syzkaller login: [ 300.521682][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 300.625399][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 300.644590][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 312.296013][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:37312' (ECDSA) to the list of known hosts. 1970/01/01 00:05:51 fuzzer started 1970/01/01 00:06:08 dialing manager at localhost:37941 [ 377.571863][ T2026] cgroup: Unknown subsys name 'net' [ 378.885905][ T2026] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:18 syscalls: 2827 1970/01/01 00:06:18 code coverage: enabled 1970/01/01 00:06:18 comparison tracing: enabled 1970/01/01 00:06:18 extra coverage: enabled 1970/01/01 00:06:18 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:18 setuid sandbox: enabled 1970/01/01 00:06:18 namespace sandbox: enabled 1970/01/01 00:06:18 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:18 fault injection: enabled 1970/01/01 00:06:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:18 net packet injection: enabled 1970/01/01 00:06:18 net device setup: enabled 1970/01/01 00:06:18 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:18 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:18 USB emulation: enabled 1970/01/01 00:06:18 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:18 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:18 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:19 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:24 fetching corpus: 50, signal 29092/32630 (executing program) 1970/01/01 00:06:28 fetching corpus: 100, signal 43352/48338 (executing program) 1970/01/01 00:06:33 fetching corpus: 150, signal 52766/59164 (executing program) 1970/01/01 00:06:36 fetching corpus: 199, signal 65337/72917 (executing program) 1970/01/01 00:06:39 fetching corpus: 249, signal 70299/79160 (executing program) 1970/01/01 00:06:42 fetching corpus: 298, signal 75008/85071 (executing program) 1970/01/01 00:06:45 fetching corpus: 348, signal 79617/90832 (executing program) 1970/01/01 00:06:48 fetching corpus: 398, signal 87626/99675 (executing program) 1970/01/01 00:06:52 fetching corpus: 448, signal 93649/106572 (executing program) 1970/01/01 00:06:57 fetching corpus: 497, signal 97291/111200 (executing program) 1970/01/01 00:07:01 fetching corpus: 545, signal 105769/120194 (executing program) 1970/01/01 00:07:06 fetching corpus: 595, signal 108516/123848 (executing program) 1970/01/01 00:07:08 fetching corpus: 645, signal 111651/127801 (executing program) 1970/01/01 00:07:11 fetching corpus: 694, signal 114998/131892 (executing program) 1970/01/01 00:07:14 fetching corpus: 744, signal 118508/136065 (executing program) 1970/01/01 00:07:17 fetching corpus: 794, signal 121861/140031 (executing program) 1970/01/01 00:07:20 fetching corpus: 844, signal 124631/143479 (executing program) 1970/01/01 00:07:23 fetching corpus: 893, signal 133629/152234 (executing program) 1970/01/01 00:07:25 fetching corpus: 943, signal 138459/157301 (executing program) 1970/01/01 00:07:28 fetching corpus: 992, signal 140857/160305 (executing program) 1970/01/01 00:07:30 fetching corpus: 1041, signal 144322/164102 (executing program) 1970/01/01 00:07:33 fetching corpus: 1090, signal 145963/166350 (executing program) 1970/01/01 00:07:36 fetching corpus: 1140, signal 147438/168427 (executing program) 1970/01/01 00:07:39 fetching corpus: 