syzkaller login: [ 289.668876][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 289.734542][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 330.516109][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:7120' (ECDSA) to the list of known hosts. 1970/01/01 00:06:01 fuzzer started 1970/01/01 00:06:14 dialing manager at localhost:38821 [ 380.553545][ T2044] cgroup: Unknown subsys name 'net' [ 381.860828][ T2044] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:21 syscalls: 2818 1970/01/01 00:06:21 code coverage: enabled 1970/01/01 00:06:21 comparison tracing: enabled 1970/01/01 00:06:21 extra coverage: enabled 1970/01/01 00:06:21 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:21 setuid sandbox: enabled 1970/01/01 00:06:21 namespace sandbox: enabled 1970/01/01 00:06:21 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:21 fault injection: enabled 1970/01/01 00:06:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:21 net packet injection: enabled 1970/01/01 00:06:21 net device setup: enabled 1970/01/01 00:06:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:21 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:21 USB emulation: enabled 1970/01/01 00:06:21 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:21 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:21 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:21 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:25 fetching corpus: 50, signal 22127/25724 (executing program) 1970/01/01 00:06:30 fetching corpus: 100, signal 46443/51112 (executing program) 1970/01/01 00:06:34 fetching corpus: 149, signal 51641/57634 (executing program) 1970/01/01 00:06:38 fetching corpus: 197, signal 56563/63755 (executing program) 1970/01/01 00:06:41 fetching corpus: 245, signal 63912/72056 (executing program) 1970/01/01 00:06:43 fetching corpus: 295, signal 68106/77304 (executing program) 1970/01/01 00:06:48 fetching corpus: 345, signal 73315/83457 (executing program) 1970/01/01 00:06:50 fetching corpus: 395, signal 77603/88640 (executing program) 1970/01/01 00:06:53 fetching corpus: 444, signal 79921/91972 (executing program) 1970/01/01 00:06:56 fetching corpus: 494, signal 84411/97149 (executing program) 1970/01/01 00:06:59 fetching corpus: 544, signal 88128/101615 (executing program) 1970/01/01 00:07:01 fetching corpus: 594, signal 90089/104426 (executing program) 1970/01/01 00:07:05 fetching corpus: 643, signal 93063/108030 (executing program) 1970/01/01 00:07:07 fetching corpus: 693, signal 95644/111331 (executing program) 1970/01/01 00:07:10 fetching corpus: 743, signal 97882/114279 (executing program) 1970/01/01 00:07:13 fetching corpus: 793, signal 100332/117308 (executing program) 1970/01/01 00:07:16 fetching corpus: 843, signal 102781/120329 (executing program) 1970/01/01 00:07:18 fetching corpus: 893, signal 104172/122471 (executing program) 1970/01/01 00:07:22 fetching corpus: 942, signal 106554/125374 (executing program) 1970/01/01 00:07:28 fetching corpus: 992, signal 108544/127937 (executing program) 1970/01/01 00:07:30 fetching corpus: 1042, signal 109897/129891 (executing program) 1970/01/01 00:07:34 fetching corpus: 1092, signal 111747/132212 (executing program) 1970/01/01 00:07:37 fetching corpus: 1141, signal 113908/134722 (executing program) 1970/01/01 00:07:40 fetching corpus: 1190, signal 116077/137255 (executing program) 1970/01/01 00:07:43 fetching corpus: 