syzkaller login: [  431.588543][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  431.643946][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  431.742512][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  431.847948][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:36537' (ECDSA) to the list of known hosts.
1970/01/01 00:08:20 fuzzer started
1970/01/01 00:08:34 dialing manager at localhost:45165
[  520.442845][ T2027] cgroup: Unknown subsys name 'net'
[  521.520866][ T2027] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:08:41 syscalls: 2918
1970/01/01 00:08:41 code coverage: enabled
1970/01/01 00:08:41 comparison tracing: enabled
1970/01/01 00:08:41 extra coverage: ioctl(KCOV_DISABLE) failed: invalid argument
1970/01/01 00:08:41 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:08:41 setuid sandbox: enabled
1970/01/01 00:08:41 namespace sandbox: enabled
1970/01/01 00:08:41 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:08:41 fault injection: enabled
1970/01/01 00:08:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:08:41 net packet injection: enabled
1970/01/01 00:08:41 net device setup: enabled
1970/01/01 00:08:41 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:08:41 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:08:41 NIC VF setup: PCI device 0000:00:11.0 is not available
1970/01/01 00:08:41 USB emulation: enabled
1970/01/01 00:08:41 hci packet injection: /dev/vhci does not exist
1970/01/01 00:08:41 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:08:41 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:08:41 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:08:46 fetching corpus: 50, signal 32202/35426 (executing program)
1970/01/01 00:08:51 fetching corpus: 100, signal 50272/54492 (executing program)
1970/01/01 00:08:54 fetching corpus: 150, signal 55634/60995 (executing program)
1970/01/01 00:08:57 fetching corpus: 200, signal 61008/67387 (executing program)
1970/01/01 00:09:01 fetching corpus: 250, signal 67751/74925 (executing program)
1970/01/01 00:09:03 fetching corpus: 300, signal 73675/81590 (executing program)
1970/01/01 00:09:06 fetching corpus: 350, signal 77627/86304 (executing program)
1970/01/01 00:09:08 fetching corpus: 400, signal 80599/90058 (executing program)
1970/01/01 00:09:10 fetching corpus: 450, signal 84043/94169 (executing program)
1970/01/01 00:09:13 fetching corpus: 500, signal 86977/97723 (executing program)
1970/01/01 00:09:16 fetching corpus: 550, signal 90613/101856 (executing program)
1970/01/01 00:09:19 fetching corpus: 600, signal 93027/104878 (executing program)
1970/01/01 00:09:27 fetching corpus: 650, signal 95778/108076 (executing program)
1970/01/01 00:09:29 fetching corpus: 700, signal 99046/111640 (executing program)
1970/01/01 00:09:32 fetching corpus: 750, signal 101399/114418 (executing program)
1970/01/01 00:09:36 fetching corpus: 800, signal 103615/117000 (executing program)
1970/01/01 00:09:38 fetching corpus: 850, signal 105007/118854 (executing program)
1970/01/01 00:09:43 fetching corpus: 900, signal 107152/121316 (executing program)
1970/01/01 00:09:45 fetching corpus: 950, signal 109489/123865 (executing program)
1970/01/01 00:09:49 fetching corpus: 1000, signal 112072/126576 (executing program)
1970/01/01 00:09:51 fetching corpus: 1050, signal 113825/128614 (executing program)
1970/01/01 00:09:54 fetching corpus: 1099, signal 116181/131014 (executing program)
1970/01/01 00:09:57 fetching corpus: 1149, signal 117696/132733 (executing program)
1970/01/01 00:10:01 fetching corpus: 1199, signal 119683/134740 (executing program)
1970/01/01 00:10:04 fetching corpus: 1249, signal 121512/136572 (executing program)
1970/01/01 00:10:07 fetching corpus: 1298, signal 123710/138635 (executing program)
