[ 501.111273][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 501.192205][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 501.242230][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 501.298632][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:39769' (ECDSA) to the list of known hosts. 1970/01/01 00:09:04 fuzzer started 1970/01/01 00:09:17 dialing manager at localhost:42029 [ 566.657311][ T2026] cgroup: Unknown subsys name 'net' [ 567.920663][ T2026] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:09:27 syscalls: 2818 1970/01/01 00:09:27 code coverage: enabled 1970/01/01 00:09:27 comparison tracing: enabled 1970/01/01 00:09:27 extra coverage: enabled 1970/01/01 00:09:27 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:09:27 setuid sandbox: enabled 1970/01/01 00:09:27 namespace sandbox: enabled 1970/01/01 00:09:27 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:09:27 fault injection: enabled 1970/01/01 00:09:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:09:27 net packet injection: enabled 1970/01/01 00:09:27 net device setup: enabled 1970/01/01 00:09:27 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:09:27 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:09:27 USB emulation: enabled 1970/01/01 00:09:27 hci packet injection: /dev/vhci does not exist 1970/01/01 00:09:27 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:09:27 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:09:28 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:09:33 fetching corpus: 47, signal 28115/31069 (executing program) 1970/01/01 00:09:37 fetching corpus: 97, signal 46033/49432 (executing program) 1970/01/01 00:09:42 fetching corpus: 146, signal 55810/59624 (executing program) 1970/01/01 00:09:45 fetching corpus: 196, signal 62974/67065 (executing program) 1970/01/01 00:09:48 fetching corpus: 246, signal 69429/73627 (executing program) 1970/01/01 00:09:52 fetching corpus: 296, signal 75888/79993 (executing program) 1970/01/01 00:09:55 fetching corpus: 346, signal 79060/83236 (executing program) 1970/01/01 00:09:59 fetching corpus: 393, signal 84898/88620 (executing program) 1970/01/01 00:10:03 fetching corpus: 441, signal 88782/92188 (executing program) 1970/01/01 00:10:06 fetching corpus: 489, signal 91909/95060 (executing program) 1970/01/01 00:10:09 fetching corpus: 537, signal 94231/97130 (executing program) 1970/01/01 00:10:12 fetching corpus: 586, signal 98095/100343 (executing program) 1970/01/01 00:10:14 fetching corpus: 635, signal 101120/102744 (executing program) 1970/01/01 00:10:17 fetching corpus: 685, signal 103597/104678 (executing program) 1970/01/01 00:10:20 fetching corpus: 716, signal 105347/105949 (executing program) 1970/01/01 00:10:20 fetching corpus: 717, signal 105357/106000 (executing program) 1970/01/01 00:10:20 fetching corpus: 717, signal 105357/106049 (executing program) 1970/01/01 00:10:20 fetching corpus: 717, signal 105357/106083 (executing program) 1970/01/01 00:10:21 fetching corpus: 717, signal 105357/106129 (executing program) 1970/01/01 00:10:21 fetching corpus: 717, signal 105357/106178 (executing program) 1970/01/01 00:10:21 fetching corpus: 717, signal 105364/106220 (executing program) 1970/01/01 00:10:21 fetching corpus: 717, signal 105364/106250 (executing program) 1970/01/01 00:10:21 fetching corpus: 717, signal 105364/106291 (executing program) 1970/01/01 00:10:22 fetching corpus: 717, signal 105364/106325 (executing program) 1970/01/01 00:10:22 fetching corpus: 717, signal 105364/106362 (executing program) 1970/01/01 00:10:22 fetching corpus: 718, signal 105388/106410 (executing program) 1970/01/01 00:10:22 fetching corpus: 718, signal 105388/106456 (executing program) 1970/01/01 