syzkaller login: [ 291.190693][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 291.235156][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 291.291260][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 291.334868][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:10590' (ECDSA) to the list of known hosts. 1970/01/01 00:05:32 fuzzer started 1970/01/01 00:05:50 dialing manager at localhost:38153 [ 358.580001][ T2025] cgroup: Unknown subsys name 'net' [ 359.694620][ T2025] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:59 syscalls: 2853 1970/01/01 00:05:59 code coverage: enabled 1970/01/01 00:05:59 comparison tracing: enabled 1970/01/01 00:05:59 extra coverage: enabled 1970/01/01 00:05:59 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:59 setuid sandbox: enabled 1970/01/01 00:05:59 namespace sandbox: enabled 1970/01/01 00:05:59 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:59 fault injection: enabled 1970/01/01 00:05:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:59 net packet injection: enabled 1970/01/01 00:05:59 net device setup: enabled 1970/01/01 00:05:59 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:59 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:59 USB emulation: enabled 1970/01/01 00:05:59 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:59 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:59 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:59 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:05 fetching corpus: 50, signal 35272/38791 (executing program) 1970/01/01 00:06:08 fetching corpus: 99, signal 50335/55270 (executing program) 1970/01/01 00:06:12 fetching corpus: 147, signal 64332/70496 (executing program) 1970/01/01 00:06:14 fetching corpus: 196, signal 70047/77536 (executing program) 1970/01/01 00:06:18 fetching corpus: 246, signal 75400/84100 (executing program) 1970/01/01 00:06:20 fetching corpus: 295, signal 84609/94237 (executing program) 1970/01/01 00:06:23 fetching corpus: 343, signal 94402/104841 (executing program) 1970/01/01 00:06:27 fetching corpus: 392, signal 103785/114956 (executing program) 1970/01/01 00:06:32 fetching corpus: 441, signal 108459/120563 (executing program) 1970/01/01 00:06:34 fetching corpus: 490, signal 111361/124435 (executing program) 1970/01/01 00:06:36 fetching corpus: 540, signal 114362/128376 (executing program) 1970/01/01 00:06:38 fetching corpus: 590, signal 118183/133010 (executing program) 1970/01/01 00:06:41 fetching corpus: 640, signal 122856/138339 (executing program) 1970/01/01 00:06:43 fetching corpus: 689, signal 125418/141802 (executing program) 1970/01/01 00:06:45 fetching corpus: 738, signal 130108/147080 (executing program) 1970/01/01 00:06:47 fetching corpus: 787, signal 132260/150021 (executing program) 1970/01/01 00:06:49 fetching corpus: 835, signal 136550/154877 (executing program) 1970/01/01 00:06:53 fetching corpus: 885, signal 141798/160421 (executing program) 1970/01/01 00:06:55 fetching corpus: 933, signal 144286/163564 (executing program) 1970/01/01 00:06:58 fetching corpus: 983, signal 148084/167738 (executing program) 1970/01/01 00:07:01 fetching corpus: 1032, signal 153055/172872 (executing program) 1970/01/01 00:07:02 fetching corpus: 1080, signal 155570/175844 (executing program) 1970/01/01 00:07:05 fetching corpus: 1130, signal 157170/178067 (executing program) 1970/01/01 00:07:07 fetching corpus: 1179, signal 159115/180553 (executing program) 1970/01/01 00:07:09 fetching corpus: 1229, signal 161360/183229 (executing program) 1970/01/01 