1240, signal 118016/139547 (executing program) 1970/01/01 00:07:45 fetching corpus: 1290, signal 120380/142121 (executing program) 1970/01/01 00:07:48 fetching corpus: 1340, signal 122519/144439 (executing program) 1970/01/01 00:07:51 fetching corpus: 1389, signal 123862/146226 (executing program) 1970/01/01 00:07:54 fetching corpus: 1439, signal 125991/148488 (executing program) 1970/01/01 00:07:56 fetching corpus: 1489, signal 127732/150459 (executing program) 1970/01/01 00:07:59 fetching corpus: 1539, signal 129096/152069 (executing program) 1970/01/01 00:08:03 fetching corpus: 1589, signal 130596/153786 (executing program) 1970/01/01 00:08:06 fetching corpus: 1639, signal 131390/155027 (executing program) 1970/01/01 00:08:10 fetching corpus: 1689, signal 134056/157510 (executing program) 1970/01/01 00:08:14 fetching corpus: 1738, signal 135044/158816 (executing program) 1970/01/01 00:08:16 fetching corpus: 1787, signal 136809/160623 (executing program) 1970/01/01 00:08:18 fetching corpus: 1837, signal 137951/161938 (executing program) 1970/01/01 00:08:21 fetching corpus: 1887, signal 139364/163502 (executing program) 1970/01/01 00:08:24 fetching corpus: 1937, signal 140676/164861 (executing program) 1970/01/01 00:08:27 fetching corpus: 1987, signal 141693/166076 (executing program) 1970/01/01 00:08:30 fetching corpus: 2037, signal 142787/167292 (executing program) 1970/01/01 00:08:32 fetching corpus: 2087, signal 143871/168482 (executing program) 1970/01/01 00:08:35 fetching corpus: 2137, signal 144695/169457 (executing program) 1970/01/01 00:08:37 fetching corpus: 2187, signal 145636/170484 (executing program) 1970/01/01 00:08:41 fetching corpus: 2237, signal 147200/171878 (executing program) 1970/01/01 00:08:44 fetching corpus: 2286, signal 148335/173006 (executing program) 1970/01/01 00:08:46 fetching corpus: 2336, signal 149361/174036 (executing program) 1970/01/01 00:08:50 fetching corpus: 2386, signal 150363/175075 (executing program) 1970/01/01 00:08:53 fetching corpus: 2436, signal 151743/176261 (executing program) 1970/01/01 00:08:56 fetching corpus: 2486, signal 152761/177238 (executing program) 1970/01/01 00:08:59 fetching corpus: 2535, signal 154010/178307 (executing program) 1970/01/01 00:09:02 fetching corpus: 2585, signal 154974/179185 (executing program) 1970/01/01 00:09:05 fetching corpus: 2635, signal 156305/180267 (executing program) 1970/01/01 00:09:07 fetching corpus: 2684, signal 157290/181126 (executing program) 1970/01/01 00:09:09 fetching corpus: 2734, signal 158406/182035 (executing program) 1970/01/01 00:09:13 fetching corpus: 2784, signal 159182/182793 (executing program) 1970/01/01 00:09:16 fetching corpus: 2834, signal 160462/183787 (executing program) 1970/01/01 00:09:19 fetching corpus: 2884, signal 161114/184461 (executing program) 1970/01/01 00:09:21 fetching corpus: 2934, signal 161807/185151 (executing program) 1970/01/01 00:09:25 fetching corpus: 2984, signal 162607/185910 (executing program) 1970/01/01 00:09:28 fetching corpus: 3033, signal 163409/186626 (executing program) 1970/01/01 00:09:32 fetching corpus: 3083, signal 164219/187314 (executing program) 1970/01/01 00:09:36 fetching corpus: 3133, signal 165300/188093 (executing program) 1970/01/01 00:09:38 fetching corpus: 3182, signal 166600/188913 (executing program) 1970/01/01 00:09:42 fetching corpus: 3231, signal 167324/189482 (executing program) 1970/01/01 00:09:44 fetching