[  294.870457][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:62777' (ECDSA) to the list of known hosts.
1970/01/01 00:05:38 fuzzer started
1970/01/01 00:05:54 dialing manager at localhost:38403
[  360.067692][ T2032] cgroup: Unknown subsys name 'net'
[  361.000962][ T2032] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:06:00 syscalls: 2819
1970/01/01 00:06:00 code coverage: enabled
1970/01/01 00:06:00 comparison tracing: enabled
1970/01/01 00:06:00 extra coverage: enabled
1970/01/01 00:06:00 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:06:00 setuid sandbox: enabled
1970/01/01 00:06:00 namespace sandbox: enabled
1970/01/01 00:06:00 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:06:00 fault injection: enabled
1970/01/01 00:06:00 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:06:00 net packet injection: enabled
1970/01/01 00:06:00 net device setup: enabled
1970/01/01 00:06:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:06:00 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:06:00 USB emulation: enabled
1970/01/01 00:06:00 hci packet injection: /dev/vhci does not exist
1970/01/01 00:06:00 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:06:00 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:06:00 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:06:07 fetching corpus: 50, signal 41152/44047 (executing program)
1970/01/01 00:06:12 fetching corpus: 99, signal 53328/57212 (executing program)
1970/01/01 00:06:15 fetching corpus: 148, signal 61642/66359 (executing program)
1970/01/01 00:06:20 fetching corpus: 197, signal 76349/81234 (executing program)
1970/01/01 00:06:22 fetching corpus: 247, signal 82193/87569 (executing program)
1970/01/01 00:06:25 fetching corpus: 297, signal 90578/96091 (executing program)
1970/01/01 00:06:28 fetching corpus: 347, signal 95189/100975 (executing program)
1970/01/01 00:06:32 fetching corpus: 397, signal 101359/107149 (executing program)
1970/01/01 00:06:35 fetching corpus: 446, signal 105892/111672 (executing program)
1970/01/01 00:06:39 fetching corpus: 496, signal 109960/115733 (executing program)
1970/01/01 00:06:42 fetching corpus: 546, signal 115618/120953 (executing program)
1970/01/01 00:06:46 fetching corpus: 596, signal 119583/124669 (executing program)
1970/01/01 00:06:49 fetching corpus: 646, signal 123181/128026 (executing program)
1970/01/01 00:06:52 fetching corpus: 695, signal 126597/131114 (executing program)
1970/01/01 00:06:55 fetching corpus: 744, signal 129206/133491 (executing program)
1970/01/01 00:06:58 fetching corpus: 794, signal 131570/135649 (executing program)
1970/01/01 00:07:01 fetching corpus: 844, signal 134018/137781 (executing program)
1970/01/01 00:07:06 fetching corpus: 893, signal 137662/140727 (executing program)
1970/01/01 00:07:11 fetching corpus: 942, signal 140084/142642 (executing program)
1970/01/01 00:07:14 fetching corpus: 992, signal 142581/144569 (executing program)
1970/01/01 00:07:17 fetching corpus: 1041, signal 146247/147237 (executing program)
1970/01/01 00:07:19 fetching corpus: 1086, signal 147792/148345 (executing program)
1970/01/01 00:07:20 fetching corpus: 1086, signal 147792/148373 (executing program)
1970/01/01 00:07:20 fetching corpus: 1086, signal 147792/148395 (executing program)
1970/01/01 00:07:20 fetching corpus: 1087, signal 147837/148451 (executing program)
1970/01/01 00:07:20 fetching corpus: 1087, signal 147837/148482 (executing program)
1970/01/01 00:07:20 fetching corpus: 1087, signal 147837/148499 (executing program)
1970/01/01 00:07:20 fetching corpus: 1087, signal 147837/148511 (executing program)
1970/01/01 00:07:21 fetching corpus: 1087, signal 147837/148533 (executing program)
1970/01/01 00:07:21 fetching corpus: 1087, signal 147837/148561 (executing program)
1970/01/01 00:07:21 fetching corpus: 1087, signal 147837/148584 (executing program)
