syzkaller login: [ 348.038213][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 358.801340][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 358.907982][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 393.973435][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:57078' (ECDSA) to the list of known hosts. 1970/01/01 00:07:07 fuzzer started 1970/01/01 00:07:26 dialing manager at localhost:37285 [ 452.801149][ T2044] cgroup: Unknown subsys name 'net' [ 454.088051][ T2044] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:07:33 syscalls: 2819 1970/01/01 00:07:33 code coverage: enabled 1970/01/01 00:07:33 comparison tracing: ioctl(KCOV_DISABLE) failed: invalid argument 1970/01/01 00:07:33 extra coverage: ioctl(KCOV_REMOTE_ENABLE) failed: device or resource busy 1970/01/01 00:07:33 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:07:33 setuid sandbox: enabled 1970/01/01 00:07:33 namespace sandbox: enabled 1970/01/01 00:07:33 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:07:33 fault injection: enabled 1970/01/01 00:07:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:07:33 net packet injection: enabled 1970/01/01 00:07:33 net device setup: enabled 1970/01/01 00:07:33 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:07:33 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:07:33 USB emulation: enabled 1970/01/01 00:07:33 hci packet injection: /dev/vhci does not exist 1970/01/01 00:07:33 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:07:33 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:07:34 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:07:41 fetching corpus: 50, signal 36736/40176 (executing program) 1970/01/01 00:07:45 fetching corpus: 100, signal 52529/57351 (executing program) 1970/01/01 00:07:49 fetching corpus: 150, signal 64908/70980 (executing program) 1970/01/01 00:07:52 fetching corpus: 199, signal 71559/78903 (executing program) 1970/01/01 00:07:55 fetching corpus: 249, signal 77432/85965 (executing program) 1970/01/01 00:07:59 fetching corpus: 299, signal 85675/95201 (executing program) 1970/01/01 00:08:02 fetching corpus: 348, signal 90488/101089 (executing program) 1970/01/01 00:08:05 fetching corpus: 398, signal 94888/106517 (executing program) 1970/01/01 00:08:10 fetching corpus: 447, signal 98660/111307 (executing program) 1970/01/01 00:08:13 fetching corpus: 496, signal 101571/115251 (executing program) 1970/01/01 00:08:16 fetching corpus: 546, signal 104155/118850 (executing program) 1970/01/01 00:08:22 fetching corpus: 596, signal 107016/122690 (executing program) 1970/01/01 00:08:26 fetching corpus: 645, signal 109574/126146 (executing program) 1970/01/01 00:08:28 fetching corpus: 694, signal 113730/131064 (executing program) 1970/01/01 00:08:31 fetching corpus: 744, signal 116559/134758 (executing program) 1970/01/01 00:08:34 fetching corpus: 794, signal 119206/138219 (executing program) 1970/01/01 00:08:37 fetching corpus: 843, signal 124880/144298 (executing program) 1970/01/01 00:08:39 fetching corpus: 893, signal 127229/147372 (executing program) 1970/01/01 00:08:42 fetching corpus: 943, signal 128896/149839 (executing program) 1970/01/01 00:08:45 fetching corpus: 993, signal 130983/152607 (executing program) 1970/01/01 00:08:48 fetching corpus: 1043, signal 132920/155287 (executing program) 1970/01/01 00:08:50 fetching corpus: 1093, signal 134214/157381 (executing program) 1970/01/01 00:08:54 fetching corpus: 1143, signal 136375/160137 (executing program) 1970/01/01 00:08:56 fetching corpus: 1193, signal 138092/162487 (executing program) 1970/01/01 00:08:58 fetching corpus: 1243, signal 