syzkaller login: [ 259.881587][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 259.924904][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 269.475763][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:25324' (ECDSA) to the list of known hosts. 1970/01/01 00:05:27 fuzzer started 1970/01/01 00:05:40 dialing manager at localhost:36497 [ 347.410365][ T2032] cgroup: Unknown subsys name 'net' [ 348.418316][ T2032] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:47 syscalls: 2918 1970/01/01 00:05:48 code coverage: enabled 1970/01/01 00:05:48 comparison tracing: enabled 1970/01/01 00:05:48 extra coverage: enabled 1970/01/01 00:05:48 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:48 setuid sandbox: enabled 1970/01/01 00:05:48 namespace sandbox: enabled 1970/01/01 00:05:48 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:48 fault injection: enabled 1970/01/01 00:05:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:48 net packet injection: enabled 1970/01/01 00:05:48 net device setup: enabled 1970/01/01 00:05:48 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:48 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:48 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:05:48 USB emulation: enabled 1970/01/01 00:05:48 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:48 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:48 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:48 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:05:53 fetching corpus: 50, signal 40374/43707 (executing program) 1970/01/01 00:05:58 fetching corpus: 100, signal 50317/55030 (executing program) 1970/01/01 00:06:03 fetching corpus: 150, signal 60016/65970 (executing program) 1970/01/01 00:06:05 fetching corpus: 200, signal 65324/72521 (executing program) 1970/01/01 00:06:07 fetching corpus: 249, signal 71256/79595 (executing program) 1970/01/01 00:06:10 fetching corpus: 299, signal 75993/85476 (executing program) 1970/01/01 00:06:12 fetching corpus: 349, signal 79306/89906 (executing program) 1970/01/01 00:06:14 fetching corpus: 398, signal 82280/93948 (executing program) 1970/01/01 00:06:17 fetching corpus: 448, signal 85567/98189 (executing program) 1970/01/01 00:06:19 fetching corpus: 497, signal 90086/103556 (executing program) 1970/01/01 00:06:24 fetching corpus: 547, signal 93552/107878 (executing program) 1970/01/01 00:06:26 fetching corpus: 596, signal 95754/111024 (executing program) 1970/01/01 00:06:28 fetching corpus: 646, signal 100327/116173 (executing program) 1970/01/01 00:06:31 fetching corpus: 696, signal 103324/119907 (executing program) 1970/01/01 00:06:33 fetching corpus: 746, signal 105026/122470 (executing program) 1970/01/01 00:06:37 fetching corpus: 796, signal 106829/125080 (executing program) 1970/01/01 00:06:41 fetching corpus: 844, signal 109019/128017 (executing program) 1970/01/01 00:06:44 fetching corpus: 894, signal 110627/130399 (executing program) 1970/01/01 00:06:48 fetching corpus: 944, signal 112911/133356 (executing program) 1970/01/01 00:06:51 fetching corpus: 993, signal 116276/137085 (executing program) 1970/01/01 00:06:53 fetching corpus: 1043, signal 118594/140003 (executing program) 1970/01/01 00:06:55 fetching corpus: 1093, signal 121166/143050 (executing program) 1970/01/01 00:06:58 fetching corpus: 1143, signal 123208/145577 (executing program) 1970/01/01 00:07:01 fetching corpus: 1193, signal 125167/148070 (executing program) 1970/01/01 00:07:03 fetching corpus: 1243, signal 126481/150007 (executing program) 1970/01/01 00:07:05 fetching corpus: 1292, signal 127743/151862 (executing program) 1970/01/01 00:07:08 fetching corpus: 1342, signal 129876/154435 (executing program) 1970/01/01 00:07:11 fetching corpus: 1392, signal 131526/156578 (executing program) 1970/01/01 00:07:14 fetching corpus: 1442, signal 133484/158866 (executing program) 1970/01/01 00:07:16 fetching corpus: 1492, signal 135539/161171 (executing program) 1970/01/01 00:07:19 fetching corpus: 1542, signal 136891/163014 (executing program) 1970/01/01 00:07:22 fetching corpus: 1592, signal 138220/164797 (executing program) 1970/01/01 00:07:24 fetching corpus: 1642, signal 139328/166376 (executing program) 1970/01/01 00:07:27 fetching corpus: 1692, signal 140397/167924 (executing program) 1970/01/01 00:07:28 fetching corpus: 1742, signal 141689/169584 (executing program) 1970/01/01 00:07:31 fetching corpus: 1792, signal 142540/170906 (executing program) 1970/01/01 00:07:33 fetching corpus: 1842, signal 143840/172577 (executing program) 1970/01/01 00:07:35 fetching corpus: 1892, signal 145157/174221 (executing program) 1970/01/01 00:07:37 fetching corpus: 1942, signal 146295/175685 (executing program) 1970/01/01 00:07:40 fetching corpus: 1992, signal 147408/177193 (executing program) 1970/01/01 00:07:42 fetching corpus: 2042, signal 148377/178557 (executing program) 1970/01/01 00:07:46 fetching corpus: 2092, signal 150222/180456 (executing program) 1970/01/01 00:07:49 fetching corpus: 2142, signal 151276/181802 (executing program) 1970/01/01 00:07:52 fetching corpus: 2192, signal 153010/183559 (executing program) 1970/01/01 00:07:54 fetching corpus: 2242, signal 154079/184875 (executing program) 1970/01/01 00:07:58 fetching corpus: 2292, signal 155407/186342 (executing program) 1970/01/01 00:08:01 fetching corpus: 2342, signal 156843/187815 (executing program) 1970/01/01 00:08:05 fetching corpus: 2392, signal 157692/189003 (executing program) 1970/01/01 00:08:07 fetching corpus: 2442, signal 158486/190090 (executing program) 1970/01/01 00:08:09 fetching corpus: 2492, signal 160721/191962 (executing program) 1970/01/01 00:08:12 fetching corpus: 2541, signal 161769/193200 (executing program) 1970/01/01 00:08:14 fetching