syzkaller login: [ 266.117431][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 266.177879][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 266.214906][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 285.034472][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:23811' (ECDSA) to the list of known hosts. 1970/01/01 00:05:46 fuzzer started 1970/01/01 00:05:57 dialing manager at localhost:39321 [ 363.975112][ T2031] cgroup: Unknown subsys name 'net' [ 365.138593][ T2031] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:05 syscalls: 2918 1970/01/01 00:06:05 code coverage: enabled 1970/01/01 00:06:05 comparison tracing: enabled 1970/01/01 00:06:05 extra coverage: enabled 1970/01/01 00:06:05 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:05 setuid sandbox: enabled 1970/01/01 00:06:05 namespace sandbox: enabled 1970/01/01 00:06:05 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:05 fault injection: enabled 1970/01/01 00:06:05 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:05 net packet injection: enabled 1970/01/01 00:06:05 net device setup: enabled 1970/01/01 00:06:05 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:05 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:05 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:05 USB emulation: enabled 1970/01/01 00:06:05 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:05 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:05 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:05 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:09 fetching corpus: 49, signal 28392/31725 (executing program) 1970/01/01 00:06:12 fetching corpus: 99, signal 42685/47267 (executing program) 1970/01/01 00:06:15 fetching corpus: 149, signal 52288/57988 (executing program) 1970/01/01 00:06:20 fetching corpus: 198, signal 62721/69249 (executing program) 1970/01/01 00:06:23 fetching corpus: 247, signal 69075/76437 (executing program) 1970/01/01 00:06:27 fetching corpus: 297, signal 76765/84765 (executing program) 1970/01/01 00:06:29 fetching corpus: 347, signal 82052/90776 (executing program) 1970/01/01 00:06:32 fetching corpus: 397, signal 85977/95371 (executing program) 1970/01/01 00:06:35 fetching corpus: 446, signal 90281/100211 (executing program) 1970/01/01 00:06:38 fetching corpus: 496, signal 94533/104950 (executing program) 1970/01/01 00:06:41 fetching corpus: 546, signal 96795/107847 (executing program) 1970/01/01 00:06:44 fetching corpus: 596, signal 99687/111237 (executing program) 1970/01/01 00:06:47 fetching corpus: 646, signal 102853/114838 (executing program) 1970/01/01 00:06:49 fetching corpus: 696, signal 105247/117684 (executing program) 1970/01/01 00:06:54 fetching corpus: 745, signal 108708/121330 (executing program) 1970/01/01 00:06:57 fetching corpus: 794, signal 111377/124316 (executing program) 1970/01/01 00:07:01 fetching corpus: 843, signal 114231/127412 (executing program) 1970/01/01 00:07:04 fetching corpus: 893, signal 116126/129634 (executing program) 1970/01/01 00:07:06 fetching corpus: 942, signal 118198/131965 (executing program) 1970/01/01 00:07:09 fetching corpus: 992, signal 120359/134342 (executing program) 1970/01/01 00:07:11 fetching corpus: 1042, signal 122428/136602 (executing program) 1970/01/01 00:07:13 fetching corpus: 1092, signal 123795/138238 (executing program) 1970/01/01 00:07:16 fetching corpus: 1141, signal 124900/139695 (executing program) 1970/01/01 00:07:20 fetching corpus: 1190, signal 127313/142028 (executing program) 1970/01/01 00:07:23 