syzkaller login: [ 278.199060][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 278.305423][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 278.341673][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 289.309080][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:2320' (ECDSA) to the list of known hosts. 1970/01/01 00:05:28 fuzzer started 1970/01/01 00:05:40 dialing manager at localhost:42553 [ 349.026040][ T2025] cgroup: Unknown subsys name 'net' [ 350.199181][ T2025] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:50 syscalls: 2821 1970/01/01 00:05:50 code coverage: enabled 1970/01/01 00:05:50 comparison tracing: enabled 1970/01/01 00:05:50 extra coverage: enabled 1970/01/01 00:05:50 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:50 setuid sandbox: enabled 1970/01/01 00:05:50 namespace sandbox: enabled 1970/01/01 00:05:50 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:50 fault injection: enabled 1970/01/01 00:05:50 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:50 net packet injection: enabled 1970/01/01 00:05:50 net device setup: enabled 1970/01/01 00:05:50 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:50 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:50 USB emulation: enabled 1970/01/01 00:05:50 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:50 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:50 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:50 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:05:56 fetching corpus: 50, signal 36910/40217 (executing program) 1970/01/01 00:06:01 fetching corpus: 100, signal 54256/58706 (executing program) 1970/01/01 00:06:05 fetching corpus: 148, signal 63453/69017 (executing program) 1970/01/01 00:06:07 fetching corpus: 198, signal 73194/79727 (executing program) 1970/01/01 00:06:10 fetching corpus: 246, signal 80206/87674 (executing program) 1970/01/01 00:06:12 fetching corpus: 296, signal 84786/93138 (executing program) 1970/01/01 00:06:15 fetching corpus: 346, signal 91774/100798 (executing program) 1970/01/01 00:06:18 fetching corpus: 396, signal 96467/106227 (executing program) 1970/01/01 00:06:24 fetching corpus: 446, signal 99630/110225 (executing program) 1970/01/01 00:06:27 fetching corpus: 495, signal 103598/114856 (executing program) 1970/01/01 00:06:32 fetching corpus: 545, signal 107371/119241 (executing program) 1970/01/01 00:06:34 fetching corpus: 592, signal 111307/123651 (executing program) 1970/01/01 00:06:38 fetching corpus: 642, signal 114487/127279 (executing program) 1970/01/01 00:06:41 fetching corpus: 692, signal 120510/133411 (executing program) 1970/01/01 00:06:44 fetching corpus: 740, signal 123129/136474 (executing program) 1970/01/01 00:06:47 fetching corpus: 790, signal 125449/139277 (executing program) 1970/01/01 00:06:50 fetching corpus: 839, signal 127964/142152 (executing program) 1970/01/01 00:06:52 fetching corpus: 889, signal 132984/147080 (executing program) 1970/01/01 00:06:55 fetching corpus: 939, signal 137418/151364 (executing program) 1970/01/01 00:06:58 fetching corpus: 989, signal 139857/154048 (executing program) 1970/01/01 00:07:01 fetching corpus: 1039, signal 145534/159209 (executing program) 1970/01/01 00:07:04 fetching corpus: 1089, signal 149297/162765 (executing program) 1970/01/01 00:07:06 fetching corpus: 1138, signal 152113/165553 (executing program) 1970/01/01 00:07:09 fetching corpus: 1187, signal 153684/167336 (executing program) 1970/01/01 00:07:11 fetching corpus: 1236, signal 155409/169202 (executing program) 1970/01/01 00:07:14 fetching corpus: 1285, signal 157582/171401 (executing program) 1970/01/01 00:07:17 fetching corpus: 1335, signal 160270/173933 (executing program) 1970/01/01 00:07:18 fetching corpus: 1384, signal 