syzkaller login: [ 234.018657][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 242.367530][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 242.426757][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 242.492824][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 242.549289][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:2064' (ECDSA) to the list of known hosts. 1970/01/01 00:05:04 fuzzer started 1970/01/01 00:05:13 dialing manager at localhost:44985 [ 318.035305][ T2027] cgroup: Unknown subsys name 'net' [ 318.904686][ T2027] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:18 syscalls: 2918 1970/01/01 00:05:18 code coverage: enabled 1970/01/01 00:05:18 comparison tracing: enabled 1970/01/01 00:05:18 extra coverage: enabled 1970/01/01 00:05:18 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:18 setuid sandbox: enabled 1970/01/01 00:05:18 namespace sandbox: enabled 1970/01/01 00:05:18 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:18 fault injection: enabled 1970/01/01 00:05:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:18 net packet injection: enabled 1970/01/01 00:05:18 net device setup: enabled 1970/01/01 00:05:18 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:18 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:18 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:05:18 USB emulation: enabled 1970/01/01 00:05:18 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:18 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:18 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:19 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:05:23 fetching corpus: 50, signal 28657/32204 (executing program) 1970/01/01 00:05:26 fetching corpus: 99, signal 45589/50470 (executing program) 1970/01/01 00:05:33 fetching corpus: 149, signal 54943/61147 (executing program) 1970/01/01 00:05:35 fetching corpus: 199, signal 61555/69073 (executing program) 1970/01/01 00:05:38 fetching corpus: 248, signal 69172/77729 (executing program) 1970/01/01 00:05:39 fetching corpus: 298, signal 74090/83786 (executing program) 1970/01/01 00:05:41 fetching corpus: 348, signal 79182/89874 (executing program) 1970/01/01 00:05:44 fetching corpus: 398, signal 84477/96062 (executing program) 1970/01/01 00:05:47 fetching corpus: 446, signal 87509/100130 (executing program) 1970/01/01 00:05:49 fetching corpus: 495, signal 90911/104475 (executing program) 1970/01/01 00:05:54 fetching corpus: 545, signal 93955/108477 (executing program) 1970/01/01 00:05:57 fetching corpus: 595, signal 97278/112648 (executing program) 1970/01/01 00:06:00 fetching corpus: 644, signal 100025/116286 (executing program) 1970/01/01 00:06:01 fetching corpus: 693, signal 102974/119998 (executing program) 1970/01/01 00:06:03 fetching corpus: 743, signal 105527/123316 (executing program) 1970/01/01 00:06:07 fetching corpus: 792, signal 107486/126154 (executing program) 1970/01/01 00:06:09 fetching corpus: 842, signal 110250/129620 (executing program) 1970/01/01 00:06:11 fetching corpus: 892, signal 112597/132626 (executing program) 1970/01/01 00:06:14 fetching corpus: 942, signal 114433/135217 (executing program) 1970/01/01 00:06:16 fetching corpus: 992, signal 116920/138345 (executing program) 1970/01/01 00:06:18 fetching corpus: 1042, signal 119865/141753 (executing program) 1970/01/01 00:06:19 fetching corpus: 1092, signal 122413/144799 (executing program) 1970/01/01 00:06:21 fetching corpus: 