syzkaller login: [ 270.189890][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 279.157578][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 279.195979][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 289.176862][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:50992' (ECDSA) to the list of known hosts. 1970/01/01 00:05:29 fuzzer started 1970/01/01 00:05:42 dialing manager at localhost:33623 [ 349.428229][ T2025] cgroup: Unknown subsys name 'net' [ 350.393926][ T2025] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:50 syscalls: 2853 1970/01/01 00:05:50 code coverage: enabled 1970/01/01 00:05:50 comparison tracing: enabled 1970/01/01 00:05:50 extra coverage: enabled 1970/01/01 00:05:50 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:50 setuid sandbox: enabled 1970/01/01 00:05:50 namespace sandbox: enabled 1970/01/01 00:05:50 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:50 fault injection: enabled 1970/01/01 00:05:50 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:50 net packet injection: enabled 1970/01/01 00:05:50 net device setup: enabled 1970/01/01 00:05:50 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:50 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:50 USB emulation: enabled 1970/01/01 00:05:50 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:50 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:50 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:50 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:05:56 fetching corpus: 50, signal 25206/28833 (executing program) 1970/01/01 00:05:59 fetching corpus: 100, signal 43870/48846 (executing program) 1970/01/01 00:06:03 fetching corpus: 148, signal 54108/60395 (executing program) 1970/01/01 00:06:07 fetching corpus: 197, signal 72976/80106 (executing program) 1970/01/01 00:06:09 fetching corpus: 246, signal 80888/89086 (executing program) 1970/01/01 00:06:11 fetching corpus: 296, signal 91581/100583 (executing program) 1970/01/01 00:06:15 fetching corpus: 346, signal 98533/108397 (executing program) 1970/01/01 00:06:18 fetching corpus: 394, signal 102484/113329 (executing program) 1970/01/01 00:06:22 fetching corpus: 444, signal 107496/119142 (executing program) 1970/01/01 00:06:25 fetching corpus: 492, signal 112965/125360 (executing program) 1970/01/01 00:06:28 fetching corpus: 542, signal 116133/129357 (executing program) 1970/01/01 00:06:30 fetching corpus: 591, signal 123216/136847 (executing program) 1970/01/01 00:06:33 fetching corpus: 640, signal 127128/141334 (executing program) 1970/01/01 00:06:35 fetching corpus: 689, signal 130504/145335 (executing program) 1970/01/01 00:06:37 fetching corpus: 739, signal 133092/148569 (executing program) 1970/01/01 00:06:39 fetching corpus: 789, signal 136049/152121 (executing program) 1970/01/01 00:06:42 fetching corpus: 839, signal 140252/156753 (executing program) 1970/01/01 00:06:45 fetching corpus: 889, signal 145361/162029 (executing program) 1970/01/01 00:06:47 fetching corpus: 939, signal 146979/164242 (executing program) 1970/01/01 00:06:50 fetching corpus: 989, signal 150193/167781 (executing program) 1970/01/01 00:06:52 fetching corpus: 1039, signal 154177/171909 (executing program) 1970/01/01 00:06:55 fetching corpus: 1089, signal 159150/176826 (executing program) 1970/01/01 00:06:58 fetching corpus: 1139, signal 162360/180219 (executing program) 1970/01/01 00:07:01 fetching corpus: 1189, signal 164628/182780 (executing program) 1970/01/01 00:07:03 fetching corpus: 1239, signal 166902/185334 (executing program) 1970/01/01 00:07:06 fetching corpus: 1287, signal 168937/187595 (executing program) 1970/01/01 00:07:08 fetching corpus: 1336, signal 170537/189535 (executing program) 1970/01/01 00:07:10 fetching corpus: 1386, signal 172043/191346 (executing program) 1970/01/01 00:07:13 fetching corpus: 1436, signal 173734/193330 (executing program) 1970/01/01 00:07:15 fetching corpus: 1485, signal 176390/196012 (executing program) 1970/01/01 00:07:17 fetching corpus: 1535, signal 181323/200386 (executing program) 1970/01/01 00:07:20 fetching corpus: 1585, signal 182703/201988 (executing program) 1970/01/01 00:07:22 fetching corpus: 1633, signal 185809/204822 (executing program) 