syzkaller login: [ 265.736087][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 265.814804][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 293.104418][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:26063' (ECDSA) to the list of known hosts. 1970/01/01 00:05:42 fuzzer started 1970/01/01 00:05:55 dialing manager at localhost:44711 [ 361.005694][ T2037] cgroup: Unknown subsys name 'net' [ 362.173601][ T2037] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:01 syscalls: 2918 1970/01/01 00:06:01 code coverage: enabled 1970/01/01 00:06:01 comparison tracing: ioctl(KCOV_DISABLE) failed: invalid argument 1970/01/01 00:06:01 extra coverage: enabled 1970/01/01 00:06:01 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:01 setuid sandbox: enabled 1970/01/01 00:06:01 namespace sandbox: enabled 1970/01/01 00:06:01 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:01 fault injection: enabled 1970/01/01 00:06:01 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:01 net packet injection: enabled 1970/01/01 00:06:01 net device setup: enabled 1970/01/01 00:06:01 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:01 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:01 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:01 USB emulation: enabled 1970/01/01 00:06:01 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:01 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:01 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:02 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:08 fetching corpus: 50, signal 37951/41094 (executing program) 1970/01/01 00:06:13 fetching corpus: 99, signal 51525/55818 (executing program) 1970/01/01 00:06:16 fetching corpus: 148, signal 58799/64211 (executing program) 1970/01/01 00:06:19 fetching corpus: 198, signal 64307/70801 (executing program) 1970/01/01 00:06:22 fetching corpus: 248, signal 71092/78388 (executing program) 1970/01/01 00:06:25 fetching corpus: 298, signal 76388/84473 (executing program) 1970/01/01 00:06:29 fetching corpus: 348, signal 81252/90093 (executing program) 1970/01/01 00:06:31 fetching corpus: 397, signal 86047/95491 (executing program) 1970/01/01 00:06:35 fetching corpus: 445, signal 91156/101082 (executing program) 1970/01/01 00:06:38 fetching corpus: 494, signal 96551/106725 (executing program) 1970/01/01 00:06:41 fetching corpus: 544, signal 99319/110041 (executing program) 1970/01/01 00:06:44 fetching corpus: 593, signal 101408/112670 (executing program) 1970/01/01 00:06:47 fetching corpus: 643, signal 103720/115569 (executing program) 1970/01/01 00:06:50 fetching corpus: 691, signal 105612/118020 (executing program) 1970/01/01 00:06:54 fetching corpus: 741, signal 108241/120965 (executing program) 1970/01/01 00:06:57 fetching corpus: 791, signal 110340/123451 (executing program) 1970/01/01 00:07:01 fetching corpus: 841, signal 112523/125948 (executing program) 1970/01/01 00:07:03 fetching corpus: 890, signal 113927/127790 (executing program) 1970/01/01 00:07:05 fetching corpus: 939, signal 116311/130289 (executing program) 1970/01/01 00:07:07 fetching corpus: 989, signal 117705/132073 (executing program) 1970/01/01 00:07:09 fetching corpus: 1038, signal 119520/134153 (executing program) 1970/01/01 00:07:12 fetching corpus: 1088, signal 122006/136668 (executing program) 1970/01/01 00:07:14 fetching corpus: 1137, signal 123405/138318 (executing program) 1970/01/01 00:07:17 fetching corpus: 1187, signal 125222/140291 (executing program) 1970/01/01 00:07:20 