syzkaller login: [ 268.102123][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 276.370285][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 276.456431][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 276.508267][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:61980' (ECDSA) to the list of known hosts. 1970/01/01 00:06:24 fuzzer started 1970/01/01 00:06:36 dialing manager at localhost:45165 [ 402.543755][ T2026] cgroup: Unknown subsys name 'net' [ 403.648037][ T2026] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:43 syscalls: 2918 1970/01/01 00:06:43 code coverage: enabled 1970/01/01 00:06:43 comparison tracing: enabled 1970/01/01 00:06:43 extra coverage: ioctl(KCOV_DISABLE) failed: invalid argument 1970/01/01 00:06:43 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:43 setuid sandbox: enabled 1970/01/01 00:06:43 namespace sandbox: enabled 1970/01/01 00:06:43 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:43 fault injection: enabled 1970/01/01 00:06:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:43 net packet injection: enabled 1970/01/01 00:06:43 net device setup: enabled 1970/01/01 00:06:43 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:43 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:43 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:43 USB emulation: enabled 1970/01/01 00:06:43 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:43 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:43 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:43 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:48 fetching corpus: 50, signal 33537/36853 (executing program) 1970/01/01 00:06:52 fetching corpus: 100, signal 49712/54172 (executing program) 1970/01/01 00:06:56 fetching corpus: 150, signal 56518/62173 (executing program) 1970/01/01 00:06:58 fetching corpus: 200, signal 62966/69773 (executing program) 1970/01/01 00:07:01 fetching corpus: 249, signal 67479/75355 (executing program) 1970/01/01 00:07:03 fetching corpus: 297, signal 73740/82476 (executing program) 1970/01/01 00:07:06 fetching corpus: 346, signal 78402/88002 (executing program) 1970/01/01 00:07:10 fetching corpus: 396, signal 82345/92813 (executing program) 1970/01/01 00:07:11 fetching corpus: 446, signal 85242/96620 (executing program) 1970/01/01 00:07:14 fetching corpus: 495, signal 87566/99811 (executing program) 1970/01/01 00:07:16 fetching corpus: 544, signal 90377/103438 (executing program) 1970/01/01 00:07:20 fetching corpus: 593, signal 92975/106809 (executing program) 1970/01/01 00:07:22 fetching corpus: 643, signal 95765/110265 (executing program) 1970/01/01 00:07:25 fetching corpus: 693, signal 97486/112779 (executing program) 1970/01/01 00:07:27 fetching corpus: 743, signal 99826/115734 (executing program) 1970/01/01 00:07:29 fetching corpus: 791, signal 103960/120170 (executing program) 1970/01/01 00:07:31 fetching corpus: 840, signal 106025/122875 (executing program) 1970/01/01 00:07:35 fetching corpus: 890, signal 108024/125446 (executing program) 1970/01/01 00:07:38 fetching corpus: 939, signal 109641/127645 (executing program) 1970/01/01 00:07:41 fetching corpus: 989, signal 111404/130006 (executing program) 1970/01/01 00:07:45 fetching corpus: 1039, signal 113425/132437 (executing program) 1970/01/01 00:07:48 fetching corpus: 1088, signal 115426/134901 (executing program) 1970/01/01 00:07:49 fetching corpus: 1138, signal 117497/137318 (executing program) 1970/01/01 00:07:52 fetching corpus: 1188, signal 119446/139614 (executing program) 1970/01/01 00:07:55 fetching corpus: 1237, signal 122129/142422 (executing program) 1970/01/01 00:07:58 fetching corpus: 1286, signal 123848/144504 (executing program) 1970/01/01 00:08:03 fetching corpus: 1336, signal 126486/147203 (executing program) 1970/01/01 00:08:06 fetching corpus: 1384, signal 128157/149143 (executing program) 1970/01/01 00:08:09 fetching corpus: 1433, signal 