syzkaller login: [ 263.453519][ T1862] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 273.021569][ T1862] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 273.060366][ T1862] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 310.163740][ T1862] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:40705' (ECDSA) to the list of known hosts. 1970/01/01 00:06:05 fuzzer started 1970/01/01 00:06:18 dialing manager at localhost:45481 [ 384.963278][ T2047] cgroup: Unknown subsys name 'net' [ 386.153380][ T2047] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:25 syscalls: 2918 1970/01/01 00:06:25 code coverage: enabled 1970/01/01 00:06:25 comparison tracing: enabled 1970/01/01 00:06:25 extra coverage: enabled 1970/01/01 00:06:25 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:25 setuid sandbox: enabled 1970/01/01 00:06:25 namespace sandbox: enabled 1970/01/01 00:06:25 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:25 fault injection: enabled 1970/01/01 00:06:26 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:26 net packet injection: enabled 1970/01/01 00:06:26 net device setup: enabled 1970/01/01 00:06:26 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:26 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:26 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:26 USB emulation: enabled 1970/01/01 00:06:26 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:26 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:26 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:26 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:31 fetching corpus: 49, signal 29305/32594 (executing program) 1970/01/01 00:06:33 fetching corpus: 99, signal 42981/47448 (executing program) 1970/01/01 00:06:38 fetching corpus: 148, signal 54014/59407 (executing program) 1970/01/01 00:06:41 fetching corpus: 195, signal 58933/65383 (executing program) 1970/01/01 00:06:43 fetching corpus: 245, signal 62616/70070 (executing program) 1970/01/01 00:06:46 fetching corpus: 295, signal 67822/76115 (executing program) 1970/01/01 00:06:49 fetching corpus: 345, signal 71887/81019 (executing program) 1970/01/01 00:06:52 fetching corpus: 394, signal 76459/86283 (executing program) 1970/01/01 00:06:55 fetching corpus: 444, signal 80270/90734 (executing program) 1970/01/01 00:06:58 fetching corpus: 493, signal 84954/95830 (executing program) 1970/01/01 00:07:00 fetching corpus: 542, signal 89023/100316 (executing program) 1970/01/01 00:07:03 fetching corpus: 592, signal 91409/103311 (executing program) 1970/01/01 00:07:06 fetching corpus: 642, signal 94363/106716 (executing program) 1970/01/01 00:07:09 fetching corpus: 689, signal 98039/110603 (executing program) 1970/01/01 00:07:13 fetching corpus: 738, signal 101736/114402 (executing program) 1970/01/01 00:07:17 fetching corpus: 787, signal 106129/118725 (executing program) 1970/01/01 00:07:24 fetching corpus: 835, signal 108665/121500 (executing program) 1970/01/01 00:07:26 fetching corpus: 884, signal 110568/123707 (executing program) 1970/01/01 00:07:28 fetching corpus: 933, signal 112733/126075 (executing program) 1970/01/01 00:07:31 fetching corpus: 982, signal 114884/128380 (executing program) 1970/01/01 00:07:34 fetching corpus: 1031, signal 117115/130675 (executing program) 1970/01/01 00:07:37 fetching corpus: 1081, signal 118637/132434 (executing program) 1970/01/01 00:07:40 fetching corpus: 1129, signal 121028/134780 (executing program) 1970/01/01 00:07:42 fetching corpus: 1179, signal 122199/136158 (executing program) 1970/01/01 00:07:44 fetching corpus: 1229, signal 124379/138265 (executing program) 1970/01/01 00:07:46 fetching corpus: 1279, signal 126337/140127 (executing program) 