syzkaller login: [ 246.517748][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 246.569538][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 262.760939][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:57968' (ECDSA) to the list of known hosts. 1970/01/01 00:05:15 fuzzer started 1970/01/01 00:05:26 dialing manager at localhost:38019 [ 332.742252][ T2037] cgroup: Unknown subsys name 'net' [ 333.752123][ T2037] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:33 syscalls: 2882 1970/01/01 00:05:33 code coverage: enabled 1970/01/01 00:05:33 comparison tracing: enabled 1970/01/01 00:05:33 extra coverage: enabled 1970/01/01 00:05:33 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:33 setuid sandbox: enabled 1970/01/01 00:05:33 namespace sandbox: enabled 1970/01/01 00:05:33 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:33 fault injection: enabled 1970/01/01 00:05:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:33 net packet injection: enabled 1970/01/01 00:05:33 net device setup: enabled 1970/01/01 00:05:33 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:33 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:33 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:05:33 USB emulation: enabled 1970/01/01 00:05:33 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:33 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:33 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:33 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:05:39 fetching corpus: 50, signal 29117/32398 (executing program) 1970/01/01 00:05:43 fetching corpus: 100, signal 43835/48224 (executing program) 1970/01/01 00:05:47 fetching corpus: 149, signal 51238/56708 (executing program) 1970/01/01 00:05:51 fetching corpus: 198, signal 60241/66543 (executing program) 1970/01/01 00:05:54 fetching corpus: 247, signal 66124/73306 (executing program) 1970/01/01 00:05:56 fetching corpus: 297, signal 72067/79925 (executing program) 1970/01/01 00:05:59 fetching corpus: 346, signal 75813/84422 (executing program) 1970/01/01 00:06:01 fetching corpus: 396, signal 78812/88151 (executing program) 1970/01/01 00:06:03 fetching corpus: 446, signal 85262/94871 (executing program) 1970/01/01 00:06:06 fetching corpus: 496, signal 89391/99397 (executing program) 1970/01/01 00:06:08 fetching corpus: 544, signal 92835/103262 (executing program) 1970/01/01 00:06:12 fetching corpus: 594, signal 96023/106823 (executing program) 1970/01/01 00:06:14 fetching corpus: 644, signal 99295/110363 (executing program) 1970/01/01 00:06:18 fetching corpus: 694, signal 102927/114075 (executing program) 1970/01/01 00:06:20 fetching corpus: 743, signal 104651/116204 (executing program) 1970/01/01 00:06:23 fetching corpus: 793, signal 106788/118549 (executing program) 1970/01/01 00:06:25 fetching corpus: 841, signal 110020/121737 (executing program) 1970/01/01 00:06:27 fetching corpus: 891, signal 111667/123681 (executing program) 1970/01/01 00:06:30 fetching corpus: 941, signal 113727/125868 (executing program) 1970/01/01 