syzkaller login: [ 295.208925][ T1857] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 295.268306][ T1857] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 336.108527][ T1857] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:61587' (ECDSA) to the list of known hosts. 1970/01/01 00:06:02 fuzzer started 1970/01/01 00:06:18 dialing manager at localhost:41357 [ 384.617500][ T2043] cgroup: Unknown subsys name 'net' [ 386.157789][ T2043] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:26 syscalls: 2827 1970/01/01 00:06:26 code coverage: enabled 1970/01/01 00:06:26 comparison tracing: enabled 1970/01/01 00:06:26 extra coverage: enabled 1970/01/01 00:06:26 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:26 setuid sandbox: enabled 1970/01/01 00:06:26 namespace sandbox: enabled 1970/01/01 00:06:26 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:26 fault injection: enabled 1970/01/01 00:06:26 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:26 net packet injection: enabled 1970/01/01 00:06:26 net device setup: enabled 1970/01/01 00:06:26 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:26 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:26 USB emulation: enabled 1970/01/01 00:06:26 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:26 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:26 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:26 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:30 fetching corpus: 50, signal 18910/22655 (executing program) 1970/01/01 00:06:35 fetching corpus: 100, signal 42267/47377 (executing program) 1970/01/01 00:06:40 fetching corpus: 150, signal 56982/63411 (executing program) 1970/01/01 00:06:43 fetching corpus: 200, signal 63567/71388 (executing program) 1970/01/01 00:06:46 fetching corpus: 249, signal 73161/82162 (executing program) 1970/01/01 00:06:50 fetching corpus: 299, signal 78662/88922 (executing program) 1970/01/01 00:06:52 fetching corpus: 349, signal 83522/95005 (executing program) 1970/01/01 00:06:55 fetching corpus: 399, signal 91537/103915 (executing program) 1970/01/01 00:06:59 fetching corpus: 449, signal 95145/108615 (executing program) 1970/01/01 00:07:01 fetching corpus: 499, signal 98355/112866 (executing program) 1970/01/01 00:07:03 fetching corpus: 549, signal 103047/118472 (executing program) 1970/01/01 00:07:06 fetching corpus: 599, signal 106010/122472 (executing program) 1970/01/01 00:07:11 fetching corpus: 649, signal 114168/131149 (executing program) 1970/01/01 00:07:14 fetching corpus: 699, signal 117526/135393 (executing program) 1970/01/01 00:07:17 fetching corpus: 749, signal 119567/138406 (executing program) 1970/01/01 00:07:19 fetching corpus: 799, signal 121817/141611 (executing program) 1970/01/01 00:07:21 fetching corpus: 849, signal 126131/146563 (executing program) 1970/01/01 00:07:24 fetching corpus: 899, signal 128306/149596 (executing program) 1970/01/01 00:07:26 fetching corpus: 949, signal 131731/153657 (executing program) 1970/01/01 00:07:30 fetching corpus: 999, signal 133949/156682 (executing program) 1970/01/01 00:07:33 fetching corpus: 1049, signal 135658/159209 (executing program) 1970/01/01 00:07:34 fetching corpus: 1099, signal 137648/161958 (executing program) 1970/01/01 00:07:37 fetching corpus: 1149, signal 140828/165651 (executing program) 1970/01/01 00:07:40 fetching corpus: 1199, signal 144335/169616 (executing program) 1970/01/01 00:07:42 fetching corpus: 1249, signal 145934/171929 (executing program) 1970/01/01 00:07:44 fetching corpus: 1298, signal 147836/174472 (executing program) 1970/01/01 00:07:46 fetching corpus: 1348, signal 149774/177005 (executing program) 1970/01/01 00:07:48 fetching corpus: 1398, signal 151296/179240 (executing program) 1970/01/01 00:07:50 fetching corpus: 1448, signal 153469/181913 (executing program) 1970/01/01 00:07:53 fetching corpus: 1498, signal 154956/184041 (executing