syzkaller login: [  243.038116][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  243.100780][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  269.981225][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:11287' (ECDSA) to the list of known hosts.
1970/01/01 00:05:19 fuzzer started
1970/01/01 00:05:32 dialing manager at localhost:42307
[  340.400834][ T2044] cgroup: Unknown subsys name 'net'
[  341.509586][ T2044] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:05:41 syscalls: 2918
1970/01/01 00:05:41 code coverage: enabled
1970/01/01 00:05:41 comparison tracing: enabled
1970/01/01 00:05:41 extra coverage: enabled
1970/01/01 00:05:41 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:05:41 setuid sandbox: enabled
1970/01/01 00:05:41 namespace sandbox: enabled
1970/01/01 00:05:41 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:05:41 fault injection: enabled
1970/01/01 00:05:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:05:41 net packet injection: enabled
1970/01/01 00:05:41 net device setup: enabled
1970/01/01 00:05:41 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:05:41 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:05:41 NIC VF setup: PCI device 0000:00:11.0 is not available
1970/01/01 00:05:41 USB emulation: enabled
1970/01/01 00:05:41 hci packet injection: /dev/vhci does not exist
1970/01/01 00:05:41 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:05:41 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:05:41 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:05:48 fetching corpus: 49, signal 41454/42814 (executing program)
1970/01/01 00:05:52 fetching corpus: 93, signal 50280/51448 (executing program)
1970/01/01 00:05:57 fetching corpus: 140, signal 59430/59820 (executing program)
1970/01/01 00:05:57 fetching corpus: 145, signal 59832/60261 (executing program)
1970/01/01 00:05:57 fetching corpus: 145, signal 59832/60345 (executing program)
1970/01/01 00:05:57 fetching corpus: 145, signal 59832/60445 (executing program)
1970/01/01 00:05:57 fetching corpus: 145, signal 59832/60543 (executing program)
1970/01/01 00:05:58 fetching corpus: 145, signal 59832/60656 (executing program)
1970/01/01 00:05:58 fetching corpus: 145, signal 59832/60783 (executing program)
1970/01/01 00:05:58 fetching corpus: 145, signal 59832/60892 (executing program)
1970/01/01 00:05:58 fetching corpus: 146, signal 59842/61007 (executing program)
1970/01/01 00:05:58 fetching corpus: 146, signal 59842/61108 (executing program)
1970/01/01 00:05:58 fetching corpus: 146, signal 59842/61208 (executing program)
1970/01/01 00:05:58 fetching corpus: 146, signal 59842/61305 (executing program)
1970/01/01 00:05:59 fetching corpus: 146, signal 59842/61427 (executing program)
1970/01/01 00:05:59 fetching corpus: 146, signal 59842/61525 (executing program)
1970/01/01 00:05:59 fetching corpus: 146, signal 59842/61630 (executing program)
1970/01/01 00:05:59 fetching corpus: 146, signal 59842/61743 (executing program)
1970/01/01 00:05:59 fetching corpus: 146, signal 59888/61843 (executing program)
1970/01/01 00:06:00 fetching corpus: 148, signal 59944/61965 (executing program)
1970/01/01 00:06:00 fetching corpus: 148, signal 59944/62072 (executing program)
1970/01/01 00:06:00 fetching corpus: 148, signal 59944/62188 (executing program)
1970/01/01 00:06:00 fetching corpus: 148, signal 59944/62291 (executing program)
1970/01/01 00:06:00 fetching corpus: 148, signal 59944/62397 (executing program)
1970/01/01 00:06:01 fetching corpus: 148, signal 59944/62490 (executing program)
1970/01/01 00:06:01 fetching corpus: 148, signal 59944/62586 (executing program)
1970/01/01 00:06:01 fetching corpus: 148, signal 60378/62740 (executing program)
1970/01/01 00:06:01 fetching corpus: 148, signal 60378/62825 (executing program)
1970/01/01 00:06:01 fetching corpus: 148, signal 60378/62897 (executing program)
1970/01/01 00:06:02 fetching corpus: 148, signal 60378/62970 (executing program)
1970/01/01 00:06:02 fetching corpus: 148, signal 60378/63017 (executing program)
1970/01/01 00:06:02 fetching corpus: 148, signal 60378/63017 (executing program)
1970/01/01 00:07:48 starting 2 fuzzer processes
00:07:48 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000780)={'filter\x00', 0x7, 0x4, 0x3e0, 0x0, 0x0, 0x0, 0x2f8, 0x2f8, 0x2f8, 0x4, 0x0, {[{{@uncond, 0xc0, 0x100}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "306e39047d2e6584bffdcaa931a60a00b134c617455fe25275d5a0f2e0f8"}}, {{@arp={@private, @rand_addr, 0x0, 0x0, 0x0, 0x0, {@mac=@multicast}, {@mac=@link_local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_macvtap\x00', 'veth1_to_batadv\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @empty, @loopback, @remote}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x430)

00:07:48 executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xc, 0x4, &(0x7f0000000640)=@framed={{}, [@alu={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)

[  487.786770][    C0] ==================================================================
[  487.792717][    C0] 
[  487.793049][    C0] ======================================================
[  487.793166][    C0] WARNING: possible circular locking dependency detected
[  487.793446][    C0] 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Not tainted
[  487.793840][    C0] ------------------------------------------------------
[  487.793967][    C0] syz-executor.1/2050 is trying to acquire lock:
[  487.794244][    C0] ffffffff84a888e0 (console_owner){-.-.}-{0:0}, at: console_unlock+0x2b2/0x97a
[  487.795818][    C0] 
[  487.795818][    C0] but task is already holding lock:
[  487.795933][    C0] ffffffff84c3a588 (report_lock){-.-.}-{2:2}, at: kasan_report+0x84/0x1e0
[  487.796869][    C0] 
[  487.796869][    C0] which lock already depends on the new lock.