00:06:32 fetching corpus: 990, signal 115284/127627 (executing program) 1970/01/01 00:06:35 fetching corpus: 1040, signal 117348/129763 (executing program) 1970/01/01 00:06:37 fetching corpus: 1089, signal 118700/131271 (executing program) 1970/01/01 00:06:39 fetching corpus: 1138, signal 120750/133277 (executing program) 1970/01/01 00:06:42 fetching corpus: 1187, signal 122100/134811 (executing program) 1970/01/01 00:06:44 fetching corpus: 1235, signal 123785/136507 (executing program) 1970/01/01 00:06:47 fetching corpus: 1284, signal 124999/137838 (executing program) 1970/01/01 00:06:49 fetching corpus: 1333, signal 126913/139643 (executing program) 1970/01/01 00:06:52 fetching corpus: 1383, signal 129163/141572 (executing program) 1970/01/01 00:06:54 fetching corpus: 1429, signal 130536/142884 (executing program) 1970/01/01 00:06:56 fetching corpus: 1479, signal 132417/144483 (executing program) 1970/01/01 00:06:59 fetching corpus: 1529, signal 133915/145810 (executing program) 1970/01/01 00:07:02 fetching corpus: 1579, signal 135211/146977 (executing program) 1970/01/01 00:07:04 fetching corpus: 1627, signal 136642/148203 (executing program) 1970/01/01 00:07:06 fetching corpus: 1677, signal 137920/149308 (executing program) 1970/01/01 00:07:08 fetching corpus: 1727, signal 139091/150288 (executing program) 1970/01/01 00:07:11 fetching corpus: 1777, signal 140432/151383 (executing program) 1970/01/01 00:07:14 fetching corpus: 1826, signal 141655/152297 (executing program) 1970/01/01 00:07:18 fetching corpus: 1875, signal 142690/153165 (executing program) 1970/01/01 00:07:20 fetching corpus: 1925, signal 143718/153925 (executing program) 1970/01/01 00:07:22 fetching corpus: 1975, signal 145105/154865 (executing program) 1970/01/01 00:07:24 fetching corpus: 2025, signal 146293/155660 (executing program) 1970/01/01 00:07:26 fetching corpus: 2075, signal 147242/156293 (executing program) 1970/01/01 00:07:30 fetching corpus: 2124, signal 149051/157376 (executing program) 1970/01/01 00:07:32 fetching corpus: 2172, signal 150611/158279 (executing program) 1970/01/01 00:07:34 fetching corpus: 2222, signal 151508/158827 (executing program) 1970/01/01 00:07:37 fetching corpus: 2272, signal 152731/159498 (executing program) 1970/01/01 00:07:39 fetching corpus: 2321, signal 154346/160324 (executing program) 1970/01/01 00:07:41 fetching corpus: 2370, signal 155128/160789 (executing program) 1970/01/01 00:07:44 fetching corpus: 2420, signal 156398/161375 (executing program) 1970/01/01 00:07:47 fetching corpus: 2469, signal 157246/161808 (executing program) 1970/01/01 00:07:50 fetching corpus: 2516, signal 158005/162197 (executing program) 1970/01/01 00:07:53 fetching corpus: 2565, signal 158908/162623 (executing program) 1970/01/01 00:07:55 fetching corpus: 2615, signal 159743/162970 (executing program) 1970/01/01 00:07:58 fetching corpus: 2664, signal 160421/163276 (executing program) 1970/01/01 00:08:00 fetching corpus: 2713, signal 161253/163606 (executing program) 1970/01/01 00:08:02 fetching corpus: 