syzkaller login: [ 264.405497][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 264.526089][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 264.579748][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 281.904949][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:44677' (ECDSA) to the list of known hosts. 1970/01/01 00:05:41 fuzzer started 1970/01/01 00:05:55 dialing manager at localhost:43965 [ 360.887296][ T2034] cgroup: Unknown subsys name 'net' [ 362.060960][ T2034] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:01 syscalls: 2918 1970/01/01 00:06:01 code coverage: enabled 1970/01/01 00:06:01 comparison tracing: enabled 1970/01/01 00:06:01 extra coverage: enabled 1970/01/01 00:06:01 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:01 setuid sandbox: enabled 1970/01/01 00:06:01 namespace sandbox: enabled 1970/01/01 00:06:01 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:01 fault injection: enabled 1970/01/01 00:06:01 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:01 net packet injection: enabled 1970/01/01 00:06:01 net device setup: enabled 1970/01/01 00:06:01 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:01 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:01 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:01 USB emulation: enabled 1970/01/01 00:06:01 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:01 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:01 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:02 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:07 fetching corpus: 50, signal 35790/38646 (executing program) 1970/01/01 00:06:10 fetching corpus: 99, signal 46856/50566 (executing program) 1970/01/01 00:06:15 fetching corpus: 149, signal 53772/58292 (executing program) 1970/01/01 00:06:17 fetching corpus: 198, signal 58425/63735 (executing program) 1970/01/01 00:06:21 fetching corpus: 246, signal 65858/71571 (executing program) 1970/01/01 00:06:26 fetching corpus: 296, signal 70609/76743 (executing program) 1970/01/01 00:06:29 fetching corpus: 344, signal 76736/82937 (executing program) 1970/01/01 00:06:31 fetching corpus: 392, signal 81102/87360 (executing program) 1970/01/01 00:06:35 fetching corpus: 442, signal 85874/92056 (executing program) 1970/01/01 00:06:39 fetching corpus: 492, signal 89104/95369 (executing program) 1970/01/01 00:06:41 fetching corpus: 540, signal 91021/97483 (executing program) 1970/01/01 00:06:43 fetching corpus: 590, signal 94344/100647 (executing program) 1970/01/01 00:06:46 fetching corpus: 639, signal 97055/103223 (executing program) 1970/01/01 00:06:50 fetching corpus: 689, signal 100977/106642 (executing program) 1970/01/01 00:06:53 fetching corpus: 739, signal 103813/109119 (executing program) 1970/01/01 00:06:56 fetching corpus: 789, signal 105827/110894 (executing program) 1970/01/01 00:07:01 fetching corpus: 839, signal 107930/112696 (executing program) 1970/01/01 00:07:05 fetching corpus: 888, signal 110462/114733 (executing program) 1970/01/01 00:07:08 fetching corpus: 937, signal 112538/116383 (executing program) 1970/01/01 00:07:13 fetching corpus: 987, signal 114665/117963 (executing program) 1970/01/01 00:07:16 fetching corpus: 1037, signal 117420/119921 (executing program) 1970/01/01 00:07:19 fetching corpus: 1087, signal 119567/121394 (executing program) 1970/01/01 00:07:22 fetching corpus: 1135, signal 121132/122434 (executing program) 1970/01/01 00:07:23 fetching corpus: 1138, signal 121554/122771 (executing program) 1970/01/01 00:07:23 fetching corpus: 1138, signal 121554/122827 (executing program) 1970/01/01 00:07:23 fetching corpus: 1138, signal 121556/122874 (executing program) 1970/01/01 00:07:23 fetching corpus: 1138, signal 121556/122923 (executing program) 1970/01/01 00:07:23 fetching corpus: 1138, signal 121556/122969 (executing program) 1970/01/01 00:07:23 fetching corpus: 