syzkaller login: [ 360.293116][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 360.320866][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 360.366409][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 385.940877][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:12557' (ECDSA) to the list of known hosts. 1970/01/01 00:06:58 fuzzer started 1970/01/01 00:07:11 dialing manager at localhost:37683 [ 436.894002][ T2045] cgroup: Unknown subsys name 'net' [ 438.159610][ T2045] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:07:17 syscalls: 2853 1970/01/01 00:07:17 code coverage: enabled 1970/01/01 00:07:17 comparison tracing: enabled 1970/01/01 00:07:17 extra coverage: enabled 1970/01/01 00:07:18 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:07:18 setuid sandbox: enabled 1970/01/01 00:07:18 namespace sandbox: enabled 1970/01/01 00:07:18 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:07:18 fault injection: enabled 1970/01/01 00:07:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:07:18 net packet injection: enabled 1970/01/01 00:07:18 net device setup: enabled 1970/01/01 00:07:18 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:07:18 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:07:18 USB emulation: enabled 1970/01/01 00:07:18 hci packet injection: /dev/vhci does not exist 1970/01/01 00:07:18 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:07:18 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:07:18 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:07:22 fetching corpus: 49, signal 30065/33743 (executing program) 1970/01/01 00:07:24 fetching corpus: 99, signal 42484/47802 (executing program) 1970/01/01 00:07:27 fetching corpus: 149, signal 52826/59652 (executing program) 1970/01/01 00:07:31 fetching corpus: 199, signal 66853/75011 (executing program) 1970/01/01 00:07:33 fetching corpus: 249, signal 75890/85387 (executing program) 1970/01/01 00:07:37 fetching corpus: 299, signal 85827/96534 (executing program) 1970/01/01 00:07:39 fetching corpus: 349, signal 92575/104514 (executing program) 1970/01/01 00:07:43 fetching corpus: 399, signal 101020/113998 (executing program) 1970/01/01 00:07:47 fetching corpus: 448, signal 107238/121288 (executing program) 1970/01/01 00:07:49 fetching corpus: 497, signal 113136/128230 (executing program) 1970/01/01 00:07:51 fetching corpus: 547, signal 123623/139388 (executing program) 1970/01/01 00:07:53 fetching corpus: 597, signal 127411/144207 (executing program) 1970/01/01 00:07:56 fetching corpus: 647, signal 131190/148961 (executing program) 1970/01/01 00:07:57 fetching corpus: 697, signal 134000/152824 (executing program) 1970/01/01 00:08:00 fetching corpus: 747, signal 137020/156775 (executing program) 1970/01/01 00:08:01 fetching corpus: 797, signal 139560/160312 (executing program) 1970/01/01 00:08:03 fetching corpus: 846, signal 143327/164949 (executing program) 1970/01/01 00:08:06 fetching corpus: 896, signal 149480/171660 (executing program) 1970/01/01 00:08:08 fetching corpus: 944, signal 152952/175973 (executing program) 1970/01/01 00:08:11 fetching corpus: 994, signal 158404/181965 (executing program) 1970/01/01 00:08:13 fetching corpus: 1044, signal 162337/186498 (executing program) 1970/01/01 00:08:16 fetching corpus: 1094, signal 164789/189761 (executing program) 1970/01/01 00:08:18 fetching corpus: 1144, signal 168537/194102 (executing program) 1970/01/01 00:08:21 fetching corpus: 1194, signal 172937/198979 (executing program) 1970/01/01 00:08:24 fetching corpus: 1244, signal 174676/201537 (executing program) 1970/01/01 00:08:26 fetching corpus: 1294, signal 176192/203834 (executing program) 1970/01/01 00:08:28 fetching corpus: 1344, signal 179657/207783 (executing