fetching corpus: 1917, signal 146384/148763 (executing program) 1970/01/01 00:08:05 fetching corpus: 1917, signal 146384/148797 (executing program) 1970/01/01 00:08:05 fetching corpus: 1917, signal 146384/148830 (executing program) 1970/01/01 00:08:05 fetching corpus: 1917, signal 146384/148875 (executing program) 1970/01/01 00:08:05 fetching corpus: 1917, signal 146384/148905 (executing program) 1970/01/01 00:08:05 fetching corpus: 1917, signal 146384/148924 (executing program) 1970/01/01 00:08:05 fetching corpus: 1917, signal 146384/148924 (executing program) 1970/01/01 00:09:54 starting 2 fuzzer processes 00:09:54 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = fcntl$dupfd(r1, 0x0, r1) sendmsg$inet(r2, &(0x7f0000000500)={&(0x7f0000000300)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000340)="9b7f", 0x2}], 0x1}, 0x0) 00:09:54 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) [ 625.827886][ T2051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 626.475763][ T2051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 626.618644][ T2050] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 627.170023][ T2050] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 638.525629][ T2051] device hsr_slave_0 entered promiscuous mode [ 638.569845][ T2051] device hsr_slave_1 entered promiscuous mode [ 640.178308][ T2050] device hsr_slave_0 entered promiscuous mode [ 640.300342][ T2050] device hsr_slave_1 entered promiscuous mode [ 640.322716][ T2050] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 640.327074][ T2050] Cannot create hsr debugfs directory [ 647.934010][ T2051] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 648.194667][ T2051] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 648.346402][ T2051] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 648.559171][ T2051] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 649.929535][ T2050] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 650.255456][ T2050] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 650.457038][ T2050] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 650.715597][ T2050] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 658.465128][ T2051] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 658.466900][ T2051] CPU: 0 PID: 2051 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 658.468517][ T2051] Hardware name: riscv-virtio,qemu (DT) [ 658.469989][ T2051] Call Trace: [ 658.471209][ T2051] [] dump_backtrace+0x2e/0x3c [ 658.472603][ T2051] [] show_stack+0x34/0x40 [ 658.473743][ T2051] [] dump_stack_lvl+0xe4/0x150 [ 658.474945][ T2051] [] dump_stack+0x1c/0x24 [ 658.476197][ T2051] [] panic+0x24a/0x634 [ 658.477290][ T2051] [] schedule+0x0/0x14c [ 658.478495][ T2051] [] preempt_schedule_common+0x4e/0xde [ 658.479764][ T2051] [] preempt_schedule+0x34/0x36 [ 658.481601][ T2051] [] __local_bh_enable_ip+0x29e/0x2a4 [ 658.482944][ T2051] [] _raw_spin_unlock_bh+0x34/0x40 [ 658.484250][ T2051] [] ip6_ins_rt+0xcc/0x102 [ 658.486001][ T2051] [] __ipv6_ifa_notify+0x528/0x594 [ 658.487275][ T2051] [] add_addr+0x19c/0x274 [ 658.489639][ T2051] [] add_v4_addrs+0x4a8/0x640 [ 658.491551][ T2051] [] addrconf_notify+0x784/0x1360 [ 658.492937][ T2051] [] notifier_call_chain+0xb8/0x188 [ 658.494252][ T2051] [] raw_notifier_call_chain+0x2a/0x38 [ 658.495492][ T2051] [] call_netdevice_notifiers_info+0x9e/0x10c [ 658.496757][ T2051] [] __dev_notify_flags+0x108/0x1fa [ 658.498036][ T2051] [] dev_change_flags+0x9c/0xba [ 658.499393][ T2051] [] do_setlink+0x5d6/0x21c4 [ 658.500884][ T2051] [] __rtnl_newlink+0x99e/0xfa0 [ 658.502219][ T2051] [] rtnl_newlink+0x60/0x8c [ 658.503433][ T2051] [] rtnetlink_rcv_msg+0x338/0x9a0 [ 658.504689][ T2051] [] netlink_rcv_skb+0xf8/0x2be [ 658.505873][ T2051] [] rtnetlink_rcv+0x26/0x30 [ 658.507041][ T2051] [] netlink_unicast+0x40e/0x5fe [ 658.508436][ T2051] [] netlink_sendmsg+0x4e0/0x994 [ 658.509618][ T2051] [] sock_sendmsg+0xa0/0xc4 [ 658.511161][ T2051] [] __sys_sendto+0x1f2/0x2e0 [ 658.512837][ T2051] [] sys_sendto+0x3e/0x52 [ 658.514143][ T2051] [] ret_from_syscall+0x0/0x2 [ 658.515679][ T2051] SMP: stopping secondary CPUs [ 658.518176][ T2051] Rebooting in 86400 seconds.. VM DIAGNOSIS: 06:05:37 Registers: info registers vcpu 0 pc ffffffff80dc337e mhartid 0000000000000000 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80123808 sepc ffffffff82b5bdc0 mcause 8000000000000003 scause 8000000000000009 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc337e x2/sp ffffaf800bd85ef0 x3/gp ffffffff85863ac0 x4/tp ffffaf800edae100 x5/t0 ffffffff86bcb657 x6/t1 60a382434aaa3800 x7/t2 0000000000000000 x8/s0 ffffaf800bd85f20 x9/s1 ffffffff86e58900 x10/a0 ffffffff86e58948 x11/a1 ffff8f800066c000 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc2ca x18/s2 ffff8f800066c000 x19/s3 000000000000006e x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb67d x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0017b0b8c x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80119d56 mhartid 0000000000000001 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80010124 sepc ffffffff8010b26a mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8011243a x2/sp ffffaf80207c78d0 x3/gp ffffffff85863ac0 x4/tp ffffaf80113348c0 x5/t0 ffffaf800cf03530 x6/t1 60a382434aaa3800 x7/t2 ffffffffffffffff x8/s0 ffffaf80207c78d0 x9/s1 0000000000001000 x10/a0 ffffffff85899680 x11/a1 0000000000000007 x12/a2 0000000000000010 x13/a3 ffffffff801165c2 x14/a4 60a382434aaa3800 x15/a5 ffffffff86c1a628 x16/a6 0000000000f00000 x17/a7 ffffffff8176b8f4 x18/s2 ffffaf805a9f5b10 x19/s3 ffffffff838a05a0 x20/s4 ffffffff838a0620 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 0000000000000122 x24/s8 ffffffff85889780 x25/s9 1ffff5f0040f8f5c x26/s10 ffffffff850d46d8 x27/s11 ffffaf80113358c0 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0040f8f2c x31/t6 0000000000040000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000