syzkaller login: [ 296.890451][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 296.955791][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 329.143181][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:18408' (ECDSA) to the list of known hosts. 1970/01/01 00:05:57 fuzzer started 1970/01/01 00:06:11 dialing manager at localhost:46581 [ 379.253023][ T2038] cgroup: Unknown subsys name 'net' [ 380.537107][ T2038] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:20 syscalls: 2818 1970/01/01 00:06:20 code coverage: enabled 1970/01/01 00:06:20 comparison tracing: enabled 1970/01/01 00:06:20 extra coverage: enabled 1970/01/01 00:06:20 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:20 setuid sandbox: enabled 1970/01/01 00:06:20 namespace sandbox: enabled 1970/01/01 00:06:20 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:20 fault injection: enabled 1970/01/01 00:06:20 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:20 net packet injection: enabled 1970/01/01 00:06:20 net device setup: enabled 1970/01/01 00:06:20 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:20 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:20 USB emulation: enabled 1970/01/01 00:06:20 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:20 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:20 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:20 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:29 fetching corpus: 50, signal 36266/39574 (executing program) 1970/01/01 00:06:31 fetching corpus: 99, signal 45499/50154 (executing program) 1970/01/01 00:06:35 fetching corpus: 149, signal 52684/58603 (executing program) 1970/01/01 00:06:38 fetching corpus: 198, signal 60135/67206 (executing program) 1970/01/01 00:06:41 fetching corpus: 247, signal 64956/73193 (executing program) 1970/01/01 00:06:44 fetching corpus: 297, signal 70885/80082 (executing program) 1970/01/01 00:06:47 fetching corpus: 347, signal 74791/85011 (executing program) 1970/01/01 00:06:49 fetching corpus: 396, signal 78161/89357 (executing program) 1970/01/01 00:06:52 fetching corpus: 446, signal 83323/95291 (executing program) 1970/01/01 00:06:55 fetching corpus: 495, signal 86387/99276 (executing program) 1970/01/01 00:06:58 fetching corpus: 545, signal 88286/102168 (executing program) 1970/01/01 00:07:01 fetching corpus: 595, signal 92254/106762 (executing program) 1970/01/01 00:07:04 fetching corpus: 645, signal 95180/110425 (executing program) 1970/01/01 00:07:08 fetching corpus: 695, signal 99147/114915 (executing program) 1970/01/01 00:07:11 fetching corpus: 745, signal 102049/118478 (executing program) 1970/01/01 00:07:14 fetching corpus: 794, signal 105806/122657 (executing program) 1970/01/01 00:07:20 fetching corpus: 844, signal 108128/125576 (executing program) 1970/01/01 00:07:23 fetching corpus: 893, signal 110209/128285 (executing program) 1970/01/01 00:07:27 fetching corpus: 943, signal 112336/130936 (executing program) 1970/01/01 00:07:30 fetching corpus: 992, signal 114134/133269 (executing program) 1970/01/01 00:07:33 fetching corpus: 1042, signal 116758/136281 (executing program) 1970/01/01 00:07:35 fetching corpus: 1092, signal 118088/138203 (executing program) 1970/01/01 00:07:39 fetching corpus: 1142, signal 119788/140426 (executing program) 1970/01/01 00:07:41 fetching corpus: 1191, signal 121720/142806 (executing program) 1970/01/01 00:07:44 fetching corpus: 1241, signal 123223/144809 (executing program) 1970/01/01 00:07:47 fetching corpus: 1291, signal 125375/147285 (executing program) 