program) 1970/01/01 00:07:56 fetching corpus: 1548, signal 156637/186353 (executing program) 1970/01/01 00:07:58 fetching corpus: 1598, signal 158105/188412 (executing program) 1970/01/01 00:08:01 fetching corpus: 1648, signal 159390/190278 (executing program) 1970/01/01 00:08:05 fetching corpus: 1698, signal 160738/192256 (executing program) 1970/01/01 00:08:08 fetching corpus: 1748, signal 162572/194580 (executing program) 1970/01/01 00:08:11 fetching corpus: 1798, signal 164960/197267 (executing program) 1970/01/01 00:08:15 fetching corpus: 1848, signal 168521/200766 (executing program) 1970/01/01 00:08:17 fetching corpus: 1898, signal 169501/202355 (executing program) 1970/01/01 00:08:19 fetching corpus: 1948, signal 170663/204119 (executing program) 1970/01/01 00:08:21 fetching corpus: 1998, signal 173216/206804 (executing program) 1970/01/01 00:08:24 fetching corpus: 2048, signal 174111/208238 (executing program) 1970/01/01 00:08:26 fetching corpus: 2098, signal 175055/209727 (executing program) 1970/01/01 00:08:29 fetching corpus: 2148, signal 176778/211714 (executing program) 1970/01/01 00:08:34 fetching corpus: 2198, signal 178299/213580 (executing program) 1970/01/01 00:08:36 fetching corpus: 2248, signal 179893/215465 (executing program) 1970/01/01 00:08:39 fetching corpus: 2298, signal 181145/217109 (executing program) 1970/01/01 00:08:43 fetching corpus: 2348, signal 182243/218598 (executing program) 1970/01/01 00:08:46 fetching corpus: 2397, signal 184168/220697 (executing program) 1970/01/01 00:08:48 fetching corpus: 2447, signal 185491/222319 (executing program) 1970/01/01 00:08:50 fetching corpus: 2497, signal 186333/223599 (executing program) 1970/01/01 00:08:54 fetching corpus: 2547, signal 187780/225259 (executing program) 1970/01/01 00:08:57 fetching corpus: 2597, signal 189356/227007 (executing program) 1970/01/01 00:08:58 fetching corpus: 2646, signal 190880/228624 (executing program) 1970/01/01 00:09:00 fetching corpus: 2696, signal 191956/230016 (executing program) 1970/01/01 00:09:04 fetching corpus: 2746, signal 192671/231169 (executing program) 1970/01/01 00:09:06 fetching corpus: 2795, signal 193411/232330 (executing program) 1970/01/01 00:09:08 fetching corpus: 2845, signal 195454/234313 (executing program) 1970/01/01 00:09:10 fetching corpus: 2895, signal 196579/235694 (executing program) 1970/01/01 00:09:13 fetching corpus: 2945, signal 198347/237418 (executing program) 1970/01/01 00:09:16 fetching corpus: 2995, signal 199224/238613 (executing program) 1970/01/01 00:09:18 fetching corpus: 3045, signal 200009/239689 (executing program) 1970/01/01 00:09:20 fetching corpus: 3094, signal 200912/240880 (executing program) 1970/01/01 00:09:23 fetching corpus: 3144, signal 201801/241936 (executing program) 1970/01/01 00:09:25 fetching corpus: 3194, signal 202850/243171 (executing program) 1970/01/01 00:09:28 fetching corpus: 3243, signal 204147/244464 (executing program) 1970/01/01 00:09:31 fetching corpus: 3293, signal 205294/245705 (executing program) 1970/01/01 00:09:34 fetching corpus: 3343, signal 206214/246801 (executing program) 1970/01/01 00:09:36 fetching corpus: 3393, signal 207262/247948 (executing program) 1970/01/01 00:09:39 fetching corpus: 3443, signal 208106/248971 (executing program) 1970/01/01 00:09:42 fetching corpus: 3493, signal 208963/249991 (executing program) 1970/01/01 00:09:44 fetching corpus: 3542, signal 209779/251006 (executing program) 1970/01/01 00:09:47 fetching corpus: 3592, signal 210474/251935 (executing program) 1970/01/01 00:09:49 fetching corpus: 3642, signal 212214/253367 (executing program) 1970/01/01 00:09:52 fetching corpus: 3692, signal 213046/254324 (executing program) 1970/01/01 00:09:57 fetching corpus: 3742, signal 213864/255226 (executing program) 1970/01/01 00:10:00 fetching corpus: 3792, signal 214351/256039 (executing program) 1970/01/01 00:10:03 fetching corpus: 