[ 291.702467][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 291.727736][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 291.765492][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:29479' (ECDSA) to the list of known hosts. 1970/01/01 00:06:08 fuzzer started 1970/01/01 00:06:23 dialing manager at localhost:46487 [ 389.047292][ T2026] cgroup: Unknown subsys name 'net' [ 389.957798][ T2026] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:29 syscalls: 2827 1970/01/01 00:06:29 code coverage: enabled 1970/01/01 00:06:29 comparison tracing: ioctl(KCOV_DISABLE) failed: invalid argument 1970/01/01 00:06:29 extra coverage: enabled 1970/01/01 00:06:29 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:29 setuid sandbox: enabled 1970/01/01 00:06:29 namespace sandbox: enabled 1970/01/01 00:06:29 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:29 fault injection: enabled 1970/01/01 00:06:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:29 net packet injection: enabled 1970/01/01 00:06:29 net device setup: enabled 1970/01/01 00:06:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:29 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:29 USB emulation: enabled 1970/01/01 00:06:29 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:29 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:29 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:29 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:34 fetching corpus: 50, signal 26692/30322 (executing program) 1970/01/01 00:06:39 fetching corpus: 100, signal 52067/56990 (executing program) 1970/01/01 00:06:42 fetching corpus: 150, signal 61141/67403 (executing program) 1970/01/01 00:06:45 fetching corpus: 199, signal 68421/76021 (executing program) 1970/01/01 00:06:49 fetching corpus: 249, signal 77707/86450 (executing program) 1970/01/01 00:06:52 fetching corpus: 299, signal 83509/93449 (executing program) 1970/01/01 00:06:54 fetching corpus: 349, signal 94289/105077 (executing program) 1970/01/01 00:06:57 fetching corpus: 398, signal 98580/110448 (executing program) 1970/01/01 00:07:00 fetching corpus: 448, signal 102454/115389 (executing program) 1970/01/01 00:07:05 fetching corpus: 498, signal 107719/121516 (executing program) 1970/01/01 00:07:07 fetching corpus: 548, signal 109972/124819 (executing program) 1970/01/01 00:07:11 fetching corpus: 598, signal 113035/128850 (executing program) 1970/01/01 00:07:13 fetching corpus: 648, signal 115831/132579 (executing program) 1970/01/01 00:07:16 fetching corpus: 697, signal 119218/136796 (executing program) 1970/01/01 00:07:19 fetching corpus: 747, signal 121865/140330 (executing program) 1970/01/01 00:07:21 fetching corpus: 796, signal 124583/143856 (executing program) 1970/01/01 00:07:24 fetching corpus: 846, signal 127136/147227 (executing program) 1970/01/01 00:07:26 fetching corpus: 896, signal 128598/149584 (executing program) 1970/01/01 00:07:29 fetching corpus: 945, signal 132805/154307 (executing program) 1970/01/01 00:07:31 fetching corpus: 995, signal 135091/157358 (executing program) 1970/01/01 00:07:34 fetching corpus: 1045, signal 136879/159961 (executing program) 1970/01/01 00:07:37 fetching corpus: 1095, signal 138604/162452 (executing program) 1970/01/01 00:07:39 fetching corpus: 1145, signal 142006/166365 (executing program) 1970/01/01 00:07:42 fetching corpus: 1195, signal 144204/169223 (executing program) 1970/01/01 00:07:45 fetching corpus: 1244, signal 146621/172189 (executing program) 1970/01/01 00:07:47 fetching corpus: 1294, signal 148233/174487 (executing program) 1970/01/01 00:07:49 fetching corpus: 1344, signal 149320/176326 (executing program) 1970/01/01 00:07:51 fetching corpus: 1394, signal 150797/178466 (executing program) 1970/01/01 00:07:54 fetching corpus: 1444, signal 152715/180964 (executing program) 1970/01/01 00:07:56 fetching corpus: 1494, signal 154284/183099 (executing program) 1970/01/01 00:07:59 