[  487.796869][    C0] 
[  487.796982][    C0] 
[  487.796982][    C0] the existing dependency chain (in reverse order) is:
[  487.797129][    C0] 
[  487.797129][    C0] -> #7 (report_lock){-.-.}-{2:2}:
[  487.797689][    C0]        lock_acquire.part.0+0x1d0/0x424
[  487.798187][    C0]        lock_acquire+0x54/0x6a
[  487.798545][    C0]        _raw_spin_lock_irqsave+0x3e/0x62
[  487.798918][    C0]        kasan_report+0x84/0x1e0
[  487.799303][    C0]        __asan_load8+0x6e/0x96
[  487.799672][    C0]        timerqueue_add+0xb0/0x1d0
[  487.800049][    C0]        __hrtimer_run_queues+0x8b4/0xa16
[  487.800420][    C0]        hrtimer_interrupt+0x1d4/0x3ea
[  487.800798][    C0]        riscv_timer_interrupt+0x5c/0x6a
[  487.801144][    C0]        handle_percpu_devid_irq+0x17e/0x2ae
[  487.801539][    C0]        generic_handle_domain_irq+0x7c/0x9c
[  487.801966][    C0] 
[  487.801966][    C0] -> #6 (hrtimer_bases.lock){-.-.}-{2:2}:
[  487.802560][    C0]        lock_acquire.part.0+0x1d0/0x424
[  487.802935][    C0]        lock_acquire+0x54/0x6a
[  487.803298][    C0]        _raw_spin_lock_irqsave+0x3e/0x62
[  487.803630][    C0]        hrtimer_start_range_ns+0x9e/0x6dc
[  487.804003][    C0]        enqueue_task_rt+0x520/0x568
[  487.804309][    C0]        enqueue_task+0x66/0x136
[  487.804362][    C1] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000003
[  487.804747][    C0]        __sched_setscheduler.constprop.0+0x704/0xdd4
[  487.805180][    C0]        sched_set_fifo+0xc8/0x108
[  487.805544][    C0]        drm_vblank_worker_init+0xea/0x10c
[  487.805934][    C0]        drm_vblank_init+0xec/0x24e
[  487.806344][    C0]        vkms_init+0x272/0x45c
[  487.806725][    C0]        do_one_initcall+0x13a/0x7ea
[  487.807051][    C0]        kernel_init_freeable+0x510/0x5b4
[  487.807433][    C0]        kernel_init+0x28/0x21c
[  487.807873][    C0]        ret_from_exception+0x0/0x10
[  487.808272][    C0] 
[  487.808272][    C0] -> #5 (&rt_b->rt_runtime_lock){-...}-{2:2}:
[  487.808895][    C0]        lock_acquire.part.0+0x1d0/0x424
[  487.809309][    C0]        lock_acquire+0x54/0x6a
[  487.809664][    C0]        _raw_spin_lock+0x32/0x48
[  487.810030][    C0]        rq_online_rt+0x78/0x1b8
[  487.810347][    C0]        set_rq_online.part.0+0xaa/0xc2
[  487.810745][    C0]        sched_cpu_activate+0x1c0/0x250
[  487.811112][    C0]        cpuhp_invoke_callback+0x282/0x504
[  487.811475][    C0]        cpuhp_thread_fun+0x2f6/0x4b0
[  487.811804][    C0]        smpboot_thread_fn+0x448/0x6cc
[  487.812192][    C0]        kthread+0x19e/0x1fa
[  487.812549][    C0]        ret_from_exception+0x0/0x10
[  487.812952][    C0] 
[  487.812952][    C0] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  487.813495][    C0]        lock_acquire.part.0+0x1d0/0x424
[  487.813928][    C0]        lock_acquire+0x54/0x6a
[  487.814305][    C0]        _raw_spin_lock_nested+0x36/0x4e
[  487.814647][    C0]        raw_spin_rq_lock_nested+0x22/0x34
[  487.815062][    C0]        task_fork_fair+0xa8/0x218
[  487.815454][    C0]        sched_post_fork+0x16e/0x196
[  487.815907][    C0]        copy_process+0x3378/0x3c34
[  487.816328][    C0]        kernel_clone+0xee/0x920
[  487.816772][    C0]        kernel_thread+0xf8/0x130
[  487.817203][    C0]        rest_init+0x34/0x3f2
[  487.817601][    C0]        arch_call_rest_init+0x18/0x20
