syzkaller login: [ 283.064444][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 283.138876][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 283.189181][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 300.394429][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:20907' (ECDSA) to the list of known hosts. 1970/01/01 00:06:17 fuzzer started 1970/01/01 00:06:29 dialing manager at localhost:42735 [ 394.780637][ T2034] cgroup: Unknown subsys name 'net' [ 395.989537][ T2034] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:35 syscalls: 2918 1970/01/01 00:06:35 code coverage: enabled 1970/01/01 00:06:35 comparison tracing: enabled 1970/01/01 00:06:35 extra coverage: enabled 1970/01/01 00:06:35 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:35 setuid sandbox: enabled 1970/01/01 00:06:35 namespace sandbox: enabled 1970/01/01 00:06:35 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:35 fault injection: enabled 1970/01/01 00:06:35 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:35 net packet injection: enabled 1970/01/01 00:06:35 net device setup: enabled 1970/01/01 00:06:35 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:35 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:35 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:35 USB emulation: enabled 1970/01/01 00:06:35 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:35 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:35 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:36 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:41 fetching corpus: 50, signal 29414/32512 (executing program) 1970/01/01 00:06:46 fetching corpus: 99, signal 48749/52541 (executing program) 1970/01/01 00:06:50 fetching corpus: 149, signal 59810/64179 (executing program) 1970/01/01 00:06:52 fetching corpus: 199, signal 64297/69411 (executing program) 1970/01/01 00:06:55 fetching corpus: 248, signal 68496/74216 (executing program) 1970/01/01 00:06:57 fetching corpus: 298, signal 73708/79831 (executing program) 1970/01/01 00:07:00 fetching corpus: 346, signal 79109/85482 (executing program) 1970/01/01 00:07:03 fetching corpus: 395, signal 83555/90166 (executing program) 1970/01/01 00:07:06 fetching corpus: 445, signal 87497/94272 (executing program) 1970/01/01 00:07:11 fetching corpus: 494, signal 90218/97206 (executing program) 1970/01/01 00:07:14 fetching corpus: 542, signal 93059/100177 (executing program) 1970/01/01 00:07:18 fetching corpus: 591, signal 97799/104592 (executing program) 1970/01/01 00:07:21 fetching corpus: 641, signal 101743/108196 (executing program) 1970/01/01 00:07:24 fetching corpus: 689, signal 103811/110293 (executing program) 1970/01/01 00:07:27 fetching corpus: 739, signal 105871/112268 (executing program) 1970/01/01 00:07:31 fetching corpus: 787, signal 107880/114165 (executing program) 1970/01/01 00:07:34 fetching corpus: 837, signal 110944/116787 (executing program) 1970/01/01 00:07:36 fetching corpus: 887, signal 112857/118495 (executing program) 1970/01/01 00:07:41 fetching corpus: 937, signal 115605/120755 (executing program) 1970/01/01 00:07:44 fetching corpus: 985, signal 117065/122011 (executing program) 1970/01/01 00:07:48 fetching corpus: 1034, signal 119247/123718 (executing program) 1970/01/01 00:07:51 fetching corpus: 1082, signal 121204/125193 (executing program) 1970/01/01 00:07:54 fetching corpus: 1131, signal 123026/126499 (executing program) 1970/01/01 00:07:57 fetching corpus: 1181, signal 126442/128798 (executing program) 1970/01/01 00:08:00 fetching corpus: 1231, signal 127995/129852 (executing program) 1970/01/01 00:08:03 fetching corpus: 1278, signal 129995/131104 (executing program) 1970/01/01 00:08:05 fetching corpus: 1309, signal 130894/131668 (executing program) 1970/01/01 00:08:05 fetching corpus: 1310, signal 130938/131738 (executing program) 1970/01/01 00:08:05 fetching corpus: 1310, signal 130938/131767 (executing program) 1970/01/01 00:08:06 fetching corpus: 1310, signal 130938/131790 (executing program) 1970/01/01 00:08:06 fetching corpus: 1310, signal 130938/131821 (executing program) 1970/01/01 00:08:06 fetching corpus: 1310, signal 130938/131853 (executing program) 1970/01/01 00:08:06 fetching corpus: 1310, signal 130938/131883 (executing program) 1970/01/01 00:08:07 fetching corpus: 1310, signal 130938/131908 (executing program) 1970/01/01 00:08:07 fetching corpus: 1310, signal 130938/131937 (executing program) 1970/01/01 00:08:07 fetching corpus: 1310, signal 130939/131965 (executing program) 1970/01/01 00:08:07 fetching corpus: 1310, signal 130939/131996 (executing program) 1970/01/01 00:08:07 fetching corpus: 1310, signal 130939/132026 (executing program) 1970/01/01 00:08:07 fetching corpus: 1310, signal 130939/132048 (executing program) 1970/01/01 00:08:08 fetching corpus: 1310, signal 130939/132077 (executing program) 1970/01/01 00:08:08 fetching corpus: 1310, signal 130939/132102 (executing program) 1970/01/01 00:08:08 fetching corpus: 1310, signal 130939/132125 (executing program) 1970/01/01 00:08:08 fetching corpus: 1310, signal 130939/132152 (executing program) 1970/01/01 00:08:08 fetching corpus: 1310, signal 130939/132182 (executing program) 1970/01/01 00:08:08 fetching corpus: 1310, signal 130939/132215 (executing program) 1970/01/01 00:08:08 fetching corpus: 1310, signal 130939/132237 (executing program) 1970/01/01 00:08:09 fetching corpus: 1310, signal 130939/132267 (executing program) 1970/01/01 00:08:09 fetching corpus: 1310, signal 130939/132291 (executing program) 1970/01/01 00:08:09 fetching corpus: 1310, signal 130939/132320 (executing program) 1970/01/01 00:08:09 fetching corpus: 1310, signal 130939/132335 (executing program) 1970/01/01 00:08:09 fetching corpus: 1310, signal 130939/132358 (executing program) 1970/01/01 00:08:09 fetching corpus: 1310, signal 130939/132392 (executing program) 1970/01/01 00:08:09 fetching corpus: 1310, signal 130939/132423 (executing program) 1970/01/01 00:08:10 fetching corpus: 1310, signal 130939/132458 (executing program) 1970/01/01 00:08:10 fetching corpus: 1310, signal 130939/132484 (executing program) 1970/01/01 00:08:10 fetching corpus: 1310, signal 130939/132500 (executing program) 1970/01/01 00:08:10 fetching corpus: 1310, signal 130939/132526 (executing program) 1970/01/01 00:08:10 fetching corpus: 1310, signal 130939/132546 (executing program) 1970/01/01 00:08:10 fetching corpus: 1310, signal 130939/132575 (executing program) 1970/01/01 00:08:10 fetching corpus: 1310, signal 130939/132595 (executing program) 1970/01/01 00:08:10 fetching corpus: 1310, signal 130939/132620 (executing program) 1970/01/01 00:08:11 fetching corpus: 1310, signal 130939/132651 (executing program) 1970/01/01 00:08:11 fetching corpus: 1310, signal 130939/132679 (executing program) 1970/01/01 00:08:11 fetching corpus: 1310, signal 130939/132702 (executing program) 1970/01/01 00:08:11 fetching corpus: 1310, signal 130939/132729 (executing program) 1970/01/01 00:08:11 fetching corpus: 1310, signal 130939/132735 (executing program) 1970/01/01 00:08:11 fetching corpus: 1310, signal 130939/132735 (executing program) 1970/01/01 00:09:56 starting 2 fuzzer processes 00:09:56 executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x12, 0x0, 0x0) 00:09:56 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) write(r0, &(0x7f0000000040)="b0", 0x1) ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x0) [ 629.156420][ T2047] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 629.742084][ T2047] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 629.824046][ T2049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 630.287491][ T2049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 641.230549][ T2047] device hsr_slave_0 entered promiscuous mode [ 641.461903][ T2047] device hsr_slave_1 entered promiscuous mode [ 643.257791][ T2049] device hsr_slave_0 entered promiscuous mode [ 643.303421][ T2049] device hsr_slave_1 entered promiscuous mode [ 643.334985][ T2049] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 643.341219][ T2049] Cannot create hsr debugfs directory [ 650.141820][ T2047] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 