corpus: 2589, signal 162643/194302 (executing program) 1970/01/01 00:08:17 fetching corpus: 2639, signal 163747/195472 (executing program) 1970/01/01 00:08:18 fetching corpus: 2689, signal 164604/196507 (executing program) 1970/01/01 00:08:21 fetching corpus: 2739, signal 165385/197463 (executing program) 1970/01/01 00:08:23 fetching corpus: 2789, signal 166391/198525 (executing program) 1970/01/01 00:08:26 fetching corpus: 2839, signal 167416/199618 (executing program) 1970/01/01 00:08:29 fetching corpus: 2888, signal 168280/200608 (executing program) 1970/01/01 00:08:31 fetching corpus: 2938, signal 169149/201569 (executing program) 1970/01/01 00:08:34 fetching corpus: 2987, signal 169791/202426 (executing program) 1970/01/01 00:08:36 fetching corpus: 3037, signal 170470/203232 (executing program) 1970/01/01 00:08:38 fetching corpus: 3087, signal 171331/204165 (executing program) 1970/01/01 00:08:40 fetching corpus: 3137, signal 172069/205020 (executing program) 1970/01/01 00:08:42 fetching corpus: 3187, signal 172739/205818 (executing program) 1970/01/01 00:08:45 fetching corpus: 3237, signal 173884/206771 (executing program) 1970/01/01 00:08:47 fetching corpus: 3287, signal 174624/207649 (executing program) 1970/01/01 00:08:50 fetching corpus: 3337, signal 175322/208430 (executing program) 1970/01/01 00:08:52 fetching corpus: 3387, signal 176138/209260 (executing program) 1970/01/01 00:08:53 fetching corpus: 3436, signal 176774/209989 (executing program) 1970/01/01 00:08:55 fetching corpus: 3486, signal 177692/210853 (executing program) 1970/01/01 00:08:57 fetching corpus: 3534, signal 178542/211618 (executing program) 1970/01/01 00:09:00 fetching corpus: 3584, signal 179382/212391 (executing program) 1970/01/01 00:09:04 fetching corpus: 3634, signal 180185/213126 (executing program) 1970/01/01 00:09:07 fetching corpus: 3684, signal 180739/213766 (executing program) 1970/01/01 00:09:11 fetching corpus: 3734, signal 181539/214523 (executing program) 1970/01/01 00:09:14 fetching corpus: 3784, signal 182529/215300 (executing program) 1970/01/01 00:09:15 fetching corpus: 3834, signal 183162/215934 (executing program) 1970/01/01 00:09:17 fetching corpus: 3884, signal 183935/216566 (executing program) 1970/01/01 00:09:21 fetching corpus: 3934, signal 184642/217199 (executing program) 1970/01/01 00:09:25 fetching corpus: 3982, signal 185434/217819 (executing program) 1970/01/01 00:09:26 fetching corpus: 4032, signal 185868/218316 (executing program) 1970/01/01 00:09:29 fetching corpus: 4082, signal 186516/218916 (executing program) 1970/01/01 00:09:31 fetching corpus: 4131, signal 187184/219509 (executing program) 1970/01/01 00:09:34 fetching corpus: 4181, signal 187940/220106 (executing program) 1970/01/01 00:09:36 fetching corpus: 4231, signal 188620/220663 (executing program) 1970/01/01 00:09:38 fetching corpus: 4280, signal 189159/221212 (executing program) 1970/01/01 00:09:41 fetching corpus: 4330, signal 189668/221689 (executing program) 1970/01/01 00:09:43 fetching corpus: 4380, signal 190310/222206 (executing program) 1970/01/01 00:09:46 fetching corpus: 4430, signal 191003/222717 (executing program) 1970/01/01 00:09:48 fetching corpus: 4480, signal 191555/223201 (executing program) 1970/01/01 00:09:49 fetching corpus: 4530, signal 192034/223627 (executing program) 1970/01/01 00:09:52 fetching corpus: 4580, signal 192666/224120 (executing program) 1970/01/01 00:09:54 fetching corpus: 4629, signal 193294/224549 (executing program) 1970/01/01 00:09:56 fetching corpus: 4678, signal 193735/224973 (executing program) 1970/01/01 00:09:59 fetching corpus: 4728, signal 194370/225395 (executing program) 1970/01/01 00:10:01 fetching corpus: 4776, signal 194916/225794 (executing program) 1970/01/01 00:10:02 fetching corpus: 4826, signal 195404/226146 (executing program) 1970/01/01 00:10:05 fetching corpus: 4876, signal 195867/226515 (executing program) 1970/01/01 00:10:08 fetching corpus: 4926, signal 196302/226897 (executing program) 1970/01/01 00:10:11 fetching corpus: 4976, signal 196975/227313 (executing program) 1970/01/01 00:10:15 fetching corpus: 5026, signal 197487/227705 (executing program) 1970/01/01 00:10:17 fetching corpus: 5075, signal 198454/228140 (executing program) 1970/01/01 00:10:19 fetching corpus: 5125, signal 199009/228493 (executing program) 1970/01/01 00:10:22 fetching corpus: 5175, signal 199619/228833 (executing program) 1970/01/01 00:10:25 fetching corpus: 5225, signal 200103/229155 (executing program) 1970/01/01 00:10:28 fetching corpus: 5275, signal 200613/229470 (executing program) 1970/01/01 00:10:29 fetching corpus: 5325, signal 201267/229785 (executing program) 1970/01/01 00:10:32 fetching corpus: 5375, signal 201747/230082 (executing program) 1970/01/01 00:10:34 fetching corpus: 5425, signal 202204/230406 (executing program) 1970/01/01 00:10:36 fetching corpus: 5474, signal 202697/230680 (executing program) 1970/01/01 00:10:38 fetching corpus: 5524, signal 203208/230956 (executing program) 1970/01/01 00:10:42 fetching corpus: 5574, signal 203902/231226 (executing program) 1970/01/01 00:10:44 fetching corpus: 5624, signal 204501/231577 (executing program) 1970/01/01 00:10:47 fetching corpus: 5674, signal 205193/231823 (executing program) 1970/01/01 00:10:50 fetching corpus: 5724, signal 205561/232039 (executing program) 1970/01/01 00:10:53 fetching corpus: 5774, signal 206058/232054 (executing program) 1970/01/01 00:10:55 fetching corpus: 5824, signal 206832/232054 (executing program) 1970/01/01 00:10:58 fetching corpus: 5873, signal 207299/232056 (executing program) 1970/01/01 00:10:59 fetching corpus: 5923, signal 207645/232056 (executing program) 1970/01/01 00:11:03 fetching corpus: 5973, signal 208225/232056 (executing