program) 1970/01/01 00:08:30 fetching corpus: 1394, signal 182134/210839 (executing program) 1970/01/01 00:08:35 fetching corpus: 1444, signal 184311/213649 (executing program) 1970/01/01 00:08:37 fetching corpus: 1493, signal 185521/215645 (executing program) 1970/01/01 00:08:39 fetching corpus: 1543, signal 187120/217932 (executing program) 1970/01/01 00:08:42 fetching corpus: 1593, signal 188690/220202 (executing program) 1970/01/01 00:08:45 fetching corpus: 1643, signal 191553/223479 (executing program) 1970/01/01 00:08:47 fetching corpus: 1692, signal 192859/225444 (executing program) 1970/01/01 00:08:49 fetching corpus: 1741, signal 194265/227494 (executing program) 1970/01/01 00:08:52 fetching corpus: 1791, signal 195990/229764 (executing program) 1970/01/01 00:08:54 fetching corpus: 1841, signal 197787/232069 (executing program) 1970/01/01 00:08:57 fetching corpus: 1890, signal 200578/235149 (executing program) 1970/01/01 00:08:59 fetching corpus: 1940, signal 202912/237845 (executing program) 1970/01/01 00:09:01 fetching corpus: 1990, signal 205846/240966 (executing program) 1970/01/01 00:09:03 fetching corpus: 2039, signal 207354/242937 (executing program) 1970/01/01 00:09:05 fetching corpus: 2089, signal 208804/244895 (executing program) 1970/01/01 00:09:08 fetching corpus: 2137, signal 211520/247782 (executing program) 1970/01/01 00:09:11 fetching corpus: 2187, signal 213679/250201 (executing program) 1970/01/01 00:09:14 fetching corpus: 2237, signal 214913/251989 (executing program) 1970/01/01 00:09:16 fetching corpus: 2286, signal 216529/253993 (executing program) 1970/01/01 00:09:18 fetching corpus: 2336, signal 218687/256392 (executing program) 1970/01/01 00:09:20 fetching corpus: 2386, signal 220463/258459 (executing program) 1970/01/01 00:09:23 fetching corpus: 2436, signal 223235/261274 (executing program) 1970/01/01 00:09:25 fetching corpus: 2486, signal 226018/264037 (executing program) 1970/01/01 00:09:27 fetching corpus: 2536, signal 227679/265944 (executing program) 1970/01/01 00:09:29 fetching corpus: 2585, signal 228932/267548 (executing program) 1970/01/01 00:09:32 fetching corpus: 2635, signal 230037/269054 (executing program) 1970/01/01 00:09:34 fetching corpus: 2685, signal 231208/270632 (executing program) 1970/01/01 00:09:37 fetching corpus: 2735, signal 232933/272514 (executing program) 1970/01/01 00:09:39 fetching corpus: 2785, signal 236078/275389 (executing program) 1970/01/01 00:09:42 fetching corpus: 2835, signal 236801/276598 (executing program) 1970/01/01 00:09:44 fetching corpus: 2885, signal 238047/278081 (executing program) 1970/01/01 00:09:46 fetching corpus: 2934, signal 239858/279955 (executing program) 1970/01/01 00:09:49 fetching corpus: 2984, signal 241014/281393 (executing program) 1970/01/01 00:09:51 fetching corpus: 3034, signal 242189/282821 (executing program) 1970/01/01 00:09:54 fetching corpus: 3083, signal 243368/284263 (executing program) 1970/01/01 00:09:55 fetching corpus: 3133, signal 244087/285379 (executing program) 1970/01/01 00:09:57 fetching corpus: 3183, signal 245190/286736 (executing program) 1970/01/01 00:09:59 fetching corpus: 3233, signal 246321/288119 (executing program) 1970/01/01 00:10:01 fetching corpus: 3283, signal 247574/289550 (executing program) 1970/01/01 00:10:03 fetching corpus: 3333, signal 248356/290657 (executing program) 1970/01/01 00:10:05 fetching corpus: 3382, signal 250034/292325 (executing program) 1970/01/01 00:10:07 fetching corpus: 3432, signal 252391/294403 (executing program) 1970/01/01 00:10:10 fetching corpus: 3482, signal 253721/295800 (executing program) 1970/01/01 00:10:12 fetching corpus: 3532, signal 254428/296869 (executing program) 1970/01/01 00:10:14 fetching