syzkaller login: [ 276.231626][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 276.282523][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 276.328793][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:8125' (ECDSA) to the list of known hosts. 1970/01/01 00:05:21 fuzzer started 1970/01/01 00:05:33 dialing manager at localhost:41861 [ 340.339955][ T2025] cgroup: Unknown subsys name 'net' [ 341.489971][ T2025] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:41 syscalls: 2870 1970/01/01 00:05:41 code coverage: enabled 1970/01/01 00:05:41 comparison tracing: enabled 1970/01/01 00:05:41 extra coverage: enabled 1970/01/01 00:05:41 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:41 setuid sandbox: enabled 1970/01/01 00:05:41 namespace sandbox: enabled 1970/01/01 00:05:41 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:41 fault injection: enabled 1970/01/01 00:05:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:41 net packet injection: enabled 1970/01/01 00:05:41 net device setup: enabled 1970/01/01 00:05:41 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:41 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:41 USB emulation: enabled 1970/01/01 00:05:41 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:41 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:41 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:42 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:05:49 fetching corpus: 50, signal 30917/34127 (executing program) 1970/01/01 00:05:53 fetching corpus: 99, signal 46321/50546 (executing program) 1970/01/01 00:05:58 fetching corpus: 149, signal 54959/60202 (executing program) 1970/01/01 00:06:01 fetching corpus: 199, signal 64732/70633 (executing program) 1970/01/01 00:06:04 fetching corpus: 248, signal 72875/79331 (executing program) 1970/01/01 00:06:08 fetching corpus: 298, signal 77854/84915 (executing program) 1970/01/01 00:06:10 fetching corpus: 347, signal 82153/89775 (executing program) 1970/01/01 00:06:13 fetching corpus: 397, signal 86339/94412 (executing program) 1970/01/01 00:06:16 fetching corpus: 447, signal 89904/98350 (executing program) 1970/01/01 00:06:18 fetching corpus: 496, signal 93029/101793 (executing program) 1970/01/01 00:06:20 fetching corpus: 546, signal 95347/104556 (executing program) 1970/01/01 00:06:25 fetching corpus: 596, signal 97459/107094 (executing program) 1970/01/01 00:06:28 fetching corpus: 646, signal 99703/109620 (executing program) 1970/01/01 00:06:31 fetching corpus: 696, signal 101912/112079 (executing program) 1970/01/01 00:06:33 fetching corpus: 745, signal 104723/114965 (executing program) 1970/01/01 00:06:37 fetching corpus: 795, signal 107103/117486 (executing program) 1970/01/01 00:06:41 fetching corpus: 845, signal 108842/119459 (executing program) 1970/01/01 00:06:43 fetching corpus: 895, signal 111165/121771 (executing program) 1970/01/01 00:06:46 fetching corpus: 945, signal 114046/124486 (executing program) 1970/01/01 00:06:47 fetching corpus: 995, signal 116269/126642 (executing program) 1970/01/01 00:06:50 fetching corpus: 1045, signal 118861/129021 (executing program) 1970/01/01 00:06:54 fetching corpus: 1095, signal 121175/131104 (executing program) 1970/01/01 00:06:56 fetching corpus: 1144, signal 122778/132615 (executing program) 1970/01/01 00:06:58 fetching corpus: 1194, signal 124380/134084 (executing program) 1970/01/01 00:07:01 fetching corpus: 1244, signal 126112/135627 (executing program) 1970/01/01 00:07:04 fetching corpus: 1293, signal 127911/137208 (executing program) 1970/01/01 00:07:06 fetching corpus: 1343, signal 129450/138537 (executing program) 1970/01/01 00:07:09 fetching corpus: 1393, signal 131417/140045 (executing program) 1970/01/01 00:07:11 fetching corpus: 1442, signal 132649/141135 (executing program) 1970/01/01 00:07:14 fetching corpus: 1492, signal 134500/142478 (executing program) 1970/01/01 00:07:18 fetching corpus: 1542, signal 136188/143714 (executing program) 1970/01/01 00:07:21 fetching corpus: 1592, signal 137496/144736 (executing program) 1970/01/01 