2763, signal 162004/163849 (executing program) 1970/01/01 00:08:04 fetching corpus: 2800, signal 162965/164181 (executing program) 1970/01/01 00:08:04 fetching corpus: 2801, signal 162979/164215 (executing program) 1970/01/01 00:08:04 fetching corpus: 2801, signal 162979/164237 (executing program) 1970/01/01 00:08:05 fetching corpus: 2801, signal 162979/164265 (executing program) 1970/01/01 00:08:05 fetching corpus: 2803, signal 162997/164309 (executing program) 1970/01/01 00:08:05 fetching corpus: 2803, signal 162997/164333 (executing program) 1970/01/01 00:08:05 fetching corpus: 2803, signal 162997/164364 (executing program) 1970/01/01 00:08:06 fetching corpus: 2803, signal 162997/164383 (executing program) 1970/01/01 00:08:06 fetching corpus: 2803, signal 162997/164410 (executing program) 1970/01/01 00:08:06 fetching corpus: 2803, signal 162997/164434 (executing program) 1970/01/01 00:08:06 fetching corpus: 2803, signal 162997/164455 (executing program) 1970/01/01 00:08:06 fetching corpus: 2803, signal 162997/164481 (executing program) 1970/01/01 00:08:06 fetching corpus: 2803, signal 162997/164502 (executing program) 1970/01/01 00:08:07 fetching corpus: 2803, signal 162997/164516 (executing program) 1970/01/01 00:08:07 fetching corpus: 2803, signal 162997/164544 (executing program) 1970/01/01 00:08:07 fetching corpus: 2803, signal 162997/164568 (executing program) 1970/01/01 00:08:07 fetching corpus: 2803, signal 162997/164594 (executing program) 1970/01/01 00:08:07 fetching corpus: 2804, signal 162998/164606 (executing program) 1970/01/01 00:08:07 fetching corpus: 2804, signal 162998/164643 (executing program) 1970/01/01 00:08:07 fetching corpus: 2804, signal 162998/164666 (executing program) 1970/01/01 00:08:08 fetching corpus: 2804, signal 162998/164691 (executing program) 1970/01/01 00:08:08 fetching corpus: 2805, signal 163002/164709 (executing program) 1970/01/01 00:08:08 fetching corpus: 2805, signal 163002/164730 (executing program) 1970/01/01 00:08:08 fetching corpus: 2805, signal 163002/164757 (executing program) 1970/01/01 00:08:08 fetching corpus: 2805, signal 163002/164790 (executing program) 1970/01/01 00:08:08 fetching corpus: 2805, signal 163002/164801 (executing program) 1970/01/01 00:08:09 fetching corpus: 2805, signal 163002/164801 (executing program) 1970/01/01 00:09:54 starting 2 fuzzer processes 00:09:55 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/ip6_tables_targets\x00') writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)="19", 0x1}], 0x1) 00:09:55 executing program 1: r0 = socket(0x1d, 0x2, 0x6) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) bind(r0, &(0x7f0000000100)=@xdp={0x2c, 0x0, r2, 0x26}, 0x80) [ 629.318808][ T2049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 629.391085][ T2049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 631.481992][ T2051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 631.688498][ T2051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 632.310583][ C0] ================================================================== [ 