syzkaller login: [ 267.692949][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 267.717652][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 267.738684][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 286.665086][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:34846' (ECDSA) to the list of known hosts. 1970/01/01 00:05:17 fuzzer started 1970/01/01 00:05:29 dialing manager at localhost:35775 [ 335.222290][ T2032] cgroup: Unknown subsys name 'net' [ 336.176574][ T2032] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:35 syscalls: 2853 1970/01/01 00:05:35 code coverage: enabled 1970/01/01 00:05:35 comparison tracing: enabled 1970/01/01 00:05:35 extra coverage: enabled 1970/01/01 00:05:35 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:35 setuid sandbox: enabled 1970/01/01 00:05:35 namespace sandbox: enabled 1970/01/01 00:05:35 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:35 fault injection: enabled 1970/01/01 00:05:35 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:35 net packet injection: enabled 1970/01/01 00:05:35 net device setup: enabled 1970/01/01 00:05:35 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:35 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:35 USB emulation: enabled 1970/01/01 00:05:35 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:35 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:35 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:36 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:05:42 fetching corpus: 49, signal 33807/37476 (executing program) 1970/01/01 00:05:47 fetching corpus: 99, signal 48185/53484 (executing program) 1970/01/01 00:05:51 fetching corpus: 148, signal 58255/65168 (executing program) 1970/01/01 00:05:55 fetching corpus: 198, signal 68740/77086 (executing program) 1970/01/01 00:05:57 fetching corpus: 248, signal 81141/90738 (executing program) 1970/01/01 00:06:00 fetching corpus: 298, signal 88967/99926 (executing program) 1970/01/01 00:06:01 fetching corpus: 348, signal 93658/105956 (executing program) 1970/01/01 00:06:06 fetching corpus: 398, signal 100781/114300 (executing program) 1970/01/01 00:06:12 fetching corpus: 448, signal 107529/122262 (executing program) 1970/01/01 00:06:14 fetching corpus: 498, signal 111035/127066 (executing program) 1970/01/01 00:06:17 fetching corpus: 548, signal 118238/135339 (executing program) 1970/01/01 00:06:19 fetching corpus: 598, signal 121087/139431 (executing program) 1970/01/01 00:06:21 fetching corpus: 648, signal 122787/142406 (executing program) 1970/01/01 00:06:23 fetching corpus: 698, signal 127334/148035 (executing program) 1970/01/01 00:06:26 fetching corpus: 748, signal 131995/153720 (executing program) 1970/01/01 00:06:28 fetching corpus: 798, signal 134794/157662 (executing program) 1970/01/01 00:06:31 fetching corpus: 848, signal 137692/161651 (executing program) [ 392.544634][ T2022] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1460 [ 392.546114][ T2022] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 2022, name: sshd [ 392.547155][ T2022] preempt_count: 0, expected: 0 [ 392.548004][ T2022] RCU nest depth: 0, expected: 0 [ 392.549101][ T2022] no locks held by sshd/2022. [ 392.552574][ T2022] irq event stamp: 225594 [ 392.553774][ T2022] hardirqs last enabled at (225593): [] __local_bh_enable_ip+0x1ac/0x2a4 [ 392.555431][ T2022] hardirqs last disabled at (225594): [] __trace_hardirqs_off+0x18/0x20 [ 392.556628][ T2022] softirqs last enabled at (225592): [] release_sock+0xf6/0x122 [ 392.558135][ T2022] softirqs last disabled at (225590): [] release_sock+0x2a/0x122 [ 392.559797][ T2022] CPU: 1 PID: 2022 Comm: sshd Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 392.562533][ T2022] Hardware name: riscv-virtio,qemu (DT) [ 392.564529][ T2022] Call Trace: [ 392.565321][ T2022] [] dump_backtrace+0x2e/0x3c [ 392.566275][ T2022] [] show_stack+0x34/0x40 [ 392.567173][ T2022] [] dump_stack_lvl+0xe4/0x150 [ 392.568153][ T2022] [] dump_stack+0x1c/0x24 [ 392.569247][ T2022] [] __might_resched+0x30a/0x342 [ 392.571389][ T2022] [] __might_sleep+0x5e/0x8e [ 392.573182][ T2022] [] down_read+0x24/0x54 [ 392.575008][ T2022] [] do_page_fault+0x24e/0xa3c [ 392.576338][ T2022] [] ret_from_exception+0x0/0x10 [ 392.613816][ T2031] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 392.616817][ T2031] CPU: 0 PID: 2031 Comm: syz-fuzzer Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 392.618320][ T2031] Hardware name: riscv-virtio,qemu (DT) [ 392.619199][ T2031] Call Trace: [ 392.619906][ T2031] [] dump_backtrace+0x2e/0x3c [ 392.623269][ T2031] [] show_stack+0x34/0x40 [ 392.624635][ T2031] [] dump_stack_lvl+0xe4/0x150 [ 392.625897][ T2031] [] dump_stack+0x1c/0x24 [ 392.627080][ T2031] [] panic+0x24a/0x634 [ 392.628188][ T2031] [] schedule+0x0/0x14c [ 392.629408][ T2031] [] preempt_schedule_common+0x4e/0xde [ 392.631460][ T2031] [] preempt_schedule+0x34/0x36 [ 392.633382][ T2031] [] __local_bh_enable_ip+0x29e/0x2a4 [ 392.634713][ T2031] [] ip_finish_output2+0x57c/0x1720 [ 392.635953][ T2031] [] __ip_finish_output+0x25a/0x3ee [ 392.637273][ T2031] [] ip_finish_output+0x3e/0x176 [ 392.638541][ T2031] [] ip_output+0x1d0/0x2d0 [ 392.639685][ T2031] [] __ip_queue_xmit+0x4a0/0xeb2 [ 392.641558][ T2031] [] ip_queue_xmit+0x36/0x44 [ 392.643279][ T2031] [] __tcp_transmit_skb+0xce4/0x1f5e [ 392.644664][ T2031] [] tcp_write_xmit+0xd40/0x3344 [ 392.645951][ T2031] [] __tcp_push_pending_frames+0x7a/0x22c [ 392.647361][ T2031] [] tcp_push+0x19c/0x3b4 [ 392.648609][ T2031] [] tcp_sendmsg_locked+0x5fc/0x1d9e [ 392.651796][ T2031] [] tcp_sendmsg+0x32/0x4e [ 392.653663][ T2031] [] inet_sendmsg+0x74/0x94 [ 392.654951][ T2031] [] sock_sendmsg+0xa0/0xc4 [ 392.656523][ T2031] [] sock_write_iter+0x1c0/0x272 [ 392.657809][ T2031] [] new_sync_write+0x296/0x3aa [ 392.659335][ T2031] [] vfs_write+0x2de/0x334 [ 392.661240][ T2031] [] ksys_write+0x1c4/0x224 [ 392.662511][ T2031] [] sys_write+0x28/0x36 [ 392.663789][ T2031] [] ret_from_syscall+0x0/0x2 [ 392.665260][ T2031] SMP: stopping secondary CPUs [ 392.667781][ T2031] Rebooting in 86400 seconds.. VM DIAGNOSIS: 09:35:30 Registers: info registers vcpu 0 pc ffffffff8010f1ba mhartid 0000000000000000 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff80475af4 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80115b96 x2/sp ffffaf80101fce90 x3/gp ffffffff85863ac0 x4/tp ffffaf800e698000 x5/t0 ffffaf800e84bae8 x6/t1 82ce4196dfab7b00 x7/t2 ffffaf807a8feb40 x8/s0 ffffaf80101fce90 x9/s1 ffffffff86c1a620 x10/a0 ffffaf800e698008 x11/a1 ffffaf800e698000 x12/a2 1ffff5f001cd3001 x13/a3 ffffffff8023782c x14/a4 ffffaf800e698000 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff80b09f2c x18/s2 ffffaf805a9d43e8 x19/s3 ffffffff831afd54 x20/s4 ffffffff86c1a620 x21/s5 0000000000000000 x22/s6 0000000000000505 x23/s7 0000000000000122 x24/s8 0000000000000003 x25/s9 0000000000000100 x26/s10 ffffffff86e23ca0 x27/s11 0000000000000001 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f00203f980 x31/t6 ffffaf800e84bac0 f0/ft0 0000000000000000 f1/ft1 406f23404d2cd39a f2/ft2 411edb8000000000 f3/ft3 403a000000000000 f4/ft4 4123d40200000000 f5/ft5 403949101eac381d f6/ft6 3fe219a5bdfb266d f7/ft7 3fb73394563f99d0 f8/fs0 3febc59f37fa2e38 f9/fs1 3f89c1d7ba9004c0 f10/fa0 3fb4684065890a50 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80dc15ca mhartid 0000000000000001 mstatus 0000000000080080 mip 0000000000000080 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 00007fffb03677e0 mcause 0000000000000009 scause 000000000000000d mtval 0000000000000000 stval 0000000041b584e3 x0/zero 0000000000000000 x1/ra ffffffff80dc15ca x2/sp ffffaf80101fb830 x3/gp ffffffff85863ac0 x4/tp ffffaf800eb40000 x5/t0 ffffffff86bcb657 x6/t1 82ce4196dfab7b00 x7/t2 0000000000000000 x8/s0 ffffaf80101fb850 x9/s1 ffffffff86e58900 x10/a0 ffff8f800066c001 x11/a1 0000000000000007 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc15ca x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc9fe x18/s2 0000000000000001 x19/s3 ffffaf80101fb940 x20/s4 ffffffff86e58900 x21/s5 0000000000000000 x22/s6 ffffffff86e58950 x23/s7 ffffffff8588c3e0 x24/s8 ffffffff8588c220 x25/s9 ffffffff84a88520 x26/s10 ffffffff858655c0 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f00203f6b4 x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000