syzkaller login: [ 269.809380][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 269.843970][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 269.939478][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 270.005117][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:15069' (ECDSA) to the list of known hosts. 1970/01/01 00:05:42 fuzzer started 1970/01/01 00:05:54 dialing manager at localhost:40479 [ 359.686428][ T2025] cgroup: Unknown subsys name 'net' [ 360.525524][ T2025] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:00 syscalls: 2918 1970/01/01 00:06:00 code coverage: enabled 1970/01/01 00:06:00 comparison tracing: enabled 1970/01/01 00:06:00 extra coverage: enabled 1970/01/01 00:06:00 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:00 setuid sandbox: enabled 1970/01/01 00:06:00 namespace sandbox: enabled 1970/01/01 00:06:00 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:00 fault injection: enabled 1970/01/01 00:06:00 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:00 net packet injection: enabled 1970/01/01 00:06:00 net device setup: enabled 1970/01/01 00:06:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:00 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:00 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:00 USB emulation: enabled 1970/01/01 00:06:00 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:00 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:00 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:00 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:06 fetching corpus: 50, signal 29451/32683 (executing program) 1970/01/01 00:06:10 fetching corpus: 100, signal 48472/52596 (executing program) 1970/01/01 00:06:14 fetching corpus: 149, signal 58484/63487 (executing program) 1970/01/01 00:06:16 fetching corpus: 198, signal 64576/70426 (executing program) 1970/01/01 00:06:19 fetching corpus: 247, signal 71161/77690 (executing program) 1970/01/01 00:06:22 fetching corpus: 296, signal 76459/83600 (executing program) 1970/01/01 00:06:25 fetching corpus: 346, signal 82310/89868 (executing program) 1970/01/01 00:06:28 fetching corpus: 396, signal 86094/94138 (executing program) 1970/01/01 00:06:30 fetching corpus: 446, signal 88969/97600 (executing program) 1970/01/01 00:06:33 fetching corpus: 494, signal 93112/102018 (executing program) 1970/01/01 00:06:35 fetching corpus: 544, signal 95627/104937 (executing program) 1970/01/01 00:06:38 fetching corpus: 593, signal 98040/107743 (executing program) 1970/01/01 00:06:40 fetching corpus: 643, signal 102004/111802 (executing program) 1970/01/01 00:06:43 fetching corpus: 693, signal 105046/114969 (executing program) 1970/01/01 00:06:48 fetching corpus: 741, signal 107304/117430 (executing program) 1970/01/01 00:06:50 fetching corpus: 790, signal 108956/119370 (executing program) 1970/01/01 00:06:53 fetching corpus: 840, signal 111228/121732 (executing program) 1970/01/01 00:06:55 fetching corpus: 889, signal 112545/123281 (executing program) 1970/01/01 00:06:58 fetching corpus: 939, signal 115095/125762 (executing program) 1970/01/01 00:07:01 fetching corpus: 989, signal 117613/128127 (executing program) 1970/01/01 00:07:03 fetching corpus: 1039, signal 119552/130044 (executing program) 1970/01/01 00:07:06 fetching corpus: 1089, signal 121696/132035 (executing program) 1970/01/01 00:07:08 fetching corpus: 1138, signal 123650/133802 (executing program) 1970/01/01 00:07:10 fetching corpus: 1187, signal 124973/135171 (executing program) 1970/01/01 00:07:13 fetching corpus: 1237, signal 126427/136559 (executing program) 1970/01/01 00:07:15 fetching corpus: 1287, signal 128534/138385 (executing program) 1970/01/01 00:07:18 fetching