corpus: 3582, signal 255573/298175 (executing program) 1970/01/01 00:10:16 fetching corpus: 3632, signal 256715/299435 (executing program) 1970/01/01 00:10:18 fetching corpus: 3682, signal 258482/301045 (executing program) 1970/01/01 00:10:20 fetching corpus: 3732, signal 259428/302144 (executing program) 1970/01/01 00:10:23 fetching corpus: 3781, signal 261306/303786 (executing program) 1970/01/01 00:10:25 fetching corpus: 3830, signal 262034/304739 (executing program) 1970/01/01 00:10:27 fetching corpus: 3879, signal 263232/305945 (executing program) 1970/01/01 00:10:30 fetching corpus: 3929, signal 263889/306873 (executing program) 1970/01/01 00:10:32 fetching corpus: 3979, signal 265383/308217 (executing program) 1970/01/01 00:10:34 fetching corpus: 4029, signal 266285/309235 (executing program) 1970/01/01 00:10:36 fetching corpus: 4079, signal 268075/310761 (executing program) 1970/01/01 00:10:38 fetching corpus: 4127, signal 268755/311629 (executing program) 1970/01/01 00:10:41 fetching corpus: 4177, signal 271264/313502 (executing program) 1970/01/01 00:10:43 fetching corpus: 4227, signal 273690/315249 (executing program) 1970/01/01 00:10:45 fetching corpus: 4277, signal 274488/316163 (executing program) 1970/01/01 00:10:48 fetching corpus: 4327, signal 275424/317161 (executing program) 1970/01/01 00:10:50 fetching corpus: 4376, signal 276744/318311 (executing program) 1970/01/01 00:10:52 fetching corpus: 4426, signal 277958/319425 (executing program) 1970/01/01 00:10:55 fetching corpus: 4475, signal 278983/320343 (executing program) 1970/01/01 00:10:59 fetching corpus: 4525, signal 279560/321091 (executing program) 1970/01/01 00:11:01 fetching corpus: 4573, signal 280616/322020 (executing program) 1970/01/01 00:11:05 fetching corpus: 4623, signal 281610/322936 (executing program) 1970/01/01 00:11:07 fetching corpus: 4673, signal 282496/323792 (executing program) 1970/01/01 00:11:08 fetching corpus: 4723, signal 283301/324596 (executing program) 1970/01/01 00:11:10 fetching corpus: 4773, signal 284151/325436 (executing program) 1970/01/01 00:11:13 fetching corpus: 4821, signal 285551/326510 (executing program) 1970/01/01 00:11:15 fetching corpus: 4871, signal 286246/327264 (executing program) 1970/01/01 00:11:17 fetching corpus: 4921, signal 286972/327994 (executing program) 1970/01/01 00:11:19 fetching corpus: 4971, signal 288315/329002 (executing program) 1970/01/01 00:11:22 fetching corpus: 5021, signal 289167/329780 (executing program) 1970/01/01 00:11:24 fetching corpus: 5071, signal 289961/330510 (executing program) 1970/01/01 00:11:27 fetching corpus: 5120, signal 290673/331218 (executing program) 1970/01/01 00:11:29 fetching corpus: 5170, signal 291770/332081 (executing program) 1970/01/01 00:11:31 fetching corpus: 5220, signal 292791/332834 (executing program) 1970/01/01 00:11:33 fetching corpus: 5270, signal 293286/333431 (executing program) 1970/01/01 00:11:35 fetching corpus: 5320, signal 294372/334230 (executing program) 1970/01/01 00:11:38 fetching corpus: 5370, signal 294983/334838 (executing program) 1970/01/01 00:11:40 fetching corpus: 5420, signal 295644/335473 (executing program) 1970/01/01 00:11:41 fetching corpus: 5470, signal 296584/336203 (executing program) 1970/01/01 00:11:43 fetching corpus: 5520, signal 297586/336980 (executing program) 1970/01/01 00:11:46 fetching corpus: 5570, signal 298571/337681 (executing program) 1970/01/01 00:11:47 fetching corpus: 5620, signal 299528/338366 (executing program) 1970/01/01 00:11:50 fetching corpus: 5670, signal 300934/339325 (executing program) 1970/01/01 00:11:53 fetching corpus: 5719, signal 302009/340075 (executing program) 1970/01/01 00:11:55 fetching corpus: 5769, signal 303908/341094 (executing