syzkaller login: [ 295.268535][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 307.657092][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 307.718189][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 350.222245][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:57800' (ECDSA) to the list of known hosts. 1970/01/01 00:06:14 fuzzer started 1970/01/01 00:06:30 dialing manager at localhost:33913 [ 397.902227][ T2043] cgroup: Unknown subsys name 'net' [ 399.098504][ T2043] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:38 syscalls: 2827 1970/01/01 00:06:38 code coverage: enabled 1970/01/01 00:06:38 comparison tracing: enabled 1970/01/01 00:06:38 extra coverage: enabled 1970/01/01 00:06:38 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:38 setuid sandbox: enabled 1970/01/01 00:06:38 namespace sandbox: enabled 1970/01/01 00:06:38 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:38 fault injection: enabled 1970/01/01 00:06:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:38 net packet injection: enabled 1970/01/01 00:06:38 net device setup: enabled 1970/01/01 00:06:38 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:38 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:38 USB emulation: enabled 1970/01/01 00:06:38 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:38 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:38 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:39 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:45 fetching corpus: 50, signal 32241/35630 (executing program) 1970/01/01 00:06:49 fetching corpus: 99, signal 44912/49640 (executing program) 1970/01/01 00:06:56 fetching corpus: 149, signal 54764/60685 (executing program) 1970/01/01 00:06:59 fetching corpus: 199, signal 66456/73282 (executing program) 1970/01/01 00:07:02 fetching corpus: 249, signal 72876/80700 (executing program) 1970/01/01 00:07:05 fetching corpus: 299, signal 80691/89278 (executing program) 1970/01/01 00:07:09 fetching corpus: 349, signal 85142/94671 (executing program) 1970/01/01 00:07:12 fetching corpus: 399, signal 89406/99752 (executing program) 1970/01/01 00:07:16 fetching corpus: 449, signal 96520/107344 (executing program) 1970/01/01 00:07:19 fetching corpus: 498, signal 100755/112228 (executing program) 1970/01/01 00:07:22 fetching corpus: 548, signal 103320/115567 (executing program) 1970/01/01 00:07:27 fetching corpus: 598, signal 114606/126503 (executing program) 1970/01/01 00:07:31 fetching corpus: 648, signal 117626/130034 (executing program) 1970/01/01 00:07:34 fetching corpus: 697, signal 121031/133815 (executing program) 1970/01/01 00:07:37 fetching corpus: 746, signal 126093/139012 (executing program) 1970/01/01 00:07:40 fetching corpus: 796, signal 128908/142222 (executing program) 1970/01/01 00:07:43 fetching corpus: 846, signal 133066/146409 (executing program) 1970/01/01 00:07:46 fetching corpus: 896, signal 136617/150142 (executing program) 1970/01/01 00:07:48 fetching corpus: 945, signal 137831/151874 (executing program) 1970/01/01 00:07:51 fetching corpus: 995, signal 139610/154020 (executing program) 1970/01/01 00:07:54 fetching corpus: 1045, signal 142569/157094 (executing program) 1970/01/01 00:07:57 fetching corpus: 1095, signal 144958/159682 (executing program) 1970/01/01 00:08:00 fetching corpus: 1145, signal 147614/162327 (executing program) 1970/01/01 00:08:04 fetching corpus: 1195, signal 149782/164593 (executing program) 1970/01/01 00:08:09 fetching corpus: 1245, signal 152339/167183 (executing program) 1970/01/01 00:08:13 fetching corpus: 1295, signal 154143/169100 (executing program) 1970/01/01 00:08:18 fetching corpus: 1345, signal 155734/170843 (executing program) 1970/01/01 00:08:21 fetching corpus: 1395, signal 157863/172897 (executing program) 1970/01/01 00:08:24 fetching corpus: 1445, signal 159019/174262 (executing program) 1970/01/01 00:08:28 fetching corpus: 1495, signal 162560/177293 (executing program) 1970/01/01 00:08:31 fetching corpus: 1543, signal 163694/178572 (executing program) 1970/01/01 00:08:34 fetching corpus: 1593, signal 165106/180009 (executing program) 1970/01/01 00:08:37 fetching corpus: 1643, signal 166759/181574 (executing program) 1970/01/01 00:08:41 fetching corpus: 1693, signal 168081/182930 (executing program) 1970/01/01 00:08:44 fetching corpus: 1742, signal 168837/183872 (executing program) 1970/01/01 00:08:47 fetching corpus: 1792, signal 170232/185238 (executing program) 1970/01/01 00:08:50 fetching corpus: 1842, signal 