corpus: 3281, signal 168115/190075 (executing program) 1970/01/01 00:09:47 fetching corpus: 3331, signal 168849/190648 (executing program) 1970/01/01 00:09:49 fetching corpus: 3381, signal 169607/191201 (executing program) 1970/01/01 00:09:53 fetching corpus: 3431, signal 170258/191688 (executing program) 1970/01/01 00:09:56 fetching corpus: 3479, signal 171066/192243 (executing program) 1970/01/01 00:09:58 fetching corpus: 3529, signal 171934/192770 (executing program) 1970/01/01 00:10:02 fetching corpus: 3578, signal 172859/193322 (executing program) 1970/01/01 00:10:04 fetching corpus: 3626, signal 173419/193745 (executing program) 1970/01/01 00:10:07 fetching corpus: 3676, signal 174474/194242 (executing program) 1970/01/01 00:10:10 fetching corpus: 3726, signal 175261/194670 (executing program) 1970/01/01 00:10:13 fetching corpus: 3776, signal 176017/195093 (executing program) 1970/01/01 00:10:16 fetching corpus: 3826, signal 177135/195611 (executing program) 1970/01/01 00:10:19 fetching corpus: 3876, signal 177665/195963 (executing program) 1970/01/01 00:10:23 fetching corpus: 3925, signal 178443/196383 (executing program) 1970/01/01 00:10:27 fetching corpus: 3974, signal 179191/196746 (executing program) 1970/01/01 00:10:30 fetching corpus: 4023, signal 179879/197076 (executing program) 1970/01/01 00:10:33 fetching corpus: 4072, signal 180342/197381 (executing program) 1970/01/01 00:10:36 fetching corpus: 4122, signal 181024/197681 (executing program) 1970/01/01 00:10:39 fetching corpus: 4171, signal 181593/197973 (executing program) 1970/01/01 00:10:41 fetching corpus: 4221, signal 182721/198331 (executing program) 1970/01/01 00:10:44 fetching corpus: 4271, signal 183167/198597 (executing program) 1970/01/01 00:10:47 fetching corpus: 4319, signal 183861/198857 (executing program) 1970/01/01 00:10:50 fetching corpus: 4369, signal 184654/199117 (executing program) 1970/01/01 00:10:53 fetching corpus: 4419, signal 185464/199507 (executing program) 1970/01/01 00:10:56 fetching corpus: 4468, signal 186141/199728 (executing program) 1970/01/01 00:10:59 fetching corpus: 4518, signal 186862/199948 (executing program) 1970/01/01 00:11:03 fetching corpus: 4568, signal 187476/200131 (executing program) 1970/01/01 00:11:05 fetching corpus: 4617, signal 187978/200288 (executing program) 1970/01/01 00:11:08 fetching corpus: 4667, signal 188686/200452 (executing program) 1970/01/01 00:11:12 fetching corpus: 4716, signal 189191/200589 (executing program) 1970/01/01 00:11:14 fetching corpus: 4766, signal 189634/200763 (executing program) 1970/01/01 00:11:16 fetching corpus: 4816, signal 190138/200869 (executing program) 1970/01/01 00:11:19 fetching corpus: 4866, signal 190845/200962 (executing program) 1970/01/01 00:11:22 fetching corpus: 4916, signal 191217/201076 (executing program) 1970/01/01 00:11:25 fetching corpus: 4966, signal 191827/201143 (executing program) 1970/01/01 00:11:28 fetching corpus: 5015, signal 192407/201143 (executing program) 1970/01/01 00:11:31 fetching corpus: 5065, signal 192925/201143 (executing program) 1970/01/01 00:11:33 fetching corpus: 5115, signal 193608/201143 (executing program) 1970/01/01 00:11:37 fetching corpus: 5165, signal 194208/201143 (executing program) 1970/01/01 00:11:40 fetching corpus: 5215, signal 194697/201143 (executing program) 1970/01/01 00:11:42 fetching corpus: 5265, signal 195262/201144 (executing program) 1970/01/01 