1189, signal 149021/170601 (executing program) 1970/01/01 00:07:41 fetching corpus: 1239, signal 152171/173992 (executing program) 1970/01/01 00:07:44 fetching corpus: 1289, signal 153665/176000 (executing program) 1970/01/01 00:07:47 fetching corpus: 1338, signal 155371/178205 (executing program) 1970/01/01 00:07:50 fetching corpus: 1388, signal 157527/180722 (executing program) 1970/01/01 00:07:52 fetching corpus: 1438, signal 159730/183183 (executing program) 1970/01/01 00:07:55 fetching corpus: 1488, signal 161505/185333 (executing program) 1970/01/01 00:07:58 fetching corpus: 1538, signal 162525/186886 (executing program) 1970/01/01 00:08:01 fetching corpus: 1587, signal 165379/189809 (executing program) 1970/01/01 00:08:06 fetching corpus: 1637, signal 166912/191703 (executing program) 1970/01/01 00:08:08 fetching corpus: 1687, signal 167942/193233 (executing program) 1970/01/01 00:08:12 fetching corpus: 1736, signal 169648/195176 (executing program) 1970/01/01 00:08:15 fetching corpus: 1786, signal 171150/196965 (executing program) 1970/01/01 00:08:18 fetching corpus: 1836, signal 172686/198773 (executing program) 1970/01/01 00:08:20 fetching corpus: 1885, signal 173671/200134 (executing program) 1970/01/01 00:08:22 fetching corpus: 1934, signal 176280/202635 (executing program) 1970/01/01 00:08:25 fetching corpus: 1984, signal 177166/203897 (executing program) 1970/01/01 00:08:28 fetching corpus: 2034, signal 178260/205300 (executing program) 1970/01/01 00:08:30 fetching corpus: 2084, signal 180273/207305 (executing program) 1970/01/01 00:08:33 fetching corpus: 2134, signal 181813/208965 (executing program) 1970/01/01 00:08:36 fetching corpus: 2183, signal 183135/210478 (executing program) 1970/01/01 00:08:38 fetching corpus: 2233, signal 184115/211712 (executing program) 1970/01/01 00:08:44 fetching corpus: 2283, signal 186945/214110 (executing program) 1970/01/01 00:08:47 fetching corpus: 2333, signal 188525/215733 (executing program) 1970/01/01 00:08:49 fetching corpus: 2381, signal 190236/217415 (executing program) 1970/01/01 00:08:53 fetching corpus: 2431, signal 191835/218966 (executing program) 1970/01/01 00:08:57 fetching corpus: 2481, signal 193833/220705 (executing program) 1970/01/01 00:09:00 fetching corpus: 2530, signal 195053/221989 (executing program) 1970/01/01 00:09:03 fetching corpus: 2580, signal 195720/222894 (executing program) 1970/01/01 00:09:06 fetching corpus: 2630, signal 197567/224516 (executing program) 1970/01/01 00:09:09 fetching corpus: 2680, signal 199275/225977 (executing program) 1970/01/01 00:09:12 fetching corpus: 2730, signal 199972/226831 (executing program) 1970/01/01 00:09:15 fetching corpus: 2780, signal 203515/229287 (executing program) 1970/01/01 00:09:18 fetching corpus: 2830, signal 204518/230337 (executing program) 1970/01/01 00:09:23 fetching corpus: 2880, signal 205746/231418 (executing program) 1970/01/01 00:09:27 fetching corpus: 2929, signal 206540/232298 (executing program) 1970/01/01 00:09:30 fetching corpus: 2979, signal 208219/233636 (executing program) 1970/01/01 00:09:34 fetching corpus: 3028, signal 208979/234464 (executing program) 1970/01/01 00:09:37 fetching corpus: 3077, signal 209898/235370 (executing program) 1970/01/01 00:09:40 fetching corpus: 3127, signal 210752/236200 (executing program) 1970/01/01 00:09:42 fetching corpus: 3177, signal 212001/237291 (executing program) 1970/01/01 