00:07:11 fetching corpus: 1279, signal 165721/187557 (executing program) 1970/01/01 00:07:13 fetching corpus: 1329, signal 168471/190527 (executing program) 1970/01/01 00:07:17 fetching corpus: 1378, signal 170819/193226 (executing program) 1970/01/01 00:07:19 fetching corpus: 1428, signal 172509/195272 (executing program) 1970/01/01 00:07:22 fetching corpus: 1478, signal 174375/197432 (executing program) 1970/01/01 00:07:24 fetching corpus: 1528, signal 175790/199291 (executing program) 1970/01/01 00:07:27 fetching corpus: 1577, signal 177958/201680 (executing program) 1970/01/01 00:07:29 fetching corpus: 1627, signal 179624/203646 (executing program) 1970/01/01 00:07:32 fetching corpus: 1677, signal 181880/206008 (executing program) 1970/01/01 00:07:34 fetching corpus: 1727, signal 184107/208309 (executing program) 1970/01/01 00:07:36 fetching corpus: 1776, signal 185896/210266 (executing program) 1970/01/01 00:07:39 fetching corpus: 1826, signal 187571/212154 (executing program) 1970/01/01 00:07:43 fetching corpus: 1876, signal 190041/214589 (executing program) 1970/01/01 00:07:46 fetching corpus: 1926, signal 191918/216565 (executing program) 1970/01/01 00:07:49 fetching corpus: 1976, signal 193923/218643 (executing program) 1970/01/01 00:07:54 fetching corpus: 2025, signal 197386/221667 (executing program) 1970/01/01 00:07:57 fetching corpus: 2073, signal 199142/223466 (executing program) 1970/01/01 00:08:01 fetching corpus: 2123, signal 200499/224940 (executing program) 1970/01/01 00:08:03 fetching corpus: 2172, signal 203247/227357 (executing program) 1970/01/01 00:08:05 fetching corpus: 2222, signal 204327/228604 (executing program) 1970/01/01 00:08:08 fetching corpus: 2272, signal 205573/229996 (executing program) 1970/01/01 00:08:11 fetching corpus: 2322, signal 207158/231522 (executing program) 1970/01/01 00:08:14 fetching corpus: 2371, signal 208804/233127 (executing program) 1970/01/01 00:08:18 fetching corpus: 2421, signal 211827/235602 (executing program) 1970/01/01 00:08:24 fetching corpus: 2470, signal 215200/238289 (executing program) 1970/01/01 00:08:28 fetching corpus: 2519, signal 216675/239633 (executing program) 1970/01/01 00:08:30 fetching corpus: 2569, signal 217822/240811 (executing program) 1970/01/01 00:08:33 fetching corpus: 2619, signal 219520/242300 (executing program) 1970/01/01 00:08:36 fetching corpus: 2669, signal 221365/243846 (executing program) 1970/01/01 00:08:39 fetching corpus: 2719, signal 223232/245389 (executing program) 1970/01/01 00:08:42 fetching corpus: 2769, signal 224813/246724 (executing program) 1970/01/01 00:08:44 fetching corpus: 2819, signal 226012/247812 (executing program) 1970/01/01 00:08:47 fetching corpus: 2869, signal 227749/249176 (executing program) 1970/01/01 00:08:50 fetching corpus: 2919, signal 228681/250056 (executing program) 1970/01/01 00:08:53 fetching corpus: 2968, signal 230698/251514 (executing program) 1970/01/01 00:08:55 fetching corpus: 3018, signal 232239/252740 (executing program) 1970/01/01 00:08:58 fetching corpus: 3068, signal 233046/253543 (executing program) 1970/01/01 00:09:01 fetching corpus: 3117, signal 234205/254489 (executing program) 1970/01/01 00:09:04 fetching corpus: 3167, signal 235907/255754 (executing program) 1970/01/01 00:09:06 fetching corpus: 3217, signal 236926/256556 (executing program) 1970/01/01 00:09:08 fetching corpus: 3267, signal 238725/257825 (executing program) 1970/01/01 00:09:11 fetching corpus: 3317, signal 240620/259053 (executing program) 1970/01/01 00:09:13 fetching corpus: 3367, signal 