1970/01/01 00:10:09 fetching corpus: 1348, signal 124854/139943 (executing program)
1970/01/01 00:10:12 fetching corpus: 1398, signal 125985/141250 (executing program)
1970/01/01 00:10:15 fetching corpus: 1447, signal 128315/143220 (executing program)
1970/01/01 00:10:18 fetching corpus: 1497, signal 130154/144897 (executing program)
1970/01/01 00:10:22 fetching corpus: 1546, signal 131463/146185 (executing program)
1970/01/01 00:10:24 fetching corpus: 1596, signal 133125/147610 (executing program)
1970/01/01 00:10:27 fetching corpus: 1645, signal 134666/148948 (executing program)
1970/01/01 00:10:30 fetching corpus: 1695, signal 136618/150520 (executing program)
1970/01/01 00:10:33 fetching corpus: 1745, signal 137771/151586 (executing program)
1970/01/01 00:10:35 fetching corpus: 1795, signal 139483/152961 (executing program)
1970/01/01 00:10:37 fetching corpus: 1845, signal 140833/154042 (executing program)
1970/01/01 00:10:40 fetching corpus: 1895, signal 142017/155039 (executing program)
1970/01/01 00:10:43 fetching corpus: 1945, signal 143231/155956 (executing program)
1970/01/01 00:10:46 fetching corpus: 1995, signal 144384/156852 (executing program)
1970/01/01 00:10:49 fetching corpus: 2045, signal 145594/157753 (executing program)
1970/01/01 00:10:51 fetching corpus: 2095, signal 147224/158842 (executing program)
1970/01/01 00:10:55 fetching corpus: 2145, signal 148261/159614 (executing program)
1970/01/01 00:10:57 fetching corpus: 2195, signal 149529/160466 (executing program)
1970/01/01 00:11:00 fetching corpus: 2245, signal 151155/161485 (executing program)
1970/01/01 00:11:02 fetching corpus: 2295, signal 152175/162208 (executing program)
1970/01/01 00:11:04 fetching corpus: 2345, signal 153694/163093 (executing program)
1970/01/01 00:11:07 fetching corpus: 2394, signal 155000/163859 (executing program)
1970/01/01 00:11:10 fetching corpus: 2444, signal 155895/164416 (executing program)
1970/01/01 00:11:12 fetching corpus: 2494, signal 156769/164967 (executing program)
1970/01/01 00:11:14 fetching corpus: 2544, signal 157980/165593 (executing program)
1970/01/01 00:11:17 fetching corpus: 2594, signal 158999/166120 (executing program)
1970/01/01 00:11:19 fetching corpus: 2644, signal 160107/166680 (executing program)
1970/01/01 00:11:25 fetching corpus: 2694, signal 160978/167101 (executing program)
1970/01/01 00:11:32 fetching corpus: 2744, signal 161686/167458 (executing program)
[  695.349950][    C0] hrtimer: interrupt took 25764200 ns
1970/01/01 00:11:40 fetching corpus: 2794, signal 162603/168019 (executing program)
1970/01/01 00:11:51 fetching corpus: 2844, signal 163516/168395 (executing program)
1970/01/01 00:12:01 fetching corpus: 2893, signal 164553/168803 (executing program)
1970/01/01 00:12:08 fetching corpus: 2943, signal 166164/169329 (executing program)
1970/01/01 00:12:17 fetching corpus: 2993, signal 167149/169691 (executing program)
1970/01/01 00:12:24 fetching corpus: 3040, signal 167977/169955 (executing program)
1970/01/01 00:12:24 fetching corpus: 3040, signal 167977/169983 (executing program)
1970/01/01 00:12:25 fetching corpus: 3040, signal 167981/170012 (executing program)
1970/01/01 00:12:25 fetching corpus: 3040, signal 167981/170064 (executing program)
1970/01/01 00:12:25 fetching corpus: 3040, signal 167981/170102 (executing program)
1970/01/01 00:12:26 fetching corpus: 3040, signal 167981/170139 (executing program)
1970/01/01 00:12:26 fetching corpus: 3040, signal 167981/170178 (executing program)
1970/01/01 00:12:27 fetching corpus: 3040, signal 167981/170216 (executing program)
1970/01/01 00:12:27 fetching corpus: 3040, signal 167981/170251 (executing program)
1970/01/01 00:12:27 fetching corpus: 3040, signal 167981/170284 (executing program)
1970/01/01 00:12:28 fetching corpus: 3040, signal 167981/170306 (executing program)
