syzkaller login: [  259.457960][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  259.552209][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  259.596400][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  268.895859][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:16352' (ECDSA) to the list of known hosts.
1970/01/01 00:05:22 fuzzer started
1970/01/01 00:05:32 dialing manager at localhost:44985
[  339.413865][ T2027] cgroup: Unknown subsys name 'net'
[  340.420510][ T2027] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:05:40 syscalls: 2918
1970/01/01 00:05:40 code coverage: enabled
1970/01/01 00:05:40 comparison tracing: enabled
1970/01/01 00:05:40 extra coverage: enabled
1970/01/01 00:05:40 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:05:40 setuid sandbox: enabled
1970/01/01 00:05:40 namespace sandbox: enabled
1970/01/01 00:05:40 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:05:40 fault injection: enabled
1970/01/01 00:05:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:05:40 net packet injection: enabled
1970/01/01 00:05:40 net device setup: enabled
1970/01/01 00:05:40 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:05:40 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:05:40 NIC VF setup: PCI device 0000:00:11.0 is not available
1970/01/01 00:05:40 USB emulation: enabled
1970/01/01 00:05:40 hci packet injection: /dev/vhci does not exist
1970/01/01 00:05:40 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:05:40 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:05:40 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:05:46 fetching corpus: 50, signal 32983/35787 (executing program)
1970/01/01 00:05:49 fetching corpus: 100, signal 46521/50010 (executing program)
1970/01/01 00:05:53 fetching corpus: 149, signal 55707/59685 (executing program)
1970/01/01 00:05:56 fetching corpus: 197, signal 65874/69974 (executing program)
1970/01/01 00:05:59 fetching corpus: 247, signal 73162/77414 (executing program)
1970/01/01 00:06:01 fetching corpus: 297, signal 77139/81592 (executing program)
1970/01/01 00:06:04 fetching corpus: 346, signal 83428/87611 (executing program)
1970/01/01 00:06:06 fetching corpus: 394, signal 87314/91404 (executing program)
1970/01/01 00:06:09 fetching corpus: 444, signal 90673/94562 (executing program)
1970/01/01 00:06:11 fetching corpus: 494, signal 96299/99480 (executing program)
1970/01/01 00:06:14 fetching corpus: 542, signal 99467/102319 (executing program)
1970/01/01 00:06:17 fetching corpus: 592, signal 101486/104113 (executing program)
1970/01/01 00:06:19 fetching corpus: 642, signal 103506/105857 (executing program)
1970/01/01 00:06:23 fetching corpus: 692, signal 105461/107484 (executing program)
1970/01/01 00:06:26 fetching corpus: 742, signal 107721/109229 (executing program)
1970/01/01 00:06:28 fetching corpus: 792, signal 110319/111130 (executing program)
1970/01/01 00:06:29 fetching corpus: 797, signal 110450/111268 (executing program)
1970/01/01 00:06:29 fetching corpus: 797, signal 110450/111313 (executing program)
1970/01/01 00:06:29 fetching corpus: 797, signal 110450/111362 (executing program)
1970/01/01 00:06:29 fetching corpus: 797, signal 110450/111411 (executing program)
1970/01/01 00:06:30 fetching corpus: 797, signal 110450/111461 (executing program)
1970/01/01 00:06:30 fetching corpus: 797, signal 110450/111503 (executing program)
1970/01/01 00:06:30 fetching corpus: 797, signal 110450/111543 (executing program)
1970/01/01 00:06:30 fetching corpus: 797, signal 110450/111582 (executing program)
1970/01/01 00:06:30 fetching corpus: 797, signal 110450/111621 (executing program)
1970/01/01 00:06:30 fetching corpus: 797, signal 110450/111670 (executing program)
