syzkaller login: [  297.949769][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  297.973523][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  306.896909][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:14084' (ECDSA) to the list of known hosts.
1970/01/01 00:06:13 fuzzer started
1970/01/01 00:06:22 dialing manager at localhost:46541
[  387.587294][ T2025] cgroup: Unknown subsys name 'net'
[  388.669053][ T2025] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:06:28 syscalls: 2918
1970/01/01 00:06:28 code coverage: enabled
1970/01/01 00:06:28 comparison tracing: enabled
1970/01/01 00:06:28 extra coverage: enabled
1970/01/01 00:06:28 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:06:28 setuid sandbox: enabled
1970/01/01 00:06:28 namespace sandbox: enabled
1970/01/01 00:06:28 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:06:28 fault injection: enabled
1970/01/01 00:06:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:06:28 net packet injection: enabled
1970/01/01 00:06:28 net device setup: enabled
1970/01/01 00:06:28 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:06:28 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:06:28 NIC VF setup: PCI device 0000:00:11.0 is not available
1970/01/01 00:06:28 USB emulation: enabled
1970/01/01 00:06:28 hci packet injection: /dev/vhci does not exist
1970/01/01 00:06:28 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:06:28 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:06:28 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:06:33 fetching corpus: 50, signal 34320/37204 (executing program)
1970/01/01 00:06:37 fetching corpus: 100, signal 48198/51899 (executing program)
1970/01/01 00:06:42 fetching corpus: 150, signal 59201/63470 (executing program)
1970/01/01 00:06:44 fetching corpus: 200, signal 65576/70434 (executing program)
1970/01/01 00:06:46 fetching corpus: 248, signal 71435/76762 (executing program)
1970/01/01 00:06:49 fetching corpus: 298, signal 75653/81442 (executing program)
1970/01/01 00:06:52 fetching corpus: 348, signal 80415/86397 (executing program)
1970/01/01 00:06:54 fetching corpus: 398, signal 83173/89505 (executing program)
1970/01/01 00:06:57 fetching corpus: 447, signal 87570/93992 (executing program)
1970/01/01 00:07:00 fetching corpus: 495, signal 89868/96541 (executing program)
1970/01/01 00:07:02 fetching corpus: 545, signal 93019/99684 (executing program)
1970/01/01 00:07:05 fetching corpus: 595, signal 96589/103149 (executing program)
1970/01/01 00:07:09 fetching corpus: 645, signal 99888/106202 (executing program)
1970/01/01 00:07:13 fetching corpus: 695, signal 102228/108477 (executing program)
1970/01/01 00:07:15 fetching corpus: 745, signal 104329/110477 (executing program)
1970/01/01 00:07:18 fetching corpus: 795, signal 106418/112459 (executing program)
1970/01/01 00:07:22 fetching corpus: 845, signal 110183/115610 (executing program)
1970/01/01 00:07:25 fetching corpus: 894, signal 111939/117144 (executing program)
1970/01/01 00:07:28 fetching corpus: 944, signal 113639/118612 (executing program)
1970/01/01 00:07:30 fetching corpus: 994, signal 115203/119937 (executing program)
1970/01/01 00:07:33 fetching corpus: 1044, signal 116702/121146 (executing program)
1970/01/01 00:07:36 fetching corpus: 1093, signal 118249/122374 (executing program)
1970/01/01 00:07:40 fetching corpus: 1142, signal 121106/124362 (executing program)
1970/01/01 00:07:44 fetching corpus: 1192, signal 122991/125684 (executing program)
1970/01/01 00:07:47 fetching corpus: 1242, signal 124619/126820 (executing program)
1970/01/01 00:07:50 fetching corpus: 1292, signal 126291/127909 (executing program)
1970/01/01 00:07:50 fetching corpus: 1299, signal 126438/128060 (executing program)
1970/01/01 00:07:50 fetching corpus: 1299, signal 126438/128111 (executing program)
1970/01/01 00:07:50 fetching corpus: 1299, signal 126438/128182 (executing program)
1970/01/01 00:07:51 fetching corpus: 1299, signal 126438/128225 (executing program)
1970/01/01 00:07:51 fetching corpus: 1299, signal 126438/128278 (executing program)
1970/01/01 00:07:51 fetching corpus: 1299, signal 126438/128336 (executing program)
1970/01/01 00:07:51 fetching corpus: 1299, signal 126438/128407 (executing program)
1970/01/01 00:07:51 fetching corpus: 1299, signal 126438/128458 (executing program)
1970/01/01 00:07:51 fetching corpus: 1299, signal 126438/128520 (executing program)
1970/01/01 00:07:51 fetching corpus: 1299, signal 126438/128579 (executing program)