1970/01/01 00:07:25 fetching corpus: 1682, signal 187244/206447 (executing program) 1970/01/01 00:07:28 fetching corpus: 1732, signal 189884/208895 (executing program) 1970/01/01 00:07:30 fetching corpus: 1781, signal 191429/210536 (executing program) 1970/01/01 00:07:34 fetching corpus: 1830, signal 193721/212692 (executing program) 1970/01/01 00:07:38 fetching corpus: 1880, signal 194910/214079 (executing program) 1970/01/01 00:07:40 fetching corpus: 1929, signal 197838/216612 (executing program) 1970/01/01 00:07:43 fetching corpus: 1979, signal 199677/218325 (executing program) 1970/01/01 00:07:46 fetching corpus: 2029, signal 200991/219708 (executing program) 1970/01/01 00:07:49 fetching corpus: 2077, signal 203273/221665 (executing program) 1970/01/01 00:07:51 fetching corpus: 2127, signal 204432/222863 (executing program) 1970/01/01 00:07:53 fetching corpus: 2177, signal 206656/224742 (executing program) 1970/01/01 00:07:56 fetching corpus: 2227, signal 208760/226466 (executing program) 1970/01/01 00:07:58 fetching corpus: 2277, signal 209561/227390 (executing program) 1970/01/01 00:08:01 fetching corpus: 2325, signal 211100/228724 (executing program) 1970/01/01 00:08:08 fetching corpus: 2375, signal 213685/230671 (executing program) 1970/01/01 00:08:12 fetching corpus: 2424, signal 216742/232934 (executing program) 1970/01/01 00:08:14 fetching corpus: 2473, signal 218333/234206 (executing program) 1970/01/01 00:08:17 fetching corpus: 2523, signal 220242/235677 (executing program) 1970/01/01 00:08:20 fetching corpus: 2573, signal 222469/237304 (executing program) 1970/01/01 00:08:22 fetching corpus: 2621, signal 223696/238239 (executing program) 1970/01/01 00:08:25 fetching corpus: 2670, signal 225150/239380 (executing program) 1970/01/01 00:08:29 fetching corpus: 2720, signal 227109/240731 (executing program) 1970/01/01 00:08:32 fetching corpus: 2769, signal 228099/241529 (executing program) 1970/01/01 00:08:35 fetching corpus: 2818, signal 229639/242609 (executing program) 1970/01/01 00:08:39 fetching corpus: 2867, signal 230999/243572 (executing program) 1970/01/01 00:08:41 fetching corpus: 2916, signal 231859/244288 (executing program) 1970/01/01 00:08:43 fetching corpus: 2966, signal 233736/245495 (executing program) 1970/01/01 00:08:45 fetching corpus: 3016, signal 234773/246225 (executing program) 1970/01/01 00:08:49 fetching corpus: 3066, signal 236327/247210 (executing program) 1970/01/01 00:08:51 fetching corpus: 3113, signal 237734/248151 (executing program) 1970/01/01 00:08:53 fetching corpus: 3163, signal 238840/248890 (executing program) 1970/01/01 00:08:55 fetching corpus: 3212, signal 240629/249986 (executing program) 1970/01/01 00:08:58 fetching corpus: 3262, signal 242445/250996 (executing program) 1970/01/01 00:09:01 fetching corpus: 3308, signal 243391/251624 (executing program) 1970/01/01 00:09:02 fetching corpus: 3354, signal 244352/252189 (executing program) 1970/01/01 00:09:05 fetching corpus: 3404, signal 246716/253371 (executing program) 1970/01/01 00:09:08 fetching corpus: 3452, signal 247937/254046 (executing program) 1970/01/01 00:09:11 fetching corpus: 3500, signal 248963/254603 (executing program) 1970/01/01 00:09:14 fetching corpus: 3548, signal 249735/255017 (executing program) 1970/01/01 00:09:16 fetching corpus: 3598, signal 250643/255470 (executing program) 1970/01/01 00:09:19 fetching corpus: 3648, signal 252373/256307 (executing program) 1970/01/01 00:09:21 fetching corpus: 3697, signal 253505/256838 (executing program) 1970/01/01 00:09:24 fetching corpus: 3746, signal 254282/257228 (executing program) 1970/01/01 00:09:25 fetching corpus: 3795, signal 255993/257988 (executing program) 1970/01/01 00:09:28 fetching corpus: 3827, signal 256441/258185 (executing program) 1970/01/01 00:09:29 fetching corpus: 3830, signal 256454/258218 (executing program) 1970/01/01 00:09:29 fetching corpus: 3830, signal 256454/258253 (executing program) 1970/01/01 00:09:29 fetching corpus: 3830, signal 256454/258275 (executing program) 1970/01/01 00:09:29 fetching corpus: 3830, signal 256454/258293 (executing program) 1970/01/01 00:09:30 fetching corpus: 3830, signal 256454/258320 (executing program) 1970/01/01 00:09:30 fetching