syzkaller login: [ 250.597679][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 250.657974][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 250.747505][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 260.347934][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:16506' (ECDSA) to the list of known hosts. 1970/01/01 00:05:20 fuzzer started 1970/01/01 00:05:33 dialing manager at localhost:43965 [ 339.769311][ T2026] cgroup: Unknown subsys name 'net' [ 340.853806][ T2026] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:40 syscalls: 2918 1970/01/01 00:05:40 code coverage: enabled 1970/01/01 00:05:40 comparison tracing: enabled 1970/01/01 00:05:40 extra coverage: enabled 1970/01/01 00:05:40 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:40 setuid sandbox: enabled 1970/01/01 00:05:40 namespace sandbox: enabled 1970/01/01 00:05:40 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:40 fault injection: enabled 1970/01/01 00:05:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:40 net packet injection: enabled 1970/01/01 00:05:40 net device setup: enabled 1970/01/01 00:05:40 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:40 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:40 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:05:40 USB emulation: enabled 1970/01/01 00:05:40 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:40 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:40 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:41 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:05:46 fetching corpus: 50, signal 30467/33874 (executing program) 1970/01/01 00:05:49 fetching corpus: 100, signal 46094/50746 (executing program) 1970/01/01 00:05:53 fetching corpus: 150, signal 53297/59192 (executing program) 1970/01/01 00:05:56 fetching corpus: 200, signal 61352/68309 (executing program) 1970/01/01 00:05:58 fetching corpus: 250, signal 69987/77788 (executing program) 1970/01/01 00:06:01 fetching corpus: 300, signal 74742/83475 (executing program) 1970/01/01 00:06:05 fetching corpus: 349, signal 79855/89393 (executing program) 1970/01/01 00:06:08 fetching corpus: 398, signal 84140/94472 (executing program) 1970/01/01 00:06:10 fetching corpus: 448, signal 87801/98921 (executing program) 1970/01/01 00:06:13 fetching corpus: 498, signal 91079/102923 (executing program) 1970/01/01 00:06:16 fetching corpus: 548, signal 94741/107262 (executing program) 1970/01/01 00:06:19 fetching corpus: 598, signal 97193/110446 (executing program) 1970/01/01 00:06:21 fetching corpus: 648, signal 99746/113676 (executing program) 1970/01/01 00:06:24 fetching corpus: 697, signal 103288/117639 (executing program) 1970/01/01 00:06:27 fetching corpus: 746, signal 106166/121079 (executing program) 1970/01/01 00:06:31 fetching corpus: 795, signal 108175/123638 (executing program) 1970/01/01 00:06:33 fetching corpus: 845, signal 110037/126041 (executing program) 1970/01/01 00:06:36 fetching corpus: 895, signal 111788/128366 (executing program) 1970/01/01 00:06:38 fetching corpus: 945, signal 115236/131998 (executing program) 1970/01/01 00:06:40 fetching corpus: 995, signal 116730/134025 (executing program) 1970/01/01 00:06:42 fetching corpus: 1044, signal 118784/136400 (executing program) 1970/01/01 00:06:43 fetching corpus: 1094, signal 120138/138229 (executing program) 1970/01/01 00:06:46 fetching corpus: 1143, signal 122002/140392 (executing program) 1970/01/01 00:06:49 fetching corpus: 1193, signal 123459/142275 (executing program) 1970/01/01 00:06:51 fetching corpus: 1242, signal 125652/144602 (executing program) 1970/01/01 00:06:53 fetching corpus: 1292, signal 127478/146628 (executing