[ 277.883208][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 277.913353][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:60526' (ECDSA) to the list of known hosts. 1970/01/01 00:05:42 fuzzer started 1970/01/01 00:05:53 dialing manager at localhost:40615 [ 359.801622][ T2031] cgroup: Unknown subsys name 'net' [ 360.970529][ T2031] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:00 syscalls: 2918 1970/01/01 00:06:00 code coverage: enabled 1970/01/01 00:06:00 comparison tracing: enabled 1970/01/01 00:06:00 extra coverage: enabled 1970/01/01 00:06:00 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:00 setuid sandbox: enabled 1970/01/01 00:06:00 namespace sandbox: enabled 1970/01/01 00:06:00 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:00 fault injection: enabled 1970/01/01 00:06:00 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:00 net packet injection: enabled 1970/01/01 00:06:00 net device setup: enabled 1970/01/01 00:06:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:00 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:00 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:00 USB emulation: enabled 1970/01/01 00:06:00 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:00 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:00 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:01 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:06 fetching corpus: 50, signal 31683/35116 (executing program) 1970/01/01 00:06:11 fetching corpus: 99, signal 49077/53784 (executing program) 1970/01/01 00:06:14 fetching corpus: 149, signal 54975/61041 (executing program) 1970/01/01 00:06:17 fetching corpus: 198, signal 63214/70399 (executing program) 1970/01/01 00:06:19 fetching corpus: 248, signal 68116/76502 (executing program) 1970/01/01 00:06:21 fetching corpus: 298, signal 71396/80995 (executing program) 1970/01/01 00:06:24 fetching corpus: 348, signal 76379/87003 (executing program) 1970/01/01 00:06:26 fetching corpus: 398, signal 80994/92573 (executing program) 1970/01/01 00:06:28 fetching corpus: 448, signal 84785/97312 (executing program) 1970/01/01 00:06:31 fetching corpus: 498, signal 88966/102341 (executing program) 1970/01/01 00:06:34 fetching corpus: 547, signal 91946/106265 (executing program) 1970/01/01 00:06:37 fetching corpus: 597, signal 94481/109694 (executing program) 1970/01/01 00:06:40 fetching corpus: 646, signal 97167/113202 (executing program) 1970/01/01 00:06:42 fetching corpus: 696, signal 100010/116783 (executing program) 1970/01/01 00:06:44 fetching corpus: 746, signal 102798/120276 (executing program) 1970/01/01 00:06:46 fetching corpus: 796, signal 105224/123434 (executing program) 1970/01/01 00:06:49 fetching corpus: 846, signal 107482/126425 (executing program) 1970/01/01 00:06:51 fetching corpus: 896, signal 109271/128977 (executing program) 1970/01/01 00:06:53 fetching corpus: 946, signal 111628/131919 (executing program) 1970/01/01 00:06:55 fetching corpus: 995, signal 114801/135497 (executing program) 1970/01/01 00:06:57 fetching corpus: 1045, signal 116184/137626 (executing program) 1970/01/01 00:06:59 fetching corpus: 1095, signal 117859/139913 (executing program) 1970/01/01 00:07:02 fetching corpus: 1145, signal 119928/142483 (executing program) 1970/01/01 00:07:05 fetching corpus: 1195, signal 122454/145386 (executing program) 1970/01/01 00:07:08 fetching corpus: 1245, signal 124591/147900 (executing program) 1970/01/01 00:07:10 fetching corpus: 1295, signal 126335/150157 (executing program) 1970/01/01 00:07:14 fetching corpus: 1344, signal 127657/152063 (executing program) 1970/01/01 00:07:16 fetching corpus: 1394, signal 129523/154330 (executing program) 1970/01/01 00:07:19 fetching corpus: 1443, signal 