program) 1970/01/01 00:11:56 fetching corpus: 5818, signal 304481/341620 (executing program) 1970/01/01 00:11:58 fetching corpus: 5868, signal 305201/342168 (executing program) 1970/01/01 00:11:59 fetching corpus: 5918, signal 305971/342700 (executing program) 1970/01/01 00:12:02 fetching corpus: 5968, signal 306607/343167 (executing program) 1970/01/01 00:12:05 fetching corpus: 6017, signal 307233/343680 (executing program) 1970/01/01 00:12:06 fetching corpus: 6067, signal 307826/344165 (executing program) 1970/01/01 00:12:08 fetching corpus: 6117, signal 308675/344736 (executing program) 1970/01/01 00:12:10 fetching corpus: 6167, signal 309197/345185 (executing program) 1970/01/01 00:12:13 fetching corpus: 6217, signal 309768/345640 (executing program) 1970/01/01 00:12:16 fetching corpus: 6267, signal 310530/346162 (executing program) 1970/01/01 00:12:18 fetching corpus: 6317, signal 311293/346640 (executing program) 1970/01/01 00:12:21 fetching corpus: 6367, signal 311990/347083 (executing program) 1970/01/01 00:12:23 fetching corpus: 6417, signal 312941/347612 (executing program) 1970/01/01 00:12:25 fetching corpus: 6467, signal 313641/348085 (executing program) 1970/01/01 00:12:27 fetching corpus: 6516, signal 314301/348549 (executing program) 1970/01/01 00:12:29 fetching corpus: 6566, signal 315101/348980 (executing program) 1970/01/01 00:12:32 fetching corpus: 6616, signal 315716/349394 (executing program) 1970/01/01 00:12:35 fetching corpus: 6666, signal 316398/349854 (executing program) 1970/01/01 00:12:36 fetching corpus: 6716, signal 317078/350291 (executing program) 1970/01/01 00:12:39 fetching corpus: 6766, signal 317665/350647 (executing program) 1970/01/01 00:12:41 fetching corpus: 6816, signal 318420/351076 (executing program) 1970/01/01 00:12:43 fetching corpus: 6866, signal 318969/351458 (executing program) 1970/01/01 00:12:45 fetching corpus: 6914, signal 319477/351811 (executing program) 1970/01/01 00:12:47 fetching corpus: 6964, signal 319895/352133 (executing program) 1970/01/01 00:12:49 fetching corpus: 7014, signal 320530/352532 (executing program) 1970/01/01 00:12:51 fetching corpus: 7064, signal 321367/352947 (executing program) 1970/01/01 00:12:53 fetching corpus: 7114, signal 321835/353280 (executing program) 1970/01/01 00:12:57 fetching corpus: 7164, signal 322446/353612 (executing program) 1970/01/01 00:12:59 fetching corpus: 7213, signal 323135/353976 (executing program) 1970/01/01 00:13:02 fetching corpus: 7263, signal 323625/354293 (executing program) 1970/01/01 00:13:04 fetching corpus: 7313, signal 324115/354617 (executing program) 1970/01/01 00:13:05 fetching corpus: 7363, signal 324661/354942 (executing program) 1970/01/01 00:13:08 fetching corpus: 7412, signal 326034/355372 (executing program) 1970/01/01 00:13:11 fetching corpus: 7462, signal 326760/355696 (executing program) 1970/01/01 00:13:14 fetching corpus: 7511, signal 327299/355961 (executing program) 1970/01/01 00:13:17 fetching corpus: 7560, signal 327880/356231 (executing program) 1970/01/01 00:13:19 fetching corpus: 7610, signal 328390/356508 (executing program) 1970/01/01 00:13:21 fetching corpus: 7660, signal 328943/356735 (executing program) 1970/01/01 00:13:23 fetching corpus: 7710, signal 329959/357061 (executing program) 1970/01/01 00:13:25 fetching corpus: 7760, signal 330517/357298 (executing program) 1970/01/01 00:13:28 fetching corpus: 7810, signal 331320/357567 (executing program) 1970/01/01 00:13:31 fetching corpus: 7860, signal 331840/357788 (executing program) 1970/01/01 00:13:34 fetching corpus: 7910, signal 332650/358041 (executing program) 1970/01/01 00:13:35 fetching corpus: 7959, signal 333125/358253 (executing program) 1970/01/01 00:13:37 fetching corpus: 