1970/01/01 00:06:30 fetching corpus: 797, signal 110450/111714 (executing program)
1970/01/01 00:06:31 fetching corpus: 797, signal 110450/111755 (executing program)
1970/01/01 00:06:31 fetching corpus: 797, signal 110450/111810 (executing program)
1970/01/01 00:06:31 fetching corpus: 797, signal 110454/111852 (executing program)
1970/01/01 00:06:31 fetching corpus: 797, signal 110454/111894 (executing program)
1970/01/01 00:06:31 fetching corpus: 797, signal 110454/111945 (executing program)
1970/01/01 00:06:32 fetching corpus: 797, signal 110454/111986 (executing program)
1970/01/01 00:06:32 fetching corpus: 797, signal 110454/112034 (executing program)
1970/01/01 00:06:32 fetching corpus: 797, signal 110454/112092 (executing program)
1970/01/01 00:06:32 fetching corpus: 797, signal 110454/112145 (executing program)
1970/01/01 00:06:32 fetching corpus: 797, signal 110454/112184 (executing program)
1970/01/01 00:06:33 fetching corpus: 797, signal 110454/112223 (executing program)
1970/01/01 00:06:33 fetching corpus: 797, signal 110454/112267 (executing program)
1970/01/01 00:06:33 fetching corpus: 797, signal 110456/112317 (executing program)
1970/01/01 00:06:33 fetching corpus: 797, signal 110456/112369 (executing program)
1970/01/01 00:06:34 fetching corpus: 797, signal 110456/112417 (executing program)
1970/01/01 00:06:34 fetching corpus: 797, signal 110456/112481 (executing program)
1970/01/01 00:06:34 fetching corpus: 797, signal 110477/112542 (executing program)
1970/01/01 00:06:34 fetching corpus: 797, signal 110477/112583 (executing program)
1970/01/01 00:06:34 fetching corpus: 797, signal 110477/112626 (executing program)
1970/01/01 00:06:35 fetching corpus: 797, signal 110477/112672 (executing program)
1970/01/01 00:06:35 fetching corpus: 797, signal 110477/112718 (executing program)
1970/01/01 00:06:35 fetching corpus: 797, signal 110477/112763 (executing program)
1970/01/01 00:06:35 fetching corpus: 797, signal 110477/112806 (executing program)
1970/01/01 00:06:35 fetching corpus: 797, signal 110477/112863 (executing program)
1970/01/01 00:06:35 fetching corpus: 797, signal 110477/112893 (executing program)
1970/01/01 00:06:35 fetching corpus: 797, signal 110477/112935 (executing program)
1970/01/01 00:06:36 fetching corpus: 797, signal 110477/112973 (executing program)
1970/01/01 00:06:36 fetching corpus: 797, signal 110479/113013 (executing program)
1970/01/01 00:06:36 fetching corpus: 797, signal 110479/113041 (executing program)
1970/01/01 00:06:36 fetching corpus: 797, signal 110479/113041 (executing program)
1970/01/01 00:08:34 starting 2 fuzzer processes
00:08:34 executing program 0:
r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x800)
read$FUSE(r0, 0x0, 0x0)

00:08:34 executing program 1:
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0xd3, 0xe0902)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000180)={0x1}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:08:40 executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'macvlan1\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@bridge_newneigh={0x28, 0x1c, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x0, 0x46}, [@NDA_LLADDR={0xa, 0x2, @random="0000000500"}]}, 0x28}}, 0x0)

[  543.271706][ T2036] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  543.613414][ T2036] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  552.002840][ T2036] device hsr_slave_0 entered promiscuous mode
[  552.024523][ T2036] device hsr_slave_1 entered promiscuous mode
[  559.377498][ T2036] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  559.543660][ T2036] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  559.703204][ T2036] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  559.861883][ T2036] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  569.754906][ T2209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  570.024865][ T2209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  571.227310][ T2036] 8021q: adding VLAN 0 to HW filter on device bond0
