syzkaller login: [ 275.140620][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 275.236775][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 275.253171][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 285.751218][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:46375' (ECDSA) to the list of known hosts. 1970/01/01 00:05:25 fuzzer started 1970/01/01 00:05:38 dialing manager at localhost:44093 [ 344.787846][ T2026] cgroup: Unknown subsys name 'net' [ 345.932740][ T2026] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:45 syscalls: 2827 1970/01/01 00:05:45 code coverage: enabled 1970/01/01 00:05:45 comparison tracing: ioctl(KCOV_DISABLE) failed: invalid argument 1970/01/01 00:05:45 extra coverage: ioctl(KCOV_DISABLE) failed: invalid argument 1970/01/01 00:05:45 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:45 setuid sandbox: enabled 1970/01/01 00:05:45 namespace sandbox: enabled 1970/01/01 00:05:45 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:45 fault injection: enabled 1970/01/01 00:05:45 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:45 net packet injection: enabled 1970/01/01 00:05:45 net device setup: enabled 1970/01/01 00:05:45 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:45 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:45 USB emulation: enabled 1970/01/01 00:05:45 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:45 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:45 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:46 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:05:53 fetching corpus: 50, signal 34924/38311 (executing program) 1970/01/01 00:05:58 fetching corpus: 98, signal 49429/54083 (executing program) 1970/01/01 00:06:02 fetching corpus: 147, signal 58069/63943 (executing program) 1970/01/01 00:06:04 fetching corpus: 197, signal 63467/70553 (executing program) 1970/01/01 00:06:07 fetching corpus: 246, signal 68306/76574 (executing program) 1970/01/01 00:06:10 fetching corpus: 296, signal 71836/81242 (executing program) 1970/01/01 00:06:12 fetching corpus: 346, signal 80278/90346 (executing program) 1970/01/01 00:06:16 fetching corpus: 396, signal 85763/96613 (executing program) 1970/01/01 00:06:18 fetching corpus: 444, signal 88751/100569 (executing program) 1970/01/01 00:06:21 fetching corpus: 494, signal 92586/105154 (executing program) 1970/01/01 00:06:26 fetching corpus: 543, signal 96057/109385 (executing program) 1970/01/01 00:06:29 fetching corpus: 593, signal 100700/114586 (executing program) 1970/01/01 00:06:32 fetching corpus: 642, signal 104250/118747 (executing program) 1970/01/01 00:06:38 fetching corpus: 691, signal 114591/128659 (executing program) 1970/01/01 00:06:42 fetching corpus: 741, signal 116791/131496 (executing program) 1970/01/01 00:06:45 fetching corpus: 790, signal 119021/134328 (executing program) 1970/01/01 00:06:48 fetching corpus: 840, signal 121489/137249 (executing program) 1970/01/01 00:06:51 fetching corpus: 890, signal 123365/139685 (executing program) 1970/01/01 00:06:53 fetching corpus: 937, signal 126153/142780 (executing program) 1970/01/01 00:06:56 fetching corpus: 987, signal 130608/147194 (executing program) 1970/01/01 00:06:58 fetching corpus: 1034, signal 131693/148829 (executing program) 1970/01/01 00:07:02 fetching corpus: 1083, signal 135715/152721 (executing program) 1970/01/01 