[  487.818012][    C0]        start_kernel+0x66a/0x698
[  487.818396][    C0] 
[  487.818396][    C0] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  487.818939][    C0]        lock_acquire.part.0+0x1d0/0x424
[  487.819319][    C0]        lock_acquire+0x54/0x6a
[  487.819665][    C0]        _raw_spin_lock_irqsave+0x3e/0x62
[  487.820051][    C0]        try_to_wake_up+0xa4/0x748
[  487.820480][    C0]        default_wake_function+0x28/0x36
[  487.820957][    C0]        woken_wake_function+0x38/0x48
[  487.821346][    C0]        __wake_up_common+0xb6/0x236
[  487.821725][    C0]        __wake_up_common_lock+0xd6/0x136
[  487.822088][    C0]        __wake_up+0x10/0x18
[  487.822390][    C0]        tty_wakeup+0x58/0xbe
[  487.822748][    C0]        tty_port_default_wakeup+0x2c/0x44
[  487.823106][    C0]        tty_port_tty_wakeup+0x3a/0x46
[  487.823481][    C0]        uart_write_wakeup+0x34/0x48
[  487.823829][    C0]        serial8250_tx_chars+0x322/0x592
[  487.824260][    C0]        serial8250_handle_irq.part.0+0x284/0x286
[  487.824708][    C0]        serial8250_default_handle_irq+0xac/0x142
[  487.825184][    C0]        serial8250_interrupt+0xbe/0x1a6
[  487.825578][    C0]        __handle_irq_event_percpu+0x16e/0x6ec
[  487.825981][    C0]        handle_irq_event+0x6a/0xfa
[  487.826344][    C0]        handle_fasteoi_irq+0x1c0/0x4d6
[  487.826753][    C0]        generic_handle_domain_irq+0x7c/0x9c
[  487.827092][    C0]        plic_handle_irq+0x122/0x242
[  487.827538][    C0]        generic_handle_domain_irq+0x7c/0x9c
[  487.827896][    C0]        riscv_intc_irq+0x7e/0xc8
[  487.828318][    C0]        generic_handle_arch_irq+0x36/0x54
[  487.828791][    C0]        ret_from_exception+0x0/0x10
[  487.829135][    C0]        folio_memcg_lock+0x254/0x2c4
[  487.829456][    C0] 
[  487.829456][    C0] -> #2 (&tty->write_wait){-.-.}-{2:2}:
[  487.830011][    C0]        lock_acquire.part.0+0x1d0/0x424
[  487.830398][    C0]        lock_acquire+0x54/0x6a
[  487.830726][    C0]        _raw_spin_lock_irqsave+0x3e/0x62
[  487.831097][    C0]        __wake_up_common_lock+0xc4/0x136
[  487.831464][    C0]        __wake_up+0x10/0x18
[  487.831799][    C0]        tty_wakeup+0x58/0xbe
[  487.832159][    C0]        tty_port_default_wakeup+0x2c/0x44
[  487.832503][    C0]        tty_port_tty_wakeup+0x3a/0x46
[  487.832891][    C0]        uart_write_wakeup+0x34/0x48
[  487.833200][    C0]        serial8250_tx_chars+0x322/0x592
[  487.833585][    C0]        serial8250_handle_irq.part.0+0x284/0x286
[  487.834047][    C0]        serial8250_default_handle_irq+0xac/0x142
[  487.834505][    C0]        serial8250_interrupt+0xbe/0x1a6
[  487.834836][    C0]        __handle_irq_event_percpu+0x16e/0x6ec
[  487.835198][    C0]        handle_irq_event+0x6a/0xfa
[  487.835520][    C0]        handle_fasteoi_irq+0x1c0/0x4d6
[  487.835894][    C0]        generic_handle_domain_irq+0x7c/0x9c
[  487.836229][    C0]        plic_handle_irq+0x122/0x242
[  487.836642][    C0]        generic_handle_domain_irq+0x7c/0x9c
[  487.837027][    C0]        riscv_intc_irq+0x7e/0xc8
[  487.837412][    C0]        generic_handle_arch_irq+0x36/0x54
[  487.837820][    C0]        ret_from_exception+0x0/0x10
[  487.838154][    C0]        arch_cpu_idle+0x10/0x20
[  487.838476][    C0] 
[  487.838476][    C0] -> #1 (&port_lock_key){-.-.}-{2:2}:
[  487.839028][    C0]        lock_acquire.part.0+0x1d0/0x424
[  487.839392][    C0]        lock_acquire+0x54/0x6a
[  487.839711][    C0]        _raw_spin_lock_irqsave+0x3e/0x62
[  487.840057][    C0]        serial8250_console_write+0x848/0x8e6
[  487.840476][    C0]        univ8250_console_write+0x46/0x54
[  487.840872][    C0]        console_unlock+0x666/0x97a
[  487.841253][    C0]        register_console+0x250/0x534
[  487.841665][    C0]        uart_add_one_port+0xbf2/0xc14
[  487.841989][    C0]        serial8250_register_8250_port+0x8ce/0xc6e
[  487.842344][    C0]        of_platform_serial_probe+0x7ae/0xa9c
[  487.842667][    C0]        platform_probe+0xc8/0x172
[  487.843037][    C0]        really_probe+0x1a6/0x89e
[  487.843337][    C0]        __driver_probe_device+0x24a/0x2d4
[  487.843648][    C0]        driver_probe_device+0x60/0x1a4
[  487.843961][    C0]        __driver_attach+0x178/0x33e
[  487.844258][    C0]        bus_for_each_dev+0x122/0x194
[  487.844637][    C0]        driver_attach+0x32/0x3c
[  487.845451][    C0]        bus_add_driver+0x2c6/0x41a
[  487.846232][    C0]        driver_register+0x144/0x286
[  487.846568][    C0]        __platform_driver_register+0x46/0x52
[  487.846948][    C0]        of_platform_serial_driver_init+0x22/0x2a
[  487.847409][    C0]        do_one_initcall+0x13a/0x7ea
[  487.847761][    C0]        kernel_init_freeable+0x510/0x5b4
[  487.848159][    C0]        kernel_init+0x28/0x21c
[  487.848535][    C0]        ret_from_exception+0x0/0x10
[  487.848932][    C0] 
[  487.848932][    C0] -> #0 (console_owner){-.-.}-{0:0}:
[  487.849548][    C0]        check_noncircular+0x1de/0x1fe
[  487.849963][    C0]        __lock_acquire+0x19a4/0x333e
[  487.850340][    C0]        lock_acquire.part.0+0x1d0/0x424
[  487.850730][    C0]        lock_acquire+0x54/0x6a
[  487.851104][    C0]        console_unlock+0x304/0x97a
[  487.851479][    C0]        vprintk_emit+0xd2/0x416
[  487.851835][    C0]        vprintk_default+0x22/0x2e
[  487.852216][    C0]        vprintk+0x108/0x13e
[  487.852495][    C0]        _printk+0xa0/0xc8
[  487.852829][    C0]        kasan_report+0x9a/0x1e0
[  487.853223][    C0]        __asan_load8+0x6e/0x96
[  487.853531][    C0]        timerqueue_add+0xb0/0x1d0
[  487.853903][    C0]        __hrtimer_run_queues+0x8b4/0xa16
[  487.854249][    C0]        hrtimer_interrupt+0x1d4/0x3ea
[  487.854629][    C0]        riscv_timer_interrupt+0x5c/0x6a
[  487.854994][    C0]        handle_percpu_devid_irq+0x17e/0x2ae
[  487.855437][    C0]        generic_handle_domain_irq+0x7c/0x9c
[  487.855902][    C0] 
[  487.855902][    C0] other info that might help us debug this:
[  487.855902][    C0] 
[  487.856046][    C0] Chain exists of:
[  487.856046][    C0]   console_owner --> hrtimer_bases.lock --> report_lock
[  487.856046][    C0] 
[  487.856739][    C0]  Possible unsafe locking scenario:
[  487.856739][    C0] 
[  487.856836][    C0]        CPU0                    CPU1
[  487.856921][    C0]        ----                    ----
[  487.856998][    C0]   lock(report_lock);
[  487.857229][    C0]                                lock(hrtimer_bases.lock);
[  487.857510][    C0]                                lock(report_lock);
[  487.857765][    C0]   lock(console_owner);
[  487.858016][    C0] 
[  487.858016][    C0]  *** DEADLOCK ***
[  487.858016][    C0] 
[  487.858153][    C0] 13 locks held by syz-executor.1/2050:
[  487.858399][    C0]  #0: ffffffff855cf108 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x2fe/0x9a0
[  487.859393][    C0]  #1: ffffffff84b73e00 (rcu_read_lock){....}-{1:2}, at: netif_receive_skb_list_internal+0x244/0x816
[  487.860406][    C0]  #2: ffffffff84b73e00 (rcu_read_lock){....}-{1:2}, at: ip_local_deliver_finish+0x7e/0x278
[  487.861433][    C0]  #3: ffffaf800f958cb0 (slock-AF_INET/1){+.-.}-{2:2}, at: tcp_v4_rcv+0x1bd4/0x1f46
[  487.862459][    C0]  #4: ffffffff84b73e00 (rcu_read_lock){....}-{1:2}, at: __ip_queue_xmit+0x0/0xeb2
[  487.863405][    C0]  #5: ffffffff84b73e60 (rcu_read_lock_bh){....}-{1:2}, at: ip_finish_output2+0x1b8/0x1720
[  487.864398][    C0]  #6: ffffffff84b73e60 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x140/0x248c
[  487.865395][    C0]  #7: ffffaf800bf59258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_queue_xmit+0x11ba/0x248c
[  487.866454][    C0]  #8: ffffaf8009db0cd8 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0x300/0x464
[  487.867707][    C0]  #9: ffffffff84b73e00 (rcu_read_lock){....}-{1:2}, at: dev_queue_xmit_nit+0x0/0x73a
[  487.868734][    C0]  #10: ffffaf805a9cb418 (hrtimer_bases.lock){-.-.}-{2:2}, at: __hrtimer_run_queues+0x262/0xa16
[  487.869632][    C0]  #11: ffffffff84c3a588 (report_lock){-.-.}-{2:2}, at: kasan_report+0x84/0x1e0
[  487.870602][    C0]  #12: ffffffff84a88600 (console_lock){+.+.}-{0:0}, at: vprintk_default+0x22/0x2e
[  487.871656][    C0] 
[  487.871656][    C0] stack backtrace:
[  487.872137][    C0] CPU: 0 PID: 2050 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  487.872563][    C0] Hardware name: riscv-virtio,qemu (DT)
[  487.872989][    C0] Call Trace:
[  487.873171][    C0] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  487.873636][    C0] [<ffffffff831668cc>] show_stack+0x34/0x40
[  487.874021][    C0] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  487.874515][    C0] [<ffffffff83175742>] dump_stack+0x1c/0x24
[  487.874994][    C0] [<ffffffff8010f7b8>] print_circular_bug+0x34e/0x3d8
[  487.875441][    C0] [<ffffffff8010fa20>] check_noncircular+0x1de/0x1fe
[  487.875826][    C0] [<ffffffff80113c26>] __lock_acquire+0x19a4/0x333e
[  487.876252][    C0] [<ffffffff80116582>] lock_acquire.part.0+0x1d0/0x424
[  487.876678][    C0] [<ffffffff8011682a>] lock_acquire+0x54/0x6a
[  487.877102][    C0] [<ffffffff8011ee1c>] console_unlock+0x304/0x97a
[  487.877558][    C0] [<ffffffff8012183e>] vprintk_emit+0xd2/0x416
[  487.878045][    C0] [<ffffffff80121ba4>] vprintk_default+0x22/0x2e
[  487.878556][    C0] [<ffffffff8012254a>] vprintk+0x108/0x13e
[  487.878937][    C0] [<ffffffff83169c5c>] _printk+0xa0/0xc8
[  487.879345][    C0] [<ffffffff80474c62>] kasan_report+0x9a/0x1e0
[  487.879849][    C0] [<ffffffff80475b20>] __asan_load8+0x6e/0x96
[  487.880248][    C0] [<ffffffff80c2bca8>] timerqueue_add+0xb0/0x1d0
[  487.880720][    C0] [<ffffffff8016deea>] __hrtimer_run_queues+0x8b4/0xa16
[  487.881181][    C0] [<ffffffff8016f4a8>] hrtimer_interrupt+0x1d4/0x3ea
[  487.881625][    C0] [<ffffffff823375da>] riscv_timer_interrupt+0x5c/0x6a
[  487.882007][    C0] [<ffffffff801321ec>] handle_percpu_devid_irq+0x17e/0x2ae
[  487.882431][    C0] [<ffffffff80125944>] generic_handle_domain_irq+0x7c/0x9c
[  487.884787][    C0] BUG: KASAN: wild-memory-access in timerqueue_add+0xb0/0x1d0
