syzkaller login: [  504.418785][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  504.499826][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  535.328494][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:61620' (ECDSA) to the list of known hosts.
1970/01/01 00:09:28 fuzzer started
1970/01/01 00:09:45 dialing manager at localhost:42553
[  590.591129][ T2046] cgroup: Unknown subsys name 'net'
[  591.840344][ T2046] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:09:51 syscalls: 2821
1970/01/01 00:09:51 code coverage: enabled
1970/01/01 00:09:51 comparison tracing: enabled
1970/01/01 00:09:51 extra coverage: enabled
1970/01/01 00:09:51 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:09:51 setuid sandbox: enabled
1970/01/01 00:09:51 namespace sandbox: enabled
1970/01/01 00:09:51 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:09:51 fault injection: enabled
1970/01/01 00:09:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:09:51 net packet injection: enabled
1970/01/01 00:09:51 net device setup: enabled
1970/01/01 00:09:51 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:09:51 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:09:51 USB emulation: enabled
1970/01/01 00:09:51 hci packet injection: /dev/vhci does not exist
1970/01/01 00:09:51 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:09:51 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:09:52 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:09:58 fetching corpus: 50, signal 34409/37479 (executing program)
1970/01/01 00:10:03 fetching corpus: 99, signal 49671/53691 (executing program)
1970/01/01 00:10:07 fetching corpus: 148, signal 57743/62658 (executing program)
1970/01/01 00:10:09 fetching corpus: 197, signal 67368/72909 (executing program)
1970/01/01 00:10:13 fetching corpus: 247, signal 80466/86056 (executing program)
1970/01/01 00:10:16 fetching corpus: 297, signal 89127/94781 (executing program)
1970/01/01 00:10:19 fetching corpus: 347, signal 91844/98027 (executing program)
1970/01/01 00:10:22 fetching corpus: 396, signal 96986/103324 (executing program)
1970/01/01 00:10:27 fetching corpus: 446, signal 101555/107990 (executing program)
1970/01/01 00:10:30 fetching corpus: 494, signal 104372/111062 (executing program)
1970/01/01 00:10:35 fetching corpus: 544, signal 109471/115990 (executing program)
1970/01/01 00:10:38 fetching corpus: 594, signal 114632/120826 (executing program)
1970/01/01 00:10:42 fetching corpus: 644, signal 118306/124265 (executing program)
1970/01/01 00:10:46 fetching corpus: 693, signal 121172/127027 (executing program)
1970/01/01 00:10:49 fetching corpus: 742, signal 124444/130014 (executing program)
1970/01/01 00:10:52 fetching corpus: 792, signal 126417/131898 (executing program)
1970/01/01 00:10:56 fetching corpus: 842, signal 130655/135466 (executing program)
1970/01/01 00:10:58 fetching corpus: 892, signal 132390/137070 (executing program)
1970/01/01 00:11:01 fetching corpus: 942, signal 134888/139137 (executing program)
1970/01/01 00:11:05 fetching corpus: 992, signal 140623/143462 (executing program)
1970/01/01 00:11:08 fetching corpus: 1042, signal 142870/145201 (executing program)
1970/01/01 00:11:11 fetching corpus: 1092, signal 145639/147255 (executing program)
1970/01/01 00:11:14 fetching corpus: 1120, signal 148208/149087 (executing program)
1970/01/01 00:11:14 fetching corpus: 1120, signal 148208/149134 (executing program)
1970/01/01 00:11:14 fetching corpus: 1120, signal 148208/149174 (executing program)
1970/01/01 00:11:14 fetching corpus: 1120, signal 148208/149204 (executing program)
1970/01/01 00:11:14 fetching corpus: 1120, signal 148208/149258 (executing program)