3842, signal 216247/257446 (executing program) 1970/01/01 00:10:07 fetching corpus: 3892, signal 217027/258308 (executing program) 1970/01/01 00:10:08 fetching corpus: 3941, signal 217849/259174 (executing program) 1970/01/01 00:10:11 fetching corpus: 3991, signal 218870/260126 (executing program) 1970/01/01 00:10:14 fetching corpus: 4041, signal 221304/261666 (executing program) 1970/01/01 00:10:20 fetching corpus: 4091, signal 222055/262527 (executing program) 1970/01/01 00:10:24 fetching corpus: 4141, signal 222645/263272 (executing program) 1970/01/01 00:10:26 fetching corpus: 4191, signal 223349/264101 (executing program) 1970/01/01 00:10:29 fetching corpus: 4241, signal 224120/264887 (executing program) 1970/01/01 00:10:31 fetching corpus: 4291, signal 224832/265643 (executing program) 1970/01/01 00:10:34 fetching corpus: 4341, signal 225456/266383 (executing program) 1970/01/01 00:10:37 fetching corpus: 4391, signal 227187/267519 (executing program) 1970/01/01 00:10:39 fetching corpus: 4441, signal 227698/268192 (executing program) 1970/01/01 00:10:41 fetching corpus: 4491, signal 228581/268987 (executing program) 1970/01/01 00:10:43 fetching corpus: 4541, signal 229402/269762 (executing program) 1970/01/01 00:10:46 fetching corpus: 4591, signal 230111/270418 (executing program) 1970/01/01 00:10:50 fetching corpus: 4641, signal 230897/271110 (executing program) 1970/01/01 00:10:52 fetching corpus: 4690, signal 231446/271747 (executing program) 1970/01/01 00:10:55 fetching corpus: 4740, signal 232399/272521 (executing program) 1970/01/01 00:10:58 fetching corpus: 4790, signal 234881/273745 (executing program) 1970/01/01 00:11:01 fetching corpus: 4840, signal 235441/274332 (executing program) 1970/01/01 00:11:05 fetching corpus: 4890, signal 236053/274908 (executing program) 1970/01/01 00:11:07 fetching corpus: 4940, signal 236908/275562 (executing program) 1970/01/01 00:11:10 fetching corpus: 4990, signal 238278/276353 (executing program) 1970/01/01 00:11:12 fetching corpus: 5040, signal 238879/276899 (executing program) 1970/01/01 00:11:15 fetching corpus: 5090, signal 239531/277463 (executing program) 1970/01/01 00:11:18 fetching corpus: 5140, signal 240081/277989 (executing program) 1970/01/01 00:11:21 fetching corpus: 5190, signal 240613/278523 (executing program) 1970/01/01 00:11:24 fetching corpus: 5240, signal 241205/279017 (executing program) 1970/01/01 00:11:26 fetching corpus: 5290, signal 241838/279537 (executing program) 1970/01/01 00:11:29 fetching corpus: 5340, signal 242998/280190 (executing program) 1970/01/01 00:11:31 fetching corpus: 5390, signal 243713/280706 (executing program) 1970/01/01 00:11:33 fetching corpus: 5440, signal 244250/281154 (executing program) 1970/01/01 00:11:36 fetching corpus: 5490, signal 245380/281811 (executing program) 1970/01/01 00:11:39 fetching corpus: 5539, signal 245910/282285 (executing program) 1970/01/01 00:11:43 fetching corpus: 5589, signal 246386/282804 (executing program) 1970/01/01 00:11:47 fetching corpus: 5639, signal 246913/283233 (executing program) 1970/01/01 00:11:50 fetching corpus: 5689, signal 247599/283673 (executing program) 1970/01/01 00:11:52 fetching corpus: 5739, signal 248152/284069 (executing program) 1970/01/01 00:11:55 fetching corpus: 5789, signal 248821/284509 (executing program) 1970/01/01 00:11:57 fetching corpus: 5838, signal 249371/284942 (executing program) 1970/01/01 00:12:02 fetching corpus: 5888, signal 249882/285361 (executing program) 1970/01/01 00:12:04 fetching corpus: 5938, signal 250488/285787 (executing program) 1970/01/01 00:12:06 fetching corpus: 5988, signal 251136/286189 (executing program) 1970/01/01 00:12:08 fetching corpus: 6038, signal 252063/286634 (executing program) 1970/01/01 00:12:11 fetching corpus: 6088, signal 252583/286990 (executing program) 1970/01/01 00:12:15 fetching corpus: 6138, signal 253080/287308 (executing program) 1970/01/01 