1970/01/01 00:07:50 fetching corpus: 1340, signal 127125/149323 (executing program) 1970/01/01 00:07:53 fetching corpus: 1390, signal 129735/152005 (executing program) 1970/01/01 00:07:56 fetching corpus: 1440, signal 130995/153698 (executing program) 1970/01/01 00:08:00 fetching corpus: 1488, signal 132697/155663 (executing program) 1970/01/01 00:08:03 fetching corpus: 1538, signal 134023/157310 (executing program) 1970/01/01 00:08:06 fetching corpus: 1588, signal 135220/158894 (executing program) 1970/01/01 00:08:10 fetching corpus: 1638, signal 136562/160506 (executing program) 1970/01/01 00:08:12 fetching corpus: 1688, signal 137818/162005 (executing program) 1970/01/01 00:08:15 fetching corpus: 1738, signal 139157/163577 (executing program) 1970/01/01 00:08:17 fetching corpus: 1788, signal 141369/165667 (executing program) 1970/01/01 00:08:20 fetching corpus: 1836, signal 142299/166938 (executing program) 1970/01/01 00:08:24 fetching corpus: 1885, signal 143627/168410 (executing program) 1970/01/01 00:08:27 fetching corpus: 1934, signal 144597/169602 (executing program) 1970/01/01 00:08:30 fetching corpus: 1983, signal 145710/170948 (executing program) 1970/01/01 00:08:32 fetching corpus: 2032, signal 146828/172255 (executing program) 1970/01/01 00:08:34 fetching corpus: 2082, signal 147929/173576 (executing program) 1970/01/01 00:08:38 fetching corpus: 2132, signal 149330/174969 (executing program) 1970/01/01 00:08:41 fetching corpus: 2181, signal 150405/176149 (executing program) 1970/01/01 00:08:43 fetching corpus: 2230, signal 151351/177286 (executing program) 1970/01/01 00:08:47 fetching corpus: 2280, signal 152288/178342 (executing program) 1970/01/01 00:08:49 fetching corpus: 2329, signal 152998/179293 (executing program) 1970/01/01 00:08:52 fetching corpus: 2379, signal 154063/180362 (executing program) 1970/01/01 00:08:55 fetching corpus: 2429, signal 155014/181380 (executing program) 1970/01/01 00:08:57 fetching corpus: 2479, signal 156237/182607 (executing program) 1970/01/01 00:09:01 fetching corpus: 2528, signal 157500/183781 (executing program) 1970/01/01 00:09:03 fetching corpus: 2578, signal 158387/184782 (executing program) 1970/01/01 00:09:05 fetching corpus: 2627, signal 159391/185808 (executing program) 1970/01/01 00:09:10 fetching corpus: 2677, signal 160108/186651 (executing program) 1970/01/01 00:09:13 fetching corpus: 2727, signal 161415/187741 (executing program) 1970/01/01 00:09:16 fetching corpus: 2777, signal 162510/188749 (executing program) 1970/01/01 00:09:20 fetching corpus: 2825, signal 163868/189810 (executing program) 1970/01/01 00:09:23 fetching corpus: 2875, signal 164577/190571 (executing program) 1970/01/01 00:09:25 fetching corpus: 2925, signal 165363/191368 (executing program) 1970/01/01 00:09:28 fetching corpus: 2974, signal 166217/192203 (executing program) 1970/01/01 00:09:32 fetching corpus: 3023, signal 167007/192941 (executing program) 1970/01/01 00:09:34 fetching corpus: 3072, signal 167773/193710 (executing program) 1970/01/01 00:09:36 fetching corpus: 3122, signal 168503/194386 (executing program) 1970/01/01 00:09:40 fetching corpus: 3171, signal 169043/194981 (executing program) 1970/01/01 00:09:42 fetching corpus: 3219, signal 169654/195610 (executing program) 1970/01/01 00:09:45 fetching corpus: 3269, signal 170552/196359 (executing program) 1970/01/01 00:09:48 fetching corpus: 3319, signal 171625/197175 (executing program) 1970/01/01 00:09:51 fetching corpus: 3368, signal 172452/197840 (executing program) 1970/01/01 00:09:53 fetching corpus: 