129929/151062 (executing program) 1970/01/01 00:08:11 fetching corpus: 1482, signal 131089/152558 (executing program) 1970/01/01 00:08:14 fetching corpus: 1532, signal 133283/154706 (executing program) 1970/01/01 00:08:16 fetching corpus: 1581, signal 135157/156626 (executing program) 1970/01/01 00:08:18 fetching corpus: 1630, signal 136215/158039 (executing program) 1970/01/01 00:08:20 fetching corpus: 1678, signal 137226/159290 (executing program) 1970/01/01 00:08:23 fetching corpus: 1728, signal 138646/160814 (executing program) 1970/01/01 00:08:26 fetching corpus: 1777, signal 140047/162266 (executing program) 1970/01/01 00:08:28 fetching corpus: 1827, signal 141384/163631 (executing program) 1970/01/01 00:08:30 fetching corpus: 1876, signal 142347/164808 (executing program) 1970/01/01 00:08:33 fetching corpus: 1926, signal 143393/166011 (executing program) 1970/01/01 00:08:35 fetching corpus: 1975, signal 145116/167598 (executing program) 1970/01/01 00:08:37 fetching corpus: 2025, signal 146106/168730 (executing program) 1970/01/01 00:08:39 fetching corpus: 2075, signal 147045/169857 (executing program) 1970/01/01 00:08:41 fetching corpus: 2125, signal 147957/170924 (executing program) 1970/01/01 00:08:43 fetching corpus: 2174, signal 149305/172193 (executing program) 1970/01/01 00:08:45 fetching corpus: 2222, signal 150311/173234 (executing program) 1970/01/01 00:08:47 fetching corpus: 2272, signal 151987/174635 (executing program) 1970/01/01 00:08:50 fetching corpus: 2322, signal 154412/176391 (executing program) 1970/01/01 00:08:52 fetching corpus: 2371, signal 155316/177315 (executing program) 1970/01/01 00:08:55 fetching corpus: 2421, signal 156697/178453 (executing program) 1970/01/01 00:08:58 fetching corpus: 2469, signal 157650/179384 (executing program) 1970/01/01 00:09:00 fetching corpus: 2519, signal 158727/180323 (executing program) 1970/01/01 00:09:03 fetching corpus: 2569, signal 159529/181099 (executing program) 1970/01/01 00:09:05 fetching corpus: 2619, signal 160688/182059 (executing program) 1970/01/01 00:09:07 fetching corpus: 2669, signal 161305/182719 (executing program) 1970/01/01 00:09:09 fetching corpus: 2719, signal 162440/183592 (executing program) 1970/01/01 00:09:11 fetching corpus: 2769, signal 163171/184322 (executing program) 1970/01/01 00:09:12 fetching corpus: 2819, signal 163986/185045 (executing program) 1970/01/01 00:09:15 fetching corpus: 2869, signal 164816/185747 (executing program) 1970/01/01 00:09:17 fetching corpus: 2919, signal 165740/186488 (executing program) 1970/01/01 00:09:19 fetching corpus: 2969, signal 166432/187140 (executing program) 1970/01/01 00:09:22 fetching corpus: 3017, signal 167413/187866 (executing program) 1970/01/01 00:09:25 fetching corpus: 3067, signal 168112/188469 (executing program) 1970/01/01 00:09:26 fetching corpus: 3117, signal 170331/189549 (executing program) 1970/01/01 00:09:29 fetching corpus: 3166, signal 171091/190127 (executing program) 1970/01/01 00:09:32 fetching corpus: 3215, signal 171894/190699 (executing program) 1970/01/01 00:09:34 fetching corpus: 3265, signal 172791/191272 (executing program) 1970/01/01 00:09:37 fetching corpus: 3314, signal 173826/191871 (executing program) 1970/01/01 00:09:39 fetching corpus: 3364, signal 174366/192297 (executing program) 1970/01/01 00:09:41 fetching corpus: 3413, signal 175180/192816 (executing program) 1970/01/01 00:09:45 fetching corpus: 3463, signal 176135/193375 (executing program) 1970/01/01 00:09:48 fetching corpus: 3512, signal 177148/193947 (executing program) 1970/01/01 00:09:50 fetching corpus: 3561, signal 177799/194382 (executing program) 1970/01/01 00:09:52 fetching corpus: 3611, signal 178378/194771 (executing program) 1970/01/01 00:09:55 fetching corpus: 3661, signal 179052/195177 (executing program) 1970/01/01 00:09:57 fetching corpus: 3710, signal 179795/195601 (executing program) 1970/01/01 00:09:59 fetching corpus: 3760, signal 