1142, signal 124237/147238 (executing program) 1970/01/01 00:06:23 fetching corpus: 1191, signal 127099/150441 (executing program) 1970/01/01 00:06:26 fetching corpus: 1240, signal 128456/152403 (executing program) 1970/01/01 00:06:28 fetching corpus: 1290, signal 130451/154848 (executing program) 1970/01/01 00:06:30 fetching corpus: 1340, signal 132060/156991 (executing program) 1970/01/01 00:06:32 fetching corpus: 1390, signal 133483/158967 (executing program) 1970/01/01 00:06:34 fetching corpus: 1440, signal 134753/160791 (executing program) 1970/01/01 00:06:36 fetching corpus: 1490, signal 136269/162830 (executing program) 1970/01/01 00:06:39 fetching corpus: 1538, signal 137718/164763 (executing program) 1970/01/01 00:06:41 fetching corpus: 1588, signal 139227/166673 (executing program) 1970/01/01 00:06:42 fetching corpus: 1638, signal 140636/168510 (executing program) 1970/01/01 00:06:45 fetching corpus: 1688, signal 141965/170246 (executing program) 1970/01/01 00:06:46 fetching corpus: 1737, signal 143451/172106 (executing program) 1970/01/01 00:06:48 fetching corpus: 1787, signal 144547/173676 (executing program) 1970/01/01 00:06:52 fetching corpus: 1837, signal 145703/175205 (executing program) 1970/01/01 00:06:54 fetching corpus: 1886, signal 147378/177065 (executing program) 1970/01/01 00:06:56 fetching corpus: 1936, signal 148426/178532 (executing program) 1970/01/01 00:06:57 fetching corpus: 1986, signal 149409/179873 (executing program) 1970/01/01 00:07:00 fetching corpus: 2036, signal 150820/181483 (executing program) 1970/01/01 00:07:02 fetching corpus: 2086, signal 152165/183117 (executing program) 1970/01/01 00:07:04 fetching corpus: 2136, signal 153458/184692 (executing program) 1970/01/01 00:07:06 fetching corpus: 2186, signal 154735/186189 (executing program) 1970/01/01 00:07:09 fetching corpus: 2235, signal 156076/187756 (executing program) 1970/01/01 00:07:10 fetching corpus: 2285, signal 156913/188952 (executing program) 1970/01/01 00:07:13 fetching corpus: 2335, signal 158178/190367 (executing program) 1970/01/01 00:07:14 fetching corpus: 2384, signal 159166/191641 (executing program) 1970/01/01 00:07:16 fetching corpus: 2434, signal 160469/193006 (executing program) 1970/01/01 00:07:18 fetching corpus: 2484, signal 161387/194169 (executing program) 1970/01/01 00:07:20 fetching corpus: 2534, signal 162393/195378 (executing program) 1970/01/01 00:07:22 fetching corpus: 2583, signal 163138/196423 (executing program) 1970/01/01 00:07:24 fetching corpus: 2633, signal 163950/197518 (executing program) 1970/01/01 00:07:26 fetching corpus: 2683, signal 165233/198861 (executing program) 1970/01/01 00:07:28 fetching corpus: 2732, signal 166091/199930 (executing program) 1970/01/01 00:07:32 fetching corpus: 2782, signal 167244/201152 (executing program) 1970/01/01 00:07:34 fetching corpus: 2832, signal 168235/202256 (executing program) 1970/01/01 00:07:36 fetching corpus: 2881, signal 168990/203245 (executing program) 1970/01/01 00:07:38 fetching corpus: 2931, signal 169703/204189 (executing program) 1970/01/01 00:07:41 fetching corpus: 2981, signal 170959/205352 (executing program) 1970/01/01 00:07:44 fetching corpus: 3030, signal 171774/206331 (executing program) 1970/01/01 00:07:47 fetching corpus: 3080, signal 172577/207275 (executing program) 1970/01/01 00:07:48 fetching corpus: 3130, signal 173401/208151 (executing program) 1970/01/01 00:07:51 fetching corpus: 3178, signal 