3416, signal 173214/198502 (executing program) 1970/01/01 00:09:56 fetching corpus: 3466, signal 174048/199144 (executing program) 1970/01/01 00:09:59 fetching corpus: 3516, signal 174741/199704 (executing program) 1970/01/01 00:10:01 fetching corpus: 3566, signal 175246/200242 (executing program) 1970/01/01 00:10:05 fetching corpus: 3616, signal 176445/200919 (executing program) 1970/01/01 00:10:08 fetching corpus: 3665, signal 177239/201452 (executing program) 1970/01/01 00:10:11 fetching corpus: 3715, signal 177919/202056 (executing program) 1970/01/01 00:10:15 fetching corpus: 3765, signal 178803/202589 (executing program) 1970/01/01 00:10:20 fetching corpus: 3815, signal 179683/203152 (executing program) 1970/01/01 00:10:23 fetching corpus: 3864, signal 180471/203649 (executing program) 1970/01/01 00:10:26 fetching corpus: 3914, signal 180944/204084 (executing program) 1970/01/01 00:10:28 fetching corpus: 3964, signal 181478/204515 (executing program) 1970/01/01 00:10:31 fetching corpus: 4013, signal 182083/204928 (executing program) 1970/01/01 00:10:34 fetching corpus: 4063, signal 182541/205325 (executing program) 1970/01/01 00:10:35 fetching corpus: 4112, signal 183194/205719 (executing program) 1970/01/01 00:10:38 fetching corpus: 4162, signal 183874/206087 (executing program) 1970/01/01 00:10:41 fetching corpus: 4212, signal 184620/206465 (executing program) 1970/01/01 00:10:44 fetching corpus: 4262, signal 185353/206872 (executing program) 1970/01/01 00:10:46 fetching corpus: 4312, signal 186026/207254 (executing program) 1970/01/01 00:10:50 fetching corpus: 4362, signal 186675/207627 (executing program) 1970/01/01 00:10:53 fetching corpus: 4411, signal 187254/207928 (executing program) 1970/01/01 00:10:55 fetching corpus: 4460, signal 187907/208237 (executing program) 1970/01/01 00:10:58 fetching corpus: 4510, signal 188546/208530 (executing program) 1970/01/01 00:11:01 fetching corpus: 4560, signal 189032/208830 (executing program) 1970/01/01 00:11:04 fetching corpus: 4610, signal 189691/209138 (executing program) 1970/01/01 00:11:06 fetching corpus: 4660, signal 190278/209410 (executing program) 1970/01/01 00:11:10 fetching corpus: 4710, signal 190987/209702 (executing program) 1970/01/01 00:11:13 fetching corpus: 4759, signal 191500/209980 (executing program) 1970/01/01 00:11:16 fetching corpus: 4809, signal 191924/210193 (executing program) 1970/01/01 00:11:18 fetching corpus: 4858, signal 192381/210402 (executing program) 1970/01/01 00:11:20 fetching corpus: 4908, signal 193016/210609 (executing program) 1970/01/01 00:11:25 fetching corpus: 4958, signal 193745/210796 (executing program) 1970/01/01 00:11:27 fetching corpus: 5006, signal 194255/211001 (executing program) 1970/01/01 00:11:30 fetching corpus: 5056, signal 194743/211188 (executing program) 1970/01/01 00:11:32 fetching corpus: 5106, signal 195441/211392 (executing program) 1970/01/01 00:11:35 fetching corpus: 5156, signal 196125/211569 (executing program) 1970/01/01 00:11:39 fetching corpus: 5206, signal 196729/211726 (executing program) 1970/01/01 00:11:42 fetching corpus: 5254, signal 197293/211726 (executing program) 1970/01/01 00:11:44 fetching corpus: 5304, signal 197623/211727 (executing program) 1970/01/01 00:11:46 fetching corpus: 5354, signal 198341/211731 (executing program) 1970/01/01 00:11:49 fetching corpus: 5404, signal 198969/211731 (executing program) 1970/01/01 00:11:53 fetching corpus: 5454, signal 199452/211731 (executing program) 1970/01/01 00:11:56 fetching corpus: 5504, signal 200600/211753 (executing