syzkaller login: [  308.078750][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  308.145601][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  352.314637][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:60556' (ECDSA) to the list of known hosts.
1970/01/01 00:06:27 fuzzer started
1970/01/01 00:06:43 dialing manager at localhost:45323
[  409.261559][ T2049] cgroup: Unknown subsys name 'net'
[  410.402596][ T2049] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:06:49 syscalls: 2870
1970/01/01 00:06:49 code coverage: enabled
1970/01/01 00:06:50 comparison tracing: enabled
1970/01/01 00:06:50 extra coverage: enabled
1970/01/01 00:06:50 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:06:50 setuid sandbox: enabled
1970/01/01 00:06:50 namespace sandbox: enabled
1970/01/01 00:06:50 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:06:50 fault injection: enabled
1970/01/01 00:06:50 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:06:50 net packet injection: enabled
1970/01/01 00:06:50 net device setup: enabled
1970/01/01 00:06:50 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:06:50 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:06:50 USB emulation: enabled
1970/01/01 00:06:50 hci packet injection: /dev/vhci does not exist
1970/01/01 00:06:50 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:06:50 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:06:50 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:06:56 fetching corpus: 50, signal 32634/35955 (executing program)
1970/01/01 00:06:59 fetching corpus: 100, signal 42501/47193 (executing program)
1970/01/01 00:07:03 fetching corpus: 149, signal 50512/56471 (executing program)
1970/01/01 00:07:06 fetching corpus: 199, signal 57631/64729 (executing program)
1970/01/01 00:07:08 fetching corpus: 247, signal 62999/71187 (executing program)
1970/01/01 00:07:12 fetching corpus: 297, signal 70328/79385 (executing program)
1970/01/01 00:07:14 fetching corpus: 347, signal 74739/84733 (executing program)
1970/01/01 00:07:17 fetching corpus: 397, signal 77483/88494 (executing program)
1970/01/01 00:07:19 fetching corpus: 446, signal 81627/93446 (executing program)
1970/01/01 00:07:23 fetching corpus: 495, signal 86833/99255 (executing program)
1970/01/01 00:07:25 fetching corpus: 545, signal 89330/102610 (executing program)
1970/01/01 00:07:28 fetching corpus: 594, signal 92373/106339 (executing program)
1970/01/01 00:07:33 fetching corpus: 643, signal 95477/110086 (executing program)
1970/01/01 00:07:35 fetching corpus: 693, signal 97170/112577 (executing program)
1970/01/01 00:07:38 fetching corpus: 743, signal 100715/116538 (executing program)
1970/01/01 00:07:41 fetching corpus: 793, signal 102726/119236 (executing program)
1970/01/01 00:07:44 fetching corpus: 842, signal 105189/122204 (executing program)
1970/01/01 00:07:48 fetching corpus: 891, signal 107525/125072 (executing program)
1970/01/01 00:07:50 fetching corpus: 939, signal 110100/128072 (executing program)
1970/01/01 00:07:52 fetching corpus: 989, signal 111885/130346 (executing program)
1970/01/01 00:07:55 fetching corpus: 1039, signal 113994/132860 (executing program)
1970/01/01 00:07:57 fetching corpus: 1089, signal 116194/135428 (executing program)
1970/01/01 00:08:00 fetching corpus: 1139, signal 117398/137173 (executing program)
1970/01/01 00:08:02 fetching corpus: 1189, signal 119072/139203 (executing program)
1970/01/01 00:08:05 fetching corpus: 1239, signal 120556/141128 (executing program)
1970/01/01 00:08:09 fetching corpus: 1289, signal 122120/143084 (executing program)
1970/01/01 00:08:12 fetching corpus: 1339, signal 124158/145345 (executing program)