00:09:45 fetching corpus: 3227, signal 212880/238109 (executing program) 1970/01/01 00:09:50 fetching corpus: 3277, signal 213451/238823 (executing program) 1970/01/01 00:09:54 fetching corpus: 3326, signal 214152/239584 (executing program) 1970/01/01 00:09:57 fetching corpus: 3376, signal 215401/240572 (executing program) 1970/01/01 00:09:59 fetching corpus: 3426, signal 217021/241677 (executing program) 1970/01/01 00:10:03 fetching corpus: 3476, signal 218393/242685 (executing program) 1970/01/01 00:10:07 fetching corpus: 3526, signal 219490/243503 (executing program) 1970/01/01 00:10:10 fetching corpus: 3575, signal 220395/244287 (executing program) 1970/01/01 00:10:13 fetching corpus: 3625, signal 222196/245396 (executing program) 1970/01/01 00:10:15 fetching corpus: 3675, signal 223303/246170 (executing program) 1970/01/01 00:10:19 fetching corpus: 3725, signal 225288/247237 (executing program) 1970/01/01 00:10:22 fetching corpus: 3774, signal 225952/247803 (executing program) 1970/01/01 00:10:25 fetching corpus: 3824, signal 226596/248363 (executing program) 1970/01/01 00:10:28 fetching corpus: 3874, signal 227202/248898 (executing program) 1970/01/01 00:10:31 fetching corpus: 3924, signal 228104/249505 (executing program) 1970/01/01 00:10:35 fetching corpus: 3974, signal 228910/250103 (executing program) 1970/01/01 00:10:38 fetching corpus: 4024, signal 229611/250636 (executing program) 1970/01/01 00:10:41 fetching corpus: 4073, signal 230687/251288 (executing program) 1970/01/01 00:10:43 fetching corpus: 4123, signal 231760/251953 (executing program) 1970/01/01 00:10:46 fetching corpus: 4173, signal 233027/252663 (executing program) 1970/01/01 00:10:48 fetching corpus: 4223, signal 233835/253131 (executing program) 1970/01/01 00:10:52 fetching corpus: 4273, signal 234789/253653 (executing program) 1970/01/01 00:10:55 fetching corpus: 4322, signal 235557/254138 (executing program) 1970/01/01 00:10:59 fetching corpus: 4371, signal 236258/254568 (executing program) 1970/01/01 00:11:02 fetching corpus: 4421, signal 236898/255019 (executing program) 1970/01/01 00:11:06 fetching corpus: 4470, signal 237405/255410 (executing program) 1970/01/01 00:11:08 fetching corpus: 4520, signal 238606/255945 (executing program) 1970/01/01 00:11:11 fetching corpus: 4570, signal 240271/256588 (executing program) 1970/01/01 00:11:14 fetching corpus: 4620, signal 240833/256913 (executing program) 1970/01/01 00:11:17 fetching corpus: 4670, signal 241406/257235 (executing program) 1970/01/01 00:11:20 fetching corpus: 4720, signal 242090/257550 (executing program) 1970/01/01 00:11:23 fetching corpus: 4770, signal 242731/257865 (executing program) 1970/01/01 00:11:26 fetching corpus: 4820, signal 243413/258180 (executing program) 1970/01/01 00:11:29 fetching corpus: 4870, signal 244220/258530 (executing program) 1970/01/01 00:11:32 fetching corpus: 4920, signal 244851/258803 (executing program) 1970/01/01 00:11:35 fetching corpus: 4970, signal 245736/259150 (executing program) 1970/01/01 00:11:38 fetching corpus: 5020, signal 246625/259533 (executing program) 1970/01/01 00:11:41 fetching corpus: 5070, signal 247378/259844 (executing program) 1970/01/01 00:11:43 fetching corpus: 5120, signal 247990/260112 (executing program) 1970/01/01 00:11:48 fetching corpus: 5170, signal 248893/260418 (executing program) 1970/01/01 00:11:51 fetching corpus: 5220, signal 249614/260699 (executing