1970/01/01 00:07:21 fetching corpus: 1087, signal 147837/148609 (executing program)
1970/01/01 00:07:21 fetching corpus: 1087, signal 147837/148640 (executing program)
1970/01/01 00:07:21 fetching corpus: 1087, signal 147837/148673 (executing program)
1970/01/01 00:07:21 fetching corpus: 1087, signal 147837/148691 (executing program)
1970/01/01 00:07:21 fetching corpus: 1087, signal 147837/148717 (executing program)
1970/01/01 00:07:22 fetching corpus: 1087, signal 147837/148746 (executing program)
1970/01/01 00:07:22 fetching corpus: 1087, signal 147837/148774 (executing program)
1970/01/01 00:07:22 fetching corpus: 1087, signal 147837/148795 (executing program)
1970/01/01 00:07:22 fetching corpus: 1087, signal 147837/148818 (executing program)
1970/01/01 00:07:22 fetching corpus: 1087, signal 147837/148842 (executing program)
1970/01/01 00:07:22 fetching corpus: 1087, signal 147837/148869 (executing program)
1970/01/01 00:07:23 fetching corpus: 1087, signal 147837/148886 (executing program)
1970/01/01 00:07:23 fetching corpus: 1087, signal 147837/148906 (executing program)
1970/01/01 00:07:23 fetching corpus: 1087, signal 147837/148929 (executing program)
1970/01/01 00:07:23 fetching corpus: 1087, signal 147837/148964 (executing program)
1970/01/01 00:07:23 fetching corpus: 1087, signal 147837/148988 (executing program)
1970/01/01 00:07:23 fetching corpus: 1087, signal 147837/149010 (executing program)
1970/01/01 00:07:24 fetching corpus: 1087, signal 147837/149043 (executing program)
1970/01/01 00:07:24 fetching corpus: 1088, signal 147842/149067 (executing program)
1970/01/01 00:07:24 fetching corpus: 1088, signal 147842/149093 (executing program)
1970/01/01 00:07:24 fetching corpus: 1088, signal 147842/149118 (executing program)
1970/01/01 00:07:24 fetching corpus: 1088, signal 147842/149146 (executing program)
1970/01/01 00:07:24 fetching corpus: 1088, signal 147842/149166 (executing program)
1970/01/01 00:07:24 fetching corpus: 1088, signal 147842/149197 (executing program)
1970/01/01 00:07:24 fetching corpus: 1088, signal 147842/149221 (executing program)
1970/01/01 00:07:25 fetching corpus: 1088, signal 147842/149251 (executing program)
1970/01/01 00:07:25 fetching corpus: 1088, signal 147842/149278 (executing program)
1970/01/01 00:07:25 fetching corpus: 1088, signal 147842/149301 (executing program)
1970/01/01 00:07:25 fetching corpus: 1089, signal 147843/149322 (executing program)
1970/01/01 00:07:25 fetching corpus: 1089, signal 147843/149349 (executing program)
1970/01/01 00:07:26 fetching corpus: 1089, signal 147843/149371 (executing program)
1970/01/01 00:07:26 fetching corpus: 1089, signal 147843/149396 (executing program)
1970/01/01 00:07:26 fetching corpus: 1089, signal 147843/149421 (executing program)
1970/01/01 00:07:26 fetching corpus: 1089, signal 147843/149451 (executing program)
1970/01/01 00:07:26 fetching corpus: 1089, signal 147843/149475 (executing program)
1970/01/01 00:07:26 fetching corpus: 1089, signal 147843/149504 (executing program)
1970/01/01 00:07:26 fetching corpus: 1089, signal 147843/149522 (executing program)
1970/01/01 00:07:27 fetching corpus: 1089, signal 147843/149548 (executing program)
1970/01/01 00:07:27 fetching corpus: 1089, signal 147843/149567 (executing program)
1970/01/01 00:07:27 fetching corpus: 1089, signal 147843/149591 (executing program)
1970/01/01 00:07:27 fetching corpus: 1089, signal 147843/149619 (executing program)
1970/01/01 00:07:27 fetching corpus: 1089, signal 147843/149645 (executing program)
1970/01/01 00:07:27 fetching corpus: 1089, signal 147843/149669 (executing program)
1970/01/01 00:07:28 fetching corpus: 1089, signal 147843/149669 (executing program)
1970/01/01 00:09:36 starting 2 fuzzer processes
00:09:36 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)={0x14, 0x22, 0x1, 0x0, 0x0, {0x1}}, 0x14}}, 0x0)