1970/01/01 00:08:16 fetching corpus: 1389, signal 125698/147225 (executing program)
1970/01/01 00:08:20 fetching corpus: 1439, signal 127340/149138 (executing program)
1970/01/01 00:08:24 fetching corpus: 1489, signal 129941/151668 (executing program)
1970/01/01 00:08:27 fetching corpus: 1539, signal 131519/153423 (executing program)
1970/01/01 00:08:30 fetching corpus: 1589, signal 132626/154818 (executing program)
1970/01/01 00:08:33 fetching corpus: 1638, signal 135609/157436 (executing program)
1970/01/01 00:08:35 fetching corpus: 1688, signal 136718/158791 (executing program)
1970/01/01 00:08:38 fetching corpus: 1737, signal 139107/160968 (executing program)
1970/01/01 00:08:40 fetching corpus: 1787, signal 140254/162295 (executing program)
1970/01/01 00:08:43 fetching corpus: 1837, signal 141487/163624 (executing program)
1970/01/01 00:08:47 fetching corpus: 1886, signal 142458/164760 (executing program)
1970/01/01 00:08:49 fetching corpus: 1934, signal 143622/166041 (executing program)
1970/01/01 00:08:52 fetching corpus: 1984, signal 144989/167411 (executing program)
1970/01/01 00:08:54 fetching corpus: 2034, signal 146350/168736 (executing program)
1970/01/01 00:08:58 fetching corpus: 2084, signal 147750/170078 (executing program)
1970/01/01 00:09:02 fetching corpus: 2133, signal 148850/171214 (executing program)
1970/01/01 00:09:05 fetching corpus: 2182, signal 150137/172394 (executing program)
1970/01/01 00:09:07 fetching corpus: 2232, signal 151248/173530 (executing program)
1970/01/01 00:09:09 fetching corpus: 2282, signal 152007/174403 (executing program)
1970/01/01 00:09:12 fetching corpus: 2331, signal 153432/175614 (executing program)
1970/01/01 00:09:15 fetching corpus: 2381, signal 154167/176415 (executing program)
1970/01/01 00:09:17 fetching corpus: 2431, signal 154970/177255 (executing program)
1970/01/01 00:09:19 fetching corpus: 2480, signal 156249/178287 (executing program)
1970/01/01 00:09:22 fetching corpus: 2529, signal 157182/179232 (executing program)
1970/01/01 00:09:24 fetching corpus: 2579, signal 158116/180130 (executing program)
1970/01/01 00:09:27 fetching corpus: 2628, signal 159018/180941 (executing program)
1970/01/01 00:09:30 fetching corpus: 2678, signal 159792/181753 (executing program)
1970/01/01 00:09:33 fetching corpus: 2727, signal 160766/182578 (executing program)
1970/01/01 00:09:36 fetching corpus: 2777, signal 161950/183452 (executing program)
1970/01/01 00:09:38 fetching corpus: 2826, signal 162729/184127 (executing program)
1970/01/01 00:09:40 fetching corpus: 2876, signal 163795/184879 (executing program)
1970/01/01 00:09:44 fetching corpus: 2926, signal 164743/185618 (executing program)
1970/01/01 00:09:46 fetching corpus: 2975, signal 165397/186194 (executing program)
1970/01/01 00:09:49 fetching corpus: 3025, signal 166139/186770 (executing program)
1970/01/01 00:09:52 fetching corpus: 3074, signal 166817/187386 (executing program)
1970/01/01 00:09:54 fetching corpus: 3124, signal 167830/188062 (executing program)
1970/01/01 00:09:57 fetching corpus: 3174, signal 168696/188685 (executing program)
1970/01/01 00:10:00 fetching corpus: 3224, signal 169502/189261 (executing program)
1970/01/01 00:10:03 fetching corpus: 3271, signal 170462/189865 (executing program)
1970/01/01 00:10:06 fetching corpus: 3320, signal 171000/190322 (executing program)
1970/01/01 00:10:09 fetching corpus: 3370, signal 172179/190939 (executing program)
1970/01/01 00:10:12 fetching corpus: 3420, signal 172908/191421 (executing program)
1970/01/01 00:10:14 fetching corpus: 3469, signal 173554/191877 (executing program)
1970/01/01 00:10:17 fetching corpus: 3518, signal 174334/192340 (executing program)
