syzkaller login: [ 287.464335][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 299.467388][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 299.525707][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 330.575646][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:46646' (ECDSA) to the list of known hosts. 1970/01/01 00:06:02 fuzzer started 1970/01/01 00:06:17 dialing manager at localhost:41357 [ 384.198673][ T2038] cgroup: Unknown subsys name 'net' [ 385.374891][ T2038] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:25 syscalls: 2827 1970/01/01 00:06:25 code coverage: enabled 1970/01/01 00:06:25 comparison tracing: enabled 1970/01/01 00:06:25 extra coverage: enabled 1970/01/01 00:06:25 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:25 setuid sandbox: enabled 1970/01/01 00:06:25 namespace sandbox: enabled 1970/01/01 00:06:25 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:25 fault injection: enabled 1970/01/01 00:06:25 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:25 net packet injection: enabled 1970/01/01 00:06:25 net device setup: enabled 1970/01/01 00:06:25 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:25 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:25 USB emulation: enabled 1970/01/01 00:06:25 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:25 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:25 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:25 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:33 fetching corpus: 50, signal 28214/31800 (executing program) 1970/01/01 00:06:36 fetching corpus: 99, signal 41573/46642 (executing program) 1970/01/01 00:06:40 fetching corpus: 149, signal 52577/59045 (executing program) 1970/01/01 00:06:45 fetching corpus: 198, signal 60048/67886 (executing program) 1970/01/01 00:06:50 fetching corpus: 248, signal 72325/81208 (executing program) 1970/01/01 00:06:52 fetching corpus: 297, signal 76991/87051 (executing program) 1970/01/01 00:06:55 fetching corpus: 347, signal 82035/93213 (executing program) 1970/01/01 00:06:58 fetching corpus: 397, signal 89163/101250 (executing program) 1970/01/01 00:07:03 fetching corpus: 447, signal 94015/107078 (executing program) 1970/01/01 00:07:05 fetching corpus: 497, signal 97671/111768 (executing program) 1970/01/01 00:07:08 fetching corpus: 547, signal 99851/115053 (executing program) 1970/01/01 00:07:11 fetching corpus: 597, signal 101831/118075 (executing program) 1970/01/01 00:07:14 fetching corpus: 647, signal 104861/122022 (executing program) 1970/01/01 00:07:19 fetching corpus: 697, signal 108471/126452 (executing program) 1970/01/01 00:07:23 fetching corpus: 747, signal 110917/129798 (executing program) 1970/01/01 00:07:26 fetching corpus: 797, signal 116869/136216 (executing program) 1970/01/01 00:07:29 fetching corpus: 847, signal 120079/140150 (executing program) 1970/01/01 00:07:32 fetching corpus: 897, signal 122092/142983 (executing program) 1970/01/01 00:07:35 fetching corpus: 947, signal 124225/145892 (executing program) 1970/01/01 00:07:37 fetching corpus: 996, signal 127867/150082 (executing program) 1970/01/01 00:07:40 fetching corpus: 1046, signal 128991/152095 (executing program) 1970/01/01 00:07:42 fetching corpus: 1096, signal 130995/154782 (executing program) 1970/01/01 00:07:45 fetching corpus: 1146, signal 132854/157358 (executing program) 1970/01/01 00:07:48 fetching corpus: 1196, signal 138685/163124 (executing program) 1970/01/01 00:07:52 fetching corpus: 1246, signal 141351/166292 (executing program) 1970/01/01 00:07:54 fetching corpus: 1295, signal 144794/169980 (executing program) 1970/01/01 00:07:58 fetching corpus: 