[  571.870564][   T84] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  571.946591][   T84] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  577.835684][   T84] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  577.906612][   T84] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  578.214058][   T84] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  578.281782][   T84] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  578.530539][   T84] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  578.832644][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  579.383322][ T2121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  579.414468][ T2121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  579.940211][ T2036] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  579.976710][ T2036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  580.313455][ T2121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  580.390719][ T2121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  582.414374][ T2209] device hsr_slave_0 entered promiscuous mode
[  582.446154][ T2209] device hsr_slave_1 entered promiscuous mode
[  582.510597][ T2209] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  582.515806][ T2209] Cannot create hsr debugfs directory
[  586.410188][ T2070] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  586.413366][ T2070] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  588.164483][ T2209] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  588.522926][ T2209] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  588.725979][ T2209] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  588.971739][ T2209] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  596.981210][ T2209] 8021q: adding VLAN 0 to HW filter on device bond0
[  597.437880][ T2121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  597.533976][ T2121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  601.072331][ T2121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  601.135357][ T2121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  605.996948][   T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  606.027953][   T82] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  606.270564][ T2209] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[  606.274339][ T2209] CPU: 0 PID: 2209 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  606.275769][ T2209] Hardware name: riscv-virtio,qemu (DT)
[  606.277079][ T2209] Call Trace:
[  606.277916][ T2209] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  606.279582][ T2209] [<ffffffff831668cc>] show_stack+0x34/0x40
[  606.280629][ T2209] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  606.281735][ T2209] [<ffffffff83175742>] dump_stack+0x1c/0x24
[  606.282819][ T2209] [<ffffffff83166fa8>] panic+0x24a/0x634
[  606.283768][ T2209] [<ffffffff831a688a>] schedule+0x0/0x14c
[  606.284816][ T2209] [<ffffffff831a6b00>] preempt_schedule_common+0x4e/0xde
[  606.285940][ T2209] [<ffffffff831a6bc4>] preempt_schedule+0x34/0x36
[  606.287005][ T2209] [<ffffffff831afd78>] _raw_spin_unlock_irqrestore+0x8c/0x98
[  606.288269][ T2209] [<ffffffff803a75e6>] pcpu_alloc+0x7ca/0x1278
[  606.289808][ T2209] [<ffffffff803a80bc>] __alloc_percpu_gfp+0x28/0x36
[  606.290916][ T2209] [<ffffffff82bd7c44>] fib_nh_common_init+0xa8/0x22e
[  606.291931][ T2209] [<ffffffff82bdbdf0>] fib_nh_init+0x6e/0x1fc
[  606.292950][ T2209] [<ffffffff82bdfbee>] fib_create_info+0x1dc4/0x2d8e