140541/165437 (executing program) 1970/01/01 00:09:01 fetching corpus: 1293, signal 142316/167842 (executing program) 1970/01/01 00:09:04 fetching corpus: 1342, signal 144187/170303 (executing program) 1970/01/01 00:09:06 fetching corpus: 1392, signal 147649/174006 (executing program) 1970/01/01 00:09:09 fetching corpus: 1442, signal 149159/176115 (executing program) 1970/01/01 00:09:12 fetching corpus: 1491, signal 150933/178358 (executing program) 1970/01/01 00:09:15 fetching corpus: 1541, signal 152169/180187 (executing program) 1970/01/01 00:09:18 fetching corpus: 1590, signal 154136/182604 (executing program) 1970/01/01 00:09:21 fetching corpus: 1640, signal 155528/184484 (executing program) 1970/01/01 00:09:24 fetching corpus: 1690, signal 156933/186335 (executing program) 1970/01/01 00:09:27 fetching corpus: 1740, signal 161017/190161 (executing program) 1970/01/01 00:09:30 fetching corpus: 1790, signal 162292/191895 (executing program) 1970/01/01 00:09:32 fetching corpus: 1840, signal 166687/195861 (executing program) 1970/01/01 00:09:35 fetching corpus: 1890, signal 167733/197384 (executing program) 1970/01/01 00:09:38 fetching corpus: 1939, signal 168712/198836 (executing program) 1970/01/01 00:09:41 fetching corpus: 1988, signal 171404/201462 (executing program) 1970/01/01 00:09:44 fetching corpus: 2038, signal 172573/203017 (executing program) 1970/01/01 00:09:46 fetching corpus: 2088, signal 173675/204461 (executing program) 1970/01/01 00:09:49 fetching corpus: 2138, signal 175586/206449 (executing program) 1970/01/01 00:09:52 fetching corpus: 2187, signal 176485/207735 (executing program) 1970/01/01 00:09:55 fetching corpus: 2236, signal 177966/209427 (executing program) 1970/01/01 00:09:58 fetching corpus: 2286, signal 180196/211612 (executing program) 1970/01/01 00:10:03 fetching corpus: 2334, signal 182063/213510 (executing program) 1970/01/01 00:10:06 fetching corpus: 2383, signal 182950/214761 (executing program) 1970/01/01 00:10:09 fetching corpus: 2433, signal 183938/216101 (executing program) 1970/01/01 00:10:12 fetching corpus: 2481, signal 185619/217792 (executing program) 1970/01/01 00:10:16 fetching corpus: 2531, signal 187531/219533 (executing program) 1970/01/01 00:10:19 fetching corpus: 2580, signal 189157/221096 (executing program) 1970/01/01 00:10:22 fetching corpus: 2630, signal 190146/222249 (executing program) 1970/01/01 00:10:24 fetching corpus: 2679, signal 191155/223387 (executing program) 1970/01/01 00:10:27 fetching corpus: 2729, signal 191983/224474 (executing program) 1970/01/01 00:10:30 fetching corpus: 2778, signal 193108/225709 (executing program) 1970/01/01 00:10:32 fetching corpus: 2827, signal 194224/226916 (executing program) 1970/01/01 00:10:36 fetching corpus: 2877, signal 196794/228883 (executing program) 1970/01/01 00:10:41 fetching corpus: 2927, signal 199100/230697 (executing program) 1970/01/01 00:10:44 fetching corpus: 2976, signal 200514/232013 (executing program) 1970/01/01 00:10:46 fetching corpus: 3026, signal 201251/232932 (executing program) 1970/01/01 00:10:49 fetching corpus: 3076, signal 202557/234137 (executing program) 1970/01/01 00:10:52 fetching corpus: 3126, signal 204191/235512 (executing program) 1970/01/01 00:10:54 fetching corpus: 3176, signal 205540/236747 (executing program) 1970/01/01 00:10:57 fetching corpus: 3226, signal 206323/237634 (executing program) 1970/01/01 00:11:00 fetching corpus: 3276, signal 206927/238441 (executing program) 1970/01/01 00:11:02 fetching corpus: 3326, signal 207641/239239 (executing program) 1970/01/01 00:11:05 fetching corpus: 3375, signal 209502/240653 (executing program) 