00:11:45 fetching corpus: 5315, signal 195763/201144 (executing program) 1970/01/01 00:11:49 fetching corpus: 5364, signal 196368/201144 (executing program) 1970/01/01 00:11:52 fetching corpus: 5412, signal 196898/201144 (executing program) 1970/01/01 00:11:54 fetching corpus: 5461, signal 197464/201144 (executing program) 1970/01/01 00:11:56 fetching corpus: 5511, signal 198014/201147 (executing program) 1970/01/01 00:11:59 fetching corpus: 5561, signal 198451/201147 (executing program) 1970/01/01 00:12:00 fetching corpus: 5585, signal 198697/201147 (executing program) 1970/01/01 00:12:01 fetching corpus: 5586, signal 198726/201178 (executing program) 1970/01/01 00:12:01 fetching corpus: 5586, signal 198726/201178 (executing program) 1970/01/01 00:14:21 starting 2 fuzzer processes 00:14:21 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_buf(r0, 0x29, 0x48, &(0x7f0000000080)="b2de5b6a", 0x4) 00:14:21 executing program 0: r0 = memfd_secret(0x0) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_group_source_req(r1, 0x0, 0x2d, &(0x7f0000000000)={0x0, {{0x2, 0x0, @dev}}, {{0x2, 0x0, @broadcast}}}, 0x108) [ 889.675087][ C0] ================================================================== [ 889.679357][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 889.681159][ C0] Read of size 8 at addr ffffaf80217f3fd0 by task syz-executor.1/2058 [ 889.683168][ C0] [ 889.686026][ C0] CPU: 0 PID: 2058 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 889.688265][ C0] Hardware name: riscv-virtio,qemu (DT) [ 889.689598][ C0] Call Trace: [ 889.690599][ C0] [] dump_backtrace+0x2e/0x3c [ 889.692017][ C0] [] show_stack+0x34/0x40 [ 889.693332][ C0] [] dump_stack_lvl+0xe4/0x150 [ 889.694703][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 889.697361][ C0] [] kasan_report+0x184/0x1e0 [ 889.698943][ C0] [] __asan_load8+0x6e/0x96 [ 889.700390][ C0] [] walk_stackframe+0x11c/0x260 [ 889.701821][ C0] [] arch_stack_walk+0x2c/0x3c [ 889.703413][ C0] [ 889.704284][ C0] Allocated by task 0: [ 889.705626][ C0] (stack is not available) [ 889.706803][ C0] [ 889.707619][ C0] Last potentially related work creation: [ 889.708716][ C0] ------------[ cut here ]------------ [ 889.709657][ C0] slab index 41042 out of bounds (291) for stack id 8000a052 [ 889.714301][ C0] WARNING: CPU: 0 PID: 2058 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 889.717047][ C0] Modules linked in: [ 889.718417][ C0] CPU: 0 PID: 2058 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 889.719942][ C0] Hardware name: riscv-virtio,qemu (DT) [ 889.720970][ C0] epc : stack_depot_print+0x66/0x70 [ 889.722241][ C0] ra : stack_depot_print+0x66/0x70 [ 889.723567][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf80217f3e90 [ 889.724979][ C0] gp : ffffffff85863ac0 tp : ffffaf800b68c8c0 t0 : ffffffff86bcb657 [ 889.726926][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf80217f3ea0 [ 889.728226][ C0] s1 : ffffaf807afb4c10 a0 : 000000000000003a a1 : 00000000000f0000 [ 889.729511][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : 70b824f6da1ecd00 [ 889.732818][ C0] a5 : 70b824f6da1ecd00 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 889.734426][ C0] s2 : ffffaf80217f3fd0 s3 : ffffaf8007202c80 s4 : ffffaf80217f3e00 [ 889.736540][ C0] s5 : ffffaf80217f3f00 s6 : 0000000000003fff s7 : ffffaf80217f3f70 [ 889.737994][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf80217f4040 [ 