fetching corpus: 1237, signal 127235/142340 (executing program) 1970/01/01 00:07:22 fetching corpus: 1286, signal 129242/144329 (executing program) 1970/01/01 00:07:26 fetching corpus: 1336, signal 130826/145988 (executing program) 1970/01/01 00:07:29 fetching corpus: 1385, signal 132667/147815 (executing program) 1970/01/01 00:07:32 fetching corpus: 1433, signal 134080/149266 (executing program) 1970/01/01 00:07:35 fetching corpus: 1483, signal 135269/150533 (executing program) 1970/01/01 00:07:39 fetching corpus: 1533, signal 136876/152029 (executing program) 1970/01/01 00:07:42 fetching corpus: 1581, signal 138081/153230 (executing program) 1970/01/01 00:07:46 fetching corpus: 1631, signal 139313/154451 (executing program) 1970/01/01 00:07:50 fetching corpus: 1681, signal 140752/155792 (executing program) 1970/01/01 00:07:53 fetching corpus: 1730, signal 142277/157188 (executing program) 1970/01/01 00:07:56 fetching corpus: 1779, signal 143639/158447 (executing program) 1970/01/01 00:07:59 fetching corpus: 1829, signal 144809/159529 (executing program) 1970/01/01 00:08:01 fetching corpus: 1879, signal 146085/160639 (executing program) 1970/01/01 00:08:04 fetching corpus: 1929, signal 147591/161844 (executing program) 1970/01/01 00:08:07 fetching corpus: 1976, signal 149283/163163 (executing program) 1970/01/01 00:08:09 fetching corpus: 2026, signal 150259/163996 (executing program) 1970/01/01 00:08:12 fetching corpus: 2076, signal 150932/164690 (executing program) 1970/01/01 00:08:15 fetching corpus: 2126, signal 151853/165472 (executing program) 1970/01/01 00:08:17 fetching corpus: 2175, signal 152860/166273 (executing program) 1970/01/01 00:08:19 fetching corpus: 2225, signal 153962/167108 (executing program) 1970/01/01 00:08:21 fetching corpus: 2275, signal 155463/168137 (executing program) 1970/01/01 00:08:24 fetching corpus: 2325, signal 156403/168825 (executing program) 1970/01/01 00:08:26 fetching corpus: 2375, signal 157322/169492 (executing program) 1970/01/01 00:08:29 fetching corpus: 2425, signal 158545/170276 (executing program) 1970/01/01 00:08:32 fetching corpus: 2474, signal 159370/170873 (executing program) 1970/01/01 00:08:34 fetching corpus: 2524, signal 160443/171628 (executing program) 1970/01/01 00:08:36 fetching corpus: 2574, signal 161666/172311 (executing program) 1970/01/01 00:08:39 fetching corpus: 2624, signal 162751/172942 (executing program) 1970/01/01 00:08:41 fetching corpus: 2673, signal 163600/173482 (executing program) 1970/01/01 00:08:43 fetching corpus: 2723, signal 164899/174142 (executing program) 1970/01/01 00:08:46 fetching corpus: 2771, signal 165890/174687 (executing program) 1970/01/01 00:08:48 fetching corpus: 2821, signal 166549/175096 (executing program) 1970/01/01 00:08:51 fetching corpus: 2870, signal 167218/175478 (executing program) 1970/01/01 00:08:54 fetching corpus: 2920, signal 168441/176035 (executing program) 1970/01/01 00:08:56 fetching corpus: 2969, signal 169246/176417 (executing program) 1970/01/01 00:08:58 fetching corpus: 3019, signal 169787/176718 (executing program) 1970/01/01 00:09:01 fetching corpus: 3069, signal 170465/177037 (executing program) 1970/01/01 00:09:03 fetching corpus: 3119, signal 171209/177371 (executing program) 1970/01/01 00:09:06 fetching corpus: 3168, signal 172370/177813 (executing program) 1970/01/01 00:09:09 fetching corpus: 3217, signal 172906/178048 (executing program) 1970/01/01 00:09:13 fetching corpus: 3266, signal 174043/178427 (executing program) 