syzkaller login: [  210.164471][ T1857] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  210.195720][ T1857] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  225.217637][ T1857] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  225.255847][ T1857] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:13705' (ECDSA) to the list of known hosts.
1970/01/01 00:04:44 fuzzer started
1970/01/01 00:04:52 dialing manager at localhost:44985
[  296.863945][ T2024] cgroup: Unknown subsys name 'net'
[  297.606611][ T2024] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:04:57 syscalls: 2918
1970/01/01 00:04:57 code coverage: enabled
1970/01/01 00:04:57 comparison tracing: enabled
1970/01/01 00:04:57 extra coverage: enabled
1970/01/01 00:04:57 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:04:57 setuid sandbox: enabled
1970/01/01 00:04:57 namespace sandbox: enabled
1970/01/01 00:04:57 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:04:57 fault injection: enabled
1970/01/01 00:04:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:04:57 net packet injection: enabled
1970/01/01 00:04:57 net device setup: enabled
1970/01/01 00:04:57 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:04:57 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:04:57 NIC VF setup: PCI device 0000:00:11.0 is not available
1970/01/01 00:04:57 USB emulation: enabled
1970/01/01 00:04:57 hci packet injection: /dev/vhci does not exist
1970/01/01 00:04:57 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:04:57 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:04:57 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:05:02 fetching corpus: 48, signal 32802/34982 (executing program)
1970/01/01 00:05:04 fetching corpus: 98, signal 47444/49414 (executing program)
1970/01/01 00:05:09 fetching corpus: 144, signal 57075/58597 (executing program)
1970/01/01 00:05:12 fetching corpus: 193, signal 64874/65751 (executing program)
1970/01/01 00:05:14 fetching corpus: 226, signal 69008/69374 (executing program)
1970/01/01 00:05:14 fetching corpus: 226, signal 69035/69447 (executing program)
1970/01/01 00:05:14 fetching corpus: 226, signal 69035/69502 (executing program)
1970/01/01 00:05:14 fetching corpus: 226, signal 69035/69562 (executing program)
1970/01/01 00:05:14 fetching corpus: 226, signal 69035/69646 (executing program)
1970/01/01 00:05:14 fetching corpus: 226, signal 69035/69709 (executing program)
1970/01/01 00:05:15 fetching corpus: 227, signal 69059/69784 (executing program)
1970/01/01 00:05:15 fetching corpus: 227, signal 69059/69838 (executing program)
1970/01/01 00:05:15 fetching corpus: 227, signal 69059/69913 (executing program)
1970/01/01 00:05:15 fetching corpus: 227, signal 69059/69970 (executing program)
1970/01/01 00:05:16 fetching corpus: 227, signal 69059/70025 (executing program)
1970/01/01 00:05:16 fetching corpus: 227, signal 69059/70103 (executing program)
1970/01/01 00:05:16 fetching corpus: 227, signal 69059/70174 (executing program)
1970/01/01 00:05:16 fetching corpus: 227, signal 69059/70228 (executing program)
1970/01/01 00:05:16 fetching corpus: 228, signal 69077/70291 (executing program)
1970/01/01 00:05:16 fetching corpus: 228, signal 69077/70348 (executing program)
1970/01/01 00:05:17 fetching corpus: 228, signal 69077/70428 (executing program)
1970/01/01 00:05:17 fetching corpus: 228, signal 69077/70482 (executing program)
1970/01/01 00:05:17 fetching corpus: 228, signal 69077/70553 (executing program)
1970/01/01 00:05:17 fetching corpus: 228, signal 69077/70612 (executing program)
1970/01/01 00:05:17 fetching corpus: 228, signal 69077/70675 (executing program)
1970/01/01 00:05:18 fetching corpus: 228, signal 69077/70739 (executing program)