1138, signal 121558/123023 (executing program) 1970/01/01 00:07:24 fetching corpus: 1138, signal 121558/123078 (executing program) 1970/01/01 00:07:24 fetching corpus: 1138, signal 121558/123119 (executing program) 1970/01/01 00:07:24 fetching corpus: 1138, signal 121558/123169 (executing program) 1970/01/01 00:07:24 fetching corpus: 1138, signal 121558/123217 (executing program) 1970/01/01 00:07:24 fetching corpus: 1138, signal 121558/123277 (executing program) 1970/01/01 00:07:24 fetching corpus: 1138, signal 121558/123326 (executing program) 1970/01/01 00:07:24 fetching corpus: 1138, signal 121558/123358 (executing program) 1970/01/01 00:07:24 fetching corpus: 1138, signal 121558/123408 (executing program) 1970/01/01 00:07:25 fetching corpus: 1138, signal 121558/123467 (executing program) 1970/01/01 00:07:25 fetching corpus: 1138, signal 121558/123505 (executing program) 1970/01/01 00:07:25 fetching corpus: 1138, signal 121558/123541 (executing program) 1970/01/01 00:07:25 fetching corpus: 1138, signal 121558/123605 (executing program) 1970/01/01 00:07:26 fetching corpus: 1138, signal 121558/123647 (executing program) 1970/01/01 00:07:26 fetching corpus: 1138, signal 121558/123691 (executing program) 1970/01/01 00:07:26 fetching corpus: 1138, signal 121558/123738 (executing program) 1970/01/01 00:07:26 fetching corpus: 1138, signal 121558/123781 (executing program) 1970/01/01 00:07:26 fetching corpus: 1138, signal 121558/123844 (executing program) 1970/01/01 00:07:26 fetching corpus: 1138, signal 121558/123891 (executing program) 1970/01/01 00:07:27 fetching corpus: 1138, signal 121558/123935 (executing program) 1970/01/01 00:07:27 fetching corpus: 1138, signal 121558/123986 (executing program) 1970/01/01 00:07:27 fetching corpus: 1138, signal 121558/124053 (executing program) 1970/01/01 00:07:27 fetching corpus: 1138, signal 121558/124096 (executing program) 1970/01/01 00:07:27 fetching corpus: 1138, signal 121558/124151 (executing program) 1970/01/01 00:07:27 fetching corpus: 1138, signal 121558/124207 (executing program) 1970/01/01 00:07:28 fetching corpus: 1138, signal 121558/124250 (executing program) 1970/01/01 00:07:28 fetching corpus: 1138, signal 121558/124306 (executing program) 1970/01/01 00:07:28 fetching corpus: 1138, signal 121558/124362 (executing program) 1970/01/01 00:07:28 fetching corpus: 1138, signal 121558/124422 (executing program) 1970/01/01 00:07:28 fetching corpus: 1138, signal 121558/124479 (executing program) 1970/01/01 00:07:28 fetching corpus: 1138, signal 121558/124537 (executing program) 1970/01/01 00:07:28 fetching corpus: 1138, signal 121558/124582 (executing program) 1970/01/01 00:07:29 fetching corpus: 1138, signal 121558/124622 (executing program) 1970/01/01 00:07:29 fetching corpus: 1138, signal 121558/124643 (executing program) 1970/01/01 00:07:29 fetching corpus: 1138, signal 121558/124643 (executing program) 1970/01/01 00:09:21 starting 2 fuzzer processes 00:09:22 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x599b, 0x9, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000080), &(0x7f00000001c0)=@tcp6}, 0x20) 00:09:22 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, 0x0, 0x0) [ 587.998186][ T2041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 588.557747][ T2041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 588.677765][ T2042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 589.196076][ T2042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 602.626685][ T2041] device hsr_slave_0 entered promiscuous mode [ 602.697552][ T2041] device hsr_slave_1 entered promiscuous mode [ 604.557766][ T2042] device hsr_slave_0 entered promiscuous mode [ 604.604616][ T2042] device hsr_slave_1 entered promiscuous mode [ 604.633277][ T2042] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 604.637420][ T2042] Cannot create hsr debugfs directory [ 608.649480][ T2041] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 608.653656][ T2041] CPU: 0 PID: 2041 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 608.655938][ T2041] Hardware name: riscv-virtio,qemu (DT) [ 608.657709][ T2041] Call Trace: [ 608.658740][ T2041] [] dump_backtrace+0x2e/0x3c [ 608.659978][ T2041] [] show_stack+0x34/0x40 [ 608.660983][ T2041] [] dump_stack_lvl+0xe4/0x150 [ 608.662679][ T2041] [] dump_stack+0x1c/0x24 [ 608.663854][ T2041] [] panic+0x24a/0x634 [ 608.664851][ T2041] [] schedule+0x0/0x14c [ 608.665974][ T2041] [] preempt_schedule_common+0x4e/0xde [ 608.667150][ T2041] [] preempt_schedule+0x34/0x36 [ 608.668346][ T2041] [] __slab_alloc.constprop.0+0x8a/0x8c [ 608.669486][ T2041] [] kmem_cache_alloc_node+0x1f2/0x41c [ 608.670610][ T2041] [] __alloc_skb+0x234/0x2e4 [ 608.672235][ T2041] [] alloc_uevent_skb+0x68/0x11e [ 608.673938][ T2041] [] kobject_uevent_env+0xc3a/0xdfe [ 608.675262][ T2041] [] kobject_uevent+0x22/0x2e [ 608.676429][ T2041] [] netdev_queue_update_kobjects+0x322/0x3ba [ 608.677733][ T2041] [] netdev_register_kobject+0x1d4/0x208 [ 608.679293][ T2041] [] register_netdevice+0x8ee/0xc6a [ 608.680466][ T2041] [] veth_newlink+0x30e/0x7dc [ 608.682084][ T2041] [] __rtnl_newlink+0xc16/0xfa0 [ 608.683652][ T2041] [] rtnl_newlink+0x60/0x8c [ 608.684730][ T2041] [] rtnetlink_rcv_msg+0x338/0x9a0 [ 608.685889][ T2041] [] netlink_rcv_skb+0xf8/0x2be [ 608.686953][ T2041] [] rtnetlink_rcv+0x26/0x30 [ 608.688052][ T2041] [] netlink_unicast+0x40e/0x5fe [ 608.689145][ T2041] [] netlink_sendmsg+0x4e0/0x994 [ 608.690160][ T2041] [] sock_sendmsg+0xa0/0xc4 [ 608.691552][ T2041] [] __sys_sendto+0x1f2/0x2e0 [ 608.693145][ T2041] [] sys_sendto+0x3e/0x52 [ 608.694174][ T2041] [] ret_from_syscall+0x0/0x2 [ 608.695635][ T2041] SMP: stopping secondary CPUs [ 608.698051][ T2041] Rebooting in 86400 seconds.. VM DIAGNOSIS: 04:49:19 Registers: info registers vcpu 0 pc ffffffff8010b250 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a2 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80122674 sepc ffffffff831afd22 mcause 8000000000000003 scause 8000000000000009 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a197a x2/sp ffffaf800f1fe180 x3/gp ffffffff85863ac0 x4/tp ffffaf80093c3080 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef01e3fc38 x7/t2 0000000000000000 x8/s0 ffffaf800f1fe190 x9/s1 ffffaf80093c3ac8 x10/a0 0000000000000020 x11/a1 00000000000f0000 x12/a2 0000000000000002 x13/a3 0000000000000000 x14/a4 0000000000000001 x15/a5 ffffaf805a9c8840 x16/a6 0000000000f00000 x17/a7 ffffaf800f1fe1c7 x18/s2 0000000000000000 x19/s3 ffffffff84b73ec0 x20/s4 ffffaf80093c4080 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 0000000000000020 x24/s8 ffffffff86c1a620 x25/s9 0000000000000002 x26/s10 ffffffff858655c0 x27/s11 ffffffff850d8410 x28/t3 fffffffff3f3f300 x29/t4 fffff5ef01e3fc38 x30/t5 fffff5ef01e3fc39 x31/t6 ffffaf800f1fe1d8 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff802010e8 mhartid 0000000000000001 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000ff08 sepc ffffffff80173f70 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff800e6100 x2/sp ffffaf801097ef30 x3/gp ffffffff85863ac0 x4/tp ffffaf800ef148c0 x5/t0 ffffaf800ecf7e00 x6/t1 a133c0b8f81c2000 x7/t2 52ca950f9745c20e x8/s0 ffffaf801097ef30 x9/s1 ffffaf800ef149b8 x10/a0 ffffaf805a9f4d70 x11/a1 0000000000000007 x12/a2 1ffff5f001de2932 x13/a3 ffffffff800e073a x14/a4 0000000000000000 x15/a5 0000000000000001 x16/a6 0000000000f00000 x17/a7 aba50f50ea800000 x18/s2 0000000000000002 x19/s3 ffffaf805a9f4c98 x20/s4 0000008db6b94c88 x21/s5 0000000000000000 x22/s6 0000000000000001 x23/s7 0000000000000b7d x24/s8 0000000000000003 x25/s9 0000000000000000 x26/s10 ffffffff8362696c x27/s11 00000000013c4a50 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f00212fd9c x31/t6 ffffaf800ecf7e18 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000