program) 1970/01/01 00:11:55 fetching corpus: 5270, signal 250329/260949 (executing program) 1970/01/01 00:11:58 fetching corpus: 5319, signal 250783/261121 (executing program) 1970/01/01 00:12:04 fetching corpus: 5368, signal 251556/261332 (executing program) 1970/01/01 00:12:07 fetching corpus: 5417, signal 252331/261544 (executing program) 1970/01/01 00:12:10 fetching corpus: 5467, signal 252990/261725 (executing program) 1970/01/01 00:12:13 fetching corpus: 5517, signal 253589/261885 (executing program) 1970/01/01 00:12:16 fetching corpus: 5565, signal 254423/262104 (executing program) 1970/01/01 00:12:19 fetching corpus: 5615, signal 254940/262236 (executing program) 1970/01/01 00:12:22 fetching corpus: 5665, signal 256151/262481 (executing program) 1970/01/01 00:12:25 fetching corpus: 5715, signal 259080/262889 (executing program) 1970/01/01 00:12:27 fetching corpus: 5765, signal 259534/262973 (executing program) 1970/01/01 00:12:30 fetching corpus: 5814, signal 260109/263111 (executing program) 1970/01/01 00:12:34 fetching corpus: 5859, signal 260524/263184 (executing program) 1970/01/01 00:12:34 fetching corpus: 5861, signal 260527/263210 (executing program) 1970/01/01 00:12:34 fetching corpus: 5861, signal 260527/263227 (executing program) 1970/01/01 00:12:34 fetching corpus: 5861, signal 260527/263258 (executing program) 1970/01/01 00:12:34 fetching corpus: 5861, signal 260527/263283 (executing program) 1970/01/01 00:12:34 fetching corpus: 5861, signal 260527/263310 (executing program) 1970/01/01 00:12:35 fetching corpus: 5861, signal 260527/263334 (executing program) 1970/01/01 00:12:35 fetching corpus: 5861, signal 260527/263366 (executing program) 1970/01/01 00:12:35 fetching corpus: 5861, signal 260527/263386 (executing program) 1970/01/01 00:12:35 fetching corpus: 5861, signal 260527/263413 (executing program) 1970/01/01 00:12:35 fetching corpus: 5861, signal 260527/263424 (executing program) 1970/01/01 00:12:35 fetching corpus: 5861, signal 260527/263442 (executing program) 1970/01/01 00:12:35 fetching corpus: 5861, signal 260527/263475 (executing program) 1970/01/01 00:12:36 fetching corpus: 5861, signal 260527/263482 (executing program) 1970/01/01 00:12:36 fetching corpus: 5861, signal 260527/263482 (executing program) 1970/01/01 00:14:34 starting 2 fuzzer processes 00:14:34 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0x24, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) write(r0, &(0x7f0000000140)="203a14504cea4ed2a0e9a46c4dff6dfe942ff18ff4793267c2aece99514521960a90f7bbb83c35a5", 0x28) 00:14:34 executing program 1: syz_emit_ethernet(0x3e, &(0x7f0000000000)={@multicast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x2000, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote}, @redirect={0x3, 0x0, 0x0, @loopback, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}}}, 0x0) [ 910.417689][ T2040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 910.545588][ T2041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 910.645511][ T2040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 910.719951][ T2041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 911.945813][ C0] ================================================================== [ 911.952592][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 911.956608][ C0] Read of size 8 at addr ffffaf800ff97f90 by task syz-executor.0/2041 [ 911.959060][ C0] [ 