[ 286.945486][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 287.025017][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 287.073402][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:5406' (ECDSA) to the list of known hosts. 1970/01/01 00:06:12 fuzzer started 1970/01/01 00:06:24 dialing manager at localhost:33613 [ 390.080816][ T2028] cgroup: Unknown subsys name 'net' [ 391.002486][ T2028] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:30 syscalls: 2918 1970/01/01 00:06:30 code coverage: enabled 1970/01/01 00:06:30 comparison tracing: ioctl(KCOV_DISABLE) failed: invalid argument 1970/01/01 00:06:30 extra coverage: enabled 1970/01/01 00:06:30 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:30 setuid sandbox: enabled 1970/01/01 00:06:30 namespace sandbox: enabled 1970/01/01 00:06:30 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:30 fault injection: enabled 1970/01/01 00:06:30 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:30 net packet injection: enabled 1970/01/01 00:06:30 net device setup: enabled 1970/01/01 00:06:30 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:30 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:30 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:30 USB emulation: enabled 1970/01/01 00:06:30 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:30 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:30 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:31 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:35 fetching corpus: 50, signal 26396/29850 (executing program) 1970/01/01 00:06:39 fetching corpus: 100, signal 41798/46539 (executing program) 1970/01/01 00:06:44 fetching corpus: 150, signal 53652/59501 (executing program) 1970/01/01 00:06:47 fetching corpus: 200, signal 60511/67480 (executing program) 1970/01/01 00:06:50 fetching corpus: 250, signal 67248/75199 (executing program) 1970/01/01 00:06:53 fetching corpus: 299, signal 72499/81414 (executing program) 1970/01/01 00:06:55 fetching corpus: 349, signal 76927/86787 (executing program) 1970/01/01 00:06:58 fetching corpus: 399, signal 80533/91340 (executing program) 1970/01/01 00:07:01 fetching corpus: 449, signal 86651/97999 (executing program) 1970/01/01 00:07:03 fetching corpus: 499, signal 90049/102163 (executing program) 1970/01/01 00:07:05 fetching corpus: 549, signal 93098/105985 (executing program) 1970/01/01 00:07:10 fetching corpus: 599, signal 96276/109881 (executing program) 1970/01/01 00:07:13 fetching corpus: 648, signal 99157/113428 (executing program) 1970/01/01 00:07:16 fetching corpus: 698, signal 102158/116980 (executing program) 1970/01/01 00:07:18 fetching corpus: 748, signal 104693/120105 (executing program) 1970/01/01 00:07:21 fetching corpus: 798, signal 106141/122279 (executing program) 1970/01/01 00:07:24 fetching corpus: 848, signal 107224/124175 (executing program) 1970/01/01 00:07:27 fetching corpus: 898, signal 109333/126873 (executing program) 1970/01/01 00:07:30 fetching corpus: 948, signal 111483/129453 (executing program) 1970/01/01 00:07:32 fetching corpus: 998, signal 113352/131832 (executing program) 1970/01/01 00:07:35 fetching corpus: 1047, signal 115294/134229 (executing program) 1970/01/01 00:07:38 fetching corpus: 1097, signal 117623/136878 (executing program) 1970/01/01 00:07:40 fetching corpus: 1147, signal 120254/139688 (executing program) 1970/01/01 00:07:43 fetching corpus: 1196, signal 122067/141962 (executing program) 1970/01/01 00:07:46 fetching corpus: 1245, signal 123733/144055 (executing program) 1970/01/01 00:07:48 fetching corpus: 1295, signal 125776/146330 (executing program) 1970/01/01 00:07:53 fetching corpus: 1345, signal 127547/148369 (executing program) 1970/01/01 00:07:57 