fetching corpus: 1544, signal 155608/185073 (executing program) 1970/01/01 00:08:02 fetching corpus: 1594, signal 156694/186809 (executing program) 1970/01/01 00:08:06 fetching corpus: 1644, signal 157743/188512 (executing program) 1970/01/01 00:08:10 fetching corpus: 1693, signal 160271/191378 (executing program) 1970/01/01 00:08:14 fetching corpus: 1743, signal 161650/193275 (executing program) 1970/01/01 00:08:17 fetching corpus: 1793, signal 163701/195634 (executing program) 1970/01/01 00:08:20 fetching corpus: 1843, signal 165242/197638 (executing program) 1970/01/01 00:08:22 fetching corpus: 1893, signal 166072/199076 (executing program) 1970/01/01 00:08:27 fetching corpus: 1943, signal 166800/200439 (executing program) 1970/01/01 00:08:30 fetching corpus: 1993, signal 168208/202209 (executing program) 1970/01/01 00:08:33 fetching corpus: 2043, signal 169213/203784 (executing program) 1970/01/01 00:08:38 fetching corpus: 2093, signal 171056/205963 (executing program) 1970/01/01 00:08:41 fetching corpus: 2142, signal 173068/208178 (executing program) 1970/01/01 00:08:43 fetching corpus: 2192, signal 174409/209901 (executing program) 1970/01/01 00:08:47 fetching corpus: 2242, signal 175387/211349 (executing program) 1970/01/01 00:08:50 fetching corpus: 2291, signal 176755/213039 (executing program) 1970/01/01 00:08:56 fetching corpus: 2341, signal 177880/214548 (executing program) 1970/01/01 00:08:59 fetching corpus: 2391, signal 179981/216722 (executing program) 1970/01/01 00:09:05 fetching corpus: 2441, signal 184790/220555 (executing program) 1970/01/01 00:09:08 fetching corpus: 2491, signal 186408/222289 (executing program) 1970/01/01 00:09:10 fetching corpus: 2540, signal 188306/224202 (executing program) 1970/01/01 00:09:14 fetching corpus: 2590, signal 189667/225790 (executing program) 1970/01/01 00:09:17 fetching corpus: 2639, signal 191726/227720 (executing program) 1970/01/01 00:09:20 fetching corpus: 2689, signal 192687/228972 (executing program) 1970/01/01 00:09:23 fetching corpus: 2739, signal 193483/230129 (executing program) 1970/01/01 00:09:25 fetching corpus: 2789, signal 194422/231307 (executing program) 1970/01/01 00:09:29 fetching corpus: 2839, signal 195445/232542 (executing program) 1970/01/01 00:09:31 fetching corpus: 2889, signal 196224/233655 (executing program) 1970/01/01 00:09:34 fetching corpus: 2939, signal 197306/234969 (executing program) 1970/01/01 00:09:38 fetching corpus: 2989, signal 198940/236513 (executing program) 1970/01/01 00:09:40 fetching corpus: 3039, signal 199633/237568 (executing program) 1970/01/01 00:09:43 fetching corpus: 3089, signal 200705/238796 (executing program) 1970/01/01 00:09:46 fetching corpus: 3138, signal 202685/240482 (executing program) 1970/01/01 00:09:49 fetching corpus: 3187, signal 203488/241517 (executing program) 1970/01/01 00:09:52 fetching corpus: 3237, signal 204120/242420 (executing program) 1970/01/01 00:09:54 fetching corpus: 3287, signal 205447/243717 (executing program) 1970/01/01 00:09:57 fetching corpus: 3337, signal 206017/244580 (executing program) 1970/01/01 00:09:59 fetching corpus: 3386, signal 207041/245749 (executing program) 1970/01/01 00:10:01 fetching corpus: 3436, signal 207787/246702 (executing program) 1970/01/01 00:10:05 fetching corpus: 3486, signal 209109/247932 (executing program) 1970/01/01 00:10:07 fetching corpus: 3536, signal 210371/249143 (executing program) 1970/01/01 00:10:10 fetching corpus: 3585, signal 211288/250155 (executing program) 1970/01/01 00:10:12 fetching corpus: 3635, signal 211891/250979 (executing program) 1970/01/01 00:10:16 fetching corpus: 3685, signal 213020/252032 (executing program) 1970/01/01 00:10:21 fetching corpus: 3734, signal 213989/252961 (executing program) 1970/01/01 00:10:25 fetching corpus: 3784, signal 214677/253819 (executing program) 1970/01/01 00:10:28 fetching corpus: 3834, signal 215983/254915 (executing program) 1970/01/01 00:10:32 