1345, signal 146845/172577 (executing program) 1970/01/01 00:08:02 fetching corpus: 1394, signal 148670/174957 (executing program) 1970/01/01 00:08:05 fetching corpus: 1444, signal 150277/177092 (executing program) 1970/01/01 00:08:08 fetching corpus: 1494, signal 151333/178832 (executing program) 1970/01/01 00:08:11 fetching corpus: 1544, signal 152418/180558 (executing program) 1970/01/01 00:08:14 fetching corpus: 1594, signal 154048/182682 (executing program) 1970/01/01 00:08:16 fetching corpus: 1643, signal 156344/185335 (executing program) 1970/01/01 00:08:18 fetching corpus: 1693, signal 158219/187630 (executing program) 1970/01/01 00:08:21 fetching corpus: 1742, signal 159615/189497 (executing program) 1970/01/01 00:08:24 fetching corpus: 1792, signal 162083/192181 (executing program) 1970/01/01 00:08:26 fetching corpus: 1842, signal 163256/193866 (executing program) 1970/01/01 00:08:29 fetching corpus: 1892, signal 165808/196457 (executing program) 1970/01/01 00:08:31 fetching corpus: 1942, signal 168652/199261 (executing program) 1970/01/01 00:08:33 fetching corpus: 1992, signal 169916/200944 (executing program) 1970/01/01 00:08:37 fetching corpus: 2042, signal 171481/202802 (executing program) 1970/01/01 00:08:40 fetching corpus: 2092, signal 176044/206656 (executing program) 1970/01/01 00:08:44 fetching corpus: 2142, signal 178474/209024 (executing program) 1970/01/01 00:08:46 fetching corpus: 2191, signal 179170/210169 (executing program) 1970/01/01 00:08:48 fetching corpus: 2241, signal 180302/211603 (executing program) 1970/01/01 00:08:51 fetching corpus: 2290, signal 181213/212878 (executing program) 1970/01/01 00:08:57 fetching corpus: 2340, signal 182155/214177 (executing program) 1970/01/01 00:09:00 fetching corpus: 2390, signal 183294/215567 (executing program) 1970/01/01 00:09:04 fetching corpus: 2439, signal 184763/217136 (executing program) 1970/01/01 00:09:08 fetching corpus: 2488, signal 186608/218885 (executing program) 1970/01/01 00:09:11 fetching corpus: 2538, signal 187656/220187 (executing program) 1970/01/01 00:09:12 fetching corpus: 2586, signal 188390/221259 (executing program) 1970/01/01 00:09:15 fetching corpus: 2635, signal 189164/222351 (executing program) 1970/01/01 00:09:18 fetching corpus: 2685, signal 190869/223977 (executing program) 1970/01/01 00:09:21 fetching corpus: 2735, signal 194159/226464 (executing program) 1970/01/01 00:09:23 fetching corpus: 2784, signal 194875/227441 (executing program) 1970/01/01 00:09:27 fetching corpus: 2834, signal 198386/230093 (executing program) 1970/01/01 00:09:29 fetching corpus: 2884, signal 200078/231622 (executing program) 1970/01/01 00:09:32 fetching corpus: 2934, signal 200854/232575 (executing program) 1970/01/01 00:09:35 fetching corpus: 2984, signal 202492/233961 (executing program) 1970/01/01 00:09:38 fetching corpus: 3033, signal 203275/234897 (executing program) 1970/01/01 00:09:41 fetching corpus: 3083, signal 203868/235751 (executing program) 1970/01/01 00:09:45 fetching corpus: 3132, signal 204703/236649 (executing program) 1970/01/01 00:09:47 fetching corpus: 3180, signal 205555/237626 (executing program) 1970/01/01 00:09:50 fetching corpus: 3230, signal 206417/238571 (executing program) 1970/01/01 00:09:52 fetching corpus: 3279, signal 207374/239495 (executing program) 1970/01/01 00:09:55 fetching corpus: 3329, signal 208767/240677 (executing program) 1970/01/01 00:09:58 fetching corpus: 3379, signal 210717/242122 (executing program) 1970/01/01 00:10:01 fetching corpus: 3429, signal 211244/242823 (executing program) 1970/01/01 00:10:04 fetching corpus: 3479, signal 211969/243653 (executing program) 