fetching corpus: 1395, signal 128701/149973 (executing program) 1970/01/01 00:08:01 fetching corpus: 1443, signal 130173/151721 (executing program) 1970/01/01 00:08:04 fetching corpus: 1493, signal 131727/153516 (executing program) 1970/01/01 00:08:07 fetching corpus: 1543, signal 133384/155305 (executing program) 1970/01/01 00:08:09 fetching corpus: 1593, signal 135738/157546 (executing program) 1970/01/01 00:08:11 fetching corpus: 1643, signal 136595/158795 (executing program) 1970/01/01 00:08:13 fetching corpus: 1693, signal 137914/160295 (executing program) 1970/01/01 00:08:15 fetching corpus: 1743, signal 139941/162176 (executing program) 1970/01/01 00:08:17 fetching corpus: 1793, signal 140987/163480 (executing program) 1970/01/01 00:08:20 fetching corpus: 1843, signal 142118/164802 (executing program) 1970/01/01 00:08:23 fetching corpus: 1893, signal 143499/166235 (executing program) 1970/01/01 00:08:25 fetching corpus: 1943, signal 144294/167290 (executing program) 1970/01/01 00:08:27 fetching corpus: 1993, signal 145419/168575 (executing program) 1970/01/01 00:08:31 fetching corpus: 2042, signal 146776/169912 (executing program) 1970/01/01 00:08:33 fetching corpus: 2092, signal 147785/171026 (executing program) 1970/01/01 00:08:35 fetching corpus: 2142, signal 148981/172249 (executing program) 1970/01/01 00:08:38 fetching corpus: 2192, signal 150696/173718 (executing program) 1970/01/01 00:08:41 fetching corpus: 2240, signal 151729/174826 (executing program) 1970/01/01 00:08:44 fetching corpus: 2290, signal 153384/176220 (executing program) 1970/01/01 00:08:46 fetching corpus: 2340, signal 154266/177194 (executing program) 1970/01/01 00:08:49 fetching corpus: 2390, signal 155484/178323 (executing program) 1970/01/01 00:08:52 fetching corpus: 2440, signal 156576/179313 (executing program) 1970/01/01 00:08:54 fetching corpus: 2488, signal 157400/180245 (executing program) 1970/01/01 00:08:57 fetching corpus: 2538, signal 158723/181337 (executing program) 1970/01/01 00:08:59 fetching corpus: 2588, signal 159943/182340 (executing program) 1970/01/01 00:09:01 fetching corpus: 2638, signal 160894/183183 (executing program) 1970/01/01 00:09:04 fetching corpus: 2688, signal 161658/183959 (executing program) 1970/01/01 00:09:07 fetching corpus: 2737, signal 163947/185384 (executing program) 1970/01/01 00:09:09 fetching corpus: 2787, signal 165041/186234 (executing program) 1970/01/01 00:09:13 fetching corpus: 2837, signal 166558/187259 (executing program) 1970/01/01 00:09:15 fetching corpus: 2885, signal 167299/187951 (executing program) 1970/01/01 00:09:16 fetching corpus: 2934, signal 168211/188681 (executing program) 1970/01/01 00:09:19 fetching corpus: 2984, signal 168981/189369 (executing program) 1970/01/01 00:09:22 fetching corpus: 3034, signal 169845/190037 (executing program) 1970/01/01 00:09:26 fetching corpus: 3084, signal 170689/190645 (executing program) 1970/01/01 00:09:29 fetching corpus: 3131, signal 171282/191184 (executing program) 1970/01/01 00:09:31 fetching corpus: 3181, signal 172347/191886 (executing program) 1970/01/01 00:09:35 fetching corpus: 3231, signal 173526/192603 (executing program) 1970/01/01 00:09:37 fetching corpus: 3281, signal 174144/193097 (executing program) 1970/01/01 00:09:39 fetching corpus: 3330, signal 174916/193623 (executing program) 1970/01/01 00:09:42 fetching corpus: 3380, signal 175636/194104 (executing program) 1970/01/01 00:09:45 fetching corpus: 3430, signal 176381/194614 (executing program) 1970/01/01 00:09:48 fetching corpus: 3480, signal 177322/195173 (executing program) 1970/01/01 00:09:49 fetching corpus: 3530, signal 177835/195579 (executing program) 1970/01/01 00:09:52 fetching corpus: 3580, signal 178724/196063 (executing