889.739339][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 889.740736][ C0] t5 : fffff5ef0b53910d t6 : ffffaf80217f3998 [ 889.741891][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 889.743461][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 889.745705][ C0] [] kasan_report+0x184/0x1e0 [ 889.747490][ C0] [] __asan_load8+0x6e/0x96 [ 889.748778][ C0] [] walk_stackframe+0x11c/0x260 [ 889.750108][ C0] [] arch_stack_walk+0x2c/0x3c [ 889.751510][ C0] irq event stamp: 45791 [ 889.752424][ C0] hardirqs last enabled at (45790): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 889.754612][ C0] hardirqs last disabled at (45791): [] _raw_spin_lock_irqsave+0x60/0x62 [ 889.757260][ C0] softirqs last enabled at (45698): [] __do_softirq+0x618/0x8fc [ 889.758937][ C0] softirqs last disabled at (45727): [] __irq_exit_rcu+0x142/0x1f8 [ 889.760633][ C0] ---[ end trace 0000000000000000 ]--- [ 889.762409][ C0] [ 889.763154][ C0] Second to last potentially related work creation: [ 889.764081][ C0] ------------[ cut here ]------------ [ 889.765322][ C0] slab index 2097151 out of bounds (291) for stack id ffffffff [ 889.770428][ C0] WARNING: CPU: 0 PID: 2058 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 889.772391][ C0] Modules linked in: [ 889.773667][ C0] CPU: 0 PID: 2058 Comm: syz-executor.1 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 889.776569][ C0] Hardware name: riscv-virtio,qemu (DT) [ 889.778105][ C0] epc : stack_depot_print+0x66/0x70 [ 889.779436][ C0] ra : stack_depot_print+0x66/0x70 [ 889.780861][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf80217f3e90 [ 889.782250][ C0] gp : ffffffff85863ac0 tp : ffffaf800b68c8c0 t0 : ffffffff86bcb657 [ 889.783563][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf80217f3ea0 [ 889.784930][ C0] s1 : ffffaf807afb4c10 a0 : 000000000000003c a1 : 00000000000f0000 [ 889.786940][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : 70b824f6da1ecd00 [ 889.789203][ C0] a5 : 70b824f6da1ecd00 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 889.790571][ C0] s2 : ffffaf80217f3fd0 s3 : ffffaf8007202c80 s4 : ffffaf80217f3e00 [ 889.791884][ C0] s5 : ffffaf80217f3f00 s6 : 0000000000003fff s7 : ffffaf80217f3f70 [ 889.793215][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf80217f4040 [ 889.794565][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 889.796640][ C0] t5 : fffff5ef0b53910d t6 : ffffaf80217f3998 [ 889.798313][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 889.799727][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 889.801407][ C0] [] kasan_report+0x184/0x1e0 [ 889.802833][ C0] [] __asan_load8+0x6e/0x96 [ 889.804082][ C0] [] walk_stackframe+0x11c/0x260 [ 889.805898][ C0] [] arch_stack_walk+0x2c/0x3c [ 889.808073][ C0] irq event stamp: 45791 [ 889.809014][ C0] hardirqs last enabled at (45790): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 889.810719][ C0] hardirqs last disabled at (45791): [] _raw_spin_lock_irqsave+0x60/0x62 [ 889.812374][ C0] softirqs last enabled at (45698): [] __do_softirq+0x618/0x8fc [ 889.814008][ C0] softirqs last disabled at (45727): [] __irq_exit_rcu+0x142/0x1f8 [ 889.816654][ C0] ---[ end trace 0000000000000000 ]--- [ 889.818547][ C0] [ 889.819479][ C0] The buggy address belongs to the object at ffffaf80217f3e00 [ 889.819479][ C0] which belongs to the cache kmalloc-cg-256 of size 256 [ 889.821444][ C0] The buggy address is located 208 bytes to the right