corpus: 1336, signal 130449/139958 (executing program) 1970/01/01 00:07:21 fetching corpus: 1386, signal 132202/141401 (executing program) 1970/01/01 00:07:24 fetching corpus: 1436, signal 133441/142451 (executing program) 1970/01/01 00:07:26 fetching corpus: 1485, signal 135967/144276 (executing program) 1970/01/01 00:07:28 fetching corpus: 1535, signal 136706/145011 (executing program) 1970/01/01 00:07:31 fetching corpus: 1584, signal 137898/145996 (executing program) 1970/01/01 00:07:33 fetching corpus: 1634, signal 139262/147027 (executing program) 1970/01/01 00:07:37 fetching corpus: 1683, signal 140814/148164 (executing program) 1970/01/01 00:07:41 fetching corpus: 1732, signal 141828/148968 (executing program) 1970/01/01 00:07:44 fetching corpus: 1782, signal 143671/150131 (executing program) 1970/01/01 00:07:46 fetching corpus: 1832, signal 144932/150935 (executing program) 1970/01/01 00:07:50 fetching corpus: 1881, signal 146204/151733 (executing program) 1970/01/01 00:07:53 fetching corpus: 1929, signal 147137/152373 (executing program) 1970/01/01 00:07:56 fetching corpus: 1978, signal 149406/153554 (executing program) 1970/01/01 00:07:59 fetching corpus: 2028, signal 150601/154188 (executing program) 1970/01/01 00:08:02 fetching corpus: 2078, signal 151709/154788 (executing program) 1970/01/01 00:08:04 fetching corpus: 2128, signal 153819/155777 (executing program) 1970/01/01 00:08:06 fetching corpus: 2178, signal 154557/156157 (executing program) 1970/01/01 00:08:07 fetching corpus: 2194, signal 154869/156339 (executing program) 1970/01/01 00:08:07 fetching corpus: 2194, signal 154869/156376 (executing program) 1970/01/01 00:08:07 fetching corpus: 2194, signal 154869/156400 (executing program) 1970/01/01 00:08:08 fetching corpus: 2194, signal 154869/156428 (executing program) 1970/01/01 00:08:08 fetching corpus: 2194, signal 154869/156457 (executing program) 1970/01/01 00:08:08 fetching corpus: 2194, signal 154869/156502 (executing program) 1970/01/01 00:08:08 fetching corpus: 2194, signal 154869/156531 (executing program) 1970/01/01 00:08:08 fetching corpus: 2194, signal 154869/156573 (executing program) 1970/01/01 00:08:08 fetching corpus: 2194, signal 154869/156603 (executing program) 1970/01/01 00:08:08 fetching corpus: 2194, signal 154869/156639 (executing program) 1970/01/01 00:08:09 fetching corpus: 2194, signal 154869/156676 (executing program) 1970/01/01 00:08:09 fetching corpus: 2194, signal 154869/156710 (executing program) 1970/01/01 00:08:09 fetching corpus: 2195, signal 154892/156747 (executing program) 1970/01/01 00:08:09 fetching corpus: 2195, signal 154892/156778 (executing program) 1970/01/01 00:08:09 fetching corpus: 2195, signal 154892/156807 (executing program) 1970/01/01 00:08:09 fetching corpus: 2195, signal 154892/156831 (executing program) 1970/01/01 00:08:09 fetching corpus: 2195, signal 154892/156866 (executing program) 1970/01/01 00:08:10 fetching corpus: 2195, signal 154892/156900 (executing program) 1970/01/01 00:08:10 fetching corpus: 2195, signal 154892/156932 (executing program) 1970/01/01 00:08:10 fetching corpus: 2195, signal 154892/156968 (executing program) 1970/01/01 00:08:10 fetching corpus: 2195, signal 154892/157007 (executing program) 1970/01/01 00:08:10 fetching corpus: 2195, signal 154892/157045 (executing program) 1970/01/01 00:08:10 fetching corpus: 2195, signal 154892/157084 (executing program) 1970/01/01 00:08:10 fetching corpus: 2196, signal 154900/157118 (executing program) 1970/01/01 00:08:11 fetching corpus: 2196, signal 154900/157147 (executing program) 1970/01/01 00:08:11 fetching corpus: 2196, signal 154900/157173 (executing program) 1970/01/01 00:08:11 fetching corpus: 