program) 1970/01/01 00:09:55 fetching corpus: 3629, signal 179591/196541 (executing program) 1970/01/01 00:09:57 fetching corpus: 3679, signal 180363/196959 (executing program) 1970/01/01 00:10:00 fetching corpus: 3729, signal 181020/197379 (executing program) 1970/01/01 00:10:04 fetching corpus: 3779, signal 181614/197727 (executing program) 1970/01/01 00:10:06 fetching corpus: 3829, signal 182402/198133 (executing program) 1970/01/01 00:10:08 fetching corpus: 3879, signal 182966/198460 (executing program) 1970/01/01 00:10:12 fetching corpus: 3927, signal 183816/198877 (executing program) 1970/01/01 00:10:15 fetching corpus: 3977, signal 184343/199184 (executing program) 1970/01/01 00:10:19 fetching corpus: 4027, signal 185234/199569 (executing program) 1970/01/01 00:10:22 fetching corpus: 4077, signal 185885/199872 (executing program) 1970/01/01 00:10:24 fetching corpus: 4127, signal 186482/200172 (executing program) 1970/01/01 00:10:26 fetching corpus: 4177, signal 186997/200413 (executing program) 1970/01/01 00:10:29 fetching corpus: 4227, signal 187660/200687 (executing program) 1970/01/01 00:10:33 fetching corpus: 4277, signal 188205/200917 (executing program) 1970/01/01 00:10:35 fetching corpus: 4327, signal 189035/201171 (executing program) 1970/01/01 00:10:37 fetching corpus: 4377, signal 189648/201376 (executing program) 1970/01/01 00:10:38 fetching corpus: 4427, signal 190241/201614 (executing program) 1970/01/01 00:10:41 fetching corpus: 4477, signal 190945/201812 (executing program) 1970/01/01 00:10:44 fetching corpus: 4526, signal 191348/201965 (executing program) 1970/01/01 00:10:46 fetching corpus: 4575, signal 192185/202133 (executing program) 1970/01/01 00:10:48 fetching corpus: 4624, signal 193016/202327 (executing program) 1970/01/01 00:10:51 fetching corpus: 4673, signal 193460/202459 (executing program) 1970/01/01 00:10:54 fetching corpus: 4723, signal 193882/202581 (executing program) 1970/01/01 00:10:56 fetching corpus: 4773, signal 194617/202702 (executing program) 1970/01/01 00:10:57 fetching corpus: 4823, signal 195205/202807 (executing program) 1970/01/01 00:11:00 fetching corpus: 4873, signal 195669/202898 (executing program) 1970/01/01 00:11:03 fetching corpus: 4923, signal 196144/202982 (executing program) 1970/01/01 00:11:06 fetching corpus: 4973, signal 196686/203058 (executing program) 1970/01/01 00:11:09 fetching corpus: 5023, signal 197168/203098 (executing program) 1970/01/01 00:11:12 fetching corpus: 5073, signal 197826/203098 (executing program) 1970/01/01 00:11:15 fetching corpus: 5123, signal 198276/203098 (executing program) 1970/01/01 00:11:18 fetching corpus: 5172, signal 198922/203105 (executing program) 1970/01/01 00:11:19 fetching corpus: 5222, signal 199656/203105 (executing program) 1970/01/01 00:11:21 fetching corpus: 5272, signal 200191/203134 (executing program) 1970/01/01 00:11:25 fetching corpus: 5322, signal 200674/203136 (executing program) 1970/01/01 00:11:28 fetching corpus: 5372, signal 201105/203137 (executing program) 1970/01/01 00:11:29 fetching corpus: 5385, signal 201302/203137 (executing program) 1970/01/01 00:11:29 fetching corpus: 5385, signal 201302/203137 (executing program) 1970/01/01 00:13:30 starting 2 fuzzer processes 00:13:31 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @empty}], 0x10) sendto$inet(r0, &(0x7f0000000100)='=', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, 0x0, &(0x7f0000000080)) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 00:13:31 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000040)={'wg1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) [ 844.075301][ T2042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 844.191279][ T2042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 846.852122][ T2043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 846.964206][ T2043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 860.575806][ T2042] device hsr_slave_0 entered promiscuous mode [ 860.655493][ T2042] device hsr_slave_1 entered promiscuous mode [ 864.061033][ T2043] device hsr_slave_0 entered promiscuous mode [ 864.104039][ T2043] device hsr_slave_1 entered promiscuous mode [ 864.136242][ T2043] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 864.143677][ T2043] Cannot create hsr debugfs directory [ 871.074629][ T2042] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 871.298284][ T2042] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 871.445999][ T2042] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 871.571816][ T2042] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 873.060782][ T2043] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 873.204597][ T2043] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 873.385782][ T2043] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 873.514956][ T2043] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 884.656259][ C0] ================================================================== [ 884.660325][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 884.661984][ C0] Read of size 8 at addr ffffaf80100f7fb0 by task syz-executor.1/2043 [ 884.663454][ C0] [ 884.665119][ C0] CPU: 0 PID: 2043 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 884.666984][ C0] Hardware name: riscv-virtio,qemu (DT) [ 884.668618][ C0] Call Trace: [ 884.669698][ C0] [] dump_backtrace+0x2e/0x3c [ 884.671103][ C0] [] show_stack+0x34/0x40 [ 884.672357][ C0] [] dump_stack_lvl+0xe4/0x150 [ 884.673759][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 884.675268][ C0] [] kasan_report+0x184/0x1e0 [ 884.676504][ C0] [] __asan_load8+0x6e/0x96 [ 884.678006][ C0] [] walk_stackframe+0x11c/0x260 [ 884.679219][ C0] [] arch_stack_walk+0x2c/0x3c [ 884.680301][ C0] [] stack_trace_save+0xa6/0xd8 [ 884.681612][ C0] [ 884.682301][ C0] Allocated by task 32: [ 884.683040][ C0] (stack is not available) [ 884.683725][ C0] [ 884.684359][ C0] Freed by task 2461: [ 884.685352][ C0] stack_trace_save+0xa6/0xd8 [ 884.686560][ C0] kasan_save_stack+0x2c/0x58 [ 884.687975][ C0] kasan_set_track+0x1a/0x26 [ 884.689096][ C0] kasan_set_free_info+0x1e/0x3a [ 884.690052][ C0] ____kasan_slab_free+0x15e/0x180 [ 884.691048][ C0] __kasan_slab_free+0x10/0x18 [ 884.692067][ C0] slab_free_freelist_hook+0x8e/0x1cc [ 884.693066][ C0] kfree+0xe0/0x3e4 [ 884.693967][ C0] tomoyo_realpath_from_path+0x158/0x3f4 [ 884.695084][ C0] tomoyo_path_perm+0x1fc/0x3a8 [ 884.696053][ C0] tomoyo_inode_getattr+0x1e/0x28 [ 884.697214][ C0] security_inode_getattr+0x82/0xc6 [ 884.698564][ C0] vfs_fstat+0x54/0xc8 [ 884.699578][ C0] __do_sys_newfstat+0x96/0x106 [ 884.700522][ C0] sys_newfstat+0x22/0x2e [ 884.701448][ C0] ret_from_syscall+0x0/0x2 [ 884.702395][ C0] [ 884.702960][ C0] Last potentially related work creation: [ 884.703755][ C0] ------------[ cut here ]------------ [ 884.704560][ C0] slab index 2096905 out of bounds (319) for stack id ffffff09 [ 884.708912][ C0] WARNING: CPU: 0 PID: 2043 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 884.710556][ C0] Modules linked in: [ 884.711536][ C0] CPU: 0 PID: 2043 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 884.712767][ C0] Hardware name: riscv-virtio,qemu (DT) [ 884.713584][ C0] epc : stack_depot_print+0x66/0x70 [ 884.714727][ C0] ra : stack_depot_print+0x66/0x70 [ 884.715941][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf80100f7e40 [ 884.716986][ C0] gp : ffffffff85863ac0 tp : ffffaf800baf8000 t0 : ffffffff86bcb657 [ 