syzkaller login: [ 278.482270][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 288.692739][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 288.811822][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 288.852307][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:27384' (ECDSA) to the list of known hosts. 1970/01/01 00:05:41 fuzzer started 1970/01/01 00:05:59 dialing manager at localhost:41861 1970/01/01 00:06:00 checking machine... 1970/01/01 00:06:00 checking revisions... executing program executing program 1970/01/01 00:06:07 testing simple program... [ 369.164063][ T2033] cgroup: Unknown subsys name 'net' [ 370.213009][ T2033] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program executing program executing program executing program executing program executing program [ 392.793674][ T2037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 392.924162][ T2037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link executing program executing program executing program [ 402.532503][ T2037] device hsr_slave_0 entered promiscuous mode [ 402.612529][ T2037] device hsr_slave_1 entered promiscuous mode executing program executing program [ 407.963126][ T2037] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 408.111669][ T2037] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 408.204154][ T2037] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 408.396305][ T2037] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program executing program [ 415.988972][ T2037] 8021q: adding VLAN 0 to HW filter on device bond0 executing program [ 416.330463][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 416.401765][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready executing program [ 421.396188][ T2068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 421.434939][ T2068] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 421.622515][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 421.672406][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 421.904436][ T2068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 422.070231][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready executing program [ 422.511026][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 422.546049][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 422.841327][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 422.860624][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 423.103480][ T2037] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 423.762409][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 423.792018][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready executing program executing program executing program executing program executing program [ 439.332485][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 439.382994][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready executing program executing program [ 444.819615][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 444.884734][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 445.031331][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 445.061565][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 445.244253][ T2037] device veth0_vlan entered promiscuous mode [ 445.686232][ T2037] device veth1_vlan entered promiscuous mode executing program [ 446.591804][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 446.635190][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 446.841757][ T2037] device veth0_macvtap entered promiscuous mode [ 446.921032][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 447.169991][ T2037] device veth1_macvtap entered promiscuous mode [ 447.938547][ T1305] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 447.985009][ T1305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 448.254333][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 448.305144][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 448.588351][ T2037] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.591161][ T2037] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.592511][ T2037] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.593667][ T2037] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program executing program 1970/01/01 00:07:32 building call list... executing program executing program [ 459.766538][ T26] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 461.590951][ T26] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.382183][ T26] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.953462][ T26] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program executing program executing program executing program [ 475.713396][ T26] device hsr_slave_0 left promiscuous mode [ 475.809166][ T26] device hsr_slave_1 left promiscuous mode executing program [ 476.300757][ T26] device veth1_macvtap left promiscuous mode [ 476.365655][ T26] device veth0_macvtap left promiscuous mode [ 476.399592][ T26] device veth1_vlan left promiscuous mode [ 476.406092][ T26] device veth0_vlan left promiscuous mode executing program executing program executing program executing program executing program executing program executing program [ 499.875018][ T26] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface executing program [ 500.646262][ T26] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface executing program [ 504.296730][ T26] bond0 (unregistering): Released all slaves executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 579.375745][ T2026] can: request_module (can-proto-0) failed. [ 580.664409][ T2407] can: request_module (can-proto-0) failed. executing program [ 581.961868][ T2407] can: request_module (can-proto-0) failed. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 618.742646][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 618.774430][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 618.870926][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 618.934360][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 1970/01/01 00:10:58 syscalls: 2870 1970/01/01 00:10:58 code coverage: enabled 1970/01/01 00:10:58 comparison tracing: enabled 1970/01/01 00:10:58 extra coverage: enabled 1970/01/01 00:10:58 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:10:58 setuid sandbox: enabled 1970/01/01 00:10:58 namespace sandbox: enabled 1970/01/01 00:10:58 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:10:58 fault injection: enabled 1970/01/01 00:10:58 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:10:58 net packet injection: enabled 1970/01/01 00:10:58 net device setup: enabled 1970/01/01 00:10:58 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:10:58 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:10:58 USB emulation: enabled 1970/01/01 00:10:58 hci packet injection: /dev/vhci does not exist 1970/01/01 00:10:58 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:10:58 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:10:58 fetching corpus: 0, signal 0/0 (executing program) 1970/01/01 00:10:58 fetching corpus: 1, signal 209/209 (executing program) 1970/01/01 00:10:58 fetching corpus: 1, signal 209/209 (executing program) 1970/01/01 00:13:15 starting 2 fuzzer processes 00:13:15 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='oom_score\x00') read$FUSE(r1, &(0x7f00000021c0)={0x2020}, 0x2020) 00:13:16 executing program 1: r0 = syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000541000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_open_procfs(0x0, 0x0) syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x2, 0x0, 0x8}, 0x0) io_uring_enter(r0, 0x547c, 0x0, 0x0, 0x0, 0x0) [ 828.166570][ T2549] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 828.702315][ T2549] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 828.814087][ T2551] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 829.503426][ T2551] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 848.509139][ T2551] device hsr_slave_0 entered promiscuous mode [ 848.590169][ T2551] device hsr_slave_1 entered promiscuous mode [ 849.911496][ T2549] device hsr_slave_0 entered promiscuous mode [ 850.005460][ T2549] device hsr_slave_1 entered promiscuous mode [ 850.071638][ T2549] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 850.100628][ T2549] Cannot create hsr debugfs directory [ 865.201076][ T2551] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 865.459509][ T2551] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 865.671578][ T2551] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 866.074164][ T2551] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 878.801515][ T2549] 8021q: adding VLAN 0 to HW filter on device bond0 [ 879.706642][ T2814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 879.760908][ T2814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 880.581146][ T2551] 8021q: adding VLAN 0 to HW filter on device bond0 [ 881.131096][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 881.184056][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 889.076669][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 889.172161][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 889.533480][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 889.581341][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 889.839764][ T1305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 890.873366][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 890.933508][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 890.955540][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 891.251105][ T2814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 891.335278][ T2814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 891.752735][ T2814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 891.812159][ T2814] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 891.863607][ T2814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 891.913736][ T2814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 892.221144][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 892.742340][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 893.790351][ T1305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 893.844124][ T1305] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 894.710704][ T2551] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 894.801923][ T2551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 895.276156][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 895.284270][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 895.294516][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 895.323265][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 896.061732][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 896.066324][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 923.523748][ C0] ================================================================== [ 923.525050][ C0] BUG: KASAN: use-after-free in __bfs+0x154/0x394 [ 923.526202][ C0] Read of size 8 at addr ffffaf8020bcbf90 by task modprobe/3208 [ 923.528002][ C0] [ 923.530054][ C0] CPU: 0 PID: 3208 Comm: modprobe Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 923.532002][ C0] Hardware name: riscv-virtio,qemu (DT) [ 923.533022][ C0] Call Trace: [ 923.533750][ C0] [] dump_backtrace+0x2e/0x3c [ 923.534848][ C0] [] show_stack+0x34/0x40 [ 923.535823][ C0] [] dump_stack_lvl+0xe4/0x150 [ 923.537009][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 923.539006][ C0] [] kasan_report+0x184/0x1e0 [ 923.540173][ C0] [] __asan_load8+0x6e/0x96 [ 923.541176][ C0] [] __bfs+0x154/0x394 [ 923.542135][ C0] [] check_path.constprop.0+0x24/0x46 [ 923.543214][ C0] [] check_noncircular+0x11a/0x1fe [ 923.544468][ C0] [ 923.545012][ C0] The buggy address belongs to the page: [ 923.546146][ C0] page:ffffaf807af7e118 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa0dcb [ 923.548467][ C0] flags: 0xa000000000(section=20|node=0|zone=0) [ 923.550655][ C0] raw: 000000a000000000 ffffaf807ab28348 ffffaf807af7e0d8 0000000000000000 [ 923.551734][ C0] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 923.552669][ C0] raw: 00000000000007ff [ 923.553347][ C0] page dumped because: kasan: bad access detected [ 923.554295][ C0] page_owner tracks the page as freed [ 923.555034][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2068, ts 844225826700, free_ts 873361264900 [ 923.557691][ C0] __set_page_owner+0x48/0x136 [ 923.558777][ C0] post_alloc_hook+0xd0/0x10a [ 923.559532][ C0] get_page_from_freelist+0x8da/0x12d8 [ 923.560275][ C0] __alloc_pages+0x150/0x3b6 [ 923.561027][ C0] alloc_pages+0x132/0x2a6 [ 923.561772][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 923.562505][ C0] new_slab+0x76/0x2cc [ 923.563722][ C0] ___slab_alloc+0x56e/0x918 [ 923.564536][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 923.565494][ C0] __kmalloc_node_track_caller+0x26c/0x362 [ 923.566295][ C0] __alloc_skb+0xee/0x2e4 [ 923.567558][ C0] nsim_dev_trap_report_work+0x1c2/0x5e4 [ 923.569253][ C0] process_one_work+0x654/0xffe [ 923.570312][ C0] worker_thread+0x360/0x8fa [ 923.571168][ C0] kthread+0x19e/0x1fa [ 923.571987][ C0] ret_from_exception+0x0/0x10 [ 923.572833][ C0] page last free stack trace: [ 923.573477][ C0] __reset_page_owner+0x4a/0xea [ 923.574226][ C0] free_pcp_prepare+0x29c/0x45e [ 923.575077][ C0] free_unref_page+0x6a/0x31e [ 923.575728][ C0] __free_pages+0xe2/0x112 [ 923.576410][ C0] __free_slab+0x122/0x27c [ 923.577209][ C0] discard_slab+0x4c/0x7a [ 923.578469][ C0] __unfreeze_partials+0x16a/0x18e [ 923.579781][ C0] put_cpu_partial+0xf6/0x162 [ 923.581118][ C0] __slab_free+0x166/0x29c [ 923.581898][ C0] ___cache_free+0x17c/0x354 [ 923.582749][ C0] qlist_free_all+0x7c/0x132 [ 923.583547][ C0] kasan_quarantine_reduce+0x14c/0x1c8 [ 923.584549][ C0] __kasan_slab_alloc+0x5c/0x98 [ 923.585491][ C0] __kmalloc+0x156/0x318 [ 923.586246][ C0] tomoyo_realpath_from_path+0x9c/0x3f4 [ 923.587451][ C0] tomoyo_realpath_nofollow+0xf2/0x10a [ 923.589114][ C0] [ 923.589773][ C0] Memory state around the buggy address: [ 923.591304][ C0] ffffaf8020bcbe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 923.592224][ C0] ffffaf8020bcbf00: ff ff ff ff 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 [ 923.593108][ C0] >ffffaf8020bcbf80: ff ff ff ff 00 00 00 f3 f3 f3 f3 f3 ff ff ff ff [ 923.593970][ C0] ^ [ 923.594670][ C0] ffffaf8020bcc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 923.595518][ C0] ffffaf8020bcc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 923.596426][ C0] ================================================================== [ 923.597861][ C0] Disabling lock debugging due to kernel taint [ 923.609628][ T3208] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 923.611058][ T3208] CPU: 0 PID: 3208 Comm: modprobe Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 923.612486][ T3208] Hardware name: riscv-virtio,qemu (DT) [ 923.613242][ T3208] Call Trace: [ 923.613862][ T3208] [] dump_backtrace+0x2e/0x3c [ 923.614992][ T3208] [] show_stack+0x34/0x40 [ 923.615920][ T3208] [] dump_stack_lvl+0xe4/0x150 [ 923.617466][ T3208] [] dump_stack+0x1c/0x24 [ 923.619159][ T3208] [] panic+0x24a/0x634 [ 923.620247][ T3208] [] schedule+0x0/0x14c [ 923.621300][ T3208] [] preempt_schedule_common+0x4e/0xde [ 923.622536][ T3208] [] preempt_schedule+0x34/0x36 [ 923.623823][ T3208] [] _raw_spin_unlock+0x60/0x6a [ 923.624936][ T3208] [] filemap_map_pages+0xc42/0xc6a [ 923.626020][ T3208] [] __handle_mm_fault+0x1b08/0x23a4 [ 923.627235][ T3208] [] handle_mm_fault+0x296/0x674 [ 923.629173][ T3208] [] do_page_fault+0x308/0xa3c [ 923.630452][ T3208] [] ret_from_exception+0x0/0x10 [ 923.631772][ T3208] [] strncpy_from_user+0x1f2/0x466 [ 923.633352][ T3208] SMP: stopping secondary CPUs [ 923.635670][ T3208] Rebooting in 86400 seconds.. VM DIAGNOSIS: 21:32:21 Registers: info registers vcpu 0 pc ffffffff8011dac4 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475986 sepc ffffffff801159d0 mcause 8000000000000007 scause 8000000000000009 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8011dac4 x2/sp ffffaf8020bcbcc0 x3/gp ffffffff85863ac0 x4/tp ffffaf800e4ee100 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0b0caa0 x7/t2 0000000000000000 x8/s0 ffffaf8020bcbd00 x9/s1 0000000000000000 x10/a0 0000000000000001 x11/a1 0000000000000004 x12/a2 0000000000000001 x13/a3 ffffffff8011dac4 x14/a4 0000000000000003 x15/a5 0000000000000004 x16/a6 ffffffff85865500 x17/a7 ffffffff85865503 x18/s2 ffffffff8453a6b0 x19/s3 ffffffff8010dd9a x20/s4 0000000000000000 x21/s5 ffffffff85863560 x22/s6 ffffffff8588bb20 x23/s7 ffffffff85e09180 x24/s8 ffffaf8020bcbea0 x25/s9 ffffaf800e4eed48 x26/s10 ffffffff85899680 x27/s11 ffffaf800e4ee100 x28/t3 ffffffff801163b2 x29/t4 fffffffef0b0caa0 x30/t5 fffffffef0b0caa1 x31/t6 ffffaf8020bcb878 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80200f00 mhartid 0000000000000001 mstatus 00000000000001a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff831afca4 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8013fa68 x2/sp ffffaf80106738e0 x3/gp ffffffff85863ac0 x4/tp ffffaf800bcb8000 x5/t0 0000000000046000 x6/t1 a1b268d7cbdb4000 x7/t2 ffffffffffffffff x8/s0 ffffaf8010673960 x9/s1 0000000000000001 x10/a0 ffffaf800bcb8008 x11/a1 0000000000000003 x12/a2 1ffff5f001797001 x13/a3 ffffffff831a2498 x14/a4 ffffaf800bcb8000 x15/a5 0000000000000103 x16/a6 0000000000f00000 x17/a7 ad1612b036600000 x18/s2 ffffaf800bcb8a20 x19/s3 ffffaf805a9f4c98 x20/s4 0000000000000101 x21/s5 ffffaf805a9f4ec0 x22/s6 ffffaf805a9f4c80 x23/s7 ffffaf805a9f5c80 x24/s8 ffffffff86c1a620 x25/s9 0000000000000001 x26/s10 ffffaf805a9f5678 x27/s11 0000000000001000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0020ce6d0 x31/t6 0000000000040000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000