syzkaller login: [ 361.461581][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 371.969045][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 372.040699][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 404.150799][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:47763' (ECDSA) to the list of known hosts. 1970/01/01 00:07:15 fuzzer started 1970/01/01 00:07:29 dialing manager at localhost:45331 [ 455.722339][ T2039] cgroup: Unknown subsys name 'net' [ 456.634973][ T2039] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:07:36 syscalls: 2817 1970/01/01 00:07:36 code coverage: enabled 1970/01/01 00:07:36 comparison tracing: ioctl(KCOV_DISABLE) failed: invalid argument 1970/01/01 00:07:36 extra coverage: ioctl(KCOV_REMOTE_ENABLE) failed: device or resource busy 1970/01/01 00:07:36 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:07:36 setuid sandbox: enabled 1970/01/01 00:07:36 namespace sandbox: enabled 1970/01/01 00:07:36 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:07:36 fault injection: enabled 1970/01/01 00:07:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:07:36 net packet injection: enabled 1970/01/01 00:07:36 net device setup: enabled 1970/01/01 00:07:36 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:07:36 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:07:36 USB emulation: enabled 1970/01/01 00:07:36 hci packet injection: /dev/vhci does not exist 1970/01/01 00:07:36 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:07:36 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:07:36 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:07:40 fetching corpus: 50, signal 29040/32542 (executing program) 1970/01/01 00:07:44 fetching corpus: 100, signal 45352/50236 (executing program) 1970/01/01 00:07:50 fetching corpus: 150, signal 54817/61049 (executing program) 1970/01/01 00:07:52 fetching corpus: 199, signal 59736/67312 (executing program) 1970/01/01 00:07:55 fetching corpus: 249, signal 67571/76292 (executing program) 1970/01/01 00:07:59 fetching corpus: 299, signal 72770/82661 (executing program) 1970/01/01 00:08:02 fetching corpus: 349, signal 76157/87261 (executing program) 1970/01/01 00:08:06 fetching corpus: 399, signal 80152/92328 (executing program) 1970/01/01 00:08:08 fetching corpus: 448, signal 83464/96759 (executing program) 1970/01/01 00:08:11 fetching corpus: 498, signal 85931/100397 (executing program) 1970/01/01 00:08:14 fetching corpus: 548, signal 89031/104519 (executing program) 1970/01/01 00:08:18 fetching corpus: 597, signal 92173/108620 (executing program) 1970/01/01 00:08:20 fetching corpus: 647, signal 93752/111262 (executing program) 1970/01/01 00:08:24 fetching corpus: 696, signal 96090/114573 (executing program) 1970/01/01 00:08:27 fetching corpus: 744, signal 98751/118106 (executing program) 1970/01/01 00:08:31 fetching corpus: 794, signal 100752/121035 (executing program) 1970/01/01 00:08:33 fetching corpus: 844, signal 103529/124621 (executing program) 1970/01/01 00:08:35 fetching corpus: 894, signal 105304/127267 (executing program) 1970/01/01 00:08:41 fetching corpus: 944, signal 106849/129679 (executing program) 1970/01/01 00:08:44 fetching corpus: 994, signal 108837/132502 (executing program) 1970/01/01 00:08:47 fetching corpus: 1044, signal 110336/134831 (executing program) 1970/01/01 00:08:50 fetching corpus: 1093, signal 111903/137203 (executing program) 1970/01/01 00:08:53 fetching corpus: 1143, signal 114349/140370 (executing program) 1970/01/01 00:08:55 fetching corpus: 1193, signal 115783/142586 (executing program) 1970/01/01 00:08:57 fetching corpus: 1242, signal 116938/144593 (executing program) 1970/01/01 00:08:59 fetching corpus: 1292, signal 118973/147256 (executing program) 1970/01/01 00:09:02 fetching corpus: 1342, signal 120186/149245 (executing program) 1970/01/01 00:09:05 fetching corpus: 1392, signal 121649/151409 (executing program) 1970/01/01 00:09:09 fetching corpus: 1442, signal 123675/153982 (executing program) 1970/01/01 00:09:12 fetching corpus: 1490, signal 125251/156095 (executing program) 1970/01/01 00:09:14 fetching corpus: 1540, signal 126257/157807 (executing program) 1970/01/01 00:09:17 fetching corpus: 1590, signal 128287/160281 (executing program) 1970/01/01 00:09:22 fetching corpus: 1640, signal 129980/162447 (executing program) 1970/01/01 00:09:24 fetching corpus: 1689, signal 131011/164144 (executing program) 1970/01/01 00:09:27 fetching corpus: 1739, signal 132576/166224 (executing program) 1970/01/01 00:09:29 fetching corpus: 1789, signal 133790/168001 (executing program) 1970/01/01 00:09:31 fetching corpus: 1839, signal 134881/169698 (executing program) 1970/01/01 00:09:33 fetching corpus: 1889, signal 135983/171352 (executing program) 1970/01/01 00:09:36 fetching corpus: 1938, signal 