1970/01/01 00:07:52 fetching corpus: 1299, signal 126438/128654 (executing program)
1970/01/01 00:07:52 fetching corpus: 1299, signal 126438/128711 (executing program)
1970/01/01 00:07:52 fetching corpus: 1300, signal 126445/128777 (executing program)
1970/01/01 00:07:52 fetching corpus: 1300, signal 126445/128834 (executing program)
1970/01/01 00:07:52 fetching corpus: 1300, signal 126445/128880 (executing program)
1970/01/01 00:07:52 fetching corpus: 1300, signal 126445/128947 (executing program)
1970/01/01 00:07:53 fetching corpus: 1300, signal 126445/129017 (executing program)
1970/01/01 00:07:53 fetching corpus: 1300, signal 126445/129067 (executing program)
1970/01/01 00:07:53 fetching corpus: 1300, signal 126445/129117 (executing program)
1970/01/01 00:07:53 fetching corpus: 1300, signal 126445/129177 (executing program)
1970/01/01 00:07:53 fetching corpus: 1300, signal 126445/129233 (executing program)
1970/01/01 00:07:53 fetching corpus: 1300, signal 126447/129287 (executing program)
1970/01/01 00:07:54 fetching corpus: 1300, signal 126447/129348 (executing program)
1970/01/01 00:07:54 fetching corpus: 1300, signal 126447/129406 (executing program)
1970/01/01 00:07:54 fetching corpus: 1300, signal 126447/129476 (executing program)
1970/01/01 00:07:54 fetching corpus: 1300, signal 126447/129533 (executing program)
1970/01/01 00:07:54 fetching corpus: 1300, signal 126447/129617 (executing program)
1970/01/01 00:07:54 fetching corpus: 1300, signal 126449/129673 (executing program)
1970/01/01 00:07:54 fetching corpus: 1300, signal 126449/129722 (executing program)
1970/01/01 00:07:55 fetching corpus: 1300, signal 126449/129778 (executing program)
1970/01/01 00:07:55 fetching corpus: 1300, signal 126449/129835 (executing program)
1970/01/01 00:07:55 fetching corpus: 1300, signal 126449/129898 (executing program)
1970/01/01 00:07:55 fetching corpus: 1300, signal 126449/129959 (executing program)
1970/01/01 00:07:55 fetching corpus: 1300, signal 126449/130000 (executing program)
1970/01/01 00:07:55 fetching corpus: 1300, signal 126449/130055 (executing program)
1970/01/01 00:07:55 fetching corpus: 1300, signal 126449/130111 (executing program)
1970/01/01 00:07:55 fetching corpus: 1300, signal 126449/130175 (executing program)
1970/01/01 00:07:56 fetching corpus: 1300, signal 126449/130225 (executing program)
1970/01/01 00:07:56 fetching corpus: 1300, signal 126449/130232 (executing program)
1970/01/01 00:07:56 fetching corpus: 1300, signal 126449/130232 (executing program)
1970/01/01 00:09:39 starting 2 fuzzer processes
00:09:39 executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x3, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000ffffffbd0a00000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)

00:09:39 executing program 1:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/slabinfo\x00', 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

[  612.789861][ T2038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  612.969565][ T2038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  615.705862][ T2039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  615.806739][ T2039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  623.764104][ T2038] device hsr_slave_0 entered promiscuous mode
[  623.779686][ T2038] device hsr_slave_1 entered promiscuous mode
[  627.877733][ T2039] device hsr_slave_0 entered promiscuous mode
[  627.919926][ T2039] device hsr_slave_1 entered promiscuous mode
[  627.939765][ T2039] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  627.948564][ T2039] Cannot create hsr debugfs directory
[  632.836953][ T2038] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  633.047111][ T2038] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  633.219382][ T2038] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  633.324810][ T2038] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  634.710495][ T2039] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  634.845643][ T2039] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[  634.849819][ T2039] CPU: 0 PID: 2039 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  634.853989][ T2039] Hardware name: riscv-virtio,qemu (DT)
[  634.856069][ T2039] Call Trace:
[  634.857033][ T2039] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  634.858551][ T2039] [<ffffffff831668cc>] show_stack+0x34/0x40
[  634.859809][ T2039] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  634.861508][ T2039] [<ffffffff83175742>] dump_stack+0x1c/0x24
[  634.863072][ T2039] [<ffffffff83166fa8>] panic+0x24a/0x634