00:07:24 fetching corpus: 1642, signal 139121/145855 (executing program) 1970/01/01 00:07:27 fetching corpus: 1691, signal 140033/146585 (executing program) 1970/01/01 00:07:30 fetching corpus: 1741, signal 141057/147317 (executing program) 1970/01/01 00:07:33 fetching corpus: 1790, signal 142568/148255 (executing program) 1970/01/01 00:07:35 fetching corpus: 1840, signal 143923/149110 (executing program) 1970/01/01 00:07:38 fetching corpus: 1889, signal 144882/149721 (executing program) 1970/01/01 00:07:40 fetching corpus: 1939, signal 146306/150518 (executing program) 1970/01/01 00:07:44 fetching corpus: 1989, signal 147480/151169 (executing program) 1970/01/01 00:07:46 fetching corpus: 2038, signal 148334/151654 (executing program) 1970/01/01 00:07:51 fetching corpus: 2088, signal 150571/152698 (executing program) 1970/01/01 00:07:55 fetching corpus: 2137, signal 152358/153519 (executing program) 1970/01/01 00:07:55 fetching corpus: 2150, signal 152479/153603 (executing program) 1970/01/01 00:07:56 fetching corpus: 2150, signal 152479/153636 (executing program) 1970/01/01 00:07:56 fetching corpus: 2150, signal 152479/153648 (executing program) 1970/01/01 00:07:56 fetching corpus: 2151, signal 152492/153682 (executing program) 1970/01/01 00:07:56 fetching corpus: 2151, signal 152492/153700 (executing program) 1970/01/01 00:07:56 fetching corpus: 2151, signal 152492/153724 (executing program) 1970/01/01 00:07:57 fetching corpus: 2151, signal 152492/153746 (executing program) 1970/01/01 00:07:57 fetching corpus: 2151, signal 152492/153768 (executing program) 1970/01/01 00:07:57 fetching corpus: 2151, signal 152492/153792 (executing program) 1970/01/01 00:07:57 fetching corpus: 2151, signal 152492/153811 (executing program) 1970/01/01 00:07:57 fetching corpus: 2151, signal 152492/153833 (executing program) 1970/01/01 00:07:58 fetching corpus: 2151, signal 152492/153859 (executing program) 1970/01/01 00:07:58 fetching corpus: 2151, signal 152492/153878 (executing program) 1970/01/01 00:07:58 fetching corpus: 2151, signal 152492/153900 (executing program) 1970/01/01 00:07:58 fetching corpus: 2151, signal 152492/153921 (executing program) 1970/01/01 00:07:59 fetching corpus: 2151, signal 152492/153952 (executing program) 1970/01/01 00:07:59 fetching corpus: 2151, signal 152492/153985 (executing program) 1970/01/01 00:07:59 fetching corpus: 2151, signal 152492/154011 (executing program) 1970/01/01 00:07:59 fetching corpus: 2151, signal 152492/154040 (executing program) 1970/01/01 00:07:59 fetching corpus: 2151, signal 152492/154064 (executing program) 1970/01/01 00:07:59 fetching corpus: 2151, signal 152492/154079 (executing program) 1970/01/01 00:07:59 fetching corpus: 2151, signal 152492/154106 (executing program) 1970/01/01 00:07:59 fetching corpus: 2151, signal 152492/154133 (executing program) 1970/01/01 00:08:00 fetching corpus: 2151, signal 152492/154157 (executing program) 1970/01/01 00:08:00 fetching corpus: 2152, signal 152500/154196 (executing program) 1970/01/01 00:08:00 fetching corpus: 2152, signal 152500/154221 (executing program) 1970/01/01 00:08:00 fetching corpus: 2152, signal 152500/154244 (executing program) 1970/01/01 00:08:00 fetching corpus: 2152, signal 152500/154275 (executing program) 1970/01/01 00:08:00 fetching corpus: 2152, signal 152500/154298 (executing program) 1970/01/01 00:08:01 fetching corpus: 2152, signal 152500/154315 (executing program) 1970/01/01 00:08:01 fetching corpus: 2152, signal 152500/154340 (executing program) 1970/01/01 00:08:01 fetching corpus: 2152, signal 152500/154363 (executing program) 1970/01/01 00:08:01 fetching corpus: 2152, signal 152500/154385 (executing program) 1970/01/01 00:08:01 fetching corpus: 2152, signal 152500/154393 (executing program) 1970/01/01 00:08:01 fetching corpus: 2152, signal 152500/154393 (executing program) 1970/01/01 00:09:38 starting 2 fuzzer processes 00:09:38 executing program 0: r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0xf2) 00:09:38 executing program 1: futex(&(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0) [ 