program) 1970/01/01 00:06:56 fetching corpus: 1342, signal 129267/148626 (executing program) 1970/01/01 00:06:58 fetching corpus: 1392, signal 130945/150560 (executing program) 1970/01/01 00:07:00 fetching corpus: 1441, signal 132992/152697 (executing program) 1970/01/01 00:07:03 fetching corpus: 1490, signal 134586/154441 (executing program) 1970/01/01 00:07:04 fetching corpus: 1540, signal 135836/155960 (executing program) 1970/01/01 00:07:07 fetching corpus: 1590, signal 137534/157743 (executing program) 1970/01/01 00:07:10 fetching corpus: 1640, signal 138748/159206 (executing program) 1970/01/01 00:07:12 fetching corpus: 1690, signal 139821/160468 (executing program) 1970/01/01 00:07:15 fetching corpus: 1740, signal 141163/161931 (executing program) 1970/01/01 00:07:17 fetching corpus: 1789, signal 142308/163229 (executing program) 1970/01/01 00:07:20 fetching corpus: 1839, signal 143581/164578 (executing program) 1970/01/01 00:07:23 fetching corpus: 1888, signal 144429/165623 (executing program) 1970/01/01 00:07:26 fetching corpus: 1936, signal 145548/166819 (executing program) 1970/01/01 00:07:30 fetching corpus: 1985, signal 146835/168073 (executing program) 1970/01/01 00:07:35 fetching corpus: 2035, signal 148373/169490 (executing program) 1970/01/01 00:07:36 fetching corpus: 2083, signal 149423/170589 (executing program) 1970/01/01 00:07:39 fetching corpus: 2133, signal 150848/171852 (executing program) 1970/01/01 00:07:41 fetching corpus: 2183, signal 151437/172614 (executing program) 1970/01/01 00:07:43 fetching corpus: 2230, signal 152840/173821 (executing program) 1970/01/01 00:07:47 fetching corpus: 2280, signal 154231/175047 (executing program) 1970/01/01 00:07:49 fetching corpus: 2330, signal 155765/176303 (executing program) 1970/01/01 00:07:51 fetching corpus: 2379, signal 156778/177234 (executing program) 1970/01/01 00:07:55 fetching corpus: 2429, signal 157922/178255 (executing program) 1970/01/01 00:07:57 fetching corpus: 2478, signal 159246/179298 (executing program) 1970/01/01 00:07:59 fetching corpus: 2527, signal 160291/180220 (executing program) 1970/01/01 00:08:02 fetching corpus: 2577, signal 161454/181141 (executing program) 1970/01/01 00:08:05 fetching corpus: 2627, signal 162543/182027 (executing program) 1970/01/01 00:08:08 fetching corpus: 2677, signal 163542/182803 (executing program) 1970/01/01 00:08:11 fetching corpus: 2726, signal 164264/183465 (executing program) 1970/01/01 00:08:13 fetching corpus: 2776, signal 164863/184061 (executing program) 1970/01/01 00:08:15 fetching corpus: 2826, signal 165876/184831 (executing program) 1970/01/01 00:08:18 fetching corpus: 2876, signal 166926/185618 (executing program) 1970/01/01 00:08:20 fetching corpus: 2926, signal 167877/186310 (executing program) 1970/01/01 00:08:22 fetching corpus: 2976, signal 168573/186855 (executing program) 1970/01/01 00:08:25 fetching corpus: 3026, signal 169656/187534 (executing program) 1970/01/01 00:08:27 fetching corpus: 3075, signal 170636/188221 (executing program) 1970/01/01 00:08:28 fetching corpus: 3125, signal 171385/188757 (executing program) 1970/01/01 00:08:32 fetching corpus: 3175, signal 172479/189385 (executing program) 1970/01/01 00:08:34 fetching corpus: 3225, signal 173671/189998 (executing program) 1970/01/01 00:08:36 fetching corpus: 3275, signal 174176/190420 (executing program) 1970/01/01 00:08:38 fetching corpus: 3325, signal 174874/190879 (executing program) 1970/01/01 00:08:40 fetching corpus: 3375, signal 175450/191284 (executing program) 1970/01/01 00:08:43 fetching corpus: 3423, signal 176319/191758 (executing program) 1970/01/01 00:08:45 fetching corpus: 3473, signal 177012/192185 (executing program) 1970/01/01 00:08:47 fetching corpus: 3521, signal 177687/192569 (executing program) 1970/01/01 00:08:50 fetching corpus: 3571, signal 178454/192977 (executing program) 1970/01/01 00:08:53 fetching corpus: 3621, signal 179207/193347 (executing program) 1970/01/01 00:08:56 fetching corpus: 3671, signal 179862/193693 (executing program) 1970/01/01 00:08:58 fetching corpus: 3720, signal 180990/194167 (executing program) 1970/01/01 00:09:01 fetching corpus: 3770, signal 181697/194493 (executing program) 1970/01/01 00:09:04 fetching corpus: 3820, signal 182506/194843 (executing program) 1970/01/01 00:09:07 fetching corpus: 3868, signal 183168/195154 (executing program) 1970/01/01 00:09:09 fetching corpus: 3917, signal 183889/195423 (executing program) 1970/01/01 00:09:11 fetching corpus: 3967, signal 184764/195741 (executing program) 1970/01/01 00:09:13 fetching corpus: 4017, signal 185403/195997 (executing program) 1970/01/01 00:09:16 fetching corpus: 4067, signal 186152/196241 (executing program) 1970/01/01 00:09:18 fetching corpus: 4117, signal 186776/196466 (executing program) 1970/01/01 00:09:21 fetching corpus: 4167, signal 187478/196674 (executing program) 1970/01/01 00:09:23 fetching corpus: 4217, signal 188199/196886 (executing program) 1970/01/01 00:09:25 fetching corpus: 4267, signal 188712/197047 (executing program) 1970/01/01 00:09:27 fetching corpus: 4317, signal 189159/197202 (executing program) 1970/01/01 00:09:30 fetching corpus: 4367, signal 189766/197347 (executing program) 1970/01/01 00:09:33 fetching corpus: 4417, signal 190470/197537 (executing program) 1970/01/01 00:09:34 fetching corpus: 4467, signal 191160/197677 (executing program) 1970/01/01 00:09:36 fetching corpus: 4517, signal 191680/197814 (executing program) 1970/01/01 00:09:38 fetching corpus: 4567, signal 192350/197946 (executing program) 1970/01/01 00:09:41 fetching corpus: 4617, signal 193053/198041 (executing program) 1970/01/01 00:09:44 fetching corpus: 4665, signal 193584/198145 (executing program) 1970/01/01 00:09:46 fetching corpus: 4715, signal 194204/198208 (executing program) 1970/01/01 00:09:47 fetching corpus: 4753, signal 195481/198288 (executing program) 1970/01/01 00:09:47 fetching corpus: 4753, signal 195481/198310 (executing program) 1970/01/01 00:09:47 fetching corpus: 4753, signal 195481/198344 (executing program) 1970/01/01 00:09:47 fetching corpus: 4753, signal 195481/198350 (executing program) 1970/01/01 00:09:48 fetching corpus: 4753, signal 195481/198350 (executing program) 1970/01/01 00:11:42 starting 2 fuzzer processes 00:11:42 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000005dc0), 0x0, 0x0) ioctl$BLKIOMIN(r0, 0x1278, &(0x7f0000000000)) 00:11:42 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0x8812}) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000180)={0x0, 0x2aaaacee, [@local]}) [ 730.447307][ T2045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 730.958143][ T2044] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 730.960016][ T2044] CPU: 0 PID: 2044 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 730.961123][ T2044] Hardware name: riscv-virtio,qemu (DT) [ 730.962011][ T2044] Call Trace: [ 730.962965][ T2044] [] dump_backtrace+0x2e/0x3c [ 730.964324][ T2044] [] show_stack+0x34/0x40 [ 730.965546][ T2044] [] dump_stack_lvl+0xe4/0x150 [ 730.966520][ T2044] [] dump_stack+0x1c/0x24 [ 730.967434][ T2044] [] panic+0x24a/0x634 [ 730.968243][ T2044] [] schedule+0x0/0x14c [ 730.969062][ T2044] [] preempt_schedule_common+0x4e/0xde [ 730.970029][ T2044] [] preempt_schedule+0x34/0x36 [ 730.970888][ T2044] [] _raw_spin_unlock_irqrestore+0x8c/0x98 [ 730.971785][ T2044] [] debug_check_no_obj_freed+0x14c/0x24a [ 730.972819][ T2044] [] free_pcp_prepare+0x24e/0x45e [ 730.974081][ T2044] [] free_unref_page+0x6a/0x31e [ 730.975219][ T2044] [] __free_pages+0xe2/0x112 [ 730.976067][ T2044] [] __free_slab+0x122/0x27c [ 730.976938][ T2044] [] discard_slab+0x4c/0x7a [ 730.977774][ T2044] [] __slab_free+0x20a/0x29c [ 730.978542][ T2044] [] ___cache_free+0x17c/0x354 [ 730.979398][ T2044] [] qlist_free_all+0x7c/0x132 [ 730.980197][ T2044] [] kasan_quarantine_reduce+0x14c/0x1c8 [ 730.981186][ T2044] [] __kasan_slab_alloc+0x5c/0x98 [ 730.982064][ T2044] [] kmem_cache_alloc_trace+0x278/0x2e0 [ 730.983238][ T2044] [] kobject_uevent_env+0x1c6/0xdfe [ 730.984938][ T2044] [] kobject_uevent+0x22/0x2e [ 730.986576][ T2044] [] __kobject_del+0x112/0x140 [ 730.987594][ T2044] [] kobject_put+0x28c/0x38e [ 730.988878][ T2044] [] net_rx_queue_update_kobjects+0x33a/0x3c6 [ 730.990102][ T2044] [] netif_set_real_num_rx_queues+0xfa/0x166 [ 730.991162][ T2044] [] veth_init_queues+0x9c/0xf4 [ 730.992322][ T2044] [] veth_newlink+0x602/0x7dc [ 730.993538][ T2044] [] __rtnl_newlink+0xc16/0xfa0 [ 730.994937][ T2044] [] rtnl_newlink+0x60/0x8c [ 730.996417][ T2044] [] rtnetlink_rcv_msg+0x338/0x9a0 [ 730.997613][ T2044] [] netlink_rcv_skb+0xf8/0x2be [ 730.998437][ T2044] [] rtnetlink_rcv+0x26/0x30 [ 730.999211][ T2044] [] netlink_unicast+0x40e/0x5fe [ 730.999952][ T2044] [] netlink_sendmsg+0x4e0/0x994 [ 731.000769][ T2044] [] sock_sendmsg+0xa0/0xc4 [ 731.001562][ T2044] [] __sys_sendto+0x1f2/0x2e0 [ 731.002292][ T2044] [] sys_sendto+0x3e/0x52 [ 731.003326][ T2044] [] ret_from_syscall+0x0/0x2 [ 731.005417][ T2044] SMP: stopping secondary CPUs [ 731.008133][ T2044] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:18:30 Registers: info registers vcpu 0 pc ffffffff80112488 mhartid 0000000000000000 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff831afd22 mcause 0000000000000009 scause 8000000000000009 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80122684 x2/sp ffffaf800741a270 x3/gp ffffffff85863ac0 x4/tp ffffaf800bcb0000 x5/t0 ffffffff86bd8ed8 x6/t1 fffffffff3f3f3f3 x7/t2 0000000000000000 x8/s0 ffffaf8007419e20 x9/s1 0000000000000002 x10/a0 0000000000000000 x11/a1 00000000000f0000 x12/a2 1ffff5f000e83430 x13/a3 ffffffff8011ed3e x14/a4 ffffaf800bcb1000 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffaf8007419f27 x18/s2 ffffffff8011c4dc x19/s3 1ffff5f000e833d4 x20/s4 000000007fffffff x21/s5 ffffffff85889780 x22/s6 ffffaf8007419e60 x23/s7 1ffff5f000e83374 x24/s8 ffffffff85889780 x25/s9 ffffffff00000000 x26/s10 0000000000ffffff x27/s11 ffffffff838d6d80 x28/t3 1ffff5f000e833b8 x29/t4 fffff5ef00e8339c x30/t5 fffff5ef00e8339d x31/t6 ffffaf8007419fd1 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff8013fa14 mhartid 0000000000000001 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 00007fffb907229c mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80b07954 x2/sp ffffaf800efc7e10 x3/gp ffffffff85863ac0 x4/tp ffffaf800bcb1840 x5/t0 0000000000000000 x6/t1 a3fc8828f6f96600 x7/t2 ffffffffb487e420 x8/s0 ffffaf800efc7ed0 x9/s1 0000000000000001 x10/a0 ffffaf800bcb1840 x11/a1 0000000000000001 x12/a2 1ffff5f001796309 x13/a3 ffffffff8023782c x14/a4 ffffaf800bcb2840 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff831a2308 x18/s2 ffffaf805a9f03e8 x19/s3 ffffffff8000e846 x20/s4 0000000000000000 x21/s5 0000000000000000 x22/s6 0000000000000000 x23/s7 00007fffb940cc48 x24/s8 ffffffffffffffff x25/s9 0000000000000000 x26/s10 0000000000000001 x27/s11 0000000000000002 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001df8f78 x31/t6 0000000000040000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000