syzkaller login: [  257.877619][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  257.952614][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  282.915882][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:49597' (ECDSA) to the list of known hosts.
1970/01/01 00:05:15 fuzzer started
1970/01/01 00:05:27 dialing manager at localhost:33365
[  333.123763][ T2037] cgroup: Unknown subsys name 'net'
[  334.115811][ T2037] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:05:33 syscalls: 2822
1970/01/01 00:05:33 code coverage: enabled
1970/01/01 00:05:33 comparison tracing: enabled
1970/01/01 00:05:33 extra coverage: enabled
1970/01/01 00:05:33 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:05:33 setuid sandbox: enabled
1970/01/01 00:05:33 namespace sandbox: enabled
1970/01/01 00:05:33 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:05:33 fault injection: enabled
1970/01/01 00:05:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:05:33 net packet injection: enabled
1970/01/01 00:05:33 net device setup: enabled
1970/01/01 00:05:33 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:05:33 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:05:33 USB emulation: enabled
1970/01/01 00:05:33 hci packet injection: /dev/vhci does not exist
1970/01/01 00:05:33 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:05:33 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:05:34 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:05:40 fetching corpus: 49, signal 30481/31993 (executing program)
1970/01/01 00:05:44 fetching corpus: 88, signal 43419/44043 (executing program)
1970/01/01 00:05:45 fetching corpus: 91, signal 43648/44450 (executing program)
1970/01/01 00:05:45 fetching corpus: 92, signal 43855/44831 (executing program)
1970/01/01 00:05:45 fetching corpus: 92, signal 44089/45240 (executing program)
1970/01/01 00:05:46 fetching corpus: 92, signal 44089/45411 (executing program)
1970/01/01 00:05:46 fetching corpus: 92, signal 44089/45603 (executing program)
1970/01/01 00:05:46 fetching corpus: 92, signal 44089/45802 (executing program)
1970/01/01 00:05:46 fetching corpus: 92, signal 44089/45990 (executing program)
1970/01/01 00:05:46 fetching corpus: 92, signal 44089/46178 (executing program)
1970/01/01 00:05:46 fetching corpus: 92, signal 44089/46388 (executing program)
1970/01/01 00:05:46 fetching corpus: 92, signal 44089/46576 (executing program)
1970/01/01 00:05:47 fetching corpus: 92, signal 44089/46768 (executing program)
1970/01/01 00:05:47 fetching corpus: 92, signal 44089/46975 (executing program)
1970/01/01 00:05:47 fetching corpus: 92, signal 44092/47181 (executing program)
1970/01/01 00:05:47 fetching corpus: 92, signal 44092/47387 (executing program)
1970/01/01 00:05:47 fetching corpus: 92, signal 44092/47569 (executing program)
1970/01/01 00:05:47 fetching corpus: 92, signal 44092/47769 (executing program)
1970/01/01 00:05:47 fetching corpus: 92, signal 44092/47975 (executing program)
1970/01/01 00:05:48 fetching corpus: 92, signal 44092/48188 (executing program)
1970/01/01 00:05:48 fetching corpus: 92, signal 44092/48396 (executing program)
1970/01/01 00:05:48 fetching corpus: 92, signal 44092/48603 (executing program)
1970/01/01 00:05:48 fetching corpus: 92, signal 44092/48808 (executing program)
1970/01/01 00:05:48 fetching corpus: 92, signal 44092/48892 (executing program)
1970/01/01 00:05:48 fetching corpus: 92, signal 44092/48892 (executing program)
1970/01/01 00:07:33 starting 2 fuzzer processes
00:07:33 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, 0x0)

00:07:33 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0xa}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, &(0x7f00000002c0)})

[  491.076965][ T2042] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[  491.080412][ T2042] CPU: 0 PID: 2042 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller #0
[  491.082652][ T2042] Hardware name: riscv-virtio,qemu (DT)
[  491.085064][ T2042] Call Trace:
[  491.085992][ T2042] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  491.087586][ T2042] [<ffffffff83166880>] show_stack+0x34/0x40
[  491.089201][ T2042] [<ffffffff8317566e>] dump_stack_lvl+0xe4/0x150
[  491.090947][ T2042] [<ffffffff831756f6>] dump_stack+0x1c/0x24
[  491.092240][ T2042] [<ffffffff83166f5c>] panic+0x24a/0x634