2197, signal 154949/157203 (executing program) 1970/01/01 00:08:11 fetching corpus: 2197, signal 154958/157245 (executing program) 1970/01/01 00:08:12 fetching corpus: 2197, signal 154958/157278 (executing program) 1970/01/01 00:08:12 fetching corpus: 2197, signal 154958/157307 (executing program) 1970/01/01 00:08:12 fetching corpus: 2197, signal 154958/157328 (executing program) 1970/01/01 00:08:12 fetching corpus: 2197, signal 154958/157349 (executing program) 1970/01/01 00:08:12 fetching corpus: 2197, signal 154958/157379 (executing program) 1970/01/01 00:08:13 fetching corpus: 2197, signal 154958/157397 (executing program) 1970/01/01 00:08:13 fetching corpus: 2197, signal 154958/157397 (executing program) 1970/01/01 00:09:54 starting 2 fuzzer processes 00:09:54 executing program 0: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000000)={0x2}, 0x8, 0x0) msgsnd(r0, &(0x7f0000000080)={0x2}, 0x8, 0x0) msgrcv(r0, &(0x7f00000010c0)={0x0, ""/24}, 0x20, 0x8000000000000000, 0x0) 00:09:54 executing program 1: r0 = syz_io_uring_setup(0x76a9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000100)=0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x143460, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd=r3}, 0x0) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) [ 623.823669][ T2039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 623.976946][ T2039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 626.404450][ T2038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 626.496729][ T2038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 635.122640][ T2039] device hsr_slave_0 entered promiscuous mode [ 635.215136][ T2039] device hsr_slave_1 entered promiscuous mode [ 640.449607][ T2038] device hsr_slave_0 entered promiscuous mode [ 640.471782][ T2038] device hsr_slave_1 entered promiscuous mode [ 640.490860][ T2038] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 640.493884][ T2038] Cannot create hsr debugfs directory [ 642.593209][ T2039] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 643.215310][ T2039] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 643.614850][ T2039] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 643.850749][ T2039] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 647.264042][ T2038] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 647.444074][ T2038] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 647.564047][ T2038] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 647.724465][ T2038] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 656.316412][ T2039] 8021q: adding VLAN 0 to HW filter on device bond0 [ 656.905976][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 656.991648][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 658.761303][ T2038] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 658.763498][ T2038] CPU: 0 PID: 2038 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 658.766876][ T2038] Hardware name: riscv-virtio,qemu (DT) [ 658.768458][ T2038] Call Trace: [ 658.769468][ T2038] [] dump_backtrace+0x2e/0x3c [ 658.770546][ T2038] [] show_stack+0x34/0x40 [ 658.771374][ T2038] [] dump_stack_lvl+0xe4/0x150 [ 658.772220][ T2038] [] dump_stack+0x1c/0x24 [ 658.773027][ T2038] [] panic+0x24a/0x634 [ 658.773767][ T2038] [] schedule+0x0/0x14c [ 658.774552][ T2038] [] preempt_schedule_common+0x4e/0xde [ 658.775466][ T2038] [] preempt_schedule+0x34/0x36 [ 658.776348][ T2038] [] _raw_spin_unlock_irqrestore+0x8c/0x98 [ 658.777423][ T2038] [] debug_check_no_obj_freed+0x14c/0x24a [ 658.779152][ T2038] [] free_pcp_prepare+0x24e/0x45e [ 658.780037][ T2038] [] free_unref_page+0x6a/0x31e [ 658.780984][ T2038] [] __free_pages+0xe2/0x112 [ 658.781933][ T2038] [] __free_slab+0x122/0x27c [ 658.782756][ T2038] [] discard_slab+0x4c/0x7a [ 658.783600][ T2038] [] __unfreeze_partials+0x16a/0x18e [ 658.784445][ T2038] [] put_cpu_partial+0xf6/0x162 [ 658.785274][ T2038] [] __slab_free+0x166/0x29c [ 658.786114][ T2038] [] ___cache_free+0x17c/0x354 [ 658.787041][ T2038] [] qlist_free_all+0x7c/0x132 [ 658.788147][ T2038] [] kasan_quarantine_reduce+0x14c/0x1c8 [ 658.789283][ T2038] [] __kasan_slab_alloc+0x5c/0x98 [ 658.790173][ T2038] [] kmem_cache_alloc_trace+0x278/0x2e0 [ 658.791153][ T2038] [] ref_tracker_alloc+0x10c/0x33e [ 658.792277][ T2038] [] fib6_nh_init+0x3bc/0x10c0 [ 658.793250][ T2038] [] ip6_route_info_create+0xb70/0xf78 [ 658.794155][ T2038] [] addrconf_f6i_alloc+0x242/0x3d8 [ 658.795590][ T2038] [] ipv6_add_addr+0x28e/0x12f2 [ 658.796508][ T2038] [] add_addr+0xc8/0x274 [ 658.798144][ T2038] [] add_v4_addrs+0x4a8/0x640 [ 658.800001][ T2038] [] addrconf_notify+0x784/0x1360 [ 658.801266][ T2038] [] notifier_call_chain+0xb8/0x188 [ 658.802459][ T2038] [] raw_notifier_call_chain+0x2a/0x38 [ 658.803516][ T2038] [] call_netdevice_notifiers_info+0x9e/0x10c [ 658.804548][ T2038] [] __dev_notify_flags+0x108/0x1fa [ 658.805636][ T2038] [] dev_change_flags+0x9c/0xba [ 658.806593][ T2038] [] do_setlink+0x5d6/0x21c4 [ 658.808276][ T2038] [] __rtnl_newlink+0x99e/0xfa0 [ 658.809746][ T2038] [] rtnl_newlink+0x60/0x8c [ 658.810623][ T2038] [] rtnetlink_rcv_msg+0x338/0x9a0 [ 658.811593][ T2038] [] netlink_rcv_skb+0xf8/0x2be [ 658.812495][ T2038] [] rtnetlink_rcv+0x26/0x30 [ 658.813502][ T2038] [] netlink_unicast+0x40e/0x5fe [ 658.814415][ T2038] [] netlink_sendmsg+0x4e0/0x994 [ 658.815319][ T2038] [] sock_sendmsg+0xa0/0xc4 [ 658.816226][ T2038] [] __sys_sendto+0x1f2/0x2e0 [ 658.817111][ T2038] [] sys_sendto+0x3e/0x52 [ 658.818035][ T2038] [] ret_from_syscall+0x0/0x2 [ 658.819203][ T2038] SMP: stopping secondary CPUs [ 658.823070][ T2038] Rebooting in 86400 seconds.. VM DIAGNOSIS: 05:40:15 Registers: info registers vcpu 0 pc ffffffff80237728 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 00000000000835f8 mcause 8000000000000007 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80237728 x2/sp ffffaf800cb9bac0 x3/gp ffffffff85863ac0 x4/tp ffffaf800ed58000 x5/t0 ffffaf800cb9bd50 x6/t1 2c8559efbb25c000 x7/t2 0000000000000032 x8/s0 ffffaf800cb9bb00 x9/s1 0000000000000001 x10/a0 ffffaf800ed58008 x11/a1 0000000000000003 x12/a2 1ffff5f001dab001 x13/a3 ffffffff80237728 x14/a4 0000000000000000 x15/a5 ffffaf800ed58008 x16/a6 0000000000f00000 x17/a7 0000000054494d45 x18/s2 ffffffff834483e8 x19/s3 ffffffff831afd54 x20/s4 ffffffff86c1a620 x21/s5 ffffaf800ed58000 x22/s6 ffffaf800cb9bd40 x23/s7 ffffaf805a9e7400 x24/s8 ffffaf805a9e7480 x25/s9 0000000000000001 x26/s10 ffffaf805a9e7480 x27/s11 ffffaf800cb9bd28 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0019736dc x31/t6 0000000000040000 f0/ft0 0000000000000000 f1/ft1 40d170df693bc142 f2/ft2 4181323ac0000000 f3/ft3 43e0000000000000 f4/ft4 3ffe000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80dc337e mhartid 0000000000000001 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff800bdb3e mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc337e x2/sp ffffaf800c4ad3b0 x3/gp ffffffff85863ac0 x4/tp ffffaf800b6a1840 x5/t0 ffffffff86bcb657 x6/t1 2c8559efbb25c000 x7/t2 0000000000000000 x8/s0 ffffaf800c4ad3e0 x9/s1 ffffffff86e58900 x10/a0 ffffffff86e58948 x11/a1 ffff8f800066c000 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc2ca x18/s2 ffff8f800066c000 x19/s3 0000000000000038 x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb6b5 x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001895a24 x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000