00:10:22 fetching corpus: 718, signal 105388/106493 (executing program) 1970/01/01 00:10:22 fetching corpus: 718, signal 105388/106528 (executing program) 1970/01/01 00:10:23 fetching corpus: 718, signal 105388/106576 (executing program) 1970/01/01 00:10:23 fetching corpus: 718, signal 105388/106613 (executing program) 1970/01/01 00:10:24 fetching corpus: 718, signal 105388/106664 (executing program) 1970/01/01 00:10:24 fetching corpus: 719, signal 105460/106740 (executing program) 1970/01/01 00:10:24 fetching corpus: 719, signal 105464/106786 (executing program) 1970/01/01 00:10:24 fetching corpus: 719, signal 105464/106824 (executing program) 1970/01/01 00:10:25 fetching corpus: 719, signal 105464/106865 (executing program) 1970/01/01 00:10:25 fetching corpus: 719, signal 105464/106899 (executing program) 1970/01/01 00:10:25 fetching corpus: 719, signal 105464/106942 (executing program) 1970/01/01 00:10:25 fetching corpus: 719, signal 105464/106979 (executing program) 1970/01/01 00:10:25 fetching corpus: 719, signal 105464/107020 (executing program) 1970/01/01 00:10:26 fetching corpus: 719, signal 105464/107055 (executing program) 1970/01/01 00:10:26 fetching corpus: 719, signal 105464/107105 (executing program) 1970/01/01 00:10:26 fetching corpus: 719, signal 105464/107142 (executing program) 1970/01/01 00:10:26 fetching corpus: 719, signal 105464/107177 (executing program) 1970/01/01 00:10:26 fetching corpus: 719, signal 105464/107228 (executing program) 1970/01/01 00:10:26 fetching corpus: 719, signal 105464/107262 (executing program) 1970/01/01 00:10:27 fetching corpus: 719, signal 105464/107304 (executing program) 1970/01/01 00:10:27 fetching corpus: 719, signal 105464/107344 (executing program) 1970/01/01 00:10:27 fetching corpus: 719, signal 105464/107379 (executing program) 1970/01/01 00:10:27 fetching corpus: 719, signal 105464/107419 (executing program) 1970/01/01 00:10:27 fetching corpus: 719, signal 105464/107462 (executing program) 1970/01/01 00:10:27 fetching corpus: 719, signal 105464/107500 (executing program) 1970/01/01 00:10:27 fetching corpus: 719, signal 105464/107522 (executing program) 1970/01/01 00:10:28 fetching corpus: 719, signal 105464/107522 (executing program) 1970/01/01 00:12:16 starting 2 fuzzer processes 00:12:17 executing program 0: r0 = syz_io_uring_setup(0x76a9, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000280)=0x0, &(0x7f0000000080)=0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000140)=""/91, 0x5b}, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$TCXONC(r4, 0x540f, 0xea007) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) 00:12:17 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x4048080) recvmsg$can_j1939(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1}, 0x0) recvmsg$can_j1939(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@mpls_getroute={0xa0, 0x1a, 0x0, 0x0, 0x0, {}, [@RTA_NEWDST={0x84}]}, 0xa0}}, 0x0) 00:12:22 executing program 0: r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) r1 = dup(r0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000005940)={{&(0x7f0000ff8000/0x8000)=nil, 0x8000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}}) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100)) r3 = dup(r2) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}}) [ 770.558608][ T2032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 770.791973][ T2032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 00:12:55 executing program 0: r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_group_source_req(r0, 0x29, 0x30, &(0x7f0000000040)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x5}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x167) [ 783.760910][ T2032] device hsr_slave_0 entered promiscuous mode [ 784.118663][ T2032] device hsr_slave_1 entered promiscuous mode [ 790.112739][ T2032] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 790.331461][ T2032] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 790.830797][ T2032] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 790.953208][ T2032] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 800.628386][ T2032] 8021q: adding VLAN 0 to HW filter on device bond0 [ 800.974924][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 801.030230][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 808.459832][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 808.538545][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 809.245018][ T2284] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 809.352131][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 809.397766][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 809.564556][ T2284] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 810.600961][ C0] ================================================================== [ 810.604569][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 810.606762][ C0] Read of size 8 at addr ffffaf801dbc7ac0 by task syz-executor.0/2284 [ 810.610259][ C0] [ 810.611594][ C0] CPU: 0 PID: 2284 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 810.613261][ C0] Hardware name: riscv-virtio,qemu (DT) [ 810.614482][ C0] Call Trace: [ 810.615371][ C0] [] dump_backtrace+0x2e/0x3c [ 810.617351][ C0] [] show_stack+0x34/0x40 [ 810.618563][ C0] [] dump_stack_lvl+0xe4/0x150 [ 810.619832][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 810.621279][ C0] [] kasan_report+0x184/0x1e0 [ 810.622518][ C0] [] __asan_load8+0x6e/0x96 [ 810.623664][ C0] [] walk_stackframe+0x11c/0x260 [ 810.624822][ C0] [] arch_stack_walk+0x2c/0x3c [ 810.626510][ C0] [] stack_trace_save+0xa6/0xd8 [ 810.627930][ C0] [] save_stack+0x112/0x16c [ 810.629154][ C0] [] __set_page_owner+0x48/0x136 [ 810.630353][ C0] [] post_alloc_hook+0xd0/0x10a [ 810.631535][ C0] [] get_page_from_freelist+0x8da/0x12d8 [ 810.632763][ C0] [] __alloc_pages+0x150/0x3b6 [ 810.634164][ C0] [ 810.634918][ C0] Allocated by task 498890736: [ 810.636037][ C0] (stack is not available) [ 810.637219][ C0] [ 810.638183][ C0] Freed by task 2269: [ 810.639066][ C0] stack_trace_save+0xa6/0xd8 [ 810.640388][ C0] kasan_save_stack+0x2c/0x58 [ 810.641474][ C0] kasan_set_track+0x1a/0x26 [ 810.642528][ C0] kasan_set_free_info+0x1e/0x3a [ 810.643509][ C0] ____kasan_slab_free+0x15e/0x180 [ 810.644598][ C0] __kasan_slab_free+0x10/0x18 [ 810.646021][ C0] slab_free_freelist_hook+0x8e/0x1cc [ 810.647617][ C0] kmem_cache_free+0xca/0x482 [ 810.648818][ C0] putname+0xd8/0xe4 [ 810.649776][ C0] kernel_execve+0x222/0x288 [ 810.650790][ C0] call_usermodehelper_exec_async+0x1c0/0x2dc [ 810.651967][ C0] ret_from_exception+0x0/0x10 [ 810.653058][ C0] [ 810.653683][ C0] Last potentially related work creation: [ 810.654556][ C0] ------------[ cut here ]------------ [ 810.655364][ C0] slab index 1176524 out of bounds (318) for stack id 8011f3cc [ 810.660250][ C0] WARNING: CPU: 0 PID: 2284 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 810.662130][ C0] Modules linked in: [ 810.663246][ C0] CPU: 0 PID: 2284 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 810.664619][ C0] Hardware name: riscv-virtio,qemu (DT) [ 810.665567][ C0] epc : stack_depot_print+0x66/0x70 [ 810.667315][ C0] ra : stack_depot_print+0x66/0x70 [ 810.668535][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf801dbc7980 [ 810.669731][ C0] gp : ffffffff85863ac0 tp : ffffaf801ded3080 t0 : ffffffff86bcb657 [ 810.670881][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf801dbc7990 [ 