911.960861][ C0] CPU: 0 PID: 2041 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 911.962946][ C0] Hardware name: riscv-virtio,qemu (DT) [ 911.964369][ C0] Call Trace: [ 911.966243][ C0] [] dump_backtrace+0x2e/0x3c [ 911.969849][ C0] [] show_stack+0x34/0x40 [ 911.972202][ C0] [] dump_stack_lvl+0xe4/0x150 [ 911.973779][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 911.975566][ C0] [] kasan_report+0x184/0x1e0 [ 911.977098][ C0] [] __asan_load8+0x6e/0x96 [ 911.979192][ C0] [] walk_stackframe+0x11c/0x260 [ 911.981568][ C0] [] arch_stack_walk+0x2c/0x3c [ 911.983190][ C0] [] stack_trace_save+0xa6/0xd8 [ 911.984974][ C0] [ 911.985984][ C0] Allocated by task 4294967290: [ 911.987146][ C0] (stack is not available) [ 911.988328][ C0] [ 911.989436][ C0] Freed by task 2051: [ 911.990595][ C0] stack_trace_save+0xa6/0xd8 [ 911.991971][ C0] kasan_save_stack+0x2c/0x58 [ 911.993352][ C0] kasan_set_track+0x1a/0x26 [ 911.994670][ C0] kasan_set_free_info+0x1e/0x3a [ 911.995971][ C0] ____kasan_slab_free+0x15e/0x180 [ 911.997324][ C0] __kasan_slab_free+0x10/0x18 [ 911.999305][ C0] slab_free_freelist_hook+0x8e/0x1cc [ 912.000775][ C0] kfree+0xe0/0x3e4 [ 912.002056][ C0] tomoyo_realpath_from_path+0x158/0x3f4 [ 912.003550][ C0] tomoyo_condition+0x9fe/0x1978 [ 912.004789][ C0] tomoyo_check_acl+0x140/0x312 [ 912.006024][ C0] tomoyo_execute_permission+0xc0/0x210 [ 912.007383][ C0] tomoyo_find_next_domain+0x226/0x1192 [ 912.009313][ C0] tomoyo_bprm_check_security+0xdc/0x136 [ 912.010884][ C0] security_bprm_check+0x44/0x96 [ 912.012085][ C0] bprm_execve+0x532/0x1140 [ 912.013349][ C0] kernel_execve+0x204/0x288 [ 912.014617][ C0] call_usermodehelper_exec_async+0x1c0/0x2dc [ 912.016005][ C0] ret_from_exception+0x0/0x10 [ 912.017330][ C0] [ 912.018241][ C0] Last potentially related work creation: [ 912.020921][ C0] stack_trace_save+0xa6/0xd8 [ 912.023294][ C0] kasan_save_stack+0x2c/0x58 [ 912.025556][ C0] __kasan_kmalloc+0x80/0xb2 [ 912.027902][ C0] __kmalloc+0x190/0x318 [ 912.030786][ C0] __list_lru_init+0x7e/0x64e [ 912.033163][ C0] alloc_super+0x4b8/0x52a [ 912.034537][ C0] sget_fc+0xc8/0x3a0 [ 912.035627][ C0] get_tree_nodev+0x2e/0x128 [ 912.036736][ C0] pseudo_fs_get_tree+0x22/0x2c [ 912.037962][ C0] vfs_get_tree+0x4a/0x19c [ 912.040116][ C0] vfs_kern_mount.part.0+0xdc/0x126 [ 912.041469][ C0] kern_mount+0x38/0x7a [ 912.043529][ C0] nsfs_init+0x22/0x92 [ 912.045675][ C0] start_kernel+0x63a/0x698 [ 912.047973][ C0] [ 912.049684][ C0] The buggy address belongs to the object at ffffaf800ff96000 [ 912.049684][ C0] which belongs to the cache kmalloc-4k of size 4096 [ 912.054435][ C0] The buggy address is located 3984 bytes to the right of [ 912.054435][ C0] 4096-byte region [ffffaf800ff96000, ffffaf800ff97000) [ 912.057990][ C0] The buggy address belongs to the page: [ 912.061240][ C0] page:ffffaf807aac7080 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x90190 [ 912.065008][ C0] head:ffffaf807aac7080 order:3 compound_mapcount:0 compound_pincount:0 [ 912.069056][ C0] flags: 0x9000010200(slab|head|section=18|node=0|zone=0) [ 912.074200][ C0] raw: 0000009000010200 0000000000000000 0000000000000122 ffffaf8007202140 [ 912.077390][ C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 912.079698][ C0] raw: 00000000000007ff [ 912.080760][ C0] page dumped because: kasan: bad access detected [ 912.082190][ C0] page_owner tracks the page as allocated [ 