241998/260013 (executing program) 1970/01/01 00:09:15 fetching corpus: 3417, signal 243242/260897 (executing program) 1970/01/01 00:09:19 fetching corpus: 3467, signal 246412/262674 (executing program) 1970/01/01 00:09:22 fetching corpus: 3517, signal 247113/263198 (executing program) 1970/01/01 00:09:24 fetching corpus: 3564, signal 247830/263794 (executing program) 1970/01/01 00:09:26 fetching corpus: 3614, signal 248859/264500 (executing program) 1970/01/01 00:09:28 fetching corpus: 3663, signal 250327/265369 (executing program) 1970/01/01 00:09:32 fetching corpus: 3713, signal 251718/266190 (executing program) 1970/01/01 00:09:34 fetching corpus: 3761, signal 252852/266893 (executing program) 1970/01/01 00:09:36 fetching corpus: 3810, signal 254636/267919 (executing program) 1970/01/01 00:09:39 fetching corpus: 3860, signal 255531/268449 (executing program) 1970/01/01 00:09:42 fetching corpus: 3908, signal 256815/269166 (executing program) 1970/01/01 00:09:44 fetching corpus: 3957, signal 258108/269906 (executing program) 1970/01/01 00:09:47 fetching corpus: 4007, signal 260711/271138 (executing program) 1970/01/01 00:09:50 fetching corpus: 4056, signal 262526/272028 (executing program) 1970/01/01 00:09:53 fetching corpus: 4104, signal 263767/272632 (executing program) 1970/01/01 00:09:55 fetching corpus: 4154, signal 264318/272933 (executing program) 1970/01/01 00:09:57 fetching corpus: 4204, signal 265195/273371 (executing program) 1970/01/01 00:09:59 fetching corpus: 4253, signal 266510/274010 (executing program) 1970/01/01 00:10:01 fetching corpus: 4301, signal 267046/274289 (executing program) 1970/01/01 00:10:05 fetching corpus: 4351, signal 268076/274727 (executing program) 1970/01/01 00:10:08 fetching corpus: 4400, signal 269207/275239 (executing program) 1970/01/01 00:10:11 fetching corpus: 4449, signal 269861/275557 (executing program) 1970/01/01 00:10:14 fetching corpus: 4499, signal 270975/275978 (executing program) 1970/01/01 00:10:17 fetching corpus: 4549, signal 271650/276294 (executing program) 1970/01/01 00:10:19 fetching corpus: 4599, signal 273094/276854 (executing program) 1970/01/01 00:10:21 fetching corpus: 4649, signal 273576/277062 (executing program) 1970/01/01 00:10:23 fetching corpus: 4699, signal 274312/277309 (executing program) 1970/01/01 00:10:25 fetching corpus: 4749, signal 275282/277607 (executing program) 1970/01/01 00:10:28 fetching corpus: 4798, signal 276314/277937 (executing program) 1970/01/01 00:10:29 fetching corpus: 4813, signal 276510/278005 (executing program) 1970/01/01 00:10:29 fetching corpus: 4813, signal 276510/278027 (executing program) 1970/01/01 00:10:30 fetching corpus: 4813, signal 276510/278041 (executing program) 1970/01/01 00:10:30 fetching corpus: 4813, signal 276510/278067 (executing program) 1970/01/01 00:10:30 fetching corpus: 4813, signal 276510/278081 (executing program) 1970/01/01 00:10:30 fetching corpus: 4813, signal 276510/278095 (executing program) 1970/01/01 00:10:30 fetching corpus: 4813, signal 276510/278116 (executing program) 1970/01/01 00:10:30 fetching corpus: 4813, signal 276510/278127 (executing program) 1970/01/01 00:10:31 fetching corpus: 4813, signal 276510/278139 (executing program) 1970/01/01 00:10:31 fetching corpus: 4813, signal 276510/278154 (executing program) 1970/01/01 00:10:31 fetching corpus: 4813, signal 276510/278168 (executing program) 1970/01/01 00:10:31 fetching corpus: 4813, signal 276510/278182 (executing program) 1970/01/01 00:10:31 fetching corpus: 4813, signal 276510/278190 (executing program) 