syzkaller login: [ 280.813023][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 281.005247][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 281.038114][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 291.623720][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:17953' (ECDSA) to the list of known hosts. 1970/01/01 00:05:42 fuzzer started 1970/01/01 00:05:59 dialing manager at localhost:33759 [ 365.860359][ T2026] cgroup: Unknown subsys name 'net' [ 367.095715][ T2026] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:06 syscalls: 2827 1970/01/01 00:06:06 code coverage: enabled 1970/01/01 00:06:06 comparison tracing: enabled 1970/01/01 00:06:06 extra coverage: ioctl(KCOV_DISABLE) failed: invalid argument 1970/01/01 00:06:06 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:06 setuid sandbox: enabled 1970/01/01 00:06:06 namespace sandbox: enabled 1970/01/01 00:06:06 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:06 fault injection: enabled 1970/01/01 00:06:06 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:06 net packet injection: enabled 1970/01/01 00:06:06 net device setup: enabled 1970/01/01 00:06:06 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:06 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:06 USB emulation: enabled 1970/01/01 00:06:06 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:06 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:06 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:07 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:13 fetching corpus: 50, signal 33173/35805 (executing program) 1970/01/01 00:06:18 fetching corpus: 99, signal 52667/55447 (executing program) 1970/01/01 00:06:21 fetching corpus: 148, signal 67270/69740 (executing program) 1970/01/01 00:06:25 fetching corpus: 194, signal 77708/79735 (executing program) 1970/01/01 00:06:29 fetching corpus: 242, signal 86427/87793 (executing program) 1970/01/01 00:06:32 fetching corpus: 288, signal 91985/92844 (executing program) 1970/01/01 00:06:35 fetching corpus: 313, signal 95283/95800 (executing program) 1970/01/01 00:06:35 fetching corpus: 314, signal 95297/95889 (executing program) 1970/01/01 00:06:35 fetching corpus: 314, signal 95297/95971 (executing program) 1970/01/01 00:06:35 fetching corpus: 314, signal 95297/96055 (executing program) 1970/01/01 00:06:35 fetching corpus: 314, signal 95297/96148 (executing program) 1970/01/01 00:06:36 fetching corpus: 314, signal 95297/96259 (executing program) 1970/01/01 00:06:36 fetching corpus: 314, signal 95297/96357 (executing program) 1970/01/01 00:06:36 fetching corpus: 314, signal 95297/96452 (executing program) 1970/01/01 00:06:36 fetching corpus: 314, signal 95297/96587 (executing program) 1970/01/01 00:06:36 fetching corpus: 314, signal 95297/96665 (executing program) 1970/01/01 00:06:36 fetching corpus: 314, signal 95297/96762 (executing program) 1970/01/01 00:06:37 fetching corpus: 314, signal 95297/96865 (executing program) 1970/01/01 00:06:37 fetching corpus: 314, signal 95297/96954 (executing program) 1970/01/01 00:06:37 fetching corpus: 314, signal 95297/97021 (executing program) 1970/01/01 00:06:37 fetching corpus: 314, signal 95297/97102 (executing program) 1970/01/01 00:06:37 fetching corpus: 314, signal 95297/97193 (executing program) 1970/01/01 00:06:38 fetching corpus: 314, signal 95297/97279 (executing program) 1970/01/01 00:06:38 fetching corpus: 314, signal 95297/97380 (executing program) 1970/01/01 00:06:38 fetching corpus: 315, signal 95313/97483 (executing program) 1970/01/01 00:06:38 fetching corpus: 315, signal 95313/97612 (executing program) 1970/01/01 00:06:38 fetching corpus: 315, signal 95313/97724 (executing program) 1970/01/01 00:06:38 fetching corpus: 316, signal 96150/98165 (executing program) 1970/01/01 00:06:39 fetching corpus: 316, signal 96150/98234 (executing program) 1970/01/01 00:06:39 fetching corpus: 316, signal 96150/98307 (executing program) 1970/01/01 00:06:39 fetching corpus: 316, signal 96150/98379 (executing program) 1970/01/01 00:06:39 fetching corpus: 316, signal 96150/98444 (executing program) 