syzkaller login: [ 476.838471][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 476.872742][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 476.920051][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 504.080736][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:31444' (ECDSA) to the list of known hosts. 1970/01/01 00:08:51 fuzzer started 1970/01/01 00:09:01 dialing manager at localhost:44943 [ 545.657480][ T2038] cgroup: Unknown subsys name 'net' [ 546.450672][ T2038] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:09:06 syscalls: 2853 1970/01/01 00:09:06 code coverage: enabled 1970/01/01 00:09:06 comparison tracing: enabled 1970/01/01 00:09:06 extra coverage: enabled 1970/01/01 00:09:06 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:09:06 setuid sandbox: enabled 1970/01/01 00:09:06 namespace sandbox: enabled 1970/01/01 00:09:06 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:09:06 fault injection: enabled 1970/01/01 00:09:06 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:09:06 net packet injection: enabled 1970/01/01 00:09:06 net device setup: enabled 1970/01/01 00:09:06 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:09:06 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:09:06 USB emulation: enabled 1970/01/01 00:09:06 hci packet injection: /dev/vhci does not exist 1970/01/01 00:09:06 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:09:06 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:09:06 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:09:11 fetching corpus: 50, signal 31752/34667 (executing program) 1970/01/01 00:09:14 fetching corpus: 100, signal 42531/46251 (executing program) 1970/01/01 00:09:16 fetching corpus: 150, signal 51410/55754 (executing program) 1970/01/01 00:09:19 fetching corpus: 199, signal 61829/66266 (executing program) 1970/01/01 00:09:22 fetching corpus: 248, signal 67826/72501 (executing program) 1970/01/01 00:09:24 fetching corpus: 298, signal 72541/77371 (executing program) 1970/01/01 00:09:27 fetching corpus: 348, signal 78819/83394 (executing program) 1970/01/01 00:09:31 fetching corpus: 397, signal 83738/88124 (executing program) 1970/01/01 00:09:34 fetching corpus: 447, signal 87280/91489 (executing program) 1970/01/01 00:09:36 fetching corpus: 497, signal 89365/93556 (executing program) 1970/01/01 00:09:39 fetching corpus: 547, signal 92578/96451 (executing program) 1970/01/01 00:09:41 fetching corpus: 597, signal 96097/99506 (executing program) 1970/01/01 00:09:43 fetching corpus: 647, signal 99049/101982 (executing program) 1970/01/01 00:09:45 fetching corpus: 697, signal 100555/103323 (executing program) 1970/01/01 00:09:47 fetching corpus: 747, signal 103238/105381 (executing program) 1970/01/01 00:09:51 fetching corpus: 797, signal 105881/107336 (executing program) 1970/01/01 00:09:54 fetching corpus: 813, signal 107840/108750 (executing program) 1970/01/01 00:09:54 fetching corpus: 813, signal 107846/108812 (executing program) 1970/01/01 00:09:54 fetching corpus: 813, signal 107846/108873 (executing program) 1970/01/01 00:09:54 fetching corpus: 813, signal 107846/108933 (executing program) 1970/01/01 00:09:54 fetching corpus: 813, signal 107846/108980 (executing program) 1970/01/01 00:09:54 fetching corpus: 813, signal 107846/109028 (executing program) 1970/01/01 00:09:55 fetching corpus: 813, signal 107846/109071 (executing program) 1970/01/01 00:09:55 fetching corpus: 813, signal 107846/109124 (executing program) 1970/01/01 00:09:55 fetching corpus: 813, signal 107846/109171 (executing program) 1970/01/01 00:09:55 fetching corpus: 813, signal 107846/109227 (executing program) 1970/01/01 00:09:55 fetching corpus: 813, signal 107846/109288 (executing program) 1970/01/01 00:09:55 fetching corpus: 813, signal 107846/109337 (executing program) 1970/01/01 00:09:55 fetching corpus: 813, signal 107846/109387 (executing program) 1970/01/01 00:09:55 fetching corpus: 813, signal 107846/109430 (executing program) 1970/01/01 00:09:56 fetching corpus: 813, signal 107846/109469 (executing program) 1970/01/01 00:09:56 fetching corpus: 813, signal 107846/109515 (executing program) 1970/01/01 00:09:56 fetching corpus: 813, signal 107846/109564 (executing program) 1970/01/01 00:09:56 fetching corpus: 813, signal 107846/109622 (executing program) 1970/01/01 00:09:56 fetching corpus: 813, signal 107846/109654 (executing program) 1970/01/01 00:09:56 fetching corpus: 813, signal 107846/109705 (executing program) 1970/01/01 00:09:57 fetching corpus: 813, signal 107846/109747 (executing program) 1970/01/01 00:09:57 fetching corpus: 813, signal 107846/109802 (executing program) 1970/01/01 00:09:57 fetching corpus: 813, signal 107846/109860 (executing program) 1970/01/01 00:09:57 fetching corpus: 813, signal 107846/109908 (executing program) 1970/01/01 00:09:57 fetching corpus: 813, signal 107846/109949 (executing program) 1970/01/01 00:09:57 fetching corpus: 813, signal 107846/109987 (executing program) 1970/01/01 00:09:58 fetching corpus: 813, signal 107846/110046 (executing program) 1970/01/01 00:09:58 fetching corpus: 813, signal 107846/110094 (executing program) 1970/01/01 00:09:58 fetching corpus: 813, signal 107846/110147 (executing program) 1970/01/01 00:09:58 fetching corpus: 813, signal 107846/110195 (executing program) 1970/01/01 00:09:58 fetching corpus: 813, signal 107846/110233 (executing program) 1970/01/01 00:09:58 fetching corpus: 813, signal 107846/110277 (executing program) 1970/01/01 00:09:59 fetching corpus: 813, signal 107846/110332 (executing program) 1970/01/01 00:09:59 fetching corpus: 813, signal 107846/110366 (executing program) 1970/01/01 00:09:59 fetching corpus: 813, signal 107846/110409 (executing program) 1970/01/01 00:09:59 fetching corpus: 813, signal 107846/110468 (executing program) 1970/01/01 00:09:59 fetching corpus: 813, signal 107846/110515 (executing program) 1970/01/01 00:09:59 fetching corpus: 813, signal 107846/110557 (executing program) 1970/01/01 00:10:00 fetching corpus: 813, signal 107846/110564 (executing program) 1970/01/01 00:10:00 fetching corpus: 813, signal 107846/110564 (executing program) 1970/01/01 00:11:35 starting 2 fuzzer processes 00:11:35 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_int(r1, 0x0, 0x19, &(0x7f0000000240), 0x4) 00:11:35 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_mcast\x00') ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpriority(0x1, 0x0, 0x0) [ 725.124565][ T2048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 725.621653][ T2048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 726.569661][ T2049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 726.684664][ T2049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 736.171223][ T2048] device hsr_slave_0 entered promiscuous mode [ 736.213082][ T2048] device hsr_slave_1 entered promiscuous mode [ 736.790694][ T2049] device hsr_slave_0 entered promiscuous mode [ 736.821519][ T2049] device hsr_slave_1 entered promiscuous mode [ 736.851875][ T2049] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 736.858007][ T2049] Cannot create hsr debugfs directory [ 741.314917][ T19] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: __schedule+0x117a/0x118e [ 741.318099][ T19] CPU: 1 PID: 19 Comm: ksoftirqd/1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 741.320472][ T19] Hardware name: riscv-virtio,qemu (DT) [ 741.322409][ T19] Call Trace: [ 741.323646][ T19] [] dump_backtrace+0x2e/0x3c [ 741.325370][ T19] [] show_stack+0x34/0x40 [ 741.326515][ T19] [] dump_stack_lvl+0xe4/0x150 [ 741.328244][ T19] [] dump_stack+0x1c/0x24 [ 741.329964][ T19] [] panic+0x24a/0x634 [ 741.331783][ T19] [] warn_bogus_irq_restore+0x0/0x34 [ 741.333626][ T19] [] __schedule+0x117a/0x118e [ 741.335783][ T19] SMP: stopping secondary CPUs [ 743.506352][ T19] SMP: failed to stop secondary CPUs 0-1 [ 743.509795][ T19] Rebooting in 86400 seconds.. VM DIAGNOSIS: 21:33:17 Registers: info registers vcpu 0 pc ffffffff80200f00 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8004ffc8 sepc ffffffff80475786 mcause 8000000000000007 scause 8000000000000009 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8004ffc8 x2/sp ffffaf800743e860 x3/gp ffffffff85863ac0 x4/tp ffffaf800e651840 x5/t0 fffff5ef00e74660 x6/t1 fffffffef0b0c760 x7/t2 0000000000000000 x8/s0 ffffaf800743e870 x9/s1 0000000000000001 x10/a0 0000000000000000 x11/a1 00000000000f0000 x12/a2 0000000000000002 x13/a3 ffffffff8004ffc8 x14/a4 ffffaf800e652840 x15/a5 ffffffffffffffff x16/a6 0000000000f00000 x17/a7 ffffffff85863b03 x18/s2 0000000000000000 x19/s3 0000000000000000 x20/s4 ffffffffffffffff x21/s5 ffffaf800743e8e0 x22/s6 ffffffff83623360 x23/s7 ffffffff8344cc80 x24/s8 ffffffff831a6b00 x25/s9 ffffaf800743c000 x26/s10 ffffffff84c9d620 x27/s11 ffffaf800ce90450 x28/t3 ffffaf800743e880 x29/t4 fffffffef0b0c760 x30/t5 fffffffef0b0c761 x31/t6 ffffaf80073a32ff f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff8011edb6 mhartid 0000000000000001 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff83166efa sepc 0000000000082d40 mcause 8000000000000007 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8011eda6 x2/sp ffffaf800743b770 x3/gp ffffffff85863ac0 x4/tp ffffaf8007416100 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0d796ca x7/t2 0000000000000000 x8/s0 ffffaf800743b950 x9/s1 0000000000000000 x10/a0 000000000000003d x11/a1 00000000000f0000 x12/a2 0000000000000002 x13/a3 ffffffff8011c8a6 x14/a4 caefa1559d782c00 x15/a5 0000000000000020 x16/a6 ffffffff86bcb67d x17/a7 ffffffff86bcb656 x18/s2 000000000000003d x19/s3 000000000000000f x20/s4 ffffaf800743b8e0 x21/s5 ffffaf800743b800 x22/s6 ffffffff8588c1a0 x23/s7 ffffffff8588c3e0 x24/s8 ffffffff8588c220 x25/s9 ffffffff84a88520 x26/s10 ffffffff858655c0 x27/s11 ffffaf800743b8e0 x28/t3 0000000000000048 x29/t4 fffffffef0d796c8 x30/t5 fffffffef0d796cb x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000