650.373333][ T2047] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 650.644130][ T2047] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 650.924997][ T2047] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 652.029793][ T2049] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 652.371575][ T2049] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 652.500043][ T2049] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 652.619105][ T2049] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 660.461162][ C0] ================================================================== [ 660.464778][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 660.466952][ C0] Read of size 8 at addr ffffaf800c53bf20 by task syz-executor.1/2047 [ 660.468677][ C0] [ 660.471039][ C0] CPU: 0 PID: 2047 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 660.472963][ C0] Hardware name: riscv-virtio,qemu (DT) [ 660.474203][ C0] Call Trace: [ 660.475280][ C0] [] dump_backtrace+0x2e/0x3c [ 660.476868][ C0] [] show_stack+0x34/0x40 [ 660.478063][ C0] [] dump_stack_lvl+0xe4/0x150 [ 660.479415][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 660.481008][ C0] [] kasan_report+0x184/0x1e0 [ 660.482371][ C0] [] __asan_load8+0x6e/0x96 [ 660.483663][ C0] [] walk_stackframe+0x11c/0x260 [ 660.484925][ C0] [] arch_stack_walk+0x2c/0x3c [ 660.486755][ C0] [] stack_trace_save+0xa6/0xd8 [ 660.488405][ C0] [ 660.489255][ C0] Allocated by task 0: [ 660.490175][ C0] (stack is not available) [ 660.491019][ C0] [ 660.491780][ C0] Last potentially related work creation: [ 660.492740][ C0] ------------[ cut here ]------------ [ 660.493602][ C0] slab index 41042 out of bounds (318) for stack id 8000a052 [ 660.498067][ C0] WARNING: CPU: 0 PID: 2047 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 660.500082][ C0] Modules linked in: [ 660.501416][ C0] CPU: 0 PID: 2047 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 660.502868][ C0] Hardware name: riscv-virtio,qemu (DT) [ 660.503864][ C0] epc : stack_depot_print+0x66/0x70 [ 660.505216][ C0] ra : stack_depot_print+0x66/0x70 [ 660.506861][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800c53bde0 [ 660.508083][ C0] gp : ffffffff85863ac0 tp : ffffaf800e056100 t0 : ffffffff86bcb657 [ 660.509314][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800c53bdf0 [ 660.510519][ C0] s1 : ffffaf807a9c07c0 a0 : 000000000000003a a1 : 00000000000f0000 [ 660.511726][ C0] a2 : 0000000000000504 a3 : ffffffff8012252a a4 : 077061010e37f900 [ 660.512883][ C0] a5 : 077061010e37f900 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 660.514032][ C0] s2 : ffffaf800c53bf20 s3 : ffffaf8007201c80 s4 : ffffaf800c53bc00 [ 660.515203][ C0] s5 : ffffaf800c53be00 s6 : 0000000000003fff s7 : ffffaf800c53bec0 [ 660.516705][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf800c53bfa0 [ 660.517804][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 660.518890][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800c53b8d8 [ 660.520056][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 660.521414][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 660.522979][ C0] [] kasan_report+0x184/0x1e0 [ 660.524367][ C0] [] __asan_load8+0x6e/0x96 [ 660.526010][ C0] [] walk_stackframe+0x11c/0x260 [ 660.527322][ C0] [] arch_stack_walk+0x2c/0x3c [ 660.528577][ C0] [] stack_trace_save+0xa6/0xd8 [ 660.529991][ C0] irq event stamp: 124785 [ 660.530988][ C0] hardirqs last enabled at (124784): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 660.533681][ C0] hardirqs last disabled at (124785): [] _raw_spin_lock_irqsave+0x60/0x62 [ 660.535379][ C0] softirqs last enabled at (124672): [] __fib6_clean_all+0xe2/0x266 [ 660.536926][ C0] softirqs last disabled at (124675): [] __irq_exit_rcu+0x142/0x1f8 [ 660.538569][ C0] ---[ end trace 0000000000000000 ]--- [ 660.540115][ C0] [ 660.540934][ C0] Second to last potentially related work creation: [ 660.541930][ C0] ------------[ cut here ]------------ [ 660.542804][ C0] slab index 2097151 out of bounds (318) for stack id ffffffff [ 660.546507][ C0] WARNING: CPU: 0 PID: 2047 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 660.548329][ C0] Modules linked in: [ 660.549539][ C0] CPU: 0 PID: 2047 Comm: syz-executor.1 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 660.551092][ C0] Hardware name: riscv-virtio,qemu (DT) [ 660.552080][ C0] epc : stack_depot_print+0x66/0x70 [ 660.553288][ C0] ra : stack_depot_print+0x66/0x70 [ 660.554417][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800c53bde0 [ 660.556146][ C0] gp : ffffffff85863ac0 tp : ffffaf800e056100 t0 : ffffffff86bcb657 [ 660.558344][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800c53bdf0 [ 660.559724][ C0] s1 : ffffaf807a9c07c0 a0 : 000000000000003c a1 : 00000000000f0000 [ 660.561119][ C0] a2 : 0000000000000504 a3 : ffffffff8012252a a4 : 077061010e37f900 [ 660.562361][ C0] a5 : 077061010e37f900 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 660.563680][ C0] s2 : ffffaf800c53bf20 s3 : ffffaf8007201c80 s4 : ffffaf800c53bc00 [ 660.564925][ C0] s5 : ffffaf800c53be00 s6 : 0000000000003fff s7 : ffffaf800c53bec0 [ 660.566785][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf800c53bfa0 [ 660.567988][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 660.569135][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800c53b8d8 [ 660.570133][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 660.571317][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 660.572879][ C0] [] kasan_report+0x184/0x1e0 [ 660.574201][ C0] [] __asan_load8+0x6e/0x96 [ 660.575722][ C0] [] walk_stackframe+0x11c/0x260 [ 660.577079][ C0] [] arch_stack_walk+0x2c/0x3c [ 660.578319][ C0] [] stack_trace_save+0xa6/0xd8 [ 660.579628][ C0] irq event stamp: 124785 [ 660.580481][ C0] hardirqs last enabled at (124784): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 660.582162][ C0] hardirqs last disabled at (124785): [] _raw_spin_lock_irqsave+0x60/0x62 [ 660.583713][ C0] softirqs last enabled at (124672): [] __fib6_clean_all+0xe2/0x266 [ 660.585309][ C0] softirqs last disabled at (124675): [] __irq_exit_rcu+0x142/0x1f8 [ 660.586844][ C0] ---[ end trace 0000000000000000 ]--- [ 660.587844][ C0] [ 660.588558][ C0] The buggy address belongs to the object at ffffaf800c53bc00 [ 660.588558][ C0] which belongs to the cache kmalloc-512 of size 512 [ 660.590262][ C0] The buggy address is located 288 bytes to the right of [ 660.590262][ C0] 512-byte region [ffffaf800c53bc00, ffffaf800c53be00) [ 660.592040][ C0] The buggy address belongs to the page: [ 660.593380][ C0] page:ffffaf807a9c07c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffffaf800c53a800 pfn:0x8c738 [ 660.595327][ C0] head:ffffaf807a9c07c0 order:2 compound_mapcount:0 compound_pincount:0 [ 660.597801][ C0] flags: 0x8800010200(slab|head|section=17|node=0|zone=0) [ 660.600814][ C0] raw: 0000008800010200 ffffaf807ab75568 ffffaf807aa9d448 ffffaf8007201c80 [ 660.602328][ C0] raw: ffffaf800c53a800 000000000010000b 00000001ffffffff 0000000000000000 [ 660.603615][ C0] raw: 00000000000007ff [ 660.604527][ C0] page dumped because: kasan: bad access detected [ 660.606089][ C0] page_owner tracks the page as allocated [ 660.607532][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 35728205800, free_ts 35674143600 [ 660.609948][ C0] __set_page_owner+0x48/0x136 [ 660.611247][ C0] post_alloc_hook+0xd0/0x10a [ 660.612342][ C0] get_page_from_freelist+0x8da/0x12d8 [ 660.613541][ C0] __alloc_pages+0x150/0x3b6 [ 660.614679][ C0] alloc_page_interleave+0x2a/0x1cc [ 660.615983][ C0] alloc_pages+0x210/0x2a6 [ 660.617153][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 660.618370][ C0] new_slab+0x25a/0x2cc [ 660.619505][ C0] ___slab_alloc+0x56e/0x918 [ 660.620714][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 660.621977][ C0] kmem_cache_alloc_trace+0x2a2/0x2e0 [ 660.623142][ C0] device_add+0xce0/0x129e [ 660.624286][ C0] device_register+0x20/0x2a [ 660.625647][ C0] tty_register_device_attr+0x27a/0x4bc [ 660.627616][ C0] tty_register_driver+0x2ca/0x4b2 [ 660.628876][ C0] pty_init+0x354/0x7e6 [ 660.630061][ C0] page last free stack trace: [ 660.630920][ C0] __reset_page_owner+0x4a/0xea [ 660.632072][ C0] free_pcp_prepare+0x29c/0x45e [ 660.633129][ C0] free_unref_page+0x6a/0x31e [ 660.634176][ C0] __free_pages+0xe2/0x112 [ 660.635300][ C0] put_task_stack+0x1d0/0x2b0 [ 660.636696][ C0] finish_task_switch.isra.0+0x3ce/0x420 [ 660.637889][ C0] __schedule+0x58e/0x118e [ 660.639018][ C0] preempt_schedule_common+0x4e/0xde [ 660.640249][ C0] try_to_wake_up+0x47a/0x748 [ 660.641467][ C0] wake_up_process+0x10/0x18 [ 660.642605][ C0] devtmpfs_submit_req+0x98/0xce [ 660.643752][ C0] devtmpfs_create_node+0x152/0x1ba [ 660.644868][ C0] device_add+0x11fc/0x129e [ 660.646277][ C0] device_register+0x20/0x2a [ 660.647477][ C0] tty_register_device_attr+0x27a/0x4bc [ 660.648712][ C0] tty_register_driver+0x2ca/0x4b2 [ 660.650091][ C0] [ 660.650839][ C0] Memory state around the buggy address: [ 660.652098][ C0] ffffaf800c53be00: 00 00 00 00 fc fc fc fc 00 00 00 00 00 00 00 00 [ 660.653327][ C0] ffffaf800c53be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 660.654466][ C0] >ffffaf800c53bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 660.656220][ C0] ^ [ 660.657521][ C0] ffffaf800c53bf80: f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 [ 660.658862][ C0] ffffaf800c53c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 660.660153][ C0] ================================================================== [ 660.661386][ C0] Disabling lock debugging due to kernel taint [ 660.674564][ T2047] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 660.676634][ T2047] CPU: 0 PID: 2047 Comm: syz-executor.1 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 660.677999][ T2047] Hardware name: riscv-virtio,qemu (DT) [ 660.678723][ T2047] Call Trace: [ 660.679327][ T2047] [] dump_backtrace+0x2e/0x3c [ 660.680428][ T2047] [] show_stack+0x34/0x40 [ 660.681433][ T2047] [] dump_stack_lvl+0xe4/0x150 [ 660.682520][ T2047] [] dump_stack+0x1c/0x24 [ 660.683544][ T2047] [] panic+0x24a/0x634 [ 660.684457][ T2047] [] schedule+0x0/0x14c [ 660.686039][ T2047] [] preempt_schedule_irq+0x4a/0x13e [ 660.687213][ T2047] [] resume_kernel+0x16/0x18 [ 660.688449][ T2047] SMP: stopping secondary CPUs [ 660.690515][ T2047] Rebooting in 86400 seconds.. VM DIAGNOSIS: 16:45:41 Registers: info registers vcpu 0 pc ffffffff80c2b612 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8047655a sepc ffffffff82aeb8a4 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8011c7fa x2/sp ffffaf800c53b930 x3/gp ffffffff85863ac0 x4/tp ffffaf800e056100 x5/t0 ffffaf800c53b9e3 x6/t1 fffff5ef018a773c x7/t2 0000000000000000 x8/s0 ffffaf800c53b960 x9/s1 ffffffff86bcb640 x10/a0 ffffffff86bcb640 x11/a1 000000000000000a x12/a2 0000000000000000 x13/a3 ffffffff8011c7ec x14/a4 ffffaf800e056100 x15/a5 0000000000000000 x16/a6 ffffaf800c53b9e7 x17/a7 ffffaf800c53b9e5 x18/s2 ffffffff86bcb641 x19/s3 ffffffff86bcb640 x20/s4 000000000000000a x21/s5 0000000000000017 x22/s6 0000000000000000 x23/s7 0000000000000400 x24/s8 ffffaf800c53b9d0 x25/s9 0000000000000000 x26/s10 00000000000003e7 x27/s11 ffffaf800c53bc20 x28/t3 0000000000000043 x29/t4 fffff5ef018a773c x30/t5 fffff5ef018a773d x31/t6 ffffaf800c53b9e6 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80119b52 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff80119b52 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80119b52 x2/sp ffffaf800b65b7d0 x3/gp ffffffff85863ac0 x4/tp ffffaf800ed20000 x5/t0 00000000000001f8 x6/t1 077061010e37f900 x7/t2 ffffffffffffffff x8/s0 ffffaf800b65b820 x9/s1 ffffaf800c908c98 x10/a0 ffffaf800c908c98 x11/a1 0000000000000003 x12/a2 1ffff5f001921193 x13/a3 ffffffff80119b52 x14/a4 0000000000000000 x15/a5 ffffaf800c908c98 x16/a6 0000000000f00000 x17/a7 ffffffff826e6226 x18/s2 0000000000000001 x19/s3 ffffaf800ed20000 x20/s4 ffffaf800c908ca8 x21/s5 ffffaf800c908ca0 x22/s6 ffffaf800b65b960 x23/s7 ffffaf800b65bb00 x24/s8 0000000000000000 x25/s9 0000000000004000 x26/s10 0000000000000040 x27/s11 0000000000000001 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0016cb6b4 x31/t6 00000000035c55d9 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000