syzkaller login: [ 268.878328][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 277.817679][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 277.888656][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 277.972109][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:27777' (ECDSA) to the list of known hosts. 1970/01/01 00:05:14 fuzzer started 1970/01/01 00:05:27 dialing manager at localhost:40155 1970/01/01 00:05:28 checking machine... 1970/01/01 00:05:28 checking revisions... executing program executing program 1970/01/01 00:05:35 testing simple program... [ 336.863756][ T2033] cgroup: Unknown subsys name 'net' [ 338.164131][ T2033] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program executing program executing program executing program executing program executing program [ 359.889331][ T2037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 360.015269][ T2037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link executing program executing program executing program [ 368.947888][ T2037] device hsr_slave_0 entered promiscuous mode [ 368.989699][ T2037] device hsr_slave_1 entered promiscuous mode executing program executing program [ 376.652637][ T2037] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 376.788742][ T2037] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 376.938007][ T2037] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 377.072102][ T2037] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program executing program executing program [ 384.924452][ T2037] 8021q: adding VLAN 0 to HW filter on device bond0 [ 385.184484][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 385.257031][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready executing program executing program [ 390.485835][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 390.526984][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 390.744380][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 390.783108][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 390.986465][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 391.258676][ T2115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 391.737549][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 391.762358][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 391.982912][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 392.017149][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready executing program [ 392.264568][ T2037] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 392.924238][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 392.927847][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready executing program executing program executing program executing program executing program [ 408.532625][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 408.574563][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready executing program executing program [ 414.126045][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 414.222165][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 414.333827][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 414.376260][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 414.461395][ T2037] device veth0_vlan entered promiscuous mode [ 414.875353][ T2037] device veth1_vlan entered promiscuous mode [ 415.872943][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 415.929170][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 416.155644][ T2037] device veth0_macvtap entered promiscuous mode executing program [ 416.347700][ T2037] device veth1_macvtap entered promiscuous mode [ 416.584552][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 416.617838][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 417.109691][ T2115] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 417.182730][ T2115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 417.446658][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 417.508288][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 417.723527][ T2037] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 417.727309][ T2037] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 417.729010][ T2037] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 417.753231][ T2037] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program executing program 1970/01/01 00:07:02 building call list... executing program executing program [ 429.895258][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.922464][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 431.925783][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.025843][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program executing program executing program executing program [ 445.316383][ T9] device hsr_slave_0 left promiscuous mode [ 445.395308][ T9] device hsr_slave_1 left promiscuous mode [ 445.864193][ T9] device veth1_macvtap left promiscuous mode [ 445.894905][ T9] device