[  487.889554][    C1] Oops [#1]
[  487.892718][    C0] Read of size 8 at addr 851b6b026aa26a5a by task syz-executor.1/2050
[  487.894368][    C0] 
[  487.895562][    C0] CPU: 0 PID: 2050 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  487.898436][    C0] Hardware name: riscv-virtio,qemu (DT)
[  487.899651][    C0] Call Trace:
[  487.901255][    C0] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  487.904118][    C1] Modules linked in:
[  487.905055][    C0] [<ffffffff831668cc>] show_stack+0x34/0x40
[  487.907006][    C0] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  487.909899][    C0] [<ffffffff80474da6>] kasan_report+0x1de/0x1e0
[  487.914033][    C1] 
[  487.915282][    C0] [<ffffffff80475b20>] __asan_load8+0x6e/0x96
[  487.918411][    C0] [<ffffffff80c2bca8>] timerqueue_add+0xb0/0x1d0
[  487.923477][    C1] CPU: 1 PID: 2034 Comm: sshd Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  487.926469][    C1] Hardware name: riscv-virtio,qemu (DT)
[  487.927825][    C1] epc : __wake_up_common+0x1d4/0x236
[  487.930814][    C1]  ra : __wake_up_common+0x1cc/0x236
[  487.933689][    C1] epc : ffffffff800f7796 ra : ffffffff800f778e sp : ffffaf800eafa240
[  487.934787][    C1]  gp : ffffffff85863ac0 tp : ffffaf800e4bc8c0 t0 : ffffaf801076c040
[  487.936993][    C1]  t1 : fffff5ef0171d9a7 t2 : a8bf30e6a5b39f8d s0 : ffffaf800eafa270
[  487.939280][    C0] [<ffffffff8016deea>] __hrtimer_run_queues+0x8b4/0xa16
[  487.940853][    C0] [<ffffffff8016f4a8>] hrtimer_interrupt+0x1d4/0x3ea
[  487.943100][    C0] [<ffffffff823375da>] riscv_timer_interrupt+0x5c/0x6a
[  487.945552][    C0] [<ffffffff801321ec>] handle_percpu_devid_irq+0x17e/0x2ae
[  487.947916][    C0] [<ffffffff80125944>] generic_handle_domain_irq+0x7c/0x9c
[  487.950741][    C0] ==================================================================
[  487.951761][    C1]  s1 : 851b6b026aa26a42 a0 : 851b6b026aa26a4a a1 : 0000000000000004
[  487.953015][    C1]  a2 : 0000000000000001 a3 : ffffffff800f778e a4 : ffffffff85892ec8
[  487.955283][    C0] Unable to handle kernel paging request at virtual address 851b6b026aa26a5a
[  488.125800][    C1]  a5 : 0000000000000004 a6 : ffffffff800f78bc a7 : ffffffff800f77f8
[  488.127436][    C1]  s2 : 851b6b026aa26a2a s3 : 851b6b026aa26a42 s4 : 000000000eafa321
[  488.128917][    C1]  s5 : 851b6b026aa26a4a s6 : 0000000000000003 s7 : 0000000000000001
[  488.130098][    C1]  s8 : 0000000000000003 s9 : 0000000000000000 s10: 0000000000000000
[  488.131702][    C1]  s11: 000000005a9cbd18 t3 : ffffffff82af454e t4 : fffff5ef0171d9a7
[  488.133296][    C1]  t5 : fffff5ef0171d9a8 t6 : ffffaf8009be38cc
[  488.134618][    C1] status: 0000000000000100 badaddr: 0000000000000003 cause: 000000000000000f
[  488.136469][    C1] [<ffffffff800f78ce>] __wake_up_common_lock+0xd6/0x136
[  488.138076][    C1] [<ffffffff800f793e>] __wake_up+0x10/0x18
[  488.139531][    C1] [<ffffffff80587a32>] ep_poll_callback+0x194/0xa40
[  488.141016][    C1] [<ffffffff800f7678>] __wake_up_common+0xb6/0x236
[  488.142402][    C1] [<ffffffff800f78ce>] __wake_up_common_lock+0xd6/0x136
[  488.143855][    C1] [<ffffffff800f795a>] __wake_up_sync_key+0x14/0x1e
[  488.145217][    C1] [<ffffffff826e2060>] sock_def_readable+0xe4/0x50e
[  488.146586][    C1] [<ffffffff82b406b6>] tcp_data_ready+0xa6/0x2e0
[  488.147942][    C1] [<ffffffff82b44240>] tcp_rcv_established+0x146a/0x15e6