1970/01/01 00:10:19 fetching corpus: 3568, signal 174963/192746 (executing program)
1970/01/01 00:10:22 fetching corpus: 3617, signal 175756/193234 (executing program)
1970/01/01 00:10:27 fetching corpus: 3666, signal 176484/193684 (executing program)
1970/01/01 00:10:30 fetching corpus: 3713, signal 177134/194054 (executing program)
1970/01/01 00:10:33 fetching corpus: 3763, signal 177805/194440 (executing program)
1970/01/01 00:10:35 fetching corpus: 3812, signal 178409/194795 (executing program)
1970/01/01 00:10:39 fetching corpus: 3861, signal 179119/195131 (executing program)
1970/01/01 00:10:42 fetching corpus: 3910, signal 180164/195515 (executing program)
1970/01/01 00:10:45 fetching corpus: 3960, signal 180830/195826 (executing program)
1970/01/01 00:10:47 fetching corpus: 4009, signal 181756/196174 (executing program)
1970/01/01 00:10:50 fetching corpus: 4058, signal 182712/196504 (executing program)
1970/01/01 00:10:53 fetching corpus: 4108, signal 183091/196748 (executing program)
1970/01/01 00:10:56 fetching corpus: 4158, signal 184233/197101 (executing program)
1970/01/01 00:10:59 fetching corpus: 4208, signal 184984/197373 (executing program)
1970/01/01 00:11:02 fetching corpus: 4258, signal 185547/197595 (executing program)
1970/01/01 00:11:04 fetching corpus: 4308, signal 185975/197775 (executing program)
1970/01/01 00:11:07 fetching corpus: 4358, signal 186795/198000 (executing program)
1970/01/01 00:11:12 fetching corpus: 4407, signal 187655/198204 (executing program)
1970/01/01 00:11:13 fetching corpus: 4456, signal 188097/198387 (executing program)
1970/01/01 00:11:15 fetching corpus: 4505, signal 188995/198562 (executing program)
1970/01/01 00:11:20 fetching corpus: 4554, signal 189798/198741 (executing program)
1970/01/01 00:11:22 fetching corpus: 4604, signal 190731/198923 (executing program)
1970/01/01 00:11:24 fetching corpus: 4652, signal 191367/199057 (executing program)
1970/01/01 00:11:27 fetching corpus: 4702, signal 191965/199168 (executing program)
1970/01/01 00:11:30 fetching corpus: 4752, signal 192629/199254 (executing program)
1970/01/01 00:11:32 fetching corpus: 4801, signal 193079/199338 (executing program)
1970/01/01 00:11:35 fetching corpus: 4851, signal 193461/199428 (executing program)
1970/01/01 00:11:37 fetching corpus: 4901, signal 193889/199483 (executing program)
1970/01/01 00:11:40 fetching corpus: 4951, signal 194411/199483 (executing program)
1970/01/01 00:11:43 fetching corpus: 5000, signal 195003/199483 (executing program)
1970/01/01 00:11:46 fetching corpus: 5049, signal 195525/199485 (executing program)
1970/01/01 00:11:47 fetching corpus: 5099, signal 195948/199504 (executing program)
1970/01/01 00:11:50 fetching corpus: 5149, signal 196660/199504 (executing program)
1970/01/01 00:11:52 fetching corpus: 5199, signal 197084/199504 (executing program)
1970/01/01 00:11:55 fetching corpus: 5239, signal 197547/199506 (executing program)
1970/01/01 00:11:55 fetching corpus: 5241, signal 197561/199506 (executing program)
1970/01/01 00:11:55 fetching corpus: 5241, signal 197561/199506 (executing program)
1970/01/01 00:14:10 starting 2 fuzzer processes
00:14:10 executing program 0:
r0 = memfd_secret(0x0)
ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000)
r1 = socket$rds(0x15, 0x5, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x894c, 0x0)

00:14:10 executing program 1:
r0 = syz_io_uring_setup(0x2a81, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x2, 0x0, 0x0)

[  883.443745][ T2063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  883.764429][ T2063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  886.482010][ T2062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  886.751212][ T2062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  901.062181][ T2062] device hsr_slave_0 entered promiscuous mode