632.316024][ C0] [ 632.316181][ C0] ====================================================== [ 632.316308][ C0] WARNING: possible circular locking dependency detected [ 632.316572][ C0] 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Not tainted [ 632.316963][ C0] ------------------------------------------------------ [ 632.317094][ C0] syz-executor.1/2051 is trying to acquire lock: [ 632.317361][ C0] ffffffff84a888e0 (console_owner){-.-.}-{0:0}, at: console_unlock+0x2b2/0x97a [ 632.318710][ C0] [ 632.318710][ C0] but task is already holding lock: [ 632.318798][ C0] ffffffff84c3a588 (report_lock){-.-.}-{2:2}, at: kasan_report+0x84/0x1e0 [ 632.319554][ C0] [ 632.319554][ C0] which lock already depends on the new lock. [ 632.319554][ C0] [ 632.319654][ C0] [ 632.319654][ C0] the existing dependency chain (in reverse order) is: [ 632.319775][ C0] [ 632.319775][ C0] -> #7 (report_lock){-.-.}-{2:2}: [ 632.320253][ C0] lock_acquire.part.0+0x1d0/0x424 [ 632.320677][ C0] lock_acquire+0x54/0x6a [ 632.320985][ C0] _raw_spin_lock_irqsave+0x3e/0x62 [ 632.321307][ C0] kasan_report+0x84/0x1e0 [ 632.321730][ C0] [ 632.321730][ C0] -> #6 (hrtimer_bases.lock){-.-.}-{2:2}: [ 632.322160][ C0] lock_acquire.part.0+0x1d0/0x424 [ 632.322506][ C0] lock_acquire+0x54/0x6a [ 632.322810][ C0] _raw_spin_lock_irqsave+0x3e/0x62 [ 632.323115][ C0] hrtimer_start_range_ns+0x9e/0x6dc [ 632.323437][ C0] enqueue_task_rt+0x520/0x568 [ 632.323704][ C0] enqueue_task+0x66/0x136 [ 632.324027][ C0] __sched_setscheduler.constprop.0+0x704/0xdd4 [ 632.324421][ C0] sched_set_fifo+0xc8/0x108 [ 632.324758][ C0] drm_vblank_worker_init+0xea/0x10c [ 632.325095][ C0] drm_vblank_init+0xec/0x24e [ 632.325464][ C0] vkms_init+0x272/0x45c [ 632.325814][ C0] do_one_initcall+0x13a/0x7ea [ 632.326116][ C0] kernel_init_freeable+0x510/0x5b4 [ 632.326547][ C0] kernel_init+0x28/0x21c [ 632.326924][ C0] ret_from_exception+0x0/0x10 [ 632.327288][ C0] [ 632.327288][ C0] -> #5 (&rt_b->rt_runtime_lock){-...}-{2:2}: [ 632.327820][ C0] lock_acquire.part.0+0x1d0/0x424 [ 632.328238][ C0] lock_acquire+0x54/0x6a [ 632.328608][ C0] _raw_spin_lock+0x32/0x48 [ 632.329029][ C0] rq_online_rt+0x78/0x1b8 [ 632.329352][ C0] set_rq_online.part.0+0xaa/0xc2 [ 632.329745][ C0] sched_cpu_activate+0x1c0/0x250 [ 632.330100][ C0] cpuhp_invoke_callback+0x282/0x504 [ 632.330496][ C0] cpuhp_thread_fun+0x2f6/0x4b0 [ 632.330832][ C0] smpboot_thread_fn+0x448/0x6cc [ 632.331277][ C0] kthread+0x19e/0x1fa [ 632.331689][ C0] ret_from_exception+0x0/0x10 [ 632.332038][ C0] [ 632.332038][ C0] -> #4 (&rq->__lock){-.-.}-{2:2}: [ 632.332559][ C0] lock_acquire.part.0+0x1d0/0x424 [ 632.332965][ C0] lock_acquire+0x54/0x6a [ 632.333372][ C0] _raw_spin_lock_nested+0x36/0x4e [ 632.333739][ C0] raw_spin_rq_lock_nested+0x22/0x34 [ 632.335745][ C0] task_fork_fair+0xa8/0x218 [ 632.336170][ C0] sched_post_fork+0x16e/0x196 [ 632.336622][ C0] copy_process+0x3378/0x3c34 [ 632.337047][ C0] kernel_clone+0xee/0x920 [ 632.337444][ C0] kernel_thread+0xf8/0x130 [ 632.337855][ C0] rest_init+0x34/0x3f2 [ 632.338271][ C0] arch_call_rest_init+0x18/0x20 [ 632.338659][ C0] start_kernel+0x66a/0x698 [ 632.339030][ C0] [ 632.339030][ C0] -> #3 (&p->pi_lock){-.