[  260.379196][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  260.467119][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  260.551932][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  260.597781][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:15347' (ECDSA) to the list of known hosts.
1970/01/01 00:05:23 fuzzer started
1970/01/01 00:05:36 dialing manager at localhost:40783
[  343.383283][ T2027] cgroup: Unknown subsys name 'net'
[  344.784591][ T2027] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:05:44 syscalls: 2882
1970/01/01 00:05:44 code coverage: enabled
1970/01/01 00:05:44 comparison tracing: enabled
1970/01/01 00:05:44 extra coverage: ioctl(KCOV_DISABLE) failed: invalid argument
1970/01/01 00:05:44 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:05:44 setuid sandbox: enabled
1970/01/01 00:05:44 namespace sandbox: enabled
1970/01/01 00:05:44 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:05:44 fault injection: enabled
1970/01/01 00:05:44 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:05:44 net packet injection: enabled
1970/01/01 00:05:44 net device setup: enabled
1970/01/01 00:05:44 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:05:44 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:05:44 NIC VF setup: PCI device 0000:00:11.0 is not available
1970/01/01 00:05:44 USB emulation: enabled
1970/01/01 00:05:44 hci packet injection: /dev/vhci does not exist
1970/01/01 00:05:44 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:05:44 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:05:45 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:05:50 fetching corpus: 50, signal 29051/32021 (executing program)
1970/01/01 00:05:53 fetching corpus: 96, signal 43727/47335 (executing program)
1970/01/01 00:05:57 fetching corpus: 146, signal 56818/60616 (executing program)
1970/01/01 00:05:59 fetching corpus: 192, signal 61405/65758 (executing program)
1970/01/01 00:06:02 fetching corpus: 242, signal 67984/72501 (executing program)
1970/01/01 00:06:05 fetching corpus: 291, signal 73153/77742 (executing program)
1970/01/01 00:06:07 fetching corpus: 340, signal 77938/82468 (executing program)
1970/01/01 00:06:10 fetching corpus: 389, signal 80564/85218 (executing program)
1970/01/01 00:06:13 fetching corpus: 438, signal 84396/88816 (executing program)
1970/01/01 00:06:16 fetching corpus: 486, signal 89369/93219 (executing program)
1970/01/01 00:06:19 fetching corpus: 534, signal 91985/95629 (executing program)
1970/01/01 00:06:21 fetching corpus: 583, signal 94883/98134 (executing program)
1970/01/01 00:06:23 fetching corpus: 633, signal 97714/100447 (executing program)
1970/01/01 00:06:26 fetching corpus: 683, signal 99979/102311 (executing program)
1970/01/01 00:06:30 fetching corpus: 733, signal 102153/104013 (executing program)
1970/01/01 00:06:32 fetching corpus: 781, signal 104068/105436 (executing program)
1970/01/01 00:06:35 fetching corpus: 825, signal 105972/106812 (executing program)
1970/01/01 00:06:36 fetching corpus: 826, signal 105988/106875 (executing program)
1970/01/01 00:06:36 fetching corpus: 826, signal 105988/106921 (executing program)
1970/01/01 00:06:36 fetching corpus: 826, signal 105988/106973 (executing program)
1970/01/01 00:06:36 fetching corpus: 826, signal 105988/107019 (executing program)
1970/01/01 00:06:37 fetching corpus: 826, signal 105988/107070 (executing program)
1970/01/01 00:06:37 fetching corpus: 826, signal 105988/107111 (executing program)
1970/01/01 00:06:37 fetching corpus: 826, signal 105988/107159 (executing program)
1970/01/01 00:06:37 fetching corpus: 826, signal 105988/107203 (executing program)
1970/01/01 00:06:37 fetching corpus: 826, signal 105988/107255 (executing program)
1970/01/01 00:06:37 fetching corpus: 826, signal 105988/107309 (executing program)
1970/01/01 00:06:37 fetching corpus: 826, signal 105988/107353 (executing program)
1970/01/01 00:06:38 fetching corpus: 827, signal 105997/107393 (executing program)
1970/01/01 00:06:38 fetching corpus: 827, signal 105997/107455 (executing program)
1970/01/01 00:06:38 fetching corpus: 827, signal 105997/107504 (executing program)
1970/01/01 00:06:38 fetching corpus: 827, signal 105997/107548 (executing program)
1970/01/01 00:06:38 fetching corpus: 827, signal 105997/107596 (executing program)