1970/01/01 00:11:14 fetching corpus: 1120, signal 148208/149303 (executing program)
1970/01/01 00:11:14 fetching corpus: 1120, signal 148208/149350 (executing program)
1970/01/01 00:11:15 fetching corpus: 1120, signal 148208/149386 (executing program)
1970/01/01 00:11:15 fetching corpus: 1120, signal 148208/149420 (executing program)
1970/01/01 00:11:15 fetching corpus: 1120, signal 148208/149458 (executing program)
1970/01/01 00:11:15 fetching corpus: 1120, signal 148208/149507 (executing program)
1970/01/01 00:11:15 fetching corpus: 1120, signal 148208/149538 (executing program)
1970/01/01 00:11:15 fetching corpus: 1120, signal 148208/149580 (executing program)
1970/01/01 00:11:15 fetching corpus: 1120, signal 148208/149610 (executing program)
1970/01/01 00:11:16 fetching corpus: 1120, signal 148208/149651 (executing program)
1970/01/01 00:11:16 fetching corpus: 1120, signal 148208/149697 (executing program)
1970/01/01 00:11:16 fetching corpus: 1120, signal 148208/149739 (executing program)
1970/01/01 00:11:16 fetching corpus: 1120, signal 148208/149786 (executing program)
1970/01/01 00:11:16 fetching corpus: 1120, signal 148208/149819 (executing program)
1970/01/01 00:11:16 fetching corpus: 1120, signal 148208/149859 (executing program)
1970/01/01 00:11:16 fetching corpus: 1120, signal 148208/149895 (executing program)
1970/01/01 00:11:16 fetching corpus: 1120, signal 148208/149931 (executing program)
1970/01/01 00:11:17 fetching corpus: 1121, signal 148222/149980 (executing program)
1970/01/01 00:11:17 fetching corpus: 1121, signal 148222/150021 (executing program)
1970/01/01 00:11:17 fetching corpus: 1121, signal 148222/150057 (executing program)
1970/01/01 00:11:17 fetching corpus: 1121, signal 148222/150096 (executing program)
1970/01/01 00:11:17 fetching corpus: 1121, signal 148222/150142 (executing program)
1970/01/01 00:11:17 fetching corpus: 1121, signal 148222/150176 (executing program)
1970/01/01 00:11:18 fetching corpus: 1121, signal 148222/150222 (executing program)
1970/01/01 00:11:18 fetching corpus: 1121, signal 148222/150261 (executing program)
1970/01/01 00:11:18 fetching corpus: 1121, signal 148222/150304 (executing program)
1970/01/01 00:11:18 fetching corpus: 1121, signal 148222/150336 (executing program)
1970/01/01 00:11:18 fetching corpus: 1121, signal 148222/150379 (executing program)
1970/01/01 00:11:18 fetching corpus: 1121, signal 148222/150422 (executing program)
1970/01/01 00:11:18 fetching corpus: 1121, signal 148222/150460 (executing program)
1970/01/01 00:11:19 fetching corpus: 1121, signal 148222/150501 (executing program)
1970/01/01 00:11:19 fetching corpus: 1122, signal 148353/150589 (executing program)
1970/01/01 00:11:19 fetching corpus: 1122, signal 148353/150614 (executing program)
1970/01/01 00:11:19 fetching corpus: 1122, signal 148353/150650 (executing program)
1970/01/01 00:11:19 fetching corpus: 1122, signal 148353/150692 (executing program)
1970/01/01 00:11:19 fetching corpus: 1122, signal 148353/150733 (executing program)
1970/01/01 00:11:19 fetching corpus: 1122, signal 148353/150778 (executing program)
1970/01/01 00:11:19 fetching corpus: 1122, signal 148353/150809 (executing program)
1970/01/01 00:11:20 fetching corpus: 1122, signal 148353/150848 (executing program)
1970/01/01 00:11:20 fetching corpus: 1122, signal 148353/150893 (executing program)
1970/01/01 00:11:20 fetching corpus: 1122, signal 148353/150929 (executing program)
1970/01/01 00:11:20 fetching corpus: 1122, signal 148353/150969 (executing program)
1970/01/01 00:11:20 fetching corpus: 1122, signal 148353/151000 (executing program)