136934/172920 (executing program) 1970/01/01 00:09:38 fetching corpus: 1988, signal 137916/174514 (executing program) 1970/01/01 00:09:40 fetching corpus: 2038, signal 139356/176371 (executing program) 1970/01/01 00:09:42 fetching corpus: 2088, signal 140669/178100 (executing program) 1970/01/01 00:09:45 fetching corpus: 2138, signal 141958/179820 (executing program) 1970/01/01 00:09:47 fetching corpus: 2188, signal 143045/181394 (executing program) 1970/01/01 00:09:49 fetching corpus: 2238, signal 143950/182764 (executing program) 1970/01/01 00:09:52 fetching corpus: 2287, signal 145303/184440 (executing program) 1970/01/01 00:09:54 fetching corpus: 2337, signal 146648/186146 (executing program) 1970/01/01 00:09:55 fetching corpus: 2387, signal 147485/187500 (executing program) 1970/01/01 00:09:58 fetching corpus: 2437, signal 148482/188887 (executing program) 1970/01/01 00:10:01 fetching corpus: 2486, signal 149981/190569 (executing program) 1970/01/01 00:10:03 fetching corpus: 2536, signal 150974/191964 (executing program) 1970/01/01 00:10:06 fetching corpus: 2586, signal 151987/193345 (executing program) 1970/01/01 00:10:08 fetching corpus: 2634, signal 153059/194782 (executing program) 1970/01/01 00:10:11 fetching corpus: 2684, signal 154272/196161 (executing program) 1970/01/01 00:10:15 fetching corpus: 2734, signal 155226/197456 (executing program) 1970/01/01 00:10:19 fetching corpus: 2783, signal 156034/198641 (executing program) 1970/01/01 00:10:22 fetching corpus: 2833, signal 156562/199672 (executing program) 1970/01/01 00:10:26 fetching corpus: 2882, signal 157378/200822 (executing program) 1970/01/01 00:10:30 fetching corpus: 2931, signal 158112/202003 (executing program) 1970/01/01 00:10:33 fetching corpus: 2981, signal 159108/203256 (executing program) 1970/01/01 00:10:34 fetching corpus: 3031, signal 159791/204332 (executing program) 1970/01/01 00:10:37 fetching corpus: 3081, signal 160589/205452 (executing program) 1970/01/01 00:10:40 fetching corpus: 3130, signal 162944/207345 (executing program) 1970/01/01 00:10:43 fetching corpus: 3180, signal 163785/208434 (executing program) 1970/01/01 00:10:46 fetching corpus: 3229, signal 164465/209389 (executing program) 1970/01/01 00:10:48 fetching corpus: 3279, signal 165224/210424 (executing program) 1970/01/01 00:10:50 fetching corpus: 3329, signal 166013/211444 (executing program) 1970/01/01 00:10:54 fetching corpus: 3379, signal 166704/212406 (executing program) 1970/01/01 00:10:59 fetching corpus: 3429, signal 167710/213528 (executing program) 1970/01/01 00:11:02 fetching corpus: 3479, signal 168239/214404 (executing program) 1970/01/01 00:11:04 fetching corpus: 3528, signal 169019/215410 (executing program) 1970/01/01 00:11:06 fetching corpus: 3578, signal 169689/216379 (executing program) 1970/01/01 00:11:11 fetching corpus: 3628, signal 170536/217398 (executing program) 1970/01/01 00:11:14 fetching corpus: 3678, signal 171257/218305 (executing program) 1970/01/01 00:11:18 fetching corpus: 3728, signal 172152/219290 (executing program) 1970/01/01 00:11:20 fetching corpus: 3775, signal 172737/220125 (executing program) 1970/01/01 00:11:23 fetching corpus: 3825, signal 173392/220976 (executing program) 1970/01/01 00:11:25 fetching corpus: 3874, signal 173986/221806 (executing program) 1970/01/01 00:11:27 fetching corpus: 3924, signal 174699/222683 (executing program) 1970/01/01 00:11:31 fetching corpus: 3973, signal 175701/223677 (executing program) 1970/01/01 00:11:33 fetching corpus: 4022, signal 176522/224550 (executing program) 1970/01/01 00:11:35 fetching corpus: 4072, signal 177115/225367 (executing program) 1970/01/01 00:11:37 fetching corpus: 4122, signal 178505/226437 (executing program) 1970/01/01 00:11:41 fetching corpus: 4172, signal 179125/227200 (executing program) 1970/01/01 00:11:43 fetching corpus: 4222, signal 179815/227942 (executing program) 1970/01/01 00:11:46 fetching corpus: 4272, signal 180393/228657 (executing program) 1970/01/01 00:11:48 fetching corpus: 4322, signal 181215/229439 (executing program) 1970/01/01 00:11:51 fetching corpus: 4372, signal 182286/230261 (executing program) 1970/01/01 00:11:55 fetching corpus: 4422, signal 182999/230998 (executing program) 1970/01/01 00:11:57 fetching corpus: 4471, signal 183526/231721 (executing program) 1970/01/01 00:12:00 fetching corpus: 4519, signal 184123/232400 (executing program) 1970/01/01 00:12:02 fetching corpus: 4569, signal 184665/233048 (executing program) 1970/01/01 00:12:04 fetching corpus: 4619, signal 185213/233708 (executing program) 1970/01/01 00:12:08 fetching corpus: 4669, signal 186016/234383 (executing program) 1970/01/01 00:12:11 fetching corpus: 4719, signal 186646/235000 (executing program) 1970/01/01 00:12:14 fetching corpus: 4769, signal 