fetching corpus: 3884, signal 216995/255881 (executing program) 1970/01/01 00:10:35 fetching corpus: 3933, signal 217710/256714 (executing program) 1970/01/01 00:10:39 fetching corpus: 3983, signal 218335/257490 (executing program) 1970/01/01 00:10:42 fetching corpus: 4033, signal 219330/258370 (executing program) 1970/01/01 00:10:45 fetching corpus: 4083, signal 220889/259466 (executing program) 1970/01/01 00:10:47 fetching corpus: 4133, signal 221617/260204 (executing program) 1970/01/01 00:10:49 fetching corpus: 4183, signal 222471/261045 (executing program) 1970/01/01 00:10:54 fetching corpus: 4233, signal 224777/262456 (executing program) 1970/01/01 00:10:57 fetching corpus: 4283, signal 225335/263121 (executing program) 1970/01/01 00:10:59 fetching corpus: 4333, signal 225873/263755 (executing program) 1970/01/01 00:11:01 fetching corpus: 4382, signal 226318/264386 (executing program) 1970/01/01 00:11:04 fetching corpus: 4431, signal 227176/265127 (executing program) 1970/01/01 00:11:07 fetching corpus: 4481, signal 227978/265877 (executing program) 1970/01/01 00:11:10 fetching corpus: 4531, signal 228522/266516 (executing program) 1970/01/01 00:11:13 fetching corpus: 4581, signal 229242/267202 (executing program) 1970/01/01 00:11:15 fetching corpus: 4631, signal 231840/268483 (executing program) 1970/01/01 00:11:20 fetching corpus: 4681, signal 232736/269145 (executing program) 1970/01/01 00:11:22 fetching corpus: 4730, signal 233599/269833 (executing program) 1970/01/01 00:11:25 fetching corpus: 4779, signal 234207/270419 (executing program) 1970/01/01 00:11:27 fetching corpus: 4829, signal 234916/270994 (executing program) 1970/01/01 00:11:30 fetching corpus: 4879, signal 235596/271554 (executing program) 1970/01/01 00:11:33 fetching corpus: 4929, signal 236275/272095 (executing program) 1970/01/01 00:11:37 fetching corpus: 4979, signal 239111/273312 (executing program) 1970/01/01 00:11:40 fetching corpus: 5028, signal 239799/273871 (executing program) 1970/01/01 00:11:42 fetching corpus: 5078, signal 240327/274364 (executing program) 1970/01/01 00:11:44 fetching corpus: 5128, signal 240766/274835 (executing program) 1970/01/01 00:11:46 fetching corpus: 5177, signal 241394/275337 (executing program) 1970/01/01 00:11:50 fetching corpus: 5227, signal 241793/275797 (executing program) 1970/01/01 00:11:53 fetching corpus: 5277, signal 242400/276318 (executing program) 1970/01/01 00:11:55 fetching corpus: 5327, signal 243034/276780 (executing program) 1970/01/01 00:11:58 fetching corpus: 5377, signal 244402/277416 (executing program) 1970/01/01 00:12:00 fetching corpus: 5426, signal 244852/277833 (executing program) 1970/01/01 00:12:02 fetching corpus: 5475, signal 245405/278245 (executing program) 1970/01/01 00:12:06 fetching corpus: 5525, signal 245991/278680 (executing program) 1970/01/01 00:12:10 fetching corpus: 5574, signal 246589/279097 (executing program) 1970/01/01 00:12:13 fetching corpus: 5624, signal 247044/279473 (executing program) 1970/01/01 00:12:15 fetching corpus: 5672, signal 247903/279938 (executing program) 1970/01/01 00:12:17 fetching corpus: 5722, signal 248551/280329 (executing program) 1970/01/01 00:12:20 fetching corpus: 5772, signal 249881/280870 (executing program) 1970/01/01 00:12:23 fetching corpus: 5822, signal 250540/281245 (executing program) 1970/01/01 00:12:26 fetching corpus: 5872, signal 251243/281628 (executing program) 1970/01/01 00:12:28 fetching corpus: 5922, signal 251753/281977 (executing program) 1970/01/01 00:12:30 fetching corpus: 5972, signal 252224/282292 (executing program) 1970/01/01 00:12:32 fetching corpus: 6021, signal 252712/282611 (executing program) 1970/01/01 00:12:34 fetching corpus: 6071, signal 253362/282948 (executing program) 1970/01/01 00:12:39 fetching corpus: 6121, signal 253810/283274 (executing program) 1970/01/01 00:12:42 fetching corpus: 6171, signal 254144/283562 (executing program) 1970/01/01 00:12:46 