132828/157635 (executing program) 1970/01/01 00:07:21 fetching corpus: 1493, signal 134356/159507 (executing program) 1970/01/01 00:07:24 fetching corpus: 1543, signal 135784/161310 (executing program) 1970/01/01 00:07:25 fetching corpus: 1592, signal 137006/162973 (executing program) 1970/01/01 00:07:27 fetching corpus: 1642, signal 138033/164498 (executing program) 1970/01/01 00:07:30 fetching corpus: 1692, signal 139779/166491 (executing program) 1970/01/01 00:07:33 fetching corpus: 1742, signal 141363/168345 (executing program) 1970/01/01 00:07:34 fetching corpus: 1792, signal 142583/169944 (executing program) 1970/01/01 00:07:37 fetching corpus: 1842, signal 143609/171399 (executing program) 1970/01/01 00:07:39 fetching corpus: 1892, signal 144729/172854 (executing program) 1970/01/01 00:07:41 fetching corpus: 1942, signal 145703/174203 (executing program) 1970/01/01 00:07:43 fetching corpus: 1992, signal 146408/175388 (executing program) 1970/01/01 00:07:45 fetching corpus: 2042, signal 147917/177085 (executing program) 1970/01/01 00:07:47 fetching corpus: 2092, signal 148942/178392 (executing program) 1970/01/01 00:07:50 fetching corpus: 2142, signal 150211/179861 (executing program) 1970/01/01 00:07:53 fetching corpus: 2192, signal 151500/181310 (executing program) 1970/01/01 00:07:57 fetching corpus: 2242, signal 153362/183157 (executing program) 1970/01/01 00:08:00 fetching corpus: 2291, signal 154410/184399 (executing program) 1970/01/01 00:08:02 fetching corpus: 2341, signal 155267/185525 (executing program) 1970/01/01 00:08:05 fetching corpus: 2390, signal 155954/186582 (executing program) 1970/01/01 00:08:06 fetching corpus: 2440, signal 157074/187880 (executing program) 1970/01/01 00:08:08 fetching corpus: 2489, signal 158334/189191 (executing program) 1970/01/01 00:08:12 fetching corpus: 2539, signal 159513/190486 (executing program) 1970/01/01 00:08:14 fetching corpus: 2588, signal 160374/191537 (executing program) 1970/01/01 00:08:17 fetching corpus: 2638, signal 161199/192562 (executing program) 1970/01/01 00:08:19 fetching corpus: 2687, signal 162380/193770 (executing program) 1970/01/01 00:08:22 fetching corpus: 2736, signal 163220/194749 (executing program) 1970/01/01 00:08:24 fetching corpus: 2786, signal 164171/195782 (executing program) 1970/01/01 00:08:26 fetching corpus: 2836, signal 165184/196862 (executing program) 1970/01/01 00:08:28 fetching corpus: 2886, signal 166527/198024 (executing program) 1970/01/01 00:08:31 fetching corpus: 2936, signal 167371/198973 (executing program) 1970/01/01 00:08:34 fetching corpus: 2986, signal 167966/199787 (executing program) 1970/01/01 00:08:36 fetching corpus: 3036, signal 168969/200750 (executing program) 1970/01/01 00:08:38 fetching corpus: 3086, signal 169755/201635 (executing program) 1970/01/01 00:08:41 fetching corpus: 3136, signal 170586/202508 (executing program) 1970/01/01 00:08:44 fetching corpus: 3186, signal 172179/203687 (executing program) 1970/01/01 00:08:47 fetching corpus: 3236, signal 172911/204521 (executing program) 1970/01/01 00:08:50 fetching corpus: 3285, signal 173556/205269 (executing program) 1970/01/01 00:08:52 fetching corpus: 3335, signal 174619/206170 (executing program) 1970/01/01 00:08:55 fetching corpus: 3385, signal 175454/206981 (executing program) 1970/01/01 00:08:59 fetching corpus: 3435, signal 176256/207736 (executing program) 1970/01/01 00:09:01 fetching corpus: 3485, signal 176804/208364 (executing program) 1970/01/01 00:09:03 fetching corpus: 3535, signal 178021/209251 (executing program) 1970/01/01 00:09:05 fetching corpus: 3585, signal 178770/209955 (executing program) 1970/01/01 00:09:07 fetching corpus: 3635, signal 179510/210625 (executing program) 1970/01/01 00:09:09 fetching corpus: 