[  491.093354][ T2042] [<ffffffff831a6842>] schedule+0x0/0x14c
[  491.094576][ T2042] [<ffffffff831a6ab8>] preempt_schedule_common+0x4e/0xde
[  491.095902][ T2042] [<ffffffff831a6b7c>] preempt_schedule+0x34/0x36
[  491.097130][ T2042] [<ffffffff831afbe4>] _raw_spin_unlock+0x60/0x6a
[  491.098687][ T2042] [<ffffffff8171cca0>] bond_get_stats+0x2b6/0x448
[  491.100387][ T2042] [<ffffffff8272811e>] dev_get_stats+0x62/0x16e
[  491.101608][ T2042] [<ffffffff827616a8>] rtnl_fill_stats+0x4a/0x388
[  491.102883][ T2042] [<ffffffff827716b0>] rtnl_fill_ifinfo+0xde8/0x28bc
[  491.104189][ T2042] [<ffffffff82774752>] rtmsg_ifinfo_build_skb+0x9c/0x142
[  491.105526][ T2042] [<ffffffff827748fa>] rtnetlink_event+0x102/0x144
[  491.106852][ T2042] [<ffffffff800aac3c>] notifier_call_chain+0xb8/0x188
[  491.108294][ T2042] [<ffffffff800aad36>] raw_notifier_call_chain+0x2a/0x38
[  491.110035][ T2042] [<ffffffff8271d03a>] call_netdevice_notifiers_info+0x9e/0x10c
[  491.111435][ T2042] [<ffffffff82745932>] netdev_change_features+0x90/0xbc
[  491.112711][ T2042] [<ffffffff817156a4>] bond_compute_features+0x384/0x4fa
[  491.114225][ T2042] [<ffffffff81727018>] bond_enslave+0x2112/0x3016
[  491.115385][ T2042] [<ffffffff82761cee>] do_set_master+0x13c/0x168
[  491.116591][ T2042] [<ffffffff82767e16>] do_setlink+0x622/0x21c4
[  491.117883][ T2042] [<ffffffff8276a656>] __rtnl_newlink+0x99e/0xfa0
[  491.119568][ T2042] [<ffffffff8276acb8>] rtnl_newlink+0x60/0x8c
[  491.120808][ T2042] [<ffffffff8276b420>] rtnetlink_rcv_msg+0x338/0x9a0
[  491.122162][ T2042] [<ffffffff8296de86>] netlink_rcv_skb+0xf8/0x2be
[  491.123348][ T2042] [<ffffffff827624a8>] rtnetlink_rcv+0x26/0x30
[  491.124561][ T2042] [<ffffffff8296cb80>] netlink_unicast+0x40e/0x5fe
[  491.125768][ T2042] [<ffffffff8296d250>] netlink_sendmsg+0x4e0/0x994
[  491.127015][ T2042] [<ffffffff826d2602>] sock_sendmsg+0xa0/0xc4
[  491.128658][ T2042] [<ffffffff826d6fda>] __sys_sendto+0x1f2/0x2e0
[  491.130287][ T2042] [<ffffffff826d7106>] sys_sendto+0x3e/0x52
[  491.131663][ T2042] [<ffffffff80005716>] ret_from_syscall+0x0/0x2
[  491.133288][ T2042] SMP: stopping secondary CPUs
[  491.136422][ T2042] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:34:19  Registers:
info registers vcpu 0
 pc       ffffffff8010b208
 mhartid  0000000000000000
 mstatus  00000000000000a0
 mip      00000000000000a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff831a25e4
 sepc     ffffffff80116598
 mcause   8000000000000007
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff831a1932 x2/sp ffffaf800743dd40 x3/gp ffffffff85863ac0
 x4/tp ffffaf800bbb48c0 x5/t0 ffffffff84a97e38 x6/t1 fffff5ef00e87b94 x7/t2 0000000000000000
 x8/s0 ffffaf800743dd50 x9/s1 ffffaf800bbb5308 x10/a0 0000000000000020 x11/a1 00000000000f0000
 x12/a2 0000000000000002 x13/a3 0000000000000000 x14/a4 0000000000000001 x15/a5 ffffaf805a9c8840
 x16/a6 0000000000f00000 x17/a7 ffffaf800743dca7 x18/s2 0000000000000000 x19/s3 ffffffff84b73ec0
 x20/s4 ffffaf800bbb58c0 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 0000000000000020
 x24/s8 ffffffff86c1a620 x25/s9 0000000000000002 x26/s10 ffffaf801dd50c00 x27/s11 ffffaf800743e480
 x28/t3 1ffff5f000e87bfc x29/t4 fffff5ef00e87b94 x30/t5 fffff5ef00e87b95 x31/t6 ffffffff86bd8e26
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff8046ff82
 mhartid  0000000000000001
 mstatus  00000000000000a2
 mip      0000000000000000
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000f936
 sepc     ffffffff80173f28
 mcause   0000000000000009
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff8046e2e0 x2/sp ffffaf800cd2f250 x3/gp ffffffff85863ac0
 x4/tp ffffaf800ed4c8c0 x5/t0 00007ffffe767450 x6/t1 fffff5ef0185a342 x7/t2 ffffffffffffffff
 x8/s0 ffffaf800cd2f1b0 x9/s1 ffffaf800ed4d2e0 x10/a0 ffffffff838a05a0 x11/a1 00000000000f0000
 x12/a2 1ffffffff0b0dfa4 x13/a3 0000000000000000 x14/a4 0000000000000000 x15/a5 0000000000000000
 x16/a6 ffffffff8046853c x17/a7 7e0aee2b6ffb5400 x18/s2 ffffffff86c1a620 x19/s3 0000000000000000
 x20/s4 0000000000000000 x21/s5 ffffaf805a9fd020 x22/s6 ffffaf805a9fd020 x23/s7 0000000000000001
 x24/s8 ffffaf800ed4d308 x25/s9 ffffffff8046853c x26/s10 00000000000c0018 x27/s11 ffffaf800ed4c8c0
 x28/t3 fffffffff3f3f300 x29/t4 ffffffff8011223a x30/t5 1ffff5f0019a5e10 x31/t6 0000000000040000
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000