[  634.864126][ T2039] [<ffffffff831a688a>] schedule+0x0/0x14c
[  634.865165][ T2039] [<ffffffff831a6b00>] preempt_schedule_common+0x4e/0xde
[  634.866518][ T2039] [<ffffffff831a6bc4>] preempt_schedule+0x34/0x36
[  634.868033][ T2039] [<ffffffff831afd78>] _raw_spin_unlock_irqrestore+0x8c/0x98
[  634.869221][ T2039] [<ffffffff803a75e6>] pcpu_alloc+0x7ca/0x1278
[  634.870297][ T2039] [<ffffffff803a80bc>] __alloc_percpu_gfp+0x28/0x36
[  634.871637][ T2039] [<ffffffff82bd7c44>] fib_nh_common_init+0xa8/0x22e
[  634.872983][ T2039] [<ffffffff82d6ecd8>] fib6_nh_init+0x350/0x10c0
[  634.874074][ T2039] [<ffffffff82d705b8>] ip6_route_info_create+0xb70/0xf78
[  634.875218][ T2039] [<ffffffff82d70c66>] ip6_route_add+0x2a/0x148
[  634.876311][ T2039] [<ffffffff82d3591c>] addrconf_add_mroute+0x1d4/0x302
[  634.877646][ T2039] [<ffffffff82d3f69e>] addrconf_add_dev+0x102/0x156
[  634.878916][ T2039] [<ffffffff82d42d5e>] addrconf_dev_config+0x1b8/0x3a0
[  634.880459][ T2039] [<ffffffff82d4e642>] addrconf_notify+0xaa4/0x1360
[  634.882512][ T2039] [<ffffffff800aac84>] notifier_call_chain+0xb8/0x188
[  634.883905][ T2039] [<ffffffff800aad7e>] raw_notifier_call_chain+0x2a/0x38
[  634.885254][ T2039] [<ffffffff8271d086>] call_netdevice_notifiers_info+0x9e/0x10c
[  634.886808][ T2039] [<ffffffff827422c8>] __dev_notify_flags+0x108/0x1fa
[  634.888217][ T2039] [<ffffffff827436f6>] dev_change_flags+0x9c/0xba
[  634.889877][ T2039] [<ffffffff82767e16>] do_setlink+0x5d6/0x21c4
[  634.891550][ T2039] [<ffffffff8276a6a2>] __rtnl_newlink+0x99e/0xfa0
[  634.893064][ T2039] [<ffffffff8276ad04>] rtnl_newlink+0x60/0x8c
[  634.894301][ T2039] [<ffffffff8276b46c>] rtnetlink_rcv_msg+0x338/0x9a0
[  634.895620][ T2039] [<ffffffff8296ded2>] netlink_rcv_skb+0xf8/0x2be
[  634.896878][ T2039] [<ffffffff827624f4>] rtnetlink_rcv+0x26/0x30
[  634.898100][ T2039] [<ffffffff8296cbcc>] netlink_unicast+0x40e/0x5fe
[  634.899256][ T2039] [<ffffffff8296d29c>] netlink_sendmsg+0x4e0/0x994
[  634.900296][ T2039] [<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4
[  634.901679][ T2039] [<ffffffff826d7026>] __sys_sendto+0x1f2/0x2e0
[  634.903000][ T2039] [<ffffffff826d7152>] sys_sendto+0x3e/0x52
[  634.904097][ T2039] [<ffffffff80005716>] ret_from_syscall+0x0/0x2
[  634.905454][ T2039] SMP: stopping secondary CPUs
[  634.907877][ T2039] Rebooting in 86400 seconds..

VM DIAGNOSIS:
05:20:37  Registers:
info registers vcpu 0
 pc       ffffffff80475986
 mhartid  0000000000000000
 mstatus  00000000000001a0
 mip      00000000000000a0
 mie      000000000000020a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff80200f00
 sepc     ffffffff80200f00
 mcause   8000000000000007
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff80115a26 x2/sp ffffaf80115df2e0 x3/gp ffffffff85863ac0
 x4/tp ffffaf800c659840 x5/t0 0000000000046000 x6/t1 72501e47368e6800 x7/t2 0000000000006638
 x8/s0 ffffaf80115df400 x9/s1 ffffffff8343c840 x10/a0 ffffaf800c659860 x11/a1 00000000000f0000
 x12/a2 0000000000010000 x13/a3 ffffffff831a24bc x14/a4 ffffaf800c659840 x15/a5 0000000000000000
 x16/a6 0000000000f00000 x17/a7 ffffffff8018e490 x18/s2 ffffaf80115df380 x19/s3 ffffaf800c659840
 x20/s4 ffffffff8586fd20 x21/s5 ffffaf800c659840 x22/s6 ffffffff86c1a620 x23/s7 0000000000001000
 x24/s8 ffffffff85889780 x25/s9 1ffff5f0022bbe60 x26/s10 ffffffff84b86688 x27/s11 ffffffff8018e490
 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0022bbe30 x31/t6 ffffaf80074e4950
 f0/ft0 0000000000000000 f1/ft1 40c39f3e8f35ca31 f2/ft2 4174b95400000000 f3/ft3 43e0000000000000
 f4/ft4 3ffe000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff80475986
 mhartid  0000000000000001
 mstatus  00000000000000a0
 mip      00000000000000a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff80200f00
 sepc     ffffffff831afd22
 mcause   8000000000000007
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff80dc3394 x2/sp ffffaf800e96dc00 x3/gp ffffffff85863ac0
 x4/tp ffffaf800ba6e100 x5/t0 ffffffff86bcb657 x6/t1 72501e47368e6800 x7/t2 0000000000000000
 x8/s0 ffffaf800e96dc30 x9/s1 ffffffff86e58900 x10/a0 ffffaf800ba6e120 x11/a1 ffff8f800066c000
 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948
 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc2ca x18/s2 ffffaf800ba6e100 x19/s3 000000000000007a
 x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb6b5
 x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000
 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001d2db30 x31/t6 ffffffff86bcb657
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000