corpus: 3830, signal 256454/258341 (executing program) 1970/01/01 00:09:30 fetching corpus: 3830, signal 256454/258362 (executing program) 1970/01/01 00:09:30 fetching corpus: 3830, signal 256454/258392 (executing program) 1970/01/01 00:09:30 fetching corpus: 3830, signal 256454/258419 (executing program) 1970/01/01 00:09:30 fetching corpus: 3830, signal 256454/258443 (executing program) 1970/01/01 00:09:31 fetching corpus: 3830, signal 256454/258465 (executing program) 1970/01/01 00:09:31 fetching corpus: 3831, signal 256470/258493 (executing program) 1970/01/01 00:09:31 fetching corpus: 3831, signal 256470/258511 (executing program) 1970/01/01 00:09:31 fetching corpus: 3831, signal 256470/258527 (executing program) 1970/01/01 00:09:31 fetching corpus: 3831, signal 256470/258540 (executing program) 1970/01/01 00:09:31 fetching corpus: 3831, signal 256470/258573 (executing program) 1970/01/01 00:09:32 fetching corpus: 3831, signal 256470/258591 (executing program) 1970/01/01 00:09:32 fetching corpus: 3831, signal 256470/258619 (executing program) 1970/01/01 00:09:32 fetching corpus: 3831, signal 256470/258644 (executing program) 1970/01/01 00:09:32 fetching corpus: 3831, signal 256470/258671 (executing program) 1970/01/01 00:09:32 fetching corpus: 3831, signal 256470/258705 (executing program) 1970/01/01 00:09:32 fetching corpus: 3831, signal 256470/258731 (executing program) 1970/01/01 00:09:32 fetching corpus: 3831, signal 256470/258748 (executing program) 1970/01/01 00:09:33 fetching corpus: 3831, signal 256470/258771 (executing program) 1970/01/01 00:09:33 fetching corpus: 3831, signal 256472/258787 (executing program) 1970/01/01 00:09:33 fetching corpus: 3831, signal 256472/258807 (executing program) 1970/01/01 00:09:33 fetching corpus: 3831, signal 256472/258830 (executing program) 1970/01/01 00:09:33 fetching corpus: 3831, signal 256472/258853 (executing program) 1970/01/01 00:09:33 fetching corpus: 3831, signal 256472/258875 (executing program) 1970/01/01 00:09:34 fetching corpus: 3832, signal 256530/258925 (executing program) 1970/01/01 00:09:34 fetching corpus: 3832, signal 256530/258945 (executing program) 1970/01/01 00:09:34 fetching corpus: 3833, signal 256536/258964 (executing program) 1970/01/01 00:09:34 fetching corpus: 3833, signal 256542/258990 (executing program) 1970/01/01 00:09:34 fetching corpus: 3833, signal 256542/259014 (executing program) 1970/01/01 00:09:34 fetching corpus: 3833, signal 256543/259037 (executing program) 1970/01/01 00:09:35 fetching corpus: 3833, signal 256543/259058 (executing program) 1970/01/01 00:09:35 fetching corpus: 3833, signal 256543/259075 (executing program) 1970/01/01 00:09:35 fetching corpus: 3833, signal 256543/259101 (executing program) 1970/01/01 00:09:35 fetching corpus: 3833, signal 256543/259128 (executing program) 1970/01/01 00:09:35 fetching corpus: 3833, signal 256543/259152 (executing program) 1970/01/01 00:09:36 fetching corpus: 3833, signal 256543/259169 (executing program) 1970/01/01 00:09:36 fetching corpus: 3833, signal 256543/259204 (executing program) 1970/01/01 00:09:36 fetching corpus: 3833, signal 256543/259228 (executing program) 1970/01/01 00:09:36 fetching corpus: 3833, signal 256543/259250 (executing program) 1970/01/01 00:09:36 fetching corpus: 3833, signal 256543/259268 (executing program) 1970/01/01 00:09:36 fetching corpus: 3833, signal 256543/259289 (executing program) 1970/01/01 00:09:36 fetching corpus: 3833, signal 256543/259315 (executing program) 1970/01/01 00:09:37 fetching corpus: 3833, signal 256543/259340 (executing program) 1970/01/01 00:09:37 fetching corpus: 3833, signal 256543/259359 (executing program) 1970/01/01 00:09:37 fetching corpus: 3833, signal 256543/259383 (executing program) 1970/01/01 00:09:37 fetching corpus: 3833, signal 256543/259401 (executing program) 1970/01/01 00:09:37 fetching corpus: 3833, signal 256543/259401 (executing program) 1970/01/01 00:11:35 starting 2 fuzzer processes 00:11:35 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000001340)="8a", 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000300)={0x0, 0x0, 0x1, "d5"}, 0x9) 00:11:35 