program) 1970/01/01 00:11:58 fetching corpus: 5554, signal 201551/211753 (executing program) 1970/01/01 00:12:00 fetching corpus: 5604, signal 202212/211754 (executing program) 1970/01/01 00:12:02 fetching corpus: 5652, signal 202599/211760 (executing program) 1970/01/01 00:12:05 fetching corpus: 5702, signal 203094/211760 (executing program) 1970/01/01 00:12:08 fetching corpus: 5752, signal 203612/211763 (executing program) 1970/01/01 00:12:11 fetching corpus: 5802, signal 204163/211772 (executing program) 1970/01/01 00:12:14 fetching corpus: 5852, signal 204675/211772 (executing program) 1970/01/01 00:12:16 fetching corpus: 5902, signal 205110/211804 (executing program) 1970/01/01 00:12:19 fetching corpus: 5952, signal 205539/211806 (executing program) 1970/01/01 00:12:22 fetching corpus: 6002, signal 206167/211806 (executing program) 1970/01/01 00:12:26 fetching corpus: 6052, signal 206644/211806 (executing program) 1970/01/01 00:12:28 fetching corpus: 6102, signal 207153/211813 (executing program) 1970/01/01 00:12:31 fetching corpus: 6152, signal 207600/211813 (executing program) 1970/01/01 00:12:35 fetching corpus: 6202, signal 208173/211813 (executing program) 1970/01/01 00:12:38 fetching corpus: 6250, signal 208615/211814 (executing program) 1970/01/01 00:12:40 fetching corpus: 6300, signal 209123/211814 (executing program) 1970/01/01 00:12:42 fetching corpus: 6326, signal 209274/211814 (executing program) 1970/01/01 00:12:42 fetching corpus: 6326, signal 209274/211814 (executing program) 1970/01/01 00:14:51 starting 2 fuzzer processes 00:14:52 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x49, 0x0, 0x0) 00:14:52 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000600)={0xffffffffffffffff}) r1 = dup(r0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'ip6gre0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x15}}) [ 937.473689][ T2052] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 937.633600][ T2052] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 938.677493][ C0] ================================================================== [ 938.681167][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 938.682673][ C0] Read of size 8 at addr ffffaf80103b3c80 by task syz-executor.0/2052 [ 938.683904][ C0] [ 938.686935][ C0] CPU: 0 PID: 2052 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 938.688551][ C0] Hardware name: riscv-virtio,qemu (DT) [ 938.689826][ C0] Call Trace: [ 938.690914][ C0] [] dump_backtrace+0x2e/0x3c [ 938.692960][ C0] [] show_stack+0x34/0x40 [ 938.694320][ C0] [] dump_stack_lvl+0xe4/0x150 [ 938.695790][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 938.697414][ C0] [] kasan_report+0x184/0x1e0 [ 938.698870][ C0] [] __asan_load8+0x6e/0x96 [ 938.700218][ C0] [] walk_stackframe+0x11c/0x260 [ 938.701806][ C0] [] arch_stack_walk+0x2c/0x3c [ 938.703673][ C0] [] stack_trace_save+0xa6/0xd8 [ 938.704875][ C0] [] kasan_save_stack+0x2c/0x58 [ 938.706156][ C0] [] kasan_set_track+0x1a/0x26 [ 938.707403][ C0] [] kasan_set_free_info+0x1e/0x3a [ 938.708618][ C0] [] ____kasan_slab_free+0x15e/0x180 [ 938.710282][ C0] [ 938.711258][ C0] Allocated by task 0: [ 938.712646][ C0] (stack is not available) [ 938.713568][ C0] [ 938.714257][ C0] Last potentially related work creation: [ 938.715254][ C0] ------------[ cut here ]------------ [ 938.716152][ C0] slab index 12416 out of bounds (293) for stack id 07403080 [ 938.720689][ C0] WARNING: CPU: 0 PID: 2052 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 938.722707][ C0] Modules linked in: [ 938.723906][ C0] CPU: 