-.}-{2:2}: [ 632.339573][ C0] lock_acquire.part.0+0x1d0/0x424 [ 632.339981][ C0] lock_acquire+0x54/0x6a [ 632.340356][ C0] _raw_spin_lock_irqsave+0x3e/0x62 [ 632.340732][ C0] try_to_wake_up+0xa4/0x748 [ 632.341153][ C0] default_wake_function+0x28/0x36 [ 632.341599][ C0] woken_wake_function+0x38/0x48 [ 632.341971][ C0] __wake_up_common+0xb6/0x236 [ 632.342367][ C0] __wake_up_common_lock+0xd6/0x136 [ 632.342745][ C0] __wake_up+0x10/0x18 [ 632.343078][ C0] tty_wakeup+0x58/0xbe [ 632.343481][ C0] tty_port_default_wakeup+0x2c/0x44 [ 632.343872][ C0] tty_port_tty_wakeup+0x3a/0x46 [ 632.344255][ C0] uart_write_wakeup+0x34/0x48 [ 632.344597][ C0] serial8250_tx_chars+0x322/0x592 [ 632.345021][ C0] serial8250_handle_irq.part.0+0x284/0x286 [ 632.345483][ C0] serial8250_default_handle_irq+0xac/0x142 [ 632.345934][ C0] serial8250_interrupt+0xbe/0x1a6 [ 632.346414][ C0] __handle_irq_event_percpu+0x16e/0x6ec [ 632.346813][ C0] handle_irq_event+0x6a/0xfa [ 632.347149][ C0] handle_fasteoi_irq+0x1c0/0x4d6 [ 632.347566][ C0] generic_handle_domain_irq+0x7c/0x9c [ 632.347940][ C0] plic_handle_irq+0x122/0x242 [ 632.348396][ C0] generic_handle_domain_irq+0x7c/0x9c [ 632.348770][ C0] riscv_intc_irq+0x7e/0xc8 [ 632.349207][ C0] generic_handle_arch_irq+0x36/0x54 [ 632.349634][ C0] ret_from_exception+0x0/0x10 [ 632.349986][ C0] _raw_spin_unlock_irqrestore+0x68/0x98 [ 632.350412][ C0] [ 632.350412][ C0] -> #2 (&tty->write_wait){-...}-{2:2}: [ 632.350934][ C0] lock_acquire.part.0+0x1d0/0x424 [ 632.351347][ C0] lock_acquire+0x54/0x6a [ 632.351715][ C0] _raw_spin_lock_irqsave+0x3e/0x62 [ 632.352089][ C0] __wake_up_common_lock+0xc4/0x136 [ 632.352483][ C0] __wake_up+0x10/0x18 [ 632.352825][ C0] tty_wakeup+0x58/0xbe [ 632.353247][ C0] tty_port_default_wakeup+0x2c/0x44 [ 632.353637][ C0] tty_port_tty_wakeup+0x3a/0x46 [ 632.354005][ C0] uart_write_wakeup+0x34/0x48 [ 632.354367][ C0] serial8250_tx_chars+0x322/0x592 [ 632.354790][ C0] serial8250_handle_irq.part.0+0x284/0x286 [ 632.355251][ C0] serial8250_default_handle_irq+0xac/0x142 [ 632.355707][ C0] serial8250_interrupt+0xbe/0x1a6 [ 632.356165][ C0] __handle_irq_event_percpu+0x16e/0x6ec [ 632.356521][ C0] handle_irq_event+0x6a/0xfa [ 632.356872][ C0] handle_fasteoi_irq+0x1c0/0x4d6 [ 632.357262][ C0] generic_handle_domain_irq+0x7c/0x9c [ 632.357619][ C0] plic_handle_irq+0x122/0x242 [ 632.358040][ C0] generic_handle_domain_irq+0x7c/0x9c [ 632.358427][ C0] riscv_intc_irq+0x7e/0xc8 [ 632.358840][ C0] generic_handle_arch_irq+0x36/0x54 [ 632.359255][ C0] ret_from_exception+0x0/0x10 [ 632.359593][ C0] arch_cpu_idle+0x10/0x20 [ 632.359937][ C0] [ 632.359937][ C0] -> #1 (&port_lock_key){-...