8009, signal 333584/358450 (executing program) 1970/01/01 00:13:39 fetching corpus: 8059, signal 334290/358654 (executing program) 1970/01/01 00:13:41 fetching corpus: 8109, signal 335074/358877 (executing program) 1970/01/01 00:13:44 fetching corpus: 8159, signal 335839/359096 (executing program) 1970/01/01 00:13:46 fetching corpus: 8209, signal 336383/359329 (executing program) 1970/01/01 00:13:48 fetching corpus: 8259, signal 337435/359546 (executing program) 1970/01/01 00:13:50 fetching corpus: 8309, signal 338115/359727 (executing program) 1970/01/01 00:13:52 fetching corpus: 8359, signal 338551/359862 (executing program) 1970/01/01 00:13:54 fetching corpus: 8409, signal 338903/360000 (executing program) 1970/01/01 00:13:56 fetching corpus: 8458, signal 339567/360168 (executing program) 1970/01/01 00:13:59 fetching corpus: 8508, signal 340382/360329 (executing program) 1970/01/01 00:14:03 fetching corpus: 8558, signal 341195/360480 (executing program) 1970/01/01 00:14:05 fetching corpus: 8607, signal 341604/360636 (executing program) 1970/01/01 00:14:07 fetching corpus: 8656, signal 342352/360770 (executing program) 1970/01/01 00:14:09 fetching corpus: 8706, signal 343060/360906 (executing program) 1970/01/01 00:14:10 fetching corpus: 8756, signal 343388/361000 (executing program) 1970/01/01 00:14:12 fetching corpus: 8806, signal 343859/361106 (executing program) 1970/01/01 00:14:14 fetching corpus: 8856, signal 344838/361290 (executing program) 1970/01/01 00:14:18 fetching corpus: 8906, signal 345289/361390 (executing program) 1970/01/01 00:14:21 fetching corpus: 8956, signal 345611/361474 (executing program) 1970/01/01 00:14:24 fetching corpus: 9006, signal 346065/361482 (executing program) 1970/01/01 00:14:26 fetching corpus: 9056, signal 346629/361482 (executing program) 1970/01/01 00:14:28 fetching corpus: 9106, signal 347669/361482 (executing program) 1970/01/01 00:14:30 fetching corpus: 9156, signal 348003/361482 (executing program) 1970/01/01 00:14:32 fetching corpus: 9206, signal 348392/361482 (executing program) 1970/01/01 00:14:34 fetching corpus: 9256, signal 349167/361482 (executing program) 1970/01/01 00:14:37 fetching corpus: 9306, signal 349790/361482 (executing program) 1970/01/01 00:14:40 fetching corpus: 9356, signal 350235/361482 (executing program) 1970/01/01 00:14:42 fetching corpus: 9406, signal 350949/361504 (executing program) 1970/01/01 00:14:44 fetching corpus: 9455, signal 351283/361504 (executing program) 1970/01/01 00:14:46 fetching corpus: 9503, signal 351922/361504 (executing program) 1970/01/01 00:14:48 fetching corpus: 9553, signal 352374/361504 (executing program) 1970/01/01 00:14:49 fetching corpus: 9603, signal 352797/361506 (executing program) 1970/01/01 00:14:51 fetching corpus: 9653, signal 353422/361506 (executing program) 1970/01/01 00:14:54 fetching corpus: 9703, signal 353906/361506 (executing program) 1970/01/01 00:14:57 fetching corpus: 9753, signal 354677/361506 (executing program) 1970/01/01 00:14:59 fetching corpus: 9803, signal 355137/361509 (executing program) 1970/01/01 00:15:01 fetching corpus: 9852, signal 355751/361509 (executing program) 1970/01/01 00:15:03 fetching corpus: 9901, signal 356278/361509 (executing program) 1970/01/01 00:15:06 fetching corpus: 9951, signal 356654/361509 (executing program) 1970/01/01 00:15:07 fetching corpus: 10001, signal 357121/361509 (executing program) 1970/01/01 00:15:09 fetching corpus: 10051, signal 357457/361509 (executing program) 1970/01/01 00:15:13 fetching corpus: 10100, signal 357863/361509 (executing program) 1970/01/01 00:15:14 fetching corpus: 10118, signal 358017/361516 (executing program) 1970/01/01 00:15:14 fetching corpus: 10118, signal 358017/361519 (executing