1970/01/01 00:11:20 fetching corpus: 1122, signal 148353/151035 (executing program)
1970/01/01 00:11:20 fetching corpus: 1122, signal 148353/151063 (executing program)
1970/01/01 00:11:21 fetching corpus: 1122, signal 148353/151102 (executing program)
1970/01/01 00:11:21 fetching corpus: 1122, signal 148353/151137 (executing program)
1970/01/01 00:11:21 fetching corpus: 1122, signal 148353/151164 (executing program)
1970/01/01 00:11:21 fetching corpus: 1122, signal 148353/151164 (executing program)
1970/01/01 00:13:15 starting 2 fuzzer processes
00:13:15 executing program 0:
r0 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_buf(r0, 0x29, 0x1a, &(0x7f0000000100)="12ba7a8f", 0x4)

00:13:15 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$bind(&(0x7f0000000100)='\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x40000, 0x0)
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x800)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RATTACH(r1, &(0x7f0000000080)={0x14}, 0xfdef)
tee(r0, r1, 0x9, 0x0)
statx(r1, &(0x7f0000000000)='./file0\x00', 0x800, 0x10, &(0x7f0000000580))
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1c3)

[  826.657725][ T2051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  827.340142][ T2051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  827.451148][ T2052] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  828.267290][ T2052] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  842.888734][ T2051] device hsr_slave_0 entered promiscuous mode
[  842.939632][ T2051] device hsr_slave_1 entered promiscuous mode
[  844.789607][ T2052] device hsr_slave_0 entered promiscuous mode
[  844.817937][ T2052] device hsr_slave_1 entered promiscuous mode
[  844.851183][ T2052] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  844.858768][ T2052] Cannot create hsr debugfs directory
[  851.020211][    C0] ==================================================================
[  851.023869][    C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260
[  851.025625][    C0] Read of size 8 at addr ffffaf800c6a3fd0 by task syz-executor.0/2051
[  851.027403][    C0] 
[  851.029821][    C0] CPU: 0 PID: 2051 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  851.032082][    C0] Hardware name: riscv-virtio,qemu (DT)
[  851.033488][    C0] Call Trace:
[  851.034832][    C0] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  851.036260][    C0] [<ffffffff831668cc>] show_stack+0x34/0x40
[  851.037626][    C0] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  851.039032][    C0] [<ffffffff8047479e>] print_address_description.constprop.0+0x2a/0x330
[  851.040720][    C0] [<ffffffff80474d4c>] kasan_report+0x184/0x1e0
[  851.042193][    C0] [<ffffffff80475b20>] __asan_load8+0x6e/0x96
[  851.043958][    C0] [<ffffffff8000a052>] walk_stackframe+0x11c/0x260
[  851.045422][    C0] [<ffffffff8000a4a4>] arch_stack_walk+0x2c/0x3c
[  851.047020][    C0] 
[  851.047908][    C0] Allocated by task 0:
[  851.048844][    C0] (stack is not available)
[  851.049715][    C0] 
[  851.050489][    C0] Last potentially related work creation:
[  851.051541][    C0] ------------[ cut here ]------------
[  851.052500][    C0] slab index 1931520 out of bounds (305) for stack id 229d7900
[  851.057597][    C0] WARNING: CPU: 0 PID: 2051 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70
[  851.059611][    C0] Modules linked in:
[  851.060876][    C0] CPU: 0 PID: 2051 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  851.062623][    C0] Hardware name: riscv-virtio,qemu (DT)
[  851.063800][    C0] epc : stack_depot_print+0x66/0x70
[  851.065231][    C0]  ra : stack_depot_print+0x66/0x70