1970/01/01 00:09:16 fetching corpus: 3316, signal 174866/178733 (executing program) 1970/01/01 00:09:19 fetching corpus: 3366, signal 175654/178958 (executing program) 1970/01/01 00:09:22 fetching corpus: 3414, signal 176285/179157 (executing program) 1970/01/01 00:09:24 fetching corpus: 3464, signal 176969/179337 (executing program) 1970/01/01 00:09:28 fetching corpus: 3514, signal 177725/179535 (executing program) 1970/01/01 00:09:29 fetching corpus: 3544, signal 178107/179640 (executing program) 1970/01/01 00:09:30 fetching corpus: 3545, signal 178110/179665 (executing program) 1970/01/01 00:09:30 fetching corpus: 3546, signal 178112/179681 (executing program) 1970/01/01 00:09:30 fetching corpus: 3546, signal 178112/179702 (executing program) 1970/01/01 00:09:30 fetching corpus: 3546, signal 178112/179724 (executing program) 1970/01/01 00:09:30 fetching corpus: 3546, signal 178112/179752 (executing program) 1970/01/01 00:09:30 fetching corpus: 3546, signal 178112/179769 (executing program) 1970/01/01 00:09:31 fetching corpus: 3546, signal 178112/179786 (executing program) 1970/01/01 00:09:31 fetching corpus: 3546, signal 178112/179809 (executing program) 1970/01/01 00:09:31 fetching corpus: 3546, signal 178112/179827 (executing program) 1970/01/01 00:09:31 fetching corpus: 3546, signal 178112/179850 (executing program) 1970/01/01 00:09:31 fetching corpus: 3546, signal 178112/179876 (executing program) 1970/01/01 00:09:31 fetching corpus: 3546, signal 178112/179900 (executing program) 1970/01/01 00:09:31 fetching corpus: 3546, signal 178112/179924 (executing program) 1970/01/01 00:09:32 fetching corpus: 3546, signal 178112/179946 (executing program) 1970/01/01 00:09:32 fetching corpus: 3546, signal 178112/179964 (executing program) 1970/01/01 00:09:32 fetching corpus: 3546, signal 178112/179991 (executing program) 1970/01/01 00:09:32 fetching corpus: 3546, signal 178112/180014 (executing program) 1970/01/01 00:09:32 fetching corpus: 3546, signal 178112/180014 (executing program) 1970/01/01 00:11:26 starting 2 fuzzer processes 00:11:26 executing program 0: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x62, &(0x7f0000002e00)={@local, @local, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "226ad6", 0x3, 0x3a, 0x0, @private2, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1}}}}}}, 0x0) 00:11:26 executing program 1: syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount(0x0, 0x0, &(0x7f00000000c0)='debugfs\x00', 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps_rollup\x00') renameat2(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_mcast\x00') read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020}, 0x2020) syz_mount_image$tmpfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps_rollup\x00') lseek(r0, 0x3, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) [ 715.144948][ T2050] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 715.147005][ T2050] CPU: 0 PID: 2050 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 715.150114][ T2050] Hardware name: riscv-virtio,qemu (DT) [ 715.152122][ T2050] Call Trace: [ 715.153084][ T2050] [] dump_backtrace+0x2e/0x3c [ 715.154460][ T2050] [] show_stack+0x34/0x40 [ 715.155624][ T2050] [] dump_stack_lvl+0xe4/0x150 [ 715.156946][ T2050] [] dump_stack+0x1c/0x24 [ 715.158676][ T2050] [] panic+0x24a/0x634 [ 715.160268][ T2050] [] schedule+0x0/0x14c [ 715.161686][ T2050] [] preempt_schedule_common+0x4e/0xde [ 715.163117][ T2050] [] preempt_schedule+0x34/0x36 [ 