174172/209052 (executing program) 1970/01/01 00:07:54 fetching corpus: 3227, signal 174770/209818 (executing program) 1970/01/01 00:07:56 fetching corpus: 3277, signal 175564/210692 (executing program) 1970/01/01 00:07:58 fetching corpus: 3327, signal 176131/211440 (executing program) 1970/01/01 00:08:00 fetching corpus: 3377, signal 176830/212221 (executing program) 1970/01/01 00:08:04 fetching corpus: 3427, signal 177512/213037 (executing program) 1970/01/01 00:08:07 fetching corpus: 3477, signal 178598/213977 (executing program) 1970/01/01 00:08:09 fetching corpus: 3527, signal 179566/214849 (executing program) 1970/01/01 00:08:10 fetching corpus: 3577, signal 180048/215540 (executing program) 1970/01/01 00:08:13 fetching corpus: 3627, signal 181030/216359 (executing program) 1970/01/01 00:08:16 fetching corpus: 3677, signal 181750/217109 (executing program) 1970/01/01 00:08:18 fetching corpus: 3726, signal 182409/217786 (executing program) 1970/01/01 00:08:20 fetching corpus: 3776, signal 183261/218531 (executing program) 1970/01/01 00:08:22 fetching corpus: 3826, signal 184183/219274 (executing program) 1970/01/01 00:08:24 fetching corpus: 3876, signal 184822/219987 (executing program) 1970/01/01 00:08:26 fetching corpus: 3925, signal 185415/220608 (executing program) 1970/01/01 00:08:29 fetching corpus: 3975, signal 186056/221297 (executing program) 1970/01/01 00:08:30 fetching corpus: 4025, signal 186859/221990 (executing program) 1970/01/01 00:08:33 fetching corpus: 4075, signal 187558/222607 (executing program) 1970/01/01 00:08:35 fetching corpus: 4125, signal 188452/223294 (executing program) 1970/01/01 00:08:37 fetching corpus: 4175, signal 188973/223857 (executing program) 1970/01/01 00:08:39 fetching corpus: 4225, signal 189691/224484 (executing program) 1970/01/01 00:08:40 fetching corpus: 4275, signal 190537/225065 (executing program) 1970/01/01 00:08:42 fetching corpus: 4324, signal 191501/225716 (executing program) 1970/01/01 00:08:45 fetching corpus: 4374, signal 192130/226248 (executing program) 1970/01/01 00:08:48 fetching corpus: 4424, signal 192846/226825 (executing program) 1970/01/01 00:08:50 fetching corpus: 4474, signal 193908/227481 (executing program) 1970/01/01 00:08:53 fetching corpus: 4524, signal 194513/228031 (executing program) 1970/01/01 00:08:55 fetching corpus: 4573, signal 195451/228592 (executing program) 1970/01/01 00:08:57 fetching corpus: 4623, signal 196207/229097 (executing program) 1970/01/01 00:09:00 fetching corpus: 4673, signal 196901/229567 (executing program) 1970/01/01 00:09:02 fetching corpus: 4722, signal 197411/230000 (executing program) 1970/01/01 00:09:04 fetching corpus: 4772, signal 197939/230424 (executing program) 1970/01/01 00:09:06 fetching corpus: 4822, signal 198668/230876 (executing program) 1970/01/01 00:09:08 fetching corpus: 4872, signal 199198/231338 (executing program) 1970/01/01 00:09:10 fetching corpus: 4922, signal 199817/231782 (executing program) 1970/01/01 00:09:12 fetching corpus: 4972, signal 200625/232267 (executing program) 1970/01/01 00:09:14 fetching corpus: 5022, signal 201781/232753 (executing program) 1970/01/01 00:09:17 fetching corpus: 5072, signal 202448/233117 (executing program) 1970/01/01 00:09:19 fetching corpus: 5122, signal 202987/233491 (executing program) 1970/01/01 00:09:21 fetching corpus: 5171, signal 203567/233857 (executing program) 1970/01/01 00:09:23 fetching corpus: 5221, signal 