[  488.149421][    C1] [<ffffffff82b6c712>] tcp_v4_do_rcv+0x4b4/0x66e
[  488.150766][    C1] [<ffffffff82b710c2>] tcp_v4_rcv+0x1d22/0x1f46
[  488.152155][    C1] [<ffffffff82aeb282>] ip_protocol_deliver_rcu+0x9c/0x8c0
[  488.153747][    C1] [<ffffffff82aebbd2>] ip_local_deliver_finish+0x12c/0x278
[  488.155379][    C1] [<ffffffff82aebe7e>] ip_local_deliver+0x160/0x464
[  488.156814][    C1] [<ffffffff82aead94>] ip_rcv_finish+0x162/0x1f6
[  488.158177][    C1] [<ffffffff82aec256>] ip_rcv+0xd4/0x3be
[  488.159477][    C1] [<ffffffff8273d308>] __netif_receive_skb_one_core+0xf0/0x13a
[  488.160965][    C1] [<ffffffff8273d534>] __netif_receive_skb+0x36/0xd8
[  488.162479][    C1] [<ffffffff8273e15e>] process_backlog+0x206/0x4bc
[  488.164019][    C1] [<ffffffff82740c14>] __napi_poll+0x7c/0x358
[  488.165538][    C1] [<ffffffff827418a0>] net_rx_action+0x5d0/0x702
[  488.166936][    C1] [<ffffffff831b082c>] __do_softirq+0x274/0x8fc
[  488.168296][    C1] [<ffffffff80060ea0>] do_softirq+0x158/0x15a
[  488.169568][    C1] [<ffffffff80061124>] __local_bh_enable_ip+0x282/0x2a4
[  488.171042][    C1] [<ffffffff82af5eaa>] ip_finish_output2+0x57c/0x1720
[  488.172829][    C1] [<ffffffff82af8978>] __ip_finish_output+0x25a/0x3ee
[  488.174336][    C1] [<ffffffff82af8b4a>] ip_finish_output+0x3e/0x176
[  488.175705][    C1] [<ffffffff82af8e52>] ip_output+0x1d0/0x2d0
[  488.176979][    C1] [<ffffffff82afbbce>] __ip_queue_xmit+0x4a0/0xeb2
[  488.178417][    C1] [<ffffffff82afc616>] ip_queue_xmit+0x36/0x44
[  488.179755][    C1] [<ffffffff82b4fd54>] __tcp_transmit_skb+0xce4/0x1f5e
[  488.181215][    C1] [<ffffffff82b54b90>] tcp_write_xmit+0xd40/0x3344
[  488.182531][    C1] [<ffffffff82b5720e>] __tcp_push_pending_frames+0x7a/0x22c
[  488.184316][    C1] [<ffffffff82b192c2>] tcp_push+0x19c/0x3b4
[  488.186014][    C1] [<ffffffff82b1b71e>] tcp_sendmsg_locked+0x5fc/0x1d9e
[  488.187884][    C1] [<ffffffff82b1cef2>] tcp_sendmsg+0x32/0x4e
[  488.189589][    C1] [<ffffffff82bbe3e6>] inet_sendmsg+0x74/0x94
[  488.190965][    C1] [<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4
[  488.192469][    C1] [<ffffffff826d2832>] sock_write_iter+0x1c0/0x272
[  488.193941][    C1] [<ffffffff804c4ce0>] new_sync_write+0x296/0x3aa
[  488.195395][    C1] [<ffffffff804c86f4>] vfs_write+0x2de/0x334
[  488.196787][    C1] [<ffffffff804c8b68>] ksys_write+0x1c4/0x224
[  488.198108][    C1] [<ffffffff804c8bf0>] sys_write+0x28/0x36
[  488.199367][    C1] [<ffffffff80005716>] ret_from_syscall+0x0/0x2
[  488.201321][    C0] Oops [#2]
[  488.202234][    C0] Modules linked in:
[  488.203487][    C0] CPU: 0 PID: 2050 Comm: syz-executor.1 Tainted: G    B D           5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  488.203696][    C1] ---[ end trace 0000000000000000 ]---
[  488.204405][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[  488.204753][    C0] Hardware name: riscv-virtio,qemu (DT)
[  488.205728][    C1] SMP: stopping secondary CPUs
[  488.206169][    C0] epc : timerqueue_add+0xb0/0x1d0
[  488.208427][    C0]  ra : timerqueue_add+0xb0/0x1d0
[  488.209405][    C0] epc : ffffffff80c2bca8 ra : ffffffff80c2bca8 sp : ffffaf800e663d30
[  488.210371][    C0]  gp : ffffffff85863ac0 tp : ffffaf800c4d6100 t0 : ffffffff86bcb657
[  488.211344][    C0]  t1 : fffffffef0b0dfa4 t2 : 0000000000000000 s0 : ffffaf800e663d80