1970/01/01 00:11:07 fetching corpus: 3425, signal 210319/241486 (executing program) 1970/01/01 00:11:09 fetching corpus: 3475, signal 211061/242279 (executing program) 1970/01/01 00:11:11 fetching corpus: 3525, signal 211768/243025 (executing program) 1970/01/01 00:11:15 fetching corpus: 3575, signal 213203/244141 (executing program) 1970/01/01 00:11:18 fetching corpus: 3625, signal 214002/244944 (executing program) 1970/01/01 00:11:19 fetching corpus: 3675, signal 214722/245691 (executing program) 1970/01/01 00:11:22 fetching corpus: 3725, signal 215528/246465 (executing program) 1970/01/01 00:11:24 fetching corpus: 3775, signal 216208/247198 (executing program) 1970/01/01 00:11:27 fetching corpus: 3825, signal 216717/247822 (executing program) 1970/01/01 00:11:31 fetching corpus: 3874, signal 217548/248549 (executing program) 1970/01/01 00:11:34 fetching corpus: 3924, signal 218287/249245 (executing program) 1970/01/01 00:11:36 fetching corpus: 3974, signal 219104/249940 (executing program) 1970/01/01 00:11:38 fetching corpus: 4024, signal 219922/250619 (executing program) 1970/01/01 00:11:43 fetching corpus: 4074, signal 221402/251580 (executing program) 1970/01/01 00:11:46 fetching corpus: 4123, signal 222090/252209 (executing program) 1970/01/01 00:11:48 fetching corpus: 4173, signal 222840/252860 (executing program) 1970/01/01 00:11:50 fetching corpus: 4223, signal 225392/254099 (executing program) 1970/01/01 00:11:53 fetching corpus: 4273, signal 226240/254718 (executing program) 1970/01/01 00:11:56 fetching corpus: 4322, signal 227299/255421 (executing program) 1970/01/01 00:11:59 fetching corpus: 4371, signal 227940/255950 (executing program) 1970/01/01 00:12:01 fetching corpus: 4421, signal 228492/256461 (executing program) 1970/01/01 00:12:03 fetching corpus: 4471, signal 229130/256971 (executing program) 1970/01/01 00:12:05 fetching corpus: 4521, signal 229612/257434 (executing program) 1970/01/01 00:12:08 fetching corpus: 4571, signal 230340/257966 (executing program) 1970/01/01 00:12:11 fetching corpus: 4619, signal 231488/258605 (executing program) 1970/01/01 00:12:13 fetching corpus: 4669, signal 232310/259145 (executing program) 1970/01/01 00:12:15 fetching corpus: 4719, signal 232969/259630 (executing program) 1970/01/01 00:12:18 fetching corpus: 4769, signal 233534/260079 (executing program) 1970/01/01 00:12:20 fetching corpus: 4819, signal 234515/260598 (executing program) 1970/01/01 00:12:23 fetching corpus: 4868, signal 235027/260990 (executing program) 1970/01/01 00:12:26 fetching corpus: 4918, signal 236200/261546 (executing program) 1970/01/01 00:12:28 fetching corpus: 4968, signal 236835/261964 (executing program) 1970/01/01 00:12:30 fetching corpus: 5018, signal 239461/262890 (executing program) 1970/01/01 00:12:32 fetching corpus: 5068, signal 240006/263272 (executing program) 1970/01/01 00:12:35 fetching corpus: 5118, signal 240784/263682 (executing program) 1970/01/01 00:12:39 fetching corpus: 5165, signal 241371/264044 (executing program) 1970/01/01 00:12:41 fetching corpus: 5215, signal 242189/264455 (executing program) 1970/01/01 00:12:43 fetching corpus: 5265, signal 242607/264729 (executing program) 1970/01/01 00:12:45 fetching corpus: 5315, signal 243366/265063 (executing program) 1970/01/01 00:12:49 fetching corpus: 5365, signal 243914/265357 (executing program) 1970/01/01 00:12:52 fetching corpus: 5414, signal 244553/265662 (executing program) 1970/01/01 00:12:56 fetching corpus: 5464, signal 244949/265934 (executing program) 1970/01/01 00:12:59 fetching corpus: 5514, signal 245433/266213 (executing program) 1970/01/01 00:13:01 fetching corpus: 