[  851.066607][    C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800c6a3e90
[  851.067900][    C0]  gp : ffffffff85863ac0 tp : ffffaf800a096100 t0 : ffffffff86bcb657
[  851.069209][    C0]  t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800c6a3ea0
[  851.070706][    C0]  s1 : ffffaf807a9c6d00 a0 : 000000000000003c a1 : 00000000000f0000
[  851.072065][    C0]  a2 : 0000000000000103 a3 : ffffffff8012252a a4 : ec70b9df229d7900
[  851.073462][    C0]  a5 : ec70b9df229d7900 a6 : 0000000000f00000 a7 : ffffaf805a9c8863
[  851.075645][    C0]  s2 : ffffaf800c6a3fd0 s3 : ffffaf8007201c80 s4 : ffffaf800c6a3c00
[  851.077086][    C0]  s5 : ffffaf800c6a3e00 s6 : 0000000000003fff s7 : ffffaf800c6a3f70
[  851.078441][    C0]  s8 : ffffaf805a9de970 s9 : ffffffffffffc000 s10: ffffaf800c6a4040
[  851.079799][    C0]  s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c
[  851.081123][    C0]  t5 : fffff5ef0b53910d t6 : ffffaf800c6a3998
[  851.082328][    C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003
[  851.084442][    C0] [<ffffffff80474a70>] print_address_description.constprop.0+0x2fc/0x330
[  851.086136][    C0] [<ffffffff80474d4c>] kasan_report+0x184/0x1e0
[  851.087525][    C0] [<ffffffff80475b20>] __asan_load8+0x6e/0x96
[  851.088785][    C0] [<ffffffff8000a052>] walk_stackframe+0x11c/0x260
[  851.090199][    C0] [<ffffffff8000a4a4>] arch_stack_walk+0x2c/0x3c
[  851.091727][    C0] irq event stamp: 93315
[  851.092690][    C0] hardirqs last  enabled at (93314): [<ffffffff8041714a>] get_page_from_freelist+0xfc8/0x12d8
[  851.095707][    C0] hardirqs last disabled at (93315): [<ffffffff831afa4e>] _raw_spin_lock_irqsave+0x60/0x62
[  851.097460][    C0] softirqs last  enabled at (93222): [<ffffffff831b0bd0>] __do_softirq+0x618/0x8fc
[  851.099119][    C0] softirqs last disabled at (93227): [<ffffffff80061288>] __irq_exit_rcu+0x142/0x1f8
[  851.100790][    C0] ---[ end trace 0000000000000000 ]---
[  851.102322][    C0] 
[  851.103107][    C0] Second to last potentially related work creation:
[  851.104739][    C0] ------------[ cut here ]------------
[  851.106150][    C0] slab index 2076544 out of bounds (305) for stack id ffffaf80
[  851.110066][    C0] WARNING: CPU: 0 PID: 2051 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70
[  851.111882][    C0] Modules linked in:
[  851.113135][    C0] CPU: 0 PID: 2051 Comm: syz-executor.0 Tainted: G        W         5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  851.115936][    C0] Hardware name: riscv-virtio,qemu (DT)
[  851.116964][    C0] epc : stack_depot_print+0x66/0x70
[  851.118294][    C0]  ra : stack_depot_print+0x66/0x70
[  851.119588][    C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800c6a3e90
[  851.120877][    C0]  gp : ffffffff85863ac0 tp : ffffaf800a096100 t0 : ffffffff86bcb657
[  851.122156][    C0]  t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800c6a3ea0
[  851.123505][    C0]  s1 : ffffaf807a9c6d00 a0 : 000000000000003c a1 : 00000000000f0000
[  851.125791][    C0]  a2 : 0000000000000103 a3 : ffffffff8012252a a4 : ec70b9df229d7900
[  851.127052][    C0]  a5 : ec70b9df229d7900 a6 : 0000000000f00000 a7 : ffffaf805a9c8863
[  851.128333][    C0]  s2 : ffffaf800c6a3fd0 s3 : ffffaf8007201c80 s4 : ffffaf800c6a3c00
[  851.129656][    C0]  s5 : ffffaf800c6a3e00 s6 : 0000000000003fff s7 : ffffaf800c6a3f70
[  851.130894][    C0]  s8 : ffffaf805a9de970 s9 : ffffffffffffc000 s10: ffffaf800c6a4040
[  851.132100][    C0]  s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c
[  851.133466][    C0]  t5 : fffff5ef0b53910d t6 : ffffaf800c6a3998
[  851.135186][    C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003