3685, signal 180116/211250 (executing program) 1970/01/01 00:09:11 fetching corpus: 3735, signal 180754/211873 (executing program) 1970/01/01 00:09:13 fetching corpus: 3784, signal 181279/212475 (executing program) 1970/01/01 00:09:16 fetching corpus: 3834, signal 182209/213204 (executing program) 1970/01/01 00:09:18 fetching corpus: 3884, signal 182795/213741 (executing program) 1970/01/01 00:09:20 fetching corpus: 3934, signal 183388/214308 (executing program) 1970/01/01 00:09:23 fetching corpus: 3984, signal 184192/214961 (executing program) 1970/01/01 00:09:24 fetching corpus: 4034, signal 184800/215513 (executing program) 1970/01/01 00:09:27 fetching corpus: 4084, signal 185698/216156 (executing program) 1970/01/01 00:09:29 fetching corpus: 4134, signal 186451/216696 (executing program) 1970/01/01 00:09:34 fetching corpus: 4183, signal 187291/217270 (executing program) 1970/01/01 00:09:36 fetching corpus: 4232, signal 187949/217752 (executing program) 1970/01/01 00:09:38 fetching corpus: 4282, signal 188558/218263 (executing program) 1970/01/01 00:09:40 fetching corpus: 4332, signal 189334/218790 (executing program) 1970/01/01 00:09:43 fetching corpus: 4382, signal 189858/219226 (executing program) 1970/01/01 00:09:46 fetching corpus: 4432, signal 190246/219633 (executing program) 1970/01/01 00:09:48 fetching corpus: 4482, signal 190987/220125 (executing program) 1970/01/01 00:09:50 fetching corpus: 4532, signal 191611/220564 (executing program) 1970/01/01 00:09:52 fetching corpus: 4582, signal 192101/220977 (executing program) 1970/01/01 00:09:54 fetching corpus: 4632, signal 192613/221389 (executing program) 1970/01/01 00:09:56 fetching corpus: 4682, signal 193515/221829 (executing program) 1970/01/01 00:09:59 fetching corpus: 4731, signal 194186/222265 (executing program) 1970/01/01 00:10:01 fetching corpus: 4781, signal 194934/222647 (executing program) 1970/01/01 00:10:04 fetching corpus: 4830, signal 195616/223045 (executing program) 1970/01/01 00:10:07 fetching corpus: 4880, signal 196288/223388 (executing program) 1970/01/01 00:10:13 fetching corpus: 4930, signal 196945/223768 (executing program) 1970/01/01 00:10:16 fetching corpus: 4980, signal 197786/224111 (executing program) 1970/01/01 00:10:18 fetching corpus: 5030, signal 198118/224411 (executing program) 1970/01/01 00:10:20 fetching corpus: 5080, signal 198835/224731 (executing program) 1970/01/01 00:10:22 fetching corpus: 5130, signal 199403/225022 (executing program) 1970/01/01 00:10:26 fetching corpus: 5180, signal 200029/225311 (executing program) 1970/01/01 00:10:29 fetching corpus: 5230, signal 200614/225593 (executing program) 1970/01/01 00:10:31 fetching corpus: 5277, signal 201281/225887 (executing program) 1970/01/01 00:10:33 fetching corpus: 5327, signal 201794/226145 (executing program) 1970/01/01 00:10:36 fetching corpus: 5377, signal 202435/226403 (executing program) 1970/01/01 00:10:38 fetching corpus: 5427, signal 202861/226641 (executing program) 1970/01/01 00:10:41 fetching corpus: 5477, signal 203688/226892 (executing program) 1970/01/01 00:10:43 fetching corpus: 5527, signal 204127/227106 (executing program) 1970/01/01 00:10:46 fetching corpus: 5575, signal 204523/227306 (executing program) 1970/01/01 00:10:47 fetching corpus: 5625, signal 204913/227454 (executing program) 1970/01/01 00:10:50 fetching corpus: 5675, signal 205576/227454 (executing program) 1970/01/01 00:10:54 fetching corpus: 5724, signal 206099/227454 (executing program) 1970/01/01 00:10:56 fetching corpus: 5774, signal 206857/227456 (executing program) 1970/01/01 00:10:58 fetching corpus: 5824, signal 207368/227494 (executing program) 1970/01/01 00:11:00 fetching corpus: 5873, signal 207900/227497 (executing program) 1970/01/01 