1970/01/01 00:06:39 fetching corpus: 316, signal 96150/98497 (executing program) 1970/01/01 00:06:39 fetching corpus: 316, signal 96150/98575 (executing program) 1970/01/01 00:06:40 fetching corpus: 316, signal 96150/98642 (executing program) 1970/01/01 00:06:40 fetching corpus: 316, signal 96150/98713 (executing program) 1970/01/01 00:06:40 fetching corpus: 316, signal 96150/98782 (executing program) 1970/01/01 00:06:40 fetching corpus: 316, signal 96150/98852 (executing program) 1970/01/01 00:06:40 fetching corpus: 316, signal 96151/98940 (executing program) 1970/01/01 00:06:40 fetching corpus: 316, signal 96151/99011 (executing program) 1970/01/01 00:06:41 fetching corpus: 316, signal 96151/99077 (executing program) 1970/01/01 00:06:41 fetching corpus: 316, signal 96151/99142 (executing program) 1970/01/01 00:06:41 fetching corpus: 316, signal 96151/99206 (executing program) 1970/01/01 00:06:41 fetching corpus: 316, signal 96151/99285 (executing program) 1970/01/01 00:06:41 fetching corpus: 316, signal 96151/99352 (executing program) 1970/01/01 00:06:42 fetching corpus: 316, signal 96151/99413 (executing program) 1970/01/01 00:06:42 fetching corpus: 316, signal 96168/99467 (executing program) 1970/01/01 00:06:42 fetching corpus: 316, signal 96168/99539 (executing program) 1970/01/01 00:06:42 fetching corpus: 316, signal 96168/99583 (executing program) 1970/01/01 00:06:42 fetching corpus: 316, signal 96168/99583 (executing program) 1970/01/01 00:08:40 starting 2 fuzzer processes 00:08:40 executing program 0: r0 = syz_open_dev$sndpcmp(&(0x7f0000002100), 0x0, 0x0) fsetxattr$security_capability(r0, &(0x7f0000000000), 0x0, 0x0, 0x0) 00:08:40 executing program 1: vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x11) [ 558.875073][ T2038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 559.437590][ T2038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 560.644013][ T2039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 561.278374][ T2039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 572.815504][ T2038] device hsr_slave_0 entered promiscuous mode [ 572.876424][ T2038] device hsr_slave_1 entered promiscuous mode [ 574.941286][ T2039] device hsr_slave_0 entered promiscuous mode [ 574.981304][ T2039] device hsr_slave_1 entered promiscuous mode [ 575.031159][ T2039] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 575.035856][ T2039] Cannot create hsr debugfs directory [ 1020.452326][ T27] INFO: task syz-executor.0:2039 blocked for more than 430 seconds. [ 1020.458406][ T27] Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1020.491897][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1020.494197][ T27] task:syz-executor.0 state:D stack: 0 pid: 2039 ppid: 2035 flags:0x00000000 [ 1020.497147][ T27] Call Trace: [ 1020.531267][ T27] [] schedule+0x74/0x14c [ 1020.533546][ T27] [] schedule_preempt_disabled+0x16/0x28 [ 1020.535928][ T27] [] __mutex_lock+0x522/0xade [ 1020.537869][ T27] [] mutex_lock_nested+0x14/0x1c [ 1020.571713][ T27] [] new_device_store+0x106/0x46a [ 1020.573873][ T27] [] bus_attr_store+0x4e/0x6e [ 1020.575774][ T27] [] sysfs_kf_write+0x9c/0xbe [ 1020.577652][ T27] [] kernfs_fop_write_iter+0x264/0x32e [ 1020.610529][ T27] [] new_sync_write+0x296/0x3aa [ 1020.612804][ T27] [] vfs_write+0x2de/0x334 [ 1020.614763][ T27] [] ksys_write+0x10a/0x224 [ 1020.616682][ T27] [] sys_write+0x28/0x36 [ 1020.651016][ T27] [] ret_from_syscall+0x0/0x2 [ 1020.654148][ T27] [ 1020.654148][ T27] Showing all locks held in the system: [ 1020.656262][ T27] 2 locks held by kworker/1:0/20: [ 1020.657911][ T27] 1 lock held by khungtaskd/27: [ 1020.690505][ T27] #0: ffffffff84b73e00 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x3c/0x20e [ 1020.695627][ T27] 2 locks held by kworker/u4:6/1206: [ 1020.697188][ T27] #0: ffffaf8007229138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x524/0xffe [ 1020.733700][ T27] #1: ffffaf800ee9bcf0 ((kfence_timer).work){+.+.