161539/175317 (executing program) 1970/01/01 00:07:22 fetching corpus: 1434, signal 165103/178375 (executing program) 1970/01/01 00:07:24 fetching corpus: 1484, signal 166522/179802 (executing program) 1970/01/01 00:07:28 fetching corpus: 1534, signal 168355/181509 (executing program) 1970/01/01 00:07:30 fetching corpus: 1584, signal 169771/182898 (executing program) 1970/01/01 00:07:35 fetching corpus: 1634, signal 171786/184688 (executing program) 1970/01/01 00:07:37 fetching corpus: 1683, signal 173630/186331 (executing program) 1970/01/01 00:07:40 fetching corpus: 1733, signal 174804/187487 (executing program) 1970/01/01 00:07:42 fetching corpus: 1782, signal 177409/189536 (executing program) 1970/01/01 00:07:45 fetching corpus: 1832, signal 179572/191307 (executing program) 1970/01/01 00:07:47 fetching corpus: 1882, signal 181756/192980 (executing program) 1970/01/01 00:07:51 fetching corpus: 1931, signal 183583/194427 (executing program) 1970/01/01 00:07:53 fetching corpus: 1981, signal 184760/195433 (executing program) 1970/01/01 00:07:56 fetching corpus: 2029, signal 185919/196385 (executing program) 1970/01/01 00:08:00 fetching corpus: 2079, signal 186842/197198 (executing program) 1970/01/01 00:08:04 fetching corpus: 2127, signal 187851/198031 (executing program) 1970/01/01 00:08:06 fetching corpus: 2176, signal 189431/199161 (executing program) 1970/01/01 00:08:09 fetching corpus: 2226, signal 191014/200293 (executing program) 1970/01/01 00:08:11 fetching corpus: 2275, signal 192200/201156 (executing program) 1970/01/01 00:08:14 fetching corpus: 2325, signal 193231/201888 (executing program) 1970/01/01 00:08:17 fetching corpus: 2375, signal 194332/202685 (executing program) 1970/01/01 00:08:20 fetching corpus: 2425, signal 195548/203482 (executing program) 1970/01/01 00:08:22 fetching corpus: 2475, signal 197657/204733 (executing program) 1970/01/01 00:08:26 fetching corpus: 2524, signal 201127/206670 (executing program) 1970/01/01 00:08:29 fetching corpus: 2573, signal 202128/207287 (executing program) 1970/01/01 00:08:32 fetching corpus: 2623, signal 203826/208224 (executing program) 1970/01/01 00:08:35 fetching corpus: 2673, signal 205216/208954 (executing program) 1970/01/01 00:08:38 fetching corpus: 2721, signal 207277/209999 (executing program) 1970/01/01 00:08:41 fetching corpus: 2771, signal 208392/210559 (executing program) 1970/01/01 00:08:43 fetching corpus: 2818, signal 209397/211033 (executing program) 1970/01/01 00:08:43 fetching corpus: 2818, signal 209397/211060 (executing program) 1970/01/01 00:08:43 fetching corpus: 2818, signal 209397/211097 (executing program) 1970/01/01 00:08:43 fetching corpus: 2818, signal 209397/211126 (executing program) 1970/01/01 00:08:44 fetching corpus: 2818, signal 209397/211157 (executing program) 1970/01/01 00:08:44 fetching corpus: 2818, signal 209397/211190 (executing program) 1970/01/01 00:08:44 fetching corpus: 2818, signal 209397/211212 (executing program) 1970/01/01 00:08:44 fetching corpus: 2818, signal 209401/211245 (executing program) 1970/01/01 00:08:44 fetching corpus: 2818, signal 209401/211271 (executing program) 1970/01/01 00:08:45 fetching corpus: 2818, signal 209401/211303 (executing program) 1970/01/01 00:08:45 fetching corpus: 2818, signal 209401/211339 (executing program) 1970/01/01 00:08:45 fetching corpus: 2820, signal 209407/211370 (executing program) 1970/01/01 00:08:45 fetching corpus: 2820, signal 209407/211399 (executing program) 1970/01/01 00:08:45 fetching corpus: 2820, signal 209407/211422 (executing program) 1970/01/01 00:08:45 fetching corpus: 2820, signal 209407/211453 (executing program) 1970/01/01 00:08:46 fetching corpus: 2820, signal 209407/211486 (executing program) 1970/01/01 00:08:46 fetching corpus: 