program) 1970/01/01 00:15:14 fetching corpus: 10118, signal 358017/361519 (executing program) 1970/01/01 00:16:54 starting 2 fuzzer processes 00:16:54 executing program 0: r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) r1 = dup(r0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000005940)={{&(0x7f0000ff8000/0x8000)=nil, 0x8000}, 0x1}) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000080)={&(0x7f0000fff000/0x1000)=nil, 0x1000}) 00:16:54 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}}) [ 1040.778192][ T2059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1040.873251][ T2059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1043.658294][ T2058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1043.811207][ T2058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1053.568516][ T2059] device hsr_slave_0 entered promiscuous mode [ 1053.632892][ T2059] device hsr_slave_1 entered promiscuous mode [ 1056.089490][ T2058] device hsr_slave_0 entered promiscuous mode [ 1056.123926][ T2058] device hsr_slave_1 entered promiscuous mode [ 1056.171389][ T2058] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1056.177195][ T2058] Cannot create hsr debugfs directory [ 1065.163783][ T2059] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1065.382704][ T2059] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1065.919676][ T2059] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1066.328089][ T2059] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1067.331399][ T2058] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1067.608302][ T2058] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1067.852519][ T2058] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1067.991276][ T2058] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1077.311603][ T2059] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1078.082369][ T2216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1078.168618][ T2216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1079.443213][ T2058] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1080.064413][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1080.147656][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1084.263273][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1084.322617][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1084.581855][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1084.629308][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1084.978677][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1085.246773][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1085.926513][ T2681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1085.983852][ T2681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1086.251973][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1086.284308][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1086.418314][ T2059] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1087.117926][ T2216] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1087.122392][ T2216] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1088.210176][ C0] ================================================================== [ 1088.211635][ C0] BUG: KASAN: slab-out-of-bounds in __bfs+0x154/0x394 [ 1088.212949][ C0] Read of size 8 at addr ffffaf8011063e50 by task syz-executor.1/2058 [ 1088.214186][ C0] [ 1088.216228][ C0] CPU: 0 PID: 2058 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1088.218244][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1088.219422][ C0] Call Trace: [ 1088.220292][ C0] [] dump_backtrace+0x2e/0x3c [ 1088.221633][ C0] [] show_stack+0x34/0x40 [ 1088.222900][ C0] [] dump_stack_lvl+0xe4/0x150 [ 1088.224294][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 