program) 1970/01/01 00:11:06 fetching corpus: 6023, signal 208732/232056 (executing program) 1970/01/01 00:11:08 fetching corpus: 6073, signal 209241/232056 (executing program) 1970/01/01 00:11:11 fetching corpus: 6123, signal 209771/232071 (executing program) 1970/01/01 00:11:13 fetching corpus: 6172, signal 210162/232071 (executing program) 1970/01/01 00:11:16 fetching corpus: 6222, signal 210730/232073 (executing program) 1970/01/01 00:11:19 fetching corpus: 6271, signal 211044/232098 (executing program) 1970/01/01 00:11:21 fetching corpus: 6321, signal 212181/232098 (executing program) 1970/01/01 00:11:23 fetching corpus: 6371, signal 212765/232098 (executing program) 1970/01/01 00:11:27 fetching corpus: 6421, signal 213237/232098 (executing program) 1970/01/01 00:11:30 fetching corpus: 6471, signal 213710/232113 (executing program) 1970/01/01 00:11:32 fetching corpus: 6521, signal 214247/232114 (executing program) 1970/01/01 00:11:34 fetching corpus: 6571, signal 214633/232114 (executing program) 1970/01/01 00:11:36 fetching corpus: 6621, signal 215165/232114 (executing program) 1970/01/01 00:11:38 fetching corpus: 6671, signal 215683/232114 (executing program) 1970/01/01 00:11:41 fetching corpus: 6720, signal 216152/232123 (executing program) 1970/01/01 00:11:45 fetching corpus: 6769, signal 216694/232123 (executing program) 1970/01/01 00:11:47 fetching corpus: 6819, signal 217092/232123 (executing program) 1970/01/01 00:11:50 fetching corpus: 6869, signal 217515/232123 (executing program) 1970/01/01 00:11:52 fetching corpus: 6919, signal 218022/232124 (executing program) 1970/01/01 00:11:54 fetching corpus: 6969, signal 218745/232147 (executing program) 1970/01/01 00:11:57 fetching corpus: 7019, signal 219353/232147 (executing program) 1970/01/01 00:12:00 fetching corpus: 7069, signal 219811/232147 (executing program) 1970/01/01 00:12:04 fetching corpus: 7118, signal 220315/232147 (executing program) 1970/01/01 00:12:06 fetching corpus: 7167, signal 220605/232147 (executing program) 1970/01/01 00:12:08 fetching corpus: 7217, signal 220972/232153 (executing program) 1970/01/01 00:12:10 fetching corpus: 7266, signal 221371/232153 (executing program) 1970/01/01 00:12:13 fetching corpus: 7316, signal 221867/232153 (executing program) 1970/01/01 00:12:17 fetching corpus: 7366, signal 222424/232153 (executing program) 1970/01/01 00:12:21 fetching corpus: 7416, signal 222863/232163 (executing program) 1970/01/01 00:12:23 fetching corpus: 7466, signal 223253/232164 (executing program) 1970/01/01 00:12:25 fetching corpus: 7515, signal 223577/232171 (executing program) 1970/01/01 00:12:28 fetching corpus: 7565, signal 224101/232171 (executing program) 1970/01/01 00:12:30 fetching corpus: 7614, signal 224583/232201 (executing program) 1970/01/01 00:12:33 fetching corpus: 7664, signal 225001/232201 (executing program) 1970/01/01 00:12:35 fetching corpus: 7714, signal 225563/232201 (executing program) 1970/01/01 00:12:38 fetching corpus: 7763, signal 225885/232201 (executing program) 1970/01/01 00:12:41 fetching corpus: 7813, signal 226239/232202 (executing program) 1970/01/01 00:12:43 fetching corpus: 7861, signal 226551/232202 (executing program) 1970/01/01 00:12:45 fetching corpus: 7910, signal 227819/232202 (executing program) 1970/01/01 00:12:48 fetching corpus: 7960, signal 228224/232203 (executing program) 1970/01/01 00:12:50 fetching corpus: 8010, signal 228706/232211 (executing program) 1970/01/01 00:12:53 fetching corpus: 8059, signal 229058/232211 (executing program) 1970/01/01 00:12:56 fetching corpus: 8109, signal 229514/232219 (executing program) 1970/01/01 00:12:56 fetching corpus: 8121, signal 229553/232239 (executing program) 1970/01/01 00:12:57 fetching corpus: 8121, signal 229553/232239 (executing program) 1970/01/01 00:15:09 starting 2 fuzzer processes 00:15:09 executing program 0: r0 = syz_io_uring_setup(0x1730, &(0x7f00000000c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000040), &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x10, 0x0, 0x0) 00:15:09 executing program 1: futex(&(0x7f0000000000), 0x8b, 0x0, 0x0, 0x0, 0x0) [ 936.024245][ T2052] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 936.860533][ T2052] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 937.002724][ T2050] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 937.529849][ T2050] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 949.435986][ T2052] device hsr_slave_0 entered promiscuous mode [ 949.464761][ T2052] device hsr_slave_1 entered promiscuous mode [ 950.035429][ T2050] device hsr_slave_0 entered promiscuous mode [ 950.066109][ T2050] device hsr_slave_1 entered promiscuous mode [ 950.091308][ T2050] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 950.095732][ T2050] Cannot create hsr debugfs directory [ 959.916203][ T2052] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 960.193059][ T2052] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 960.405211][ T2052] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 960.811456][ T2052] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 962.465378][ T2050] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 962.673368][ T2050] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 963.035403][ T2050] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 963.160650][ T2050] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 982.480720][ T2052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 984.219987][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 984.325776][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 985.092584][ T2050] 8021q: adding VLAN 0 to HW filter on device bond0 [ 986.194594][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 