00:11:02 fetching corpus: 5923, signal 208510/227501 (executing program) 1970/01/01 00:11:05 fetching corpus: 5972, signal 208897/227501 (executing program) 1970/01/01 00:11:08 fetching corpus: 6022, signal 209309/227501 (executing program) 1970/01/01 00:11:10 fetching corpus: 6072, signal 210008/227501 (executing program) 1970/01/01 00:11:12 fetching corpus: 6121, signal 210500/227501 (executing program) 1970/01/01 00:11:15 fetching corpus: 6171, signal 211071/227501 (executing program) 1970/01/01 00:11:17 fetching corpus: 6221, signal 211548/227508 (executing program) 1970/01/01 00:11:19 fetching corpus: 6271, signal 212492/227508 (executing program) 1970/01/01 00:11:23 fetching corpus: 6321, signal 213112/227508 (executing program) 1970/01/01 00:11:27 fetching corpus: 6370, signal 213597/227524 (executing program) 1970/01/01 00:11:30 fetching corpus: 6419, signal 214325/227526 (executing program) 1970/01/01 00:11:32 fetching corpus: 6469, signal 214905/227526 (executing program) 1970/01/01 00:11:33 fetching corpus: 6519, signal 215316/227526 (executing program) 1970/01/01 00:11:36 fetching corpus: 6569, signal 215774/227526 (executing program) 1970/01/01 00:11:39 fetching corpus: 6619, signal 216327/227526 (executing program) 1970/01/01 00:11:40 fetching corpus: 6669, signal 216682/227536 (executing program) 1970/01/01 00:11:42 fetching corpus: 6719, signal 217391/227542 (executing program) 1970/01/01 00:11:44 fetching corpus: 6769, signal 217945/227543 (executing program) 1970/01/01 00:11:47 fetching corpus: 6819, signal 218507/227543 (executing program) 1970/01/01 00:11:50 fetching corpus: 6869, signal 219218/227543 (executing program) 1970/01/01 00:11:53 fetching corpus: 6919, signal 219688/227551 (executing program) 1970/01/01 00:11:57 fetching corpus: 6969, signal 220161/227551 (executing program) 1970/01/01 00:11:59 fetching corpus: 7019, signal 220672/227551 (executing program) 1970/01/01 00:12:01 fetching corpus: 7069, signal 221110/227555 (executing program) 1970/01/01 00:12:04 fetching corpus: 7118, signal 221540/227555 (executing program) 1970/01/01 00:12:06 fetching corpus: 7168, signal 221826/227555 (executing program) 1970/01/01 00:12:09 fetching corpus: 7218, signal 222341/227555 (executing program) 1970/01/01 00:12:11 fetching corpus: 7268, signal 222875/227563 (executing program) 1970/01/01 00:12:13 fetching corpus: 7318, signal 223211/227563 (executing program) 1970/01/01 00:12:15 fetching corpus: 7368, signal 223758/227563 (executing program) 1970/01/01 00:12:17 fetching corpus: 7418, signal 224128/227563 (executing program) 1970/01/01 00:12:18 fetching corpus: 7421, signal 224142/227563 (executing program) 1970/01/01 00:12:18 fetching corpus: 7421, signal 224142/227563 (executing program) 1970/01/01 00:13:58 starting 2 fuzzer processes 00:13:58 executing program 0: syz_open_procfs(0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @sit={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_6RD_RELAY_PREFIX={0x8, 0xc, 0xff}, @IFLA_IPTUN_ENCAP_FLAGS={0x6}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @initdev={0xac, 0x1e, 0x1, 0x0}}]}}}]}, 0x48}}, 0x0) 00:13:59 executing program 1: syz_emit_ethernet(0x86, &(0x7f0000000100)={@broadcast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x8000, 0x4e22, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "07cd5fd1cb44e03fc8a46888b4d109b34b3e443e985f249e3c04417bf95ed1b9", "cd23551cded2519406fb34d63850995f", {"a8a0641a9eb3697270e8d01c8b22d6d8", "597f412a9b6390fda83679011424c459"}}}}}}}, 0x0) [ 864.731439][ T2043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 864.863963][ T2043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 867.273305][ C0] ================================================================== [ 