fetching corpus: 6221, signal 254824/283895 (executing program) 1970/01/01 00:12:50 fetching corpus: 6270, signal 255470/284182 (executing program) 1970/01/01 00:12:53 fetching corpus: 6320, signal 256239/284523 (executing program) 1970/01/01 00:12:56 fetching corpus: 6370, signal 256654/284759 (executing program) 1970/01/01 00:12:59 fetching corpus: 6420, signal 257087/285037 (executing program) 1970/01/01 00:13:01 fetching corpus: 6469, signal 257527/285306 (executing program) 1970/01/01 00:13:04 fetching corpus: 6518, signal 258066/285551 (executing program) 1970/01/01 00:13:07 fetching corpus: 6567, signal 258522/285795 (executing program) 1970/01/01 00:13:10 fetching corpus: 6617, signal 258915/286027 (executing program) 1970/01/01 00:13:13 fetching corpus: 6667, signal 261236/286390 (executing program) 1970/01/01 00:13:17 fetching corpus: 6716, signal 261805/286634 (executing program) 1970/01/01 00:13:19 fetching corpus: 6764, signal 262370/286848 (executing program) 1970/01/01 00:13:22 fetching corpus: 6814, signal 263113/287060 (executing program) 1970/01/01 00:13:25 fetching corpus: 6864, signal 263781/287270 (executing program) 1970/01/01 00:13:27 fetching corpus: 6914, signal 264247/287471 (executing program) 1970/01/01 00:13:32 fetching corpus: 6964, signal 264797/287655 (executing program) 1970/01/01 00:13:35 fetching corpus: 7014, signal 265640/287829 (executing program) 1970/01/01 00:13:39 fetching corpus: 7064, signal 266013/287996 (executing program) 1970/01/01 00:13:41 fetching corpus: 7113, signal 266429/288164 (executing program) 1970/01/01 00:13:43 fetching corpus: 7162, signal 266815/288166 (executing program) 1970/01/01 00:13:46 fetching corpus: 7212, signal 267280/288166 (executing program) 1970/01/01 00:13:49 fetching corpus: 7261, signal 267764/288175 (executing program) 1970/01/01 00:13:53 fetching corpus: 7311, signal 268236/288179 (executing program) 1970/01/01 00:13:55 fetching corpus: 7361, signal 268635/288179 (executing program) 1970/01/01 00:13:58 fetching corpus: 7411, signal 268967/288179 (executing program) 1970/01/01 00:14:00 fetching corpus: 7461, signal 269445/288185 (executing program) 1970/01/01 00:14:03 fetching corpus: 7510, signal 269892/288191 (executing program) 1970/01/01 00:14:05 fetching corpus: 7560, signal 270186/288191 (executing program) 1970/01/01 00:14:10 fetching corpus: 7609, signal 270672/288207 (executing program) 1970/01/01 00:14:12 fetching corpus: 7659, signal 271032/288207 (executing program) 1970/01/01 00:14:15 fetching corpus: 7709, signal 271905/288207 (executing program) 1970/01/01 00:14:18 fetching corpus: 7759, signal 272293/288226 (executing program) 1970/01/01 00:14:20 fetching corpus: 7809, signal 272885/288226 (executing program) 1970/01/01 00:14:23 fetching corpus: 7859, signal 273439/288226 (executing program) 1970/01/01 00:14:26 fetching corpus: 7909, signal 273940/288226 (executing program) 1970/01/01 00:14:31 fetching corpus: 7958, signal 275776/288228 (executing program) 1970/01/01 00:14:34 fetching corpus: 8008, signal 276099/288233 (executing program) 1970/01/01 00:14:37 fetching corpus: 8058, signal 276593/288243 (executing program) 1970/01/01 00:14:40 fetching corpus: 8108, signal 276965/288243 (executing program) 1970/01/01 00:14:42 fetching corpus: 8157, signal 277468/288243 (executing program) 1970/01/01 00:14:45 fetching corpus: 8207, signal 277872/288243 (executing program) 1970/01/01 00:14:47 fetching corpus: 8257, signal 278295/288243 (executing program) 1970/01/01 00:14:50 fetching corpus: 8306, signal 278673/288243 (executing program) 1970/01/01 00:14:54 fetching corpus: 8356, signal 279063/288250 (executing program) 1970/01/01 00:14:59 fetching corpus: 8406, signal 279422/288250 (executing program) 1970/01/01 00:15:01 fetching corpus: 8456, signal 279839/288257 (executing program) 1970/01/01 00:15:06 fetching corpus: 8506, signal 280194/288257 (executing program) 1970/01/01 