of [ 889.821444][ C0] 256-byte region [ffffaf80217f3e00, ffffaf80217f3f00) [ 889.823421][ C0] The buggy address belongs to the page: [ 889.825099][ C0] page:ffffaf807afb4c10 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa19f2 [ 889.826940][ C0] head:ffffaf807afb4c10 order:1 compound_mapcount:0 [ 889.828224][ C0] flags: 0xa000010200(slab|head|section=20|node=0|zone=0) [ 889.831149][ C0] raw: 000000a000010200 0000000000000000 0000000000000122 ffffaf8007202c80 [ 889.832656][ C0] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 889.833979][ C0] raw: 00000000000007ff [ 889.835057][ C0] page dumped because: kasan: bad access detected [ 889.837236][ C0] page_owner tracks the page as allocated [ 889.838413][ C0] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2058, ts 865418411300, free_ts 0 [ 889.841006][ C0] __set_page_owner+0x48/0x136 [ 889.842467][ C0] post_alloc_hook+0xd0/0x10a [ 889.843725][ C0] get_page_from_freelist+0x8da/0x12d8 [ 889.845307][ C0] __alloc_pages+0x150/0x3b6 [ 889.847028][ C0] alloc_pages+0x132/0x2a6 [ 889.848332][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 889.849641][ C0] new_slab+0x25a/0x2cc [ 889.850832][ C0] ___slab_alloc+0x56e/0x918 [ 889.852037][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 889.853336][ C0] kmem_cache_alloc_trace+0x2a2/0x2e0 [ 889.854695][ C0] alloc_mnt_ns+0x80/0x2ae [ 889.856493][ C0] copy_mnt_ns+0x116/0x71c [ 889.857729][ C0] create_new_namespaces+0xac/0x6f8 [ 889.858992][ C0] unshare_nsproxy_namespaces+0xa2/0x144 [ 889.860338][ C0] ksys_unshare+0x36a/0x750 [ 889.861562][ C0] sys_unshare+0x1a/0x24 [ 889.862881][ C0] page_owner free stack trace missing [ 889.863978][ C0] [ 889.864854][ C0] Memory state around the buggy address: [ 889.866796][ C0] ffffaf80217f3e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 889.868329][ C0] ffffaf80217f3f00: 00 00 00 00 00 00 00 00 fc fc fc fc 00 00 00 00 [ 889.869716][ C0] >ffffaf80217f3f80: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 889.870942][ C0] ^ [ 889.872173][ C0] ffffaf80217f4000: 00 00 00 00 f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 [ 889.873520][ C0] ffffaf80217f4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 889.874975][ C0] ================================================================== [ 889.876990][ C0] Disabling lock debugging due to kernel taint [ 889.903220][ T2058] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 889.904817][ T2058] CPU: 0 PID: 2058 Comm: syz-executor.1 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 889.906449][ T2058] Hardware name: riscv-virtio,qemu (DT) [ 889.907295][ T2058] Call Trace: [ 889.907931][ T2058] [] dump_backtrace+0x2e/0x3c [ 889.909228][ T2058] [] show_stack+0x34/0x40 [ 889.910338][ T2058] [] dump_stack_lvl+0xe4/0x150 [ 889.911540][ T2058] [] dump_stack+0x1c/0x24 [ 889.912728][ T2058] [] panic+0x24a/0x634 [ 889.913796][ T2058] [] schedule+0x0/0x14c [ 889.915391][ T2058] [] preempt_schedule_common+0x4e/0xde [ 889.916788][ T2058] [] preempt_schedule+0x34/0x36 [ 889.918027][ T2058] [] _raw_spin_unlock_irqrestore+0x8c/0x98 [ 889.919316][ T2058] [] __stack_depot_save+0x384/0x4b2 [ 889.920817][ T2058] [] stack_depot_save+0xe/0x18 [ 889.922085][ T2058] [] save_stack+0x122/0x16c [ 889.923276][ T2058] [] __set_page_owner+0x48/0x136 [ 889.924529][ T2058] [] post_alloc_hook+0xd0/0x10a [ 889.926502][ T2058] [] get_page_from_freelist+0x8da/0x12d8 [ 889.927826][ T2058] [] __alloc_pages+0x150/0x3b6 [ 889.929032][ T2058] [] alloc_pages+0x132/0x2a6 [ 889.930269][ T2058] [] alloc_slab_page.constprop.0+0xc2/0xfa [ 889.931529][ T2058] [] new_slab+0x76/0x2cc [ 889.932664][ T2058] [] ___slab_alloc+0x56e/0x918 [ 889.933841][ T2058] [] __slab_alloc.constprop.0+0x50/0x8c [ 889.935816][ T2058] [] kmem_cache_alloc_trace+0x2a2/0x2e0 [ 889.937156][ T2058] [] ref_tracker_alloc+0x10c/0x33e [ 889.938434][ T2058] [] net_rx_queue_update_kobjects+0x1d6/0x3c6 [ 889.939828][ T2058] [] netdev_register_kobject+0x166/0x208 [ 889.941110][ T2058] [] register_netdevice+0x8ee/0xc6a [ 889.942364][ T2058] [] veth_newlink+0x454/0x7dc [ 889.943577][ T2058] [] __rtnl_newlink+0xc16/0xfa0 [ 889.945095][ T2058] [] rtnl_newlink+0x60/0x8c [ 889.946367][ T2058] [] rtnetlink_rcv_msg+0x338/0x9a0 [ 889.947503][ T2058] [] netlink_rcv_skb+0xf8/0x2be [ 889.948669][ T2058] [] rtnetlink_rcv+0x26/0x30 [ 889.949840][ T2058] [] netlink_unicast+0x40e/0x5fe [ 889.950858][ T2058] [] netlink_sendmsg+0x4e0/0x994 [ 889.951961][ T2058] [] sock_sendmsg+0xa0/0xc4 [ 889.953182][ T2058] [] __sys_sendto+0x1f2/0x2e0 [ 889.954319][ T2058] [] sys_sendto+0x3e/0x52 [ 889.955747][ T2058] [] ret_from_syscall+0x0/0x2 [ 889.957462][ T2058] SMP: stopping secondary CPUs [ 889.959842][ T2058] Rebooting in 86400 seconds.. VM DIAGNOSIS: 18:36:18 Registers: info registers vcpu 0 pc ffffffff801225e0 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a2 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff802009d2 sepc ffffffff802009d2 mcause 8000000000000003 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff801225d6 x2/sp ffffaf80217f3b30 x3/gp ffffffff85863ac0 x4/tp ffffaf800b68c8c0 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0d796ca x7/t2 0000000000000000 x8/s0 ffffaf80217f3b60 x9/s1 0000000000000020 x10/a0 ffffaf805a9c887c x11/a1 0000000000000007 x12/a2 1ffff5f00b53910f x13/a3 ffffffff801225d6 x14/a4 0000000000000000 x15/a5 0000000000000001 x16/a6 0000000000f00000 x17/a7 ffffffff86bcb656 x18/s2 ffffffff86c1a620 x19/s3 0000000000000020 x20/s4 ffffaf80217f3cc0 x21/s5 ffffaf80217f3be0 x22/s6 ffffffff8588c1a0 x23/s7 ffffffff8588c3e0 x24/s8 ffffffff8588c220 x25/s9 ffffffff84a88520 x26/s10 ffffffff858655c0 x27/s11 ffffaf80217f3cc0 x28/t3 0000000000000043 x29/t4 fffffffef0d796c8 x30/t5 fffffffef0d796cb x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80146d74 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000080 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000ff08 sepc 00007fffb3361a90 mcause 0000000000000009 scause 000000000000000c mtval 0000000000000000 stval 00007fffb3361a90 x0/zero 0000000000000000 x1/ra ffffffff80146d6c x2/sp ffffaf8021af3ad0 x3/gp ffffffff85863ac0 x4/tp ffffaf800e82c8c0 x5/t0 ffffffff80011586 x6/t1 fffff5ef0f4e5cf4 x7/t2 ffffffff83604ca0 x8/s0 ffffaf8021af3af0 x9/s1 0000000000000002 x10/a0 ffffffff84b782f0 x11/a1 0000000000000007 x12/a2 1ffffffff096f05e x13/a3 ffffffff80146d6c x14/a4 0000000000000000 x15/a5 0000000000000003 x16/a6 0000000000f00000 x17/a7 ffffaf807a72e7a3 x18/s2 ffffffff84b78280 x19/s3 ffffaf8007691340 x20/s4 ffffaf8021af3cf0 x21/s5 00007fffb3364000 x22/s6 000000000000005b x23/s7 0000000000000050 x24/s8 0000000000000000 x25/s9 0000000000000000 x26/s10 0000000000000010 x27/s11 0000000000000050 x28/t3 fffffffff3f3f300 x29/t4 fffff5ef0f4e5cf4 x30/t5 fffff5ef0f4e5cf5 x31/t6 00007fffb34981a8 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000