867.277431][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 867.278977][ C0] Read of size 8 at addr ffffaf800efc3f80 by task syz-executor.1/2044 [ 867.280487][ C0] [ 867.282279][ C0] CPU: 0 PID: 2044 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 867.283898][ C0] Hardware name: riscv-virtio,qemu (DT) [ 867.285325][ C0] Call Trace: [ 867.286519][ C0] [] dump_backtrace+0x2e/0x3c [ 867.287767][ C0] [] show_stack+0x34/0x40 [ 867.288906][ C0] [] dump_stack_lvl+0xe4/0x150 [ 867.290200][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 867.291622][ C0] [] kasan_report+0x184/0x1e0 [ 867.292909][ C0] [] __asan_load8+0x6e/0x96 [ 867.294154][ C0] [] walk_stackframe+0x11c/0x260 [ 867.295798][ C0] [] arch_stack_walk+0x2c/0x3c [ 867.297545][ C0] [] stack_trace_save+0xa6/0xd8 [ 867.299063][ C0] [ 867.299840][ C0] Allocated by task 0: [ 867.300659][ C0] (stack is not available) [ 867.301415][ C0] [ 867.302085][ C0] Last potentially related work creation: [ 867.302994][ C0] ------------[ cut here ]------------ [ 867.303812][ C0] slab index 942336 out of bounds (292) for stack id 0cee6100 [ 867.308158][ C0] WARNING: CPU: 0 PID: 2044 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 867.309966][ C0] Modules linked in: [ 867.311136][ C0] CPU: 0 PID: 2044 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 867.312529][ C0] Hardware name: riscv-virtio,qemu (DT) [ 867.313436][ C0] epc : stack_depot_print+0x66/0x70 [ 867.314734][ C0] ra : stack_depot_print+0x66/0x70 [ 867.316184][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800efc3e10 [ 867.317355][ C0] gp : ffffffff85863ac0 tp : ffffaf800cee6100 t0 : ffffffff86bcb657 [ 867.318540][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800efc3e20 [ 867.319706][ C0] s1 : ffffaf807aa7fe00 a0 : 000000000000003b a1 : 00000000000f0000 [ 867.320853][ C0] a2 : 0000000000000504 a3 : ffffffff8012252a a4 : 19190faf16a76700 [ 867.321998][ C0] a5 : 19190faf16a76700 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 867.323136][ C0] s2 : ffffaf800efc3f80 s3 : ffffaf800723edc0 s4 : ffffaf800efc3c00 [ 867.324276][ C0] s5 : ffffaf800efc3f40 s6 : 0000000000003fff s7 : ffffaf800efc3f70 [ 867.326103][ C0] s8 : ffffffff8000a4a4 s9 : ffffffffffffc000 s10: ffffaf800efc3fc0 [ 867.327976][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 867.329201][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800efc3918 [ 867.330273][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 867.331599][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 867.333106][ C0] [] kasan_report+0x184/0x1e0 [ 867.334361][ C0] [] __asan_load8+0x6e/0x96 [ 867.335947][ C0] [] walk_stackframe+0x11c/0x260 [ 867.337168][ C0] [] arch_stack_walk+0x2c/0x3c [ 867.338384][ C0] [] stack_trace_save+0xa6/0xd8 [ 867.339702][ C0] irq event stamp: 37145 [ 867.340498][ C0] hardirqs last enabled at (37144): [] ip_finish_output2+0x157a/0x1720 [ 867.342017][ C0] hardirqs last disabled at (37145): [] _raw_spin_lock_irqsave+0x60/0x62 [ 867.343472][ C0] softirqs last enabled at (37062): [] inet6_fill_ifla6_attrs+0xb72/0xc28 [ 867.345448][ C0] softirqs last disabled at (37069): [] __irq_exit_rcu+0x142/0x1f8 [ 867.347770][ C0] ---[ end trace 0000000000000000 ]--- [ 867.349156][ C0] [ 867.349865][ C0] Second to last potentially related work creation: [ 867.350803][ C0] ------------[ cut here ]------------ [ 867.351645][ C0] slab index 2076544 out of bounds (292) for stack id ffffaf80 [ 867.355100][ C0] WARNING: CPU: 0 PID: 2044 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 867.356781][ C0] Modules linked in: [ 867.357879][ C0] CPU: 0 PID: 2044 Comm: syz-executor.1 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 867.359347][ C0] Hardware name: riscv-virtio,qemu (DT) [ 867.360194][ C0] epc : stack_depot_print+0x66/0x70 [ 867.361327][ C0] ra : stack_depot_print+0x66/0x70 [ 867.362432][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800efc3e10 [ 867.363539][ C0] gp : ffffffff85863ac0 tp : ffffaf800cee6100 t0 : ffffffff86bcb657 [ 867.364875][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800efc3e20 [ 867.366518][ C0] s1 : ffffaf807aa7fe00 a0 : 000000000000003c a1 : 00000000000f0000 [ 867.367638][ C0] a2 : 0000000000000504 a3 : ffffffff8012252a a4 : 19190faf16a76700 [ 867.368734][ C0] a5 : 19190faf16a76700 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 867.369893][ C0] s2 : ffffaf800efc3f80 s3 : ffffaf800723edc0 s4 : ffffaf800efc3c00 [ 867.371023][ C0] s5 : ffffaf800efc3f40 s6 : 0000000000003fff s7 : ffffaf800efc3f70 [ 867.372139][ C0] s8 : ffffffff8000a4a4 s9 : ffffffffffffc000 s10: ffffaf800efc3fc0 [ 867.373268][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 867.374433][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800efc3918 [ 867.375811][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 867.377543][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 867.379055][ C0] [] kasan_report+0x184/0x1e0 [ 867.380286][ C0] [] __asan_load8+0x6e/0x96 [ 867.381374][ C0] [] walk_stackframe+0x11c/0x260 [ 867.382550][ C0] [] arch_stack_walk+0x2c/0x3c [ 867.383728][ C0] [] stack_trace_save+0xa6/0xd8 [ 867.385213][ C0] irq event stamp: 37145 [ 867.386182][ C0] hardirqs last enabled at (37144): [] ip_finish_output2+0x157a/0x1720 [ 867.387739][ C0] hardirqs last disabled at (37145): [] _raw_spin_lock_irqsave+0x60/0x62 [ 867.389161][ C0] softirqs last enabled at (37062): [] inet6_fill_ifla6_attrs+0xb72/0xc28 [ 867.390762][ C0] softirqs last disabled at (37069): [] __irq_exit_rcu+0x142/0x1f8 [ 867.392231][ C0] ---[ end trace 0000000000000000 ]--- [ 867.393198][ C0] [ 867.393909][ C0] The buggy address belongs to the object at ffffaf800efc3c00 [ 867.393909][ C0] which belongs to the cache files_cache of size 832 [ 867.396281][ C0] The buggy address is located 64 bytes to the right of [ 867.396281][ C0] 832-byte region [ffffaf800efc3c00, ffffaf800efc3f40) [ 867.398775][ C0] The buggy address belongs to the page: [ 867.400179][ C0] page:ffffaf807aa7fe00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8f1c0 [ 867.401856][ C0] head:ffffaf807aa7fe00 order:2 compound_mapcount:0 compound_pincount:0 [ 867.403222][ C0] flags: 0x8800010200(slab|head|section=17|node=0|zone=0) [ 867.406435][ C0] raw: 0000008800010200 ffffaf807a980020 0000000000000006 ffffaf800723edc0 [ 867.407771][ C0] raw: 0000000000000000 0000000000110011 00000001ffffffff 0000000000000000 [ 867.408898][ C0] raw: 00000000000007ff [ 867.409740][ C0] page dumped because: kasan: bad access detected [ 867.410902][ C0] page_owner tracks the page as allocated [ 867.411851][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 49, ts 75661566900, free_ts 75591737500 [ 867.414036][ C0] __set_page_owner+0x48/0x136 [ 867.415548][ C0] post_alloc_hook+0xd0/0x10a [ 867.416986][ C0] get_page_from_freelist+0x8da/0x12d8 [ 867.418130][ C0] __alloc_pages+0x150/0x3b6 [ 867.419160][ C0] alloc_pages+0x132/0x2a6 [ 867.420205][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 867.421385][ C0] new_slab+0x25a/0x2cc [ 867.422491][ C0] ___slab_alloc+0x56e/0x918 [ 867.423602][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 867.425254][ C0] kmem_cache_alloc+0x39c/0x3de [ 867.426734][ C0] dup_fd+0x58/0x712 [ 867.427740][ C0] copy_process+0x13ac/0x3c34 [ 867.428849][ C0] kernel_clone+0xee/0x920 [ 867.429954][ C0] kernel_thread+0xf8/0x130 [ 867.431077][ C0] call_usermodehelper_exec_work+0xc8/0x122 [ 867.432246][ C0] process_one_work+0x654/0xffe [ 867.433333][ C0] page last free stack trace: [ 867.434127][ C0] __reset_page_owner+0x4a/0xea [ 867.435620][ C0] free_pcp_prepare+0x29c/0x45e [ 867.437093][ C0] free_unref_page+0x6a/0x31e [ 867.438146][ C0] __free_pages+0xe2/0x112 [ 867.439127][ C0] put_task_stack+0x1d0/0x2b0 [ 867.440172][ C0] finish_task_switch.isra.0+0x3ce/0x420 [ 867.441279][ C0] __schedule+0x58e/0x118e [ 867.442352][ C0] preempt_schedule_irq+0x4a/0x13e [ 867.443438][ C0] resume_kernel+0x16/0x18 [ 867.444618][ C0] [ 867.445431][ C0] Memory state around the buggy address: [ 867.447173][ C0] ffffaf800efc3e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 867.448314][ C0] ffffaf800efc3f00: fb fb fb fb 00 00 00 00 00 00 00 00 00 00 00 00 [ 867.449426][ C0] >ffffaf800efc3f80: fc fc fc fc f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 [ 867.450499][ C0] ^ [ 867.451415][ C0] ffffaf800efc4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 867.452506][ C0] ffffaf800efc4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 867.453708][ C0] ================================================================== [ 867.454906][ C0] Disabling lock debugging due to kernel taint [ 867.463271][ T2044] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 867.464445][ T2044] CPU: 0 PID: 2044 Comm: syz-executor.1 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 867.466315][ T2044] Hardware name: riscv-virtio,qemu (DT) [ 867.467031][ T2044] Call Trace: [ 867.467575][ T2044] [] dump_backtrace+0x2e/0x3c [ 867.468603][ T2044] [] show_stack+0x34/0x40 [ 867.469506][ T2044] [] dump_stack_lvl+0xe4/0x150 [ 867.470569][ T2044] [] dump_stack+0x1c/0x24 [ 867.471575][ T2044] [] panic+0x24a/0x634 [ 867.472470][ T2044] [] schedule+0x0/0x14c [ 867.473440][ T2044] [] preempt_schedule_irq+0x4a/0x13e [ 867.474495][ T2044] [] resume_kernel+0x16/0x18 [ 867.476139][ T2044] SMP: stopping secondary CPUs [ 867.478256][ T2044] Rebooting in 86400 seconds.. VM DIAGNOSIS: 13:12:04 Registers: info registers vcpu 0 pc ffffffff80c38794 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8010cac0 sepc ffffffff8010b26a mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80c38f0e x2/sp ffffaf800efc3960 x3/gp ffffffff85863ac0 x4/tp ffffaf800cee6100 x5/t0 ffffaf800efc3a03 x6/t1 fffff5ef01df8740 x7/t2 0000000000000000 x8/s0 ffffaf800efc3990 x9/s1 ffffffff86bcb640 x10/a0 ffffffff86bcb640 x11/a1 000000000000000a x12/a2 0000000000000000 x13/a3 ffffffff8011c7ec x14/a4 ffffaf800cee6100 x15/a5 0000000000000000 x16/a6 ffffaf800efc3a07 x17/a7 ffffaf800efc3a05 x18/s2 ffffffff86bcb641 x19/s3 ffffffff86bcb640 x20/s4 000000000000000a x21/s5 0000000000000017 x22/s6 0000000000000000 x23/s7 0000000000000400 x24/s8 ffffaf800efc39f0 x25/s9 0000000000000000 x26/s10 00000000000003e7 x27/s11 ffffaf800efc3c40 x28/t3 0000000000000043 x29/t4 fffff5ef01df8740 x30/t5 fffff5ef01df8741 x31/t6 ffffaf800efc3a06 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80475986 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 00007fff8070b264 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80119b52 x2/sp ffffaf800c91f7e0 x3/gp ffffffff85863ac0 x4/tp ffffaf800eaec8c0 x5/t0 00000000000001f8 x6/t1 19190faf16a76700 x7/t2 ffffffffffffffff x8/s0 ffffaf800c91f820 x9/s1 ffffaf800c701898 x10/a0 ffffaf800c701898 x11/a1 0000000000000003 x12/a2 1ffff5f0018e0313 x13/a3 ffffffff80119b52 x14/a4 0000000000000000 x15/a5 ffffaf800c701898 x16/a6 0000000000f00000 x17/a7 ffffffff826e6226 x18/s2 0000000000000001 x19/s3 ffffaf800eaec8c0 x20/s4 ffffaf800c7018a8 x21/s5 ffffaf800c7018a0 x22/s6 ffffaf800c91f960 x23/s7 ffffaf800c91fb00 x24/s8 0000000000000000 x25/s9 0000000000004000 x26/s10 0000000000000040 x27/s11 0000000000000001 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001923eb4 x31/t6 00000000026c6647 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000