180721/196030 (executing program) 1970/01/01 00:10:02 fetching corpus: 3810, signal 181217/196361 (executing program) 1970/01/01 00:10:04 fetching corpus: 3860, signal 182490/196894 (executing program) 1970/01/01 00:10:06 fetching corpus: 3909, signal 183096/197217 (executing program) 1970/01/01 00:10:10 fetching corpus: 3959, signal 183851/197597 (executing program) 1970/01/01 00:10:13 fetching corpus: 4008, signal 184717/197971 (executing program) 1970/01/01 00:10:16 fetching corpus: 4057, signal 185325/198255 (executing program) 1970/01/01 00:10:20 fetching corpus: 4106, signal 186001/198503 (executing program) 1970/01/01 00:10:22 fetching corpus: 4156, signal 186782/198792 (executing program) 1970/01/01 00:10:24 fetching corpus: 4206, signal 187294/198993 (executing program) 1970/01/01 00:10:26 fetching corpus: 4255, signal 187979/199245 (executing program) 1970/01/01 00:10:29 fetching corpus: 4304, signal 188452/199408 (executing program) 1970/01/01 00:10:31 fetching corpus: 4354, signal 189414/199622 (executing program) 1970/01/01 00:10:33 fetching corpus: 4403, signal 189970/199821 (executing program) 1970/01/01 00:10:35 fetching corpus: 4452, signal 190561/200011 (executing program) 1970/01/01 00:10:36 fetching corpus: 4502, signal 191037/200159 (executing program) 1970/01/01 00:10:39 fetching corpus: 4552, signal 191678/200292 (executing program) 1970/01/01 00:10:42 fetching corpus: 4601, signal 192315/200432 (executing program) 1970/01/01 00:10:44 fetching corpus: 4650, signal 193273/200584 (executing program) 1970/01/01 00:10:46 fetching corpus: 4698, signal 193847/200691 (executing program) 1970/01/01 00:10:49 fetching corpus: 4748, signal 194611/200784 (executing program) 1970/01/01 00:10:51 fetching corpus: 4798, signal 195306/200865 (executing program) 1970/01/01 00:10:54 fetching corpus: 4848, signal 196261/200933 (executing program) 1970/01/01 00:10:56 fetching corpus: 4896, signal 196767/200981 (executing program) 1970/01/01 00:10:59 fetching corpus: 4945, signal 197246/201006 (executing program) 1970/01/01 00:11:00 fetching corpus: 4995, signal 197804/201020 (executing program) 1970/01/01 00:11:02 fetching corpus: 5034, signal 198207/201020 (executing program) 1970/01/01 00:11:02 fetching corpus: 5034, signal 198207/201025 (executing program) 1970/01/01 00:11:02 fetching corpus: 5034, signal 198207/201025 (executing program) 1970/01/01 00:12:46 starting 2 fuzzer processes 00:12:46 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040), 0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) write(r1, &(0x7f0000000280)="00271f2ca9ecb2ea72055611cce7b580b64cc995c3c7e0268e38a6e01a28dfe4359c9f5c8e15e0c6d48aedab492b2e10f327ce8a47b1c8f7954db83e39f474c8735e89b120f06453d6ae4263c865c197bf739780af82ca6af73a39710c3061fc168a7371c7278ff3eca87e567b06aafafbc510122d04a798b1a90489954ce0123be6006c45352957bbef314ef848f96925c71bbe73ed7a7d77a2fbfe4d87703ed6520683be00"/181, 0xfffffc90) ioctl$FIBMAP(r1, 0x1, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000002300)) sendmmsg$inet6(r0, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000100)="ae", 0x1}], 0x1}}], 0x1, 0x40) 00:12:46 executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x8008af00, &(0x7f0000000100)) [ 799.245199][ T2045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 799.352079][ T2045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 802.300650][ T2049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 802.389171][ T2049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 810.736999][ T2045] device hsr_slave_0 entered promiscuous mode [ 810.798176][ T2045] device hsr_slave_1 entered promiscuous mode [ 813.123223][ T2045] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 813.127883][ T2045] CPU: 0 PID: 2045 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 813.129742][ T2045] Hardware name: riscv-virtio,qemu (DT) [ 813.131548][ T2045] Call Trace: [ 813.132604][ T2045] [] dump_backtrace+0x2e/0x3c [ 813.133803][ T2045] [] show_stack+0x34/0x40 [ 813.134893][ T2045] [] dump_stack_lvl+0xe4/0x150 [ 813.135900][ T2045] [] dump_stack+0x1c/0x24 [ 813.136811][ T2045] [] panic+0x24a/0x634 [ 813.137623][ T2045] [] schedule+0x0/0x14c [ 813.138464][ T2045] [] preempt_schedule_notrace+0x9c/0x19a [ 813.139424][ T2045] [] lock_release+0x3da/0x614 [ 813.140301][ T2045] [] fs_reclaim_acquire+0x8a/0xda [ 813.141189][ T2045] [] kmem_cache_alloc+0x4e/0x3de [ 813.142117][ T2045] [] __kernfs_new_node+0xfc/0x5f2 [ 813.143017][ T2045] [] kernfs_new_node+0x66/0xbe [ 813.143940][ T2045] [] __kernfs_create_file+0x4e/0x1e8 [ 813.145163][ T2045] [] sysfs_add_file_mode_ns+0x138/0x254 [ 813.146153][ T2045] [] internal_create_group+0x274/0x722 [ 813.147071][ T2045] [] internal_create_groups.part.0+0x64/0xe8 [ 813.148095][ T2045] [] sysfs_create_groups+0x2c/0x48 [ 813.149039][ T2045] [] device_add+0x656/0x129e [ 813.150002][ T2045] [] netdev_register_kobject+0xcc/0x208 [ 813.151045][ T2045] [] register_netdevice+0x8ee/0xc6a [ 813.152123][ T2045] [] veth_newlink+0x30e/0x7dc [ 813.153229][ T2045] [] __rtnl_newlink+0xc16/0xfa0 [ 813.154338][ T2045] [] rtnl_newlink+0x60/0x8c [ 813.155638][ T2045] [] rtnetlink_rcv_msg+0x338/0x9a0 [ 813.156692][ T2045] [] netlink_rcv_skb+0xf8/0x2be [ 813.157560][ T2045] [] rtnetlink_rcv+0x26/0x30 [ 813.158600][ T2045] [] netlink_unicast+0x40e/0x5fe [ 813.159599][ T2045] [] netlink_sendmsg+0x4e0/0x994 [ 813.160407][ T2045] [] sock_sendmsg+0xa0/0xc4 [ 813.161335][ T2045] [] __sys_sendto+0x1f2/0x2e0 [ 813.162307][ T2045] [] sys_sendto+0x3e/0x52 [ 813.163266][ T2045] [] ret_from_syscall+0x0/0x2 [ 813.164979][ T2045] SMP: stopping secondary CPUs [ 813.167522][ T2045] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:02:13 Registers: info registers vcpu 0 pc ffffffff8011edb6 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475b58 sepc ffffffff831a24bc mcause 8000000000000007 scause 8000000000000009 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8011eda6 x2/sp ffffaf800cb31f10 x3/gp ffffffff85863ac0 x4/tp ffffaf800cd148c0 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0d796ca x7/t2 0000000000000000 x8/s0 ffffaf800cb320f0 x9/s1 0000000000000000 x10/a0 000000000000003d x11/a1 00000000000f0000 x12/a2 0000000000000002 x13/a3 ffffffff8011c8a6 x14/a4 ae74796e48d38100 x15/a5 0000000000000020 x16/a6 ffffffff86bcb67d x17/a7 ffffffff86bcb656 x18/s2 000000000000003d x19/s3 000000000000000f x20/s4 ffffaf800cb32080 x21/s5 ffffaf800cb31fa0 x22/s6 ffffffff8588c1a0 x23/s7 ffffffff8588c3e0 x24/s8 ffffffff8588c220 x25/s9 ffffffff84a88520 x26/s10 ffffffff858655c0 x27/s11 ffffaf800cb32080 x28/t3 0000000000000048 x29/t4 fffffffef0d796c8 x30/t5 fffffffef0d796cb x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff831a6914 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 00007fff81504d94 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a15ba x2/sp ffffaf8007fcf960 x3/gp ffffffff85863ac0 x4/tp ffffaf800bafc8c0 x5/t0 0000000000000001 x6/t1 ae74796e48d38100 x7/t2 ade6a36e0a44de49 x8/s0 ffffaf8007fcf9f0 x9/s1 0000000000000000 x10/a0 0000000000000000 x11/a1 00000000000f0000 x12/a2 1ffffffff0d834c5 x13/a3 ffffffff802372d0 x14/a4 0000000000000003 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff800bda98 x18/s2 ffffaf805a9f03e8 x19/s3 0000000000000022 x20/s4 ffffffff85889780 x21/s5 ffffffff84b85c40 x22/s6 ffffaf8007fcfae0 x23/s7 0000000000000000 x24/s8 00000000000a3c79 x25/s9 ffffffff8588a420 x26/s10 ffffaf8007fcfd60 x27/s11 ffffffffffffffea x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f000ff9ec8 x31/t6 ffffaf800ba348c0 f0/ft0 0000000000000000 f1/ft1 40814d0f9ea402d4 f2/ft2 413dd1b800000000 f3/ft3 41484d1800000000 f4/ft4 411b4e7400000000 f5/ft5 40391663f6fac913 f6/ft6 3fe0000000000000 f7/ft7 3fc3990e6f2e19c4 f8/fs0 3ff2f1a25f0497c5 f9/fs1 3fd12fc3f3af6562 f10/fa0 bfc51986378aa9a2 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000