1970/01/01 00:10:31 fetching corpus: 4813, signal 276510/278211 (executing program) 1970/01/01 00:10:32 fetching corpus: 4813, signal 276510/278227 (executing program) 1970/01/01 00:10:32 fetching corpus: 4813, signal 276510/278242 (executing program) 1970/01/01 00:10:32 fetching corpus: 4813, signal 276510/278259 (executing program) 1970/01/01 00:10:32 fetching corpus: 4813, signal 276510/278277 (executing program) 1970/01/01 00:10:32 fetching corpus: 4813, signal 276510/278296 (executing program) 1970/01/01 00:10:32 fetching corpus: 4813, signal 276510/278312 (executing program) 1970/01/01 00:10:32 fetching corpus: 4814, signal 276514/278330 (executing program) 1970/01/01 00:10:32 fetching corpus: 4814, signal 276514/278344 (executing program) 1970/01/01 00:10:33 fetching corpus: 4814, signal 276514/278358 (executing program) 1970/01/01 00:10:33 fetching corpus: 4814, signal 276514/278370 (executing program) 1970/01/01 00:10:33 fetching corpus: 4814, signal 276514/278386 (executing program) 1970/01/01 00:10:33 fetching corpus: 4814, signal 276514/278403 (executing program) 1970/01/01 00:10:33 fetching corpus: 4814, signal 276514/278423 (executing program) 1970/01/01 00:10:33 fetching corpus: 4814, signal 276514/278440 (executing program) 1970/01/01 00:10:33 fetching corpus: 4814, signal 276514/278453 (executing program) 1970/01/01 00:10:34 fetching corpus: 4814, signal 276514/278464 (executing program) 1970/01/01 00:10:34 fetching corpus: 4814, signal 276514/278483 (executing program) 1970/01/01 00:10:34 fetching corpus: 4814, signal 276514/278501 (executing program) 1970/01/01 00:10:34 fetching corpus: 4814, signal 276514/278513 (executing program) 1970/01/01 00:10:34 fetching corpus: 4814, signal 276514/278525 (executing program) 1970/01/01 00:10:34 fetching corpus: 4814, signal 276514/278540 (executing program) 1970/01/01 00:10:34 fetching corpus: 4814, signal 276514/278558 (executing program) 1970/01/01 00:10:35 fetching corpus: 4814, signal 276514/278573 (executing program) 1970/01/01 00:10:35 fetching corpus: 4814, signal 276514/278595 (executing program) 1970/01/01 00:10:35 fetching corpus: 4814, signal 276515/278614 (executing program) 1970/01/01 00:10:35 fetching corpus: 4814, signal 276515/278631 (executing program) 1970/01/01 00:10:35 fetching corpus: 4814, signal 276515/278648 (executing program) 1970/01/01 00:10:35 fetching corpus: 4814, signal 276515/278659 (executing program) 1970/01/01 00:10:35 fetching corpus: 4814, signal 276515/278659 (executing program) 1970/01/01 00:12:30 starting 2 fuzzer processes 00:12:31 executing program 0: r0 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000001680)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}}}]}}]}}, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x1a, 0x1, 0xa9, 0x0, 0xbfd, 0x12, 0xce2f, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xcb, 0x24, 0x7a}}]}}]}}, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f00000015c0)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}}}}}]}}, 0x0) syz_usb_ep_write(r0, 0xff, 0x0, 0x0) 00:12:31 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, &(0x7f00000017c0)) mount(&(0x7f0000000080)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1048, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) r1 = getuid() r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000020c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESHEX=r1, @ANYBLOB=',group_id=', @ANYRESDEC=r0]) umount2(&(0x7f0000000100)='./file0\x00', 0x0) [ 782.530623][ T2039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 