0 PID: 2052 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 938.725418][ C0] Hardware name: riscv-virtio,qemu (DT) [ 938.726346][ C0] epc : stack_depot_print+0x66/0x70 [ 938.727548][ C0] ra : stack_depot_print+0x66/0x70 [ 938.728851][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf80103b3b40 [ 938.730184][ C0] gp : ffffffff85863ac0 tp : ffffaf8007403080 t0 : ffffffff86bcb657 [ 938.732305][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf80103b3b50 [ 938.733670][ C0] s1 : ffffaf807aad9a58 a0 : 000000000000003a a1 : 00000000000f0000 [ 938.734850][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : 85ac633a7ecac400 [ 938.736001][ C0] a5 : 85ac633a7ecac400 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 938.737178][ C0] s2 : ffffaf80103b3c80 s3 : ffffaf80072ed280 s4 : ffffaf80103b3bc8 [ 938.738331][ C0] s5 : ffffaf80103b3c70 s6 : 0000000000003fff s7 : ffffaf80103b3c20 [ 938.739601][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf80103b3d00 [ 938.740732][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 938.742753][ C0] t5 : fffff5ef0b53910d t6 : ffffaf80103b3638 [ 938.743779][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 938.745068][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 938.746613][ C0] [] kasan_report+0x184/0x1e0 [ 938.747874][ C0] [] __asan_load8+0x6e/0x96 [ 938.749010][ C0] [] walk_stackframe+0x11c/0x260 [ 938.750238][ C0] [] arch_stack_walk+0x2c/0x3c [ 938.752046][ C0] [] stack_trace_save+0xa6/0xd8 [ 938.753438][ C0] [] kasan_save_stack+0x2c/0x58 [ 938.754704][ C0] [] kasan_set_track+0x1a/0x26 [ 938.755969][ C0] [] kasan_set_free_info+0x1e/0x3a [ 938.757155][ C0] [] ____kasan_slab_free+0x15e/0x180 [ 938.758615][ C0] irq event stamp: 50309 [ 938.759426][ C0] hardirqs last enabled at (50308): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 938.761023][ C0] hardirqs last disabled at (50309): [] _raw_spin_lock_irqsave+0x60/0x62 [ 938.762646][ C0] softirqs last enabled at (50176): [] __do_softirq+0x618/0x8fc [ 938.764072][ C0] softirqs last disabled at (50181): [] __irq_exit_rcu+0x142/0x1f8 [ 938.765584][ C0] ---[ end trace 0000000000000000 ]--- [ 938.766915][ C0] [ 938.767587][ C0] Second to last potentially related work creation: [ 938.769288][ C0] ------------[ cut here ]------------ [ 938.770428][ C0] slab index 2076544 out of bounds (293) for stack id ffffaf80 [ 938.774999][ C0] WARNING: CPU: 0 PID: 2052 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 938.776632][ C0] Modules linked in: [ 938.777820][ C0] CPU: 0 PID: 2052 Comm: syz-executor.0 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 938.779305][ C0] Hardware name: riscv-virtio,qemu (DT) [ 938.780177][ C0] epc : stack_depot_print+0x66/0x70 [ 938.781780][ C0] ra : stack_depot_print+0x66/0x70 [ 938.783018][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf80103b3b40 [ 938.784158][ C0] gp : ffffffff85863ac0 tp : ffffaf8007403080 t0 : ffffffff86bcb657 [ 938.785313][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf80103b3b50 [ 938.786468][ C0] s1 : ffffaf807aad9a58 a0 : 000000000000003c a1 : 00000000000f0000 [ 938.787622][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : 85ac633a7ecac400 [ 938.788752][ C0] a5 : 85ac633a7ecac400 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 938.789921][ C0] s2 : ffffaf80103b3c80 s3 : ffffaf80072ed280 s4 : ffffaf80103b3bc8 [ 938.791279][ C0] s5 : ffffaf80103b3c70 s6 : 0000000000003fff s7 : ffffaf80103b3c20 [ 938.792554][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf80103b3d00 [ 938.793708][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 