2820, signal 209407/211522 (executing program) 1970/01/01 00:08:46 fetching corpus: 2820, signal 209407/211545 (executing program) 1970/01/01 00:08:46 fetching corpus: 2820, signal 209407/211582 (executing program) 1970/01/01 00:08:46 fetching corpus: 2820, signal 209407/211609 (executing program) 1970/01/01 00:08:46 fetching corpus: 2820, signal 209407/211632 (executing program) 1970/01/01 00:08:46 fetching corpus: 2820, signal 209407/211654 (executing program) 1970/01/01 00:08:46 fetching corpus: 2820, signal 209407/211676 (executing program) 1970/01/01 00:08:47 fetching corpus: 2820, signal 209407/211702 (executing program) 1970/01/01 00:08:47 fetching corpus: 2820, signal 209407/211727 (executing program) 1970/01/01 00:08:47 fetching corpus: 2820, signal 209407/211756 (executing program) 1970/01/01 00:08:47 fetching corpus: 2820, signal 209407/211786 (executing program) 1970/01/01 00:08:47 fetching corpus: 2820, signal 209407/211811 (executing program) 1970/01/01 00:08:47 fetching corpus: 2820, signal 209407/211846 (executing program) 1970/01/01 00:08:47 fetching corpus: 2820, signal 209407/211877 (executing program) 1970/01/01 00:08:48 fetching corpus: 2820, signal 209407/211912 (executing program) 1970/01/01 00:08:48 fetching corpus: 2820, signal 209407/211942 (executing program) 1970/01/01 00:08:48 fetching corpus: 2820, signal 209407/211981 (executing program) 1970/01/01 00:08:48 fetching corpus: 2820, signal 209407/212014 (executing program) 1970/01/01 00:08:48 fetching corpus: 2820, signal 209407/212053 (executing program) 1970/01/01 00:08:48 fetching corpus: 2820, signal 209407/212084 (executing program) 1970/01/01 00:08:49 fetching corpus: 2820, signal 209407/212120 (executing program) 1970/01/01 00:08:49 fetching corpus: 2820, signal 209407/212144 (executing program) 1970/01/01 00:08:49 fetching corpus: 2820, signal 209407/212168 (executing program) 1970/01/01 00:08:49 fetching corpus: 2820, signal 209407/212263 (executing program) 1970/01/01 00:08:49 fetching corpus: 2820, signal 209407/212310 (executing program) 1970/01/01 00:08:49 fetching corpus: 2820, signal 209407/212340 (executing program) 1970/01/01 00:08:49 fetching corpus: 2820, signal 209407/212370 (executing program) 1970/01/01 00:08:49 fetching corpus: 2820, signal 209407/212414 (executing program) 1970/01/01 00:08:50 fetching corpus: 2820, signal 209407/212431 (executing program) 1970/01/01 00:08:50 fetching corpus: 2820, signal 209407/212460 (executing program) 1970/01/01 00:08:50 fetching corpus: 2820, signal 209407/212490 (executing program) 1970/01/01 00:08:50 fetching corpus: 2820, signal 209407/212513 (executing program) 1970/01/01 00:08:50 fetching corpus: 2820, signal 209407/212541 (executing program) 1970/01/01 00:08:50 fetching corpus: 2820, signal 209407/212554 (executing program) 1970/01/01 00:08:50 fetching corpus: 2820, signal 209407/212554 (executing program) 1970/01/01 00:10:38 starting 2 fuzzer processes 00:10:38 executing program 0: syz_clone3(&(0x7f0000008740)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x58) 00:10:38 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = fsopen(&(0x7f0000000040)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f0000000140)='./file0\x00') r2 = openat(r1, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) linkat(r2, &(0x7f0000000080)='./file0\x00', r1, &(0x7f00000000c0)='./file1\x00', 0x0) [ 658.083544][ C0] ================================================================== [ 658.087497][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 658.089205][ C0] Read of size 8 at addr ffffaf800eefff90 by task syz-executor.1/2038 [ 658.092042][ C0] [ 658.094064][ C0] CPU: 0 PID: 2038 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 658.095943][ C0] Hardware name: riscv-virtio,qemu (DT) [ 658.097231][ C0] Call Trace: [ 658.098314][ C0] [] dump_backtrace+0x2e/0x3c [ 658.099738][ C0] [] show_stack+0x34/0x40 [ 658.101039][ C0] [] dump_stack_lvl+0xe4/0x150 [ 658.103175][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 658.104869][ C0] [] kasan_report+0x184/0x1e0 [ 658.106329][ C0] [] __asan_load8+0x6e/0x96 [ 658.107704][ C0] [] walk_stackframe+0x11c/0x260 [ 658.109072][ C0] [] arch_stack_walk+0x2c/0x3c [ 658.110436][ C0] [] stack_trace_save+0xa6/0xd8 [ 658.112071][ C0] [ 658.113258][ C0] Allocated by task 1102416563: [ 658.114382][ C0] (stack is not available) [ 658.115271][ C0] [ 658.116049][ C0] Last potentially related work creation: [ 658.117068][ C0] ------------[ cut here ]------------ [ 658.118052][ C0] slab index 1506808 out of bounds (283) for stack id 8456fdf8 [ 658.122734][ C0] WARNING: CPU: 0 PID: 2038 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 658.124651][ C0] Modules linked in: [ 658.125952][ C0] CPU: 0 PID: 2038 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 658.127545][ C0] Hardware name: riscv-virtio,qemu (DT) [ 658.128607][ C0] epc : stack_depot_print+0x66/0x70 [ 658.130048][ C0] ra : stack_depot_print+0x66/0x70 [ 658.131409][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800eeffe20 [ 658.133522][ C0] gp : ffffffff85863ac0 tp : ffffaf800e3e9840 t0 : ffffffff86bcb657 [ 658.135547][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800eeffe30 [ 658.136822][ C0] s1 : ffffaf807aa7c5c0 a0 : 000000000000003c a1 : 00000000000f0000 [ 658.138107][ C0] a2 : 0000000000000504 a3 : ffffffff8012252a a4 : b8ac476a21b24100 [ 658.139691][ C0] a5 : b8ac476a21b24100 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 658.140984][ C0] s2 : ffffaf800eefff90 s3 : ffffaf8007202140 s4 : ffffaf800eefe000 [ 658.142439][ C0] s5 : ffffaf800eeff000 s6 : 0000000000003fff s7 : ffffaf800eefff80 [ 658.144317][ C0] s8 : ffffffff8000a4a4 s9 : ffffffffffffc000 s10: ffffaf800eefffe0 [ 658.145718][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 658.147042][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800eeff918 [ 658.148153][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 658.149659][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 658.151355][ C0] [] kasan_report+0x184/0x1e0 [ 658.153300][ C0] [] __asan_load8+0x6e/0x96 [ 658.154738][ C0] [] walk_stackframe+0x11c/0x260 [ 658.156044][ C0] [] arch_stack_walk+0x2c/0x3c [ 658.157345][ C0] [] stack_trace_save+0xa6/0xd8 [ 658.158968][ C0] irq event stamp: 24511 [ 658.159838][ C0] hardirqs last enabled at (24510): [] ip_finish_output2+0x157a/0x1720 [ 658.161534][ C0] hardirqs last disabled at (24511): [] _raw_spin_lock_irqsave+0x60/0x62 [ 658.164150][ C0] softirqs last enabled at (24452): [] __do_softirq+0x618/0x8fc [ 658.165850][ C0] softirqs last disabled at (24461): [] __irq_exit_rcu+0x142/0x1f8 [ 658.167431][ C0] ---[ end trace 0000000000000000 ]--- [ 658.168895][ C0] [ 658.169701][ C0] Second to last potentially related work creation: [ 658.170728][ C0] ------------[ cut here ]------------ [ 658.171654][ C0] slab index 804714 out of bounds (283) for stack id b8ac476a [ 658.176015][ C0] WARNING: CPU: 0 PID: 2038 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 658.177793][ C0] Modules linked in: [ 658.178966][ C0] CPU: 0 PID: 2038 Comm: syz-executor.1 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 658.180555][ C0] Hardware name: riscv-virtio,qemu (DT) [ 658.181461][ C0] epc : stack_depot_print+0x66/0x70 [ 658.183269][ C0] ra : stack_depot_print+0x66/0x70 [ 658.184587][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800eeffe20 [ 658.185868][ C0] gp : ffffffff85863ac0 tp : ffffaf800e3e9840 t0 : ffffffff86bcb657 [ 658.187078][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800eeffe30 [ 658.188297][ C0] s1 : ffffaf807aa7c5c0 a0 : 000000000000003b a1 : 00000000000f0000 [ 658.189533][ C0] a2 : 0000000000000504 a3 : ffffffff8012252a a4 : b8ac476a21b24100 [ 658.190778][ C0] a5 : b8ac476a21b24100 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 658.191958][ C0] s2 : ffffaf800eefff90 s3 : ffffaf8007202140 s4 : ffffaf800eefe000 [ 658.193904][ C0] s5 : ffffaf800eeff000 s6 : 0000000000003fff s7 : ffffaf800eefff80 [ 658.195170][ C0] s8 : ffffffff8000a4a4 s9 : ffffffffffffc000 s10: ffffaf800eefffe0 [ 658.196400][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 658.197679][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800eeff918 [ 658.198750][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 658.199972][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 658.201624][ C0] [] kasan_report+0x184/0x1e0 [ 658.203858][ C0] [] __asan_load8+0x6e/0x96 [ 658.205164][ C0] [] walk_stackframe+0x11c/0x260 [ 658.206546][ C0] [] arch_stack_walk+0x2c/0x3c [ 658.207825][ C0] [] stack_trace_save+0xa6/0xd8 [ 658.209139][ C0] irq event stamp: 24511 [ 658.209992][ C0] hardirqs last enabled at (24510): [] ip_finish_output2+0x157a/0x1720 [ 658.211488][ C0] hardirqs last disabled at (24511): [] _raw_spin_lock_irqsave+0x60/0x62 [ 658.214436][ C0] softirqs last enabled at (24452): [] __do_softirq+0x618/0x8fc [ 658.215976][ C0] softirqs last disabled at (24461): [] __irq_exit_rcu+0x142/0x1f8 [ 658.217266][ C0] ---[ end trace 0000000000000000 ]--- [ 658.218264][ C0] [ 658.218892][ C0] The buggy address belongs to the object at ffffaf800eefe000 [ 658.218892][ C0] which belongs to the cache kmalloc-4k of size 4096 [ 658.220424][ C0] The buggy address is located 3984 bytes to the right of [ 658.220424][ C0] 4096-byte region [ffffaf800eefe000, ffffaf800eeff000) [ 658.222119][ C0] The buggy address belongs to the page: [ 658.224548][ C0] page:ffffaf807aa7c5c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8f0f8 [ 658.226159][ C0] head:ffffaf807aa7c5c0 order:3 compound_mapcount:0 compound_pincount:0 [ 658.227546][ C0] flags: 0x8800010200(slab|head|section=17|node=0|zone=0) [ 658.229983][ C0] raw: 0000008800010200 0000000000000000 0000000000000122 ffffaf8007202140 [ 658.231359][ C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 658.233104][ C0] raw: 00000000000007ff [ 658.234209][ C0] page dumped because: kasan: bad access detected [ 658.235485][ C0] page_owner tracks the page as allocated [ 658.236221][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2038, ts 652857193100, free_ts 648468481000 [ 658.238403][ C0] __set_page_owner+0x48/0x136 [ 658.239587][ C0] post_alloc_hook+0xd0/0x10a [ 658.240561][ C0] get_page_from_freelist+0x8da/0x12d8 [ 658.241797][ C0] __alloc_pages+0x150/0x3b6 [ 658.243247][ C0] alloc_pages+0x132/0x2a6 [ 658.244302][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 658.245389][ C0] new_slab+0x25a/0x2cc [ 658.246355][ C0] ___slab_alloc+0x56e/0x918 [ 658.247523][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 658.248732][ C0] kmem_cache_alloc_trace+0x2a2/0x2e0 [ 658.249973][ C0] kobject_uevent_env+0x1c6/0xdfe [ 658.251141][ C0] kobject_uevent+0x22/0x2e [ 658.252435][ C0] device_add+0x8de/0x129e [ 658.253932][ C0] netdev_register_kobject+0xcc/0x208 [ 658.255135][ C0] register_netdevice+0x8ee/0xc6a [ 658.256339][ C0] __rtnl_newlink+0xf58/0xfa0 [ 658.257643][ C0] page last free stack trace: [ 658.258485][ C0] __reset_page_owner+0x4a/0xea [ 658.259638][ C0] free_pcp_prepare+0x29c/0x45e [ 658.260767][ C0] free_unref_page+0x6a/0x31e [ 658.262508][ C0] __free_pages+0xe2/0x112 [ 658.264342][ C0] __free_slab+0x122/0x27c [ 658.265977][ C0] discard_slab+0x4c/0x7a [ 658.267255][ C0] __slab_free+0x20a/0x29c [ 658.269083][ C0] ___cache_free+0x17c/0x354 [ 