1970/01/01 00:05:18 fetching corpus: 228, signal 69077/70816 (executing program)
1970/01/01 00:05:18 fetching corpus: 228, signal 69077/70879 (executing program)
1970/01/01 00:05:18 fetching corpus: 228, signal 69077/70952 (executing program)
1970/01/01 00:05:18 fetching corpus: 228, signal 69077/71041 (executing program)
1970/01/01 00:05:18 fetching corpus: 228, signal 69077/71090 (executing program)
1970/01/01 00:05:18 fetching corpus: 228, signal 69077/71141 (executing program)
1970/01/01 00:05:18 fetching corpus: 228, signal 69077/71216 (executing program)
1970/01/01 00:05:18 fetching corpus: 228, signal 69077/71274 (executing program)
1970/01/01 00:05:18 fetching corpus: 228, signal 69077/71329 (executing program)
1970/01/01 00:05:19 fetching corpus: 228, signal 69079/71329 (executing program)
1970/01/01 00:05:19 fetching corpus: 228, signal 69079/71329 (executing program)
1970/01/01 00:06:59 starting 2 fuzzer processes
00:07:00 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x12, 0x1, 0x4, 0x9, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, &(0x7f00000001c0), &(0x7f0000000040)=@tcp}, 0x20)

00:07:00 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x44, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}, @ETHTOOL_A_FEATURES_WANTED={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x5, 0x5, "c9"}, @ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8}]}]}, 0x44}}, 0x0)

[  453.448349][ T2031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  453.668683][ T2029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  453.806080][ T2031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  453.957114][ T2029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  466.993687][ T2031] device hsr_slave_0 entered promiscuous mode
[  467.065597][ T2031] device hsr_slave_1 entered promiscuous mode
[  468.347279][ T2029] device hsr_slave_0 entered promiscuous mode
[  468.378073][ T2029] device hsr_slave_1 entered promiscuous mode
[  468.400249][ T2029] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  468.407116][ T2029] Cannot create hsr debugfs directory
[  474.558912][ T2029] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  474.713351][ T2029] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  474.819325][ T2029] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  475.207308][ T2029] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  476.170008][ T2031] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  476.300689][ T2031] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  476.426263][ T2031] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  476.914535][ T2031] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  484.124997][ T2029] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[  484.127741][ T2029] CPU: 0 PID: 2029 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  484.131099][ T2029] Hardware name: riscv-virtio,qemu (DT)
[  484.138198][ T2029] Call Trace:
[  484.138893][ T2029] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  484.139833][ T2029] [<ffffffff831668cc>] show_stack+0x34/0x40
[  484.140647][ T2029] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  484.141840][ T2029] [<ffffffff83175742>] dump_stack+0x1c/0x24
[  484.142999][ T2029] [<ffffffff83166fa8>] panic+0x24a/0x634
[  484.143980][ T2029] [<ffffffff831a688a>] schedule+0x0/0x14c
[  484.144767][ T2029] [<ffffffff831a6b00>] preempt_schedule_common+0x4e/0xde
[  484.145808][ T2029] [<ffffffff831a6bc4>] preempt_schedule+0x34/0x36
[  484.147074][ T2029] [<ffffffff80061140>] __local_bh_enable_ip+0x29e/0x2a4
[  484.148298][ T2029] [<ffffffff831b02e0>] _raw_read_unlock_bh+0x34/0x40
[  484.149516][ T2029] [<ffffffff82d4391c>] addrconf_dad_run+0x11c/0x134