00:09:36 executing program 1:
syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000140)=@filename='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1080, 0x0)
pivot_root(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')
mount(0x0, &(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000100)='cgroup2\x00', 0x0, 0x0)
chroot(&(0x7f0000000000)='./file0/../file0\x00')

[  604.465099][ T2039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  604.616449][ T2037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  604.750553][ T2039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  604.840897][ T2037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  622.740089][ T2037] device hsr_slave_0 entered promiscuous mode
[  623.170941][ T2037] device hsr_slave_1 entered promiscuous mode
[  623.323863][ T2039] device hsr_slave_0 entered promiscuous mode
[  623.345570][ T2039] device hsr_slave_1 entered promiscuous mode
[  623.371361][ T2039] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  623.378018][ T2039] Cannot create hsr debugfs directory
[  633.869180][ T2039] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  634.069951][ T2039] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  634.476455][ T2039] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  634.917431][ T2039] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  636.610436][ T2037] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  636.940087][ T2037] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  637.362013][ T2037] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  637.656003][ T2037] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  655.268869][ T2039] 8021q: adding VLAN 0 to HW filter on device bond0
[  656.410168][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  656.531394][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  656.986114][ T2037] 8021q: adding VLAN 0 to HW filter on device bond0
[  657.988488][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  658.046923][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  666.667541][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  666.779416][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  667.196724][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  667.245814][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  668.084418][ T2033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  668.195782][ T2033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  668.254777][ T2033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  668.290917][ T2033] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  668.678813][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  668.737559][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  669.831558][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  669.887992][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  669.927135][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  669.956492][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  669.994660][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  670.020188][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  670.336374][ T2039] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  671.589912][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  671.666907][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  671.705548][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  671.770593][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  671.896981][ T2037] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  672.071028][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  672.119539][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  673.395937][ T2033] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  673.399060][ T2033] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  694.549653][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  694.589299][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  696.393388][ T2659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  696.446622][ T2659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  703.699750][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  703.741281][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  703.795774][ T2659] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  703.846921][ T2659] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  704.163721][ T2039] device veth0_vlan entered promiscuous mode
[  704.748064][ T2037] device veth0_vlan entered promiscuous mode
[  704.840480][ T2039] device veth1_vlan entered promiscuous mode
[  704.989041][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  705.044267][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  705.276227][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  705.329226][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  705.729168][ T2037] device veth1_vlan entered promiscuous mode
[  706.728916][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  706.800516][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  707.115964][ T2039] device veth0_macvtap entered promiscuous mode
[  707.307588][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  707.334330][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  707.374144][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  707.563098][ T2039] device veth1_macvtap entered promiscuous mode
[  707.809314][ T2037] device veth0_macvtap entered promiscuous mode
[  707.908112][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  708.396671][ T2037] device veth1_macvtap entered promiscuous mode
[  709.450108][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  709.516442][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  710.109176][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  710.168076][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  710.197699][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  710.225278][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  710.404171][ T2039] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  710.408049][ T2039] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  710.409895][ T2039] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  710.411587][ T2039] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  710.857169][ T2659] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  710.910156][ T2659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  711.328438][ T2037] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  711.330288][ T2037] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  711.359835][ T2037] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  711.376264][ T2037] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
00:11:58 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)={0x14, 0x22, 0x1, 0x0, 0x0, {0x1}}, 0x14}}, 0x0)