912.083287][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2048, ts 881564130500, free_ts 729483264700 [ 912.085724][ C0] __set_page_owner+0x48/0x136 [ 912.087585][ C0] post_alloc_hook+0xd0/0x10a [ 912.088928][ C0] get_page_from_freelist+0x8da/0x12d8 [ 912.091520][ C0] __alloc_pages+0x150/0x3b6 [ 912.093726][ C0] alloc_pages+0x132/0x2a6 [ 912.095380][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 912.096703][ C0] new_slab+0x25a/0x2cc [ 912.097961][ C0] ___slab_alloc+0x56e/0x918 [ 912.099364][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 912.100749][ C0] __kmalloc+0x268/0x318 [ 912.102000][ C0] tomoyo_realpath_from_path+0x9c/0x3f4 [ 912.104569][ C0] tomoyo_path_number_perm+0x1a6/0x428 [ 912.106960][ C0] tomoyo_file_ioctl+0x28/0x34 [ 912.109892][ C0] security_file_ioctl+0x48/0x90 [ 912.111964][ C0] sys_ioctl+0x106/0x139e [ 912.113284][ C0] ret_from_syscall+0x0/0x2 [ 912.115438][ C0] page last free stack trace: [ 912.117438][ C0] __reset_page_owner+0x4a/0xea [ 912.119211][ C0] free_pcp_prepare+0x29c/0x45e [ 912.120830][ C0] free_unref_page+0x6a/0x31e [ 912.123107][ C0] __free_pages+0xe2/0x112 [ 912.124660][ C0] __free_slab+0x122/0x27c [ 912.125895][ C0] discard_slab+0x4c/0x7a [ 912.127107][ C0] __slab_free+0x20a/0x29c [ 912.128948][ C0] ___cache_free+0x17c/0x354 [ 912.131046][ C0] qlist_free_all+0x7c/0x132 [ 912.132282][ C0] kasan_quarantine_reduce+0x14c/0x1c8 [ 912.133618][ C0] __kasan_slab_alloc+0x5c/0x98 [ 912.135038][ C0] kmem_cache_alloc_node+0x368/0x41c [ 912.136326][ C0] __alloc_skb+0x234/0x2e4 [ 912.137636][ C0] tcp_stream_alloc_skb+0x70/0x4c0 [ 912.139814][ C0] tcp_sendmsg_locked+0x880/0x1d9e [ 912.141145][ C0] tcp_sendmsg+0x32/0x4e [ 912.143479][ C0] [ 912.144851][ C0] Memory state around the buggy address: [ 912.147672][ C0] ffffaf800ff97e80: 00 00 00 00 fc fc fc fc 00 00 00 00 00 00 00 00 [ 912.149082][ C0] ffffaf800ff97f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 912.151479][ C0] >ffffaf800ff97f80: fc fc fc fc fc fc fc fc fc fc fc fc f1 f1 f1 f1 [ 912.152750][ C0] ^ [ 912.153894][ C0] ffffaf800ff98000: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 912.155303][ C0] ffffaf800ff98080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 912.156719][ C0] ================================================================== [ 912.158090][ C0] Disabling lock debugging due to kernel taint [ 912.167004][ T2041] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 912.169739][ T2041] CPU: 0 PID: 2041 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 912.171540][ T2041] Hardware name: riscv-virtio,qemu (DT) [ 912.172411][ T2041] Call Trace: [ 912.173097][ T2041] [] dump_backtrace+0x2e/0x3c [ 912.174352][ T2041] [] show_stack+0x34/0x40 [ 912.175598][ T2041] [] dump_stack_lvl+0xe4/0x150 [ 912.176873][ T2041] [] dump_stack+0x1c/0x24 [ 912.178717][ T2041] [] panic+0x24a/0x634 [ 912.180031][ T2041] [] schedule+0x0/0x14c [ 912.181237][ T2041] [] preempt_schedule_common+0x4e/0xde [ 912.182735][ T2041] [] preempt_schedule+0x34/0x36 [ 912.184054][ T2041] [] _raw_spin_unlock_irqrestore+0x8c/0x98 [ 912.185335][ T2041] [] debug_check_no_obj_freed+0x14c/0x24a [ 912.186660][ T2041] [] free_pcp_prepare+0x24e/0x45e [ 912.187945][ T2041] [] free_unref_page+0x6a/0x31e [ 912.189861][ T2041] [] __free_pages+0xe2/0x112 [ 912.191114][ T2041] [] __free_slab+0x122/0x27c [ 912.192305][ T2041] [] discard_slab+0x4c/0x7a [ 912.193437][ T2041] [] __slab_free+0x20a/0x29c [ 