[  484.150668][ T2029] [<ffffffff82d4e8d8>] addrconf_notify+0xd3a/0x1360
[  484.151830][ T2029] [<ffffffff800aac84>] notifier_call_chain+0xb8/0x188
[  484.152983][ T2029] [<ffffffff800aad7e>] raw_notifier_call_chain+0x2a/0x38
[  484.154221][ T2029] [<ffffffff8271d086>] call_netdevice_notifiers_info+0x9e/0x10c
[  484.155407][ T2029] [<ffffffff827422c8>] __dev_notify_flags+0x108/0x1fa
[  484.156603][ T2029] [<ffffffff827436f6>] dev_change_flags+0x9c/0xba
[  484.157544][ T2029] [<ffffffff82767e16>] do_setlink+0x5d6/0x21c4
[  484.158442][ T2029] [<ffffffff8276a6a2>] __rtnl_newlink+0x99e/0xfa0
[  484.159854][ T2029] [<ffffffff8276ad04>] rtnl_newlink+0x60/0x8c
[  484.160989][ T2029] [<ffffffff8276b46c>] rtnetlink_rcv_msg+0x338/0x9a0
[  484.162268][ T2029] [<ffffffff8296ded2>] netlink_rcv_skb+0xf8/0x2be
[  484.163385][ T2029] [<ffffffff827624f4>] rtnetlink_rcv+0x26/0x30
[  484.164556][ T2029] [<ffffffff8296cbcc>] netlink_unicast+0x40e/0x5fe
[  484.166119][ T2029] [<ffffffff8296d29c>] netlink_sendmsg+0x4e0/0x994
[  484.167174][ T2029] [<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4
[  484.168090][ T2029] [<ffffffff826d7026>] __sys_sendto+0x1f2/0x2e0
[  484.168933][ T2029] [<ffffffff826d7152>] sys_sendto+0x3e/0x52
[  484.170159][ T2029] [<ffffffff80005716>] ret_from_syscall+0x0/0x2
[  484.171166][ T2029] SMP: stopping secondary CPUs
[  484.173550][ T2029] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:15:38  Registers:
info registers vcpu 0
 pc       ffffffff831a262c
 mhartid  0000000000000000
 mstatus  00000000000001a0
 mip      00000000000000a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000f97e
 sepc     ffffffff831afd22
 mcause   8000000000000007
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff831a262c x2/sp ffffaf800cea7950 x3/gp ffffffff85863ac0
 x4/tp ffffaf800eb2b080 x5/t0 0000000000046000 x6/t1 4a480c80157fc200 x7/t2 0000000000000032
 x8/s0 ffffaf800cea7960 x9/s1 0000000000000000 x10/a0 0000000000000001 x11/a1 00000000000f0000
 x12/a2 0000000000000002 x13/a3 ffffffff831a24bc x14/a4 ffffaf800eb2c080 x15/a5 0000000000000000
 x16/a6 0000000000f00000 x17/a7 0000000054494d45 x18/s2 ffffffff86c1a628 x19/s3 0000000000000000
 x20/s4 8000000000000005 x21/s5 ffffaf800eb2b080 x22/s6 ffffaf800cea7d40 x23/s7 ffffaf805a9e7400
 x24/s8 ffffaf805a9e7480 x25/s9 0000000000000001 x26/s10 ffffaf805a9e7480 x27/s11 ffffaf800cea7d28
 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0019d4edc x31/t6 0000000000040000
 f0/ft0 0000000000000000 f1/ft1 40a73c7bfac3b4b0 f2/ft2 415a003e00000000 f3/ft3 43e0000000000000
 f4/ft4 3ffe000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff80124490
 mhartid  0000000000000001
 mstatus  00000000000000a0
 mip      00000000000000a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff80475986
 sepc     ffffffff817ecf72
 mcause   8000000000000007
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff8012448c x2/sp ffffaf801082a2e0 x3/gp ffffffff85863ac0
 x4/tp ffffaf800eb29840 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef02105474 x7/t2 0000000000000000
 x8/s0 ffffaf801082a460 x9/s1 ffffffff84a88a00 x10/a0 0000000000000000 x11/a1 00000000000f0000
 x12/a2 0000000000000002 x13/a3 ffffffff8012448c x14/a4 ffffaf800eb2a840 x15/a5 0000000000000000
 x16/a6 0000000000f00000 x17/a7 ffffaf801082a3a7 x18/s2 0000000000000030 x19/s3 0000000000000020
 x20/s4 ffffaf801082a3e0 x21/s5 ffffaf801082a4e0 x22/s6 ffffaf801082a520 x23/s7 ffffaf801082a788
 x24/s8 ffffaf801082a4f0 x25/s9 1ffff5f002105494 x26/s10 ffffffff85889780 x27/s11 ffffaf801082a520
 x28/t3 1ffff5f0021054dc x29/t4 fffff5ef02105474 x30/t5 fffff5ef02105475 x31/t6 ffffaf801082a568
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000