00:07:04 fetching corpus: 1132, signal 137769/155087 (executing program) 1970/01/01 00:07:07 fetching corpus: 1182, signal 141572/158793 (executing program) 1970/01/01 00:07:10 fetching corpus: 1231, signal 144001/161328 (executing program) 1970/01/01 00:07:12 fetching corpus: 1279, signal 145641/163220 (executing program) 1970/01/01 00:07:15 fetching corpus: 1329, signal 146686/164633 (executing program) 1970/01/01 00:07:18 fetching corpus: 1378, signal 148199/166391 (executing program) 1970/01/01 00:07:20 fetching corpus: 1426, signal 149579/168014 (executing program) 1970/01/01 00:07:23 fetching corpus: 1474, signal 151362/169901 (executing program) 1970/01/01 00:07:25 fetching corpus: 1524, signal 155546/173395 (executing program) 1970/01/01 00:07:29 fetching corpus: 1574, signal 157463/175305 (executing program) 1970/01/01 00:07:32 fetching corpus: 1623, signal 159022/176907 (executing program) 1970/01/01 00:07:35 fetching corpus: 1672, signal 161204/178864 (executing program) 1970/01/01 00:07:38 fetching corpus: 1722, signal 162381/180114 (executing program) 1970/01/01 00:07:41 fetching corpus: 1771, signal 164693/182128 (executing program) 1970/01/01 00:07:43 fetching corpus: 1821, signal 165751/183291 (executing program) 1970/01/01 00:07:46 fetching corpus: 1871, signal 167327/184749 (executing program) 1970/01/01 00:07:49 fetching corpus: 1920, signal 168927/186231 (executing program) 1970/01/01 00:07:52 fetching corpus: 1970, signal 170047/187358 (executing program) 1970/01/01 00:07:56 fetching corpus: 2019, signal 171394/188641 (executing program) 1970/01/01 00:07:59 fetching corpus: 2069, signal 172560/189776 (executing program) 1970/01/01 00:08:03 fetching corpus: 2118, signal 173651/190806 (executing program) 1970/01/01 00:08:06 fetching corpus: 2168, signal 175454/192221 (executing program) 1970/01/01 00:08:11 fetching corpus: 2217, signal 177376/193691 (executing program) 1970/01/01 00:08:13 fetching corpus: 2265, signal 178465/194659 (executing program) 1970/01/01 00:08:15 fetching corpus: 2314, signal 179284/195461 (executing program) 1970/01/01 00:08:18 fetching corpus: 2364, signal 180351/196395 (executing program) 1970/01/01 00:08:20 fetching corpus: 2413, signal 181475/197311 (executing program) 1970/01/01 00:08:23 fetching corpus: 2463, signal 182449/198124 (executing program) 1970/01/01 00:08:26 fetching corpus: 2513, signal 183667/199054 (executing program) 1970/01/01 00:08:29 fetching corpus: 2563, signal 184696/199913 (executing program) 1970/01/01 00:08:32 fetching corpus: 2613, signal 185274/200469 (executing program) 1970/01/01 00:08:35 fetching corpus: 2661, signal 186623/201419 (executing program) 1970/01/01 00:08:37 fetching corpus: 2711, signal 187622/202165 (executing program) 1970/01/01 00:08:41 fetching corpus: 2760, signal 188855/203017 (executing program) 1970/01/01 00:08:43 fetching corpus: 2809, signal 190037/203802 (executing program) 1970/01/01 00:08:46 fetching corpus: 2859, signal 191013/204505 (executing program) 1970/01/01 00:08:49 fetching corpus: 2909, signal 193589/205869 (executing program) 1970/01/01 00:08:53 fetching corpus: 2959, signal 196852/207505 (executing program) 1970/01/01 00:08:56 fetching corpus: 3008, signal 197819/208081 (executing program) 1970/01/01 00:08:58 fetching corpus: 3057, signal 198613/208618 (executing program) 1970/01/01 00:09:00 fetching corpus: 