fetching corpus: 1239, signal 129451/144151 (executing program) 1970/01/01 00:07:25 fetching corpus: 1289, signal 131164/145929 (executing program) 1970/01/01 00:07:28 fetching corpus: 1339, signal 132851/147693 (executing program) 1970/01/01 00:07:31 fetching corpus: 1389, signal 135061/149703 (executing program) 1970/01/01 00:07:33 fetching corpus: 1439, signal 136505/151190 (executing program) 1970/01/01 00:07:36 fetching corpus: 1489, signal 137697/152506 (executing program) 1970/01/01 00:07:39 fetching corpus: 1539, signal 139395/154127 (executing program) 1970/01/01 00:07:41 fetching corpus: 1589, signal 140947/155587 (executing program) 1970/01/01 00:07:44 fetching corpus: 1639, signal 142245/156825 (executing program) 1970/01/01 00:07:48 fetching corpus: 1689, signal 143589/158040 (executing program) 1970/01/01 00:07:51 fetching corpus: 1739, signal 144467/159003 (executing program) 1970/01/01 00:07:54 fetching corpus: 1789, signal 145512/160053 (executing program) 1970/01/01 00:07:57 fetching corpus: 1839, signal 146686/161117 (executing program) 1970/01/01 00:07:59 fetching corpus: 1889, signal 148448/162529 (executing program) 1970/01/01 00:08:02 fetching corpus: 1939, signal 149790/163659 (executing program) 1970/01/01 00:08:05 fetching corpus: 1988, signal 150954/164627 (executing program) 1970/01/01 00:08:08 fetching corpus: 2038, signal 152121/165581 (executing program) 1970/01/01 00:08:10 fetching corpus: 2088, signal 153054/166405 (executing program) 1970/01/01 00:08:13 fetching corpus: 2138, signal 154665/167563 (executing program) 1970/01/01 00:08:15 fetching corpus: 2188, signal 156195/168591 (executing program) 1970/01/01 00:08:18 fetching corpus: 2237, signal 157233/169369 (executing program) 1970/01/01 00:08:20 fetching corpus: 2287, signal 158004/170014 (executing program) 1970/01/01 00:08:22 fetching corpus: 2337, signal 158827/170636 (executing program) 1970/01/01 00:08:25 fetching corpus: 2387, signal 159640/171251 (executing program) 1970/01/01 00:08:28 fetching corpus: 2437, signal 161028/172120 (executing program) 1970/01/01 00:09:04 fetching corpus: 2487, signal 161854/172694 (executing program) 1970/01/01 00:09:06 fetching corpus: 2534, signal 162794/173326 (executing program) 1970/01/01 00:09:10 fetching corpus: 2584, signal 163775/173906 (executing program) 1970/01/01 00:09:12 fetching corpus: 2633, signal 165394/174763 (executing program) 1970/01/01 00:09:14 fetching corpus: 2683, signal 166551/175361 (executing program) 1970/01/01 00:09:17 fetching corpus: 2733, signal 167508/175894 (executing program) 1970/01/01 00:09:19 fetching corpus: 2782, signal 168390/176368 (executing program) 1970/01/01 00:09:23 fetching corpus: 2832, signal 169366/176854 (executing program) 1970/01/01 00:09:25 fetching corpus: 2882, signal 170138/177243 (executing program) 1970/01/01 00:09:28 fetching corpus: 2932, signal 170927/177623 (executing program) 1970/01/01 00:09:31 fetching corpus: 2982, signal 171645/177964 (executing program) 1970/01/01 00:09:33 fetching corpus: 3031, signal 172382/178339 (executing program) 1970/01/01 00:09:37 fetching corpus: 3081, signal 173057/178659 (executing program) 1970/01/01 00:09:39 fetching corpus: 3130, signal 173962/179032 (executing program) 1970/01/01 00:09:42 fetching corpus: 3180, signal 174702/179324 (executing program) 1970/01/01 00:09:44 fetching corpus: 3229, signal 175455/179591 (executing program) 1970/01/01 00:09:47 fetching corpus: 3278, signal 176195/179842 (executing program) 1970/01/01 00:09:49 fetching corpus: 