171765/186636 (executing program) 1970/01/01 00:08:53 fetching corpus: 1892, signal 173139/187892 (executing program) 1970/01/01 00:08:56 fetching corpus: 1940, signal 173987/188841 (executing program) 1970/01/01 00:08:59 fetching corpus: 1989, signal 175104/189906 (executing program) 1970/01/01 00:09:02 fetching corpus: 2039, signal 177154/191473 (executing program) 1970/01/01 00:09:06 fetching corpus: 2088, signal 178261/192510 (executing program) 1970/01/01 00:09:09 fetching corpus: 2138, signal 179100/193320 (executing program) 1970/01/01 00:09:12 fetching corpus: 2188, signal 180379/194372 (executing program) 1970/01/01 00:09:15 fetching corpus: 2237, signal 182059/195639 (executing program) 1970/01/01 00:09:18 fetching corpus: 2287, signal 182995/196411 (executing program) 1970/01/01 00:09:21 fetching corpus: 2337, signal 184255/197381 (executing program) 1970/01/01 00:09:26 fetching corpus: 2387, signal 185620/198380 (executing program) 1970/01/01 00:09:30 fetching corpus: 2435, signal 186992/199380 (executing program) 1970/01/01 00:09:35 fetching corpus: 2485, signal 188426/200344 (executing program) 1970/01/01 00:09:37 fetching corpus: 2534, signal 189288/201000 (executing program) 1970/01/01 00:09:40 fetching corpus: 2583, signal 190053/201601 (executing program) 1970/01/01 00:09:43 fetching corpus: 2633, signal 191469/202493 (executing program) 1970/01/01 00:09:46 fetching corpus: 2683, signal 192466/203215 (executing program) 1970/01/01 00:09:48 fetching corpus: 2733, signal 193603/204007 (executing program) 1970/01/01 00:09:51 fetching corpus: 2783, signal 195566/205127 (executing program) 1970/01/01 00:09:55 fetching corpus: 2832, signal 196480/205722 (executing program) 1970/01/01 00:09:57 fetching corpus: 2882, signal 197335/206282 (executing program) 1970/01/01 00:10:00 fetching corpus: 2932, signal 198061/206746 (executing program) 1970/01/01 00:10:03 fetching corpus: 2982, signal 199297/207406 (executing program) 1970/01/01 00:10:07 fetching corpus: 3032, signal 201770/208541 (executing program) 1970/01/01 00:10:11 fetching corpus: 3080, signal 202572/209001 (executing program) 1970/01/01 00:10:14 fetching corpus: 3129, signal 203210/209337 (executing program) 1970/01/01 00:10:16 fetching corpus: 3179, signal 204055/209776 (executing program) 1970/01/01 00:10:19 fetching corpus: 3229, signal 207036/210979 (executing program) 1970/01/01 00:10:22 fetching corpus: 3279, signal 208250/211500 (executing program) 1970/01/01 00:10:26 fetching corpus: 3329, signal 209130/211869 (executing program) 1970/01/01 00:10:29 fetching corpus: 3377, signal 209905/212194 (executing program) 1970/01/01 00:10:34 fetching corpus: 3415, signal 210824/212538 (executing program) 1970/01/01 00:10:34 fetching corpus: 3416, signal 210828/212560 (executing program) 1970/01/01 00:10:35 fetching corpus: 3416, signal 210828/212581 (executing program) 1970/01/01 00:10:35 fetching corpus: 3416, signal 210828/212612 (executing program) 1970/01/01 00:10:35 fetching corpus: 3416, signal 210828/212631 (executing program) 1970/01/01 00:10:36 fetching corpus: 3416, signal 210828/212662 (executing program) 1970/01/01 00:10:36 fetching corpus: 3416, signal 210828/212693 (executing program) 1970/01/01 00:10:36 fetching corpus: 3416, signal 210828/212722 (executing program) 1970/01/01 00:10:36 fetching corpus: 3416, signal 210828/212749 (executing program) 1970/01/01 00:10:36 fetching corpus: 3416, signal 210828/212777 (executing program) 1970/01/01 00:10:37 fetching corpus: 3416, signal 210828/212804 (executing program) 1970/01/01 00:10:37 fetching corpus: 3416, signal 210828/212831 (executing program) 1970/01/01 00:10:37 fetching corpus: 3416, signal 210828/212852 (executing program) 1970/01/01 00:10:37 fetching corpus: 3417, signal 210830/212879 (executing program) 1970/01/01 00:10:37 fetching corpus: 3417, signal 210830/212893 (executing program) 1970/01/01 00:10:38 fetching corpus: 3417, signal 210830/212916 (executing program) 1970/01/01 00:10:38 fetching corpus: 3417, signal 210830/212938 (executing program) 1970/01/01 00:10:38 fetching corpus: 3417, signal 210830/212960 (executing program) 1970/01/01 00:10:38 fetching corpus: 3417, signal 210830/212989 (executing program) 1970/01/01 00:10:39 fetching corpus: 3417, signal 210830/213011 (executing program) 1970/01/01 00:10:39 fetching corpus: 3417, signal 210830/213043 (executing program) 1970/01/01 00:10:39 fetching corpus: 3417, signal 210830/213072 (executing program) 1970/01/01 00:10:40 fetching