1970/01/01 00:06:38 fetching corpus: 827, signal 105997/107636 (executing program)
1970/01/01 00:06:38 fetching corpus: 827, signal 105997/107712 (executing program)
1970/01/01 00:06:39 fetching corpus: 827, signal 105997/107760 (executing program)
1970/01/01 00:06:39 fetching corpus: 827, signal 105997/107809 (executing program)
1970/01/01 00:06:39 fetching corpus: 827, signal 105997/107854 (executing program)
1970/01/01 00:06:39 fetching corpus: 827, signal 105997/107903 (executing program)
1970/01/01 00:06:39 fetching corpus: 827, signal 105997/107943 (executing program)
1970/01/01 00:06:39 fetching corpus: 827, signal 105997/107992 (executing program)
1970/01/01 00:06:39 fetching corpus: 827, signal 105997/108040 (executing program)
1970/01/01 00:06:40 fetching corpus: 827, signal 106036/108098 (executing program)
1970/01/01 00:06:40 fetching corpus: 827, signal 106036/108145 (executing program)
1970/01/01 00:06:40 fetching corpus: 827, signal 106036/108201 (executing program)
1970/01/01 00:06:40 fetching corpus: 827, signal 106036/108248 (executing program)
1970/01/01 00:06:40 fetching corpus: 827, signal 106036/108289 (executing program)
1970/01/01 00:06:40 fetching corpus: 827, signal 106036/108351 (executing program)
1970/01/01 00:06:40 fetching corpus: 827, signal 106036/108409 (executing program)
1970/01/01 00:06:40 fetching corpus: 827, signal 106036/108473 (executing program)
1970/01/01 00:06:41 fetching corpus: 827, signal 106036/108518 (executing program)
1970/01/01 00:06:41 fetching corpus: 827, signal 106036/108563 (executing program)
1970/01/01 00:06:41 fetching corpus: 827, signal 106036/108623 (executing program)
1970/01/01 00:06:41 fetching corpus: 827, signal 106036/108646 (executing program)
1970/01/01 00:06:41 fetching corpus: 827, signal 106036/108646 (executing program)
1970/01/01 00:08:23 starting 2 fuzzer processes
00:08:23 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002840)=@newlink={0x40, 0x10, 0x9, 0x0, 0x0, {}, [@IFLA_ADDRESS={0xa, 0x1, @link_local}, @IFLA_IFNAME={0x14, 0x3, 'macvlan0\x00'}]}, 0x40}}, 0x0)

00:08:23 executing program 1:
r0 = socket$l2tp(0x2, 0x2, 0x73)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x8, 0x3, 0x440, 0x0, 0xffffffff, 0xffffffff, 0x98, 0xffffffff, 0x3a8, 0xffffffff, 0xffffffff, 0x3a8, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x5}}}, {{@uncond, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'veth0_to_hsr\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4a0)

[  527.367296][ T2032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  527.465120][ T2032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  529.336940][ T2034] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  529.499067][ T2034] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  538.983834][ T2032] device hsr_slave_0 entered promiscuous mode
[  539.035969][ T2032] device hsr_slave_1 entered promiscuous mode
[  541.243774][ T2034] device hsr_slave_0 entered promiscuous mode
[  541.279583][ T2034] device hsr_slave_1 entered promiscuous mode
[  541.305733][ T2034] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  541.308871][ T2034] Cannot create hsr debugfs directory
[  547.613934][ T2032] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  547.757636][ T2032] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  547.836798][ T2032] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  547.938984][ T2032] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  549.337058][ T2034] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  549.467244][ T2034] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  549.653054][ T2034] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  549.954730][ T2034] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  558.167133][ T2032] 8021q: adding VLAN 0 to HW filter on device bond0
[  558.741305][ T2032] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[  558.743893][ T2032] CPU: 0 PID: 2032 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  558.745013][ T2032] Hardware name: riscv-virtio,qemu (DT)
[  558.746883][ T2032] Call Trace:
[  558.747571][ T2032] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  558.749017][ T2032] [<ffffffff831668cc>] show_stack+0x34/0x40
[  558.749861][ T2032] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  558.752118][ T2032] [<ffffffff83175742>] dump_stack+0x1c/0x24