3328, signal 176865/180076 (executing program) 1970/01/01 00:09:51 fetching corpus: 3378, signal 177453/180260 (executing program) 1970/01/01 00:09:52 fetching corpus: 3401, signal 177733/180373 (executing program) 1970/01/01 00:09:53 fetching corpus: 3401, signal 177733/180409 (executing program) 1970/01/01 00:09:53 fetching corpus: 3401, signal 177733/180438 (executing program) 1970/01/01 00:09:53 fetching corpus: 3401, signal 177733/180462 (executing program) 1970/01/01 00:09:53 fetching corpus: 3401, signal 177733/180500 (executing program) 1970/01/01 00:09:53 fetching corpus: 3401, signal 177733/180526 (executing program) 1970/01/01 00:09:54 fetching corpus: 3401, signal 177733/180578 (executing program) 1970/01/01 00:09:54 fetching corpus: 3401, signal 177733/180619 (executing program) 1970/01/01 00:09:54 fetching corpus: 3401, signal 177733/180655 (executing program) 1970/01/01 00:09:54 fetching corpus: 3401, signal 177733/180691 (executing program) 1970/01/01 00:09:54 fetching corpus: 3401, signal 177733/180732 (executing program) 1970/01/01 00:09:54 fetching corpus: 3401, signal 177733/180764 (executing program) 1970/01/01 00:09:54 fetching corpus: 3401, signal 177733/180794 (executing program) 1970/01/01 00:09:54 fetching corpus: 3401, signal 177733/180836 (executing program) 1970/01/01 00:09:54 fetching corpus: 3401, signal 177733/180878 (executing program) 1970/01/01 00:09:55 fetching corpus: 3401, signal 177733/180914 (executing program) 1970/01/01 00:09:55 fetching corpus: 3401, signal 177733/180960 (executing program) 1970/01/01 00:09:55 fetching corpus: 3401, signal 177733/181004 (executing program) 1970/01/01 00:09:55 fetching corpus: 3401, signal 177733/181030 (executing program) 1970/01/01 00:09:55 fetching corpus: 3401, signal 177733/181056 (executing program) 1970/01/01 00:09:55 fetching corpus: 3401, signal 177733/181101 (executing program) 1970/01/01 00:09:55 fetching corpus: 3401, signal 177733/181124 (executing program) 1970/01/01 00:09:56 fetching corpus: 3401, signal 177733/181124 (executing program) 1970/01/01 00:11:35 starting 2 fuzzer processes 00:11:35 executing program 0: r0 = syz_io_uring_setup(0x76a9, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000200)=0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) listen(r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x40000100}, 0x0) io_uring_enter(r0, 0x3bce, 0x0, 0x0, 0x0, 0x0) 00:11:35 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000000)={0x0, 0x0, 0xa}) [ 721.570171][ T2044] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 722.109156][ T2044] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 722.213652][ T2045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 722.790409][ T2045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 723.752455][ C0] ================================================================== [ 723.755881][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 723.757473][ C0] Read of size 8 at addr ffffaf800cd87f60 by task syz-executor.1/2045 [ 723.759093][ C0] [ 723.761035][ C0] CPU: 0 PID: 2045 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 723.762722][ C0] Hardware name: riscv-virtio,qemu (DT) [ 723.764065][ C0] Call Trace: [ 723.765087][ C0] [] dump_backtrace+0x2e/0x3c [ 723.767005][ C0] [] show_stack+0x34/0x40 [ 723.768244][ C0] [] dump_stack_lvl+0xe4/0x150 [ 723.769571][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 723.771158][ C0] [] kasan_report+0x184/0x1e0 [ 723.772501][ C0] [] __asan_load8+0x6e/0x96 [ 723.773808][ C0] [] walk_stackframe+0x11c/0x260 [ 723.775125][ C0] [] arch_stack_walk+0x2c/0x3c [ 723.776954][ C0] [] stack_trace_save+0xa6/0xd8 [ 723.778535][ C0] [ 723.779366][ C0] Allocated by task 1284: [ 723.780260][ C0] (stack is not available) [ 723.781143][ C0] [ 723.781889][ C0] Last potentially related work creation: [ 723.782828][ C0] ------------[ cut here ]------------ [ 723.783707][ C0] slab index 1189162 out of bounds (292) for stack id 8012252a [ 723.788430][ C0] WARNING: CPU: 0 PID: 2045 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 723.790322][ C0] Modules linked in: [ 723.791508][ C0] CPU: 0 PID: 2045 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 723.793057][ C0] Hardware name: riscv-virtio,qemu (DT) [ 723.794059][ C0] epc : stack_depot_print+0x66/0x70 [ 723.795321][ C0] ra : stack_depot_print+0x66/0x70 [ 723.797343][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800cd87e20 [ 723.798613][ C0] gp : ffffffff85863ac0 tp : ffffaf800e641840 t0 : ffffffff86bcb657 [ 723.799826][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800cd87e30 [ 723.801052][ C0] s1 : ffffaf807a9e5d20 a0 : 000000000000003c a1 : 00000000000f0000 [ 723.802212][ C0] a2 : 0000000000000504 a3 : ffffffff8012252a a4 : 34b3305d6bdeb400 [ 723.803456][ C0] a5 : 34b3305d6bdeb400 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 723.804633][ C0] s2 : ffffaf800cd87f60 s3 : ffffaf8007201c80 s4 : ffffaf800cd87c00 [ 723.806445][ C0] s5 : ffffaf800cd87e00 s6 : 0000000000003fff s7 : ffffaf800cd87f00 [ 723.808211][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf800cd87fe0 [ 723.809324][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 723.810275][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800cd87918 [ 723.811097][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 723.812124][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 723.813281][ C0] [] kasan_report+0x184/0x1e0 [ 723.814240][ C0] [] __asan_load8+0x6e/0x96 [ 723.815164][ C0] [] walk_stackframe+0x11c/0x260 [ 723.816779][ C0] [] arch_stack_walk+0x2c/0x3c [ 723.818427][ C0] [] stack_trace_save+0xa6/0xd8 [ 723.819587][ C0] irq event stamp: 54317 [ 723.820245][ C0] hardirqs last enabled at (54316): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 723.821470][ C0] hardirqs last disabled at (54317): [] _raw_spin_lock_irqsave+0x60/0x62 [ 723.822660][ C0] softirqs last enabled at (54178): [] __do_softirq+0x618/0x8fc [ 723.823847][ C0] softirqs last disabled at (54181): [] __irq_exit_rcu+0x142/0x1f8 [ 723.825076][ C0] ---[ end trace 0000000000000000 ]--- [ 723.826822][ C0] [ 723.827658][ C0] Second to last potentially related work creation: [ 723.828433][ C0] ------------[ cut here ]------------ [ 723.829122][ C0] slab index 2097151 out of bounds (292) for stack id ffffffff [ 723.831685][ C0] WARNING: CPU: 0 PID: 2045 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 723.832904][ C0] Modules linked in: [ 723.833806][ C0] CPU: 0 PID: 2045 Comm: syz-executor.1 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 723.835021][ C0] Hardware name: riscv-virtio,qemu (DT) [ 723.836316][ C0] epc : stack_depot_print+0x66/0x70 [ 723.837712][ C0] ra : stack_depot_print+0x66/0x70 [ 723.838629][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800cd87e20 [ 723.839558][ C0] gp : ffffffff85863ac0 tp : ffffaf800e641840 t0 : ffffffff86bcb657 [ 723.840521][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800cd87e30 [ 723.841482][ C0] s1 : ffffaf807a9e5d20 a0 : 000000000000003c a1 : 00000000000f0000 [ 723.842450][ C0] a2 : 0000000000000504 