1088.226373][ C0] [] kasan_report+0x184/0x1e0 [ 1088.227670][ C0] [] __asan_load8+0x6e/0x96 [ 1088.228911][ C0] [] __bfs+0x154/0x394 [ 1088.231374][ C0] [] check_path.constprop.0+0x24/0x46 [ 1088.232662][ C0] [] check_noncircular+0x11a/0x1fe [ 1088.233926][ C0] [] __lock_acquire+0x19a4/0x333e [ 1088.235973][ C0] [ 1088.236847][ C0] Allocated by task 2059: [ 1088.237738][ C0] stack_trace_save+0xa6/0xd8 [ 1088.238855][ C0] kasan_save_stack+0x2c/0x58 [ 1088.240091][ C0] __kasan_slab_alloc+0x8e/0x98 [ 1088.241236][ C0] kmem_cache_alloc+0x338/0x3de [ 1088.242429][ C0] __kernfs_new_node+0xfc/0x5f2 [ 1088.243620][ C0] kernfs_new_node+0x66/0xbe [ 1088.244886][ C0] __kernfs_create_file+0x4e/0x1e8 [ 1088.246505][ C0] sysfs_add_file_mode_ns+0x138/0x254 [ 1088.247647][ C0] internal_create_group+0x274/0x722 [ 1088.248771][ C0] internal_create_groups.part.0+0x64/0xe8 [ 1088.249952][ C0] sysfs_create_groups+0x2c/0x48 [ 1088.251048][ C0] device_add+0x656/0x129e [ 1088.252173][ C0] netdev_register_kobject+0xcc/0x208 [ 1088.253350][ C0] register_netdevice+0x8ee/0xc6a [ 1088.254698][ C0] veth_newlink+0x454/0x7dc [ 1088.256223][ C0] __rtnl_newlink+0xc16/0xfa0 [ 1088.257333][ C0] rtnl_newlink+0x60/0x8c [ 1088.258430][ C0] rtnetlink_rcv_msg+0x338/0x9a0 [ 1088.259563][ C0] netlink_rcv_skb+0xf8/0x2be [ 1088.260623][ C0] rtnetlink_rcv+0x26/0x30 [ 1088.261688][ C0] netlink_unicast+0x40e/0x5fe [ 1088.262733][ C0] netlink_sendmsg+0x4e0/0x994 [ 1088.263749][ C0] sock_sendmsg+0xa0/0xc4 [ 1088.265270][ C0] __sys_sendto+0x1f2/0x2e0 [ 1088.266625][ C0] sys_sendto+0x3e/0x52 [ 1088.267617][ C0] ret_from_syscall+0x0/0x2 [ 1088.268716][ C0] [ 1088.269370][ C0] The buggy address belongs to the object at ffffaf8011063d98 [ 1088.269370][ C0] which belongs to the cache kernfs_node_cache of size 168 [ 1088.271225][ C0] The buggy address is located 16 bytes to the right of [ 1088.271225][ C0] 168-byte region [ffffaf8011063d98, ffffaf8011063e40) [ 1088.272999][ C0] The buggy address belongs to the page: [ 1088.274373][ C0] page:ffffaf807ab12bd8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x91263 [ 1088.276846][ C0] flags: 0x9000000200(slab|section=18|node=0|zone=0) [ 1088.279434][ C0] raw: 0000009000000200 0000000000000000 0000000000000122 ffffaf80072ed280 [ 1088.280746][ C0] raw: 0000000000000000 0000000000110011 00000001ffffffff 0000000000000000 [ 1088.281919][ C0] raw: 00000000000007ff [ 1088.282758][ C0] page dumped because: kasan: bad access detected [ 1088.283923][ C0] page_owner tracks the page as allocated [ 1088.285074][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 2059, ts 1040320996800, free_ts 1040280503100 [ 1088.287268][ C0] __set_page_owner+0x48/0x136 [ 1088.288417][ C0] post_alloc_hook+0xd0/0x10a [ 1088.289466][ C0] get_page_from_freelist+0x8da/0x12d8 [ 1088.290692][ C0] __alloc_pages+0x150/0x3b6 [ 1088.291785][ C0] alloc_pages+0x132/0x2a6 [ 1088.292876][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 1088.294113][ C0] new_slab+0x76/0x2cc [ 1088.295379][ C0] ___slab_alloc+0x56e/0x918 [ 1088.296825][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 1088.298040][ C0] kmem_cache_alloc+0x39c/0x3de [ 1088.299130][ C0] __kernfs_new_node+0xfc/0x5f2 [ 1088.300219][ C0] kernfs_new_node+0x66/0xbe [ 1088.301156][ C0] __kernfs_create_file+0x4e/0x1e8 [ 1088.302193][ C0] sysfs_add_file_mode_ns+0x138/0x254 [ 1088.303396][ C0] internal_create_group+0x274/0x722 [ 1088.304493][ C0] internal_create_groups.part.0+0x64/0xe8 [ 1088.306190][ C0] page last free stack trace: [ 1088.306919][ C0] __reset_page_owner+0x4a/0xea [ 1088.307945][ C0] free_pcp_prepare+0x29c/0x45e [ 1088.308993][ C0] free_unref_page+0x6a/0x31e [ 1088.310018][ C0] __free_pages+0xe2/0x112 [ 1088.311268][ C0] free_pages.part.0+0xe0/0xf6 [ 1088.312295][ C0] free_pages+0xe/0x18 [ 1088.313264][ C0] __mmdrop+0x86/0x2ac [ 1088.314266][ C0] mmput+0x2a2/0x2c2 [ 1088.315439][ C0] free_bprm+0xbc/0x1de [ 1088.316511][ C0] kernel_execve+0x214/0x288 [ 1088.317584][ C0] call_usermodehelper_exec_async+0x1c0/0x2dc [ 1088.319644][ C0] ret_from_exception+0x0/0x10 [ 1088.321192][ C0] [ 1088.321817][ C0] Memory state around the buggy address: [ 1088.323116][ C0] ffffaf8011063d00: f1 f1 f1 f1 00 f3 f3 f3 00 00 00 fc fc fc fc fc [ 1088.324338][ C0] ffffaf8011063d80: fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1088.326326][ C0] >ffffaf8011063e00: f1 f1 f1 f1 00 f2 f2 f2 fc fc fc fc 00 00 00 f3 [ 1088.328102][ C0] ^ [ 1088.329329][ C0] ffffaf8011063e80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 1088.330560][ C0] ffffaf8011063f00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 1088.331771][ C0] ================================================================== [ 1088.332863][ C0] Disabling lock debugging due to kernel taint [ 1088.348338][ T2058] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 1088.349771][ T2058] CPU: 0 PID: 2058 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1088.351125][ T2058] Hardware name: riscv-virtio,qemu (DT) [ 1088.351787][ T2058] Call Trace: [ 1088.352336][ T2058] [] dump_backtrace+0x2e/0x3c [ 1088.353415][ T2058] [] show_stack+0x34/0x40 [ 1088.354382][ T2058] [] dump_stack_lvl+0xe4/0x150 [ 1088.355553][ T2058] [] dump_stack+0x1c/0x24 [ 1088.356609][ T2058] [] panic+0x24a/0x634 [ 1088.357536][ T2058] [] schedule+0x0/0x14c [ 1088.358603][ T2058] [] preempt_schedule_irq+0x4a/0x13e [ 1088.359767][ T2058] [] resume_kernel+0x16/0x18 [ 1088.361006][ T2058] SMP: stopping secondary CPUs [ 1088.363198][ T2058] Rebooting in 86400 seconds.. VM DIAGNOSIS: 07:33:56 Registers: info registers vcpu 0 pc ffffffff8010b22c mhartid 0000000000000000 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80201300 sepc ffffffff80201300 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf8010616190 x3/gp ffffffff85863ac0 x4/tp ffffaf8010ee0000 x5/t0 0000000000046000 x6/t1 53b4facb76008200 x7/t2 ffffffffffffffff x8/s0 ffffaf80106161a0 x9/s1 0000000000001000 x10/a0 0000000000000120 x11/a1 ffffffffffffffff x12/a2 1ffff5f0021dc001 x13/a3 ffffffff80146d84 x14/a4 0000000000010104 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff80b08bfe x18/s2 ffffaf80106162c0 x19/s3 ffffffff84b73ec0 x20/s4 0000000000000001 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 ffffffff83643480 x24/s8 ffffffff86c1a620 x25/s9 1ffff5f0020c2c48 x26/s10 ffffffff86dfbe48 x27/s11 ffffffff80b08ce4 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0020c2c14 x31/t6 ffffaf8010720092 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80200fec mhartid 0000000000000001 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80200a74 sepc ffffffff80200a06 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80c2db84 x2/sp ffffaf80110635f0 x3/gp ffffffff85863ac0 x4/tp ffffaf800eb0b080 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef0220c6e8 x7/t2 0000000000000000 x8/s0 ffffaf80110636e0 x9/s1 ffffffff838d2e87 x10/a0 0000000000000000 x11/a1 ffffaf800eb0b080 x12/a2 0000000000000504 x13/a3 ffffffff80c2db70 x14/a4 0000000000000003 x15/a5 0000000000000009 x16/a6 0000000000f00000 x17/a7 ffffaf8011063747 x18/s2 000000000000002a x19/s3 ffffaf8011063740 x20/s4 ffffaf8011063660 x21/s5 ffffffff838d2e86 x22/s6 ffffffff838d2e88 x23/s7 1ffff5f00220c6c0 x24/s8 ffffffff85889780 x25/s9 fffffffffffffffa x26/s10 fffffffffffffffe x27/s11 ffffffff838d6d80 x28/t3 1ffff5f00220c750 x29/t4 fffff5ef0220c6e8 x30/t5 fffff5ef0220c6e9 x31/t6 ffffaf8011063907 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000