[  851.136632][    C0] [<ffffffff80474a22>] print_address_description.constprop.0+0x2ae/0x330
[  851.138275][    C0] [<ffffffff80474d4c>] kasan_report+0x184/0x1e0
[  851.139692][    C0] [<ffffffff80475b20>] __asan_load8+0x6e/0x96
[  851.140967][    C0] [<ffffffff8000a052>] walk_stackframe+0x11c/0x260
[  851.142385][    C0] [<ffffffff8000a4a4>] arch_stack_walk+0x2c/0x3c
[  851.144376][    C0] irq event stamp: 93315
[  851.145555][    C0] hardirqs last  enabled at (93314): [<ffffffff8041714a>] get_page_from_freelist+0xfc8/0x12d8
[  851.147203][    C0] hardirqs last disabled at (93315): [<ffffffff831afa4e>] _raw_spin_lock_irqsave+0x60/0x62
[  851.148909][    C0] softirqs last  enabled at (93222): [<ffffffff831b0bd0>] __do_softirq+0x618/0x8fc
[  851.150496][    C0] softirqs last disabled at (93227): [<ffffffff80061288>] __irq_exit_rcu+0x142/0x1f8
[  851.152145][    C0] ---[ end trace 0000000000000000 ]---
[  851.153198][    C0] 
[  851.154270][    C0] The buggy address belongs to the object at ffffaf800c6a3c00
[  851.154270][    C0]  which belongs to the cache kmalloc-512 of size 512
[  851.157501][    C0] The buggy address is located 464 bytes to the right of
[  851.157501][    C0]  512-byte region [ffffaf800c6a3c00, ffffaf800c6a3e00)
[  851.159403][    C0] The buggy address belongs to the page:
[  851.160927][    C0] page:ffffaf807a9c6d00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8c8a0
[  851.162835][    C0] head:ffffaf807a9c6d00 order:2 compound_mapcount:0 compound_pincount:0
[  851.165232][    C0] flags: 0x8800010200(slab|head|section=17|node=0|zone=0)
[  851.168225][    C0] raw: 0000008800010200 0000000000000000 0000000000000001 ffffaf8007201c80
[  851.169703][    C0] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  851.170977][    C0] raw: 00000000000007ff
[  851.171965][    C0] page dumped because: kasan: bad access detected
[  851.173183][    C0] page_owner tracks the page as allocated
[  851.174717][    C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 40180008000, free_ts 40042385800
[  851.177163][    C0]  __set_page_owner+0x48/0x136
[  851.178417][    C0]  post_alloc_hook+0xd0/0x10a
[  851.179517][    C0]  get_page_from_freelist+0x8da/0x12d8
[  851.180676][    C0]  __alloc_pages+0x150/0x3b6
[  851.181797][    C0]  alloc_page_interleave+0x2a/0x1cc
[  851.182978][    C0]  alloc_pages+0x210/0x2a6
[  851.184453][    C0]  alloc_slab_page.constprop.0+0xc2/0xfa
[  851.185867][    C0]  new_slab+0x25a/0x2cc
[  851.187004][    C0]  ___slab_alloc+0x56e/0x918
[  851.188151][    C0]  __slab_alloc.constprop.0+0x50/0x8c
[  851.189359][    C0]  kmem_cache_alloc_trace+0x2a2/0x2e0
[  851.190583][    C0]  device_add+0xce0/0x129e
[  851.191752][    C0]  device_register+0x20/0x2a
[  851.192883][    C0]  tty_register_device_attr+0x27a/0x4bc
[  851.194722][    C0]  tty_register_driver+0x2ca/0x4b2
[  851.196613][    C0]  pty_init+0x354/0x7e6
[  851.197938][    C0] page last free stack trace:
[  851.198769][    C0]  __reset_page_owner+0x4a/0xea
[  851.199980][    C0]  free_pcp_prepare+0x29c/0x45e
[  851.201227][    C0]  free_unref_page+0x6a/0x31e
[  851.202380][    C0]  __free_pages+0xe2/0x112
[  851.203716][    C0]  put_task_stack+0x1d0/0x2b0
[  851.205170][    C0]  finish_task_switch.isra.0+0x3ce/0x420
[  851.206517][    C0]  __schedule+0x58e/0x118e
[  851.207660][    C0]  preempt_schedule_irq+0x4a/0x13e
[  851.208911][    C0]  resume_kernel+0x16/0x18
[  851.210238][    C0] 
[  851.210970][    C0] Memory state around the buggy address:
[  851.212336][    C0]  ffffaf800c6a3e80: 00 00 00 00 00 00 00 00 fc fc fc fc 00 00 00 00