187255/235660 (executing program) 1970/01/01 00:12:16 fetching corpus: 4819, signal 187829/236315 (executing program) 1970/01/01 00:12:18 fetching corpus: 4868, signal 188360/236925 (executing program) 1970/01/01 00:12:21 fetching corpus: 4917, signal 188800/237531 (executing program) 1970/01/01 00:12:25 fetching corpus: 4967, signal 189366/238152 (executing program) 1970/01/01 00:12:27 fetching corpus: 5017, signal 189740/238694 (executing program) 1970/01/01 00:12:29 fetching corpus: 5067, signal 190137/239225 (executing program) 1970/01/01 00:12:32 fetching corpus: 5117, signal 190740/239757 (executing program) 1970/01/01 00:12:35 fetching corpus: 5167, signal 191199/240310 (executing program) 1970/01/01 00:12:39 fetching corpus: 5217, signal 191648/240865 (executing program) 1970/01/01 00:12:42 fetching corpus: 5267, signal 192431/241480 (executing program) 1970/01/01 00:12:45 fetching corpus: 5317, signal 192838/241972 (executing program) 1970/01/01 00:12:47 fetching corpus: 5367, signal 193248/242476 (executing program) 1970/01/01 00:12:49 fetching corpus: 5416, signal 193897/243033 (executing program) 1970/01/01 00:12:53 fetching corpus: 5466, signal 195155/243589 (executing program) 1970/01/01 00:12:55 fetching corpus: 5516, signal 195807/244118 (executing program) 1970/01/01 00:12:57 fetching corpus: 5566, signal 196267/244574 (executing program) 1970/01/01 00:13:00 fetching corpus: 5616, signal 196880/245084 (executing program) 1970/01/01 00:13:01 fetching corpus: 5666, signal 197362/245518 (executing program) 1970/01/01 00:13:04 fetching corpus: 5716, signal 197900/245979 (executing program) 1970/01/01 00:13:07 fetching corpus: 5766, signal 198443/246378 (executing program) 1970/01/01 00:13:09 fetching corpus: 5816, signal 198883/246801 (executing program) 1970/01/01 00:13:11 fetching corpus: 5866, signal 199418/247239 (executing program) 1970/01/01 00:13:13 fetching corpus: 5916, signal 200148/247696 (executing program) 1970/01/01 00:13:15 fetching corpus: 5966, signal 200493/248095 (executing program) 1970/01/01 00:13:18 fetching corpus: 6016, signal 201135/248516 (executing program) 1970/01/01 00:13:21 fetching corpus: 6066, signal 201969/248905 (executing program) 1970/01/01 00:13:23 fetching corpus: 6116, signal 202520/249280 (executing program) 1970/01/01 00:13:26 fetching corpus: 6165, signal 202994/249556 (executing program) 1970/01/01 00:13:28 fetching corpus: 6215, signal 203451/249560 (executing program) 1970/01/01 00:13:31 fetching corpus: 6265, signal 204165/249564 (executing program) 1970/01/01 00:13:34 fetching corpus: 6313, signal 204495/249564 (executing program) 1970/01/01 00:13:36 fetching corpus: 6363, signal 205029/249568 (executing program) 1970/01/01 00:13:38 fetching corpus: 6413, signal 205642/249572 (executing program) 1970/01/01 00:13:41 fetching corpus: 6463, signal 206125/249576 (executing program) 1970/01/01 00:13:42 fetching corpus: 6513, signal 206558/249576 (executing program) 1970/01/01 00:13:46 fetching corpus: 6563, signal 207005/249576 (executing program) 1970/01/01 00:13:49 fetching corpus: 6612, signal 207319/249580 (executing program) 1970/01/01 00:13:51 fetching corpus: 6661, signal 207766/249580 (executing program) 1970/01/01 00:13:53 fetching corpus: 6711, signal 208296/249591 (executing program) 1970/01/01 00:13:55 fetching corpus: 6761, signal 208770/249614 (executing program) 1970/01/01 00:13:59 fetching corpus: 6811, signal 209096/249614 (executing program) 1970/01/01 00:14:02 fetching corpus: 6861, signal 209649/249614 (executing program) 1970/01/01 00:14:04 fetching corpus: 6911, signal 210035/249614 (executing program) 1970/01/01 00:14:07 fetching corpus: 6961, signal 210499/249614 (executing program) 1970/01/01 00:14:09 fetching corpus: 7011, signal 210971/249615 (executing program) 1970/01/01 00:14:11 fetching corpus: 7060, signal 211293/249617 (executing program) 1970/01/01 00:14:14 fetching corpus: 7109, signal 211555/249662 (executing program) 1970/01/01 00:14:17 fetching corpus: 7159, signal 212076/249668 (executing program) 1970/01/01 00:14:20 fetching corpus: 7209, signal 212458/249668 (executing program) 1970/01/01 00:14:23 fetching corpus: 7259, signal 212923/249668 (executing program) 1970/01/01 00:14:27 fetching corpus: 7308, signal 213346/249673 (executing program) 1970/01/01 00:14:29 fetching corpus: 7358, signal 213820/249676 (executing program) 1970/01/01 00:14:32 fetching corpus: 7408, signal 214147/249676 (executing program) 1970/01/01 00:14:36 fetching corpus: 7457, signal 214473/249684 (executing program) 1970/01/01 00:14:39 fetching corpus: 7507, signal 215012/249684 (executing program) 1970/01/01 00:14:41 fetching corpus: 7556, signal 215333/249684 (executing program) 1970/01/01 00:14:44 fetching corpus: 7606, signal 215751/249687 (executing program) 1970/01/01 00:14:46 fetching corpus: 7656, signal 216067/249687 (executing program) 1970/01/01 00:14:49 fetching corpus: 7706, signal 216513/249687 (executing program) 1970/01/01 00:14:54 fetching corpus: 7755, signal 216973/249699 (executing program) 1970/01/01 00:14:59 fetching corpus: 7804, signal 217469/249699 (executing program) 1970/01/01 00:15:03 fetching corpus: 7854, signal 217930/249714 (executing program) 1970/01/01 00:15:06 fetching corpus: 7904, signal 218321/249731 (executing program) 1970/01/01 00:15:08 fetching corpus: 7954, signal 218571/249737 (executing program) 1970/01/01 00:15:10 fetching corpus: 8004, signal 218906/249738 (executing program) 1970/01/01 00:15:12 fetching corpus: 8054, signal 219177/249738 (executing program) 1970/01/01 00:15:14 fetching corpus: 8104, signal 219532/249744 (executing program) 1970/01/01 00:15:16 fetching corpus: 8154, signal 219997/249744 (executing program) 1970/01/01 00:15:20 fetching corpus: 8204, signal 220437/249745 (executing program) 1970/01/01 00:15:22 fetching corpus: 8254, signal 220787/249747 (executing program) 1970/01/01 00:15:25 fetching corpus: 8304, signal 221115/249747 (executing program) 1970/01/01 00:15:28 fetching corpus: 8354, signal 221505/249756 (executing program) 1970/01/01 00:15:30 fetching corpus: 8404, signal 221859/249756 (executing program) 1970/01/01 00:15:33 fetching corpus: 8454, signal 222339/249756 (executing program) 1970/01/01 00:15:36 fetching corpus: 8504, signal 222779/249758 (executing program) 1970/01/01 00:15:39 fetching corpus: 8554, signal 223110/249758 (executing program) 1970/01/01 00:15:42 fetching corpus: 8604, signal 223407/249758 (executing program) 1970/01/01 00:15:46 fetching corpus: 8653, signal 223879/249767 (executing program) 1970/01/01 00:15:48 fetching corpus: 8703, signal 224253/249772 (executing program) 1970/01/01 00:15:50 fetching corpus: 8753, signal 224546/249775 (executing program) 1970/01/01 00:15:52 fetching corpus: 8803, signal 225069/249775 (executing program) 1970/01/01 00:15:55 fetching corpus: 8853, signal 225333/249775 (executing program) 1970/01/01 00:15:56 fetching corpus: 8903, signal 225590/249775 (executing program) 1970/01/01 00:15:58 fetching corpus: 8953, signal 225959/249777 (executing program) 1970/01/01 00:16:01 fetching corpus: 9002, signal 226477/249777 (executing program) 1970/01/01 00:16:05 fetching corpus: 9052, signal 226851/249778 (executing program) 1970/01/01 00:16:09 fetching corpus: 9102, signal 227232/249778 (executing program) 1970/01/01 00:16:11 fetching corpus: 9151, signal 227485/249781 (executing program) 1970/01/01 00:16:14 fetching corpus: 9201, signal 227971/249782 (executing program) 1970/01/01 00:16:16 fetching corpus: 9251, signal 228329/249801 (executing program) 1970/01/01 00:16:18 fetching corpus: 9300, signal 228707/249801 (executing program) 1970/01/01 00:16:20 fetching corpus: 9350, signal 229211/249804 (executing program) 1970/01/01 00:16:24 fetching corpus: 9400, signal 229655/249804 (executing program) 1970/01/01 00:16:27 fetching corpus: 9450, signal 230188/249804 (executing program) 1970/01/01 00:16:29 fetching corpus: 9499, signal 230474/249804 (executing program) 1970/01/01 00:16:31 fetching corpus: 9548, signal 230806/249809 (executing program) 1970/01/01 00:16:33 fetching corpus: 9598, signal 231145/249809 (executing program) 1970/01/01 00:16:35 fetching corpus: 9647, signal 231429/249821 (executing program) 1970/01/01 00:16:37 fetching corpus: 9697, signal 231727/249824 (executing program) 1970/01/01 00:16:39 fetching corpus: 9746, signal 232089/249842 (executing program) 1970/01/01 00:16:41 fetching corpus: 9796, signal 232468/249842 (executing program) 1970/01/01 00:16:45 fetching corpus: 9846, signal 232814/249842 (executing program) 1970/01/01 00:16:49 fetching corpus: 9896, signal 233153/249842 (executing program) 1970/01/01 00:16:52 fetching corpus: 9946, signal 233463/249858 (executing program) 1970/01/01 00:16:54 fetching corpus: 9996, signal 233789/249858 (executing program) 1970/01/01 00:16:56 fetching corpus: 10046, signal 234147/249871 (executing program) 1970/01/01 00:16:58 fetching corpus: 10096, signal 234514/249871 (executing program) 1970/01/01 00:17:00 fetching corpus: 10146, signal 234847/249871 (executing program) 1970/01/01 00:17:02 fetching corpus: 10196, signal 235120/249871 (executing program) 1970/01/01 00:17:04 fetching corpus: 10246, signal 235400/249871 (executing program) 1970/01/01 00:17:07 fetching corpus: 10295, signal 235706/249871 (executing program) 1970/01/01 00:17:12 fetching corpus: 10345, signal 235968/249871 (executing program) 1970/01/01 00:17:16 fetching corpus: 10394, signal 236351/249871 (executing program) 1970/01/01 00:17:19 fetching corpus: 10444, signal 236676/249871 (executing