1970/01/01 00:12:29 fetching corpus: 3040, signal 167981/170337 (executing program)
1970/01/01 00:12:29 fetching corpus: 3040, signal 167981/170366 (executing program)
1970/01/01 00:12:29 fetching corpus: 3040, signal 167981/170393 (executing program)
1970/01/01 00:12:29 fetching corpus: 3040, signal 167981/170417 (executing program)
1970/01/01 00:12:30 fetching corpus: 3040, signal 167981/170441 (executing program)
1970/01/01 00:12:31 fetching corpus: 3040, signal 167981/170465 (executing program)
1970/01/01 00:12:31 fetching corpus: 3040, signal 167981/170502 (executing program)
1970/01/01 00:12:31 fetching corpus: 3040, signal 167981/170541 (executing program)
1970/01/01 00:12:32 fetching corpus: 3040, signal 167981/170580 (executing program)
1970/01/01 00:12:32 fetching corpus: 3040, signal 167981/170615 (executing program)
1970/01/01 00:12:33 fetching corpus: 3040, signal 167981/170653 (executing program)
1970/01/01 00:12:33 fetching corpus: 3040, signal 167981/170683 (executing program)
1970/01/01 00:12:33 fetching corpus: 3040, signal 167981/170712 (executing program)
1970/01/01 00:12:34 fetching corpus: 3040, signal 167981/170722 (executing program)
1970/01/01 00:12:34 fetching corpus: 3040, signal 167981/170722 (executing program)
1970/01/01 00:15:32 starting 2 fuzzer processes
00:15:32 executing program 0:
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = dup(r0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
sendmsg$rds(r1, &(0x7f0000000580)={&(0x7f0000000080)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="18"], 0x18}, 0x0)

00:15:32 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xe66e1, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000))
ftruncate(r0, 0xa00005)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000001780)={0x12, 0x10, 0xfa00, {0x0}}, 0x18)
syz_open_dev$char_usb(0xc, 0xb4, 0x6)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x220140, 0x0)
ioctl$GIO_CMAP(r2, 0x4b70, &(0x7f00000000c0))
ioctl$TCXONC(r1, 0x540f, 0x0)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
fcntl$setsig(r0, 0xa, 0x8)
ioctl$TCXONC(r3, 0x540f, 0xea007)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f000007c2c0))
truncate(&(0x7f00000017c0)='./file0\x00', 0x0)

[  961.327540][ T2040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  961.486885][ T2041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  961.566788][ T2040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  961.628870][ T2041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  973.981761][ T2040] device hsr_slave_0 entered promiscuous mode
[  974.001442][ T2040] device hsr_slave_1 entered promiscuous mode
[  974.619235][ T2041] device hsr_slave_0 entered promiscuous mode
[  974.659716][ T2041] device hsr_slave_1 entered promiscuous mode
[  974.675165][ T2041] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  974.689511][ T2041] Cannot create hsr debugfs directory
[  978.731901][ T2041] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[  978.733476][ T2041] CPU: 0 PID: 2041 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  978.734964][ T2041] Hardware name: riscv-virtio,qemu (DT)
[  978.737206][ T2041] Call Trace:
[  978.738119][ T2041] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  978.739168][ T2041] [<ffffffff831668cc>] show_stack+0x34/0x40
[  978.739981][ T2041] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  978.741249][ T2041] [<ffffffff83175742>] dump_stack+0x1c/0x24
[  978.742255][ T2041] [<ffffffff83166fa8>] panic+0x24a/0x634
[  978.742971][ T2041] [<ffffffff831a688a>] schedule+0x0/0x14c
[  978.743757][ T2041] [<ffffffff831a6b00>] preempt_schedule_common+0x4e/0xde
[  978.744786][ T2041] [<ffffffff831a6bc4>] preempt_schedule+0x34/0x36
[  978.746380][ T2041] [<ffffffff8066764e>] __kernfs_new_node+0x5e8/0x5f2