810.672037][ C0] s1 : ffffaf807aea5e00 a0 : 000000000000003c a1 : 00000000000f0000 [ 810.673141][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : f32a4debf1d76700 [ 810.674212][ C0] a5 : f32a4debf1d76700 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 810.675285][ C0] s2 : ffffaf801dbc7ac0 s3 : ffffaf80072e9b40 s4 : ffffaf801dbc6600 [ 810.677044][ C0] s5 : ffffaf801dbc7600 s6 : 0000000000003fff s7 : ffffaf801dbc7a60 [ 810.678369][ C0] s8 : ffffaf805a9de970 s9 : ffffffffffffc000 s10: ffffaf801dbc7b40 [ 810.679513][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 810.680612][ C0] t5 : fffff5ef0b53910d t6 : ffffaf801dbc7478 [ 810.681589][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 810.684254][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 810.687463][ C0] [] kasan_report+0x184/0x1e0 [ 810.688502][ C0] [] __asan_load8+0x6e/0x96 [ 810.689916][ C0] [] walk_stackframe+0x11c/0x260 [ 810.690951][ C0] [] arch_stack_walk+0x2c/0x3c [ 810.691897][ C0] [] stack_trace_save+0xa6/0xd8 [ 810.692958][ C0] [] save_stack+0x112/0x16c [ 810.693940][ C0] [] __set_page_owner+0x48/0x136 [ 810.694939][ C0] [] post_alloc_hook+0xd0/0x10a [ 810.696523][ C0] [] get_page_from_freelist+0x8da/0x12d8 [ 810.698568][ C0] [] __alloc_pages+0x150/0x3b6 [ 810.699738][ C0] irq event stamp: 54239 [ 810.700454][ C0] hardirqs last enabled at (54238): [] get_page_from_freelist+0xfc8/0x12d8 [ 810.701812][ C0] hardirqs last disabled at (54239): [] _raw_spin_lock_irqsave+0x60/0x62 [ 810.703124][ C0] softirqs last enabled at (54066): [] __do_softirq+0x618/0x8fc [ 810.704321][ C0] softirqs last disabled at (54075): [] __irq_exit_rcu+0x142/0x1f8 [ 810.705625][ C0] ---[ end trace 0000000000000000 ]--- [ 810.707479][ C0] [ 810.708079][ C0] Second to last potentially related work creation: [ 810.708852][ C0] ------------[ cut here ]------------ [ 810.709599][ C0] slab index 2097151 out of bounds (318) for stack id ffffffff [ 810.712201][ C0] WARNING: CPU: 0 PID: 2284 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 810.713567][ C0] Modules linked in: [ 810.714460][ C0] CPU: 0 PID: 2284 Comm: syz-executor.0 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 810.716071][ C0] Hardware name: riscv-virtio,qemu (DT) [ 810.717480][ C0] epc : stack_depot_print+0x66/0x70 [ 810.718463][ C0] ra : stack_depot_print+0x66/0x70 [ 810.719331][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf801dbc7980 [ 810.720298][ C0] gp : ffffffff85863ac0 tp : ffffaf801ded3080 t0 : ffffffff86bcb657 [ 810.721226][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf801dbc7990 [ 810.722180][ C0] s1 : ffffaf807aea5e00 a0 : 000000000000003c a1 : 00000000000f0000 [ 810.723116][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : f32a4debf1d76700 [ 810.724036][ C0] a5 : f32a4debf1d76700 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 810.724968][ C0] s2 : ffffaf801dbc7ac0 s3 : ffffaf80072e9b40 s4 : ffffaf801dbc6600 [ 810.727039][ C0] s5 : ffffaf801dbc7600 s6 : 0000000000003fff s7 : ffffaf801dbc7a60 [ 810.729064][ C0] s8 : ffffaf805a9de970 s9 : ffffffffffffc000 s10: ffffaf801dbc7b40 [ 810.730121][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 810.731090][ C0] t5 : fffff5ef0b53910d t6 : ffffaf801dbc7478 [ 810.731915][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 810.732923][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 810.734164][ C0] [] kasan_report+0x184/0x1e0 [ 810.735183][ C0] [] __asan_load8+0x6e/0x96 [ 810.736893][ C0] [] walk_stackframe+0x11c/0x260 [ 810.738028][ C0] [] arch_stack_walk+0x2c/0x3c [ 810.739014][ C0] [] stack_trace_save+0xa6/0xd8 [ 810.740023][ C0] [] save_stack+0x112/0x16c [ 810.740977][ C0] [] __set_page_owner+0x48/0x136 [ 810.742067][ C0] [] post_alloc_hook+0xd0/0x10a [ 810.743087][ C0] [] get_page_from_freelist+0x8da/0x12d8 [ 810.744137][ C0] [] __alloc_pages+0x150/0x3b6 [ 810.745087][ C0] irq event stamp: 54239 [ 810.746137][ C0] hardirqs last enabled at (54238): [] get_page_from_freelist+0xfc8/0x12d8 [ 810.748364][ C0] hardirqs last disabled at (54239): [] _raw_spin_lock_irqsave+0x60/0x62 [ 810.749684][ C0] softirqs last enabled at (54066): [] __do_softirq+0x618/0x8fc [ 810.750848][ C0] softirqs last disabled at (54075): [] __irq_exit_rcu+0x142/0x1f8 [ 810.752106][ C0] ---[ end trace 0000000000000000 ]--- [ 810.752906][ C0] [ 810.753502][ C0] The buggy address belongs to the object at ffffaf801dbc6600 [ 810.753502][ C0] which belongs to the cache names_cache of size 4096 [ 810.754946][ C0] The buggy address is located 1216 bytes to the right of [ 810.754946][ C0] 4096-byte region [ffffaf801dbc6600, ffffaf801dbc7600) [ 810.758258][ C0] The buggy address belongs to the page: [ 810.760133][ C0] page:ffffaf807aea5e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9ddc0 [ 810.761532][ C0] head:ffffaf807aea5e00 order:3 compound_mapcount:0 compound_pincount:0 [ 810.762633][ C0] flags: 0x9800010200(slab|head|section=19|node=0|zone=0) [ 810.764743][ C0] raw: 0000009800010200 0000000000000000 0000000000000122 ffffaf80072e9b40 [ 810.766396][ C0] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 810.768347][ C0] raw: 00000000000007ff [ 810.769223][ C0] page dumped because: kasan: bad access detected [ 810.770262][ C0] page_owner tracks the page as allocated [ 810.771067][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2247, ts 783287145100, free_ts 776594362000 [ 810.772915][ C0] __set_page_owner+0x48/0x136 [ 810.773944][ C0] post_alloc_hook+0xd0/0x10a [ 810.774896][ C0] get_page_from_freelist+0x8da/0x12d8 [ 810.776472][ C0] __alloc_pages+0x150/0x3b6 [ 810.777930][ C0] alloc_pages+0x132/0x2a6 [ 810.778868][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 810.779826][ C0] new_slab+0x25a/0x2cc [ 810.780660][ C0] ___slab_alloc+0x56e/0x918 [ 810.781589][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 810.782500][ C0] kmem_cache_alloc+0x39c/0x3de [ 810.783417][ C0] getname_flags.part.0+0x48/0x2a4 [ 810.784308][ C0] getname_flags+0x66/0x9c [ 810.785195][ C0] user_path_at_empty+0x2e/0x5a [ 810.786609][ C0] sys_chdir+0xa6/0x1ce [ 810.787937][ C0] ret_from_syscall+0x0/0x2 [ 810.789012][ C0] page last free stack trace: [ 810.789825][ C0] __reset_page_owner+0x4a/0xea [ 810.790866][ C0] free_pcp_prepare+0x29c/0x45e [ 810.791864][ C0] free_unref_page+0x6a/0x31e [ 810.792853][ C0] __free_pages+0xe2/0x112 [ 810.793850][ C0] __vunmap+0x67e/0x8c4 [ 810.794746][ C0] __vfree+0x70/0x104 [ 810.795781][ C0] vfree+0x9a/0xdc [ 810.797045][ C0] kcov_close+0x44/0x72 [ 810.798125][ C0] __fput+0x164/0x502 [ 810.799079][ C0] ____fput+0x1a/0x24 [ 810.799942][ C0] task_work_run+0xdc/0x154 [ 810.800951][ C0] do_exit+0x7cc/0x18fc [ 810.801933][ C0] do_group_exit+0x90/0x17e [ 810.802900][ C0] __wake_up_parent+0x0/0x4a [ 810.803867][ C0] ret_from_syscall+0x0/0x2 [ 810.805036][ C0] [ 810.805924][ C0] Memory state around the buggy address: [ 810.807485][ C0] ffffaf801dbc7980: 00 00 00 00 fc fc fc fc 00 00 00 00 00 00 00 00 [ 810.808828][ C0] ffffaf801dbc7a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 810.810070][ C0] >ffffaf801dbc7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 810.811204][ C0] ^ [ 810.812276][ C0] ffffaf801dbc7b00: fc fc fc fc f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 [ 810.813386][ C0] ffffaf801dbc7b80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 810.814524][ C0] ================================================================== [ 810.815625][ C0] Disabling lock debugging due to kernel taint [ 