603.995187][ T2036] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 604.274256][ T2036] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 607.660831][ T2038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 607.855496][ T2038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 620.163438][ T2036] device hsr_slave_0 entered promiscuous mode [ 620.231377][ T2036] device hsr_slave_1 entered promiscuous mode [ 623.155221][ T2038] device hsr_slave_0 entered promiscuous mode [ 623.202776][ T2038] device hsr_slave_1 entered promiscuous mode [ 623.217325][ T2038] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 623.221977][ T2038] Cannot create hsr debugfs directory [ 629.448813][ T2036] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 629.852208][ T2036] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 630.112919][ T2036] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 630.339555][ T2036] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 631.280543][ T2038] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 631.508949][ T2038] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 631.722135][ T2038] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 631.864503][ T2038] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 640.942390][ T2036] 8021q: adding VLAN 0 to HW filter on device bond0 [ 641.732102][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 641.813374][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 643.793554][ T2038] 8021q: adding VLAN 0 to HW filter on device bond0 [ 644.092869][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 644.139155][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 649.092896][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 649.141895][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 649.724811][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 649.759964][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 649.784964][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 649.995474][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 650.567836][ T2088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 650.602129][ T2088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 650.863555][ T2088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 650.903779][ T2088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 650.932586][ T2088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 650.963193][ T2088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 651.462342][ T2036] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 651.669833][ T2036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 652.002033][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 652.080662][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 652.109111][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 652.139610][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 653.410654][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 653.423788][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 653.440745][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 653.470555][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 653.871410][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 653.913719][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 654.173553][ T2038] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 655.160895][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 655.203688][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 674.893363][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 674.963478][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 675.249768][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 675.280557][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 678.681726][ T2671] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 678.689495][ T2671] CPU: 0 PID: 2671 Comm: kworker/0:0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 678.692519][ T2671] Hardware name: riscv-virtio,qemu (DT) [ 678.693927][ T2671] Workqueue: mld mld_dad_work [ 678.695736][ T2671] Call Trace: [ 678.697146][ T2671] [] dump_backtrace+0x2e/0x3c [ 678.698564][ T2671] [] show_stack+0x34/0x40 [ 678.699782][ T2671] [] dump_stack_lvl+0xe4/0x150 [ 678.701187][ T2671] [] dump_stack+0x1c/0x24 [ 678.702510][ T2671] [] panic+0x24a/0x634 [ 678.703715][ T2671] [] schedule+0x0/0x14c [ 678.705053][ T2671] [] preempt_schedule_notrace+0x9c/0x19a [ 678.707520][ T2671] [] lock_release+0x3da/0x614 [ 678.709454][ T2671] [] fs_reclaim_release+0x70/0xa2 [ 678.710825][ T2671] [] prepare_alloc_pages+0xe6/0x256 [ 678.712161][ T2671] [] __alloc_pages+0x100/0x3b6 [ 678.713459][ T2671] [] alloc_pages+0x132/0x2a6 [ 678.714839][ T2671] [] alloc_slab_page.constprop.0+0xc2/0xfa [ 678.716903][ T2671] [] new_slab+0x76/0x2cc [ 678.718142][ T2671] [] ___slab_alloc+0x56e/0x918 [ 678.719426][ T2671] [] __slab_alloc.constprop.0+0x50/0x8c [ 678.720770][ T2671] [] kmem_cache_alloc_node+0x1f2/0x41c [ 678.722061][ T2671] [] __alloc_skb+0x234/0x2e4 [ 678.723441][ T2671] [] alloc_skb_with_frags+0x78/0x30c [ 678.725345][ T2671] [] sock_alloc_send_pskb+0x536/0x558 [ 678.728490][ T2671] [] sock_alloc_send_skb+0x30/0x40 [ 678.729956][ T2671] [] mld_newpack+0x14c/0x582 [ 678.731307][ T2671] [] add_grhead+0x140/0x148 [ 678.732615][ T2671] [] add_grec+0xba2/0xe34 [ 678.733942][ T2671] [] mld_send_initial_cr.part.0+0xdc/0x222 [ 678.735386][ T2671] [] mld_dad_work+0x144/0x464 [ 678.737353][ T2671] [] process_one_work+0x654/0xffe [ 678.738824][ T2671] [] worker_thread+0x360/0x8fa [ 678.740159][ T2671] [] kthread+0x19e/0x1fa [ 678.741538][ T2671] [] ret_from_exception+0x0/0x10 [ 678.743258][ T2671] SMP: stopping secondary CPUs [ 678.746334][ T2671] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:58:16 Registers: info registers vcpu 0 pc ffffffff8011edb6 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8047599e sepc ffffffff8010b26a mcause 8000000000000007 scause 8000000000000009 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8011eda6 x2/sp ffffaf800c0dea00 x3/gp ffffffff85863ac0 x4/tp ffffaf801e96c8c0 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0d796ca x7/t2 0000000000000000 x8/s0 ffffaf800c0debe0 x9/s1 0000000000000000 x10/a0 0000000000000072 x11/a1 00000000000f0000 x12/a2 0000000000000002 x13/a3 ffffffff8011c8a6 x14/a4 32ade5fb3e53fa00 x15/a5 0000000000000020 x16/a6 ffffffff86bcb6b2 x17/a7 ffffffff86bcb656 x18/s2 0000000000000072 x19/s3 000000000000000f x20/s4 ffffaf800c0deb60 x21/s5 ffffaf800c0dea80 x22/s6 ffffffff8588c1a0 x23/s7 ffffffff8588c3e0 x24/s8 ffffffff8588c220 x25/s9 ffffffff84a88520 x26/s10 ffffffff858655c0 x27/s11 ffffaf800c0deb60 x28/t3 0000000000000043 x29/t4 fffffffef0d796c8 x30/t5 fffffffef0d796cb x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 40a069a954a01d75 f2/ft2 415da6bc00000000 f3/ft3 43e0000000000000 f4/ft4 3ffe000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff802372a2 mhartid 0000000000000001 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 0000000000215988 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80112380 x2/sp ffffaf800f057620 x3/gp ffffffff85863ac0 x4/tp ffffaf800f616100 x5/t0 ffffaf800f057a80 x6/t1 32ade5fb3e53fa00 x7/t2 ffffffff94096181 x8/s0 ffffaf800f057780 x9/s1 0000000000000002 x10/a0 ffffaf800f616bb8 x11/a1 0000000000000003 x12/a2 1ffff5f001ec2c24 x13/a3 ffffffff801126e6 x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 ffffffff866c9998 x17/a7 ffffffff80b09f2c x18/s2 ffffffff858c4d48 x19/s3 0000000000000002 x20/s4 ffffaf800f617100 x21/s5 ffffaf800f616b18 x22/s6 ffffffff85889780 x23/s7 0000000000001fff x24/s8 ffffaf800f616bc0 x25/s9 0000000000000000 x26/s10 ffffffff96c553f6 x27/s11 ffffaf800f616100 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001e0aed4 x31/t6 ffffaf800d750026 f0/ft0 0000000000000000 f1/ft1 40a5e9750c186044 f2/ft2 4163cb0800000000 f3/ft3 403a000000000000 f4/ft4 410708c000000000 f5/ft5 40362b803473f7ad f6/ft6 3fe0000000000000 f7/ft7 3faab503d5ba7688 f8/fs0 3ff01c0382248eae f9/fs1 3f83ca2fe9a780a0 f10/fa0 3fa5b9ce50a21ef8 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000