}-{0:0}, at: process_one_work+0x524/0xffe [ 1020.737986][ T27] 2 locks held by getty/1981: [ 1020.780319][ T27] #0: ffffaf805a4d8098 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3a/0x46 [ 1020.784466][ T27] #1: ffff8f8010b082e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xa52/0xbac [ 1020.788284][ T27] 2 locks held by syz-fuzzer/2019: [ 1020.821714][ T27] 3 locks held by kworker/1:1/2029: [ 1020.823245][ T27] #0: ffffaf800f0e7938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x524/0xffe [ 1020.827379][ T27] #1: ffffaf800bf6bcf0 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x524/0xffe [ 1020.863254][ T27] #2: ffffffff855cf108 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x22/0x2a [ 1020.866886][ T27] 6 locks held by syz-executor.1/2038: [ 1020.868404][ T27] 4 locks held by syz-executor.0/2039: [ 1020.901981][ T27] #0: ffffaf800c044460 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x104/0x334 [ 1020.906223][ T27] #1: ffffaf800ee16088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1fc/0x32e [ 1020.951013][ T27] #2: ffffaf800eba8660 (kn->active#124){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x32e [ 1020.955496][ T27] #3: ffffffff8515a428 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x106/0x46a [ 1020.980871][ T27] [ 1020.982095][ T27] ============================================= [ 1020.982095][ T27] [ 1020.983893][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 1020.986083][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1020.988583][ T27] Hardware name: riscv-virtio,qemu (DT) [ 1020.990194][ T27] Call Trace: [ 1020.991182][ T27] [] dump_backtrace+0x2e/0x3c [ 1020.992942][ T27] [] show_stack+0x34/0x40 [ 1020.994547][ T27] [] dump_stack_lvl+0xe4/0x150 [ 1020.996355][ T27] [] dump_stack+0x1c/0x24 [ 1020.997933][ T27] [] panic+0x24a/0x634 [ 1020.999577][ T27] [] touch_softlockup_watchdog+0x0/0x7a [ 1021.001361][ T27] [] kthread+0x19e/0x1fa [ 1021.003021][ T27] [] ret_from_exception+0x0/0x10 [ 1021.005204][ T27] SMP: stopping secondary CPUs [ 1023.367751][ T27] SMP: failed to stop secondary CPUs 0-1 [ 1023.371289][ T27] Rebooting in 86400 seconds.. VM DIAGNOSIS: 12:01:38 Registers: info registers vcpu 0 pc ffffffff831afa04 mhartid 0000000000000000 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff802372a2 sepc ffffffff80121626 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff800f78bc x2/sp ffffaf800938f360 x3/gp ffffffff85863ac0 x4/tp ffffaf80095ab080 x5/t0 0000000000046000 x6/t1 fffff5ef0b53c90c x7/t2 0000000000000000 x8/s0 ffffaf800938f390 x9/s1 ffffffff84a887c0 x10/a0 ffffffff84a887c0 x11/a1 0000000000000001 x12/a2 0000000000000001 x13/a3 0000000000000000 x14/a4 0000000000000000 x15/a5 ffffaf800938f3e8 x16/a6 3e13bb15d2ac2600 x17/a7 ffffffff800f77f8 x18/s2 ffffffff800f78bc x19/s3 0000000000000120 x20/s4 0000000000000000 x21/s5 0000000000000000 x22/s6 0000000000000001 x23/s7 ffffaf800938f3d0 x24/s8 ffffffff85889780 x25/s9 1ffff5f001271e74 x26/s10 ffffaf800938f440 x27/s11 ffffffff8018e412 x28/t3 fffffffff3f3f300 x29/t4 fffff5ef0b53c90c x30/t5 fffff5ef0b53c90d x31/t6 ffffffff86bd90f0 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80470762 mhartid 0000000000000001 mstatus 00000000000000a0 mip 00000000000002a2 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80470762 sepc 00000000000829c0 mcause 8000000000000003 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80470728 x2/sp ffffaf800d8afaf0 x3/gp ffffffff85863ac0 x4/tp ffffaf800e439840 x5/t0 ffffaf800d8afe00 x6/t1 fffffffef094deef x7/t2 0000000000000001 x8/s0 ffffaf800d8afb80 x9/s1 ffffaf80072ed780 x10/a0 0000000000000000 x11/a1 0000000000000007 x12/a2 1ffffffff09878ec x13/a3 ffffffff80be1fc8 x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff84a6f77f x18/s2 0000000000000a20 x19/s3 0000000000000000 x20/s4 0000000000000a20 x21/s5 ffffffff800737d8 x22/s6 ffffffff85889780 x23/s7 ffffffff85869700 x24/s8 0000000000000050 x25/s9 ffffaf800e43e9a8 x26/s10 0000000000000000 x27/s11 0000000000000016 x28/t3 fffffffff3f3f300 x29/t4 fffffffef094deef x30/t5 fffffffef094def0 x31/t6 0000000000082c90 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 414fffffe0000000 f3/ft3 43e0000000000000 f4/ft4 3ffe000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000