986.312083][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 997.654987][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 997.788514][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 998.209789][ T2305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 998.259340][ T2305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 999.752881][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 999.853305][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 999.925885][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 999.979007][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1000.032613][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1000.051977][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1000.385850][ T2117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1001.145660][ T2305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1002.193825][ T2052] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1002.195732][ T2052] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1002.393674][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1002.472351][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1002.554284][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1002.604905][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1002.799295][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1003.252956][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1003.364555][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1003.961672][ T2050] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1004.401476][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1004.579169][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1009.973697][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1010.029508][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1011.798532][ T2117] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1011.802569][ T2117] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1029.380582][ T2305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1029.452248][ T2305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1031.195106][ T2117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1031.294492][ T2117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1038.878676][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1038.962758][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1039.071820][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1039.123879][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1039.313269][ T2052] device veth0_vlan entered promiscuous mode [ 1039.780935][ T2052] device veth1_vlan entered promiscuous mode [ 1040.840757][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1040.891951][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1040.999417][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1041.052435][ T2107] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1041.224311][ T2050] device veth0_vlan entered promiscuous mode [ 1041.915679][ T2305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1041.985450][ T2305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1042.155071][ T2050] device veth1_vlan entered promiscuous mode [ 1042.485191][ T2052] device veth0_macvtap entered promiscuous mode [ 1042.915211][ T2305] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1043.058389][ T2052] device veth1_macvtap entered promiscuous mode [ 1045.022930][ T2050] device veth0_macvtap entered promiscuous mode [ 1045.050837][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1045.110041][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1045.150262][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1045.184493][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1045.205302][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1045.224370][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1045.294054][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1045.404001][ T2052] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1045.408214][ T2052] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1045.409547][ T2052] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1045.410864][ T2052] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1045.714955][ T2050] device veth1_macvtap entered promiscuous mode [ 1047.548530][ T2305] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1047.604185][ T2305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1048.064800][ T2305] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1048.122334][ T2305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1048.404235][ T2050] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1048.406116][ T2050] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1048.409266][ T2050] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1048.410916][ T2050] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:17:34 executing program 1: futex(&(0x7f0000000000), 0x8b, 0x0, 0x0, 0x0, 0x0) 00:17:35 executing program 0: r0 = syz_io_uring_setup(0x1730, &(0x7f00000000c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000040), &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x10, 0x0, 0x0) 00:17:40 executing program 0: r0 = syz_io_uring_setup(0x1730, &(0x7f00000000c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000040), &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x10, 0x0, 0x0) 00:17:41 executing program 1: futex(&(0x7f0000000000), 0x8b, 0x0, 0x0, 0x0, 0x0) 00:17:43 executing program 0: r0 = syz_io_uring_setup(0x1730, &(0x7f00000000c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000040), &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x10, 0x0, 0x0) 00:17:46 executing program 1: futex(&(0x7f0000000000), 0x8b, 0x0, 0x0, 0x0, 0x0) 00:17:47 