}-{2:2}: [ 632.360483][ C0] lock_acquire.part.0+0x1d0/0x424 [ 632.360893][ C0] lock_acquire+0x54/0x6a [ 632.361274][ C0] _raw_spin_lock_irqsave+0x3e/0x62 [ 632.361644][ C0] serial8250_console_write+0x848/0x8e6 [ 632.362085][ C0] univ8250_console_write+0x46/0x54 [ 632.362507][ C0] console_unlock+0x666/0x97a [ 632.362935][ C0] register_console+0x250/0x534 [ 632.363378][ C0] uart_add_one_port+0xbf2/0xc14 [ 632.363726][ C0] serial8250_register_8250_port+0x8ce/0xc6e [ 632.364139][ C0] of_platform_serial_probe+0x7ae/0xa9c [ 632.364514][ C0] platform_probe+0xc8/0x172 [ 632.364891][ C0] really_probe+0x1a6/0x89e [ 632.365229][ C0] __driver_probe_device+0x24a/0x2d4 [ 632.365625][ C0] driver_probe_device+0x60/0x1a4 [ 632.365967][ C0] __driver_attach+0x178/0x33e [ 632.366315][ C0] bus_for_each_dev+0x122/0x194 [ 632.366729][ C0] driver_attach+0x32/0x3c [ 632.367044][ C0] bus_add_driver+0x2c6/0x41a [ 632.367376][ C0] driver_register+0x144/0x286 [ 632.367701][ C0] __platform_driver_register+0x46/0x52 [ 632.368081][ C0] of_platform_serial_driver_init+0x22/0x2a [ 632.368504][ C0] do_one_initcall+0x13a/0x7ea [ 632.368777][ C0] kernel_init_freeable+0x510/0x5b4 [ 632.369107][ C0] kernel_init+0x28/0x21c [ 632.369437][ C0] ret_from_exception+0x0/0x10 [ 632.369724][ C0] [ 632.369724][ C0] -> #0 (console_owner){-.-.}-{0:0}: [ 632.370161][ C0] check_noncircular+0x1de/0x1fe [ 632.370494][ C0] __lock_acquire+0x19a4/0x333e [ 632.370806][ C0] lock_acquire.part.0+0x1d0/0x424 [ 632.371131][ C0] lock_acquire+0x54/0x6a [ 632.371436][ C0] console_unlock+0x304/0x97a [ 632.371786][ C0] vprintk_emit+0xd2/0x416 [ 632.372140][ C0] vprintk_default+0x22/0x2e [ 632.372515][ C0] vprintk+0x108/0x13e [ 632.372754][ C0] _printk+0xa0/0xc8 [ 632.373051][ C0] kasan_report+0x9a/0x1e0 [ 632.373505][ C0] [ 632.373505][ C0] other info that might help us debug this: [ 632.373505][ C0] [ 632.373624][ C0] Chain exists of: [ 632.373624][ C0] console_owner --> hrtimer_bases.lock --> report_lock [ 632.373624][ C0] [ 632.374113][ C0] Possible unsafe locking scenario: [ 632.374113][ C0] [ 632.374218][ C0] CPU0 CPU1 [ 632.374292][ C0] ---- ---- [ 632.374368][ C0] lock(report_lock); [ 632.374587][ C0] lock(hrtimer_bases.lock); [ 632.374806][ C0] lock(report_lock); [ 632.375017][ C0] lock(console_owner); [ 632.375212][ C0] [ 632.375212][ C0] *** DEADLOCK *** [ 632.375212][ C0] [ 632.375332][ C0] 13 locks held by syz-executor.1/2051: [ 632.375544][ C0] #0: ffffffff855cf108 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x2fe/0x9a0 [ 632.376467][ C0] #1: ffffffff84b73e00 (rcu_read_lock){....}-{1:2}, at: netif_receive_skb_list_internal+0x244/0x816 [ 632.377500][ C0] #2: ffffffff84b73e00 (rcu_read_lock){....}-{1:2}, at: ip_local_deliver_finish+0x7e/0x278 [ 632.378530][ C0] #3: ffffaf80109098b0 (slock-AF_INET/1){+.-.}-{2:2}, at: tcp_v4_rcv+0x1bd4/0x1f46 [ 632.379591][ C0] #4: ffffffff84b73e00 (rcu_read_lock){....}-{1:2}, at: __ip_queue_xmit+0x0/0xeb2 [ 632.380594][ C0] #5: ffffffff84b73e60 (rcu_read_lock_bh){....}-{1:2}, at: ip_finish_output2+0x1b8/0x1720 [ 632.381605][ C0] #6: ffffffff84b73e60 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x140/0x248c [ 632.382623][ C0] #7: ffffaf800c051258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_queue_xmit+0x11ba/0x248c [ 632.383657][ C0] #8: ffffaf800732f4d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0x300/0x464 [ 632.384781][ C0] #9: ffffffff84b73e00 (rcu_read_lock){....