00:15:09 fetching corpus: 8556, signal 280564/288257 (executing program) 1970/01/01 00:15:13 fetching corpus: 8605, signal 281022/288272 (executing program) 1970/01/01 00:15:17 fetching corpus: 8655, signal 281406/288288 (executing program) 1970/01/01 00:15:21 fetching corpus: 8704, signal 282720/288310 (executing program) 1970/01/01 00:15:24 fetching corpus: 8754, signal 283086/288310 (executing program) 1970/01/01 00:15:27 fetching corpus: 8804, signal 283657/288312 (executing program) 1970/01/01 00:15:29 fetching corpus: 8854, signal 284490/288327 (executing program) 1970/01/01 00:15:32 fetching corpus: 8904, signal 284839/288327 (executing program) 1970/01/01 00:15:34 fetching corpus: 8943, signal 285142/288327 (executing program) 1970/01/01 00:15:34 fetching corpus: 8945, signal 285147/288327 (executing program) 1970/01/01 00:15:34 fetching corpus: 8945, signal 285147/288327 (executing program) 1970/01/01 00:17:43 starting 2 fuzzer processes 00:17:43 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) shutdown(r0, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, &(0x7f0000000100), 0x0, 0x0) 00:17:43 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_DPORT={0x6}, @IFLA_GRE_IGNORE_DF={0x5}, @IFLA_GRE_ENCAP_FLAGS={0x6}]}}}]}, 0x4c}}, 0x0) [ 1099.872329][ T2048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1100.013155][ T2047] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1100.087366][ T2048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1100.959313][ T2047] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1114.322058][ T2048] device hsr_slave_0 entered promiscuous mode [ 1114.379653][ T2048] device hsr_slave_1 entered promiscuous mode [ 1116.460710][ T2047] device hsr_slave_0 entered promiscuous mode [ 1116.507846][ T2047] device hsr_slave_1 entered promiscuous mode [ 1116.533293][ T2047] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1116.541211][ T2047] Cannot create hsr debugfs directory [ 1125.221174][ T2048] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1125.840045][ T2048] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1126.151543][ T2048] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1126.528968][ T2048] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1127.778549][ T2047] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1127.937187][ T2047] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1128.230539][ C0] ================================================================== [ 1128.235644][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 1128.237412][ C0] Read of size 8 at addr ffffaf800f75fe80 by task syz-executor.1/2048 [ 1128.239359][ C0] [ 1128.242300][ C0] CPU: 0 PID: 2048 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1128.245821][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1128.247976][ C0] Call Trace: [ 1128.249078][ C0] [] dump_backtrace+0x2e/0x3c [ 1128.250627][ C0] [] show_stack+0x34/0x40 [ 1128.252057][ C0] [] dump_stack_lvl+0xe4/0x150 [ 1128.253628][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 1128.255765][ C0] [] kasan_report+0x184/0x1e0 [ 1128.257429][ C0] [] __asan_load8+0x6e/0x96 [ 1128.258938][ C0] [] walk_stackframe+0x11c/0x260 [ 1128.260526][ C0] [] arch_stack_walk+0x2c/0x3c [ 1128.262139][ C0] [] stack_trace_save+0xa6/0xd8 [ 1128.263842][ C0] [] kasan_save_stack+0x2c/0x58 [ 1128.265992][ C0] [ 1128.266980][ C0] Allocated by task 259389664: [ 1128.268033][ C0] (stack is not available) [ 1128.268958][ C0] [ 1128.269799][ C0] Last potentially related work creation: [ 1128.270950][ C0] ------------[ cut here ]------------ [ 1128.271976][ C0] slab index 168160 out of bounds (316) for stack id 836290e0 [ 1128.276951][ C0] WARNING: CPU: 0 PID: 2048 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 1128.279128][ C0] Modules linked in: [ 1128.280550][ C0] CPU: 0 PID: 2048 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1128.282309][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1128.283465][ C0] epc : stack_depot_print+0x66/0x70 [ 1128.285575][ C0] ra : stack_depot_print+0x66/0x70 [ 1128.287046][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800f75fd40 [ 1128.288422][ C0] gp : ffffffff85863ac0 tp : ffffaf800d908000 t0 : ffffffff86bcb657 [ 1128.289828][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800f75fd50 [ 1128.291260][ C0] s1 : ffffaf807aaa20c0 a0 : 000000000000003b a1 : 00000000000f0000 [ 1128.292638][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : fd93be3ce164fb00 [ 1128.294187][ C0] a5 : fd93be3ce164fb00 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 1128.296630][ C0] s2 : ffffaf800f75fe80 s3 : ffffaf8007202000 s4 : ffffaf800f75f000 [ 1128.298138][ C0] s5 : ffffaf800f75f800 s6 : 0000000000003fff s7 : ffffaf800f75fe20 [ 1128.299606][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf800f75ff00 [ 1128.301070][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 1128.303077][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800f75f838 [ 1128.305570][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 1128.308076][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 1128.309836][ C0] [] kasan_report+0x184/0x1e0 [ 1128.311392][ C0] [] __asan_load8+0x6e/0x96 [ 1128.312796][ C0] [] walk_stackframe+0x11c/0x260 [ 1128.315235][ C0] [] arch_stack_walk+0x2c/0x3c [ 1128.316895][ C0] [] stack_trace_save+0xa6/0xd8 [ 1128.318395][ C0] [] kasan_save_stack+0x2c/0x58 [ 1128.320165][ C0] irq event stamp: 107053 [ 1128.321154][ C0] hardirqs last enabled at (107052): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 1128.322992][ C0] hardirqs last disabled at (107053): [] _raw_spin_lock_irqsave+0x60/0x62 [ 1128.326268][ C0] softirqs last enabled at (106928): [] ip6_route_add+0x7e/0x148 [ 1128.328194][ C0] softirqs last disabled at (106945): [] __irq_exit_rcu+0x142/0x1f8 [ 1128.330031][ C0] ---[ end trace 0000000000000000 ]--- [ 1128.331835][ C0] [ 1128.332691][ C0] Second to last potentially related work creation: [ 1128.333961][ C0] ------------[ cut here ]------------ [ 1128.335656][ C0] slab index 2097151 out of bounds (316) for stack id ffffffff [ 1128.340052][ C0] WARNING: CPU: 0 PID: 2048 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 1128.342151][ C0] Modules linked in: [ 1128.343534][ C0] CPU: 0 PID: 2048 Comm: syz-executor.1 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1128.346947][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1128.348170][ C0] epc : stack_depot_print+0x66/0x70 [ 1128.349551][ C0] ra : stack_depot_print+0x66/0x70 [ 1128.350892][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800f75fd40 [ 1128.352204][ C0] gp : ffffffff85863ac0 tp : ffffaf800d908000 t0 : ffffffff86bcb657 [ 1128.353587][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800f75fd50 [ 1128.356084][ C0] s1 : ffffaf807aaa20c0 a0 : 000000000000003c a1 : 00000000000f0000 [ 1128.357512][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : fd93be3ce164fb00 [ 1128.358873][ C0] a5 : fd93be3ce164fb00 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 1128.360310][ C0] s2 : ffffaf800f75fe80 s3 : ffffaf8007202000 s4 : ffffaf800f75f000 [ 1128.361667][ C0] s5 : ffffaf800f75f800 s6 : 0000000000003fff s7 : ffffaf800f75fe20 [ 1128.363007][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf800f75ff00 [ 1128.365792][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 1128.368262][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800f75f838 [ 1128.369525][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 1128.371020][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 1128.373073][ C0] [] kasan_report+0x184/0x1e0 [ 1128.375713][ C0] [] __asan_load8+0x6e/0x96 [ 1128.377294][ C0] [] walk_stackframe+0x11c/0x260 [ 1128.378888][ C0] [] arch_stack_walk+0x2c/0x3c [ 1128.380390][ C0] [] stack_trace_save+0xa6/0xd8 [ 1128.381909][ C0] [] kasan_save_stack+0x2c/0x58 [ 1128.383500][ C0] irq