[  901.122060][ T2062] device hsr_slave_1 entered promiscuous mode
[  901.951340][ T2063] device hsr_slave_0 entered promiscuous mode
[  901.988291][ T2063] device hsr_slave_1 entered promiscuous mode
[  902.020627][ T2063] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  902.069211][ T2063] Cannot create hsr debugfs directory
[  915.000977][ T2062] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  915.719493][ T2062] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  916.100520][ T2062] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  916.468499][ T2062] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  917.186715][ T2063] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  917.870275][ T2063] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  918.080074][ T2063] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  918.509584][ T2063] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  932.891638][ T2062] 8021q: adding VLAN 0 to HW filter on device bond0
[  933.366506][ T2063] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[  933.369997][ T2063] CPU: 0 PID: 2063 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  933.371289][ T2063] Hardware name: riscv-virtio,qemu (DT)
[  933.372271][ T2063] Call Trace:
[  933.374034][ T2063] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  933.376019][ T2063] [<ffffffff831668cc>] show_stack+0x34/0x40
[  933.377360][ T2063] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  933.378928][ T2063] [<ffffffff83175742>] dump_stack+0x1c/0x24
[  933.380359][ T2063] [<ffffffff83166fa8>] panic+0x24a/0x634
[  933.381641][ T2063] [<ffffffff831a688a>] schedule+0x0/0x14c
[  933.383277][ T2063] [<ffffffff831a6b00>] preempt_schedule_common+0x4e/0xde
[  933.385248][ T2063] [<ffffffff831a6bc4>] preempt_schedule+0x34/0x36
[  933.386685][ T2063] [<ffffffff831afd78>] _raw_spin_unlock_irqrestore+0x8c/0x98
[  933.388058][ T2063] [<ffffffff803a75e6>] pcpu_alloc+0x7ca/0x1278
[  933.389475][ T2063] [<ffffffff803a80bc>] __alloc_percpu_gfp+0x28/0x36
[  933.390918][ T2063] [<ffffffff82bd7c44>] fib_nh_common_init+0xa8/0x22e
[  933.392307][ T2063] [<ffffffff82bdbdf0>] fib_nh_init+0x6e/0x1fc
[  933.393908][ T2063] [<ffffffff82bdfbee>] fib_create_info+0x1dc4/0x2d8e
[  933.395243][ T2063] [<ffffffff82becedc>] fib_table_insert+0x1a0/0xebe
[  933.396561][ T2063] [<ffffffff82bd1222>] fib_magic+0x3f4/0x438
[  933.397962][ T2063] [<ffffffff82bd6178>] fib_add_ifaddr+0xd2/0x2e2
[  933.399155][ T2063] [<ffffffff82bd797e>] fib_inetaddr_event+0xfe/0x19e
[  933.400327][ T2063] [<ffffffff800aac84>] notifier_call_chain+0xb8/0x188
[  933.401598][ T2063] [<ffffffff800ab16c>] blocking_notifier_call_chain+0x50/0x78
[  933.403250][ T2063] [<ffffffff82baf09c>] __inet_insert_ifa+0x6ca/0x7e4
[  933.405148][ T2063] [<ffffffff82bb200c>] inet_rtm_newaddr+0x7c2/0xbc2
[  933.406504][ T2063] [<ffffffff8276b46c>] rtnetlink_rcv_msg+0x338/0x9a0
[  933.407940][ T2063] [<ffffffff8296ded2>] netlink_rcv_skb+0xf8/0x2be
[  933.409261][ T2063] [<ffffffff827624f4>] rtnetlink_rcv+0x26/0x30
[  933.410644][ T2063] [<ffffffff8296cbcc>] netlink_unicast+0x40e/0x5fe
[  933.412043][ T2063] [<ffffffff8296d29c>] netlink_sendmsg+0x4e0/0x994
[  933.413921][ T2063] [<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4
[  933.415386][ T2063] [<ffffffff826d7026>] __sys_sendto+0x1f2/0x2e0
[  933.416630][ T2063] [<ffffffff826d7152>] sys_sendto+0x3e/0x52
[  933.417973][ T2063] [<ffffffff80005716>] ret_from_syscall+0x0/0x2
[  933.419729][ T2063] SMP: stopping secondary CPUs
[  933.422259][ T2063] Rebooting in 86400 seconds..