}-{1:2}, at: dev_queue_xmit_nit+0x0/0x73a [ 632.385749][ C0] #10: ffffaf805a9cb418 (hrtimer_bases.lock){-.-.}-{2:2}, at: __hrtimer_run_queues+0x262/0xa16 [ 632.386726][ C0] #11: ffffffff84c3a588 (report_lock){-.-.}-{2:2}, at: kasan_report+0x84/0x1e0 [ 632.387686][ C0] #12: ffffffff84a88600 (console_lock){+.+.}-{0:0}, at: vprintk_default+0x22/0x2e [ 632.388700][ C0] [ 632.388700][ C0] stack backtrace: [ 632.389384][ C0] CPU: 0 PID: 2051 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 632.389824][ C0] Hardware name: riscv-virtio,qemu (DT) [ 632.390257][ C0] Call Trace: [ 632.390442][ C0] [] dump_backtrace+0x2e/0x3c [ 632.390901][ C0] [] show_stack+0x34/0x40 [ 632.391303][ C0] [] dump_stack_lvl+0xe4/0x150 [ 632.391808][ C0] [] dump_stack+0x1c/0x24 [ 632.392286][ C0] [] print_circular_bug+0x34e/0x3d8 [ 632.392739][ C0] [] check_noncircular+0x1de/0x1fe [ 632.393231][ C0] [] __lock_acquire+0x19a4/0x333e [ 632.393685][ C0] [] lock_acquire.part.0+0x1d0/0x424 [ 632.394163][ C0] [] lock_acquire+0x54/0x6a [ 632.394602][ C0] [] console_unlock+0x304/0x97a [ 632.395093][ C0] [] vprintk_emit+0xd2/0x416 [ 632.395600][ C0] [] vprintk_default+0x22/0x2e [ 632.396088][ C0] [] vprintk+0x108/0x13e [ 632.396444][ C0] [] _printk+0xa0/0xc8 [ 632.396821][ C0] [] kasan_report+0x9a/0x1e0 [ 632.521681][ C0] BUG: KASAN: wild-memory-access in timerqueue_add+0xb0/0x1d0 [ 632.522748][ C0] Read of size 8 at addr e00007b74d85cc09 by task syz-executor.1/2051 [ 632.523628][ C0] [ 632.524059][ C0] CPU: 0 PID: 2051 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 632.525124][ C0] Hardware name: riscv-virtio,qemu (DT) [ 632.525718][ C0] Call Trace: [ 632.526680][ C0] [] dump_backtrace+0x2e/0x3c [ 632.527716][ C0] [] show_stack+0x34/0x40 [ 632.528598][ C0] [] dump_stack_lvl+0xe4/0x150 [ 632.530399][ C0] [] kasan_report+0x1de/0x1e0 [ 632.532044][ C0] ================================================================== [ 632.533540][ C0] Unable to handle kernel paging request at virtual address e00007b74d85cc09 [ 632.535188][ C0] Oops [#1] [ 632.535751][ C0] Modules linked in: [ 632.537341][ C0] CPU: 0 PID: 2051 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 632.538654][ C0] Hardware name: riscv-virtio,qemu (DT) [ 632.539333][ C0] epc : timerqueue_add+0xb0/0x1d0 [ 632.540187][ C0] ra : timerqueue_add+0xb0/0x1d0 [ 632.541019][ C0] epc : ffffffff80c2bca8 ra : ffffffff80c2bca8 sp : ffffaf80213cc080 [ 632.541879][ C0] gp : ffffffff85863ac0 tp : ffffaf8009d41840 t0 : ffffffff86bcb657 [ 632.542738][ C0] t1 : fffffffef0b0dfa4 t2 : 0000000000000000 s0 : ffffaf80213cc0d0 [ 632.543582][ C0] s1 : e00007b74d85cbf1 a0 : 0000000000000001 a1 : 0000000000000003 [ 632.544412][ C0] a2 : 1ffff5f0013a8309 a3 : ffffffff831afd3a a4 : 0000000000000000 [ 632.545256][ C0] a5 : ffffaf8009d42840 a6 : 0000000000f00000 a7 : ffffffff8586fd23 [ 632.546663][ C0] s2 : ffffffff801110ec s3 : a423000aa223000a s4 : ffffaf805a9cbd18 [ 632.547736][ C0] s5 : 00000092fbd0f280 s6 : 0000000000000000 s7 : ffffaf805a9cb4d0 [ 632.548711][ C0] s8 : ffffaf805a9cb490 s9 : ffffaf805a9cbd50 s10: ffffaf805a9cb400 [ 632.549733][ C0] s11: 0000000000010503 t3 : 000000000000003d t4 : fffffffef0b0dfa4 [ 632.550756][ C0] t5 : fffffffef0b0dfa5 t6 : ffffaf80213cbad8 [ 632.551634][ C0] status: 0000000000000100 badaddr: e00007b74d85cc09 cause: 000000000000000d [ 632.552799][ C0] [] __hrtimer_run_queues+0x8b4/0xa16 [ 632.554017][ C0] [] hrtimer_interrupt+0x1d4/0x3ea [ 632.555156][ C0] [] riscv_timer_interrupt+0x5c/0x6a [ 632.556736][ C0] [] handle_percpu_devid_irq+0x17e/0x2ae [ 632.558252][ C0] [] generic_handle_domain_irq+0x7c/0x9c [ 632.559480][ C0] [] riscv_intc_irq+0x7e/0xc8 [ 632.560425][ C0] [] generic_handle_arch_irq+0x36/0x54 [ 632.561456][ C0] [] ret_from_exception+0x0/0x10 [ 632.562494][ C0] [] walk_stackframe+0x17e/0x260 [ 632.564064][ C0] ---[ end trace 0000000000000000 ]--- [ 632.565314][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 632.566524][ C0] SMP: stopping secondary CPUs [ 632.568049][ C0] Rebooting in 86400 seconds.. VM DIAGNOSIS: 17:21:03 Registers: info registers vcpu 0 pc ffffffff8011edb6 mhartid 0000000000000000 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80200fec sepc ffffffff80200fec mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8011eda6 x2/sp ffffaf80213cbc80 x3/gp ffffffff85863ac0 x4/tp ffffaf8009d41840 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0d796ca x7/t2 0000000000000000 x8/s0 ffffaf80213cbe60 x9/s1 0000000000000000 x10/a0 0000000000000046 x11/a1 00000000000f0000 x12/a2 0000000000010506 x13/a3 ffffffff8011c8a6 x14/a4 4ad44bd22f967300 x15/a5 0000000000000120 x16/a6 ffffffff86bcb686 x17/a7 ffffffff86bcb656 x18/s2 0000000000000046 x19/s3 000000000000000f x20/s4 ffffaf80213cbde0 x21/s5 ffffaf80213cbd00 x22/s6 ffffffff8588c1a0 x23/s7 ffffffff8588c3e0 x24/s8 ffffffff8588c220 x25/s9 ffffffff84a88520 x26/s10 ffffffff858655c0 x27/s11 ffffffff850d8410 x28/t3 0000000000000073 x29/t4 fffffffef0d796c8 x30/t5 fffffffef0d796cb x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80119b52 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff804759c8 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80119b52 x2/sp ffffaf800e01f7e0 x3/gp ffffffff85863ac0 x4/tp ffffaf800e5ec8c0 x5/t0 00000000000001f8 x6/t1 4ad44bd22f967300 x7/t2 ffffffffffffffff x8/s0 ffffaf800e01f7e0 x9/s1 ffffaf8010909898 x10/a0 ffffaf8010909898 x11/a1 0000000000000003 x12/a2 1ffff5f002121313 x13/a3 ffffffff80119b52 x14/a4 0000000000000000 x15/a5 0000000000000001 x16/a6 0000000000f00000 x17/a7 ffffffff826e6226 x18/s2 0000000000000001 x19/s3 ffffaf800e5ec8c0 x20/s4 ffffaf80109098a8 x21/s5 ffffaf80109098a0 x22/s6 ffffaf800e01f960 x23/s7 ffffaf800e01fb00 x24/s8 0000000000000000 x25/s9 0000000000004000 x26/s10 0000000000000040 x27/s11 0000000000000001 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001c03eb4 x31/t6 0000000000edc8a8 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000