00:11:59 executing program 1:
syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000140)=@filename='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1080, 0x0)
pivot_root(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')
mount(0x0, &(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000100)='cgroup2\x00', 0x0, 0x0)
chroot(&(0x7f0000000000)='./file0/../file0\x00')

00:12:02 executing program 1:
syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000140)=@filename='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1080, 0x0)
pivot_root(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')
mount(0x0, &(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000100)='cgroup2\x00', 0x0, 0x0)
chroot(&(0x7f0000000000)='./file0/../file0\x00')

00:12:02 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)={0x14, 0x22, 0x1, 0x0, 0x0, {0x1}}, 0x14}}, 0x0)

[  725.625075][ T2046] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  726.624947][ T2046] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
00:12:06 executing program 1:
syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000140)=@filename='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1080, 0x0)
pivot_root(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')
mount(0x0, &(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000100)='cgroup2\x00', 0x0, 0x0)
chroot(&(0x7f0000000000)='./file0/../file0\x00')

[  727.919578][ T2046] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  728.910329][ T2046] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
00:12:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)={0x14, 0x22, 0x1, 0x0, 0x0, {0x1}}, 0x14}}, 0x0)

[  748.088116][ T2046] device hsr_slave_0 left promiscuous mode
[  748.228924][ T2046] device hsr_slave_1 left promiscuous mode
[  748.869480][ T2046] device veth1_macvtap left promiscuous mode
[  748.898561][ T2046] device veth0_macvtap left promiscuous mode
[  748.936757][ T2046] device veth1_vlan left promiscuous mode
[  748.965347][ T2046] device veth0_vlan left promiscuous mode
00:12:50 executing program 0:
syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000140)=@filename='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1080, 0x0)
pivot_root(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')
mount(0x0, &(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000100)='cgroup2\x00', 0x0, 0x0)
chroot(&(0x7f0000000000)='./file0/../file0\x00')

[  773.476006][ T2046] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  774.118564][ T2046] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
00:12:55 executing program 0:
syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000140)=@filename='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1080, 0x0)
pivot_root(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')
mount(0x0, &(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000100)='cgroup2\x00', 0x0, 0x0)
chroot(&(0x7f0000000000)='./file0/../file0\x00')