782.619980][ T2039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 785.060951][ T2038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 785.170032][ T2038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 795.238099][ T2039] device hsr_slave_0 entered promiscuous mode [ 795.387391][ T2039] device hsr_slave_1 entered promiscuous mode [ 798.030315][ T2038] device hsr_slave_0 entered promiscuous mode [ 798.087197][ T2038] device hsr_slave_1 entered promiscuous mode [ 798.108112][ T2038] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 798.111701][ T2038] Cannot create hsr debugfs directory [ 805.499185][ T2039] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 805.747284][ T2039] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 805.880554][ T2039] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 806.255164][ T2039] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 806.376386][ C0] ================================================================== [ 806.377818][ C0] BUG: KASAN: slab-out-of-bounds in __bfs+0x154/0x394 [ 806.379380][ C0] Read of size 8 at addr ffffaf801436fbf0 by task syz-executor.0/2039 [ 806.380554][ C0] [ 806.381704][ C0] CPU: 0 PID: 2039 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 806.384605][ C0] Hardware name: riscv-virtio,qemu (DT) [ 806.386472][ C0] Call Trace: [ 806.387788][ C0] [] dump_backtrace+0x2e/0x3c [ 806.389065][ C0] [] show_stack+0x34/0x40 [ 806.390230][ C0] [] dump_stack_lvl+0xe4/0x150 [ 806.391410][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 806.393878][ C0] [] kasan_report+0x184/0x1e0 [ 806.395276][ C0] [] __asan_load8+0x6e/0x96 [ 806.396488][ C0] [] __bfs+0x154/0x394 [ 806.397586][ C0] [] check_path.constprop.0+0x24/0x46 [ 806.398780][ C0] [] check_noncircular+0x11a/0x1fe [ 806.399995][ C0] [] __lock_acquire+0x19a4/0x333e [ 806.401180][ C0] [] lock_acquire.part.0+0x1d0/0x424 [ 806.402502][ C0] [] lock_acquire+0x54/0x6a [ 806.403710][ C0] [] get_page_from_freelist+0xbc2/0x12d8 [ 806.405030][ C0] [ 806.405778][ C0] Allocated by task 2039: [ 806.406897][ C0] stack_trace_save+0xa6/0xd8 [ 806.407980][ C0] kasan_save_stack+0x2c/0x58 [ 806.408915][ C0] __kasan_kmalloc+0x80/0xb2 [ 806.409848][ C0] __kmalloc+0x190/0x318 [ 806.410748][ C0] kzalloc.constprop.0+0x24/0x2e [ 806.411640][ C0] __register_sysctl_table+0xfc/0xcb0 [ 806.413156][ C0] register_net_sysctl+0x23e/0x2f6 [ 806.414613][ C0] neigh_sysctl_register+0x21e/0x380 [ 806.415635][ C0] devinet_sysctl_register+0x9e/0x142 [ 806.416607][ C0] inetdev_init+0x1d8/0x3d8 [ 806.417495][ C0] inetdev_event+0x88c/0xe9e [ 806.418360][ C0] notifier_call_chain+0xb8/0x188 [ 806.419268][ C0] raw_notifier_call_chain+0x2a/0x38 [ 806.420154][ C0] call_netdevice_notifiers_info+0x9e/0x10c [ 806.421003][ C0] register_netdevice+0xae8/0xc6a [ 806.421929][ C0] hsr_dev_finalize+0x2f4/0x41c [ 806.423202][ C0] hsr_newlink+0x21c/0x3e4 [ 806.424320][ C0] __rtnl_newlink+0xc16/0xfa0 [ 806.425198][ C0] rtnl_newlink+0x60/0x8c [ 806.426185][ C0] rtnetlink_rcv_msg+0x338/0x9a0 [ 806.427199][ C0] netlink_rcv_skb+0xf8/0x2be [ 806.428130][ C0] rtnetlink_rcv+0x26/0x30 [ 806.429101][ C0] netlink_unicast+0x40e/0x5fe [ 806.430087][ C0] netlink_sendmsg+0x4e0/0x994 [ 806.431000][ C0] sock_sendmsg+0xa0/0xc4 [ 806.432146][ C0] __sys_sendto+0x1f2/0x2e0 [ 806.433482][ C0] sys_sendto+0x3e/0x52 [ 806.434833][ C0] ret_from_syscall+0x0/0x2 [ 806.435908][ C0] [ 806.436521][ C0] The buggy address belongs to the object at ffffaf801436f800 [ 806.436521][ C0] which belongs to the cache kmalloc-1k of size 1024 [ 