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000005ac0)='net/dev_mcast\x00') read$FUSE(r0, &(0x7f0000006180)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f0000001200)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f00000081c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f0000003240)={0x2020}, 0x2020) [ 726.234865][ T2039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 726.858172][ T2039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 726.990009][ T2040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 727.814328][ T2040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 739.482806][ T2039] device hsr_slave_0 entered promiscuous mode [ 739.539551][ T2039] device hsr_slave_1 entered promiscuous mode [ 740.446346][ T2040] device hsr_slave_0 entered promiscuous mode [ 740.499755][ T2040] device hsr_slave_1 entered promiscuous mode [ 740.548200][ T2040] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 740.555058][ T2040] Cannot create hsr debugfs directory [ 749.145254][ T2040] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 749.349607][ T2040] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 749.449045][ T2040] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 749.720167][ T2040] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 751.588152][ T2039] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 751.819882][ T2039] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 751.947811][ T2039] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 752.107662][ T2039] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 765.319829][ T2040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 766.216869][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 766.324802][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 767.136520][ T2039] 8021q: adding VLAN 0 to HW filter on device bond0 [ 767.726366][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 767.813909][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 776.322335][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 776.368480][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 776.617415][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 776.681744][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 776.869188][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 777.228329][ T2662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 778.299754][ T2662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 778.378196][ T2662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 778.914546][ T2040] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 779.015379][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 779.398991][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 779.438244][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 779.468971][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 779.521841][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 779.837087][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 779.913373][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 780.339548][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 780.574976][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 780.578696][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 780.695105][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 781.306298][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 781.364824][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 781.764651][ T946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 781.804156][ T946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 782.129290][ T2039] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 783.185841][ T946] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 783.190182][ T946] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 802.806293][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 802.838508][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 805.307962][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 805.389268][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 812.194036][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 812.313589][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 812.617932][ T2040] device veth0_vlan entered promiscuous mode [ 813.585303][ T2040] device veth1_vlan entered promiscuous mode [ 813.933834][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 814.017948][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 816.245219][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 816.284197][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 817.104468][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 817.177283][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 817.334534][ T2040] device veth0_macvtap entered promiscuous mode [ 817.726875][ T2039] device veth0_vlan entered promiscuous mode [ 818.168479][ T2040] device veth1_macvtap entered promiscuous mode [ 818.473039][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 818.565767][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 818.618087][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 819.208641][ T2039] device veth1_vlan entered promiscuous mode [ 821.049405][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 821.177701][ T2663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 821.527529][ T946] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 821.647421][ T946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 822.153761][ T2040] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 822.157883][ T2040] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 822.159814][ T2040] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 822.189429][ T2040] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 822.683607][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 822.813972][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 823.605295][ T2039] device veth0_macvtap entered promiscuous mode [ 823.830038][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 825.460134][ T2039] device veth1_macvtap entered promiscuous mode [ 827.358368][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 827.465698][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 828.325149][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 828.473325][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 828.612812][ T2039] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 828.614895][ T2039] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 828.708307][ T2039] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 828.710172][ T2039] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 829.615998][ C0] ================================================================== [ 829.617757][ C0] BUG: KASAN: slab-out-of-bounds in __bfs+0x154/0x394 [ 829.619428][ C0] Read of size 8 at addr ffffaf8007417d50 by task syz-executor.0/2039 [ 829.620825][ C0] [ 829.624656][ C0] CPU: 0 PID: 2039 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 829.626705][ C0] Hardware name: riscv-virtio,qemu (DT) [ 829.627928][ C0] Call Trace: [ 829.628771][ C0] [] dump_backtrace+0x2e/0x3c [ 829.630135][ C0] [] show_stack+0x34/0x40 [ 829.631973][ C0] [] dump_stack_lvl+0xe4/0x150 [ 829.633381][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 829.635045][ C0] [] kasan_report+0x184/0x1e0 [ 829.636358][ C0] [] __asan_load8+0x6e/0x96 [ 829.638299][ C0] [] __bfs+0x154/0x394 [ 829.639485][ C0] [] check_path.constprop.0+0x24/0x46 [ 829.641562][ C0] [] check_noncircular+0x11a/0x1fe [ 829.643586][ C0] [] __lock_acquire+0x19a4/0x333e [ 829.644916][ C0] [] lock_acquire.part.0+0x1d0/0x424 [ 829.646525][ C0] [ 829.647291][ C0] Allocated by task 817: [ 829.648219][ C0] (stack is not available) [ 829.648922][ C0] [ 829.649521][ C0] Last potentially related work creation: [ 829.650648][ C0] ------------[ cut here ]------------ [ 829.651954][ C0] slab index 1510136 out of bounds (327) for stack id 2af70af8 [ 829.657523][ C0] WARNING: CPU: 0 PID: 2039 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 829.659662][ C0] Modules linked in: [ 829.661891][ C0] CPU: 0 PID: 2039 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 829.663792][ C0] Hardware name: riscv-virtio,qemu (DT) [ 829.665013][ C0] epc : stack_depot_print+0x66/0x70 [ 829.667260][ C0] ra : stack_depot_print+0x66/0x70 [ 829.668917][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf8007417ae0 [ 829.671735][ C0] gp : ffffffff85863ac0 tp : ffffaf800b59e100 t0 : ffffffff86bcb657 [ 829.674320][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf8007417af0 [ 829.675593][ C0] s1 : ffffaf807a853480 a0 : 000000000000003c a1 : 00000000000f0000 [ 829.676768][ C0] a2 : 0000000000000503 a3 : ffffffff8012252a a4 : 9f46b5015c7fa400 [ 829.678021][ C0] a5 : 9f46b5015c7fa400 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 829.679060][ C0] s2 : ffffaf8007417d50 s3 : ffffaf800723ea00 s4 : ffffaf8007416100 [ 829.680585][ C0] s5 : ffffaf8007417840 s6 : ffffffff8588bb20 s7 : ffffffff85e09180 [ 829.682793][ C0] s8 : ffffaf8007417c60 s9 : ffffaf800b59ec80 s10: ffffffff85899680 [ 829.684061][ C0] s11: ffffaf800b59e100 t3 : ffffffff801163b2 t4 : fffff5ef0b53910c [ 829.685207][ C0] t5 : fffff5ef0b53910d t6 : ffffaf80074175d8 [ 829.686198][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 829.688588][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 829.690244][ C0] [] kasan_report+0x184/0x1e0 [ 829.692260][ C0] [] __asan_load8+0x6e/0x96 [ 829.693656][ C0] [] __bfs+0x154/0x394 [ 829.694738][ C0] [] check_path.constprop.0+0x24/0x46 [ 829.695816][ C0] [] check_noncircular+0x11a/0x1fe [ 829.697047][ C0] [] __lock_acquire+0x19a4/0x333e [ 829.698244][ C0] [] lock_acquire.part.0+0x1d0/0x424 [ 829.699596][ C0] irq event stamp: 199387 [ 829.700296][ C0] hardirqs last enabled at (199386): [] get_page_from_freelist+0xfc8/0x12d8 [ 829.702914][ C0] hardirqs last disabled at (199387): [] get_page_from_freelist+0xfbe/0x12d8 [ 829.704337][ C0] softirqs last enabled at (199348): [] ip6_route_add+0x7e/0x148 [ 829.706599][ C0] softirqs last disabled at (199357): [] __irq_exit_rcu+0x142/0x1f8 [ 829.708801][ C0] ---[ end trace 0000000000000000 ]--- [ 829.710146][ C0] [ 829.710968][ C0] Second to last potentially related work creation: [ 829.712405][ C0] stack_trace_save+0xa6/0xd8 [ 829.713608][ C0] kasan_save_stack+0x2c/0x58 [ 829.714639][ C0] __kasan_kmalloc+0x80/0xb2 [ 829.715630][ C0] kmem_cache_alloc_trace+0x178/0x2e0 [ 829.716701][ C0] rtnl_register_internal+0x3b8/0x42a [ 829.717837][ C0] rtnl_register_module+0x38/0x4c [ 829.718881][ C0] ip6_mr_init+0x10e/0x196 [ 829.719884][ C0] inet6_init+0x1f0/0x888 [ 829.721316][ C0] do_one_initcall+0x13a/0x7ea [ 829.722684][ C0] kernel_init_freeable+0x510/0x5b4 [ 829.723792][ C0] kernel_init+0x28/0x21c [ 829.724977][ C0] ret_from_exception+0x0/0x10 [ 829.725991][ C0] [ 829.726550][ C0] The buggy address belongs to the object at ffffaf8007416100 [ 829.726550][ C0] which belongs to the cache task_struct of size 5952 [ 829.728166][ C0] The buggy address is located 1296 bytes to the right of [ 829.728166][ C0] 5952-byte region [ffffaf8007416100, ffffaf8007417840) [ 829.729772][ C0] The buggy address belongs to the page: [ 829.731247][ C0] page:ffffaf807a853480 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x87610 [ 829.733224][ C0] head:ffffaf807a853480 order:3 compound_mapcount:0 compound_pincount:0 [ 829.734647][ C0] flags: 0x8000010200(slab|head|section=16|node=0|zone=0) [ 829.737672][ C0] raw: 0000008000010200 0000000000000000 0000000000000122 ffffaf800723ea00 [ 829.739360][ C0] raw: 0000000000000000 0000000000050005 00000001ffffffff 0000000000000000 [ 829.741545][ C0] raw: 00000000000007ff [ 829.742805][ C0] page dumped because: kasan: bad access detected [ 829.744024][ C0] page_owner tracks the page as allocated [ 829.744973][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x0(), pid 1, ts 1449245400, free_ts 0 [ 829.746589][ C0] stack_trace_save+0xa6/0xd8 [ 829.748060][ C0] register_early_stack+0x8a/0xcc [ 829.749145][ C0] init_page_owner+0x8a/0x5cc [ 829.750238][ C0] page_ext_init+0x4e6/0x50c [ 829.751838][ C0] page_owner free stack trace missing [ 829.753462][ C0] [ 829.753927][ C0] Memory state around the buggy address: [ 829.754922][ C0] ffffaf8007417c00: f1 f1 f1 f1 00 f3 f3 f3 fc fc fc fc fc fc fc fc [ 829.755859][ C0] ffffaf8007417c80: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 [ 829.756876][ C0] >ffffaf8007417d00: f1 f1 f1 f1 00 f2 f2 f2 fc fc fc fc 00 00 00 f3 [ 829.757762][ C0] ^ [ 829.758596][ C0] ffffaf8007417d80: f3 f3 f3 f3 fc fc fc fc fc fc fc fc fc fc fc fc [ 829.759310][ C0] ffffaf8007417e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 829.760277][ C0] ================================================================== [ 829.761618][ C0] Disabling lock debugging due to kernel taint [ 829.767983][ T2039] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 829.769357][ T2039] CPU: 0 PID: 2039 Comm: syz-executor.0 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 829.770861][ T2039] Hardware name: riscv-virtio,qemu (DT) [ 829.771772][ T2039] Call Trace: [ 829.772388][ T2039] [] dump_backtrace+0x2e/0x3c [ 829.773384][ T2039] [] show_stack+0x34/0x40 [ 829.774188][ T2039] [] dump_stack_lvl+0xe4/0x150 [ 829.775004][ T2039] [] dump_stack+0x1c/0x24 [ 829.775934][ T2039] [] panic+0x24a/0x634 [ 829.776863][ T2039] [] schedule+0x0/0x14c [ 829.777624][ T2039] [] preempt_schedule_common+0x4e/0xde [ 829.778861][ T2039] [] preempt_schedule+0x34/0x36 [ 829.779695][ T2039] [] _raw_spin_unlock_irqrestore+0x8c/0x98 [ 829.780992][ T2039] [] ref_tracker_alloc+0x1fa/0x33e [ 829.782122][ T2039] [] fib6_nh_init+0x3bc/0x10c0 [ 829.782927][ T2039] [] ip6_route_info_create+0xb70/0xf78 [ 829.783708][ T2039] [] addrconf_f6i_alloc+0x242/0x3d8 [ 829.784561][ T2039] [] ipv6_add_addr+0x28e/0x12f2 [ 829.785502][ T2039] [] addrconf_add_linklocal+0x152/0x312 [ 829.787169][ T2039] [] addrconf_addr_gen+0x2c8/0x2d2 [ 829.788037][ T2039] [] addrconf_dev_config+0x208/0x3a0 [ 829.788879][ T2039] [] addrconf_notify+0xaa4/0x1360 [ 829.789745][ T2039] [] notifier_call_chain+0xb8/0x188 [ 829.791091][ T2039] [] raw_notifier_call_chain+0x2a/0x38 [ 829.792376][ T2039] [] call_netdevice_notifiers_info+0x9e/0x10c [ 829.793320][ T2039] [] __dev_notify_flags+0x108/0x1fa [ 829.794329][ T2039] [] dev_change_flags+0x9c/0xba [ 829.795106][ T2039] [] do_setlink+0x5d6/0x21c4 [ 829.796067][ T2039] [] __rtnl_newlink+0x99e/0xfa0 [ 829.796952][ T2039] [] rtnl_newlink+0x60/0x8c [ 829.797786][ T2039] [] rtnetlink_rcv_msg+0x338/0x9a0 [ 829.798656][ T2039] [] netlink_rcv_skb+0xf8/0x2be [ 829.799424][ T2039] [] rtnetlink_rcv+0x26/0x30 [ 829.800472][ T2039] [] netlink_unicast+0x40e/0x5fe [ 829.801848][ T2039] [] netlink_sendmsg+0x4e0/0x994 [ 829.802687][ T2039] [] sock_sendmsg+0xa0/0xc4 [ 829.803626][ T2039] [] __sys_sendto+0x1f2/0x2e0 [ 829.804414][ T2039] [] sys_sendto+0x3e/0x52 [ 829.805882][ T2039] [] ret_from_syscall+0x0/0x2 [ 829.807064][ T2039] SMP: stopping secondary CPUs [ 829.809254][ T2039] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:19:23 Registers: info registers vcpu 0 pc ffffffff80dc337e mhartid 0000000000000000 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475986 sepc ffffffff831afd22 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc337e x2/sp ffffaf80074175f0 x3/gp ffffffff85863ac0 x4/tp ffffaf800b59e100 x5/t0 ffffffff86bcb657 x6/t1 fffffffff3f3f3f3 x7/t2 0000000000000000 x8/s0 ffffaf8007417620 x9/s1 ffffffff86e58900 x10/a0 ffffffff86e58948 x11/a1 ffff8f800066c000 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 9f46b5015c7fa400 x18/s2 ffff8f800066c000 x19/s3 0000000000000020 x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb658 x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000 x28/t3 ffffffff801163b2 x29/t4 fffffffef0d796c8 x30/t5 fffffffef0d796cb x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff8010b22c mhartid 0000000000000001 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff831a1a48 sepc ffffffff8017485c mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf801084f810 x3/gp ffffffff85863ac0 x4/tp ffffaf800b960000 x5/t0 0000000000046000 x6/t1 fffffffef0b187a1 x7/t2 0000000000000032 x8/s0 ffffaf801084f820 x9/s1 0000000000001000 x10/a0 0000000000000120 x11/a1 ffffffffffffffff x12/a2 1ffff5f00172c001 x13/a3 ffffffff80146d84 x14/a4 0000000000010001 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff858c3d0b x18/s2 ffffaf805a9e7480 x19/s3 ffffffff84b73ec0 x20/s4 ffffaf805a9e7400 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 0000000000000000 x24/s8 ffffffff86c1a620 x25/s9 ffffaf805a9e7d50 x26/s10 ffffaf805a9e7400 x27/s11 ffffaf800b960000 x28/t3 fffffffff3f3f300 x29/t4 fffffffef0b187a1 x30/t5 fffffffef0b187a2 x31/t6 0000000000082368 f0/ft0 0000000000000000 f1/ft1 403a758765d88c87 f2/ft2 40e8510000000000 f3/ft3 43e0000000000000 f4/ft4 3ffe000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000