[  851.213718][    C0]  ffffaf800c6a3f00: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[  851.215803][    C0] >ffffaf800c6a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  851.216942][    C0]                                                  ^
[  851.218129][    C0]  ffffaf800c6a4000: 00 00 00 00 f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3
[  851.219322][    C0]  ffffaf800c6a4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  851.220505][    C0] ==================================================================
[  851.221617][    C0] Disabling lock debugging due to kernel taint
[  851.260324][ T2051] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[  851.261777][ T2051] CPU: 0 PID: 2051 Comm: syz-executor.0 Tainted: G    B   W         5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  851.263130][ T2051] Hardware name: riscv-virtio,qemu (DT)
[  851.264409][ T2051] Call Trace:
[  851.265145][ T2051] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  851.266461][ T2051] [<ffffffff831668cc>] show_stack+0x34/0x40
[  851.267578][ T2051] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  851.268763][ T2051] [<ffffffff83175742>] dump_stack+0x1c/0x24
[  851.269907][ T2051] [<ffffffff83166fa8>] panic+0x24a/0x634
[  851.270900][ T2051] [<ffffffff831a688a>] schedule+0x0/0x14c
[  851.271987][ T2051] [<ffffffff831a70f8>] preempt_schedule_irq+0x4a/0x13e
[  851.273186][ T2051] [<ffffffff800057cc>] resume_kernel+0x16/0x18
[  851.274890][ T2051] SMP: stopping secondary CPUs
[  851.277263][ T2051] Rebooting in 86400 seconds..

VM DIAGNOSIS:
18:07:51  Registers:
info registers vcpu 0
 pc       ffffffff80c2b612
 mhartid  0000000000000000
 mstatus  00000000000000a0
 mip      00000000000000a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff80475ac2
 sepc     ffffffff8000a478
 mcause   8000000000000007
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff8011c7fa x2/sp ffffaf800c6a39e0 x3/gp ffffffff85863ac0
 x4/tp ffffaf800a096100 x5/t0 ffffaf800c6a3a83 x6/t1 fffff5ef018d4750 x7/t2 0000000000000000
 x8/s0 ffffaf800c6a3a10 x9/s1 ffffffff86bcb640 x10/a0 ffffffff86bcb640 x11/a1 000000000000000a
 x12/a2 0000000000000000 x13/a3 ffffffff8011c7ec x14/a4 ffffaf800a096100 x15/a5 0000000000000000
 x16/a6 ffffaf800c6a3a87 x17/a7 ffffaf800c6a3a85 x18/s2 ffffffff86bcb641 x19/s3 ffffffff86bcb640
 x20/s4 000000000000000a x21/s5 0000000000000017 x22/s6 0000000000000000 x23/s7 0000000000000400
 x24/s8 ffffaf800c6a3a70 x25/s9 0000000000000000 x26/s10 00000000000003e7 x27/s11 ffffaf800c6a3cc0
 x28/t3 0000000000000043 x29/t4 fffff5ef018d4750 x30/t5 fffff5ef018d4751 x31/t6 ffffaf800c6a3a86
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff831a24e4
 mhartid  0000000000000001
 mstatus  00000000000000a2
 mip      0000000000000000
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000f97e
 sepc     ffffffff801165e0
 mcause   0000000000000009
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff80112b12 x2/sp ffffaf80073bb9a0 x3/gp ffffffff85863ac0
 x4/tp ffffaf800f670000 x5/t0 ffffaf800c6cf530 x6/t1 ec70b9df229d7900 x7/t2 ffffffffffffffff
 x8/s0 ffffaf80073bbaa0 x9/s1 0000000000000001 x10/a0 ffffffff84b782f0 x11/a1 0000000000000002
 x12/a2 0000000000000002 x13/a3 ffffffff831a264a x14/a4 0000000000000001 x15/a5 ffffaf805a9e4840
 x16/a6 0000000000f00000 x17/a7 ffffffff8176b8f4 x18/s2 ffffaf80073bbb60 x19/s3 ffffaf800f670000
 x20/s4 ffffffff8586fd20 x21/s5 ffffaf800f670000 x22/s6 ffffffff86c1a620 x23/s7 0000000000000003
 x24/s8 ffffffff85889780 x25/s9 ffffaf801017c030 x26/s10 ffffffff850d46c0 x27/s11 ffffffff8588a420
 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f000e7772c x31/t6 0000000000040000
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000