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000003840)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha1\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) recvfrom$l2tp(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 00:17:51 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000003840)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha1\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) recvfrom$l2tp(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 00:17:53 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000003840)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha1\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) recvfrom$l2tp(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 00:17:56 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000003840)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha1\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) recvfrom$l2tp(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 00:17:56 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000003840)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha1\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) recvfrom$l2tp(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 00:18:01 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000003840)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha1\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) recvfrom$l2tp(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 00:18:02 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000003840)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha1\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) recvfrom$l2tp(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 00:18:10 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000004a40)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, &(0x7f0000000040)=[{&(0x7f00000000c0)="0ee0f0fcf3cef256180b8b80e61e80ae9051249e1339ae6d1959ee9ca75d980134b420d4f4048b9ea5e6aa456b7f249df329ca46221bb6139d17ba8bcdd3d96423bde9f0e0af8dfeb73164d45a66ad2227c76a71b4ebc0018bd28d3846754365d82ec91afa397dba867a08bf575b689a02306ba3e9d8d70f23a7169668b23bb56eed6e8c20a83c6bee9871ddd74cf901a9fd9d5f2cbab841e8b8cd43169831a29bb2a376082b0566f266b06556a486462c05f8ba9ce567383ba6fc2aef8043ee8d929683cde103e020c816b055580fe04f63aadabfbec2c9e8a4e15c9439883ae94e746ebe4ca0113705eefc5515fa4e347139f19dbd9dab067e346275d88c053f8452f4d1c7de5ea140f477df1bf070af5f554b25f91aaee9a2eca877c5435b552f59d626beade6fa62f3476ef18eff6ddde4bc24ba7ded45d7dd810ca3ad3448e7fcd144721df5142dbae8f9f608cae090866002699314e4893666078007d91fe8dbd05e55a015dc50d2a29808f9fc2259b85e33226b7c46be875a3085e9f85b17e8f828e7d4242528f603ba3ff5169ba68d115b738fc227cc205d21c1cfe84c11c5cb26c42dd8eb94242dea9a87e1f76353712efed05cacf47d2917cc29247b4aec1ea6698e41ea9ec78e776618d3f2d7a92218c071208c51bf08df7feb852e6eb34b4edf963aefd362986a788f64e060f82a55a79dd301245c41ddb39d5f3c74f90bba21788b4c63b93a2f217a956e5fb97d209779796f88993a0cadc4bdf326c85c2a6ac9fff2a1f8bc21c5a59046fb5f4599f638396e237f872e5e3521864eac421af712ad5f71ddfb280daf942f8c0fc586ea2f39a95374c554f72817aad08d7a2ff4bfac1f70091d84882f982b4487ef0a0dc3b96ecbec7aff300a2eb0432ead63bec11162f104f3da5522dd22265d0a13defa713be0b4c3d793a419d384976ec1e87146f38ca17ac3cfe4f6afb6837ab6e7c6b8aa78cc6ba32d005f10c07d4eaaabb856d6b4b4d58580672b55e7edd5f77e78b2e800352f41b31b86c16163cacb552c60b9fe2e9755d8819582cbcddf0606217ef3bd1778319c1b2a1783d600555a0d9039b289b3e663f9c964352f95f1215ab332488ea8bb7310072804e3865e247899428638ef921b8e14209d01881bed34b2a3d4fe8cf5aaff8fdfba691e923a07703e5c20d49d29ac6993bf404a00b7a3192b94d352d3b513ef198281e08c6548d1799eca53e04567d876001cb2734aa2a84f0c1881e2c8e384c7841badadb7f3be1c62135b6c8d30770b94005268e1ac06e94072119788896bc51ef8a17c31d30f9ff6c8adb9df5e84a95ae599d755fc56d02af3a9fbcba804df8a87e1cf56fca2087d1a65739c2923b8c91fb0701627ff155e0fe45a6f78c3423ddf16bdcba29ddadf04f06f36c9b72d4f72bf3d5a17542dd95b505925c1cea74796f3a433de0c1217eb0113b87e138e6bf405fe26b6b984b7dca17f0f8875145054d6fe80624452f9d7050ed44603ded227fb47d04405eb028f176e7ea1bc82d4e94f68b1282385066c6805850fe0efd7e5bec5300d09949a9efd883a88e9de8ccbfa6c7842ef7ce4ce03744e4a814ed3ffa17806dfb85a12d8d600a5025bff3f5d471d3c49954a47c93a4687592a8027cab5a3e6f062e29be941b9a1afb6c6b8d71a4a7a8e0b77c63b9b1e461db9f7d4e37e8cac6a7d6213bc1ca5e2f7095536d4148e97021cc7da4777312a64d349667a92ee93106b6ef5f719967ecad966e676836f31278af01a51ea397c4c9ae9a047f3f4b83dde7d8ea3dc84134f9d3cc4bd34a7afa00be0ce541f1f3d1c71852ac24ddb6aec8985df828e2e13178ed40bb99eb1b77c8d6e398c6121e63bde5d02264b5477324a45872918b82a5a0864429cf2507330fd031a99e4f0f01423874fb4ef5589301be19c7f9d0421b02663c6d83b19d2c047bb1e4d84618204ed1e0e22bc1bc62c74380b8d8a7785557285315a5ec5f0a0213e92016bf28eb923f900c7783451eeed6948d4bee5461738e5ea455defab562fbf0270866a660b42760603d8d1ed94b99f4b180f503136363b78b570e4d57ee41c2d679d610dbb6d0971e9475f30405129e05b293f15af2b586514284ae2512ccd815063a6c6f5d66e6639de641b3810cb632be872c2e711b9e142c425c8c7ddd5463c5cbbe298f9f7215d9589a4067135d3774feac842fbfc0c0c92a4d70df5069f45f62b5736cf57f4bc2ab5d9b692eb7e1de6d19aaa7e1b3d18e416f6150c2a4a78984f81e28757d701da4c68c75dd75f6af30ab2bebb6b1e43582234964333cc9e925683343e9158ccd761d08c45fe98bfcc94e9f7183e72e4203d7e0b7e6d10109c5ebe883444ac2da12f0af68b24cdaa70ea934b3cf8e24f2f2a5d7574f3d6b0d944f4260610caa80a8dfdb5ebc95e00f8c0f34feacf4201705114dd119d6e4f8d5d9bb284093b1a2d76c38dd8f6f50468426468baac67b80684a9c68a99f21aa1b1993f2f53221ab80e3b4533c8b6c30a05567dbc8f46818359f227afd707ff4a2f907cdfe69d60cf7190452af09163e23fb3eced30cb36eb2d8bc1cd4b7c4ba97a4e9b8b61769ffb25b5427beafdb9db74f6319db6ce772b5bdc64a7ac3c6857631d35941e63310d9c54d4939bcd26fcac9f1f1e4c150ba989ed73a82c2b7e8930262343e52e6c1ec20fbd1b23b55bcca56d11