[  978.747658][ T2041] [<ffffffff8066a298>] kernfs_new_node+0x66/0xbe
[  978.748516][ T2041] [<ffffffff8066e3fc>] __kernfs_create_file+0x4e/0x1e8
[  978.749513][ T2041] [<ffffffff806700ba>] sysfs_add_file_mode_ns+0x138/0x254
[  978.750685][ T2041] [<ffffffff80671e06>] internal_create_group+0x274/0x722
[  978.751550][ T2041] [<ffffffff80672d12>] internal_create_groups.part.0+0x64/0xe8
[  978.752481][ T2041] [<ffffffff80672dc2>] sysfs_create_groups+0x2c/0x48
[  978.753500][ T2041] [<ffffffff813e6d4a>] device_add+0x656/0x129e
[  978.754788][ T2041] [<ffffffff827bdb6e>] netdev_register_kobject+0xcc/0x208
[  978.756620][ T2041] [<ffffffff82746298>] register_netdevice+0x8ee/0xc6a
[  978.758604][ T2041] [<ffffffff817530ee>] ipvlan_link_new+0x21a/0x6a6
[  978.759829][ T2041] [<ffffffff8276a91a>] __rtnl_newlink+0xc16/0xfa0
[  978.761025][ T2041] [<ffffffff8276ad04>] rtnl_newlink+0x60/0x8c
[  978.762137][ T2041] [<ffffffff8276b46c>] rtnetlink_rcv_msg+0x338/0x9a0
[  978.763414][ T2041] [<ffffffff8296ded2>] netlink_rcv_skb+0xf8/0x2be
[  978.764569][ T2041] [<ffffffff827624f4>] rtnetlink_rcv+0x26/0x30
[  978.766238][ T2041] [<ffffffff8296cbcc>] netlink_unicast+0x40e/0x5fe
[  978.767922][ T2041] [<ffffffff8296d29c>] netlink_sendmsg+0x4e0/0x994
[  978.768907][ T2041] [<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4
[  978.770086][ T2041] [<ffffffff826d7026>] __sys_sendto+0x1f2/0x2e0
[  978.770963][ T2041] [<ffffffff826d7152>] sys_sendto+0x3e/0x52
[  978.772150][ T2041] [<ffffffff80005716>] ret_from_syscall+0x0/0x2
[  978.773428][ T2041] SMP: stopping secondary CPUs
[  978.776060][ T2041] Rebooting in 86400 seconds..

VM DIAGNOSIS:
20:45:27  Registers:
info registers vcpu 0
 pc       ffffffff80475986
 mhartid  0000000000000000
 mstatus  00000000000000a0
 mip      00000000000000a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff80201000
 sepc     ffffffff801165e0
 mcause   8000000000000007
 scause   8000000000000009
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff80dc3394 x2/sp ffffaf800b086200 x3/gp ffffffff85863ac0
 x4/tp ffffaf80095a1840 x5/t0 ffffffff86bcb657 x6/t1 36cb00bddf8b5a00 x7/t2 0000000000000000
 x8/s0 ffffaf800b086230 x9/s1 ffffffff86e58900 x10/a0 ffffaf80095a1860 x11/a1 ffff8f800066c000
 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948
 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc2ca x18/s2 ffffaf80095a1840 x19/s3 0000000000000034
 x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb67d
 x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000
 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001610bf0 x31/t6 ffffffff86bcb657
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff801165d6
 mhartid  0000000000000001
 mstatus  00000000000001a0
 mip      00000000000000a0
 mie      000000000000020a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff80112398
 sepc     ffffffff831afd22
 mcause   8000000000000007
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff801165c2 x2/sp ffffaf800eea35f0 x3/gp ffffffff85863ac0
 x4/tp ffffaf800e538000 x5/t0 0000000000046000 x6/t1 36cb00bddf8b5a00 x7/t2 0000000000000032
 x8/s0 ffffaf800eea3750 x9/s1 ffffffff8343c840 x10/a0 ffffaf805a9e4840 x11/a1 0000000000000003
 x12/a2 1ffff5f00b53c908 x13/a3 ffffffff801165c2 x14/a4 0000000000000000 x15/a5 0000000000000120
 x16/a6 0000000000f00000 x17/a7 ffffffff8016f3a6 x18/s2 ffffffff86c1a620 x19/s3 ffffaf805a9e4840
 x20/s4 0000000000000000 x21/s5 ffffffff84b86688 x22/s6 0000000000000000 x23/s7 ffffaf800e538000
 x24/s8 ffffffff8016f3a6 x25/s9 ffffffff85889780 x26/s10 1ffff5f001dd46c8 x27/s11 0000000000000000
 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001dd46a4 x31/t6 0000000000040000
 f0/ft0 0000000000000000 f1/ft1 40cd559f7dca8954 f2/ft2 418716a380000000 f3/ft3 43e0000000000000
 f4/ft4 3ffe000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000