5564, signal 245845/266477 (executing program) 1970/01/01 00:13:03 fetching corpus: 5614, signal 246270/266776 (executing program) 1970/01/01 00:13:05 fetching corpus: 5664, signal 246900/267122 (executing program) 1970/01/01 00:13:07 fetching corpus: 5713, signal 247586/267390 (executing program) 1970/01/01 00:13:10 fetching corpus: 5763, signal 248115/267739 (executing program) 1970/01/01 00:13:12 fetching corpus: 5812, signal 249094/268054 (executing program) 1970/01/01 00:13:14 fetching corpus: 5862, signal 250040/268380 (executing program) 1970/01/01 00:13:17 fetching corpus: 5911, signal 250547/268587 (executing program) 1970/01/01 00:13:20 fetching corpus: 5961, signal 251279/268810 (executing program) 1970/01/01 00:13:23 fetching corpus: 6011, signal 251759/269020 (executing program) 1970/01/01 00:13:25 fetching corpus: 6060, signal 252235/269182 (executing program) 1970/01/01 00:13:26 fetching corpus: 6110, signal 253512/269476 (executing program) 1970/01/01 00:13:29 fetching corpus: 6160, signal 254745/269733 (executing program) 1970/01/01 00:13:31 fetching corpus: 6210, signal 255216/269894 (executing program) 1970/01/01 00:13:35 fetching corpus: 6259, signal 255775/270047 (executing program) 1970/01/01 00:13:37 fetching corpus: 6309, signal 256183/270182 (executing program) 1970/01/01 00:13:39 fetching corpus: 6359, signal 256689/270313 (executing program) 1970/01/01 00:13:42 fetching corpus: 6407, signal 257232/270439 (executing program) 1970/01/01 00:13:44 fetching corpus: 6457, signal 257748/270572 (executing program) 1970/01/01 00:13:47 fetching corpus: 6507, signal 259301/270684 (executing program) 1970/01/01 00:13:49 fetching corpus: 6557, signal 259803/270791 (executing program) 1970/01/01 00:13:52 fetching corpus: 6607, signal 260475/270886 (executing program) 1970/01/01 00:13:55 fetching corpus: 6657, signal 261026/271007 (executing program) 1970/01/01 00:13:57 fetching corpus: 6707, signal 261788/271047 (executing program) 1970/01/01 00:14:01 fetching corpus: 6757, signal 262199/271058 (executing program) 1970/01/01 00:14:05 fetching corpus: 6807, signal 262725/271060 (executing program) 1970/01/01 00:14:07 fetching corpus: 6857, signal 263513/271072 (executing program) 1970/01/01 00:14:09 fetching corpus: 6907, signal 264040/271110 (executing program) 1970/01/01 00:14:11 fetching corpus: 6956, signal 264851/271112 (executing program) 1970/01/01 00:14:13 fetching corpus: 7006, signal 265612/271112 (executing program) 1970/01/01 00:14:16 fetching corpus: 7056, signal 266031/271112 (executing program) 1970/01/01 00:14:19 fetching corpus: 7105, signal 266709/271129 (executing program) 1970/01/01 00:14:20 fetching corpus: 7113, signal 266760/271130 (executing program) 1970/01/01 00:14:21 fetching corpus: 7114, signal 266798/271130 (executing program) 1970/01/01 00:14:21 fetching corpus: 7114, signal 266798/271130 (executing program) 1970/01/01 00:16:13 starting 2 fuzzer processes 00:16:13 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$TCXONC(r0, 0x540f, 0xea007) ioctl$KDGKBSENT(r0, 0x4b48, &(0x7f0000000080)={0x53, "f976c88844c5e96b02ab73d04390382c8baae92da5391242bdc7c8ed92f82f58ff19eb2d40cf802a60fededd65d2943767d359cf1597cf8ff3479a0afafc1f823cc580cc56fc81d794c4852665fede4b7595e64a551c96f4ab293a128f0111bf9f1f018511a09249ab7ef358446d76362d01d9ed60dfc2971693c3b6c15527bf7b91054b4d07ba48308a5dc0f45afa580192dd94c454078d4cfa9f178018c2a4025bcd5382efd6a82ac40fa5607a78c02148a8eac1a1eaa1f78b9edc3632c8d59a4b108b543a1450880014d8a00bb48bc607664783bbcc137a515c967bc0e74a63481042ed43a39111b5dfc65ab72f9478d1e6c90a7679940d995f9aba499a732d9a438bcbb19ff6dcb4a9d00d38ebdcd2c07e63e99d26cc7fcf2556ffcac0eab6497a0ee8972508567a44970891a644820df48da8aaad602efbd06895df0d592f393506980f2193898f67a6e155430339c796c0e25f5912a0cf1a7b9336c88f08f9893de48591cb78028f19dd1b1290a1d885c9083f35ec9206831abb25a5b04b6d6c76f8d375c9155b472f3747bec279aa3704aa33daad69b482f304d8203cbed01233feac82606869ba1d137386f1a6037a7e650b1bfe1fd7b64c8a1b7e9c6492246c88e971e1add30d491bf6ebc3b23ca6e6ee6322364587662a670b3d0a88c64e05855048ea9d7043bbeb96fc5c368d7db015c3967429c6e31f51fa8148"}) r1 = fsopen(&(0x7f0000000040)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) mkdirat(r2, &(0x7f0000000000)='./file0\x00', 0x1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), r4) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/kcm\x00') r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r7, 0x84, 0x76, &(0x7f0000000180)={r9}, &(0x7f0000000200)=0x8) r10 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) close(r10) sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x70, r5, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SOCKETS={0x44, 0x7, 0x0, 0x1, [{0x8}, {0x8}, {0x8, 0x1, r6}, {0x8}, {0x8}, {0x8, 0x1, r7}, {0x8}, {0x8, 0x1, r6}]}]}, 0x70}}, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) 00:16:13 executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000080)) [ 1003.121245][ T2058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1003.269993][ T2058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1005.232562][ T2057] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1005.352256][ T2057] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1015.793393][ T2058] device hsr_slave_0 entered promiscuous mode [ 1015.892038][ T2058] device hsr_slave_1 entered promiscuous mode [ 1017.669908][ T2057] device hsr_slave_0 entered promiscuous mode [ 1017.723195][ T2057] device hsr_slave_1 entered promiscuous mode [ 1017.773083][ T2057] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1017.781517][ T2057] Cannot create hsr debugfs directory [ 1026.242164][ T2058] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1026.391205][ T2058] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1026.513151][ T2058] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1026.598628][ T2058] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1028.133279][ T2057] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1028.340284][ T2057] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1028.502472][ T2057] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1028.731326][ T2057] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1037.709255][ C0] ================================================================== [ 1037.713279][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 1037.715893][ C0] Read of size 8 at addr ffffaf800e1e7d00 by task syz-executor.1/2058 [ 1037.717959][ C0] [ 1037.719599][ C0] CPU: 0 PID: 2058 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1037.721521][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1037.722879][ C0] Call Trace: [ 1037.723992][ C0] [] dump_backtrace+0x2e/0x3c [ 1037.726007][ C0] [] show_stack+0x34/0x40 [ 1037.727380][ C0] [] dump_stack_lvl+0xe4/0x150 [ 1037.728813][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 1037.730461][ C0] [] kasan_report+0x184/0x1e0 [ 1037.733164][ C0] [] __asan_load8+0x6e/0x96 [ 1037.736121][ C0] [] walk_stackframe+0x11c/0x260 [ 1037.738661][ C0] [] arch_stack_walk+0x2c/0x3c [ 1037.741311][ C0] [] stack_trace_save+0xa6/0xd8 [ 1037.743279][ C0] [] kasan_save_stack+0x2c/0x58 [ 1037.745465][ C0] [ 1037.746463][ C0] Allocated by task 1102416563: [ 1037.747465][ C0] (stack is not available) [ 1037.748324][ C0] [ 1037.749172][ C0] Last potentially related work creation: [ 1037.750204][ C0] ------------[ cut here ]------------ [ 1037.751126][ C0] slab index 1509328 out of bounds (317) for stack id 845707d0 [ 1037.755742][ C0] WARNING: CPU: 0 PID: 2058 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 1037.757611][ C0] Modules linked in: [ 1037.758855][ C0] CPU: 0 PID: 2058 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1037.760219][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1037.761208][ C0] epc : stack_depot_print+0x66/0x70 [ 1037.762499][ C0] ra : stack_depot_print+0x66/0x70 [ 1037.763810][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800e1e7bc0 [ 1037.765912][ C0] gp : ffffffff85863ac0 tp : ffffaf800e5d3080 t0 : ffffffff86bcb657 [ 1037.767218][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800e1e7bd0 [ 1037.768449][ C0] s1 : ffffaf807aa41700 a0 : 000000000000003c a1 : 00000000000f0000 [ 1037.769663][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : f9f594ee1b00bc00 [ 1037.770913][ C0] a5 : f9f594ee1b00bc00 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 1037.772220][ C0] s2 : ffffaf800e1e7d00 s3 : ffffaf800720c280 s4 : ffffaf800e1e6000 [ 1037.773448][ C0] s5 : ffffaf800e1e7000 s6 : 0000000000003fff s7 : ffffaf800e1e7ca0 [ 1037.775214][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf800e1e7d80 [ 1037.776456][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 1037.777678][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800e1e76b8 [ 1037.778766][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 1037.780240][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 1037.781859][ C0] [] kasan_report+0x184/0x1e0 [ 1037.783219][ C0] [] __asan_load8+0x6e/0x96 [ 1037.784446][ C0] [] walk_stackframe+0x11c/0x260 [ 1037.786219][ C0] [] arch_stack_walk+0x2c/0x3c [ 1037.787691][ C0] [] stack_trace_save+0xa6/0xd8 [ 1037.789067][ C0] [] kasan_save_stack+0x2c/0x58 [ 1037.790659][ C0] irq event stamp: 124815 [ 1037.791605][ C0] hardirqs last enabled at (124814): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 1037.793273][ C0] hardirqs last disabled at (124815): [] _raw_spin_lock_irqsave+0x60/0x62 [ 1037.796098][ C0] softirqs last enabled at (124676): [] __do_softirq+0x618/0x8fc [ 1037.797732][ C0] softirqs last disabled at (124681): [] __irq_exit_rcu+0x142/0x1f8 [ 1037.799361][ C0] ---[ end trace 0000000000000000 ]--- [ 1037.800881][ C0] [ 1037.801663][ C0] Second to last potentially related work creation: [ 1037.802740][ C0] ------------[ cut here ]------------ [ 1037.803681][ C0] slab index 2097151 out of bounds (317) for stack id ffffffff [ 1037.808434][ C0] WARNING: CPU: 0 PID: 2058 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 1037.810310][ C0] Modules linked in: [ 1037.811634][ C0] CPU: 0 PID: 2058 Comm: syz-executor.1 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1037.813267][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1037.814799][ C0] epc : stack_depot_print+0x66/0x70 [ 1037.816788][ C0] ra : stack_depot_print+0x66/0x70 [ 1037.818105][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800e1e7bc0 [ 1037.819396][ C0] gp : ffffffff85863ac0 tp : ffffaf800e5d3080 t0 : ffffffff86bcb657 [ 1037.820690][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800e1e7bd0 [ 1037.821948][ C0] s1 : ffffaf807aa41700 a0 : 000000000000003c a1 : 00000000000f0000 [ 1037.823198][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : f9f594ee1b00bc00 [ 1037.825501][ C0] a5 : f9f594ee1b00bc00 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 1037.827774][ C0] s2 : ffffaf800e1e7d00 s3 : ffffaf800720c280 s4 : ffffaf800e1e6000 [ 1037.829066][ C0] s5 : ffffaf800e1e7000 s6 : 0000000000003fff s7 : ffffaf800e1e7ca0 [ 1037.830296][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf800e1e7d80 [ 1037.831593][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 1037.832816][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800e1e76b8 [ 1037.833945][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 1037.836273][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 1037.837995][ C0] [] kasan_report+0x184/0x1e0 [ 1037.839433][ C0] [] __asan_load8+0x6e/0x96 [ 1037.840752][ C0] [] walk_stackframe+0x11c/0x260 [ 1037.842159][ C0] [] arch_stack_walk+0x2c/0x3c [ 1037.843558][ C0] [] stack_trace_save+0xa6/0xd8 [ 1037.845706][ C0] [] kasan_save_stack+0x2c/0x58 [ 1037.847219][ C0] irq event stamp: 124815 [ 1037.848110][ C0] hardirqs last enabled at (124814): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 1037.849776][ C0] hardirqs last disabled at (124815): [] _raw_spin_lock_irqsave+0x60/0x62 [ 1037.851403][ C0] softirqs last enabled at (124676): [] __do_softirq+0x618/0x8fc [ 1037.853020][ C0] softirqs last disabled at (124681): [] __irq_exit_rcu+0x142/0x1f8 [ 1037.855972][ C0] ---[ end trace 0000000000000000 ]--- [ 1037.857804][ C0] [ 1037.858645][ C0] The buggy address belongs to the object at ffffaf800e1e6000 [ 1037.858645][ C0] which belongs to the cache kmalloc-cg-4k of size 4096 [ 1037.860418][ C0] The buggy address is located 3328 bytes to the right of [ 1037.860418][ C0] 4096-byte region [ffffaf800e1e6000, ffffaf800e1e7000) [ 1037.862188][ C0] The buggy address belongs to the page: [ 1037.863696][ C0] page:ffffaf807aa41700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8e3e0 [ 1037.866800][ C0] head:ffffaf807aa41700 order:3 compound_mapcount:0 compound_pincount:0 [ 1037.868357][ C0] flags: 0x8800010200(slab|head|section=17|node=0|zone=0) [ 1037.871351][ C0] raw: 0000008800010200 0000000000000000 0000000000000122 ffffaf800720c280 [ 1037.872789][ C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 1037.874129][ C0] raw: 00000000000007ff [ 1037.875660][ C0] page dumped because: kasan: bad access detected [ 1037.877091][ C0] page_owner tracks the page as allocated [ 1037.878180][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2058, ts 1016572652400, free_ts 1016098341000 [ 1037.880746][ C0] __set_page_owner+0x48/0x136 [ 1037.882042][ C0] post_alloc_hook+0xd0/0x10a [ 1037.883264][ C0] get_page_from_freelist+0x8da/0x12d8 [ 1037.885198][ C0] __alloc_pages+0x150/0x3b6 [ 1037.887029][ C0] alloc_pages+0x132/0x2a6 [ 1037.888269][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 1037.889548][ C0] new_slab+0x25a/0x2cc [ 1037.890734][ C0] ___slab_alloc+0x56e/0x918 [ 1037.891946][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 1037.893210][ C0] __kmalloc_node+0x27a/0x36c [ 1037.895009][ C0] kvmalloc_node+0x48/0x108 [ 1037.896748][ C0] alloc_netdev_mqs+0xa4/0x7ba [ 1037.897999][ C0] rtnl_create_link+0x556/0x59e [ 1037.899221][ C0] veth_newlink+0x20a/0x7dc [ 1037.900457][ C0] __rtnl_newlink+0xc16/0xfa0 [ 1037.901652][ C0] rtnl_newlink+0x60/0x8c [ 1037.902985][ C0] page last free stack trace: [ 1037.903950][ C0] __reset_page_owner+0x4a/0xea [ 1037.905731][ C0] free_pcp_prepare+0x29c/0x45e [ 1037.906977][ C0] free_unref_page+0x6a/0x31e [ 1037.908160][ C0] __free_pages+0xe2/0x112 [ 1037.909286][ C0] __free_slab+0x122/0x27c [ 1037.910445][ C0] discard_slab+0x4c/0x7a [ 1037.911646][ C0] __slab_free+0x20a/0x29c [ 1037.912834][ C0] ___cache_free+0x17c/0x354 [ 1037.914132][ C0] qlist_free_all+0x7c/0x132 [ 1037.915886][ C0] kasan_quarantine_reduce+0x14c/0x1c8 [ 1037.917213][ C0] __kasan_slab_alloc+0x5c/0x98 [ 1037.918483][ C0] kmem_cache_alloc_trace+0x278/0x2e0 [ 1037.919787][ C0] netdevice_event+0x1b2/0x712 [ 1037.920991][ C0] notifier_call_chain+0xb8/0x188 [ 1037.922307][ C0] raw_notifier_call_chain+0x2a/0x38 [ 1037.923668][ C0] call_netdevice_notifiers_info+0x9e/0x10c [ 1037.925706][ C0] [ 1037.926500][ C0] Memory state around the buggy address: [ 1037.927914][ C0] ffffaf800e1e7c00: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 1037.929242][ C0] ffffaf800e1e7c80: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 1037.930470][ C0] >ffffaf800e1e7d00: fc fc fc fc 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 1037.931672][ C0] ^ [ 1037.932706][ C0] ffffaf800e1e7d80: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 1037.934001][ C0] ffffaf800e1e7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1037.936367][ C0] ================================================================== [ 1037.937660][ C0] Disabling lock debugging due to kernel taint [ 1037.941538][ T2058] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 1037.942894][ T2058] CPU: 0 PID: 2058 Comm: syz-executor.1 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1037.945270][ T2058] Hardware name: riscv-virtio,qemu (DT) [ 1037.946904][ T2058] Call Trace: [ 1037.947662][ T2058] [] dump_backtrace+0x2e/0x3c [ 1037.949097][ T2058] [] show_stack+0x34/0x40 [ 1037.950239][ T2058] [] dump_stack_lvl+0xe4/0x150 [ 1037.951503][ T2058] [] dump_stack+0x1c/0x24 [ 1037.952825][ T2058] [] panic+0x24a/0x634 [ 1037.954267][ T2058] [] schedule+0x0/0x14c [ 1037.955485][ T2058] [] preempt_schedule_irq+0x4a/0x13e [ 1037.956810][ T2058] [] resume_kernel+0x16/0x18 [ 1037.958273][ T2058] SMP: stopping secondary CPUs [ 1037.960633][ T2058] Rebooting in 86400 seconds.. VM DIAGNOSIS: 21:20:23 Registers: info registers vcpu 0 pc ffffffff8010b22c mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80200f00 sepc ffffffff831afd22 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf800e1e76c0 x3/gp ffffffff85863ac0 x4/tp ffffaf800e5d3080 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef01c3cee0 x7/t2 0000000000000000 x8/s0 ffffaf800e1e76d0 x9/s1 0000000000001000 x10/a0 0000000000000020 x11/a1 ffffffffffffffff x12/a2 1ffff5f001cba611 x13/a3 ffffffff80146d84 x14/a4 0000000000000507 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffaf800e1e7707 x18/s2 ffffaf800e1e7800 x19/s3 ffffffff84b73ec0 x20/s4 0000000000000000 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 ffffffff8588c3e0 x24/s8 ffffffff86c1a620 x25/s9 1ffff5f001c3cef0 x26/s10 ffffffff84a88600 x27/s11 ffffffff8012183e x28/t3 fffffffff3f3f300 x29/t4 fffff5ef01c3cee0 x30/t5 fffff5ef01c3cee1 x31/t6 ffffaf800e1e7718 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80200f00 mhartid 0000000000000001 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff804759a8 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8011593e x2/sp ffffaf800a08f430 x3/gp ffffffff85863ac0 x4/tp ffffaf800c21c8c0 x5/t0 0000000000000000 x6/t1 f9f594ee1b00bc00 x7/t2 ffffffff83604ca0 x8/s0 ffffaf800a08f450 x9/s1 ffffaf800c21c8c0 x10/a0 ffffaf800c21c8e0 x11/a1 0000000000000007 x12/a2 1ffffffff0b0dfa4 x13/a3 ffffaf800a08f4e0 x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff800f6d46 x18/s2 ffffaf805a9e4848 x19/s3 ffffffff86c1a628 x20/s4 ffffaf800c21c8c0 x21/s5 ffffaf800a08f910 x22/s6 0000000000000001 x23/s7 ffffaf800dc86680 x24/s8 0000000000000000 x25/s9 0000000000000001 x26/s10 000000000000000e x27/s11 000000000000000e x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001411e60 x31/t6 00007fff9fb481a8 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000