[  558.753093][ T2032] [<ffffffff83166fa8>] panic+0x24a/0x634
[  558.753822][ T2032] [<ffffffff831a688a>] schedule+0x0/0x14c
[  558.754564][ T2032] [<ffffffff831a6b00>] preempt_schedule_common+0x4e/0xde
[  558.755492][ T2032] [<ffffffff831a6bc4>] preempt_schedule+0x34/0x36
[  558.756560][ T2032] [<ffffffff831afd78>] _raw_spin_unlock_irqrestore+0x8c/0x98
[  558.757377][ T2032] [<ffffffff80b090c2>] __debug_object_init+0x284/0x7b8
[  558.758169][ T2032] [<ffffffff80b09e7c>] debug_object_activate+0x286/0x29a
[  558.759128][ T2032] [<ffffffff8014b3c2>] call_rcu+0x3c/0x4ce
[  558.760109][ T2032] [<ffffffff82be73a0>] tnode_free+0x92/0xee
[  558.761442][ T2032] [<ffffffff82be8708>] replace+0xc0/0x320
[  558.762206][ T2032] [<ffffffff82be946c>] resize+0xb04/0x18d2
[  558.762989][ T2032] [<ffffffff82bea876>] fib_insert_alias+0x63c/0x750
[  558.763842][ T2032] [<ffffffff82bed0e4>] fib_table_insert+0x3a8/0xebe
[  558.764618][ T2032] [<ffffffff82bd1222>] fib_magic+0x3f4/0x438
[  558.765444][ T2032] [<ffffffff82bd6178>] fib_add_ifaddr+0xd2/0x2e2
[  558.766241][ T2032] [<ffffffff82bd797e>] fib_inetaddr_event+0xfe/0x19e
[  558.767005][ T2032] [<ffffffff800aac84>] notifier_call_chain+0xb8/0x188
[  558.767838][ T2032] [<ffffffff800ab16c>] blocking_notifier_call_chain+0x50/0x78
[  558.768688][ T2032] [<ffffffff82baf09c>] __inet_insert_ifa+0x6ca/0x7e4
[  558.769477][ T2032] [<ffffffff82bb200c>] inet_rtm_newaddr+0x7c2/0xbc2
[  558.770648][ T2032] [<ffffffff8276b46c>] rtnetlink_rcv_msg+0x338/0x9a0
[  558.772432][ T2032] [<ffffffff8296ded2>] netlink_rcv_skb+0xf8/0x2be
[  558.773392][ T2032] [<ffffffff827624f4>] rtnetlink_rcv+0x26/0x30
[  558.774160][ T2032] [<ffffffff8296cbcc>] netlink_unicast+0x40e/0x5fe
[  558.774926][ T2032] [<ffffffff8296d29c>] netlink_sendmsg+0x4e0/0x994
[  558.775763][ T2032] [<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4
[  558.776635][ T2032] [<ffffffff826d7026>] __sys_sendto+0x1f2/0x2e0
[  558.777487][ T2032] [<ffffffff826d7152>] sys_sendto+0x3e/0x52
[  558.778350][ T2032] [<ffffffff80005716>] ret_from_syscall+0x0/0x2
[  558.779536][ T2032] SMP: stopping secondary CPUs
[  558.782312][ T2032] Rebooting in 86400 seconds..

VM DIAGNOSIS:
14:42:24  Registers:
info registers vcpu 0
 pc       ffffffff80c0b51e
 mhartid  0000000000000000
 mstatus  00000000000000a0
 mip      0000000000000200
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000f97e
 sepc     ffffffff831afd22
 mcause   0000000000000009
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff80c0b51e x2/sp ffffaf800a4ae7f0 x3/gp ffffffff85863ac0
 x4/tp ffffaf800f14e100 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef0b53910c x7/t2 0000000000000000
 x8/s0 ffffaf800a4ae850 x9/s1 ffffffff838d2e20 x10/a0 0000000000000000 x11/a1 00000000000f0000
 x12/a2 0000000000000002 x13/a3 ffffffff80099a1e x14/a4 974f7d134daa5200 x15/a5 974f7d134daa5200
 x16/a6 0000000000f00000 x17/a7 ffffaf805a9c8863 x18/s2 0000000000000072 x19/s3 ffffffff86e51420
 x20/s4 0000000000000000 x21/s5 00000000000007f0 x22/s6 ffffffff83623360 x23/s7 ffffffff8344cc80
 x24/s8 ffffffff831a6b00 x25/s9 ffffaf800a4ac000 x26/s10 1ffff5f001495d74 x27/s11 ffffaf805a9d6ad0
 x28/t3 fffffffff3f3f300 x29/t4 fffff5ef0b53910c x30/t5 fffff5ef0b53910d x31/t6 ffffaf800a4ae2f8
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff82b4f572
 mhartid  0000000000000001
 mstatus  00000000000000a2
 mip      0000000000000000
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000f97e
 sepc     00007fffa4ad1d94
 mcause   0000000000000009
 scause   0000000000000008
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff82b48a2c x2/sp ffffaf800a30f3d0 x3/gp ffffffff85863ac0
 x4/tp ffffaf800e68e100 x5/t0 ffffaf800a30f578 x6/t1 ffffffff82b4ba98 x7/t2 96f39d247a3a6079
 x8/s0 ffffaf800a30f430 x9/s1 ffffaf800c771800 x10/a0 ffffaf800c771800 x11/a1 00000000000f0000
 x12/a2 1ffff5f001959f06 x13/a3 0000000000000006 x14/a4 0000000000000000 x15/a5 0000000000000000
 x16/a6 0000000000f00000 x17/a7 fffffffff3f3f3f3 x18/s2 ffffaf800cacf768 x19/s3 ffffaf800c772800
 x20/s4 ffffaf800cacf798 x21/s5 ffffaf800c771f58 x22/s6 000000003f19437b x23/s7 ffffaf800cacf7d8
 x24/s8 0000000000000001 x25/s9 0000000000000000 x26/s10 ffffaf800c7720e2 x27/s11 0000000000000020
 x28/t3 fffffffff3f3f300 x29/t4 fffff5ef018ee42e x30/t5 fffff5ef018ee42f x31/t6 ffffaf800cacf828
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000