program) 1970/01/01 00:17:21 fetching corpus: 10494, signal 236983/249873 (executing program) 1970/01/01 00:17:24 fetching corpus: 10542, signal 237339/249876 (executing program) 1970/01/01 00:17:27 fetching corpus: 10591, signal 237645/249876 (executing program) 1970/01/01 00:17:29 fetching corpus: 10639, signal 237928/249876 (executing program) 1970/01/01 00:17:31 fetching corpus: 10689, signal 238269/249876 (executing program) 1970/01/01 00:17:34 fetching corpus: 10739, signal 238606/249881 (executing program) 1970/01/01 00:17:37 fetching corpus: 10789, signal 238974/249882 (executing program) 1970/01/01 00:17:40 fetching corpus: 10839, signal 239278/249886 (executing program) 1970/01/01 00:17:42 fetching corpus: 10889, signal 239545/249886 (executing program) 1970/01/01 00:17:45 fetching corpus: 10939, signal 240184/249892 (executing program) 1970/01/01 00:17:47 fetching corpus: 10989, signal 240500/249917 (executing program) 1970/01/01 00:17:49 fetching corpus: 11039, signal 240790/249922 (executing program) 1970/01/01 00:17:51 fetching corpus: 11089, signal 241094/249930 (executing program) 1970/01/01 00:17:53 fetching corpus: 11139, signal 241497/249930 (executing program) 1970/01/01 00:17:56 fetching corpus: 11189, signal 241831/249930 (executing program) 1970/01/01 00:17:59 fetching corpus: 11239, signal 242072/249930 (executing program) 1970/01/01 00:18:01 fetching corpus: 11288, signal 242339/249930 (executing program) 1970/01/01 00:18:04 fetching corpus: 11338, signal 242703/249930 (executing program) 1970/01/01 00:18:06 fetching corpus: 11388, signal 242960/249932 (executing program) 1970/01/01 00:18:09 fetching corpus: 11438, signal 243251/249933 (executing program) 1970/01/01 00:18:11 fetching corpus: 11487, signal 243558/249933 (executing program) 1970/01/01 00:18:14 fetching corpus: 11536, signal 243900/249943 (executing program) 1970/01/01 00:18:16 fetching corpus: 11586, signal 244189/249946 (executing program) 1970/01/01 00:18:19 fetching corpus: 11636, signal 244454/249948 (executing program) 1970/01/01 00:18:22 fetching corpus: 11686, signal 244733/249964 (executing program) 1970/01/01 00:18:25 fetching corpus: 11736, signal 245010/249986 (executing program) 1970/01/01 00:18:27 fetching corpus: 11786, signal 245352/249990 (executing program) 1970/01/01 00:18:29 fetching corpus: 11836, signal 245613/249993 (executing program) 1970/01/01 00:18:31 fetching corpus: 11886, signal 245912/249993 (executing program) 1970/01/01 00:18:33 fetching corpus: 11936, signal 246215/249993 (executing program) 1970/01/01 00:18:36 fetching corpus: 11986, signal 246592/250013 (executing program) 1970/01/01 00:18:38 fetching corpus: 12036, signal 246878/250013 (executing program) 1970/01/01 00:18:38 fetching corpus: 12038, signal 246924/250013 (executing program) 1970/01/01 00:18:38 fetching corpus: 12038, signal 246924/250013 (executing program) 1970/01/01 00:20:48 starting 2 fuzzer processes 00:20:48 executing program 0: r0 = inotify_init1(0x0) ioctl$int_in(r0, 0x40044900, 0x0) 00:20:48 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540f, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x7, &(0x7f0000004200)={0x0, 0x3938700}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) ppoll(0x0, 0x0, 0x0, &(0x7f0000000380), 0x8) [ 1278.898184][ T2052] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1279.482713][ T2052] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1280.263079][ T2053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1280.974926][ T2053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1292.819504][ T2052] device hsr_slave_0 entered promiscuous mode [ 1292.911865][ T2052] device hsr_slave_1 entered promiscuous mode [ 1295.191179][ T2053] device hsr_slave_0 entered promiscuous mode [ 1295.239611][ T2053] device hsr_slave_1 entered promiscuous mode [ 1295.341732][ T2053] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1295.353008][ T2053] Cannot create hsr debugfs directory [ 1306.558601][ T2052] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1307.261740][ T2052] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1307.704706][ T2052] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1308.349560][ T2052] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1310.579638][ T2053] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1311.661639][ T2053] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1312.167873][ T2053] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1313.624268][ T2053] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1333.389262][ T2052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1335.433640][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1335.691072][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1338.820458][ T2053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1340.500417][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1340.613938][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1350.787263][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1350.813027][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1351.251636][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1351.302982][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1351.819424][ T2111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1351.967786][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1353.672597][ T2052] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1353.710051][ T2052] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1353.912711][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1353.963545][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1354.084379][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1354.273804][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1354.492763][ T2664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1355.592789][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1355.641613][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1355.798404][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1355.804619][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1356.171202][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1356.234937][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1356.739542][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1357.082024][ T2111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1358.430128][ T2053] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1358.431527][ T2053] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1358.548532][ T2111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1358.605215][ T2111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1358.701135][ T2111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1358.757774][ T2111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1358.947737][ T2111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1360.512950][ T2111] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1360.554839][ T2111] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1380.804165][ T2111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1380.861957][ T2111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1382.268562][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1382.367715][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1389.150094][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1389.219316][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1389.363178][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1389.401084][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1389.621433][ T2052] device veth0_vlan entered promiscuous mode [ 1390.104644][ T2052] device veth1_vlan entered promiscuous mode [ 1391.974487][ T2664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1391.999721][ T2664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1392.463319][ T2052] device veth0_macvtap entered promiscuous mode [ 1392.711454][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1392.792109][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1392.854036][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1392.944969][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1393.011518][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1393.300578][ T2052] device veth1_macvtap entered promiscuous mode [ 1393.514492][ T2053] device veth0_vlan entered promiscuous mode [ 1394.401488][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1394.469338][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1394.522581][ T2053] device veth1_vlan entered promiscuous mode [ 1395.178104][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1395.228138][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1395.754879][ T2052] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1395.780942][ T2052] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1395.782893][ T2052] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1395.784620][ T2052] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1397.331388][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1397.389659][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1397.766628][ T2053] device veth0_macvtap entered promiscuous mode [ 1398.400505][ T2053] device veth1_macvtap entered promiscuous mode [ 1398.550315][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1399.618702][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1399.692617][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1399.964524][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1400.032237][ T2633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1400.294252][ T2053] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1400.307789][ T2053] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1400.309384][ T2053] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1400.310683][ T2053] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:23:24 executing program 0: r0 = inotify_init1(0x0) ioctl$int_in(r0, 0x40044900, 0x0) [ 1406.081393][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1406.373863][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1406.424945][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 00:23:28 executing program 0: r0 = inotify_init1(0x0) ioctl$int_in(r0, 0x40044900, 0x0) 00:23:29 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540f, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x7, &(0x7f0000004200)={0x0, 0x3938700}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) ppoll(0x0, 0x0, 0x0, &(0x7f0000000380), 0x8) [ 1413.003778][ T2757] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1413.105025][ T2757] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1413.185146][ T2757] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 00:23:31 executing program 0: r0 = inotify_init1(0x0) ioctl$int_in(r0, 0x40044900, 0x0) 00:23:36 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540f, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x7, &(0x7f0000004200)={0x0, 0x3938700}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) ppoll(0x0, 0x0, 0x0, &(0x7f0000000380), 0x8) 00:23:37 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540f, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x7, &(0x7f0000004200)={0x0, 0x3938700}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) ppoll(0x0, 0x0, 0x0, &(0x7f0000000380), 0x8) [ 1419.619005][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1419.783519][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1419.893075][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1420.715723][ C1] hrtimer: interrupt took 1537400 ns [ 1423.854668][ T2765] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 00:23:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540f, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x7, &(0x7f0000004200)={0x0, 0x3938700}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) ppoll(0x0, 0x0, 0x0, &(0x7f0000000380), 0x8) [ 1424.242064][ T2765] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1424.245125][ T2765] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1429.673885][ T2768] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1429.921962][ C0] ================================================================== [ 1429.926983][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 1429.928604][ C0] Read of size 8 at addr ffffaf8023cdffc0 by task syz-executor.0/2768 [ 1429.930186][ C0] [ 1429.932411][ C0] CPU: 0 PID: 2768 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1429.934772][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1429.936785][ C0] Call Trace: [ 1429.938302][ C0] [] dump_backtrace+0x2e/0x3c [ 1429.939731][ C0] [] show_stack+0x34/0x40 [ 1429.940937][ C0] [] dump_stack_lvl+0xe4/0x150 [ 1429.942504][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 1429.944064][ C0] [] kasan_report+0x184/0x1e0 [ 1429.945432][ C0] [] __asan_load8+0x6e/0x96 [ 1429.947535][ C0] [] walk_stackframe+0x11c/0x260 [ 1429.948874][ C0] [] arch_stack_walk+0x2c/0x3c [ 1429.950147][ C0] [] stack_trace_save+0xa6/0xd8 [ 1429.951717][ C0] [ 1429.952609][ C0] Allocated by task 0: [ 1429.953522][ C0] (stack is not available) [ 1429.954452][ C0] [ 1429.955251][ C0] The buggy address belongs to the object at ffffaf8023cdf800 [ 1429.955251][ C0] which belongs to the cache kmalloc-1k of size 1024 [ 1429.959730][ C0] The buggy address is located 960 bytes to the right of [ 1429.959730][ C0] 1024-byte region [ffffaf8023cdf800, ffffaf8023cdfc00) [ 1429.961846][ C0] The buggy address belongs to the page: [ 1429.963165][ C0] page:ffffaf807b05acc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa3ed8 [ 1429.964665][ C0] head:ffffaf807b05acc0 order:3 compound_mapcount:0 compound_pincount:0 [ 1429.968038][ C0] flags: 0xa000010200(slab|head|section=20|node=0|zone=0) [ 1429.971290][ C0] raw: 000000a000010200 0000000000000000 0000000000000001 ffffaf8007201dc0 [ 1429.974032][ C0] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 1429.976975][ C0] raw: 00000000000007ff [ 1429.978878][ C0] page dumped because: kasan: bad access detected [ 1429.980227][ C0] page_owner tracks the page as allocated [ 1429.981625][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2053, ts 1358481966100, free_ts 1356589678700 [ 1429.989057][ C0] __set_page_owner+0x48/0x136 [ 1429.991282][ C0] post_alloc_hook+0xd0/0x10a [ 1429.993039][ C0] get_page_from_freelist+0x8da/0x12d8 [ 1429.994947][ C0] __alloc_pages+0x150/0x3b6 [ 1429.997012][ C0] alloc_pages+0x132/0x2a6 [ 1429.998815][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 1430.000865][ C0] new_slab+0x25a/0x2cc [ 1430.002868][ C0] ___slab_alloc+0x56e/0x918 [ 1430.004788][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 1430.007509][ C0] __kmalloc_node_track_caller+0x26c/0x362 [ 1430.008876][ C0] __alloc_skb+0xee/0x2e4 [ 1430.010028][ C0] rtmsg_fib+0x108/0x2be [ 1430.011036][ C0] fib_table_insert+0x52a/0xebe [ 1430.012037][ C0] fib_magic+0x3f4/0x438 [ 1430.013060][ C0] fib_add_ifaddr+0x1fc/0x2e2 [ 1430.014036][ C0] fib_netdev_event+0x362/0x4b0 [ 1430.015128][ C0] page last free stack trace: [ 1430.016314][ C0] __reset_page_owner+0x4a/0xea [ 1430.017750][ C0] free_pcp_prepare+0x29c/0x45e [ 1430.018818][ C0] free_unref_page+0x6a/0x31e [ 1430.019912][ C0] __free_pages+0xe2/0x112 [ 1430.021025][ C0] __free_slab+0x122/0x27c [ 1430.022200][ C0] discard_slab+0x4c/0x7a [ 1430.023423][ C0] __unfreeze_partials+0x16a/0x18e [ 1430.024633][ C0] put_cpu_partial+0xf6/0x162 [ 1430.026195][ C0] __slab_free+0x166/0x29c [ 1430.027748][ C0] ___cache_free+0x17c/0x354 [ 1430.028915][ C0] qlist_free_all+0x7c/0x132 [ 1430.030024][ C0] kasan_quarantine_reduce+0x14c/0x1c8 [ 1430.031166][ C0] __kasan_slab_alloc+0x5c/0x98 [ 1430.032256][ C0] kmem_cache_alloc+0x338/0x3de [ 1430.033299][ C0] vm_area_alloc+0x2e/0xaa [ 1430.034329][ C0] mmap_region+0x62e/0xa88 [ 1430.035529][ C0] [ 1430.036391][ C0] Memory state around the buggy address: [ 1430.037967][ C0] ffffaf8023cdfe80: 00 00 00 00 00 00 00 00 fc fc fc fc 00 00 00 00 [ 1430.039339][ C0] ffffaf8023cdff00: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 1430.041565][ C0] >ffffaf8023cdff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1430.043964][ C0] ^ [ 1430.046268][ C0] ffffaf8023ce0000: 00 00 00 00 f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 [ 1430.049413][ C0] ffffaf8023ce0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1430.052255][ C0] ================================================================== [ 1430.055044][ C0] Disabling lock debugging due to kernel taint [ 1430.064677][ T2768] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 1430.069049][ T2768] CPU: 0 PID: 2768 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1430.071179][ T2768] Hardware name: riscv-virtio,qemu (DT) [ 1430.073241][ T2768] Call Trace: [ 1430.074339][ T2768] [] dump_backtrace+0x2e/0x3c [ 1430.076843][ T2768] [] show_stack+0x34/0x40 [ 1430.078796][ T2768] [] dump_stack_lvl+0xe4/0x150 [ 1430.081219][ T2768] [] dump_stack+0x1c/0x24 [ 1430.083504][ T2768] [] panic+0x24a/0x634 [ 1430.085787][ T2768] [] schedule+0x0/0x14c [ 1430.087962][ T2768] [] preempt_schedule_irq+0x4a/0x13e [ 1430.090430][ T2768] [] resume_kernel+0x16/0x18 [ 1430.092657][ T2768] SMP: stopping secondary CPUs [ 1430.095681][ T2768] Rebooting in 86400 seconds.. VM DIAGNOSIS: 13:23:56 Registers: info registers vcpu 0 pc ffffffff801165d6 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475986 sepc ffffffff8010b26a mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff801165c2 x2/sp ffffaf8023cdf980 x3/gp ffffffff85863ac0 x4/tp ffffaf800ec61840 x5/t0 ffffffff86bcb657 x6/t1 7fa5287793790a00 x7/t2 0000000000000000 x8/s0 ffffaf8023cdfae0 x9/s1 ffffffff8343c840 x10/a0 ffffaf805a9c8840 x11/a1 0000000000000003 x12/a2 1ffff5f00b539108 x13/a3 ffffffff801165c2 x14/a4 0000000000000000 x15/a5 0000000000000020 x16/a6 0000000000f00000 x17/a7 ffffffff8011ede2 x18/s2 ffffffff86c1a620 x19/s3 ffffaf805a9c8840 x20/s4 0000000000000000 x21/s5 ffffffff84a88898 x22/s6 0000000000000000 x23/s7 ffffaf800ec61840 x24/s8 ffffffff8011ede2 x25/s9 ffffffff85889780 x26/s10 1ffff5f00479bf38 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f00479bf14 x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80146d18 mhartid 0000000000000001 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 0000000000053cc0 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80113198 x2/sp ffffaf8009d6b780 x3/gp ffffffff85863ac0 x4/tp ffffaf8009b16100 x5/t0 ffffaf8009d6bcf0 x6/t1 7fa5287793790a00 x7/t2 00007fffe63931b7 x8/s0 ffffaf8009d6ba90 x9/s1 ffffaf805a9e7400 x10/a0 ffffffff84b86688 x11/a1 0000000000000007 x12/a2 0000000000000035 x13/a3 ffffffff801124b8 x14/a4 dfffffff00000000 x15/a5 ffffaf8009b16b68 x16/a6 ffffffff866c3b18 x17/a7 ffffffff8016e348 x18/s2 0000000000000035 x19/s3 00000000000e0035 x20/s4 ffffffff866c3a60 x21/s5 ffffaf8009b16b18 x22/s6 ffffffff858c4ca0 x23/s7 47a794ba501caff5 x24/s8 ffffaf8009b16b48 x25/s9 0000000000000000 x26/s10 00000000786bf83c x27/s11 ffffaf8009b16100 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0013ad6f8 x31/t6 0000000000040000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000