912.194628][ T2041] [] ___cache_free+0x17c/0x354 [ 912.195806][ T2041] [] qlist_free_all+0x7c/0x132 [ 912.196958][ T2041] [] kasan_quarantine_reduce+0x14c/0x1c8 [ 912.198295][ T2041] [] __kasan_slab_alloc+0x5c/0x98 [ 912.199576][ T2041] [] __kmalloc+0x156/0x318 [ 912.200754][ T2041] [] kzalloc.constprop.0+0x24/0x2e [ 912.201941][ T2041] [] __register_sysctl_table+0xfc/0xcb0 [ 912.203185][ T2041] [] register_net_sysctl+0x23e/0x2f6 [ 912.204451][ T2041] [] neigh_sysctl_register+0x21e/0x380 [ 912.205704][ T2041] [] devinet_sysctl_register+0x9e/0x142 [ 912.207101][ T2041] [] inetdev_init+0x1d8/0x3d8 [ 912.208945][ T2041] [] inetdev_event+0x88c/0xe9e [ 912.210276][ T2041] [] notifier_call_chain+0xb8/0x188 [ 912.211631][ T2041] [] raw_notifier_call_chain+0x2a/0x38 [ 912.212887][ T2041] [] call_netdevice_notifiers_info+0x9e/0x10c [ 912.214195][ T2041] [] register_netdevice+0xae8/0xc6a [ 912.215529][ T2041] [] veth_newlink+0x30e/0x7dc [ 912.216785][ T2041] [] __rtnl_newlink+0xc16/0xfa0 [ 912.218205][ T2041] [] rtnl_newlink+0x60/0x8c [ 912.219451][ T2041] [] rtnetlink_rcv_msg+0x338/0x9a0 [ 912.220686][ T2041] [] netlink_rcv_skb+0xf8/0x2be [ 912.221831][ T2041] [] rtnetlink_rcv+0x26/0x30 [ 912.223030][ T2041] [] netlink_unicast+0x40e/0x5fe [ 912.224159][ T2041] [] netlink_sendmsg+0x4e0/0x994 [ 912.225276][ T2041] [] sock_sendmsg+0xa0/0xc4 [ 912.226483][ T2041] [] __sys_sendto+0x1f2/0x2e0 [ 912.227670][ T2041] [] sys_sendto+0x3e/0x52 [ 912.229389][ T2041] [] ret_from_syscall+0x0/0x2 [ 912.230935][ T2041] SMP: stopping secondary CPUs [ 912.233377][ T2041] Rebooting in 86400 seconds.. VM DIAGNOSIS: 18:12:27 Registers: info registers vcpu 0 pc ffffffff8010b22c mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8010ce8e sepc ffffffff80b07a48 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf800ff977c0 x3/gp ffffffff85863ac0 x4/tp ffffaf80073ee100 x5/t0 ffffffff86bcb657 x6/t1 49109972d3e78400 x7/t2 0000000000000000 x8/s0 ffffaf800ff977d0 x9/s1 0000000000001000 x10/a0 0000000000000020 x11/a1 ffffffffffffffff x12/a2 1ffff5f000e7dc21 x13/a3 ffffffff80146d84 x14/a4 0000000000000508 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff80dcc9fe x18/s2 ffffaf800ff97900 x19/s3 ffffffff84b73ec0 x20/s4 0000000000000000 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 ffffffff86bcb69b x24/s8 ffffffff86c1a620 x25/s9 1ffff5f001ff2f10 x26/s10 ffffffff86e58918 x27/s11 ffffffff80dcca44 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001ff2edc x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff801165e0 mhartid 0000000000000001 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80119b52 sepc ffffffff80119b52 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff801165c2 x2/sp ffffaf80107a7150 x3/gp ffffffff85863ac0 x4/tp ffffaf800deb1840 x5/t0 0000000000046000 x6/t1 49109972d3e78400 x7/t2 ffffffffffffffff x8/s0 ffffaf80107a72b0 x9/s1 ffffffff8343c840 x10/a0 ffffaf805a9e4840 x11/a1 0000000000000003 x12/a2 1ffff5f00b53c908 x13/a3 ffffffff801165c2 x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff8018e490 x18/s2 ffffffff86c1a620 x19/s3 ffffaf805a9e4840 x20/s4 0000000000000000 x21/s5 ffffffff84b86688 x22/s6 0000000000000000 x23/s7 ffffaf800deb1840 x24/s8 ffffffff8018e490 x25/s9 ffffffff85889780 x26/s10 1ffff5f0020f4e34 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0020f4e10 x31/t6 0000000001deed2b f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000