715.164426][ T2050] [] __kernfs_new_node+0x5e8/0x5f2 [ 715.166301][ T2050] [] kernfs_new_node+0x66/0xbe [ 715.167780][ T2050] [] __kernfs_create_file+0x4e/0x1e8 [ 715.169535][ T2050] [] sysfs_add_file_mode_ns+0x138/0x254 [ 715.171751][ T2050] [] internal_create_group+0x274/0x722 [ 715.173060][ T2050] [] internal_create_groups.part.0+0x64/0xe8 [ 715.174442][ T2050] [] sysfs_create_groups+0x2c/0x48 [ 715.175694][ T2050] [] device_add+0x656/0x129e [ 715.177015][ T2050] [] netdev_register_kobject+0xcc/0x208 [ 715.179280][ T2050] [] register_netdevice+0x8ee/0xc6a [ 715.180678][ T2050] [] veth_newlink+0x30e/0x7dc [ 715.181943][ T2050] [] __rtnl_newlink+0xc16/0xfa0 [ 715.183197][ T2050] [] rtnl_newlink+0x60/0x8c [ 715.184430][ T2050] [] rtnetlink_rcv_msg+0x338/0x9a0 [ 715.185758][ T2050] [] netlink_rcv_skb+0xf8/0x2be [ 715.186981][ T2050] [] rtnetlink_rcv+0x26/0x30 [ 715.188649][ T2050] [] netlink_unicast+0x40e/0x5fe [ 715.190542][ T2050] [] netlink_sendmsg+0x4e0/0x994 [ 715.191716][ T2050] [] sock_sendmsg+0xa0/0xc4 [ 715.192988][ T2050] [] __sys_sendto+0x1f2/0x2e0 [ 715.194153][ T2050] [] sys_sendto+0x3e/0x52 [ 715.195349][ T2050] [] ret_from_syscall+0x0/0x2 [ 715.196983][ T2050] SMP: stopping secondary CPUs [ 715.201000][ T2050] Rebooting in 86400 seconds.. VM DIAGNOSIS: 21:03:21 Registers: info registers vcpu 0 pc ffffffff8010b22c mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80c2de22 sepc ffffffff8010b26a mcause 8000000000000007 scause 8000000000000001 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf800f139f10 x3/gp ffffffff85863ac0 x4/tp ffffaf800a14b080 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef01e273e8 x7/t2 0000000000000000 x8/s0 ffffaf800f139f20 x9/s1 0000000000001000 x10/a0 0000000000000020 x11/a1 ffffffffffffffff x12/a2 1ffff5f001429611 x13/a3 ffffffff80146d84 x14/a4 0000000000000004 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffaf800f139f47 x18/s2 ffffaf800f13a040 x19/s3 ffffffff84b73ec0 x20/s4 0000000000000000 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 ffffffff8588c3e0 x24/s8 ffffffff86c1a620 x25/s9 1ffff5f001e273f8 x26/s10 ffffffff84a88600 x27/s11 ffffffff8012183e x28/t3 fffffffff3f3f300 x29/t4 fffff5ef01e273e8 x30/t5 fffff5ef01e273e9 x31/t6 ffffaf800f139f58 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80115baa mhartid 0000000000000001 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff82b1d044 sepc ffffffff82b1d044 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80115b96 x2/sp ffffaf800cc03000 x3/gp ffffffff85863ac0 x4/tp ffffaf800eddc8c0 x5/t0 0000000000046000 x6/t1 0cf7e98620147d00 x7/t2 c54c5181a7fe2518 x8/s0 ffffaf800cc03120 x9/s1 ffffffff8343c840 x10/a0 ffffaf805a9e4840 x11/a1 0000000000000003 x12/a2 1ffff5f00b53c908 x13/a3 ffffffff80115b96 x14/a4 0000000000000000 x15/a5 0000000000000120 x16/a6 0000000000f00000 x17/a7 ffffffff80b09d26 x18/s2 ffffaf805a9e4840 x19/s3 ffffaf800eddc8c0 x20/s4 ffffaf800eddd2d8 x21/s5 2eeee3e4b86b5a4f x22/s6 ffffffff86c1a620 x23/s7 0000000000000003 x24/s8 ffffffff85889780 x25/s9 1ffff5f001980604 x26/s10 0000000000000002 x27/s11 ffffaf800eddd8c0 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0019805d0 x31/t6 0000000000040000 f0/ft0 0000000000000000 f1/ft1 40c3835959893bae f2/ft2 417513ad80000000 f3/ft3 413e83b800000000 f4/ft4 41024b2800000000 f5/ft5 4039b35004723c46 f6/ft6 3fe10086327b5c83 f7/ft7 3facd52ff4829500 f8/fs0 3ff0fdd6592d2488 f9/fs1 3f69dd797f246900 f10/fa0 3fab1db2d357884f f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000