VM DIAGNOSIS:
17:11:13  Registers:
info registers vcpu 0
 pc       ffffffff83166898
 mhartid  0000000000000000
 mstatus  00000000000000a0
 mip      0000000000000000
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000f97e
 sepc     ffffffff800bdb3e
 mcause   0000000000000009
 scause   8000000000000009
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff80123ae8 x2/sp ffffaf80204de410 x3/gp ffffffff85863ac0
 x4/tp ffffaf800eed9840 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef0409bc9c x7/t2 0000000000000000
 x8/s0 ffffaf80204de5c0 x9/s1 0000000000000000 x10/a0 0000000000000000 x11/a1 ffffaf800eeda840
 x12/a2 0000000000000002 x13/a3 ffffffff80123df4 x14/a4 0000000000000003 x15/a5 0000000000000000
 x16/a6 0000000000f00000 x17/a7 ffffaf80204de4e7 x18/s2 ffffaf80204de680 x19/s3 ffffaf80204de540
 x20/s4 000000000000080f x21/s5 00000000ffffe2d7 x22/s6 ffffaf80204de640 x23/s7 0000000000000002
 x24/s8 ffffffff84a88a00 x25/s9 ffffaf80204de688 x26/s10 ffffffff84a88a18 x27/s11 ffffaf80204de680
 x28/t3 1ffff5f00409bd08 x29/t4 fffff5ef0409bc9c x30/t5 fffff5ef0409bc9d x31/t6 ffffaf80204de4f8
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff801165d6
 mhartid  0000000000000001
 mstatus  00000000000001a0
 mip      00000000000000a0
 mie      000000000000020a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff800055d4
 sepc     ffffffff8000569e
 mcause   8000000000000007
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff801165c2 x2/sp ffffaf800c15fa40 x3/gp ffffffff85863ac0
 x4/tp ffffaf8009a8b080 x5/t0 0000000000046000 x6/t1 5f4e317ca905e800 x7/t2 00007fffdf5f5cd6
 x8/s0 ffffaf800c15fba0 x9/s1 ffffffff8343c840 x10/a0 ffffaf805a9e4840 x11/a1 0000000000000003
 x12/a2 1ffff5f00b53c908 x13/a3 ffffffff801165c2 x14/a4 0000000000000000 x15/a5 0000000000000120
 x16/a6 0000000000f00000 x17/a7 ffffffff8016f390 x18/s2 ffffffff86c1a620 x19/s3 ffffaf805a9e4840
 x20/s4 0000000000000000 x21/s5 ffffaf805a9e7418 x22/s6 0000000000000000 x23/s7 ffffaf8009a8b080
 x24/s8 ffffffff8016f390 x25/s9 ffffffff85889780 x26/s10 1ffff5f00182bf50 x27/s11 0000000000000000
 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f00182bf2c x31/t6 00007fffdf5f612e
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000