00:12:19 fetching corpus: 6188, signal 253510/287626 (executing program) 1970/01/01 00:12:21 fetching corpus: 6238, signal 254260/288023 (executing program) 1970/01/01 00:12:23 fetching corpus: 6288, signal 254709/288330 (executing program) 1970/01/01 00:12:25 fetching corpus: 6338, signal 255399/288705 (executing program) 1970/01/01 00:12:28 fetching corpus: 6388, signal 255950/289014 (executing program) 1970/01/01 00:12:33 fetching corpus: 6438, signal 256535/289309 (executing program) 1970/01/01 00:12:37 fetching corpus: 6488, signal 258044/289715 (executing program) 1970/01/01 00:12:40 fetching corpus: 6538, signal 258395/289999 (executing program) 1970/01/01 00:12:42 fetching corpus: 6588, signal 258855/290270 (executing program) 1970/01/01 00:12:45 fetching corpus: 6638, signal 259539/290555 (executing program) 1970/01/01 00:12:48 fetching corpus: 6687, signal 260249/290826 (executing program) 1970/01/01 00:12:51 fetching corpus: 6737, signal 260930/291082 (executing program) 1970/01/01 00:12:55 fetching corpus: 6787, signal 262567/291399 (executing program) 1970/01/01 00:12:57 fetching corpus: 6837, signal 263145/291643 (executing program) 1970/01/01 00:13:00 fetching corpus: 6887, signal 263632/291882 (executing program) 1970/01/01 00:13:03 fetching corpus: 6937, signal 264116/292123 (executing program) 1970/01/01 00:13:06 fetching corpus: 6986, signal 264557/292343 (executing program) 1970/01/01 00:13:08 fetching corpus: 7036, signal 265058/292571 (executing program) 1970/01/01 00:13:12 fetching corpus: 7086, signal 265404/292780 (executing program) 1970/01/01 00:13:15 fetching corpus: 7136, signal 266379/293146 (executing program) 1970/01/01 00:13:17 fetching corpus: 7186, signal 266835/293334 (executing program) 1970/01/01 00:13:19 fetching corpus: 7236, signal 267193/293506 (executing program) 1970/01/01 00:13:22 fetching corpus: 7286, signal 267821/293633 (executing program) 1970/01/01 00:13:25 fetching corpus: 7336, signal 268372/293653 (executing program) 1970/01/01 00:13:28 fetching corpus: 7386, signal 268790/293653 (executing program) 1970/01/01 00:13:30 fetching corpus: 7435, signal 269174/293655 (executing program) 1970/01/01 00:13:32 fetching corpus: 7485, signal 269584/293655 (executing program) 1970/01/01 00:13:34 fetching corpus: 7535, signal 269885/293657 (executing program) 1970/01/01 00:13:37 fetching corpus: 7585, signal 270324/293672 (executing program) 1970/01/01 00:13:40 fetching corpus: 7635, signal 271181/293672 (executing program) 1970/01/01 00:13:43 fetching corpus: 7685, signal 271897/293672 (executing program) 1970/01/01 00:13:47 fetching corpus: 7734, signal 272297/293672 (executing program) 1970/01/01 00:13:50 fetching corpus: 7784, signal 272731/293672 (executing program) 1970/01/01 00:13:52 fetching corpus: 7834, signal 273092/293672 (executing program) 1970/01/01 00:13:54 fetching corpus: 7884, signal 273767/293704 (executing program) 1970/01/01 00:13:56 fetching corpus: 7934, signal 274151/293704 (executing program) 1970/01/01 00:13:58 fetching corpus: 7984, signal 274669/293704 (executing program) 1970/01/01 00:14:01 fetching corpus: 8034, signal 274997/293704 (executing program) 1970/01/01 00:14:04 fetching corpus: 8084, signal 275404/293704 (executing program) 1970/01/01 00:14:06 fetching corpus: 8134, signal 275716/293704 (executing program) 1970/01/01 00:14:08 fetching corpus: 8183, signal 276409/293704 (executing program) 1970/01/01 00:14:10 fetching corpus: 8233, signal 276850/293707 (executing program) 1970/01/01 00:14:12 fetching corpus: 8283, signal 277526/293707 (executing program) 1970/01/01 00:14:14 fetching corpus: 8333, signal 278026/293707 (executing program) 1970/01/01 00:14:18 fetching corpus: 8383, signal 278986/293707 (executing program) 1970/01/01 00:14:20 fetching corpus: 8433, signal 279626/293718 (executing program) 1970/01/01 00:14:22 fetching corpus: 8483, signal 280149/293718 (executing program) 1970/01/01 00:14:24 fetching corpus: 8532, signal 281141/293718 (executing program) 1970/01/01 00:14:26 fetching corpus: 8582, signal 282578/293718 (executing program) 1970/01/01 00:14:28 fetching corpus: 8632, signal 282934/293718 (executing program) 1970/01/01 00:14:30 fetching corpus: 8682, signal 283431/293723 (executing program) 1970/01/01 00:14:34 fetching corpus: 8732, signal 283940/293723 (executing program) 1970/01/01 00:14:37 fetching corpus: 8782, signal 284410/293723 (executing program) 1970/01/01 00:14:40 fetching corpus: 8832, signal 285096/293732 (executing program) 1970/01/01 00:14:42 fetching corpus: 8882, signal 285402/293732 (executing program) 1970/01/01 00:14:45 fetching corpus: 8932, signal 285825/293732 (executing program) 1970/01/01 00:14:48 fetching corpus: 8981, signal 286203/293732 (executing program) 1970/01/01 00:14:51 fetching corpus: 9031, signal 286568/293732 (executing program) 1970/01/01 00:14:54 fetching corpus: 9081, signal 286980/293732 (executing program) 1970/01/01 00:14:58 fetching corpus: 9131, signal 287475/293739 (executing program) 1970/01/01 00:15:01 fetching corpus: 9181, signal 287811/293739 (executing program) 1970/01/01 00:15:03 fetching corpus: 9231, signal 288156/293739 (executing program) 1970/01/01 00:15:05 fetching corpus: 9281, signal 288494/293766 (executing program) 1970/01/01 00:15:07 fetching corpus: 9330, signal 288848/293768 (executing program) 1970/01/01 00:15:09 fetching corpus: 9380, signal 289134/293768 (executing program) 1970/01/01 00:15:12 fetching corpus: 9430, signal 289777/293768 (executing program) 1970/01/01 00:15:12 fetching corpus: 9437, signal 289834/293772 (executing program) 1970/01/01 00:15:12 fetching corpus: 9437, signal 289834/293772 (executing program) 1970/01/01 00:17:13 starting 2 fuzzer processes 00:17:13 executing program 1: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) write$P9_RATTACH(r0, &(0x7f00000002c0)={0x14}, 0xfffffe07) 00:17:13 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) mount(&(0x7f0000000080)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1048, 0x0) umount2(&(0x7f0000000100)='./file0\x00', 0x0) [ 1066.197365][ T2068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1067.147163][ T2068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1067.229105][ T2069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1067.904078][ T2069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1079.601906][ T2068] device hsr_slave_0 entered promiscuous mode [ 1079.664762][ T2068] device hsr_slave_1 entered promiscuous mode [ 1083.026072][ T2069] device hsr_slave_0 entered promiscuous mode [ 1083.085541][ T2069] device hsr_slave_1 entered promiscuous mode [ 1083.115799][ T2069] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1083.123824][ T2069] Cannot create hsr debugfs directory [ 1088.867957][ C0] ================================================================== [ 1088.872505][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 1088.874037][ C0] Read of size 8 at addr ffffaf800fe5ff60 by task syz-executor.1/2069 [ 1088.878233][ C0] [ 1088.880001][ C0] CPU: 0 PID: 2069 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1088.882257][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1088.883603][ C0] Call Trace: [ 1088.885039][ C0] [] dump_backtrace+0x2e/0x3c [ 1088.886535][ C0] [] show_stack+0x34/0x40 [ 1088.887972][ C0] [] dump_stack_lvl+0xe4/0x150 [ 1088.889914][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 1088.891676][ C0] [] kasan_report+0x184/0x1e0 [ 1088.893213][ C0] [] __asan_load8+0x6e/0x96 [ 1088.894584][ C0] [] walk_stackframe+0x11c/0x260 [ 1088.896058][ C0] [] arch_stack_walk+0x2c/0x3c [ 1088.897529][ C0] [] stack_trace_save+0xa6/0xd8 [ 1088.899273][ C0] [ 1088.900467][ C0] Allocated by task 1102416563: [ 1088.901755][ C0] (stack is not available) [ 1088.902678][ C0] [ 1088.903492][ C0] Freed by task 2327: [ 1088.904608][ C0] stack_trace_save+0xa6/0xd8 [ 1088.905960][ C0] kasan_save_stack+0x2c/0x58 [ 1088.907192][ C0] kasan_set_track+0x1a/0x26 [ 1088.908526][ C0] kasan_set_free_info+0x1e/0x3a [ 1088.910235][ C0] ____kasan_slab_free+0x15e/0x180 [ 1088.911655][ C0] __kasan_slab_free+0x10/0x18 [ 1088.912991][ C0] slab_free_freelist_hook+0x8e/0x1cc [ 1088.914177][ C0] kfree+0xe0/0x3e4 [ 1088.915369][ C0] tomoyo_realpath_from_path+0x158/0x3f4 [ 1088.916750][ C0] tomoyo_path_perm+0x1fc/0x3a8 [ 1088.918139][ C0] tomoyo_inode_getattr+0x1e/0x28 [ 1088.919576][ C0] security_inode_getattr+0x82/0xc6 [ 1088.921408][ C0] vfs_fstat+0x54/0xc8 [ 1088.922561][ C0] __do_sys_newfstat+0x96/0x106 [ 1088.923698][ C0] sys_newfstat+0x22/0x2e [ 1088.924932][ C0] ret_from_syscall+0x0/0x2 [ 1088.926165][ C0] [ 1088.926909][ C0] Last potentially related work creation: [ 1088.927934][ C0] ------------[ cut here ]------------ [ 1088.928918][ C0] slab index 389184 out of bounds (312) for stack id 0fe5f040 [ 1088.933700][ C0] WARNING: CPU: 0 PID: 2069 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 1088.935841][ C0] Modules linked in: [ 1088.937187][ C0] CPU: 0 PID: 2069 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1088.938807][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1088.939890][ C0] epc : stack_depot_print+0x66/0x70 [ 1088.941372][ C0] ra : stack_depot_print+0x66/0x70 [ 1088.943149][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800fe5fe20 [ 1088.944101][ C0] gp : ffffffff85863ac0 tp : ffffaf8009aa8000 t0 : ffffffff86bcb657 [ 1088.945065][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800fe5fe30 [ 1088.945967][ C0] s1 : ffffaf807aac18c0 a0 : 000000000000003b a1 : 00000000000f0000 [ 1088.946792][ C0] a2 : 0000000000000504 a3 : ffffffff8012252a a4 : 0d4d08f38560a700 [ 1088.947648][ C0] a5 : 0d4d08f38560a700 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 1088.948592][ C0] s2 : ffffaf800fe5ff60 s3 : ffffaf8007202140 s4 : ffffaf800fe5e000 [ 1088.950040][ C0] s5 : ffffaf800fe5f000 s6 : 0000000000003fff s7 : ffffaf800fe5ff00 [ 1088.952039][ C0] s8 : ffffaf805a9de970 s9 : ffffffffffffc000 s10: ffffaf800fe5ffe0 [ 1088.953328][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 1088.954689][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800fe5f918 [ 1088.955804][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 1088.957244][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 1088.958952][ C0] [] kasan_report+0x184/0x1e0 [ 1088.961031][ C0] [] __asan_load8+0x6e/0x96 [ 1088.962344][ C0] [] walk_stackframe+0x11c/0x260 [ 1088.963725][ C0] [] arch_stack_walk+0x2c/0x3c [ 1088.965118][ C0] [] stack_trace_save+0xa6/0xd8 [ 1088.966751][ C0] irq event stamp: 89663 [ 1088.967824][ C0] hardirqs last enabled at (89662): [] get_page_from_freelist+0xfc8/0x12d8 [ 1088.969836][ C0] hardirqs last disabled at (89663): [] _raw_spin_lock_irqsave+0x60/0x62 [ 1088.971813][ C0] softirqs last enabled at (89542): [] __do_softirq+0x618/0x8fc [ 1088.973088][ C0] softirqs last disabled at (89545): [] __irq_exit_rcu+0x142/0x1f8 [ 1088.974348][ C0] ---[ end trace 0000000000000000 ]--- [ 1088.975662][ C0] [ 1088.976253][ C0] Second to last potentially related work creation: [ 1088.977110][ C0] ------------[ cut here ]------------ [ 1088.977815][ C0] slab index 854259 out of bounds (312) for stack id 0d4d08f3 [ 1088.980425][ C0] WARNING: CPU: 0 PID: 2069 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 1088.981771][ C0] Modules linked in: [ 1088.982696][ C0] CPU: 0 PID: 2069 Comm: syz-executor.1 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1088.983882][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1088.984655][ C0] epc : stack_depot_print+0x66/0x70 [ 1088.985583][ C0] ra : stack_depot_print+0x66/0x70 [ 1088.986533][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800fe5fe20 [ 1088.987479][ C0] gp : ffffffff85863ac0 