094a4bf77d8ede5dfa7f8bf9e0b3cfc8551b65bd38986fc951069629c8c7b9c6ec77e19f7e155f08faa5beb29b60feb7d38bacd1a5b85a7857117274b5faf51b89cde806c2dd4e44710916e3617ac4e16ef8f1ff1d367d89151c2af9c612b30e38b66399df1e16e5cc6bf761f7f6fc8861ba74dfed58729630d36db100e7c8d1251998800a63656a0436383c2e701098f4c3931e5270eeacc7fbf0164f7c65c6b7579b0d45a4f0746258582ec5effa20f65e1a13951c6dddeaada7a68bbe297af4f0759ee9dd77e20ffc3b6060a26acc9f04efaddb4793ed2f0bd725db1a4a2fef75612856d56431aad9d82ae2df44991640a9ab944d8f5ea97ca37b695172211f50f1c010f6cf04c3bb68ab8624dc3d69fd0675ac56457048789c72cb7b5d4de3923349d42fad7cf39c7e2f784aa9411dc379bbebe6ddbddf590fb1bc4d1fb923f1cf04f4d94f9eab23af05ca392f33ade199c0679269944309c8e3774b72dd20e1dc123c9b42fbf6262cc757849be852e5e305c8e914a20a9a16684b8b423880440aa3094acee789068347f5f40ecfe2efc2a30d08185133623630fd22c0fa6836c4036f674eff49354b7d74eb2fead0f272c9840832c86b575cc0712a58b4cd5d1721973ee3f876dcc8485724fe58cd160b2dac2422abaac6c04565b61f265ce5857306ce6e43c5360a22546b9629168cd63099e71b8e223b3dbb6995cb31cae27695d8200e5caa25c84df5b8edfe8295efede5c5394befc17443207c5579f3387431d189baed1d85e1f4d5e8b0f16c47c340e628044018c0c27bdb1869c88d33cf2244d85a86e90bd899e2e270639f515deec703976ac1617e7baa374b387ef8d8174e46f06413cf03a9974713c7f9859f15aaab6494018d4ff58e114a875f3484621b28f10e48c84db1c84a4215c42d15af5c64c325f8fc7b3942eb0f979ccbf684805c4d895a4a4597abc2032ef35935e13aecf0641b742f119027f967a0348c51e79beefe3462b954b76db2ba6f413c047909d513cbe48dc83020f6237166961591128e27e1e203eeb6764f13e9ef04d8e4f57a363fb54d5a9eba324e81b19a1bd4895b7de67a6902aa64b6c190e4f50cb246fdf90a51cc530b1e33e1eef833d9ca5ca848472a21d4e58a49f57de3e550786577eaf8f5aabc0e1f18a067cd6f1a164a5aae1af0eaa55a1fb1800836de6470d43704028d", 0xad9}], 0x1}}], 0x400016d, 0x48800) write(r0, 0x0, 0x0) 00:18:11 executing program 0: r0 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @my=0x0}, 0x10) r1 = syz_io_uring_setup(0x7b51, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) r2 = syz_io_uring_setup(0x6397, &(0x7f0000000500)={0x0, 0xe2fc, 0x4, 0x0, 0x320}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000240)=0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xc0, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r9 = socket$l2tp6(0xa, 0x2, 0x73) getsockopt$sock_buf(r9, 0x1, 0x1c, 0x0, &(0x7f00000000c0)) r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000580)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x1, 0x0, r4, 0x0, r9, 0x2, 0x0, 0x1, {0x0, r10}}, 0x8200004e) ioctl$sock_inet6_SIOCADDRT(r8, 0x890b, &(0x7f00000001c0)={@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @private2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, r7}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000001740)={'ip6_vti0\x00', &(0x7f0000002340)={'syztnl0\x00', r7, 0x29, 0x8, 0x0, 0x7fff, 0xd, @loopback, @mcast2, 0x10, 0x1, 0x200003, 0xe94}}) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="ec000000", @ANYRES16=0x0, @ANYRES8=r2, @ANYRES32=0x0, @ANYBLOB="040031dc851b000000000000", @ANYRES64=r6, @ANYBLOB="431c0100", @ANYRES32=0x0, @ANYRESHEX=r3, @ANYRES8=r0, @ANYBLOB="8212f44f994093d3740f62c98d"], 0xec}, 0x1, 0x0, 0x0, 0x64880}, 0x40000) ioctl$FS_IOC_ENABLE_VERITY(r4, 0x40806685, &(0x7f0000000280)={0x1, 0x1, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) read(r4, &(0x7f0000000300)=""/232, 0xe8) openat(r4, &(0x7f0000000040)='./file0\x00', 0x563ce1, 0x5) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000000), 0x8) [ 1099.115635][ T2780] fs-verity: sha256 using implementation "sha256-generic" [ 1100.042985][ C0] ================================================================== [ 1100.047534][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 1100.049228][ C0] Read of size 8 at addr ffffaf8010717f50 by task syz-executor.0/2780 [ 1100.051232][ C0] [ 1100.053286][ C0] CPU: 0 PID: 2780 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1100.055108][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1100.056430][ C0] Call Trace: [ 1100.058346][ C0] [] dump_backtrace+0x2e/0x3c [ 1100.059936][ C0] [] show_stack+0x34/0x40 [ 1100.061190][ C0] [] dump_stack_lvl+0xe4/0x150 [ 1100.062539][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 1100.064030][ C0] [] kasan_report+0x184/0x1e0 [ 1100.065375][ C0] [] __asan_load8+0x6e/0x96 [ 1100.067278][ C0] [] walk_stackframe+0x11c/0x260 [ 1100.069260][ C0] [] arch_stack_walk+0x2c/0x3c [ 1100.070814][ C0] [] stack_trace_save+0xa6/0xd8 [ 1100.072394][ C0] [ 1100.073211][ C0] Allocated by task 1102416563: [ 1100.074148][ C0] (stack is not available) [ 1100.074972][ C0] [ 1100.075696][ C0] Freed by task 2693: [ 1100.076842][ C0] stack_trace_save+0xa6/0xd8 [ 1100.078530][ C0] kasan_save_stack+0x2c/0x58 [ 1100.079793][ C0] kasan_set_track+0x1a/0x26 [ 1100.080920][ C0] kasan_set_free_info+0x1e/0x3a [ 1100.082032][ C0] ____kasan_slab_free+0x15e/0x180 [ 1100.083204][ C0] __kasan_slab_free+0x10/0x18 [ 1100.084377][ C0] slab_free_freelist_hook+0x8e/0x1cc [ 1100.085536][ C0] kfree+0xe0/0x3e4 [ 1100.087004][ C0] skb_release_data+0x3c2/0x3c4 [ 1100.088690][ C0] consume_skb+0x96/0x136 [ 1100.089859][ C0] nsim_dev_trap_report_work+0x524/0x5e4 [ 1100.091123][ C0] process_one_work+0x654/0xffe [ 1100.092254][ C0] worker_thread+0x360/0x8fa [ 1100.093263][ C0] kthread+0x19e/0x1fa [ 1100.094368][ C0] ret_from_exception+0x0/0x10 [ 1100.095551][ C0] [ 1100.096348][ C0] Last potentially related work creation: [ 1100.097931][ C0] ------------[ cut here ]------------ [ 1100.099441][ C0] slab index 1144251 out of bounds (335) for stack id 107175bb [ 1100.103798][ C0] WARNING: CPU: 0 PID: 2780 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 1100.105783][ C0] Modules linked in: [ 1100.107488][ C0] CPU: 0 PID: 2780 