884.718537][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf80100f7e50 [ 884.719626][ C0] s1 : ffffaf807aacd380 a0 : 000000000000003c a1 : 00000000000f0000 [ 884.720637][ C0] a2 : 0000000000000504 a3 : ffffffff8012252a a4 : 422232bce9864900 [ 884.721663][ C0] a5 : 422232bce9864900 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 884.722676][ C0] s2 : ffffaf80100f7fb0 s3 : ffffaf8007202140 s4 : ffffaf80100f6000 [ 884.723695][ C0] s5 : ffffaf80100f7000 s6 : 0000000000003fff s7 : ffffaf80100f7fa0 [ 884.724823][ C0] s8 : ffffffff8000a4a4 s9 : ffffffffffffc000 s10: ffffaf80100f8000 [ 884.725985][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 884.727098][ C0] t5 : fffff5ef0b53910d t6 : ffffaf80100f7938 [ 884.728297][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 884.729511][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 884.730837][ C0] [] kasan_report+0x184/0x1e0 [ 884.731956][ C0] [] __asan_load8+0x6e/0x96 [ 884.732941][ C0] [] walk_stackframe+0x11c/0x260 [ 884.734070][ C0] [] arch_stack_walk+0x2c/0x3c [ 884.735288][ C0] [] stack_trace_save+0xa6/0xd8 [ 884.736681][ C0] irq event stamp: 108299 [ 884.737825][ C0] hardirqs last enabled at (108298): [] ip_finish_output2+0x157a/0x1720 [ 884.739322][ C0] hardirqs last disabled at (108299): [] _raw_spin_lock_irqsave+0x60/0x62 [ 884.740683][ C0] softirqs last enabled at (108234): [] ip6_route_add+0x7e/0x148 [ 884.742058][ C0] softirqs last disabled at (108241): [] __irq_exit_rcu+0x142/0x1f8 [ 884.743367][ C0] ---[ end trace 0000000000000000 ]--- [ 884.744624][ C0] [ 884.745340][ C0] The buggy address belongs to the object at ffffaf80100f6000 [ 884.745340][ C0] which belongs to the cache kmalloc-4k of size 4096 [ 884.747409][ C0] The buggy address is located 4016 bytes to the right of [ 884.747409][ C0] 4096-byte region [ffffaf80100f6000, ffffaf80100f7000) [ 884.749841][ C0] The buggy address belongs to the page: [ 884.751055][ C0] page:ffffaf807aacd380 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x902f0 [ 884.752445][ C0] head:ffffaf807aacd380 order:3 compound_mapcount:0 compound_pincount:0 [ 884.753636][ C0] flags: 0x9000010200(slab|head|section=18|node=0|zone=0) [ 884.756165][ C0] raw: 0000009000010200 0000000000000000 0000000000000122 ffffaf8007202140 [ 884.757532][ C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 884.759133][ C0] raw: 00000000000007ff [ 884.759988][ C0] page dumped because: kasan: bad access detected [ 884.761011][ C0] page_owner tracks the page as allocated [ 884.761827][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2461, ts 856443354500, free_ts 854820619200 [ 884.763621][ C0] __set_page_owner+0x48/0x136 [ 884.764660][ C0] post_alloc_hook+0xd0/0x10a [ 884.765746][ C0] get_page_from_freelist+0x8da/0x12d8 [ 884.766958][ C0] __alloc_pages+0x150/0x3b6 [ 884.768693][ C0] alloc_pages+0x132/0x2a6 [ 884.769942][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 884.771234][ C0] new_slab+0x25a/0x2cc [ 884.772361][ C0] ___slab_alloc+0x56e/0x918 [ 884.773381][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 884.774482][ C0] __kmalloc+0x268/0x318 [ 884.775478][ C0] tomoyo_realpath_from_path+0x9c/0x3f4 [ 884.776481][ C0] tomoyo_check_open_permission+0x282/0x348 [ 884.777735][ C0] tomoyo_file_open+0x78/0x7c [ 884.778992][ C0] security_file_open+0x44/0x9a [ 884.779996][ C0] do_dentry_open+0x1c6/0x7d4 [ 884.780911][ C0] vfs_open+0x52/0x5e [ 884.781890][ C0] page last free stack trace: [ 884.782583][ C0] __reset_page_owner+0x4a/0xea [ 884.783585][ C0] free_pcp_prepare+0x29c/0x45e [ 884.784574][ C0] free_unref_page+0x6a/0x31e [ 884.785577][ C0] __free_pages+0xe2/0x112 [ 884.786468][ C0] __free_slab+0x122/0x27c [ 884.787760][ C0] discard_slab+0x4c/0x7a [ 884.788970][ C0] __slab_free+0x20a/0x29c [ 884.789982][ C0] ___cache_free+0x17c/0x354 [ 884.790932][ C0] qlist_free_all+0x7c/0x132 [ 884.791828][ C0] kasan_quarantine_reduce+0x14c/0x1c8 [ 884.792776][ C0] __kasan_slab_alloc+0x5c/0x98 [ 884.793773][ C0] kmem_cache_alloc_node+0x368/0x41c [ 884.794841][ C0] __alloc_skb+0x234/0x2e4 [ 884.795993][ C0] netlink_sendmsg+0x7d4/0x994 [ 884.797091][ C0] sock_sendmsg+0xa0/0xc4 [ 884.798324][ C0] __sys_sendto+0x1f2/0x2e0 [ 884.799445][ C0] [ 884.800085][ C0] Memory state around the buggy address: [ 884.801200][ C0] ffffaf80100f7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 884.802285][ C0] ffffaf80100f7f00: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 884.803291][ C0] >ffffaf80100f7f80: 00 00 00 00 fc fc fc fc 00 00 00 00 f1 f1 f1 f1 [ 884.804273][ C0] ^ [ 884.805351][ C0] ffffaf80100f8000: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 884.806470][ C0] ffffaf80100f8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 884.808074][ C0] ================================================================== [ 884.809540][ C0] Disabling lock debugging due to kernel taint [ 884.816873][ T2043] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 884.818673][ T2043] CPU: 0 PID: 2043 Comm: syz-executor.1 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 884.819846][ T2043] Hardware name: riscv-virtio,qemu (DT) [ 884.820442][ T2043] Call Trace: [ 884.820917][ T2043] [] dump_backtrace+0x2e/0x3c [ 884.821869][ T2043] [] show_stack+0x34/0x40 [ 884.822728][ T2043] [] dump_stack_lvl+0xe4/0x150 [ 884.823699][ T2043] [] dump_stack+0x1c/0x24 [ 884.824654][ T2043] [] panic+0x24a/0x634 [ 884.825590][ T2043] [] schedule+0x0/0x14c [ 884.826495][ T2043] [] preempt_schedule_irq+0x4a/0x13e [ 884.827763][ T2043] [] resume_kernel+0x16/0x18 [ 884.828870][ T2043] SMP: stopping secondary CPUs [ 884.830817][ T2043] Rebooting in 86400 seconds.. VM DIAGNOSIS: 17:42:08 Registers: info registers vcpu 0 pc ffffffff80c2b612 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80200f3e sepc ffffffff80475986 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8011c7fa x2/sp ffffaf80100f7990 x3/gp ffffffff85863ac0 x4/tp ffffaf800baf8000 x5/t0 ffffaf80100f7a43 x6/t1 fffff5ef0201ef48 x7/t2 0000000000000000 x8/s0 ffffaf80100f79c0 x9/s1 ffffffff86bcb640 x10/a0 ffffffff86bcb640 x11/a1 000000000000000a x12/a2 0000000000000000 x13/a3 ffffffff8011c7ec x14/a4 ffffaf800baf8000 x15/a5 0000000000000000 x16/a6 ffffaf80100f7a47 x17/a7 ffffaf80100f7a45 x18/s2 ffffffff86bcb641 x19/s3 ffffffff86bcb640 x20/s4 000000000000000a x21/s5 0000000000000017 x22/s6 0000000000000000 x23/s7 0000000000000400 x24/s8 ffffaf80100f7a30 x25/s9 0000000000000000 x26/s10 00000000000003e7 x27/s11 ffffaf80100f7c80 x28/t3 0000000000000043 x29/t4 fffff5ef0201ef48 x30/t5 fffff5ef0201ef49 x31/t6 ffffaf80100f7a46 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80475986 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 00007fff9c669264 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80119b52 x2/sp ffffaf800bc7b7e0 x3/gp ffffffff85863ac0 x4/tp ffffaf800b9948c0 x5/t0 00000000000001f8 x6/t1 422232bce9864900 x7/t2 ffffffffffffffff x8/s0 ffffaf800bc7b820 x9/s1 ffffaf800b7c8c98 x10/a0 ffffaf800b7c8c98 x11/a1 0000000000000003 x12/a2 1ffff5f0016f9193 x13/a3 ffffffff80119b52 x14/a4 0000000000000000 x15/a5 0000000000000001 x16/a6 0000000000f00000 x17/a7 ffffffff826e6226 x18/s2 0000000000000001 x19/s3 ffffaf800b9948c0 x20/s4 ffffaf800b7c8ca8 x21/s5 ffffaf800b7c8ca0 x22/s6 ffffaf800bc7b960 x23/s7 ffffaf800bc7bb00 x24/s8 0000000000000000 x25/s9 0000000000004000 x26/s10 0000000000000040 x27/s11 0000000000000001 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f00178f6b4 x31/t6 0000000002f7d79d f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000