1970/01/01 00:10:10 fetching corpus: 3528, signal 214077/245064 (executing program) 1970/01/01 00:10:14 fetching corpus: 3578, signal 215258/246082 (executing program) 1970/01/01 00:10:18 fetching corpus: 3627, signal 216015/246849 (executing program) 1970/01/01 00:10:21 fetching corpus: 3677, signal 217017/247712 (executing program) 1970/01/01 00:10:25 fetching corpus: 3727, signal 217827/248476 (executing program) 1970/01/01 00:10:29 fetching corpus: 3777, signal 218712/249281 (executing program) 1970/01/01 00:10:32 fetching corpus: 3827, signal 219413/249986 (executing program) 1970/01/01 00:10:35 fetching corpus: 3877, signal 220400/250807 (executing program) 1970/01/01 00:10:37 fetching corpus: 3927, signal 221129/251503 (executing program) 1970/01/01 00:10:40 fetching corpus: 3977, signal 221754/252158 (executing program) 1970/01/01 00:10:42 fetching corpus: 4027, signal 222886/252973 (executing program) 1970/01/01 00:10:46 fetching corpus: 4076, signal 223614/253606 (executing program) 1970/01/01 00:10:48 fetching corpus: 4126, signal 224497/254291 (executing program) 1970/01/01 00:10:51 fetching corpus: 4176, signal 225171/254883 (executing program) 1970/01/01 00:10:55 fetching corpus: 4226, signal 226289/255604 (executing program) 1970/01/01 00:10:57 fetching corpus: 4275, signal 226838/256126 (executing program) 1970/01/01 00:11:00 fetching corpus: 4325, signal 228775/257140 (executing program) 1970/01/01 00:11:03 fetching corpus: 4375, signal 229756/257806 (executing program) 1970/01/01 00:11:05 fetching corpus: 4423, signal 230463/258356 (executing program) 1970/01/01 00:11:09 fetching corpus: 4473, signal 231001/258860 (executing program) 1970/01/01 00:11:12 fetching corpus: 4522, signal 231708/259416 (executing program) 1970/01/01 00:11:15 fetching corpus: 4572, signal 232187/259870 (executing program) 1970/01/01 00:11:17 fetching corpus: 4622, signal 232915/260399 (executing program) 1970/01/01 00:11:19 fetching corpus: 4672, signal 233595/260912 (executing program) 1970/01/01 00:11:21 fetching corpus: 4721, signal 234283/261413 (executing program) 1970/01/01 00:11:25 fetching corpus: 4771, signal 235514/262058 (executing program) 1970/01/01 00:11:29 fetching corpus: 4821, signal 236316/262537 (executing program) 1970/01/01 00:11:32 fetching corpus: 4870, signal 236986/263018 (executing program) 1970/01/01 00:11:36 fetching corpus: 4920, signal 237560/263454 (executing program) 1970/01/01 00:11:38 fetching corpus: 4970, signal 238090/263862 (executing program) 1970/01/01 00:11:42 fetching corpus: 5019, signal 239168/264407 (executing program) 1970/01/01 00:11:45 fetching corpus: 5068, signal 239716/264822 (executing program) 1970/01/01 00:11:48 fetching corpus: 5118, signal 240607/265294 (executing program) 1970/01/01 00:11:50 fetching corpus: 5168, signal 241246/265682 (executing program) 1970/01/01 00:11:52 fetching corpus: 5218, signal 241926/266052 (executing program) 1970/01/01 00:11:55 fetching corpus: 5268, signal 243266/266632 (executing program) 1970/01/01 00:11:58 fetching corpus: 5317, signal 244141/267001 (executing program) 1970/01/01 00:12:01 fetching corpus: 5367, signal 244763/267336 (executing program) 1970/01/01 00:12:04 fetching corpus: 5417, signal 245445/267690 (executing program) 1970/01/01 00:12:06 fetching corpus: 5467, signal 246127/268004 (executing program) 1970/01/01 00:12:09 fetching corpus: 5516, signal 246616/268304 (executing program) 1970/01/01 00:12:13 fetching corpus: 5566, signal 247364/268664 (executing program) 1970/01/01 00:12:15 fetching corpus: 5616, signal 247988/268948 (executing program) 1970/01/01 00:12:18 fetching corpus: 5666, signal 250173/269512 (executing program) 1970/01/01 00:12:21 fetching corpus: 5716, signal 250618/269774 (executing program) 1970/01/01 00:12:24 fetching corpus: 5766, signal 251238/270022 (executing program) 1970/01/01 00:12:27 fetching corpus: 5816, signal 251703/270236 (executing program) 1970/01/01 00:12:31 fetching corpus: 5866, signal 252444/270464 (executing program) 1970/01/01 00:12:35 fetching corpus: 5916, signal 253040/270689 (executing program) 1970/01/01 00:12:38 fetching corpus: 5965, signal 253511/270877 (executing program) 1970/01/01 00:12:41 fetching corpus: 6014, signal 253851/271058 (executing program) 1970/01/01 00:12:44 fetching corpus: 6064, signal 254320/271251 (executing program) 1970/01/01 00:12:46 fetching corpus: 6114, signal 254978/271435 (executing program) 1970/01/01 00:12:49 fetching corpus: 6164, signal 256108/271656 (executing program) 1970/01/01 00:12:52 fetching corpus: 6214, signal 256629/271835 (executing program) 1970/01/01 00:12:55 fetching corpus: 6263, signal 257136/272005 (executing program) 1970/01/01 00:12:57 fetching corpus: 6312, signal 258230/272194 (executing program) 1970/01/01 00:12:59 fetching corpus: 6361, signal 258691/272335 (executing program) 1970/01/01 00:13:01 fetching corpus: 6411, signal 259310/272499 (executing program) 1970/01/01 00:13:05 fetching corpus: 6461, signal 259817/272654 (executing program) 1970/01/01 00:13:08 fetching corpus: 6511, signal 260346/272777 (executing program) 1970/01/01 00:13:11 fetching corpus: 6561, signal 261368/272918 (executing program) 1970/01/01 00:13:13 fetching corpus: 6611, signal 261867/273014 (executing program) 1970/01/01 00:13:16 fetching corpus: 6661, signal 262450/273111 (executing program) 1970/01/01 00:13:20 fetching corpus: 6711, signal 262832/273193 (executing program) 1970/01/01 00:13:23 fetching corpus: 6760, signal 263712/273252 (executing program) 1970/01/01 00:13:26 fetching corpus: 6810, signal 264396/273252 (executing program) 1970/01/01 00:13:28 fetching corpus: 6859, signal 264779/273252 (executing program) 1970/01/01 00:13:31 fetching corpus: 6907, signal 265387/273259 (executing program) 1970/01/01 00:13:34 fetching corpus: 6956, signal 265769/273259 (executing program) 1970/01/01 00:13:36 fetching corpus: 7006, signal 266307/273259 (executing program) 1970/01/01 00:13:40 fetching corpus: 7056, signal 266604/273261 (executing program) 1970/01/01 00:13:42 fetching corpus: 7104, signal 266927/273266 (executing program) 1970/01/01 00:13:45 fetching corpus: 7154, signal 267576/273266 (executing program) 1970/01/01 00:13:48 fetching corpus: 7204, signal 267956/273270 (executing program) 1970/01/01 00:13:50 fetching corpus: 7254, signal 268298/273270 (executing program) 1970/01/01 00:13:53 fetching corpus: 7303, signal 268943/273270 (executing program) 1970/01/01 00:13:56 fetching corpus: 7352, signal 269334/273270 (executing program) 1970/01/01 00:13:58 fetching corpus: 7384, signal 269567/273270 (executing program) 1970/01/01 00:13:58 fetching corpus: 7385, signal 269572/273270 (executing program) 1970/01/01 00:13:58 fetching corpus: 7385, signal 269572/273270 (executing program) 1970/01/01 00:16:09 starting 2 fuzzer processes 00:16:09 executing program 0: syz_emit_ethernet(0x4e, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "db2351", 0x18, 0x0, 0x0, @dev, @private0, {[@dstopts={0x0, 0x1, '\x00', [@ra, @calipso={0x7, 0x8}]}]}}}}}, 0x0) 00:16:09 executing program 1: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1636e1, 0x0) fallocate(r1, 0x10, 0x0, 0x10001) [ 1001.215768][ T2064] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1001.904175][ T2064] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1003.106069][ T2065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1003.746960][ T2065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1014.915259][ T2064] device hsr_slave_0 entered promiscuous mode [ 1014.935815][ T2064] device hsr_slave_1 entered promiscuous mode [ 1016.324286][ C0] ================================================================== [ 1016.329532][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 1016.332156][ C0] Read of size 8 at addr ffffaf800cf93fd0 by task syz-executor.0/2064 [ 1016.333713][ C0] [ 1016.335619][ C0] CPU: 0 PID: 2064 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1016.337307][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1016.338453][ C0] Call Trace: [ 1016.339594][ C0] [] dump_backtrace+0x2e/0x3c [ 1016.341083][ C0] [] show_stack+0x34/0x40 [ 1016.342529][ C0] [] dump_stack_lvl+0xe4/0x150 [ 1016.343767][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 1016.345227][ C0] [] kasan_report+0x184/0x1e0 [ 1016.346450][ C0] [] __asan_load8+0x6e/0x96 [ 1016.347607][ C0] [] walk_stackframe+0x11c/0x260 [ 1016.348876][ C0] [] arch_stack_walk+0x2c/0x3c [ 1016.350947][ C0] [ 1016.352059][ C0] Allocated by task 0: [ 1016.352879][ C0] (stack is not available) [ 1016.353662][ C0] [ 1016.354316][ C0] Last potentially related work creation: [ 1016.355320][ C0] ------------[ cut here ]------------ [ 1016.356199][ C0] slab index 750848 out of bounds (296) for stack id d38b7500 [ 1016.361043][ C0] WARNING: CPU: 0 PID: 2064 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 1016.362965][ C0] Modules linked in: [ 1016.364088][ C0] CPU: 0 PID: 2064 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1016.365475][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1016.366427][ C0] epc : stack_depot_print+0x66/0x70 [ 1016.367664][ C0] ra : stack_depot_print+0x66/0x70 [ 1016.368908][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800cf93e90 [ 1016.370765][ C0] gp : ffffffff85863ac0 tp : ffffaf800b930000 t0 : ffffffff86bcb657 [ 1016.372292][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800cf93ea0 [ 1016.373467][ C0] s1 : ffffaf807a9ef080 a0 : 000000000000003b a1 : 00000000000f0000 [ 1016.374634][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : 97a83d89d38b7500 [ 1016.375868][ C0] a5 : 97a83d89d38b7500 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 1016.377030][ C0] s2 : ffffaf800cf93fd0 s3 : ffffaf8007201c80 s4 : ffffaf800cf93c00 [ 1016.378196][ C0] s5 : ffffaf800cf93e00 s6 : 0000000000003fff s7 : ffffaf800cf93f70 [ 1016.379474][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf800cf94040 [ 1016.380994][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 1016.382088][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800cf93998 [ 1016.383017][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 1016.384293][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 1016.385728][ C0] [] kasan_report+0x184/0x1e0 [ 1016.386948][ C0] [] __asan_load8+0x6e/0x96 [ 1016.388103][ C0] [] walk_stackframe+0x11c/0x260 [ 1016.389433][ C0] [] arch_stack_walk+0x2c/0x3c [ 1016.391368][ C0] irq event stamp: 68453 [ 1016.392318][ C0] hardirqs last enabled at (68452): [] __trace_hardirqs_on+0x18/0x20 [ 1016.393822][ C0] hardirqs last disabled at (68453): [] _raw_spin_lock_irqsave+0x60/0x62 [ 1016.395282][ C0] softirqs last enabled at (68374): [] neigh_parms_alloc+0x268/0x38a [ 1016.396756][ C0] softirqs last disabled at (68381): [] __irq_exit_rcu+0x142/0x1f8 [ 1016.398218][ C0] ---[ end trace 0000000000000000 ]--- [ 1016.399679][ C0] [ 1016.400619][ C0] Second to last potentially related work creation: [ 1016.401685][ C0] ------------[ cut here ]------------ [ 1016.402697][ C0] slab index 2076544 out of bounds (296) for stack id ffffaf80 [ 1016.406603][ C0] WARNING: CPU: 0 PID: 2064 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 1016.408263][ C0] Modules linked in: [ 1016.409446][ C0] CPU: 0 PID: 2064 Comm: syz-executor.0 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1016.411958][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1016.412991][ C0] epc : stack_depot_print+0x66/0x70 [ 1016.414166][ C0] ra : stack_depot_print+0x66/0x70 [ 1016.415313][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800cf93e90 [ 1016.416464][ C0] gp : ffffffff85863ac0 tp : ffffaf800b930000 t0 : ffffffff86bcb657 [ 1016.417587][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800cf93ea0 [ 1016.418704][ C0] s1 : ffffaf807a9ef080 a0 : 000000000000003c a1 : 00000000000f0000 [ 1016.420806][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : 97a83d89d38b7500 [ 1016.422673][ C0] a5 : 97a83d89d38b7500 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 1016.423908][ C0] s2 : ffffaf800cf93fd0 s3 : ffffaf8007201c80 s4 : ffffaf800cf93c00 [ 1016.425054][ C0] s5 : ffffaf800cf93e00 s6 : 0000000000003fff s7 : ffffaf800cf93f70 [ 1016.426206][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf800cf94040 [ 1016.427326][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 1016.428455][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800cf93998 [ 1016.430202][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 1016.432539][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 1016.434068][ C0] [] kasan_report+0x184/0x1e0 [ 1016.435347][ C0] [] __asan_load8+0x6e/0x96 [ 1016.436542][ C0] [] walk_stackframe+0x11c/0x260 [ 1016.437799][ C0] [] arch_stack_walk+0x2c/0x3c [ 1016.439019][ C0] irq event stamp: 68453 [ 1016.440340][ C0] hardirqs last enabled at (68452): [] __trace_hardirqs_on+0x18/0x20 [ 1016.442474][ C0] hardirqs last disabled at (68453): [] _raw_spin_lock_irqsave+0x60/0x62 [ 1016.443972][ C0] softirqs last enabled at (68374): [] neigh_parms_alloc+0x268/0x38a [ 1016.445410][ C0] softirqs last disabled at (68381): [] __irq_exit_rcu+0x142/0x1f8 [ 1016.446851][ C0] ---[ end trace 0000000000000000 ]--- [ 1016.447830][ C0] [ 1016.448492][ C0] The buggy address belongs to the object at ffffaf800cf93c00 [ 1016.448492][ C0] which belongs to the cache kmalloc-512 of size 512 [ 1016.451149][ C0] The buggy address is located 464 bytes to the right of [ 1016.451149][ C0] 512-byte region [ffffaf800cf93c00, ffffaf800cf93e00) [ 1016.453462][ C0] The buggy address belongs to the page: [ 1016.455344][ C0] page:ffffaf807a9ef080 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8d190 [ 1016.456946][ C0] head:ffffaf807a9ef080 order:2 compound_mapcount:0 compound_pincount:0 [ 1016.458300][ C0] flags: 0x8800010200(slab|head|section=17|node=0|zone=0) [ 1016.461816][ C0] raw: 0000008800010200 0000000000000000 0000000000000001 ffffaf8007201c80 [ 1016.463094][ C0] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 1016.464189][ C0] raw: 00000000000007ff [ 1016.465053][ C0] page dumped because: kasan: bad access detected [ 1016.466251][ C0] page_owner tracks the page as allocated [ 1016.467122][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, ts 53657393000, free_ts 0 [ 1016.469086][ C0] __set_page_owner+0x48/0x136 [ 1016.470572][ C0] post_alloc_hook+0xd0/0x10a [ 1016.472057][ C0] get_page_from_freelist+0x8da/0x12d8 [ 1016.473246][ C0] __alloc_pages+0x150/0x3b6 [ 1016.474284][ C0] alloc_page_interleave+0x2a/0x1cc [ 1016.475401][ C0] alloc_pages+0x210/0x2a6 [ 1016.476534][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 1016.477676][ C0] new_slab+0x76/0x2cc [ 1016.478668][ C0] ___slab_alloc+0x56e/0x918 [ 1016.480049][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 1016.481627][ C0] kmem_cache_alloc_node_trace+0x1ea/0x2e2 [ 1016.482871][ C0] iolatency_pd_alloc+0x86/0x110 [ 1016.483980][ C0] blkcg_activate_policy+0x184/0x7b4 [ 1016.485028][ C0] blk_iolatency_init+0x11c/0x22e [ 1016.486077][ C0] blkcg_init_queue+0x1a8/0x6c6 [ 1016.487124][ C0] blk_alloc_queue+0x322/0x584 [ 1016.488355][ C0] page_owner free stack trace missing [ 1016.489440][ C0] [ 1016.490286][ C0] Memory state around the buggy address: [ 1016.492074][ C0] ffffaf800cf93e80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 1016.493474][ C0] ffffaf800cf93f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 1016.495125][ C0] >ffffaf800cf93f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1016.496370][ C0] ^ [ 1016.497452][ C0] ffffaf800cf94000: 00 00 00 00 f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 [ 1016.498567][ C0] ffffaf800cf94080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1016.500105][ C0] ================================================================== [ 1016.501847][ C0] Disabling lock debugging due to kernel taint [ 1016.517600][ T2064] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 1016.518846][ T2064] CPU: 0 PID: 2064 Comm: syz-executor.0 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1016.521032][ T2064] Hardware name: riscv-virtio,qemu (DT) [ 1016.522172][ T2064] Call Trace: [ 1016.522735][ T2064] [] dump_backtrace+0x2e/0x3c [ 1016.523816][ T2064] [] show_stack+0x34/0x40 [ 1016.524749][ T2064] [] dump_stack_lvl+0xe4/0x150 [ 1016.525789][ T2064] [] dump_stack+0x1c/0x24 [ 1016.526806][ T2064] [] panic+0x24a/0x634 [ 1016.527759][ T2064] [] schedule+0x0/0x14c [ 1016.528746][ T2064] [] preempt_schedule_irq+0x4a/0x13e [ 1016.530401][ T2064] [] resume_kernel+0x16/0x18 [ 1016.531810][ T2064] SMP: stopping secondary CPUs [ 1016.534049][ T2064] Rebooting in 86400 seconds.. VM DIAGNOSIS: 19:55:42 Registers: info registers vcpu 0 pc ffffffff80dc337e mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000a010 sepc ffffffff80476210 mcause 8000000000000007 scause 8000000000000001 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc337e x2/sp ffffaf800cf939a0 x3/gp ffffffff85863ac0 x4/tp ffffaf800b930000 x5/t0 ffffffff86bcb657 x6/t1 97a83d89d38b7500 x7/t2 0000000000000000 x8/s0 ffffaf800cf939d0 x9/s1 ffffffff86e58900 x10/a0 ffffffff86e58948 x11/a1 ffff8f800066c000 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc9fe x18/s2 ffff8f800066c000 x19/s3 0000000000000037 x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb658 x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0019f26e4 x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80475986 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff80475986 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80119b52 x2/sp ffffaf80103977e0 x3/gp ffffffff85863ac0 x4/tp ffffaf800d509840 x5/t0 00000000000001f8 x6/t1 97a83d89d38b7500 x7/t2 ffffffffffffffff x8/s0 ffffaf8010397820 x9/s1 ffffaf800c1c0c98 x10/a0 ffffaf800c1c0c98 x11/a1 0000000000000003 x12/a2 1ffff5f001838193 x13/a3 ffffffff80119b52 x14/a4 0000000000000000 x15/a5 0000000000000001 x16/a6 0000000000f00000 x17/a7 ffffffff826e6226 x18/s2 0000000000000001 x19/s3 ffffaf800d509840 x20/s4 ffffaf800c1c0ca8 x21/s5 ffffaf800c1c0ca0 x22/s6 ffffaf8010397960 x23/s7 ffffaf8010397b00 x24/s8 0000000000000000 x25/s9 0000000000004000 x26/s10 0000000000000040 x27/s11 0000000000000001 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f002072eb4 x31/t6 000000000327e836 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000