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1100.109093][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1100.110152][ C0] epc : stack_depot_print+0x66/0x70 [ 1100.111541][ C0] ra : stack_depot_print+0x66/0x70 [ 1100.112843][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf8010717e10 [ 1100.114064][ C0] gp : ffffffff85863ac0 tp : ffffaf80101ab080 t0 : ffffffff86bcb657 [ 1100.115305][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf8010717e20 [ 1100.116824][ C0] s1 : ffffaf807aae8c80 a0 : 000000000000003c a1 : 00000000000f0000 [ 1100.118676][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : 98c691b8b3d6a600 [ 1100.120271][ C0] a5 : 98c691b8b3d6a600 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 1100.121571][ C0] s2 : ffffaf8010717f50 s3 : ffffaf8007202140 s4 : ffffaf8010716000 [ 1100.122908][ C0] s5 : ffffaf8010717000 s6 : 0000000000003fff s7 : ffffaf8010717ef0 [ 1100.124175][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf8010717fc0 [ 1100.125408][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 1100.127106][ C0] t5 : fffff5ef0b53910d t6 : ffffaf8010717918 [ 1100.128704][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 1100.130155][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 1100.131725][ C0] [] kasan_report+0x184/0x1e0 [ 1100.132948][ C0] [] __asan_load8+0x6e/0x96 [ 1100.134081][ C0] [] walk_stackframe+0x11c/0x260 [ 1100.135361][ C0] [] arch_stack_walk+0x2c/0x3c [ 1100.137014][ C0] [] stack_trace_save+0xa6/0xd8 [ 1100.139776][ C0] irq event stamp: 817 [ 1100.140747][ C0] hardirqs last enabled at (816): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 1100.142526][ C0] hardirqs last disabled at (817): [] _raw_spin_lock_irqsave+0x60/0x62 [ 1100.144066][ C0] softirqs last enabled at (692): [] __do_softirq+0x618/0x8fc [ 1100.145609][ C0] softirqs last disabled at (709): [] __irq_exit_rcu+0x142/0x1f8 [ 1100.147991][ C0] ---[ end trace 0000000000000000 ]--- [ 1100.150104][ C0] [ 1100.151031][ C0] Second to last potentially related work creation: [ 1100.152012][ C0] ------------[ cut here ]------------ [ 1100.152855][ C0] slab index 2076544 out of bounds (335) for stack id ffffaf80 [ 1100.156519][ C0] WARNING: CPU: 0 PID: 2780 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 1100.158571][ C0] Modules linked in: [ 1100.159826][ C0] CPU: 0 PID: 2780 Comm: syz-executor.0 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1100.161416][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1100.162385][ C0] epc : stack_depot_print+0x66/0x70 [ 1100.163618][ C0] ra : stack_depot_print+0x66/0x70 [ 1100.164823][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf8010717e10 [ 1100.166014][ C0] gp : ffffffff85863ac0 tp : ffffaf80101ab080 t0 : ffffffff86bcb657 [ 1100.167885][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf8010717e20 [ 1100.169194][ C0] s1 : ffffaf807aae8c80 a0 : 000000000000003c a1 : 00000000000f0000 [ 1100.170477][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : 98c691b8b3d6a600 [ 1100.171691][ C0] a5 : 98c691b8b3d6a600 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 1100.172906][ C0] s2 : ffffaf8010717f50 s3 : ffffaf8007202140 s4 : ffffaf8010716000 [ 1100.174076][ C0] s5 : ffffaf8010717000 s6 : 0000000000003fff s7 : ffffaf8010717ef0 [ 1100.175963][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf8010717fc0 [ 1100.177323][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 1100.178567][ C0] t5 : fffff5ef0b53910d t6 : ffffaf8010717918 [ 1100.180380][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 1100.181661][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 1100.183245][ C0] [] kasan_report+0x184/0x1e0 [ 1100.184568][ C0] [] __asan_load8+0x6e/0x96 [ 1100.186569][ C0] [] walk_stackframe+0x11c/0x260 [ 1100.190568][ C0] [] arch_stack_walk+0x2c/0x3c [ 1100.192450][ C0] [] stack_trace_save+0xa6/0xd8 [ 1100.193731][ C0] irq event stamp: 817 [ 1100.194565][ C0] hardirqs last enabled at (816): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 1100.196332][ C0] hardirqs last disabled at (817): [] _raw_spin_lock_irqsave+0x60/0x62 [ 1100.200711][ C0] softirqs last enabled at (692): [] __do_softirq+0x618/0x8fc [ 1100.202417][ C0] softirqs last disabled at (709): [] __irq_exit_rcu+0x142/0x1f8 [ 1100.203955][ C0] ---[ end trace 0000000000000000 ]--- [ 1100.204973][ C0] [ 1100.205697][ C0] The buggy address belongs to the object at ffffaf8010716000 [ 1100.205697][ C0] which belongs to the cache kmalloc-4k of size 4096 [ 1100.208680][ C0] The buggy address is located 3920 bytes to the right of [ 1100.208680][ C0] 4096-byte region [ffffaf8010716000, ffffaf8010717000) [ 1100.211786][ C0] The buggy address belongs to the page: [ 1100.213270][ C0] page:ffffaf807aae8c80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x90910 [ 1100.215137][ C0] head:ffffaf807aae8c80 order:3 compound_mapcount:0 compound_pincount:0 [ 1100.216709][ C0] flags: 0x9000010200(slab|head|section=18|node=0|zone=0) [ 1100.219986][ C0] raw: 0000009000010200 ffffaf807a9e4e80 0000000000000002 ffffaf8007202140 [ 1100.221452][ C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 1100.222708][ C0] raw: 00000000000007ff [ 1100.223652][ C0] page dumped because: kasan: bad access detected [ 1100.224956][ C0] page_owner tracks the page as allocated [ 1100.226539][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2416, ts 940460349000, free_ts 939090340000 [ 1100.230635][ C0] __set_page_owner+0x48/0x136 [ 1100.231979][ C0] post_alloc_hook+0xd0/0x10a [ 1100.233132][ C0] get_page_from_freelist+0x8da/0x12d8 [ 1100.234317][ C0] __alloc_pages+0x150/0x3b6 [ 1100.235477][ C0] alloc_pages+0x132/0x2a6 [ 1100.237184][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 1100.238681][ C0] new_slab+0x25a/0x2cc [ 1100.239849][ C0] ___slab_alloc+0x56e/0x918 [ 1100.240986][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 1100.242135][ C0] __kmalloc+0x268/0x318 [ 1100.243262][ C0] tomoyo_realpath_from_path+0x9c/0x3f4 [ 1100.244487][ C0] tomoyo_path_perm+0x1fc/0x3a8 [ 1100.245589][ C0] tomoyo_inode_getattr+0x1e/0x28 [ 1100.247360][ C0] security_inode_getattr+0x82/0xc6 [ 1100.250395][ C0] vfs_fstat+0x54/0xc8 [ 1100.252441][ C0] __do_sys_newfstat+0x96/0x106 [ 1100.253712][ C0] page last free stack trace: [ 1100.254615][ C0] __reset_page_owner+0x4a/0xea [ 1100.255836][ C0] free_pcp_prepare+0x29c/0x45e [ 1100.257414][ C0] free_unref_page+0x6a/0x31e [ 1100.259092][ C0] __free_pages+0xe2/0x112 [ 1100.260289][ C0] __free_slab+0x122/0x27c [ 1100.261390][ C0] discard_slab+0x4c/0x7a [ 1100.262492][ C0] __slab_free+0x20a/0x29c [ 1100.263893][ C0] ___cache_free+0x17c/0x354 [ 1100.265034][ C0] qlist_free_all+0x7c/0x132 [ 1100.266128][ C0] kasan_quarantine_reduce+0x14c/0x1c8 [ 1100.267580][ C0] __kasan_slab_alloc+0x5c/0x98 [ 1100.268873][ C0] kmem_cache_alloc+0x338/0x3de [ 1100.270030][ C0] alloc_pid+0xac/0x8aa [ 1100.271125][ C0] copy_process+0x26ae/0x3c34 [ 1100.272276][ C0] kernel_clone+0xee/0x920 [ 1100.273389][ C0] kernel_thread+0xf8/0x130 [ 1100.274763][ C0] [ 1100.275511][ C0] Memory state around the buggy address: [ 1100.276989][ C0] ffffaf8010717e00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 1100.279215][ C0] ffffaf8010717e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 1100.280571][ C0] >ffffaf8010717f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1100.281741][ C0] ^ [ 1100.283001][ C0] ffffaf8010717f80: fc fc fc fc f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 [ 1100.284215][ C0] ffffaf8010718000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1100.285525][ C0] ================================================================== [ 1100.286783][ C0] Disabling lock debugging due to kernel taint [ 1100.290765][ T2780] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 1100.292060][ T2780] CPU: 0 PID: 2780 Comm: syz-executor.0 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1100.293661][ T2780] Hardware name: riscv-virtio,qemu (DT) [ 1100.294407][ T2780] Call Trace: [ 1100.295348][ T2780] [] dump_backtrace+0x2e/0x3c [ 1100.296838][ T2780] [] show_stack+0x34/0x40 [ 1100.298069][ T2780] [] dump_stack_lvl+0xe4/0x150 [ 1100.299384][ T2780] [] dump_stack+0x1c/0x24 [ 1100.300488][ T2780] [] panic+0x24a/0x634 [ 1100.301506][ T2780] [] schedule+0x0/0x14c [ 1100.302646][ T2780] [] preempt_schedule_common+0x4e/0xde [ 1100.303829][ T2780] [] preempt_schedule+0x34/0x36 [ 1100.305089][ T2780] [] _raw_spin_unlock+0x60/0x6a [ 1100.306249][ T2780] [] inode_add_bytes+0xa6/0xb8 [ 1100.307493][ T2780] [] __dquot_alloc_space+0x4fc/0x766 [ 1100.308591][ T2780] [] ext4_mb_new_blocks+0x3f0/0x3228 [ 1100.309785][ T2780] [] ext4_ext_map_blocks+0x1930/0x3e86 [ 1100.310935][ T2780] [] ext4_map_blocks+0x4fe/0xe64 [ 1100.312001][ T2780] [] _ext4_get_block+0x188/0x2c2 [ 1100.313034][ T2780] [] ext4_get_block_unwritten+0x28/0x36 [ 1100.313623][ T2780] [] ext4_block_write_begin+0x4ae/0xc4e [ 1100.315628][ T2780] [] ext4_write_begin+0x47e/0xe28 [ 1100.316754][ T2780] [] ext4_da_write_begin+0x1a8/0x7d4 [ 1100.317958][ T2780] [] pagecache_write_begin+0x5e/0x76 [ 1100.319098][ T2780] [] pagecache_write.part.0+0x1ec/0x348 [ 1100.320333][ T2780] [] ext4_end_enable_verity+0x156/0x46c [ 1100.321510][ T2780] [] enable_verity+0x700/0x13e4 [ 1100.322733][ T2780] [] fsverity_ioctl_enable+0x33c/0x3fe [ 1100.323916][ T2780] [] __ext4_ioctl+0x240c/0x3c9e [ 1100.325072][ T2780] [] ext4_ioctl+0x26/0x34 [ 1100.326293][ T2780] [] sys_ioctl+0x75c/0x139e [ 1100.327897][ T2780] [] ret_from_syscall+0x0/0x2 [ 1100.329377][ T2780] SMP: stopping secondary CPUs [ 1100.331793][ T2780] Rebooting in 86400 seconds.. VM DIAGNOSIS: 19:09:50 Registers: info registers vcpu 0 pc ffffffff8011edb6 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475986 sepc ffffffff80475ab2 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8011eda6 x2/sp ffffaf8010717ae0 x3/gp ffffffff85863ac0 x4/tp ffffaf80101ab080 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0d796ca x7/t2 0000000000000000 x8/s0 ffffaf8010717cc0 x9/s1 0000000000000000 x10/a0 0000000000000018 x11/a1 00000000000f0000 x12/a2 0000000000000506 x13/a3 ffffffff8011c8a6 x14/a4 98c691b8b3d6a600 x15/a5 0000000000000020 x16/a6 ffffffff86bcb658 x17/a7 ffffffff86bcb656 x18/s2 0000000000000018 x19/s3 0000000000000007 x20/s4 ffffaf8010717c40 x21/s5 ffffaf8010717b60 x22/s6 ffffffff8588c1a0 x23/s7 ffffffff8588c3e0 x24/s8 ffffffff8588c220 x25/s9 ffffffff84a88520 x26/s10 ffffffff858655c0 x27/s11 ffffaf8010717c40 x28/t3 0000000000000043 x29/t4 fffffffef0d796c8 x30/t5 fffffffef0d796cb x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80475ab2 mhartid 0000000000000001 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 00007fff800bd1b8 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra 00007fff80415afc x2/sp 00007ffffee3b420 x3/gp 00007fff804a1a68 x4/tp 00007fff8007c6c8 x5/t0 0000000003b29d2a x6/t1 00007fff8040975c x7/t2 ffffffffffffffff x8/s0 00007fffb4d93450 x9/s1 00007ffffee3b438 x10/a0 0000000000000002 x11/a1 00007ffffee3b430 x12/a2 0000000000000000 x13/a3 0000000000000008 x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 00000000000f423f x17/a7 0000000000000087 x18/s2 00007ffffee3b430 x19/s3 0000000000000010 x20/s4 0000000000000000 x21/s5 0000000000000004 x22/s6 0000000000000010 x23/s7 00007fff804a4c48 x24/s8 ffffffffffffffff x25/s9 000000000000044a x26/s10 0000000000000001 x27/s11 0000000000000001 x28/t3 00007fff800bd144 x29/t4 0000000000000000 x30/t5 0000000003b29d2a x31/t6 00000000013f2ecb f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000