658.270886][ C0] qlist_free_all+0x7c/0x132 [ 658.272186][ C0] kasan_quarantine_reduce+0x14c/0x1c8 [ 658.273867][ C0] __kasan_slab_alloc+0x5c/0x98 [ 658.275172][ C0] __kmalloc+0x156/0x318 [ 658.276352][ C0] tomoyo_realpath_from_path+0x9c/0x3f4 [ 658.277705][ C0] tomoyo_path_perm+0x1fc/0x3a8 [ 658.278881][ C0] tomoyo_inode_getattr+0x1e/0x28 [ 658.280094][ C0] security_inode_getattr+0x82/0xc6 [ 658.281647][ C0] [ 658.282659][ C0] Memory state around the buggy address: [ 658.285248][ C0] ffffaf800eeffe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 658.286652][ C0] ffffaf800eefff00: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 658.287944][ C0] >ffffaf800eefff80: fc fc fc fc 00 00 00 00 f1 f1 f1 f1 00 00 00 f3 [ 658.289139][ C0] ^ [ 658.290261][ C0] ffffaf800ef00000: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 658.291478][ C0] ffffaf800ef00080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 658.293345][ C0] ================================================================== [ 658.295664][ C0] Disabling lock debugging due to kernel taint [ 658.304098][ T2038] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 658.305628][ T2038] CPU: 0 PID: 2038 Comm: syz-executor.1 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 658.307729][ T2038] Hardware name: riscv-virtio,qemu (DT) [ 658.308551][ T2038] Call Trace: [ 658.309262][ T2038] [] dump_backtrace+0x2e/0x3c [ 658.310506][ T2038] [] show_stack+0x34/0x40 [ 658.311586][ T2038] [] dump_stack_lvl+0xe4/0x150 [ 658.313472][ T2038] [] dump_stack+0x1c/0x24 [ 658.314949][ T2038] [] panic+0x24a/0x634 [ 658.316181][ T2038] [] schedule+0x0/0x14c [ 658.317349][ T2038] [] preempt_schedule_irq+0x4a/0x13e [ 658.318733][ T2038] [] resume_kernel+0x16/0x18 [ 658.320193][ T2038] SMP: stopping secondary CPUs [ 658.322790][ T2038] Rebooting in 86400 seconds.. VM DIAGNOSIS: 21:04:49 Registers: info registers vcpu 0 pc ffffffff80474d10 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff804757b8 sepc ffffffff80200f00 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80474cb4 x2/sp ffffaf800eeffe70 x3/gp ffffffff85863ac0 x4/tp ffffaf800e3e9840 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef0b53910c x7/t2 0000000000000000 x8/s0 ffffaf800eeffee0 x9/s1 ffffaf800eefff90 x10/a0 0000000000000043 x11/a1 00000000000f0000 x12/a2 0000000000000504 x13/a3 ffffffff8012252a x14/a4 b8ac476a21b24100 x15/a5 b8ac476a21b24100 x16/a6 0000000000f00000 x17/a7 ffffaf805a9c8863 x18/s2 0000000000000008 x19/s3 ffffffff8000a052 x20/s4 0000000000000000 x21/s5 ffffffff85863560 x22/s6 0000000000003fff x23/s7 ffffaf800eefff80 x24/s8 ffffffff8000a4a4 x25/s9 ffffffffffffc000 x26/s10 ffffaf800eefffe0 x27/s11 0000000000000008 x28/t3 fffffffff3f3f300 x29/t4 fffff5ef0b53910c x30/t5 fffff5ef0b53910d x31/t6 ffffaf800eeff978 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff8010b22c mhartid 0000000000000001 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475986 sepc ffffffff80475986 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf80107b7070 x3/gp ffffffff85863ac0 x4/tp ffffaf800b656100 x5/t0 0000000000046000 x6/t1 0000000100008b75 x7/t2 ffffffffffffffff x8/s0 ffffaf80107b7080 x9/s1 0000000000001000 x10/a0 0000000000000120 x11/a1 ffffffffffffffff x12/a2 1ffff5f00b53eb61 x13/a3 ffffffff8015446c x14/a4 0000000000010201 x15/a5 0000000000000000 x16/a6 ffffaf805a9f59d2 x17/a7 0000000000006c4d x18/s2 ffffffff86c1a620 x19/s3 ffffffff84b787b0 x20/s4 0000000000000001 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 ffffaf805a9f59d8 x24/s8 ffffffff86c1a620 x25/s9 ffffffffffff88de x26/s10 ffffffff858296b8 x27/s11 ffffaf80107b7280 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0020f6e10 x31/t6 0000000001b3ec17 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000