[  606.293982][ T2209] [<ffffffff82becedc>] fib_table_insert+0x1a0/0xebe
[  606.295026][ T2209] [<ffffffff82bd1222>] fib_magic+0x3f4/0x438
[  606.296139][ T2209] [<ffffffff82bd62a2>] fib_add_ifaddr+0x1fc/0x2e2
[  606.297117][ T2209] [<ffffffff82bd66ea>] fib_netdev_event+0x362/0x4b0
[  606.298209][ T2209] [<ffffffff800aac84>] notifier_call_chain+0xb8/0x188
[  606.299599][ T2209] [<ffffffff800aad7e>] raw_notifier_call_chain+0x2a/0x38
[  606.301133][ T2209] [<ffffffff8271d086>] call_netdevice_notifiers_info+0x9e/0x10c
[  606.302263][ T2209] [<ffffffff827422c8>] __dev_notify_flags+0x108/0x1fa
[  606.303425][ T2209] [<ffffffff827436f6>] dev_change_flags+0x9c/0xba
[  606.304515][ T2209] [<ffffffff82767e16>] do_setlink+0x5d6/0x21c4
[  606.305599][ T2209] [<ffffffff8276a6a2>] __rtnl_newlink+0x99e/0xfa0
[  606.306642][ T2209] [<ffffffff8276ad04>] rtnl_newlink+0x60/0x8c
[  606.307720][ T2209] [<ffffffff8276b46c>] rtnetlink_rcv_msg+0x338/0x9a0
[  606.309267][ T2209] [<ffffffff8296ded2>] netlink_rcv_skb+0xf8/0x2be
[  606.310332][ T2209] [<ffffffff827624f4>] rtnetlink_rcv+0x26/0x30
[  606.311390][ T2209] [<ffffffff8296cbcc>] netlink_unicast+0x40e/0x5fe
[  606.312892][ T2209] [<ffffffff8296d29c>] netlink_sendmsg+0x4e0/0x994
[  606.313960][ T2209] [<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4
[  606.315023][ T2209] [<ffffffff826d7026>] __sys_sendto+0x1f2/0x2e0
[  606.316136][ T2209] [<ffffffff826d7152>] sys_sendto+0x3e/0x52
[  606.317229][ T2209] [<ffffffff80005716>] ret_from_syscall+0x0/0x2
[  606.318654][ T2209] SMP: stopping secondary CPUs
[  606.321526][ T2209] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:53:51  Registers:
info registers vcpu 0
 pc       ffffffff80123e1c
 mhartid  0000000000000000
 mstatus  00000000000000a0
 mip      0000000000000000
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000f97e
 sepc     ffffffff831afd22
 mcause   0000000000000009
 scause   8000000000000009
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff801247d8 x2/sp ffffaf800757dc20 x3/gp ffffffff85863ac0
 x4/tp ffffaf800ef19840 x5/t0 ffffffff84a98d00 x6/t1 fffffffef0967a1e x7/t2 0000000000000000
 x8/s0 ffffaf800757dc30 x9/s1 0000000000000018 x10/a0 00003fffffffffff x11/a1 fffffffffff8bfc0
 x12/a2 1ffffffff0951148 x13/a3 ffffffff80123480 x14/a4 0000000000000003 x15/a5 ea50d8fb41407800
 x16/a6 ffffffff84a88a38 x17/a7 ffffaf800757db87 x18/s2 ffffffff84a88a00 x19/s3 ffffaf800757dbc0
 x20/s4 00003fffffffffff x21/s5 ffffaf800757de40 x22/s6 ffffaf800757de80 x23/s7 ffffffff84b3d108
 x24/s8 000000000000000f x25/s9 0000000000000000 x26/s10 0000000000ffffff x27/s11 ffffaf800757dc80
 x28/t3 1ffff5f000eafc08 x29/t4 fffffffef0d7b352 x30/t5 fffffffef0d7b354 x31/t6 ffffffff86bd9a9e
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff8010b222
 mhartid  0000000000000001
 mstatus  00000000000001a2
 mip      0000000000000080
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000f97e
 sepc     ffffffff801165e0
 mcause   0000000000000009
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf8015f77aa0 x3/gp ffffffff85863ac0
 x4/tp ffffaf800b600000 x5/t0 0000000000046000 x6/t1 ea50d8fb41407800 x7/t2 0000000000000018
 x8/s0 ffffaf8015f77b00 x9/s1 0000000000001000 x10/a0 ffffaf800b600000 x11/a1 ffffffffffffffff
 x12/a2 1ffff5f0016c0001 x13/a3 ffffffff80146d84 x14/a4 0000000000000002 x15/a5 0000000000000000
 x16/a6 0000000000f00000 x17/a7 ffffffff8176b8f4 x18/s2 ffffaf800b600000 x19/s3 ffffffff84b73ec0
 x20/s4 0000000000000000 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 ffffffff8176b8f4
 x24/s8 ffffffff86c1a620 x25/s9 ffffffff8588a420 x26/s10 ffffffff850d46c0 x27/s11 ffffffff8588a420
 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f002beef2c x31/t6 0000000000000002
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000