veth0_macvtap left promiscuous mode [ 445.945481][ T9] device veth1_vlan left promiscuous mode [ 445.989152][ T9] device veth0_vlan left promiscuous mode executing program executing program executing program executing program executing program [ 465.025232][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 465.745582][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface executing program executing program [ 472.337932][ T9] bond0 (unregistering): Released all slaves executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 531.153502][ T2027] can: request_module (can-proto-0) failed. [ 532.609326][ T2027] can: request_module (can-proto-0) failed. executing program [ 534.237399][ T2027] can: request_module (can-proto-0) failed. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 564.707178][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 564.784584][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 564.844061][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. executing program executing program executing program [ 574.183129][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. executing program executing program executing program executing program executing program executing program executing program executing program 1970/01/01 00:09:58 syscalls: 2827 1970/01/01 00:09:58 code coverage: enabled 1970/01/01 00:09:59 comparison tracing: enabled 1970/01/01 00:09:59 extra coverage: enabled 1970/01/01 00:09:59 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:09:59 setuid sandbox: enabled 1970/01/01 00:09:59 namespace sandbox: enabled 1970/01/01 00:09:59 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:09:59 fault injection: enabled 1970/01/01 00:09:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:09:59 net packet injection: enabled 1970/01/01 00:09:59 net device setup: enabled 1970/01/01 00:09:59 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:09:59 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:09:59 USB emulation: enabled 1970/01/01 00:09:59 hci packet injection: /dev/vhci does not exist 1970/01/01 00:09:59 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:09:59 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:09:59 fetching corpus: 0, signal 0/0 (executing program) 1970/01/01 00:09:59 fetching corpus: 0, signal 0/0 (executing program) 1970/01/01 00:11:33 starting 2 fuzzer processes 00:11:33 executing program 0: socket(0x1d, 0x0, 0x10001) 00:11:33 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000001340)="8a", 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000000c0)) [ 727.514387][ T2550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 727.766520][ T2550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 732.447132][ T2552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 732.534141][ T2552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 744.796013][ T2550] device hsr_slave_0 entered promiscuous mode [ 744.893360][ T2550] device hsr_slave_1 entered promiscuous mode [ 749.988627][ T2552] device hsr_slave_0 entered promiscuous mode [ 750.049432][ T2552] device hsr_slave_1 entered promiscuous mode [ 750.098421][ T2552] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 750.108562][ T2552] Cannot create hsr debugfs directory [ 758.039835][ C0] ================================================================== [ 758.044659][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 758.046338][ C0] Read of size 8 at addr ffffaf801c243e50 by task syz-executor.0/2552 [ 758.048271][ C0] [ 758.050335][ C0] CPU: 0 PID: 2552 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 758.052342][ C0] Hardware name: riscv-virtio,qemu (DT) [ 758.053715][ C0] Call Trace: [ 758.054813][ C0] [] dump_backtrace+0x2e/0x3c [ 758.056328][ C0] [] show_stack+0x34/0x40 [ 758.057655][ C0] [] dump_stack_lvl+0xe4/0x150 [ 758.059120][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 758.061388][ C0] [] kasan_report+0x184/0x1e0 [ 758.062587][ C0] [] __asan_load8+0x6e/0x96 [ 758.063950][ C0] [] walk_stackframe+0x11c/0x260 [ 758.065261][ C0] [] arch_stack_walk+0x2c/0x3c [ 758.066644][ C0] [] stack_trace_save+0xa6/0xd8 [ 758.067948][ C0] [] save_stack+0x112/0x16c [ 758.069416][ C0] [ 758.070296][ C0] Allocated by task 0: [ 758.071201][ C0] (stack is not available) [ 758.072105][ C0] [ 758.072865][ C0] Last potentially related work creation: [ 758.073890][ C0] ------------[ cut here ]------------ [ 758.074557][ C0] slab index 274560 out of bounds (370) for stack id 09c43080 [ 758.082438][ C0] WARNING: CPU: 0 PID: 2552 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 758.084236][ C0] Modules linked in: [ 758.085198][ C0] CPU: 0 PID: 2552 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 758.086463][ C0] Hardware name: riscv-virtio,qemu (DT) [ 758.087402][ C0] epc : stack_depot_print+0x66/0x70 [ 758.088473][ C0] ra : stack_depot_print+0x66/0x70 [ 758.089499][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf801c243d10 [ 758.091337][ C0] gp : ffffffff85863ac0 tp : ffffaf8009c43080 t0 : ffffffff86bcb657 [ 758.093147][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf801c243d20 [ 758.094243][ C0] s1 : ffffaf807ae332d8 a0 : 000000000000003b a1 : 00000000000f0000 [ 758.095316][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : 7e8ec06d9e5d1300 [ 758.096423][ C0] a5 : 7e8ec06d9e5d1300 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 758.097488][ C0] s2 : ffffaf801c243e50 s3 : ffffaf80072ed280 s4 : ffffaf801c243d98 [ 758.098621][ C0] s5 : ffffaf801c243e40 s6 : 0000000000003fff s7 : ffffaf801c243df0 [ 758.099710][ C0] s8 : ffffaf805a9de970 s9 : ffffffffffffc000 s10: ffffaf801c243ec0 [ 758.102306][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 758.103600][ C0] t5 : fffff5ef0b53910d t6 : ffffaf801c243818 [ 758.104540][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 758.105773][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 758.107092][ C0] [] kasan_report+0x184/0x1e0 [ 758.108275][ C0] [] __asan_load8+0x6e/0x96 [ 758.109280][ C0] [] walk_stackframe+0x11c/0x260 [ 758.111365][ C0] [] arch_stack_walk+0x2c/0x3c [ 758.113369][ C0] [] stack_trace_save+0xa6/0xd8 [ 758.114582][ C0] [] save_stack+0x112/0x16c [ 758.115904][ C0] irq event stamp: 85847 [ 758.116687][ C0] hardirqs last enabled at (85846): [] get_page_from_freelist+0xfc8/0x12d8 [ 758.118194][ C0] hardirqs last disabled at (85847): [] _raw_spin_lock_irqsave+0x60/0x62 [ 758.119693][ C0] softirqs last enabled at (85150): [] __do_softirq+0x618/0x8fc [ 758.121978][ C0] softirqs last disabled at (85155): [] __irq_exit_rcu+0x142/0x1f8 [ 758.123424][ C0] ---[ end trace 0000000000000000 ]--- [ 758.124737][ C0] [ 758.125353][ C0] Second to last potentially related work creation: [ 758.126234][ C0] ------------[ cut here ]------------ [ 758.127030][ C0] slab index 2076544 out of bounds (370) for stack id ffffaf80 [ 758.129764][ C0] WARNING: CPU: 0 PID: 2552 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 758.131880][ C0] Modules linked in: [ 758.132995][ C0] CPU: 0 PID: 2552 Comm: syz-executor.0 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 758.134410][ C0] Hardware name: riscv-virtio,qemu (DT) [ 758.135320][ C0] epc : stack_depot_print+0x66/0x70 [ 758.136423][ C0] ra : stack_depot_print+0x66/0x70 [ 758.137433][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf801c243d10 [ 758.138450][ C0] gp : ffffffff85863ac0 tp : ffffaf8009c43080 t0 : ffffffff86bcb657 [ 758.139486][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf801c243d20 [ 758.141179][ C0] s1 : ffffaf807ae332d8 a0 : 000000000000003c a1 : 00000000000f0000 [ 758.143167][ C0] a2 : 0000000000000505 a3 : ffffffff8012252a a4 : 7e8ec06d9e5d1300 [ 758.144896][ C0] a5 : 7e8ec06d9e5d1300 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 758.145970][ C0] s2 : ffffaf801c243e50 s3 : ffffaf80072ed280 s4 : ffffaf801c243d98 [ 758.147019][ C0] s5 : ffffaf801c243e40 s6 : 0000000000003fff s7 : ffffaf801c243df0 [ 758.148050][ C0] s8 : ffffaf805a9de970 s9 : ffffffffffffc000 s10: ffffaf801c243ec0 [ 758.149277][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 758.151280][ C0] t5 : fffff5ef0b53910d t6 : ffffaf801c243818 [ 758.152486][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 758.154793][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 758.156184][ C0] [] kasan_report+0x184/0x1e0 [ 758.157333][ C0] [] __asan_load8+0x6e/0x96 [ 758.158397][ C0] [] walk_stackframe+0x11c/0x260 [ 758.159549][ C0] [] arch_stack_walk+0x2c/0x3c [ 758.161401][ C0] [] stack_trace_save+0xa6/0xd8 [ 758.163213][ C0] [] save_stack+0x112/0x16c [ 758.164378][ C0] irq event stamp: 85847 [ 758.165080][ C0] hardirqs last enabled at (85846): [] get_page_from_freelist+0xfc8/0x12d8 [ 758.166451][ C0] hardirqs last disabled at (85847): [] _raw_spin_lock_irqsave+0x60/0x62 [ 758.167791][ C0] softirqs last enabled at (85150): [] __do_softirq+0x618/0x8fc [ 758.169076][ C0] softirqs last disabled at (85155): [] __irq_exit_rcu+0x142/0x1f8 [ 758.171580][ C0] ---[ end trace 0000000000000000 ]--- [ 758.173169][ C0] [ 758.174007][ C0] The buggy address belongs to the object at ffffaf801c243d98 [ 758.174007][ C0] which belongs to the cache kernfs_node_cache of size 168 [ 758.175639][ C0] The buggy address is located 16 bytes to the right of [ 758.175639][ C0] 168-byte region [ffffaf801c243d98, ffffaf801c243e40) [ 758.177177][ C0] The buggy address belongs to the page: [ 758.178489][ C0] page:ffffaf807ae332d8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9c443 [ 758.180008][ C0] flags: 0x9800000200(slab|section=19|node=0|zone=0) [ 758.183043][ C0] raw: 0000009800000200 0000000000000000 0000000000000122 ffffaf80072ed280 [ 758.184172][ C0] raw: 0000000000000000 0000000000110011 00000001ffffffff 0000000000000000 [ 758.185121][ C0] raw: 00000000000007ff [ 758.185854][ C0] page dumped because: kasan: bad access detected [ 758.186839][ C0] page_owner tracks the page as allocated [ 758.187661][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 2550, ts 711087179200, free_ts 711078988800 [ 758.189300][ C0] __set_page_owner+0x48/0x136 [ 758.190443][ C0] post_alloc_hook+0xd0/0x10a [ 758.191629][ C0] get_page_from_freelist+0x8da/0x12d8 [ 758.192654][ C0] __alloc_pages+0x150/0x3b6 [ 758.193855][ C0] alloc_pages+0x132/0x2a6 [ 758.195121][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 758.196481][ C0] new_slab+0x76/0x2cc [ 758.197556][ C0] ___slab_alloc+0x56e/0x918 [ 758.198702][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 758.199796][ C0] kmem_cache_alloc+0x39c/0x3de [ 758.201442][ C0] __kernfs_new_node+0xfc/0x5f2 [ 758.202574][ C0] kernfs_new_node+0x66/0xbe [ 758.203652][ C0] __kernfs_create_file+0x4e/0x1e8 [ 758.204764][ C0] sysfs_add_file_mode_ns+0x138/0x254 [ 758.205855][ C0] internal_create_group+0x274/0x722 [ 758.207086][ C0] sysfs_create_group+0x22/0x2e [ 758.208233][ C0] page last free stack trace: [ 758.209208][ C0] __reset_page_owner+0x4a/0xea [ 758.210713][ C0] free_pcp_prepare+0x29c/0x45e [ 758.212233][ C0] free_unref_page+0x6a/0x31e [ 758.213366][ C0] __free_pages+0xe2/0x112 [ 758.214335][ C0] free_pages.part.0+0xe0/0xf6 [ 758.215563][ C0] free_pages+0xe/0x18 [ 758.216570][ C0] __mmdrop+0x86/0x2ac [ 758.217758][ C0] mmput+0x2a2/0x2c2 [ 758.218682][ C0] free_bprm+0xbc/0x1de [ 758.219970][ C0] kernel_execve+0x214/0x288 [ 758.221028][ C0] call_usermodehelper_exec_async+0x1c0/0x2dc [ 758.222402][ C0] ret_from_exception+0x0/0x10 [ 758.223560][ C0] [ 758.224330][ C0] Memory state around the buggy address: [ 758.225724][ C0] ffffaf801c243d00: 00 00 00 00 00 00 00 00 00 00 00 fc 00 00 00 00 [ 758.227081][ C0] ffffaf801c243d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 758.228420][ C0] >ffffaf801c243e00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 758.229492][ C0] ^ [ 758.231163][ C0] ffffaf801c243e80: 00 00 00 00 f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 [ 758.232400][ C0] ffffaf801c243f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 758.233776][ C0] ================================================================== [ 758.235436][ C0] Disabling lock debugging due to kernel taint [ 758.250061][ T2552] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 758.251700][ T2552] CPU: 0 PID: 2552 Comm: syz-executor.0 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 758.254117][ T2552] Hardware name: riscv-virtio,qemu (DT) [ 758.254996][ T2552] Call Trace: [ 758.255860][ T2552] [] dump_backtrace+0x2e/0x3c [ 758.257111][ T2552] [] show_stack+0x34/0x40 [ 758.258054][ T2552] [] dump_stack_lvl+0xe4/0x150 [ 758.259297][ T2552] [] dump_stack+0x1c/0x24 [ 758.260860][ T2552] [] panic+0x24a/0x634 [ 758.261923][ T2552] [] schedule+0x0/0x14c [ 758.262858][ T2552] [] preempt_schedule_irq+0x4a/0x13e [ 758.264344][ T2552] [] resume_kernel+0x16/0x18 [ 758.265915][ T2552] SMP: stopping secondary CPUs [ 758.268358][ T2552] Rebooting in 86400 seconds.. VM DIAGNOSIS: 23:07:00 Registers: info registers vcpu 0 pc ffffffff801225e0 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff801212ba sepc ffffffff827397de mcause 8000000000000007 scause 8000000000000009 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff801225d6 x2/sp ffffaf801c2439b0 x3/gp ffffffff85863ac0 x4/tp ffffaf8009c43080 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0d796ca x7/t2 0000000000000000 x8/s0 ffffaf801c2439e0 x9/s1 0000000000000020 x10/a0 ffffaf805a9c887c x11/a1 0000000000000007 x12/a2 1ffff5f00b53910f x13/a3 ffffffff801225d6 x14/a4 0000000000000000 x15/a5 0000000000000001 x16/a6 0000000000f00000 x17/a7 ffffffff86bcb656 x18/s2 ffffffff86c1a620 x19/s3 0000000000000020 x20/s4 ffffaf801c243b40 x21/s5 ffffaf801c243a60 x22/s6 ffffffff8588c1a0 x23/s7 ffffffff8588c3e0 x24/s8 ffffffff8588c220 x25/s9 ffffffff84a88520 x26/s10 ffffffff858655c0 x27/s11 ffffaf801c243b40 x28/t3 0000000000000043 x29/t4 fffffffef0d796c8 x30/t5 fffffffef0d796cb x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80475986 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 00007fffa84ff264 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80119b52 x2/sp ffffaf800ee4f7e0 x3/gp ffffffff85863ac0 x4/tp ffffaf800d9148c0 x5/t0 00000000000001f8 x6/t1 7e8ec06d9e5d1300 x7/t2 ffffffffffffffff x8/s0 ffffaf800ee4f820 x9/s1 ffffaf800f7a1898 x10/a0 ffffaf800f7a1898 x11/a1 0000000000000003 x12/a2 1ffff5f001ef4313 x13/a3 ffffffff80119b52 x14/a4 0000000000000000 x15/a5 0000000000000001 x16/a6 0000000000f00000 x17/a7 ffffffff826e6226 x18/s2 0000000000000001 x19/s3 ffffaf800d9148c0 x20/s4 ffffaf800f7a18a8 x21/s5 ffffaf800f7a18a0 x22/s6 ffffaf800ee4f960 x23/s7 ffffaf800ee4fb00 x24/s8 0000000000000000 x25/s9 0000000000004000 x26/s10 0000000000000040 x27/s11 0000000000000002 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001dc9eb4 x31/t6 0000000001b8c6ac f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000