tp : ffffaf8009aa8000 t0 : ffffffff86bcb657 [ 1088.988434][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800fe5fe30 [ 1088.989567][ C0] s1 : ffffaf807aac18c0 a0 : 000000000000003b a1 : 00000000000f0000 [ 1088.991052][ C0] a2 : 0000000000000504 a3 : ffffffff8012252a a4 : 0d4d08f38560a700 [ 1088.992256][ C0] a5 : 0d4d08f38560a700 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 1088.993231][ C0] s2 : ffffaf800fe5ff60 s3 : ffffaf8007202140 s4 : ffffaf800fe5e000 [ 1088.994208][ C0] s5 : ffffaf800fe5f000 s6 : 0000000000003fff s7 : ffffaf800fe5ff00 [ 1088.995190][ C0] s8 : ffffaf805a9de970 s9 : ffffffffffffc000 s10: ffffaf800fe5ffe0 [ 1088.996139][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 1088.997137][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800fe5f918 [ 1088.998021][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 1088.999008][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 1089.000896][ C0] [] kasan_report+0x184/0x1e0 [ 1089.001981][ C0] [] __asan_load8+0x6e/0x96 [ 1089.002884][ C0] [] walk_stackframe+0x11c/0x260 [ 1089.003850][ C0] [] arch_stack_walk+0x2c/0x3c [ 1089.004839][ C0] [] stack_trace_save+0xa6/0xd8 [ 1089.005847][ C0] irq event stamp: 89663 [ 1089.006455][ C0] hardirqs last enabled at (89662): [] get_page_from_freelist+0xfc8/0x12d8 [ 1089.007670][ C0] hardirqs last disabled at (89663): [] _raw_spin_lock_irqsave+0x60/0x62 [ 1089.008944][ C0] softirqs last enabled at (89542): [] __do_softirq+0x618/0x8fc [ 1089.010877][ C0] softirqs last disabled at (89545): [] __irq_exit_rcu+0x142/0x1f8 [ 1089.012374][ C0] ---[ end trace 0000000000000000 ]--- [ 1089.013225][ C0] [ 1089.013756][ C0] The buggy address belongs to the object at ffffaf800fe5e000 [ 1089.013756][ C0] which belongs to the cache kmalloc-4k of size 4096 [ 1089.015106][ C0] The buggy address is located 3936 bytes to the right of [ 1089.015106][ C0] 4096-byte region [ffffaf800fe5e000, ffffaf800fe5f000) [ 1089.016487][ C0] The buggy address belongs to the page: [ 1089.017610][ C0] page:ffffaf807aac18c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x90058 [ 1089.018902][ C0] head:ffffaf807aac18c0 order:3 compound_mapcount:0 compound_pincount:0 [ 1089.020804][ C0] flags: 0x9000010200(slab|head|section=18|node=0|zone=0) [ 1089.022931][ C0] raw: 0000009000010200 0000000000000000 0000000000000122 ffffaf8007202140 [ 1089.023902][ C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 1089.024811][ C0] raw: 00000000000007ff [ 1089.025498][ C0] page dumped because: kasan: bad access detected [ 1089.026458][ C0] page_owner tracks the page as allocated [ 1089.027250][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2327, ts 1062123789100, free_ts 1061218189800 [ 1089.028989][ C0] __set_page_owner+0x48/0x136 [ 1089.030275][ C0] post_alloc_hook+0xd0/0x10a [ 1089.031739][ C0] get_page_from_freelist+0x8da/0x12d8 [ 1089.032619][ C0] __alloc_pages+0x150/0x3b6 [ 1089.033467][ C0] alloc_pages+0x132/0x2a6 [ 1089.034286][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 1089.035166][ C0] new_slab+0x25a/0x2cc [ 1089.035960][ C0] ___slab_alloc+0x56e/0x918 [ 1089.036800][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 1089.037681][ C0] __kmalloc+0x268/0x318 [ 1089.038464][ C0] tomoyo_realpath_from_path+0x9c/0x3f4 [ 1089.039318][ C0] tomoyo_check_open_permission+0x282/0x348 [ 1089.040654][ C0] tomoyo_file_open+0x78/0x7c [ 1089.041778][ C0] security_file_open+0x44/0x9a [ 1089.042603][ C0] do_dentry_open+0x1c6/0x7d4 [ 1089.043396][ C0] vfs_open+0x52/0x5e [ 1089.044230][ C0] page last free stack trace: [ 1089.044880][ C0] __reset_page_owner+0x4a/0xea [ 1089.045711][ C0] free_pcp_prepare+0x29c/0x45e [ 1089.046506][ C0] free_unref_page+0x6a/0x31e [ 1089.047307][ C0] __free_pages+0xe2/0x112 [ 1089.048073][ C0] __free_slab+0x122/0x27c [ 1089.048906][ C0] discard_slab+0x4c/0x7a [ 1089.050056][ C0] __slab_free+0x20a/0x29c [ 1089.051125][ C0] ___cache_free+0x17c/0x354 [ 1089.051948][ C0] qlist_free_all+0x7c/0x132 [ 1089.052724][ C0] kasan_quarantine_reduce+0x14c/0x1c8 [ 1089.053565][ C0] __kasan_slab_alloc+0x5c/0x98 [ 1089.054406][ C0] kmem_cache_alloc_node+0x368/0x41c [ 1089.055281][ C0] __alloc_skb+0x234/0x2e4 [ 1089.056138][ C0] inet_netconf_notify_devconf+0xf0/0x264 [ 1089.057074][ C0] __devinet_sysctl_register+0x18e/0x1fc [ 1089.057938][ C0] devinet_sysctl_register+0x110/0x142 [ 1089.058919][ C0] [ 1089.059653][ C0] Memory state around the buggy address: [ 1089.061071][ C0] ffffaf800fe5fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1089.061981][ C0] ffffaf800fe5fe80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 1089.062983][ C0] >ffffaf800fe5ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1089.063813][ C0] ^ [ 1089.064689][ C0] ffffaf800fe5ff80: fc fc fc fc fc fc fc fc f1 f1 f1 f1 00 00 00 f3 [ 1089.065525][ C0] ffffaf800fe60000: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 1089.066422][ C0] ================================================================== [ 1089.067387][ C0] Disabling lock debugging due to kernel taint [ 1089.074535][ T2069] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 1089.075496][ T2069] CPU: 0 PID: 2069 Comm: syz-executor.1 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1089.076481][ T2069] Hardware name: riscv-virtio,qemu (DT) [ 1089.077123][ T2069] Call Trace: [ 1089.077560][ T2069] [] dump_backtrace+0x2e/0x3c [ 1089.078348][ T2069] [] show_stack+0x34/0x40 [ 1089.079105][ T2069] [] dump_stack_lvl+0xe4/0x150 [ 1089.080524][ T2069] [] dump_stack+0x1c/0x24 [ 1089.081439][ T2069] [] panic+0x24a/0x634 [ 1089.082185][ T2069] [] schedule+0x0/0x14c [ 1089.083008][ T2069] [] preempt_schedule_irq+0x4a/0x13e [ 1089.083857][ T2069] [] resume_kernel+0x16/0x18 [ 1089.085010][ T2069] SMP: stopping secondary CPUs [ 1089.086804][ T2069] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:14:05 Registers: info registers vcpu 0 pc ffffffff80475986 mhartid 0000000000000000 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff80119b52 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80119b52 x2/sp ffffaf80108677e0 x3/gp ffffffff85863ac0 x4/tp ffffaf800ecc1840 x5/t0 00000000000001f8 x6/t1 0d4d08f38560a700 x7/t2 ffffffffffffffff x8/s0 ffffaf8010867820 x9/s1 ffffaf800f7f9898 x10/a0 ffffaf800f7f9898 x11/a1 0000000000000003 x12/a2 1ffff5f001eff313 x13/a3 ffffffff80119b52 x14/a4 0000000000000000 x15/a5 0000000000000001 x16/a6 0000000000f00000 x17/a7 ffffffff826e6226 x18/s2 0000000000000001 x19/s3 ffffaf800ecc1840 x20/s4 ffffaf800f7f98a8 x21/s5 ffffaf800f7f98a0 x22/s6 ffffaf8010867960 x23/s7 ffffaf8010867b00 x24/s8 0000000000000000 x25/s9 0000000000004000 x26/s10 0000000000000040 x27/s11 0000000000000001 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f00210ceb4 x31/t6 00000000013da537 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff8011dbf8 mhartid 0000000000000001 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475b48 sepc ffffffff80475986 mcause 8000000000000007 scause 8000000000000009 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8011dbf4 x2/sp ffffaf800fe5fca0 x3/gp ffffffff85863ac0 x4/tp ffffaf8009aa8000 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef01fcbf2c x7/t2 0000000000000000 x8/s0 ffffaf800fe5fcd0 x9/s1 0000000000000001 x10/a0 ffffaf8009aa8008 x11/a1 00000000000f0000 x12/a2 0000000000000505 x13/a3 ffffffff8011dbf4 x14/a4 ffffaf8009aa8000 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffaf800fe5f967 x18/s2 0000000000000043 x19/s3 0000000000000504 x20/s4 0000000000000020 x21/s5 ffffffff8453b3b0 x22/s6 ffffffff80121ba4 x23/s7 0000000000000000 x24/s8 0000000000000000 x25/s9 ffffffffffffc000 x26/s10 ffffaf800fe5ffe0 x27/s11 0000000000000008 x28/t3 fffffffff3f3f300 x29/t4 fffff5ef01fcbf2c x30/t5 fffff5ef01fcbf2d x31/t6 ffffaf800fe5f978 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000