event stamp: 107053 [ 1128.385203][ C0] hardirqs last enabled at (107052): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 1128.387173][ C0] hardirqs last disabled at (107053): [] _raw_spin_lock_irqsave+0x60/0x62 [ 1128.389013][ C0] softirqs last enabled at (106928): [] ip6_route_add+0x7e/0x148 [ 1128.390911][ C0] softirqs last disabled at (106945): [] __irq_exit_rcu+0x142/0x1f8 [ 1128.392890][ C0] ---[ end trace 0000000000000000 ]--- [ 1128.394969][ C0] [ 1128.396277][ C0] The buggy address belongs to the object at ffffaf800f75f000 [ 1128.396277][ C0] which belongs to the cache kmalloc-2k of size 2048 [ 1128.398413][ C0] The buggy address is located 1664 bytes to the right of [ 1128.398413][ C0] 2048-byte region [ffffaf800f75f000, ffffaf800f75f800) [ 1128.400439][ C0] The buggy address belongs to the page: [ 1128.402068][ C0] page:ffffaf807aaa20c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8f958 [ 1128.404640][ C0] head:ffffaf807aaa20c0 order:3 compound_mapcount:0 compound_pincount:0 [ 1128.406408][ C0] flags: 0x8800010200(slab|head|section=17|node=0|zone=0) [ 1128.409729][ C0] raw: 0000008800010200 0000000000000000 0000000000000122 ffffaf8007202000 [ 1128.411452][ C0] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 1128.412957][ C0] raw: 00000000000007ff [ 1128.414484][ C0] page dumped because: kasan: bad access detected [ 1128.416890][ C0] page_owner tracks the page as allocated [ 1128.417999][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2047, ts 1116341962400, free_ts 1110952027700 [ 1128.421056][ C0] __set_page_owner+0x48/0x136 [ 1128.422631][ C0] post_alloc_hook+0xd0/0x10a [ 1128.424568][ C0] get_page_from_freelist+0x8da/0x12d8 [ 1128.426120][ C0] __alloc_pages+0x150/0x3b6 [ 1128.427451][ C0] alloc_pages+0x132/0x2a6 [ 1128.428795][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 1128.430268][ C0] new_slab+0x25a/0x2cc [ 1128.431629][ C0] ___slab_alloc+0x56e/0x918 [ 1128.432976][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 1128.435369][ C0] __kmalloc_track_caller+0x25a/0x30e [ 1128.436831][ C0] kmemdup+0x2a/0x5a [ 1128.437937][ C0] neigh_sysctl_register+0xb2/0x380 [ 1128.439238][ C0] addrconf_sysctl_register+0xa4/0x138 [ 1128.440636][ C0] ipv6_add_dev+0x610/0xa7e [ 1128.441883][ C0] addrconf_notify+0x5e8/0x1360 [ 1128.443146][ C0] notifier_call_chain+0xb8/0x188 [ 1128.445576][ C0] page last free stack trace: [ 1128.446659][ C0] __reset_page_owner+0x4a/0xea [ 1128.447978][ C0] free_pcp_prepare+0x29c/0x45e [ 1128.449213][ C0] free_unref_page+0x6a/0x31e [ 1128.450483][ C0] __free_pages+0xe2/0x112 [ 1128.451785][ C0] __free_slab+0x122/0x27c [ 1128.453078][ C0] discard_slab+0x4c/0x7a [ 1128.455181][ C0] __slab_free+0x20a/0x29c [ 1128.456685][ C0] ___cache_free+0x17c/0x354 [ 1128.458036][ C0] qlist_free_all+0x7c/0x132 [ 1128.459270][ C0] kasan_quarantine_reduce+0x14c/0x1c8 [ 1128.460758][ C0] __kasan_slab_alloc+0x5c/0x98 [ 1128.462289][ C0] kmem_cache_alloc+0x338/0x3de [ 1128.463662][ C0] vm_area_alloc+0x2e/0xaa [ 1128.465837][ C0] mmap_region+0x62e/0xa88 [ 1128.467755][ C0] do_mmap+0x784/0x8d2 [ 1128.469170][ C0] vm_mmap_pgoff+0x1a2/0x24e [ 1128.470633][ C0] [ 1128.471506][ C0] Memory state around the buggy address: [ 1128.473026][ C0] ffffaf800f75fd80: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 1128.476032][ C0] ffffaf800f75fe00: fc fc fc fc 00 00 00 00 00 00 00 00 fc fc fc fc [ 1128.477587][ C0] >ffffaf800f75fe80: fc fc fc fc fc fc fc fc fc fc fc fc f1 f1 f1 f1 [ 1128.478945][ C0] ^ [ 1128.480184][ C0] ffffaf800f75ff00: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 1128.481535][ C0] ffffaf800f75ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1128.483123][ C0] ================================================================== [ 1128.485739][ C0] Disabling lock debugging due to kernel taint [ 1128.499199][ T2048] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 1128.500727][ T2048] CPU: 0 PID: 2048 Comm: syz-executor.1 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1128.502717][ T2048] Hardware name: riscv-virtio,qemu (DT) [ 1128.504085][ T2048] Call Trace: [ 1128.505197][ T2048] [] dump_backtrace+0x2e/0x3c [ 1128.506567][ T2048] [] show_stack+0x34/0x40 [ 1128.507668][ T2048] [] dump_stack_lvl+0xe4/0x150 [ 1128.508988][ T2048] [] dump_stack+0x1c/0x24 [ 1128.510211][ T2048] [] panic+0x24a/0x634 [ 1128.511531][ T2048] [] schedule+0x0/0x14c [ 1128.513102][ T2048] [] preempt_schedule_common+0x4e/0xde [ 1128.515381][ T2048] [] preempt_schedule+0x34/0x36 [ 1128.516773][ T2048] [] _raw_spin_unlock_irqrestore+0x8c/0x98 [ 1128.518464][ T2048] [] pcpu_alloc+0x7ca/0x1278 [ 1128.519982][ T2048] [] __alloc_percpu_gfp+0x28/0x36 [ 1128.521352][ T2048] [] fib6_nh_init+0x37a/0x10c0 [ 1128.522670][ T2048] [] ip6_route_info_create+0xb70/0xf78 [ 1128.524877][ T2048] [] addrconf_f6i_alloc+0x242/0x3d8 [ 1128.526386][ T2048] [] ipv6_add_addr+0x28e/0x12f2 [ 1128.527673][ T2048] [] add_addr+0xc8/0x274 [ 1128.528853][ T2048] [] add_v4_addrs+0x4a8/0x640 [ 1128.530019][ T2048] [] addrconf_notify+0x784/0x1360 [ 1128.531288][ T2048] [] notifier_call_chain+0xb8/0x188 [ 1128.532672][ T2048] [] raw_notifier_call_chain+0x2a/0x38 [ 1128.534691][ T2048] [] call_netdevice_notifiers_info+0x9e/0x10c [ 1128.536110][ T2048] [] __dev_notify_flags+0x108/0x1fa [ 1128.537601][ T2048] [] dev_change_flags+0x9c/0xba [ 1128.538969][ T2048] [] do_setlink+0x5d6/0x21c4 [ 1128.540242][ T2048] [] __rtnl_newlink+0x99e/0xfa0 [ 1128.541546][ T2048] [] rtnl_newlink+0x60/0x8c [ 1128.542775][ T2048] [] rtnetlink_rcv_msg+0x338/0x9a0 [ 1128.545150][ T2048] [] netlink_rcv_skb+0xf8/0x2be [ 1128.546560][ T2048] [] rtnetlink_rcv+0x26/0x30 [ 1128.548337][ T2048] [] netlink_unicast+0x40e/0x5fe [ 1128.549629][ T2048] [] netlink_sendmsg+0x4e0/0x994 [ 1128.551294][ T2048] [] sock_sendmsg+0xa0/0xc4 [ 1128.553145][ T2048] [] __sys_sendto+0x1f2/0x2e0 [ 1128.554330][ T2048] [] sys_sendto+0x3e/0x52 [ 1128.555551][ T2048] [] ret_from_syscall+0x0/0x2 [ 1128.557106][ T2048] SMP: stopping secondary CPUs [ 1128.559688][ T2048] Rebooting in 86400 seconds.. VM DIAGNOSIS: 03:21:19 Registers: info registers vcpu 0 pc ffffffff8010b22c mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8010dd66 sepc ffffffff80200f00 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf800f75f840 x3/gp ffffffff85863ac0 x4/tp ffffaf800d908000 x5/t0 ffffffff86bcb657 x6/t1 fd93be3ce164fb00 x7/t2 0000000000000000 x8/s0 ffffaf800f75f850 x9/s1 0000000000001000 x10/a0 0000000000000020 x11/a1 ffffffffffffffff x12/a2 1ffff5f001b21001 x13/a3 ffffffff80146d84 x14/a4 0000000000000508 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff8011ede2 x18/s2 ffffaf800f75f980 x19/s3 ffffffff84b73ec0 x20/s4 0000000000000000 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 ffffffff8588c3e0 x24/s8 ffffffff86c1a620 x25/s9 1ffff5f001eebf20 x26/s10 ffffffff84a88898 x27/s11 ffffffff8011edfa x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001eebeec x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80475986 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff80475986 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80119b52 x2/sp ffffaf8008be37d0 x3/gp ffffffff85863ac0 x4/tp ffffaf800e450000 x5/t0 00000000000001f8 x6/t1 fd93be3ce164fb00 x7/t2 ffffffffffffffff x8/s0 ffffaf8008be3820 x9/s1 ffffaf800c679898 x10/a0 ffffaf800c679898 x11/a1 0000000000000003 x12/a2 1ffff5f0018cf313 x13/a3 ffffffff80119b52 x14/a4 0000000000000000 x15/a5 ffffaf800c679898 x16/a6 0000000000f00000 x17/a7 ffffffff826e6226 x18/s2 0000000000000001 x19/s3 ffffaf800e450000 x20/s4 ffffaf800c6798a8 x21/s5 ffffaf800c6798a0 x22/s6 ffffaf8008be3960 x23/s7 ffffaf8008be3b00 x24/s8 0000000000000000 x25/s9 0000000000004000 x26/s10 0000000000000040 x27/s11 0000000000000001 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f00117c6b4 x31/t6 0000000003bd43e0 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000