[  778.501371][ T2046] bond0 (unregistering): Released all slaves
[  790.180944][ T2046] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  791.229887][ T2046] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  792.056686][ T2046] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  793.340583][ T2046] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  804.007868][ T2046] device hsr_slave_0 left promiscuous mode
[  804.085817][ T2046] device hsr_slave_1 left promiscuous mode
[  804.242923][ T2046] device veth1_macvtap left promiscuous mode
[  804.246966][ T2046] device veth0_macvtap left promiscuous mode
[  804.277120][ T2046] device veth1_vlan left promiscuous mode
[  804.280470][ T2046] device veth0_vlan left promiscuous mode
[  813.509486][ T2046] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  813.858051][ T2046] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  816.121489][ T2046] bond0 (unregistering): Released all slaves
[  827.537563][ T2759] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  827.708956][ T2759] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  840.773834][ T2759] device hsr_slave_0 entered promiscuous mode
[  840.815326][ T2759] device hsr_slave_1 entered promiscuous mode
[  857.163297][    C0] ==================================================================
[  857.168097][    C0] BUG: KASAN: use-after-free in walk_stackframe+0x11c/0x260
[  857.170001][    C0] Read of size 8 at addr ffffaf801f94bf50 by task syz-executor.1/2759
[  857.172167][    C0] 
[  857.174495][    C0] CPU: 0 PID: 2759 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  857.176455][    C0] Hardware name: riscv-virtio,qemu (DT)
[  857.178051][    C0] Call Trace:
[  857.179191][    C0] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  857.180740][    C0] [<ffffffff831668cc>] show_stack+0x34/0x40
[  857.182221][    C0] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  857.185243][    C0] [<ffffffff8047479e>] print_address_description.constprop.0+0x2a/0x330
[  857.186816][    C0] [<ffffffff80474d4c>] kasan_report+0x184/0x1e0
[  857.188043][    C0] [<ffffffff80475b20>] __asan_load8+0x6e/0x96
[  857.189305][    C0] [<ffffffff8000a052>] walk_stackframe+0x11c/0x260
[  857.190399][    C0] [<ffffffff8000a4a4>] arch_stack_walk+0x2c/0x3c
[  857.191492][    C0] [<ffffffff80162ac8>] stack_trace_save+0xa6/0xd8
[  857.193505][    C0] 
[  857.194391][    C0] The buggy address belongs to the page:
[  857.195551][    C0] page:ffffaf807af2ad18 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9fb4b
[  857.196882][    C0] flags: 0x9800000000(section=19|node=0|zone=0)
[  857.198804][    C0] raw: 0000009800000000 0000000000000100 0000000000000122 0000000000000000
[  857.199826][    C0] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  857.200741][    C0] raw: 00000000000007ff
[  857.201407][    C0] page dumped because: kasan: bad access detected
[  857.202527][    C0] page_owner tracks the page as freed
[  857.203375][    C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 2036, ts 579108433400, free_ts 726537993600
[  857.205289][    C0]  __set_page_owner+0x48/0x136
[  857.206202][    C0]  post_alloc_hook+0xd0/0x10a
[  857.207084][    C0]  get_page_from_freelist+0x8da/0x12d8
[  857.207932][    C0]  __alloc_pages+0x150/0x3b6
[  857.208792][    C0]  alloc_pages+0x132/0x2a6
[  857.209605][    C0]  __vmalloc_node_range+0x946/0xab2
[  857.210383][    C0]  vmalloc_user+0x76/0x8c
[  857.211173][    C0]  kcov_mmap+0x2e/0x112
[  857.212122][    C0]  mmap_region+0x7a0/0xa88
[  857.213212][    C0]  do_mmap+0x784/0x8d2
[  857.214091][    C0]  vm_mmap_pgoff+0x1a2/0x24e
[  857.214988][    C0]  ksys_mmap_pgoff+0x288/0x2ea
[  857.215818][    C0]  sys_mmap+0x9e/0xc4
[  857.216669][    C0]  ret_from_syscall+0x0/0x2
[  857.217649][    C0] page last free stack trace:
[  857.218284][    C0]  __reset_page_owner+0x4a/0xea
[  857.219205][    C0]  free_pcp_prepare+0x29c/0x45e
[  857.220042][    C0]  free_unref_page+0x6a/0x31e
[  857.221108][    C0]  __free_pages+0xe2/0x112
[  857.222081][    C0]  __vunmap+0x67e/0x8c4
[  857.223060][    C0]  __vfree+0x70/0x104
[  857.223957][    C0]  vfree+0x9a/0xdc
[  857.224805][    C0]  kcov_close+0x44/0x72
[  857.225665][    C0]  __fput+0x164/0x502
[  857.226468][    C0]  ____fput+0x1a/0x24
[  857.227291][    C0]  task_work_run+0xdc/0x154
[  857.228247][    C0]  do_exit+0x7cc/0x18fc
[  857.229245][    C0]  do_group_exit+0x90/0x17e
[  857.230143][    C0]  __wake_up_parent+0x0/0x4a
[  857.231062][    C0]  ret_from_syscall+0x0/0x2
[  857.232243][    C0] 
[  857.233054][    C0] Memory state around the buggy address:
[  857.234756][    C0]  ffffaf801f94be00: 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff
[  857.235922][    C0]  ffffaf801f94be80: 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff
[  857.236983][    C0] >ffffaf801f94bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  857.238009][    C0]                                                  ^
[  857.239091][    C0]  ffffaf801f94bf80: ff ff ff ff f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3
[  857.240089][    C0]  ffffaf801f94c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  857.241195][    C0] ==================================================================
[  857.242794][    C0] Disabling lock debugging due to kernel taint
[  857.248062][ T2759] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[  857.249395][ T2759] CPU: 0 PID: 2759 Comm: syz-executor.1 Tainted: G    B             5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  857.250599][ T2759] Hardware name: riscv-virtio,qemu (DT)
[  857.251246][ T2759] Call Trace:
[  857.251724][ T2759] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  857.253398][ T2759] [<ffffffff831668cc>] show_stack+0x34/0x40
[  857.254293][ T2759] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  857.255223][ T2759] [<ffffffff83175742>] dump_stack+0x1c/0x24
[  857.256296][ T2759] [<ffffffff83166fa8>] panic+0x24a/0x634
[  857.257287][ T2759] [<ffffffff831a688a>] schedule+0x0/0x14c
[  857.258209][ T2759] [<ffffffff831a70f8>] preempt_schedule_irq+0x4a/0x13e
[  857.259203][ T2759] [<ffffffff800057cc>] resume_kernel+0x16/0x18
[  857.260282][ T2759] SMP: stopping secondary CPUs
[  857.262295][ T2759] Rebooting in 86400 seconds..