1970/01/01 00:07:50 fetching corpus: 1329, signal 127645/141516 (executing program) 1970/01/01 00:07:53 fetching corpus: 1377, signal 129004/142947 (executing program) 1970/01/01 00:07:57 fetching corpus: 1426, signal 131076/144721 (executing program) 1970/01/01 00:07:59 fetching corpus: 1474, signal 131943/145756 (executing program) 1970/01/01 00:08:03 fetching corpus: 1522, signal 133262/147040 (executing program) 1970/01/01 00:08:06 fetching corpus: 1571, signal 134957/148492 (executing program) 1970/01/01 00:08:08 fetching corpus: 1620, signal 136769/150001 (executing program) 1970/01/01 00:08:11 fetching corpus: 1670, signal 137761/150963 (executing program) 1970/01/01 00:08:14 fetching corpus: 1720, signal 139409/152310 (executing program) 1970/01/01 00:08:16 fetching corpus: 1770, signal 140198/153136 (executing program) 1970/01/01 00:08:18 fetching corpus: 1820, signal 141616/154249 (executing program) 1970/01/01 00:08:22 fetching corpus: 1870, signal 142916/155267 (executing program) 1970/01/01 00:08:25 fetching corpus: 1918, signal 144185/156280 (executing program) 1970/01/01 00:08:28 fetching corpus: 1967, signal 145272/157149 (executing program) 1970/01/01 00:08:30 fetching corpus: 2016, signal 146353/158016 (executing program) 1970/01/01 00:08:33 fetching corpus: 2065, signal 147722/158985 (executing program) 1970/01/01 00:08:36 fetching corpus: 2115, signal 149486/160099 (executing program) 1970/01/01 00:08:38 fetching corpus: 2165, signal 150207/160690 (executing program) 1970/01/01 00:08:41 fetching corpus: 2215, signal 151407/161500 (executing program) 1970/01/01 00:08:43 fetching corpus: 2265, signal 152243/162124 (executing program) 1970/01/01 00:08:44 fetching corpus: 2314, signal 153122/162710 (executing program) 1970/01/01 00:08:46 fetching corpus: 2363, signal 153932/163255 (executing program) 1970/01/01 00:08:48 fetching corpus: 2413, signal 155012/163898 (executing program) 1970/01/01 00:08:51 fetching corpus: 2461, signal 155856/164440 (executing program) 1970/01/01 00:08:54 fetching corpus: 2511, signal 156758/164967 (executing program) 1970/01/01 00:08:56 fetching corpus: 2561, signal 157682/165478 (executing program) 1970/01/01 00:09:00 fetching corpus: 2611, signal 159332/166229 (executing program) 1970/01/01 00:09:02 fetching corpus: 2661, signal 160260/166698 (executing program) 1970/01/01 00:09:05 fetching corpus: 2711, signal 161430/167190 (executing program) 1970/01/01 00:09:09 fetching corpus: 2761, signal 162204/167536 (executing program) 1970/01/01 00:09:11 fetching corpus: 2810, signal 163808/168125 (executing program) 1970/01/01 00:09:15 fetching corpus: 2859, signal 164791/168533 (executing program) 1970/01/01 00:09:18 fetching corpus: 2909, signal 165514/168815 (executing program) 1970/01/01 00:09:20 fetching corpus: 2957, signal 166275/169101 (executing program) 1970/01/01 00:09:24 fetching corpus: 3007, signal 167107/169379 (executing program) 1970/01/01 00:09:26 fetching corpus: 3052, signal 167787/169602 (executing program) 1970/01/01 00:09:26 fetching corpus: 3052, signal 167787/169629 (executing program) 1970/01/01 00:09:26 fetching corpus: 3052, signal 167787/169653 (executing program) 1970/01/01 00:09:26 fetching corpus: 3052, signal 167787/169678 (executing program) 1970/01/01 00:09:27 fetching corpus: 3052, signal 167787/169711 (executing program) 1970/01/01 00:09:27 fetching corpus: 3052, signal 167787/169739 (executing program) 1970/01/01 00:09:27 fetching corpus: 3052, signal 167787/169766 (executing program) 1970/01/01 00:09:27 fetching corpus: 3052, signal 167787/169786 (executing program) 1970/01/01 00:09:27 fetching corpus: 3052, signal 167787/169815 (executing program) 1970/01/01 