3107, signal 199644/209261 (executing program) 1970/01/01 00:09:04 fetching corpus: 3156, signal 200946/209966 (executing program) 1970/01/01 00:09:06 fetching corpus: 3206, signal 201615/210372 (executing program) 1970/01/01 00:09:08 fetching corpus: 3256, signal 202399/210820 (executing program) 1970/01/01 00:09:11 fetching corpus: 3305, signal 202935/211156 (executing program) 1970/01/01 00:09:15 fetching corpus: 3355, signal 204140/211734 (executing program) 1970/01/01 00:09:17 fetching corpus: 3405, signal 205119/212172 (executing program) 1970/01/01 00:09:22 fetching corpus: 3454, signal 206372/212765 (executing program) 1970/01/01 00:09:24 fetching corpus: 3502, signal 206935/213055 (executing program) 1970/01/01 00:09:29 fetching corpus: 3552, signal 208013/213499 (executing program) 1970/01/01 00:09:34 fetching corpus: 3601, signal 209474/214035 (executing program) 1970/01/01 00:09:36 fetching corpus: 3650, signal 210352/214373 (executing program) 1970/01/01 00:09:40 fetching corpus: 3699, signal 211539/214806 (executing program) 1970/01/01 00:09:45 fetching corpus: 3733, signal 212048/214996 (executing program) 1970/01/01 00:09:45 fetching corpus: 3735, signal 212059/215050 (executing program) 1970/01/01 00:09:45 fetching corpus: 3736, signal 212063/215106 (executing program) 1970/01/01 00:09:46 fetching corpus: 3737, signal 212077/215151 (executing program) 1970/01/01 00:09:46 fetching corpus: 3737, signal 212077/215187 (executing program) 1970/01/01 00:09:46 fetching corpus: 3737, signal 212077/215214 (executing program) 1970/01/01 00:09:47 fetching corpus: 3737, signal 212077/215246 (executing program) 1970/01/01 00:09:47 fetching corpus: 3737, signal 212077/215292 (executing program) 1970/01/01 00:09:47 fetching corpus: 3737, signal 212097/215342 (executing program) 1970/01/01 00:09:47 fetching corpus: 3737, signal 212097/215381 (executing program) 1970/01/01 00:09:48 fetching corpus: 3737, signal 212097/215429 (executing program) 1970/01/01 00:09:48 fetching corpus: 3737, signal 212097/215476 (executing program) 1970/01/01 00:09:48 fetching corpus: 3737, signal 212097/215522 (executing program) 1970/01/01 00:09:49 fetching corpus: 3737, signal 212097/215562 (executing program) 1970/01/01 00:09:49 fetching corpus: 3737, signal 212097/215601 (executing program) 1970/01/01 00:09:49 fetching corpus: 3737, signal 212097/215638 (executing program) 1970/01/01 00:09:49 fetching corpus: 3738, signal 212098/215688 (executing program) 1970/01/01 00:09:49 fetching corpus: 3738, signal 212098/215724 (executing program) 1970/01/01 00:09:49 fetching corpus: 3738, signal 212098/215763 (executing program) 1970/01/01 00:09:50 fetching corpus: 3738, signal 212098/215803 (executing program) 1970/01/01 00:09:50 fetching corpus: 3738, signal 212098/215841 (executing program) 1970/01/01 00:09:50 fetching corpus: 3738, signal 212098/215872 (executing program) 1970/01/01 00:09:50 fetching corpus: 3738, signal 212098/215912 (executing program) 1970/01/01 00:09:50 fetching corpus: 3738, signal 212098/215956 (executing program) 1970/01/01 00:09:50 fetching corpus: 3738, signal 212098/215982 (executing program) 1970/01/01 00:09:50 fetching corpus: 3738, signal 212098/216011 (executing program) 1970/01/01 00:09:50 fetching corpus: 3738, signal 212098/216058 (executing program) 1970/01/01 00:09:51 fetching corpus: 3738, signal 212098/216098 (executing program) 1970/01/01 00:09:51 fetching corpus: 3738, signal 212098/216142 (executing program) 1970/01/01 00:09:51 fetching corpus: 3738, signal 212098/216184 (executing program) 1970/01/01 00:09:51 fetching corpus: 3738, signal 212098/216222 (executing program) 1970/01/01 00:09:51 fetching corpus: 3738, signal 212098/216253 (executing program) 1970/01/01 00:09:51 fetching corpus: 3738, signal 212098/216256 (executing program) 1970/01/01 00:09:51 fetching corpus: 3738, signal 212098/216256 (executing program) 1970/01/01 00:11:54 starting 2 fuzzer processes 00:11:54 executing program 0: setfsgid(0xee00) setfsgid(0xee00) 00:11:54 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000200)={'ip6tnl0\x00', &(0x7f0000000180)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000080)={'syztnl2\x00', 0x0}) [ 747.661769][ T2038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 747.879359][ T2038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 751.533496][ T2040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 751.740582][ C0] ================================================================== [ 751.744228][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 751.745905][ C0] Read of size 8 at addr ffffaf800c0dfdc0 by task syz-executor.1/2040 [ 751.748517][ C0] [ 751.750179][ C0] CPU: 0 PID: 2040 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 751.752027][ C0] Hardware name: riscv-virtio,qemu (DT) [ 751.753338][ C0] Call Trace: [ 751.754669][ C0] [] dump_backtrace+0x2e/0x3c [ 751.756106][ C0] [] show_stack+0x34/0x40 [ 751.757414][ C0] [] dump_stack_lvl+0xe4/0x150 [ 751.758847][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 751.760475][ C0] [] kasan_report+0x184/0x1e0 [ 751.761964][ C0] [] __asan_load8+0x6e/0x96 [ 751.763347][ C0] [] walk_stackframe+0x11c/0x260 [ 751.765312][ C0] [] arch_stack_walk+0x2c/0x3c [ 751.766773][ C0] [] stack_trace_save+0xa6/0xd8 [ 751.768163][ C0] [] kasan_save_stack+0x2c/0x58 [ 751.769789][ C0] [ 751.770685][ C0] Allocated by task 2240332320: [ 751.771667][ C0] (stack is not available) [ 751.772524][ C0] [ 751.773286][ C0] Last potentially related work creation: [ 751.774806][ C0] ------------[ cut here ]------------ [ 751.776226][ C0] slab index 574432 out of bounds (291) for stack id 8588c3e0 [ 751.780859][ C0] WARNING: CPU: 0 PID: 2040 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 751.782828][ C0] Modules linked in: [ 751.784254][ C0] CPU: 0 PID: 2040 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 751.786107][ C0] Hardware name: riscv-virtio,qemu (DT) [ 751.787216][ C0] epc : stack_depot_print+0x66/0x70 [ 751.788651][ C0] ra : stack_depot_print+0x66/0x70 [ 751.789987][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800c0dfc80 [ 751.791328][ C0] gp : ffffffff85863ac0 tp : ffffaf800ebd3080 t0 : ffffffff86bcb657 [ 751.792647][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800c0dfc90 [ 751.794031][ C0] s1 : ffffaf807a9accc0 a0 : 000000000000003b a1 : 00000000000f0000 [ 751.796524][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : e41941a51f0c6c00 [ 751.797821][ C0] a5 : e41941a51f0c6c00 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 751.799116][ C0] s2 : ffffaf800c0dfdc0 s3 : ffffaf8007202000 s4 : ffffaf800c0df000 [ 751.800439][ C0] s5 : ffffaf800c0df800 s6 : 0000000000003fff s7 : ffffaf800c0dfd60 [ 751.801770][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf800c0dfe40 [ 751.803086][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 751.805094][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800c0df778 [ 751.806685][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 751.808098][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 751.809764][ C0] [] kasan_report+0x184/0x1e0 [ 751.811204][ C0] [] __asan_load8+0x6e/0x96 [ 751.812455][ C0] [] walk_stackframe+0x11c/0x260 [ 751.813860][ C0] [] arch_stack_walk+0x2c/0x3c [ 751.815786][ C0] [] stack_trace_save+0xa6/0xd8 [ 751.817216][ C0] [] kasan_save_stack+0x2c/0x58 [ 751.818727][ C0] irq event stamp: 47421 [ 751.819707][ C0] hardirqs last enabled at (47420): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 751.821578][ C0] hardirqs last disabled at (47421): [] _raw_spin_lock_irqsave+0x60/0x62 [ 751.823314][ C0] softirqs last enabled at (47328): [] bond_enslave+0x2096/0x3016 [ 751.825844][ C0] softirqs last disabled at (47331): [] __irq_exit_rcu+0x142/0x1f8 [ 751.827581][ C0] ---[ end trace 0000000000000000 ]--- [ 751.829064][ C0] [ 751.829841][ C0] Second to last potentially related work creation: [ 751.830841][ C0] ------------[ cut here ]------------ [ 751.831773][ C0] slab index 2097151 out of bounds (291) for stack id ffffffff [ 751.835649][ C0] WARNING: CPU: 0 PID: 2040 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 751.837498][ C0] Modules linked in: [ 751.838713][ C0] CPU: 0 PID: 2040 Comm: syz-executor.1 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 751.840304][ C0] Hardware name: riscv-virtio,qemu (DT) [ 751.841333][ C0] epc : stack_depot_print+0x66/0x70 [ 751.842626][ C0] ra : stack_depot_print+0x66/0x70 [ 751.843990][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800c0dfc80 [ 751.845886][ C0] gp : ffffffff85863ac0 tp : ffffaf800ebd3080 t0 : ffffffff86bcb657 [ 751.847186][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800c0dfc90 [ 751.848455][ C0] s1 : ffffaf807a9accc0 a0 : 000000000000003c a1 : 00000000000f0000 [ 751.849762][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : e41941a51f0c6c00 [ 751.851010][ C0] a5 : e41941a51f0c6c00 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 751.852239][ C0] s2 : ffffaf800c0dfdc0 s3 : ffffaf8007202000 s4 : ffffaf800c0df000 [ 751.853508][ C0] s5 : ffffaf800c0df800 s6 : 0000000000003fff s7 : ffffaf800c0dfd60 [ 751.855486][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf800c0dfe40 [ 751.856857][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 751.858076][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800c0df778 [ 751.859129][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 751.860402][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 751.862048][ C0] [] kasan_report+0x184/0x1e0 [ 751.863442][ C0] [] __asan_load8+0x6e/0x96 [ 751.865173][ C0] [] walk_stackframe+0x11c/0x260 [ 751.866617][ C0] [] arch_stack_walk+0x2c/0x3c [ 751.867938][ C0] [] stack_trace_save+0xa6/0xd8 [ 751.869299][ C0] [] kasan_save_stack+0x2c/0x58 [ 751.870691][ C0] irq event stamp: 47421 [ 751.871548][ C0] hardirqs last enabled at (47420): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 751.873172][ C0] hardirqs last disabled at (47421): [] _raw_spin_lock_irqsave+0x60/0x62 [ 751.875512][ C0] softirqs last enabled at (47328): [] bond_enslave+0x2096/0x3016 [ 751.877074][ C0] softirqs last disabled at (47331): [] __irq_exit_rcu+0x142/0x1f8 [ 751.878621][ C0] ---[ end trace 0000000000000000 ]--- [ 751.879624][ C0] [ 751.880365][ C0] The buggy address belongs to the object at ffffaf800c0df000 [ 751.880365][ C0] which belongs to the cache kmalloc-2k of size 2048 [ 751.882041][ C0] The buggy address is located 1472 bytes to the right of [ 751.882041][ C0] 2048-byte region [ffffaf800c0df000, ffffaf800c0df800) [ 751.883759][ C0] The buggy address belongs to the page: [ 751.885856][ C0] page:ffffaf807a9accc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8c2d8 [ 751.887735][ C0] head:ffffaf807a9accc0 order:3 compound_mapcount:0 compound_pincount:0 [ 751.889228][ C0] flags: 0x8800010200(slab|head|section=17|node=0|zone=0) [ 751.892177][ C0] raw: 0000008800010200 0000000000000000 0000000000000122 ffffaf8007202000 [ 751.893641][ C0] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 751.895639][ C0] raw: 00000000000007ff [ 751.897211][ C0] page dumped because: kasan: bad access detected [ 751.898566][ C0] page_owner tracks the page as allocated [ 751.899576][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 35879327200, free_ts 0 [ 751.901892][ C0] __set_page_owner+0x48/0x136 [ 751.903212][ C0] post_alloc_hook+0xd0/0x10a [ 751.904749][ C0] get_page_from_freelist+0x8da/0x12d8 [ 751.906155][ C0] __alloc_pages+0x150/0x3b6 [ 751.907346][ C0] alloc_page_interleave+0x2a/0x1cc [ 751.908669][ C0] alloc_pages+0x210/0x2a6 [ 751.909838][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 751.911233][ C0] new_slab+0x25a/0x2cc [ 751.912367][ C0] ___slab_alloc+0x56e/0x918 [ 751.913580][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 751.915228][ C0] kmem_cache_alloc_trace+0x2a2/0x2e0 [ 751.916535][ C0] tty_register_device_attr+0x1c4/0x4bc [ 751.917888][ C0] tty_register_driver+0x2ca/0x4b2 [ 751.919056][ C0] pty_init+0x310/0x7e6 [ 751.920184][ C0] do_one_initcall+0x13a/0x7ea [ 751.921316][ C0] kernel_init_freeable+0x510/0x5b4 [ 751.922587][ C0] page_owner free stack trace missing [ 751.923670][ C0] [ 751.924671][ C0] Memory state around the buggy address: [ 751.926465][ C0] ffffaf800c0dfc80: 00 00 00 00 00 00 00 00 fc fc fc fc 00 00 00 00 [ 751.927736][ C0] ffffaf800c0dfd00: 00 00 00 00 00 00 00 00 fc fc fc fc 00 00 00 00 [ 751.928996][ C0] >ffffaf800c0dfd80: 00 00 00 00 00 00 00 00 fc fc fc fc 00 00 00 00 [ 751.930116][ C0] ^ [ 751.931316][ C0] ffffaf800c0dfe00: 00 00 00 00 f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 [ 751.932572][ C0] ffffaf800c0dfe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 751.933868][ C0] ================================================================== [ 751.935558][ C0] Disabling lock debugging due to kernel taint [ 751.948843][ T2040] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 751.950198][ T2040] CPU: 0 PID: 2040 Comm: syz-executor.1 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 751.951460][ T2040] Hardware name: riscv-virtio,qemu (DT) [ 751.952141][ T2040] Call Trace: [ 751.952820][ T2040] [] dump_backtrace+0x2e/0x3c [ 751.954056][ T2040] [] show_stack+0x34/0x40 [ 751.955081][ T2040] [] dump_stack_lvl+0xe4/0x150 [ 751.956362][ T2040] [] dump_stack+0x1c/0x24 [ 751.957548][ T2040] [] panic+0x24a/0x634 [ 751.958515][ T2040] [] schedule+0x0/0x14c [ 751.959564][ T2040] [] preempt_schedule_common+0x4e/0xde [ 751.960747][ T2040] [] preempt_schedule+0x34/0x36 [ 751.961822][ T2040] [] _raw_spin_unlock+0x60/0x6a [ 751.962847][ T2040] [] bond_get_stats+0x2b6/0x448 [ 751.964173][ T2040] [] dev_get_stats+0x62/0x16e [ 751.965407][ T2040] [] rtnl_fill_stats+0x4a/0x388 [ 751.966530][ T2040] [] rtnl_fill_ifinfo+0xde8/0x28bc [ 751.967734][ T2040] [] rtmsg_ifinfo_build_skb+0x9c/0x142 [ 751.968903][ T2040] [] rtnetlink_event+0x102/0x144 [ 751.970116][ T2040] [] notifier_call_chain+0xb8/0x188 [ 751.971248][ T2040] [] raw_notifier_call_chain+0x2a/0x38 [ 751.972378][ T2040] [] call_netdevice_notifiers_info+0x9e/0x10c [ 751.973493][ T2040] [] netdev_change_features+0x90/0xbc [ 751.975159][ T2040] [] bond_compute_features+0x384/0x4fa [ 751.976345][ T2040] [] bond_enslave+0x2112/0x3016 [ 751.977424][ T2040] [] do_set_master+0x13c/0x168 [ 751.978493][ T2040] [] do_setlink+0x622/0x21c4 [ 751.979669][ T2040] [] __rtnl_newlink+0x99e/0xfa0 [ 751.980809][ T2040] [] rtnl_newlink+0x60/0x8c [ 751.981869][ T2040] [] rtnetlink_rcv_msg+0x338/0x9a0 [ 751.982986][ T2040] [] netlink_rcv_skb+0xf8/0x2be [ 751.984425][ T2040] [] rtnetlink_rcv+0x26/0x30 [ 751.985526][ T2040] [] netlink_unicast+0x40e/0x5fe [ 751.986560][ T2040] [] netlink_sendmsg+0x4e0/0x994 [ 751.987617][ T2040] [] sock_sendmsg+0xa0/0xc4 [ 751.988770][ T2040] [] __sys_sendto+0x1f2/0x2e0 [ 751.989770][ T2040] [] sys_sendto+0x3e/0x52 [ 751.990818][ T2040] [] ret_from_syscall+0x0/0x2 [ 751.992198][ T2040] SMP: stopping secondary CPUs [ 751.994781][ T2040] Rebooting in 86400 seconds.. VM DIAGNOSIS: 03:22:24 Registers: info registers vcpu 0 pc ffffffff80474d10 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475ab2 sepc ffffffff80c267ee mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80474cb4 x2/sp ffffaf800c0dfcd0 x3/gp ffffffff85863ac0 x4/tp ffffaf800ebd3080 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef0b53910c x7/t2 0000000000000000 x8/s0 ffffaf800c0dfd40 x9/s1 ffffaf800c0dfdc0 x10/a0 0000000000000043 x11/a1 00000000000f0000 x12/a2 0000000000000505 x13/a3 ffffffff8012252a x14/a4 e41941a51f0c6c00 x15/a5 e41941a51f0c6c00 x16/a6 0000000000f00000 x17/a7 ffffaf805a9c8863 x18/s2 0000000000000008 x19/s3 ffffffff8000a052 x20/s4 0000000000000000 x21/s5 ffffffff85863560 x22/s6 0000000000003fff x23/s7 ffffaf800c0dfd60 x24/s8 0000000000400000 x25/s9 ffffffffffffc000 x26/s10 ffffaf800c0dfe40 x27/s11 0000000000000008 x28/t3 fffffffff3f3f300 x29/t4 fffff5ef0b53910c x30/t5 fffff5ef0b53910d x31/t6 ffffaf800c0df7d8 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff831a24bc mhartid 0000000000000001 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff829bdb4a mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80237298 x2/sp ffffaf80073bbae0 x3/gp ffffffff85863ac0 x4/tp ffffaf80095a9840 x5/t0 ffffaf800918efc0 x6/t1 e41941a51f0c6c00 x7/t2 0000000000000018 x8/s0 ffffaf80073bba40 x9/s1 ffffaf80095a9840 x10/a0 ffffaf80095a9848 x11/a1 00000000000f0000 x12/a2 0000000000000002 x13/a3 ffffffff80116540 x14/a4 0000000000000004 x15/a5 ffffaf80095aa2b0 x16/a6 0000000000000000 x17/a7 ffffffff80093b44 x18/s2 0000000000000346 x19/s3 ffffaf80073bb7a0 x20/s4 ffffffff866e8720 x21/s5 ffffaf80095aa258 x22/s6 ffffffff858c4ca0 x23/s7 750bee0b0879cc11 x24/s8 ffffffff80093b44 x25/s9 ffffffff85889780 x26/s10 ffffffff86eb0a68 x27/s11 ffffffff80093b44 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f000e77714 x31/t6 ffffaf80073bb8d8 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000