VM DIAGNOSIS:
21:48:18  Registers:
info registers vcpu 0
 pc       ffffffff8010b22c
 mhartid  0000000000000000
 mstatus  00000000000000a0
 mip      00000000000000a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff80475ab2
 sepc     ffffffff831a2608
 mcause   8000000000000007
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf801f94b970 x3/gp ffffffff85863ac0
 x4/tp ffffaf800bc80000 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0d796ca x7/t2 0000000000000000
 x8/s0 ffffaf801f94b980 x9/s1 0000000000001000 x10/a0 0000000000000020 x11/a1 ffffffffffffffff
 x12/a2 1ffff5f001790001 x13/a3 ffffffff80146d84 x14/a4 0000000000000508 x15/a5 0000000000000000
 x16/a6 0000000000f00000 x17/a7 ffffffff86bcb656 x18/s2 ffffaf800bc80000 x19/s3 ffffffff84b73ec0
 x20/s4 0000000000000000 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 ffffffff8011ede2
 x24/s8 ffffffff86c1a620 x25/s9 ffffffff8588a420 x26/s10 ffffffff858655c0 x27/s11 ffffaf801f94bc40
 x28/t3 0000000000000043 x29/t4 fffffffef0d796c8 x30/t5 fffffffef0d796cb x31/t6 ffffffff86bcb657
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff8020100c
 mhartid  0000000000000001
 mstatus  00000000000001a0
 mip      00000000000000a0
 mie      000000000000020a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff804759c8
 sepc     ffffffff804759c8
 mcause   8000000000000007
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff8020100c x2/sp ffffaf8011583260 x3/gp ffffffff85863ac0
 x4/tp ffffaf800dbd3080 x5/t0 0000000000046000 x6/t1 2cd8b5de5cc50e00 x7/t2 ffffffffffffffff
 x8/s0 ffffaf8011583290 x9/s1 ffffaf800dbd3080 x10/a0 0000000000000000 x11/a1 ffffaf800dbd3080
 x12/a2 0000000000010201 x13/a3 ffffffff8016f714 x14/a4 0000000000000003 x15/a5 0000000000000000
 x16/a6 0000000000f00000 x17/a7 ffffffff8018e490 x18/s2 ffffffff8016f724 x19/s3 0000000000000001
 x20/s4 0000000000000000 x21/s5 ffffaf805a9e744c x22/s6 ffffaf800dbd3080 x23/s7 ffffffff86c1a628
 x24/s8 ffffffff86c1a620 x25/s9 ffffaf805a9e7d50 x26/s10 ffffaf805a9e7400 x27/s11 ffffffff8018e412
 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0022b060c x31/t6 00000000025bfcca
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000