00:09:27 fetching corpus: 3052, signal 167787/169839 (executing program) 1970/01/01 00:09:27 fetching corpus: 3052, signal 167787/169869 (executing program) 1970/01/01 00:09:28 fetching corpus: 3052, signal 167787/169896 (executing program) 1970/01/01 00:09:28 fetching corpus: 3052, signal 167787/169930 (executing program) 1970/01/01 00:09:28 fetching corpus: 3053, signal 167787/169962 (executing program) 1970/01/01 00:09:28 fetching corpus: 3053, signal 167787/170000 (executing program) 1970/01/01 00:09:28 fetching corpus: 3053, signal 167787/170031 (executing program) 1970/01/01 00:09:28 fetching corpus: 3053, signal 167787/170079 (executing program) 1970/01/01 00:09:28 fetching corpus: 3053, signal 167787/170103 (executing program) 1970/01/01 00:09:28 fetching corpus: 3053, signal 167787/170132 (executing program) 1970/01/01 00:09:29 fetching corpus: 3053, signal 167787/170159 (executing program) 1970/01/01 00:09:29 fetching corpus: 3053, signal 167787/170193 (executing program) 1970/01/01 00:09:29 fetching corpus: 3053, signal 167787/170229 (executing program) 1970/01/01 00:09:29 fetching corpus: 3053, signal 167787/170254 (executing program) 1970/01/01 00:09:29 fetching corpus: 3053, signal 167787/170255 (executing program) 1970/01/01 00:09:29 fetching corpus: 3053, signal 167787/170255 (executing program) 1970/01/01 00:11:26 starting 2 fuzzer processes 00:11:26 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x121001, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x5101, 0x0) 00:11:26 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x5c8c000000000, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000100)) [ 719.231887][ T2062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 719.352849][ T2060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 719.473992][ T2062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 719.580342][ T2060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 732.896696][ C0] ================================================================== [ 732.900027][ C0] BUG: KASAN: slab-out-of-bounds in riscv_intc_irq+0x24/0xc8 [ 732.901482][ C0] Read of size 8 at addr ffffaf800ee1ff90 by task syz-executor.1/2060 [ 732.908707][ C0] [ 732.916973][ C0] CPU: 0 PID: 2060 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 732.918967][ C0] Hardware name: riscv-virtio,qemu (DT) [ 732.920435][ C0] Call Trace: [ 732.921522][ C0] [] dump_backtrace+0x2e/0x3c [ 732.922908][ C0] [] show_stack+0x34/0x40 [ 732.924250][ C0] [] dump_stack_lvl+0xe4/0x150 [ 732.925744][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 732.927337][ C0] [] kasan_report+0x184/0x1e0 [ 732.928726][ C0] [] __asan_load8+0x6e/0x96 [ 732.930116][ C0] [] riscv_intc_irq+0x24/0xc8 [ 732.931513][ C0] [] generic_handle_arch_irq+0x36/0x54 [ 732.932977][ C0] [] ret_from_exception+0x0/0x10 [ 732.934296][ C0] [] check_preemption_disabled+0x3a/0x192 [ 732.935963][ C0] [ 732.936901][ C0] Allocated by task 16777215: [ 732.937867][ C0] (stack is not available) [ 732.938695][ C0] [ 732.939411][ C0] Freed by task 2072: [ 732.940355][ C0] stack_trace_save+0xa6/0xd8 [ 732.941615][ C0] kasan_save_stack+0x2c/0x58 [ 732.942743][ C0] kasan_set_track+0x1a/0x26 [ 732.943843][ C0] kasan_set_free_info+0x1e/0x3a [ 732.945366][ C0] ____kasan_slab_free+0x15e/0x180 [ 732.947017][ C0] __kasan_slab_free+0x10/0x18 [ 732.948417][ C0] slab_free_freelist_hook+0x8e/0x1cc [ 732.949669][ C0] kfree+0xe0/0x3e4 [ 732.950739][ C0] tomoyo_realpath_from_path+0x158/0x3f4 [ 732.952059][ C0] tomoyo_path_perm+0x1fc/0x3a8 [ 732.953381][ C0] tomoyo_inode_getattr+0x1e/0x28 [ 732.954566][ C0] security_inode_getattr+0x82/0xc6 [ 732.956369][ C0] vfs_fstat+0x54/0xc8 [ 732.958035][ C0] __do_sys_newfstat+0x96/0x106 [ 732.959224][ C0] sys_newfstat+0x22/0x2e [ 732.960300][ C0] ret_from_syscall+0x0/0x2 [ 732.961621][ C0] [ 732.962330][ C0] Last potentially related work creation: [ 732.963343][ C0] ------------[ cut here ]------------ [ 732.964274][ C0] slab index 1506808 out of bounds (294) for stack id 8456fdf8 [ 732.969384][ C0] WARNING: CPU: 0 PID: 2060 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 732.971468][ C0] Modules linked in: [ 732.972770][ C0] CPU: 0 PID: 2060 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 732.974410][ C0] Hardware name: riscv-virtio,qemu (DT) [ 732.976013][ C0] epc : stack_depot_print+0x66/0x70 [ 732.978076][ C0] ra : stack_depot_print+0x66/0x70 [ 732.979478][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800ee1fd60 [ 732.980745][ C0] gp : ffffffff85863ac0 tp : ffffaf800e6d9840 t0 : ffffffff86bcb657 [ 732.982001][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800ee1fd70 [ 732.983321][ C0] s1 : ffffaf807aa786c0 a0 : 000000000000003c a1 : 00000000000f0000 [ 732.984614][ C0] a2 : 0000000000010506 a3 : ffffffff8012252a a4 : 93721f8c2c1ff900 [ 732.987027][ C0] a5 : 93721f8c2c1ff900 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 732.989310][ C0] s2 : ffffaf800ee1ff90 s3 : ffffaf8007202140 s4 : ffffaf800ee1e000 [ 732.990707][ C0] s5 : ffffaf800ee1f000 s6 : 0000000000003fff s7 : 8000000000000009 [ 732.991989][ C0] s8 : ffffffff85889780 s9 : 1ffff5f001dc400c s10: ffffffff84b73e00 [ 732.993280][ C0] s11: ffffffff80256d34 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 732.995603][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800ee1f858 [ 732.997538][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 733.000285][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 733.002100][ C0] [] kasan_report+0x184/0x1e0 [ 733.003502][ C0] [] __asan_load8+0x6e/0x96 [ 733.004834][ C0] [] riscv_intc_irq+0x24/0xc8 [ 733.006706][ C0] [] generic_handle_arch_irq+0x36/0x54 [ 733.008285][ C0] [] ret_from_exception+0x0/0x10 [ 733.009689][ C0] [] check_preemption_disabled+0x3a/0x192 [ 733.011394][ C0] irq event stamp: 52003 [ 733.012412][ C0] hardirqs last enabled at (52002): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 733.014228][ C0] hardirqs last disabled at (52003): [] __trace_hardirqs_off+0x18/0x20 [ 733.016929][ C0] softirqs last enabled at (51826): [] __do_softirq+0x618/0x8fc [ 733.018873][ C0] softirqs last disabled at (51831): [] __irq_exit_rcu+0x142/0x1f8 [ 733.020764][ C0] ---[ end trace 0000000000000000 ]--- [ 733.022343][ C0] [ 733.023164][ C0] Second to last potentially related work creation: [ 733.024153][ C0] ------------[ cut here ]------------ [ 733.025251][ C0] slab index 2097151 out of bounds (294) for stack id ffffffff [ 733.029764][ C0] WARNING: CPU: 0 PID: 2060 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 733.031703][ C0] Modules linked in: [ 733.032941][ C0] CPU: 0 PID: 2060 Comm: syz-executor.1 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 733.034456][ C0] Hardware name: riscv-virtio,qemu (DT) [ 733.036339][ C0] epc : stack_depot_print+0x66/0x70 [ 733.038498][ C0] ra : stack_depot_print+0x66/0x70 [ 733.039873][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800ee1fd60 [ 733.041239][ C0] gp : ffffffff85863ac0 tp : ffffaf800e6d9840 t0 : ffffffff86bcb657 [ 733.042603][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800ee1fd70 [ 733.043821][ C0] s1 : ffffaf807aa786c0 a0 : 000000000000003c a1 : 00000000000f0000 [ 733.045263][ C0] a2 : 0000000000010506 a3 : ffffffff8012252a a4 : 93721f8c2c1ff900 [ 733.047464][ C0] a5 : 93721f8c2c1ff900 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 733.048873][ C0] s2 : ffffaf800ee1ff90 s3 : ffffaf8007202140 s4 : ffffaf800ee1e000 [ 733.050096][ C0] s5 : ffffaf800ee1f000 s6 : 0000000000003fff s7 : 8000000000000009 [ 733.051346][ C0] s8 : ffffffff85889780 s9 : 1ffff5f001dc400c s10: ffffffff84b73e00 [ 733.052658][ C0] s11: ffffffff80256d34 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 733.053939][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800ee1f858 [ 733.055131][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 733.057281][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 733.059137][ C0] [] kasan_report+0x184/0x1e0 [ 733.060609][ C0] [] __asan_load8+0x6e/0x96 [ 733.061855][ C0] [] riscv_intc_irq+0x24/0xc8 [ 733.063351][ C0] [] generic_handle_arch_irq+0x36/0x54 [ 733.065004][ C0] [] ret_from_exception+0x0/0x10 [ 733.067069][ C0] [] check_preemption_disabled+0x3a/0x192 [ 733.068709][ C0] irq event stamp: 52003 [ 733.069607][ C0] hardirqs last enabled at (52002): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 733.071395][ C0] hardirqs last disabled at (52003): [] __trace_hardirqs_off+0x18/0x20 [ 733.073163][ C0] softirqs last enabled at (51826): [] __do_softirq+0x618/0x8fc [ 733.074735][ C0] softirqs last disabled at (51831): [] __irq_exit_rcu+0x142/0x1f8 [ 733.077230][ C0] ---[ end trace 0000000000000000 ]--- [ 733.078595][ C0] [ 733.079404][ C0] The buggy address belongs to the object at ffffaf800ee1e000 [ 733.079404][ C0] which belongs to the cache kmalloc-4k of size 4096 [ 733.081309][ C0] The buggy address is located 3984 bytes to the right of [ 733.081309][ C0] 4096-byte region [ffffaf800ee1e000, ffffaf800ee1f000) [ 733.083250][ C0] The buggy address belongs to the page: [ 733.084856][ C0] page:ffffaf807aa786c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8f018 [ 733.087754][ C0] head:ffffaf807aa786c0 order:3 compound_mapcount:0 compound_pincount:0 [ 733.089537][ C0] flags: 0x8800010200(slab|head|section=17|node=0|zone=0) [ 733.092710][ C0] raw: 0000008800010200 0000000000000000 0000000000000122 ffffaf8007202140 [ 733.094398][ C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 733.096582][ C0] raw: 00000000000007ff [ 733.098159][ C0] page dumped because: kasan: bad access detected [ 733.099622][ C0] page_owner tracks the page as allocated [ 733.100799][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2072, ts 694582396800, free_ts 563883942900 [ 733.103218][ C0] __set_page_owner+0x48/0x136 [ 733.104563][ C0] post_alloc_hook+0xd0/0x10a [ 733.106249][ C0] get_page_from_freelist+0x8da/0x12d8 [ 733.108164][ C0] __alloc_pages+0x150/0x3b6 [ 733.109346][ C0] alloc_pages+0x132/0x2a6 [ 733.110554][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 733.111784][ C0] new_slab+0x25a/0x2cc [ 733.112933][ C0] ___slab_alloc+0x56e/0x918 [ 733.114112][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 733.115916][ C0] __kmalloc+0x268/0x318 [ 733.117621][ C0] tomoyo_realpath_from_path+0x9c/0x3f4 [ 733.118881][ C0] tomoyo_check_open_permission+0x282/0x348 [ 733.120116][ C0] tomoyo_file_open+0x78/0x7c [ 733.121293][ C0] security_file_open+0x44/0x9a [ 733.122525][ C0] do_dentry_open+0x1c6/0x7d4 [ 733.123630][ C0] vfs_open+0x52/0x5e [ 733.124971][ C0] page last free stack trace: [ 733.126177][ C0] __reset_page_owner+0x4a/0xea [ 733.127535][ C0] free_pcp_prepare+0x29c/0x45e [ 733.128853][ C0] free_unref_page+0x6a/0x31e [ 733.129965][ C0] free_compound_page+0x70/0x8a [ 733.131117][ C0] __put_compound_page+0x7c/0xb0 [ 733.132271][ C0] __put_page+0x48/0x100 [ 733.133407][ C0] skb_release_data+0x2f8/0x3c4 [ 733.134534][ C0] kfree_skb_reason+0x11a/0x40a [ 733.136148][ C0] skb_release_data+0x33a/0x3c4 [ 733.137788][ C0] __kfree_skb+0x38/0x50 [ 733.138957][ C0] tcp_recvmsg+0x1f2/0x414 [ 733.140081][ C0] inet_recvmsg+0x10a/0x4ba [ 733.141349][ C0] sock_read_iter+0x26c/0x2ba [ 733.142594][ C0] new_sync_read+0x3ae/0x3d8 [ 733.143740][ C0] vfs_read+0x2ce/0x324 [ 733.144999][ C0] ksys_read+0x1c4/0x224 [ 733.146766][ C0] [ 733.147581][ C0] Memory state around the buggy address: [ 733.149093][ C0] ffffaf800ee1fe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 733.150417][ C0] ffffaf800ee1ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 733.151706][ C0] >ffffaf800ee1ff80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 733.153018][ C0] ^ [ 733.154177][ C0] ffffaf800ee20000: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 733.156005][ C0] ffffaf800ee20080: f1 f1 04 f2 04 f3 f3 f3 00 00 00 00 00 00 00 00 [ 733.158228][ C0] ================================================================== [ 733.159543][ C0] Disabling lock debugging due to kernel taint [ 733.181274][ T2060] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 733.182724][ T2060] CPU: 0 PID: 2060 Comm: syz-executor.1 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 733.184940][ T2060] Hardware name: riscv-virtio,qemu (DT) [ 733.186182][ T2060] Call Trace: [ 733.187072][ T2060] [] dump_backtrace+0x2e/0x3c [ 733.188250][ T2060] [] show_stack+0x34/0x40 [ 733.189323][ T2060] [] dump_stack_lvl+0xe4/0x150 [ 733.190541][ T2060] [] dump_stack+0x1c/0x24 [ 733.191814][ T2060] [] panic+0x24a/0x634 [ 733.192877][ T2060] [] schedule+0x0/0x14c [ 733.193994][ T2060] [] preempt_schedule_irq+0x4a/0x13e [ 733.195569][ T2060] [] resume_kernel+0x16/0x18 [ 733.197561][ T2060] SMP: stopping secondary CPUs [ 733.200223][ T2060] Rebooting in 86400 seconds.. VM DIAGNOSIS: 06:47:55 Registers: info registers vcpu 0 pc ffffffff8010b22c mhartid 0000000000000000 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80200f00 sepc ffffffff80200f00 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf800ee1f8c0 x3/gp ffffffff85863ac0 x4/tp ffffaf800e6d9840 x5/t0 ffffffff86bcb657 x6/t1 93721f8c2c1ff900 x7/t2 0000000000000000 x8/s0 ffffaf800ee1f8d0 x9/s1 0000000000001000 x10/a0 0000000000000120 x11/a1 ffffffffffffffff x12/a2 1ffff5f001cdb309 x13/a3 ffffffff80146d84 x14/a4 0000000000010509 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff80dcc9fe x18/s2 ffffaf800e6d9840 x19/s3 ffffffff84b73ec0 x20/s4 0000000000000000 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 ffffffff8011efb0 x24/s8 ffffffff86c1a620 x25/s9 ffffffff8588a420 x26/s10 ffffffff858655c0 x27/s11 ffffffff850d8410 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001dc3ebc x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc 0000000000083894 mhartid 0000000000000001 mstatus 00000000000040a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 00000000000836f8 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra 0000000000048414 x2/sp 000000c000717f58 x3/gp 000000000147e718 x4/tp 00007fffbc4aa6c8 x5/t0 0000000000000001 x6/t1 0000000000000000 x7/t2 0000000000000000 x8/s0 0000000000000000 x9/s1 000000c0004848b0 x10/a0 000000000147e718 x11/a1 0000000000000081 x12/a2 0000000000000001 x13/a3 0000000000000000 x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 ffffffffffffffff x17/a7 0000000000000062 x18/s2 ffffffffffffffff x19/s3 0000000000000002 x20/s4 000000000083e610 x21/s5 0000000000000005 x22/s6 0000000000000000 x23/s7 0000000000000001 x24/s8 0000000000000001 x25/s9 0000000000000028 x26/s10 00000000000000d2 x27/s11 000000c000207d40 x28/t3 000000000001fffe x29/t4 0000000000000027 x30/t5 00000000000000e1 x31/t6 000000000008340c f0/ft0 3f8427a5f5840a10 f1/ft1 3f847ae147ae147b f2/ft2 41ab9f9856f4e9f1 f3/ft3 4141f6d400000000 f4/ft4 412d952000000000 f5/ft5 4038ee44cd59ffab f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000