810.821227][ T2284] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 810.822459][ T2284] CPU: 0 PID: 2284 Comm: syz-executor.0 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 810.823706][ T2284] Hardware name: riscv-virtio,qemu (DT) [ 810.824377][ T2284] Call Trace: [ 810.824886][ T2284] [] dump_backtrace+0x2e/0x3c [ 810.826636][ T2284] [] show_stack+0x34/0x40 [ 810.827738][ T2284] [] dump_stack_lvl+0xe4/0x150 [ 810.828838][ T2284] [] dump_stack+0x1c/0x24 [ 810.829901][ T2284] [] panic+0x24a/0x634 [ 810.830786][ T2284] [] schedule+0x0/0x14c [ 810.831749][ T2284] [] preempt_schedule_notrace+0x9c/0x19a [ 810.832817][ T2284] [] trace_lock_acquire+0xd6/0x1fc [ 810.833829][ T2284] [] lock_acquire+0x28/0x6a [ 810.834774][ T2284] [] fs_reclaim_acquire+0xb4/0xda [ 810.836197][ T2284] [] kmem_cache_alloc+0x4e/0x3de [ 810.837301][ T2284] [] __kernfs_new_node+0xfc/0x5f2 [ 810.838460][ T2284] [] kernfs_new_node+0x66/0xbe [ 810.839410][ T2284] [] __kernfs_create_file+0x4e/0x1e8 [ 810.840391][ T2284] [] sysfs_add_file_mode_ns+0x138/0x254 [ 810.841445][ T2284] [] internal_create_group+0x274/0x722 [ 810.842418][ T2284] [] internal_create_groups.part.0+0x64/0xe8 [ 810.843439][ T2284] [] sysfs_create_groups+0x2c/0x48 [ 810.844402][ T2284] [] device_add+0x656/0x129e [ 810.845497][ T2284] [] netdev_register_kobject+0xcc/0x208 [ 810.847154][ T2284] [] register_netdevice+0x8ee/0xc6a [ 810.848397][ T2284] [] veth_newlink+0x30e/0x7dc [ 810.849568][ T2284] [] __rtnl_newlink+0xc16/0xfa0 [ 810.850606][ T2284] [] rtnl_newlink+0x60/0x8c [ 810.851884][ T2284] [] rtnetlink_rcv_msg+0x338/0x9a0 [ 810.853027][ T2284] [] netlink_rcv_skb+0xf8/0x2be [ 810.854102][ T2284] [] rtnetlink_rcv+0x26/0x30 [ 810.855203][ T2284] [] netlink_unicast+0x40e/0x5fe [ 810.856481][ T2284] [] netlink_sendmsg+0x4e0/0x994 [ 810.857525][ T2284] [] sock_sendmsg+0xa0/0xc4 [ 810.858600][ T2284] [] __sys_sendto+0x1f2/0x2e0 [ 810.859569][ T2284] [] sys_sendto+0x3e/0x52 [ 810.860426][ T2284] [] ret_from_syscall+0x0/0x2 [ 810.861671][ T2284] SMP: stopping secondary CPUs [ 810.863766][ T2284] Rebooting in 86400 seconds.. VM DIAGNOSIS: 14:54:24 Registers: info registers vcpu 0 pc ffffffff80dc337e mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8010b250 sepc ffffffff80475930 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc337e x2/sp ffffaf801dbc7490 x3/gp ffffffff85863ac0 x4/tp ffffaf801ded3080 x5/t0 ffffffff86bcb657 x6/t1 f32a4debf1d76700 x7/t2 0000000000000000 x8/s0 ffffaf801dbc74c0 x9/s1 ffffffff86e58900 x10/a0 ffffffff86e58948 x11/a1 ffff8f800066c000 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc9fe x18/s2 ffff8f800066c000 x19/s3 0000000000000079 x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb69b x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f003b78e40 x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80475986 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff8047599e mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80119b52 x2/sp ffffaf800e86f7d0 x3/gp ffffffff85863ac0 x4/tp ffffaf800ec3c8c0 x5/t0 00000000000001f8 x6/t1 f32a4debf1d76700 x7/t2 ffffffffffffffff x8/s0 ffffaf800e86f820 x9/s1 ffffaf800cc40c98 x10/a0 ffffaf800cc40c98 x11/a1 0000000000000003 x12/a2 1ffff5f001988193 x13/a3 ffffffff80119b52 x14/a4 0000000000000000 x15/a5 0000000000000001 x16/a6 0000000000f00000 x17/a7 ffffffff826e6226 x18/s2 0000000000000001 x19/s3 ffffaf800ec3c8c0 x20/s4 ffffaf800cc40ca8 x21/s5 ffffaf800cc40ca0 x22/s6 ffffaf800e86f960 x23/s7 ffffaf800e86fb00 x24/s8 0000000000000000 x25/s9 0000000000004000 x26/s10 0000000000000040 x27/s11 0000000000000001 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001d0deb4 x31/t6 0000000002a37e7e f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000