a3 : ffffffff8012252a a4 : 34b3305d6bdeb400 [ 723.843378][ C0] a5 : 34b3305d6bdeb400 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 723.844302][ C0] s2 : ffffaf800cd87f60 s3 : ffffaf8007201c80 s4 : ffffaf800cd87c00 [ 723.845326][ C0] s5 : ffffaf800cd87e00 s6 : 0000000000003fff s7 : ffffaf800cd87f00 [ 723.847056][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf800cd87fe0 [ 723.848070][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 723.849009][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800cd87918 [ 723.849795][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 723.850755][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 723.851940][ C0] [] kasan_report+0x184/0x1e0 [ 723.852928][ C0] [] __asan_load8+0x6e/0x96 [ 723.853914][ C0] [] walk_stackframe+0x11c/0x260 [ 723.854936][ C0] [] arch_stack_walk+0x2c/0x3c [ 723.856567][ C0] [] stack_trace_save+0xa6/0xd8 [ 723.857898][ C0] irq event stamp: 54317 [ 723.858419][ C0] hardirqs last enabled at (54316): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 723.859384][ C0] hardirqs last disabled at (54317): [] _raw_spin_lock_irqsave+0x60/0x62 [ 723.860275][ C0] softirqs last enabled at (54178): [] __do_softirq+0x618/0x8fc [ 723.861432][ C0] softirqs last disabled at (54181): [] __irq_exit_rcu+0x142/0x1f8 [ 723.862518][ C0] ---[ end trace 0000000000000000 ]--- [ 723.863376][ C0] [ 723.863910][ C0] The buggy address belongs to the object at ffffaf800cd87c00 [ 723.863910][ C0] which belongs to the cache kmalloc-512 of size 512 [ 723.865177][ C0] The buggy address is located 352 bytes to the right of [ 723.865177][ C0] 512-byte region [ffffaf800cd87c00, ffffaf800cd87e00) [ 723.868336][ C0] The buggy address belongs to the page: [ 723.870350][ C0] page:ffffaf807a9e5d20 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cf84 [ 723.871609][ C0] head:ffffaf807a9e5d20 order:2 compound_mapcount:0 compound_pincount:0 [ 723.872735][ C0] flags: 0x8800010200(slab|head|section=17|node=0|zone=0) [ 723.875126][ C0] raw: 0000008800010200 0000000000000000 0000000000000122 ffffaf8007201c80 [ 723.877462][ C0] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 723.878460][ C0] raw: 00000000000007ff [ 723.879214][ C0] page dumped because: kasan: bad access detected [ 723.880203][ C0] page_owner tracks the page as allocated [ 723.880998][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, ts 53344123600, free_ts 52994761300 [ 723.882610][ C0] __set_page_owner+0x48/0x136 [ 723.883536][ C0] post_alloc_hook+0xd0/0x10a [ 723.884371][ C0] get_page_from_freelist+0x8da/0x12d8 [ 723.885327][ C0] __alloc_pages+0x150/0x3b6 [ 723.886693][ C0] alloc_page_interleave+0x2a/0x1cc [ 723.887648][ C0] alloc_pages+0x210/0x2a6 [ 723.888504][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 723.889465][ C0] new_slab+0x76/0x2cc [ 723.890246][ C0] ___slab_alloc+0x56e/0x918 [ 723.891088][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 723.891999][ C0] kmem_cache_alloc_node_trace+0x1ea/0x2e2 [ 723.892991][ C0] iolatency_pd_alloc+0x86/0x110 [ 723.893888][ C0] blkcg_activate_policy+0x184/0x7b4 [ 723.894777][ C0] blk_iolatency_init+0x11c/0x22e [ 723.896347][ C0] blkcg_init_queue+0x1a8/0x6c6 [ 723.897774][ C0] blk_alloc_queue+0x322/0x584 [ 723.898827][ C0] page last free stack trace: [ 723.899555][ C0] __reset_page_owner+0x4a/0xea [ 723.900438][ C0] free_pcp_prepare+0x29c/0x45e [ 723.901391][ C0] free_unref_page+0x6a/0x31e [ 723.902282][ C0] __free_pages+0xe2/0x112 [ 723.903149][ C0] put_task_stack+0x1d0/0x2b0 [ 723.904029][ C0] finish_task_switch.isra.0+0x3ce/0x420 [ 723.905002][ C0] __schedule+0x58e/0x118e [ 723.906481][ C0] schedule_idle+0x22/0x42 [ 723.907929][ C0] do_idle+0xca/0x144 [ 723.908834][ C0] cpu_startup_entry+0x1a/0x1c [ 723.909702][ C0] smp_callin+0xa2/0xb0 [ 723.910777][ C0] [ 723.911439][ C0] Memory state around the buggy address: [ 723.912524][ C0] ffffaf800cd87e00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 723.913564][ C0] ffffaf800cd87e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 723.914520][ C0] >ffffaf800cd87f00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 723.915488][ C0] ^ [ 723.917397][ C0] ffffaf800cd87f80: fc fc fc fc fc fc fc fc f1 f1 f1 f1 00 00 00 f3 [ 723.918355][ C0] ffffaf800cd88000: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 723.919241][ C0] ================================================================== [ 723.920029][ C0] Disabling lock debugging due to kernel taint [ 723.923177][ T2045] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 723.924098][ T2045] CPU: 0 PID: 2045 Comm: syz-executor.1 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 723.925271][ T2045] Hardware name: riscv-virtio,qemu (DT) [ 723.926145][ T2045] Call Trace: [ 723.926688][ T2045] [] dump_backtrace+0x2e/0x3c [ 723.927699][ T2045] [] show_stack+0x34/0x40 [ 723.928553][ T2045] [] dump_stack_lvl+0xe4/0x150 [ 723.929625][ T2045] [] dump_stack+0x1c/0x24 [ 723.930572][ T2045] [] panic+0x24a/0x634 [ 723.931398][ T2045] [] schedule+0x0/0x14c [ 723.932375][ T2045] [] preempt_schedule_irq+0x4a/0x13e [ 723.933365][ T2045] [] resume_kernel+0x16/0x18 [ 723.934736][ T2045] SMP: stopping secondary CPUs [ 723.937640][ T2045] Rebooting in 86400 seconds.. VM DIAGNOSIS: 14:38:35 Registers: info registers vcpu 0 pc ffffffff831afa04 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475b48 sepc ffffffff80be7b02 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dcc9fe x2/sp ffffaf800cd87930 x3/gp ffffffff85863ac0 x4/tp ffffaf800e641840 x5/t0 ffffffff86bcb657 x6/t1 34b3305d6bdeb400 x7/t2 0000000000000000 x8/s0 ffffaf800cd87960 x9/s1 ffffffff86e58900 x10/a0 ffffffff86e58900 x11/a1 00000000000f0000 x12/a2 0000000000000505 x13/a3 ffffffff80dcc9f4 x14/a4 ffffaf800e641840 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff8011edca x18/s2 ffffffff80dcc9fe x19/s3 0000000000000020 x20/s4 ffffffff86e58900 x21/s5 0000000000000000 x22/s6 ffffffff8588c1a0 x23/s7 ffffffff8588c3e0 x24/s8 ffffffff8588c220 x25/s9 ffffffff84a88520 x26/s10 ffffffff858655c0 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0019b0f0c x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80112462 mhartid 0000000000000001 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 00007fffa72223d0 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80119d66 x2/sp ffffaf800f98fa70 x3/gp ffffffff85863ac0 x4/tp ffffaf8010818000 x5/t0 fffff5ef01f2e63a x6/t1 34b3305d6bdeb400 x7/t2 fffffffffffff000 x8/s0 ffffaf800f98fab0 x9/s1 ffffaf800c762860 x10/a0 ffffaf800c762860 x11/a1 0000000000000007 x12/a2 0000000000000002 x13/a3 ffffffff80c26842 x14/a4 0000000000000000 x15/a5 ffffaf800c762a80 x16/a6 0000000000f00000 x17/a7 ffffffff803e7a46 x18/s2 ffffaf800c762548 x19/s3 ffffaf800c762548 x20/s4 00007fffc310e000 x21/s5 00007fffc30ed000 x22/s6 000000000000000a x23/s7 ffffaf800f009e68 x24/s8 000000000000000b x25/s9 ffffaf800f009e00 x26/s10 ffffffff858693c0 x27/s11 ffffaf800f009e60 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001f31f00 x31/t6 00007fffa7217000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000