806.438169][ C0] The buggy address is located 1008 bytes inside of [ 806.438169][ C0] 1024-byte region [ffffaf801436f800, ffffaf801436fc00) [ 806.439840][ C0] The buggy address belongs to the page: [ 806.441223][ C0] page:ffffaf807abf8540 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffffaf801436b000 pfn:0x94568 [ 806.444463][ C0] head:ffffaf807abf8540 order:3 compound_mapcount:0 compound_pincount:0 [ 806.446796][ C0] flags: 0x9000010200(slab|head|section=18|node=0|zone=0) [ 806.449795][ C0] raw: 0000009000010200 ffffaf807a91a8c8 ffffaf807ab275c8 ffffaf8007201dc0 [ 806.451095][ C0] raw: ffffaf801436b000 000000000010000d 00000001ffffffff 0000000000000000 [ 806.452355][ C0] raw: 00000000000007ff [ 806.453764][ C0] page dumped because: kasan: bad access detected [ 806.455582][ C0] page_owner tracks the page as allocated [ 806.456485][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2015, ts 483394907900, free_ts 483110442700 [ 806.458756][ C0] __set_page_owner+0x48/0x136 [ 806.459854][ C0] post_alloc_hook+0xd0/0x10a [ 806.460855][ C0] get_page_from_freelist+0x8da/0x12d8 [ 806.462060][ C0] __alloc_pages+0x150/0x3b6 [ 806.463708][ C0] alloc_pages+0x132/0x2a6 [ 806.464847][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 806.465997][ C0] new_slab+0x76/0x2cc [ 806.466938][ C0] ___slab_alloc+0x56e/0x918 [ 806.467945][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 806.469064][ C0] __kmalloc_node_track_caller+0x26c/0x362 [ 806.470182][ C0] __alloc_skb+0xee/0x2e4 [ 806.471089][ C0] __tcp_send_ack.part.0+0x56/0x350 [ 806.472152][ C0] tcp_send_ack+0x60/0x74 [ 806.473485][ C0] tcp_cleanup_rbuf+0x2da/0x318 [ 806.475035][ C0] tcp_recvmsg_locked+0x636/0x13f6 [ 806.476121][ C0] tcp_recvmsg+0x190/0x414 [ 806.477194][ C0] page last free stack trace: [ 806.477952][ C0] __reset_page_owner+0x4a/0xea [ 806.479011][ C0] free_pcp_prepare+0x29c/0x45e [ 806.480027][ C0] free_unref_page+0x6a/0x31e [ 806.481080][ C0] free_compound_page+0x70/0x8a [ 806.482466][ C0] __put_compound_page+0x7c/0xb0 [ 806.484184][ C0] __put_page+0x48/0x100 [ 806.485178][ C0] skb_release_data+0x2f8/0x3c4 [ 806.486214][ C0] __kfree_skb+0x38/0x50 [ 806.487104][ C0] tcp_recvmsg+0x1f2/0x414 [ 806.487934][ C0] inet_recvmsg+0x10a/0x4ba [ 806.488794][ C0] sock_read_iter+0x26c/0x2ba [ 806.489842][ C0] new_sync_read+0x3ae/0x3d8 [ 806.490815][ C0] vfs_read+0x2ce/0x324 [ 806.491824][ C0] ksys_read+0x1c4/0x224 [ 806.493199][ C0] sys_read+0x28/0x36 [ 806.494656][ C0] ret_from_syscall+0x0/0x2 [ 806.495838][ C0] [ 806.496388][ C0] Memory state around the buggy address: [ 806.497412][ C0] ffffaf801436fa80: fc fc fc fc f1 f1 f1 f1 00 f3 f3 f3 fc fc fc fc [ 806.498429][ C0] ffffaf801436fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 806.499399][ C0] >ffffaf801436fb80: 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 fc fc fc fc [ 806.500312][ C0] ^ [ 806.501327][ C0] ffffaf801436fc00: 00 00 00 f3 f3 f3 f3 f3 fc fc fc fc fc fc fc fc [ 806.502661][ C0] ffffaf801436fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 806.504364][ C0] ================================================================== [ 806.506302][ C0] Disabling lock debugging due to kernel taint [ 806.530005][ T2039] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 806.532393][ T2039] CPU: 0 PID: 2039 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 806.533844][ T2039] Hardware name: riscv-virtio,qemu (DT) [ 806.534528][ T2039] Call Trace: [ 806.535102][ T2039] [] dump_backtrace+0x2e/0x3c [ 806.536770][ T2039] [] show_stack+0x34/0x40 [ 806.537922][ T2039] [] dump_stack_lvl+0xe4/0x150 [ 806.539089][ T2039] [] dump_stack+0x1c/0x24 [ 806.540071][ T2039] [] panic+0x24a/0x634 [ 806.540947][ T2039] [] schedule+0x0/0x14c [ 806.541918][ T2039] [] preempt_schedule_common+0x4e/0xde [ 806.543561][ T2039] [] preempt_schedule+0x34/0x36 [ 806.544659][ T2039] [] _raw_spin_unlock_irqrestore+0x8c/0x98 [ 806.545921][ T2039] [] __wake_up_common_lock+0xe4/0x136 [ 806.547101][ T2039] [] __wake_up+0x10/0x18 [ 806.548182][ T2039] [] netlink_broadcast+0x6d0/0xab6 [ 806.549193][ T2039] [] nlmsg_notify+0x78/0x22e [ 806.550178][ T2039] [] rtnl_notify+0x80/0x98 [ 806.551150][ T2039] [] inet_netconf_notify_devconf+0x146/0x264 [ 806.552601][ T2039] [] inetdev_event+0xa88/0xe9e [ 806.554117][ T2039] [] notifier_call_chain+0xb8/0x188 [ 806.555217][ T2039] [] raw_notifier_call_chain+0x2a/0x38 [ 806.556474][ T2039] [] call_netdevice_notifiers_info+0x9e/0x10c [ 806.557805][ T2039] [] dev_change_name+0x366/0x52c [ 806.559278][ T2039] [] do_setlink+0x1c60/0x21c4 [ 806.560653][ T2039] [] __rtnl_newlink+0x99e/0xfa0 [ 806.561684][ T2039] [] rtnl_newlink+0x60/0x8c [ 806.562989][ T2039] [] rtnetlink_rcv_msg+0x338/0x9a0 [ 806.563974][ T2039] [] netlink_rcv_skb+0xf8/0x2be [ 806.564874][ T2039] [] rtnetlink_rcv+0x26/0x30 [ 806.565950][ T2039] [] netlink_unicast+0x40e/0x5fe [ 806.566983][ T2039] [] netlink_sendmsg+0x4e0/0x994 [ 806.568023][ T2039] [] sock_sendmsg+0xa0/0xc4 [ 806.569009][ T2039] [] __sys_sendto+0x1f2/0x2e0 [ 806.569901][ T2039] [] sys_sendto+0x3e/0x52 [ 806.570725][ T2039] [] ret_from_syscall+0x0/0x2 [ 806.571890][ T2039] SMP: stopping secondary CPUs [ 806.574635][ T2039] Rebooting in 86400 seconds.. VM DIAGNOSIS: 14:58:57 Registers: info registers vcpu 0 pc ffffffff80475e78 mhartid 0000000000000000 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff831afd22 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80050322 x2/sp ffffaf801436f8c0 x3/gp ffffffff85863ac0 x4/tp ffffaf800cf23080 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0b180cd x7/t2 0000000000000000 x8/s0 ffffaf801436f900 x9/s1 0000000000000000 x10/a0 ffffffff858c0660 x11/a1 00000000000f0000 x12/a2 0000000000000505 x13/a3 ffffffff80050322 x14/a4 ffffaf800cf23080 x15/a5 0000000000000000 x16/a6 ffffffff858c0660 x17/a7 ffffffff858c066b x18/s2 ffffaf800cf23080 x19/s3 0000000000000001 x20/s4 0000000000000000 x21/s5 ffffffff8588a2a0 x22/s6 ffffffff8588bb20 x23/s7 ffffffff85e09180 x24/s8 ffffaf801436fb00 x25/s9 ffffaf800cf23c28 x26/s10 ffffffff85899680 x27/s11 ffffaf800cf23080 x28/t3 ffffffff801163b2 x29/t4 fffffffef0b180cc x30/t5 fffffffef0b180ce x31/t6 ffffffff858c066c f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff8010b22c mhartid 0000000000000001 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80119b52 sepc ffffffff80119b52 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf800c2db150 x3/gp ffffffff85863ac0 x4/tp ffffaf800cf248c0 x5/t0 0000000000046000 x6/t1 55bec9197cba1f00 x7/t2 ffffffffffffffff x8/s0 ffffaf800c2db160 x9/s1 0000000000001000 x10/a0 0000000000000120 x11/a1 ffffffffffffffff x12/a2 1ffff5f0019e4919 x13/a3 ffffffff80146d84 x14/a4 0000000000010203 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff8018e5f0 x18/s2 ffffaf800c2db280 x19/s3 ffffffff84b73ec0 x20/s4 0000000000000001 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 ffffffff8588df60 x24/s8 ffffffff86c1a620 x25/s9 1ffff5f00185b640 x26/s10 ffffffff84a0c5d8 x27/s11 ffffffff8018d8f8 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f00185b614 x31/t6 0000000002ba784d f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000