938.794833][ C0] t5 : fffff5ef0b53910d t6 : ffffaf80103b3638 [ 938.795822][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 938.796964][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 938.798479][ C0] [] kasan_report+0x184/0x1e0 [ 938.799780][ C0] [] __asan_load8+0x6e/0x96 [ 938.801035][ C0] [] walk_stackframe+0x11c/0x260 [ 938.802338][ C0] [] arch_stack_walk+0x2c/0x3c [ 938.803546][ C0] [] stack_trace_save+0xa6/0xd8 [ 938.804784][ C0] [] kasan_save_stack+0x2c/0x58 [ 938.806046][ C0] [] kasan_set_track+0x1a/0x26 [ 938.807434][ C0] [] kasan_set_free_info+0x1e/0x3a [ 938.808631][ C0] [] ____kasan_slab_free+0x15e/0x180 [ 938.809952][ C0] irq event stamp: 50309 [ 938.810726][ C0] hardirqs last enabled at (50308): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 938.812307][ C0] hardirqs last disabled at (50309): [] _raw_spin_lock_irqsave+0x60/0x62 [ 938.813791][ C0] softirqs last enabled at (50176): [] __do_softirq+0x618/0x8fc [ 938.815185][ C0] softirqs last disabled at (50181): [] __irq_exit_rcu+0x142/0x1f8 [ 938.816593][ C0] ---[ end trace 0000000000000000 ]--- [ 938.817532][ C0] [ 938.818225][ C0] The buggy address belongs to the object at ffffaf80103b3bc8 [ 938.818225][ C0] which belongs to the cache kernfs_node_cache of size 168 [ 938.819869][ C0] The buggy address is located 16 bytes to the right of [ 938.819869][ C0] 168-byte region [ffffaf80103b3bc8, ffffaf80103b3c70) [ 938.822532][ C0] The buggy address belongs to the page: [ 938.824590][ C0] page:ffffaf807aad9a58 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x905b3 [ 938.826150][ C0] flags: 0x9000000200(slab|section=18|node=0|zone=0) [ 938.828744][ C0] raw: 0000009000000200 0000000000000000 0000000000000122 ffffaf80072ed280 [ 938.830060][ C0] raw: 0000000000000000 0000000000110011 00000001ffffffff 0000000000000000 [ 938.831663][ C0] raw: 00000000000007ff [ 938.832959][ C0] page dumped because: kasan: bad access detected [ 938.834177][ C0] page_owner tracks the page as allocated [ 938.835111][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 2052, ts 927257636400, free_ts 924255232900 [ 938.837116][ C0] __set_page_owner+0x48/0x136 [ 938.838299][ C0] post_alloc_hook+0xd0/0x10a [ 938.839364][ C0] get_page_from_freelist+0x8da/0x12d8 [ 938.840511][ C0] __alloc_pages+0x150/0x3b6 [ 938.842171][ C0] alloc_pages+0x132/0x2a6 [ 938.843333][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 938.844502][ C0] new_slab+0x76/0x2cc [ 938.845549][ C0] ___slab_alloc+0x56e/0x918 [ 938.846634][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 938.847798][ C0] kmem_cache_alloc+0x39c/0x3de [ 938.848904][ C0] __kernfs_new_node+0xfc/0x5f2 [ 938.850062][ C0] kernfs_new_node+0x66/0xbe [ 938.851308][ C0] __kernfs_create_file+0x4e/0x1e8 [ 938.852469][ C0] sysfs_add_file_mode_ns+0x138/0x254 [ 938.853632][ C0] internal_create_group+0x274/0x722 [ 938.854717][ C0] internal_create_groups.part.0+0x64/0xe8 [ 938.855951][ C0] page last free stack trace: [ 938.856760][ C0] __reset_page_owner+0x4a/0xea [ 938.857868][ C0] free_pcp_prepare+0x29c/0x45e [ 938.858916][ C0] free_unref_page+0x6a/0x31e [ 938.859948][ C0] __free_pages+0xe2/0x112 [ 938.861033][ C0] __free_slab+0x122/0x27c [ 938.862366][ C0] discard_slab+0x4c/0x7a [ 938.863471][ C0] __slab_free+0x20a/0x29c [ 938.864530][ C0] ___cache_free+0x17c/0x354 [ 938.865636][ C0] qlist_free_all+0x7c/0x132 [ 938.866696][ C0] kasan_quarantine_reduce+0x14c/0x1c8 [ 938.867804][ C0] __kasan_slab_alloc+0x5c/0x98 [ 938.868919][ C0] kmem_cache_alloc_trace+0x278/0x2e0 [ 938.870077][ C0] load_elf_binary+0x556/0x2716 [ 938.871426][ C0] bprm_execve+0x5bc/0x1140 [ 938.872648][ C0] kernel_execve+0x204/0x288 [ 938.873777][ C0] call_usermodehelper_exec_async+0x1c0/0x2dc [ 938.875224][ C0] [ 938.875913][ C0] Memory state around the buggy address: [ 938.877182][ C0] ffffaf80103b3b80: 00 fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 938.878394][ C0] ffffaf80103b3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 938.879514][ C0] >ffffaf80103b3c80: fc fc fc fc 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 938.880539][ C0] ^ [ 938.881886][ C0] ffffaf80103b3d00: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 938.883081][ C0] ffffaf80103b3d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 938.884235][ C0] ================================================================== [ 938.885236][ C0] Disabling lock debugging due to kernel taint [ 938.889306][ T2052] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 938.890585][ T2052] CPU: 0 PID: 2052 Comm: syz-executor.0 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 938.892942][ T2052] Hardware name: riscv-virtio,qemu (DT) [ 938.893702][ T2052] Call Trace: [ 938.894313][ T2052] [] dump_backtrace+0x2e/0x3c [ 938.895460][ T2052] [] show_stack+0x34/0x40 [ 938.896450][ T2052] [] dump_stack_lvl+0xe4/0x150 [ 938.897640][ T2052] [] dump_stack+0x1c/0x24 [ 938.898691][ T2052] [] panic+0x24a/0x634 [ 938.899686][ T2052] [] schedule+0x0/0x14c [ 938.900702][ T2052] [] preempt_schedule_irq+0x4a/0x13e [ 938.902120][ T2052] [] resume_kernel+0x16/0x18 [ 938.903296][ T2052] SMP: stopping secondary CPUs [ 938.905140][ T2052] Rebooting in 86400 seconds.. VM DIAGNOSIS: 07:24:20 Registers: info registers vcpu 0 pc ffffffff80474d26 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80124c96 sepc ffffffff8273ee2e mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80474d20 x2/sp ffffaf80103b3b90 x3/gp ffffffff85863ac0 x4/tp ffffaf8007403080 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef0b53910c x7/t2 0000000000000000 x8/s0 ffffaf80103b3c00 x9/s1 ffffaf80103b3c80 x10/a0 0000000000000000 x11/a1 00000000000f0000 x12/a2 0000000000000505 x13/a3 ffffffff8012252a x14/a4 85ac633a7ecac400 x15/a5 0000000000000001 x16/a6 0000000000f00000 x17/a7 ffffaf805a9c8863 x18/s2 0000000000000008 x19/s3 ffffffff8000a052 x20/s4 0000000000000000 x21/s5 ffffffff85863560 x22/s6 0000000000003fff x23/s7 ffffaf80103b3c20 x24/s8 0000000000400000 x25/s9 ffffffffffffc000 x26/s10 ffffaf80103b3d00 x27/s11 0000000000000008 x28/t3 fffffffff3f3f300 x29/t4 fffff5ef0b53910c x30/t5 fffff5ef0b53910d x31/t6 ffffaf80103b3698 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80475986 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 00007fff8974c264 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80119b52 x2/sp ffffaf800bb977d0 x3/gp ffffffff85863ac0 x4/tp ffffaf800b45e100 x5/t0 00000000000001f8 x6/t1 85ac633a7ecac400 x7/t2 ffffffffffffffff x8/s0 ffffaf800bb97820 x9/s1 ffffaf800f969898 x10/a0 ffffaf800f969898 x11/a1 0000000000000003 x12/a2 1ffff5f001f2d313 x13/a3 ffffffff80119b52 x14/a4 0000000000000000 x15/a5 0000000000000001 x16/a6 0000000000f00000 x17/a7 ffffffff826e6226 x18/s2 0000000000000001 x19/s3 ffffaf800b45e100 x20/s4 ffffaf800f9698a8 x21/s5 ffffaf800f9698a0 x22/s6 ffffaf800bb97960 x23/s7 ffffaf800bb97b00 x24/s8 0000000000000000 x25/s9 0000000000004000 x26/s10 0000000000000040 x27/s11 0000000000000001 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001772eb4 x31/t6 00000000018a0aff f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000