204045/234182 (executing program) 1970/01/01 00:09:25 fetching corpus: 5271, signal 204560/234539 (executing program) 1970/01/01 00:09:27 fetching corpus: 5321, signal 205379/234878 (executing program) 1970/01/01 00:09:29 fetching corpus: 5371, signal 205839/235203 (executing program) 1970/01/01 00:09:31 fetching corpus: 5421, signal 206416/235508 (executing program) 1970/01/01 00:09:33 fetching corpus: 5471, signal 207047/235817 (executing program) 1970/01/01 00:09:47 fetching corpus: 5521, signal 207706/236084 (executing program) 1970/01/01 00:09:49 fetching corpus: 5570, signal 208206/236382 (executing program) 1970/01/01 00:09:53 fetching corpus: 5620, signal 208819/236679 (executing program) 1970/01/01 00:09:56 fetching corpus: 5670, signal 209416/236958 (executing program) 1970/01/01 00:09:58 fetching corpus: 5720, signal 210080/237223 (executing program) 1970/01/01 00:10:01 fetching corpus: 5770, signal 210651/237486 (executing program) 1970/01/01 00:10:03 fetching corpus: 5820, signal 211184/237701 (executing program) 1970/01/01 00:10:05 fetching corpus: 5870, signal 211733/237918 (executing program) 1970/01/01 00:10:07 fetching corpus: 5920, signal 212164/237918 (executing program) 1970/01/01 00:10:09 fetching corpus: 5970, signal 212967/237918 (executing program) 1970/01/01 00:10:13 fetching corpus: 6020, signal 213449/237933 (executing program) 1970/01/01 00:10:16 fetching corpus: 6070, signal 214027/237933 (executing program) 1970/01/01 00:10:18 fetching corpus: 6120, signal 214470/237933 (executing program) 1970/01/01 00:10:20 fetching corpus: 6170, signal 214844/237938 (executing program) 1970/01/01 00:10:22 fetching corpus: 6220, signal 215398/237938 (executing program) 1970/01/01 00:10:25 fetching corpus: 6270, signal 215781/237938 (executing program) 1970/01/01 00:10:27 fetching corpus: 6320, signal 216095/237938 (executing program) 1970/01/01 00:10:29 fetching corpus: 6370, signal 216646/237938 (executing program) 1970/01/01 00:10:31 fetching corpus: 6420, signal 217138/237970 (executing program) 1970/01/01 00:10:33 fetching corpus: 6470, signal 217729/237970 (executing program) 1970/01/01 00:10:35 fetching corpus: 6520, signal 218082/237970 (executing program) 1970/01/01 00:10:36 fetching corpus: 6570, signal 218524/237970 (executing program) 1970/01/01 00:10:39 fetching corpus: 6620, signal 218945/237970 (executing program) 1970/01/01 00:10:41 fetching corpus: 6670, signal 219436/237970 (executing program) 1970/01/01 00:10:44 fetching corpus: 6720, signal 219774/237972 (executing program) 1970/01/01 00:10:46 fetching corpus: 6770, signal 220133/237972 (executing program) 1970/01/01 00:10:48 fetching corpus: 6819, signal 220521/237975 (executing program) 1970/01/01 00:10:50 fetching corpus: 6869, signal 221028/237975 (executing program) 1970/01/01 00:10:53 fetching corpus: 6918, signal 221754/237976 (executing program) 1970/01/01 00:10:55 fetching corpus: 6967, signal 222253/237976 (executing program) 1970/01/01 00:10:57 fetching corpus: 7017, signal 222964/237991 (executing program) 1970/01/01 00:10:59 fetching corpus: 7066, signal 223274/237991 (executing program) 1970/01/01 00:11:01 fetching corpus: 7116, signal 223855/237991 (executing program) 1970/01/01 00:11:03 fetching corpus: 7165, signal 224301/237991 (executing program) 1970/01/01 00:11:06 fetching corpus: 7215, signal 224761/237991 (executing program) 1970/01/01 00:11:08 fetching corpus: 7265, signal 225207/237991 (executing program) 1970/01/01 00:11:10 fetching corpus: 7315, signal 225742/237991 (executing program) 1970/01/01 00:11:12 fetching corpus: 7365, signal 226078/237991 (executing program) 1970/01/01 00:11:15 fetching corpus: 7415, signal 226503/237991 (executing program) 1970/01/01 00:11:16 fetching corpus: 7464, signal 226939/237991 (executing program) 1970/01/01 00:11:18 fetching corpus: 7514, signal 227419/237991 (executing program) 1970/01/01 00:11:20 fetching corpus: 7564, signal 227822/237991 (executing program) 1970/01/01 00:11:22 fetching corpus: 7614, signal 228308/237991 (executing program) 1970/01/01 00:11:25 fetching corpus: 7663, signal 228699/237991 (executing program) 1970/01/01 00:11:27 fetching corpus: 7713, signal 229107/237991 (executing program) 1970/01/01 00:11:28 fetching corpus: 7763, signal 229417/237991 (executing program) 1970/01/01 00:11:30 fetching corpus: 7812, signal 229770/237991 (executing program) 1970/01/01 00:11:32 fetching corpus: 7862, signal 230213/237991 (executing program) 1970/01/01 00:11:33 fetching corpus: 7911, signal 230496/237991 (executing program) 1970/01/01 00:11:36 fetching corpus: 7961, signal 230840/237991 (executing program) 1970/01/01 00:11:38 fetching corpus: 8011, signal 231275/237991 (executing program) 1970/01/01 00:11:40 fetching corpus: 8061, signal 231539/237991 (executing program) 1970/01/01 00:11:41 fetching corpus: 8111, signal 231807/237991 (executing program) 1970/01/01 00:11:43 fetching corpus: 8161, signal 232108/237993 (executing program) 1970/01/01 00:11:45 fetching corpus: 8210, signal 232384/237996 (executing program) 1970/01/01 00:11:46 fetching corpus: 8260, signal 232699/237996 (executing program) 1970/01/01 00:11:49 fetching corpus: 8310, signal 233049/237996 (executing program) 1970/01/01 00:11:51 fetching corpus: 8360, signal 233409/237996 (executing program) 1970/01/01 00:11:53 fetching corpus: 8410, signal 233891/237996 (executing program) 1970/01/01 00:11:55 fetching corpus: 8460, signal 234358/237998 (executing program) 1970/01/01 00:11:57 fetching corpus: 8510, signal 234780/237998 (executing program) 1970/01/01 00:11:59 fetching corpus: 8560, signal 235149/237998 (executing program) 1970/01/01 00:12:01 fetching corpus: 8610, signal 235649/237998 (executing program) 1970/01/01 00:12:02 fetching corpus: 8629, signal 235901/237998 (executing program) 1970/01/01 00:12:02 fetching corpus: 8629, signal 235901/237998 (executing program) 1970/01/01 00:13:40 starting 2 fuzzer processes 00:13:40 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in=@empty, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in, 0x0, 0x3c}, 0xa, @in6=@mcast2, 0x0, 0x4}}, 0xe8) sendmmsg$inet(r0, &(0x7f00000003c0)=[{{&(0x7f0000000800)={0x2, 0x4c20, @dev}, 0x10, 0x0}}], 0x1, 0x0) 00:13:40 executing program 1: r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000800), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x15) ioctl$TCFLSH(r0, 0x540b, 0x0) 00:13:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000140)={'vxcan1\x00', &(0x7f0000000300)=@ethtool_cmd={0x1}}) [ 850.090107][ T2046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 850.334920][ T2046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 867.035541][ T2046] device hsr_slave_0 entered promiscuous mode [ 867.120612][ T2046] device hsr_slave_1 entered promiscuous mode [ 874.438428][ T2046] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 874.629199][ T2046] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 874.877936][ T2046] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 875.064069][ T2046] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 883.980235][ T2046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 884.405867][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 884.506852][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 890.655710][ T2078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 890.696133][ T2078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 890.733436][ T2078] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 890.769542][ T2078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 890.793298][ T2078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 890.826911][ T2078] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 891.342297][ T2079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 891.380204][ T2079] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 891.597646][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 891.659559][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 892.813707][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 893.030280][ T2308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 893.216657][ T2308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 893.559057][ C0] ================================================================== [ 893.561690][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 893.563498][ C0] Read of size 8 at addr ffffaf801124fa60 by task syz-executor.0/2308 [ 893.564451][ C0] [ 893.566056][ C0] CPU: 0 PID: 2308 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 893.567814][ C0] Hardware name: riscv-virtio,qemu (DT) [ 893.569554][ C0] Call Trace: [ 893.570206][ C0] [] dump_backtrace+0x2e/0x3c [ 893.571758][ C0] [] show_stack+0x34/0x40 [ 893.572881][ C0] [] dump_stack_lvl+0xe4/0x150 [ 893.573789][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 893.574844][ C0] [] kasan_report+0x184/0x1e0 [ 893.575863][ C0] [] __asan_load8+0x6e/0x96 [ 893.576768][ C0] [] walk_stackframe+0x11c/0x260 [ 893.577630][ C0] [] arch_stack_walk+0x2c/0x3c [ 893.578484][ C0] [] stack_trace_save+0xa6/0xd8 [ 893.579645][ C0] [] save_stack+0x112/0x16c [ 893.580665][ C0] [] __set_page_owner+0x48/0x136 [ 893.582002][ C0] [] post_alloc_hook+0xd0/0x10a [ 893.583300][ C0] [] get_page_from_freelist+0x8da/0x12d8 [ 893.584616][ C0] [] __alloc_pages+0x150/0x3b6 [ 893.585993][ C0] [ 893.586755][ C0] Allocated by task 2042: [ 893.587682][ C0] stack_trace_save+0xa6/0xd8 [ 893.588696][ C0] kasan_save_stack+0x2c/0x58 [ 893.589813][ C0] __kasan_kmalloc+0x80/0xb2 [ 893.590788][ C0] kmem_cache_alloc_trace+0x178/0x2e0 [ 893.592033][ C0] tomoyo_init_log+0x898/0x14cc [ 893.592811][ C0] tomoyo_supervisor+0x250/0xc1e [ 893.593736][ C0] tomoyo_env_perm+0x164/0x184 [ 893.594742][ C0] tomoyo_find_next_domain+0xdaa/0x1192 [ 893.595716][ C0] tomoyo_bprm_check_security+0xdc/0x136 [ 893.596658][ C0] security_bprm_check+0x44/0x96 [ 893.597416][ C0] bprm_execve+0x532/0x1140 [ 893.598271][ C0] do_execveat_common+0x298/0x312 [ 893.599119][ C0] sys_execve+0x32/0x40 [ 893.599802][ C0] ret_from_syscall+0x0/0x2 [ 893.600640][ C0] [ 893.601388][ C0] Last potentially related work creation: [ 893.602474][ C0] stack_trace_save+0xa6/0xd8 [ 893.603472][ C0] kasan_save_stack+0x2c/0x58 [ 893.604225][ C0] __kasan_record_aux_stack+0xc4/0xdc [ 893.605065][ C0] kasan_record_aux_stack_noalloc+0xe/0x16 [ 893.605945][ C0] insert_work+0x40/0x1d4 [ 893.606689][ C0] __queue_work+0x4ec/0xed0 [ 893.607559][ C0] rcu_work_rcufn+0x54/0x7e [ 893.608303][ C0] rcu_core+0x63c/0xf36 [ 893.609311][ C0] rcu_core_si+0xc/0x14 [ 893.610354][ C0] __do_softirq+0x274/0x8fc [ 893.611797][ C0] [ 893.612706][ C0] Second to last potentially related work creation: [ 893.613620][ C0] stack_trace_save+0xa6/0xd8 [ 893.614386][ C0] kasan_save_stack+0x2c/0x58 [ 893.615431][ C0] __kasan_record_aux_stack+0xc4/0xdc [ 893.616350][ C0] kasan_record_aux_stack_noalloc+0xe/0x16 [ 893.617300][ C0] call_rcu+0x8c/0x4ce [ 893.618175][ C0] queue_rcu_work+0x72/0x76 [ 893.619021][ C0] css_release_work_fn+0x27a/0x612 [ 893.620037][ C0] process_one_work+0x654/0xffe [ 893.620901][ C0] worker_thread+0x360/0x8fa [ 893.622475][ C0] kthread+0x19e/0x1fa [ 893.623530][ C0] ret_from_exception+0x0/0x10 [ 893.624734][ C0] [ 893.625378][ C0] The buggy address belongs to the object at ffffaf801124c000 [ 893.625378][ C0] which belongs to the cache kmalloc-8k of size 8192 [ 893.626875][ C0] The buggy address is located 6752 bytes to the right of [ 893.626875][ C0] 8192-byte region [ffffaf801124c000, ffffaf801124e000) [ 893.628568][ C0] The buggy address belongs to the page: [ 893.629888][ C0] page:ffffaf807ab1b440 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffffaf8011248000 pfn:0x91448 [ 893.632432][ C0] head:ffffaf807ab1b440 order:3 compound_mapcount:0 compound_pincount:0 [ 893.634754][ C0] flags: 0x9000010200(slab|head|section=18|node=0|zone=0) [ 893.637456][ C0] raw: 0000009000010200 ffffaf807aa5bbc0 0000000000000002 ffffaf8007202280 [ 893.638903][ C0] raw: ffffaf8011248000 0000000080020000 00000001ffffffff 0000000000000000 [ 893.640136][ C0] raw: 00000000000007ff [ 893.641364][ C0] page dumped because: kasan: bad access detected [ 893.643312][ C0] page_owner tracks the page as allocated [ 893.644305][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2027, ts 318753682700, free_ts 317814783600 [ 893.646618][ C0] __set_page_owner+0x48/0x136 [ 893.647824][ C0] post_alloc_hook+0xd0/0x10a [ 893.648957][ C0] get_page_from_freelist+0x8da/0x12d8 [ 893.650114][ C0] __alloc_pages+0x150/0x3b6 [ 893.651678][ C0] alloc_pages+0x132/0x2a6 [ 893.653384][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 893.654638][ C0] new_slab+0x25a/0x2cc [ 893.655678][ C0] ___slab_alloc+0x56e/0x918 [ 893.656740][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 893.657987][ C0] kmem_cache_alloc_trace+0x2a2/0x2e0 [ 893.659194][ C0] cgroup1_get_tree+0x6b2/0x894 [ 893.660311][ C0] vfs_get_tree+0x4a/0x19c [ 893.661733][ C0] path_mount+0xe9c/0x14dc [ 893.663297][ C0] sys_mount+0x360/0x3ee [ 893.664415][ C0] ret_from_syscall+0x0/0x2 [ 893.665530][ C0] page last free stack trace: [ 893.666380][ C0] __reset_page_owner+0x4a/0xea [ 893.667559][ C0] free_pcp_prepare+0x29c/0x45e [ 893.668685][ C0] free_unref_page+0x6a/0x31e [ 893.669758][ C0] __free_pages+0xe2/0x112 [ 893.670901][ C0] __free_slab+0x122/0x27c [ 893.672451][ C0] discard_slab+0x4c/0x7a [ 893.673547][ C0] __slab_free+0x20a/0x29c [ 893.674648][ C0] ___cache_free+0x17c/0x354 [ 893.675777][ C0] qlist_free_all+0x7c/0x132 [ 893.676843][ C0] kasan_quarantine_reduce+0x14c/0x1c8 [ 893.677992][ C0] __kasan_slab_alloc+0x5c/0x98 [ 893.679189][ C0] __kmalloc+0x156/0x318 [ 893.680267][ C0] tomoyo_supervisor+0xb26/0xc1e [ 893.681720][ C0] tomoyo_path_permission+0x152/0x18e [ 893.683342][ C0] tomoyo_check_open_permission+0x304/0x348 [ 893.684461][ C0] tomoyo_file_open+0x78/0x7c [ 893.685701][ C0] [ 893.686422][ C0] Memory state around the buggy address: [ 893.687792][ C0] ffffaf801124f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 893.689041][ C0] ffffaf801124f980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 893.690184][ C0] >ffffaf801124fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 893.691948][ C0] ^ [ 893.693724][ C0] ffffaf801124fa80: fc fc fc fc fc fc fc fc f1 f1 f1 f1 00 00 00 f3 [ 893.694947][ C0] ffffaf801124fb00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 893.696179][ C0] ================================================================== [ 893.697367][ C0] Disabling lock debugging due to kernel taint [ 893.701724][ T2308] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 893.702940][ T2308] CPU: 0 PID: 2308 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 893.704266][ T2308] Hardware name: riscv-virtio,qemu (DT) [ 893.705002][ T2308] Call Trace: [ 893.705540][ T2308] [] dump_backtrace+0x2e/0x3c [ 893.706664][ T2308] [] show_stack+0x34/0x40 [ 893.707662][ T2308] [] dump_stack_lvl+0xe4/0x150 [ 893.708659][ T2308] [] dump_stack+0x1c/0x24 [ 893.709657][ T2308] [] panic+0x24a/0x634 [ 893.710568][ T2308] [] schedule+0x0/0x14c [ 893.712080][ T2308] [] preempt_schedule_irq+0x4a/0x13e [ 893.713147][ T2308] [] resume_kernel+0x16/0x18 [ 893.714415][ T2308] SMP: stopping secondary CPUs [ 893.716502][ T2308] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:30:54 Registers: info registers vcpu 0 pc ffffffff8010b250 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475986 sepc ffffffff801159f6 mcause 8000000000000007 scause 8000000000000009 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a197a x2/sp ffffaf801124f420 x3/gp ffffffff85863ac0 x4/tp ffffaf8011dc6100 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef02249e8c x7/t2 0000000000000000 x8/s0 ffffaf801124f430 x9/s1 ffffaf8011dc6cd8 x10/a0 0000000000000020 x11/a1 00000000000f0000 x12/a2 0000000000000506 x13/a3 0000000000000000 x14/a4 0000000000000001 x15/a5 ffffaf805a9c8840 x16/a6 0000000000f00000 x17/a7 ffffaf801124f467 x18/s2 0000000000000000 x19/s3 ffffffff84b73ec0 x20/s4 ffffaf8011dc7100 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 0000000000000020 x24/s8 ffffffff86c1a620 x25/s9 000000000000000c x26/s10 ffffffff84a88600 x27/s11 ffffffff8012183e x28/t3 fffffffff3f3f300 x29/t4 fffff5ef02249e8c x30/t5 fffff5ef02249e8d x31/t6 ffffaf801124f478 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80475986 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff80475986 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80119b52 x2/sp ffffaf801032b7e0 x3/gp ffffffff85863ac0 x4/tp ffffaf800b59e100 x5/t0 00000000000001f8 x6/t1 4eba3b25e1c84100 x7/t2 ffffffffffffffff x8/s0 ffffaf801032b820 x9/s1 ffffaf800c4a9898 x10/a0 ffffaf800c4a9898 x11/a1 0000000000000003 x12/a2 1ffff5f001895313 x13/a3 ffffffff80119b52 x14/a4 0000000000000000 x15/a5 ffffaf800c4a9898 x16/a6 0000000000f00000 x17/a7 ffffffff826e6226 x18/s2 0000000000000001 x19/s3 ffffaf800b59e100 x20/s4 ffffaf800c4a98a8 x21/s5 ffffaf800c4a98a0 x22/s6 ffffaf801032b960 x23/s7 ffffaf801032bb00 x24/s8 0000000000000000 x25/s9 0000000000004000 x26/s10 0000000000000040 x27/s11 0000000000000001 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0020656b4 x31/t6 0000000001aa77cd f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000