[  488.213241][    C0]  s1 : 851b6b026aa26a42 a0 : 0000000000000001 a1 : 0000000000000003
[  488.215209][    C0]  a2 : 1ffff5f00189ac21 a3 : ffffffff831afd3a a4 : 0000000000000000
[  488.217211][    C0]  a5 : ffffaf800c4d7100 a6 : 0000000000f00000 a7 : ffffffff8586fd23
[  488.219136][    C0]  s2 : ffffffff831a24c4 s3 : a2c080e7fd05f097 s4 : ffffaf805a9cbd18
[  488.221143][    C0]  s5 : 000000715e18fb80 s6 : 0000000000000000 s7 : ffffaf805a9cb4d0
[  488.223117][    C0]  s8 : ffffaf805a9cb490 s9 : ffffaf805a9cbd50 s10: ffffaf805a9cb400
[  488.225161][    C0]  s11: 0000000000010503 t3 : 0000000000000020 t4 : fffffffef0b0dfa4
[  488.226993][    C0]  t5 : fffffffef0b0dfa5 t6 : ffffffff86bcb657
[  488.228586][    C0] status: 0000000000000100 badaddr: 851b6b026aa26a5a cause: 000000000000000d
[  488.230670][    C0] [<ffffffff8016deea>] __hrtimer_run_queues+0x8b4/0xa16
[  488.232518][    C0] [<ffffffff8016f4a8>] hrtimer_interrupt+0x1d4/0x3ea
[  488.234348][    C0] [<ffffffff823375da>] riscv_timer_interrupt+0x5c/0x6a
[  488.236144][    C0] [<ffffffff801321ec>] handle_percpu_devid_irq+0x17e/0x2ae
[  488.238062][    C0] [<ffffffff80125944>] generic_handle_domain_irq+0x7c/0x9c
[  488.241260][    C1] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:38:13  Registers:
info registers vcpu 0
 pc       ffffffff80475986
 mhartid  0000000000000000
 mstatus  00000000000001a0
 mip      00000000000000a0
 mie      000000000000020a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff80009fe2
 sepc     ffffffff80009fe2
 mcause   8000000000000007
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff80dc3394 x2/sp ffffaf800e663770 x3/gp ffffffff85863ac0
 x4/tp ffffaf800c4d6100 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0d796ca x7/t2 0000000000000000
 x8/s0 ffffaf800e6637a0 x9/s1 ffffffff86e58900 x10/a0 ffffaf800c4d6120 x11/a1 ffff8f800066c000
 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948
 x16/a6 ffffffff86e589f1 x17/a7 ffffffff86bcb656 x18/s2 ffffaf800c4d6100 x19/s3 000000000000002d
 x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb68e
 x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000
 x28/t3 000000000000002d x29/t4 fffffffef0d796c8 x30/t5 fffffffef0d796cb x31/t6 ffffffff86bcb657
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff801229fc
 mhartid  0000000000000001
 mstatus  0000000000000180
 mip      00000000000000a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff80201000
 sepc     ffffffff800f7796
 mcause   8000000000000007
 scause   000000000000000f
 mtval  0000000000000000
 stval  0000000000000003
 x0/zero 0000000000000000 x1/ra ffffffff801229f8 x2/sp ffffaf800eaf9c00 x3/gp ffffffff85863ac0
 x4/tp ffffaf800e4bc8c0 x5/t0 ffffffff86bdbb68 x6/t1 fffff5ef01d5f388 x7/t2 0000000000000000
 x8/s0 ffffaf800eaf9cd0 x9/s1 ffffaf800eaf9dc0 x10/a0 0000000000000000 x11/a1 00000000000f0000
 x12/a2 0000000000000106 x13/a3 ffffffff801229f8 x14/a4 ffffaf800e4bc8c0 x15/a5 0000000000000000
 x16/a6 0000000000f00000 x17/a7 ffffaf800eaf9c47 x18/s2 0000000000000100 x19/s3 ffffaf800eaf9dc8
 x20/s4 ffffffff85889780 x21/s5 1ffff5f001d5f384 x22/s6 ffffffff84b3e0c8 x23/s7 00000000ffffe397
 x24/s8 00000000ffffe397 x25/s9 1ffff5f001d5f3a8 x26/s10 ffffffff85889780 x27/s11 ffffaf800eaf9dc0
 x28/t3 000000000000005d x29/t4 fffff5ef01d5f388 x30/t5 fffff5ef01d5f389 x31/t6 ffffffff86bdbb74
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000