corpus: 3417, signal 210830/213100 (executing program) 1970/01/01 00:10:40 fetching corpus: 3417, signal 210830/213127 (executing program) 1970/01/01 00:10:40 fetching corpus: 3417, signal 210830/213153 (executing program) 1970/01/01 00:10:40 fetching corpus: 3417, signal 210830/213176 (executing program) 1970/01/01 00:10:41 fetching corpus: 3417, signal 210830/213209 (executing program) 1970/01/01 00:10:41 fetching corpus: 3417, signal 210830/213238 (executing program) 1970/01/01 00:10:41 fetching corpus: 3417, signal 210830/213264 (executing program) 1970/01/01 00:10:42 fetching corpus: 3417, signal 210830/213287 (executing program) 1970/01/01 00:10:42 fetching corpus: 3417, signal 210830/213323 (executing program) 1970/01/01 00:10:42 fetching corpus: 3417, signal 210830/213344 (executing program) 1970/01/01 00:10:42 fetching corpus: 3417, signal 210830/213376 (executing program) 1970/01/01 00:10:43 fetching corpus: 3417, signal 210830/213407 (executing program) 1970/01/01 00:10:43 fetching corpus: 3417, signal 210830/213448 (executing program) 1970/01/01 00:10:43 fetching corpus: 3417, signal 210830/213467 (executing program) 1970/01/01 00:10:43 fetching corpus: 3417, signal 210830/213485 (executing program) 1970/01/01 00:10:43 fetching corpus: 3418, signal 210845/213505 (executing program) 1970/01/01 00:10:44 fetching corpus: 3418, signal 210845/213517 (executing program) 1970/01/01 00:10:44 fetching corpus: 3418, signal 210845/213517 (executing program) 1970/01/01 00:13:06 starting 2 fuzzer processes 00:13:07 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000004580)=[{{&(0x7f0000000000)=@in={0x2, 0x0, @loopback=0x4874045}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000180)='\a', 0x1}], 0x1}}], 0x1, 0x40) 00:13:07 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x3c, r1, 0x1, 0x0, 0x0, {0x26}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) [ 814.827953][ T2055] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 815.482206][ T2055] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 817.049802][ T2056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 817.620013][ T2056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 829.781248][ T2055] device hsr_slave_0 entered promiscuous mode [ 829.892018][ T2055] device hsr_slave_1 entered promiscuous mode [ 834.768749][ T2056] device hsr_slave_0 entered promiscuous mode [ 834.851789][ T2056] device hsr_slave_1 entered promiscuous mode [ 834.910527][ T2056] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 834.936515][ T2056] Cannot create hsr debugfs directory [ 846.065090][ T2055] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 846.346947][ T2055] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 846.639721][ T2055] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 847.241871][ T2055] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 848.866398][ T2056] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 849.461754][ T2056] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 849.716635][ T2056] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 850.027267][ T2056] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 869.658750][ T2055] 8021q: adding VLAN 0 to HW filter on device bond0 [ 870.846905][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 870.938969][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 871.738389][ T2056] 8021q: adding VLAN 0 to HW filter on device bond0 [ 872.691102][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 872.797136][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 880.800228][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 880.822007][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 881.152353][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 881.175775][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 881.401245][ T2112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 881.651185][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 882.541428][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 882.597662][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 882.845876][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 882.870584][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 883.136068][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 883.191813][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 883.345059][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 883.379940][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 883.732264][ T2055] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 883.769511][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 884.421167][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 885.379664][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 885.398605][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 885.926804][ T2056] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 885.928657][ T2056] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 886.528712][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 886.626898][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 886.698185][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 886.750484][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 886.975804][ T2112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 887.571285][ C0] ================================================================== [ 887.575589][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 887.577346][ C0] Read of size 8 at addr ffffaf8009a0ff60 by task syz-executor.0/2056 [ 887.579896][ C0] [ 887.581577][ C0] CPU: 0 PID: 2056 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 887.584573][ C0] Hardware name: riscv-virtio,qemu (DT) [ 887.586439][ C0] Call Trace: [ 887.587611][ C0] [] dump_backtrace+0x2e/0x3c [ 887.589095][ C0] [] show_stack+0x34/0x40 [ 887.590504][ C0] [] dump_stack_lvl+0xe4/0x150 [ 887.591978][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 887.594461][ C0] [] kasan_report+0x184/0x1e0 [ 887.596122][ C0] [] __asan_load8+0x6e/0x96 [ 887.597565][ C0] [] walk_stackframe+0x11c/0x260 [ 887.599021][ C0] [] arch_stack_walk+0x2c/0x3c [ 887.600453][ C0] [] stack_trace_save+0xa6/0xd8 [ 887.602075][ C0] [ 887.603170][ C0] Allocated by task 1102416563: [ 887.604510][ C0] (stack is not available) [ 887.605484][ C0] [ 887.606272][ C0] Freed by task 829: [ 887.607328][ C0] stack_trace_save+0xa6/0xd8 [ 887.608610][ C0] kasan_save_stack+0x2c/0x58 [ 887.609863][ C0] kasan_set_track+0x1a/0x26 [ 887.611092][ C0] kasan_set_free_info+0x1e/0x3a [ 887.612222][ C0] ____kasan_slab_free+0x15e/0x180 [ 887.613972][ C0] __kasan_slab_free+0x10/0x18 [ 887.615702][ C0] slab_free_freelist_hook+0x8e/0x1cc [ 887.616981][ C0] kfree+0xe0/0x3e4 [ 887.618107][ C0] skb_release_data+0x3c2/0x3c4 [ 887.619332][ C0] consume_skb+0x96/0x136 [ 887.620454][ C0] nsim_dev_trap_report_work+0x524/0x5e4 [ 887.621760][ C0] process_one_work+0x654/0xffe [ 887.623440][ C0] worker_thread+0x360/0x8fa [ 887.625109][ C0] kthread+0x19e/0x1fa [ 887.626482][ C0] ret_from_exception+0x0/0x10 [ 887.627753][ C0] [ 887.628520][ C0] Last potentially related work creation: [ 887.629543][ C0] ------------[ cut here ]------------ [ 887.630563][ C0] slab index 61504 out of bounds (321) for stack id 09a0f040 [ 887.635500][ C0] WARNING: CPU: 0 PID: 2056 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 887.637615][ C0] Modules linked in: [ 887.638939][ C0] CPU: 0 PID: 2056 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 887.640564][ C0] Hardware name: riscv-virtio,qemu (DT) [ 887.641604][ C0] epc : stack_depot_print+0x66/0x70 [ 887.643461][ C0] ra : stack_depot_print+0x66/0x70 [ 887.644846][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf8009a0fe20 [ 887.646166][ C0] gp : ffffffff85863ac0 tp : ffffaf8009b2c8c0 t0 : ffffffff86bcb657 [ 887.647489][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf8009a0fe30 [ 887.648826][ C0] s1 : ffffaf807a8fe240 a0 : 000000000000003a a1 : 00000000000f0000 [ 887.650139][ C0] a2 : 0000000000000504 a3 : ffffffff8012252a a4 : 53548c8e43c46900 [ 887.651412][ C0] a5 : 53548c8e43c46900 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 887.652868][ C0] s2 : ffffaf8009a0ff60 s3 : ffffaf8007202140 s4 : ffffaf8009a0e000 [ 887.655060][ C0] s5 : ffffaf8009a0f000 s6 : 0000000000003fff s7 : ffffaf8009a0ff00 [ 887.656392][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf8009a0ffe0 [ 887.657740][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 887.659101][ C0] t5 : fffff5ef0b53910d t6 : ffffaf8009a0f918 [ 887.660255][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 887.661699][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 887.664105][ C0] [] kasan_report+0x184/0x1e0 [ 887.665582][ C0] [] __asan_load8+0x6e/0x96 [ 887.666903][ C0] [] walk_stackframe+0x11c/0x260 [ 887.668284][ C0] [] arch_stack_walk+0x2c/0x3c [ 887.669627][ C0] [] stack_trace_save+0xa6/0xd8 [ 887.671201][ C0] irq event stamp: 157013 [ 887.672088][ C0] hardirqs last enabled at (157012): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 887.674743][ C0] hardirqs last disabled at (157013): [] _raw_spin_lock_irqsave+0x60/0x62 [ 887.676490][ C0] softirqs last enabled at (156970): [] fib_create_info+0x1da2/0x2d8e [ 887.678166][ C0] softirqs last disabled at (156975): [] __irq_exit_rcu+0x142/0x1f8 [ 887.679844][ C0] ---[ end trace 0000000000000000 ]--- [ 887.681401][ C0] [ 887.682169][ C0] Second to last potentially related work creation: [ 887.683890][ C0] ------------[ cut here ]------------ [ 887.685429][ C0] slab index 1346702 out of bounds (321) for stack id 53548c8e [ 887.689758][ C0] WARNING: CPU: 0 PID: 2056 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 887.691535][ C0] Modules linked in: [ 887.692788][ C0] CPU: 0 PID: 2056 Comm: syz-executor.0 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 887.694567][ C0] Hardware name: riscv-virtio,qemu (DT) [ 887.695608][ C0] epc : stack_depot_print+0x66/0x70 [ 887.696899][ C0] ra : stack_depot_print+0x66/0x70 [ 887.698195][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf8009a0fe20 [ 887.699517][ C0] gp : ffffffff85863ac0 tp : ffffaf8009b2c8c0 t0 : ffffffff86bcb657 [ 887.700839][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf8009a0fe30 [ 887.702090][ C0] s1 : ffffaf807a8fe240 a0 : 000000000000003c a1 : 00000000000f0000 [ 887.704189][ C0] a2 : 0000000000000504 a3 : ffffffff8012252a a4 : 53548c8e43c46900 [ 887.705576][ C0] a5 : 53548c8e43c46900 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 887.706906][ C0] s2 : ffffaf8009a0ff60 s3 : ffffaf8007202140 s4 : ffffaf8009a0e000 [ 887.708184][ C0] s5 : ffffaf8009a0f000 s6 : 0000000000003fff s7 : ffffaf8009a0ff00 [ 887.709455][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf8009a0ffe0 [ 887.710766][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 887.711962][ C0] t5 : fffff5ef0b53910d t6 : ffffaf8009a0f918 [ 887.713566][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 887.715684][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 887.717279][ C0] [] kasan_report+0x184/0x1e0 [ 887.718716][ C0] [] __asan_load8+0x6e/0x96 [ 887.720008][ C0] [] walk_stackframe+0x11c/0x260 [ 887.721423][ C0] [] arch_stack_walk+0x2c/0x3c [ 887.723200][ C0] [] stack_trace_save+0xa6/0xd8 [ 887.724701][ C0] irq event stamp: 157013 [ 887.725601][ C0] hardirqs last enabled at (157012): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 887.727372][ C0] hardirqs last disabled at (157013): [] _raw_spin_lock_irqsave+0x60/0x62 [ 887.729020][ C0] softirqs last enabled at (156970): [] fib_create_info+0x1da2/0x2d8e [ 887.730700][ C0] softirqs last disabled at (156975): [] __irq_exit_rcu+0x142/0x1f8 [ 887.732260][ C0] ---[ end trace 0000000000000000 ]--- [ 887.733807][ C0] [ 887.734637][ C0] The buggy address belongs to the object at ffffaf8009a0e000 [ 887.734637][ C0] which belongs to the cache kmalloc-4k of size 4096 [ 887.736433][ C0] The buggy address is located 3936 bytes to the right of [ 887.736433][ C0] 4096-byte region [ffffaf8009a0e000, ffffaf8009a0f000) [ 887.738292][ C0] The buggy address belongs to the page: [ 887.739787][ C0] page:ffffaf807a8fe240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89c08 [ 887.741671][ C0] head:ffffaf807a8fe240 order:3 compound_mapcount:0 compound_pincount:0 [ 887.743827][ C0] flags: 0x8800010200(slab|head|section=17|node=0|zone=0) [ 887.746968][ C0] raw: 0000008800010200 ffffaf807a8d8740 0000000000000002 ffffaf8007202140 [ 887.748413][ C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 887.749751][ C0] raw: 00000000000007ff [ 887.750804][ C0] page dumped because: kasan: bad access detected [ 887.752117][ C0] page_owner tracks the page as allocated [ 887.753743][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 89439047000, free_ts 79514742100 [ 887.756179][ C0] __set_page_owner+0x48/0x136 [ 887.757426][ C0] post_alloc_hook+0xd0/0x10a [ 887.758633][ C0] get_page_from_freelist+0x8da/0x12d8 [ 887.759875][ C0] __alloc_pages+0x150/0x3b6 [ 887.761074][ C0] alloc_page_interleave+0x2a/0x1cc [ 887.762334][ C0] alloc_pages+0x210/0x2a6 [ 887.763914][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 887.765237][ C0] new_slab+0x25a/0x2cc [ 887.766446][ C0] ___slab_alloc+0x56e/0x918 [ 887.767671][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 887.768948][ C0] __kmalloc_track_caller+0x25a/0x30e [ 887.770242][ C0] kmemdup+0x2a/0x5a [ 887.771334][ C0] __devinet_sysctl_register+0xb0/0x1fc [ 887.772673][ C0] devinet_sysctl_register+0x110/0x142 [ 887.774432][ C0] inetdev_init+0x1d8/0x3d8 [ 887.775612][ C0] inetdev_event+0x88c/0xe9e [ 887.776905][ C0] page last free stack trace: [ 887.777811][ C0] __reset_page_owner+0x4a/0xea [ 887.779059][ C0] free_pcp_prepare+0x29c/0x45e [ 887.780241][ C0] free_unref_page+0x6a/0x31e [ 887.781418][ C0] __free_pages+0xe2/0x112 [ 887.782585][ C0] __free_slab+0x122/0x27c [ 887.784028][ C0] discard_slab+0x4c/0x7a [ 887.785198][ C0] __unfreeze_partials+0x16a/0x18e [ 887.786438][ C0] put_cpu_partial+0xf6/0x162 [ 887.787577][ C0] __slab_free+0x166/0x29c [ 887.788703][ C0] ___cache_free+0x17c/0x354 [ 887.789916][ C0] qlist_free_all+0x7c/0x132 [ 887.791052][ C0] kasan_quarantine_reduce+0x14c/0x1c8 [ 887.792206][ C0] __kasan_slab_alloc+0x5c/0x98 [ 887.793940][ C0] kmem_cache_alloc_node+0x368/0x41c [ 887.795196][ C0] copy_process+0x203e/0x3c34 [ 887.796414][ C0] kernel_clone+0xee/0x920 [ 887.797800][ C0] [ 887.798591][ C0] Memory state around the buggy address: [ 887.800029][ C0] ffffaf8009a0fe00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 887.801348][ C0] ffffaf8009a0fe80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 887.802710][ C0] >ffffaf8009a0ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 887.804943][ C0] ^ [ 887.806225][ C0] ffffaf8009a0ff80: fc fc fc fc fc fc fc fc f1 f1 f1 f1 00 00 00 f3 [ 887.807459][ C0] ffffaf8009a10000: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 887.808745][ C0] ================================================================== [ 887.809932][ C0] Disabling lock debugging due to kernel taint [ 888.277856][ T2112] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 888.281253][ T2112] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 895.008400][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 895.030273][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 896.359218][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 896.418881][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 898.219255][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 898.265533][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 898.316331][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 898.338640][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 898.391761][ T2055] device veth0_vlan entered promiscuous mode [ 898.651698][ T2055] device veth1_vlan entered promiscuous mode [ 899.396020][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 899.418459][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 899.546160][ T2055] device veth0_macvtap entered promiscuous mode [ 899.568622][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 899.586602][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 899.615183][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 899.712963][ T2056] device veth0_vlan entered promiscuous mode [ 899.735170][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 899.746875][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 899.840687][ T2055] device veth1_macvtap entered promiscuous mode [ 900.127020][ T2056] device veth1_vlan entered promiscuous mode [ 900.209658][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 900.228436][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 900.270048][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 900.294252][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 900.544557][ T2112] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 900.569439][ T2112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 900.617455][ T2055] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 900.619388][ T2055] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 900.620809][ T2055] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 900.622329][ T2055] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 901.481890][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 901.558459][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 901.681528][ T2056] device veth0_macvtap entered promiscuous mode [ 901.847601][ T2056] device veth1_macvtap entered promiscuous mode [ 902.490432][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 902.510781][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 902.542221][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 902.748214][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 902.796441][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 902.936200][ T2056] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 902.938845][ T2056] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 902.940522][ T2056] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 902.942234][ T2056] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:15:02 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x3c, r1, 0x1, 0x0, 0x0, {0x26}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) 00:15:03 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x3c, r1, 0x1, 0x0, 0x0, {0x26}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) 00:15:04 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000004580)=[{{&(0x7f0000000000)=@in={0x2, 0x0, @loopback=0x4874045}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000180)='\a', 0x1}], 0x1}}], 0x1, 0x40) 00:15:05 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000004580)=[{{&(0x7f0000000000)=@in={0x2, 0x0, @loopback=0x4874045}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000180)='\a', 0x1}], 0x1}}], 0x1, 0x40) 00:15:05 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x3c, r1, 0x1, 0x0, 0x0, {0x26}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) 00:15:06 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000004580)=[{{&(0x7f0000000000)=@in={0x2, 0x0, @loopback=0x4874045}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000180)='\a', 0x1}], 0x1}}], 0x1, 0x40) 00:15:06 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000004580)=[{{&(0x7f0000000000)=@in={0x2, 0x0, @loopback=0x4874045}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000180)='\a', 0x1}], 0x1}}], 0x1, 0x40) 00:15:08 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000004580)=[{{&(0x7f0000000000)=@in={0x2, 0x0, @loopback=0x4874045}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000180)='\a', 0x1}], 0x1}}], 0x1, 0x40) 00:15:08 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000004580)=[{{&(0x7f0000000000)=@in={0x2, 0x0, @loopback=0x4874045}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000180)='\a', 0x1}], 0x1}}], 0x1, 0x40) 00:15:08 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000004580)=[{{&(0x7f0000000000)=@in={0x2, 0x0, @loopback=0x4874045}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000180)='\a', 0x1}], 0x1}}], 0x1, 0x40) 00:15:09 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000004580)=[{{&(0x7f0000000000)=@in={0x2, 0x0, @loopback=0x4874045}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000180)='\a', 0x1}], 0x1}}], 0x1, 0x40) 00:15:09 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000004580)=[{{&(0x7f0000000000)=@in={0x2, 0x0, @loopback=0x4874045}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000180)='\a', 0x1}], 0x1}}], 0x1, 0x40) 00:15:10 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x3c, r1, 0x1, 0x0, 0x0, {0x26}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) 00:15:11 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x3c, r1, 0x1, 0x0, 0x0, {0x26}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) 00:15:11 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x3c, r1, 0x1, 0x0, 0x0, {0x26}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) 00:15:12 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x3c, r1, 0x1, 0x0, 0x0, {0x26}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) 00:15:13 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x3c, r1, 0x1, 0x0, 0x0, {0x26}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) 00:15:14 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x3c, r1, 0x1, 0x0, 0x0, {0x26}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) 00:15:15 executing program 1: get_robust_list(0x0, 0xfffffffffffffffc, &(0x7f0000000080)) 00:15:15 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9003}, 0x4) VM DIAGNOSIS: 21:06:46 Registers: info registers vcpu 0 pc ffffffff80475986 mhartid 0000000000000000 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 0000000000082bec mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a24bc x2/sp ffffaf8021e177e0 x3/gp ffffffff85863ac0 x4/tp ffffaf800c063080 x5/t0 ffffffffc3b1a9fc x6/t1 fffff5ef043c2f4f x7/t2 0000000049cc0ccc x8/s0 ffffaf8021e17970 x9/s1 ffffaf800c90fe48 x10/a0 ffffaf800c90fe4c x11/a1 0000000000000003 x12/a2 1ffff5f00180c611 x13/a3 ffffffff80237706 x14/a4 0000000000000003 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffaf8021e17a7f x18/s2 ffffaf805a9f03e8 x19/s3 ffffffff831afd54 x20/s4 ffffffff86c1a628 x21/s5 0000000000000000 x22/s6 0000000000000002 x23/s7 0000000000000000 x24/s8 ffffaf8021e97d50 x25/s9 ffffaf800bcf8024 x26/s10 0000000000000000 x27/s11 ffffaf8021e97d48 x28/t3 0000000000000053 x29/t4 fffff5ef0179f004 x30/t5 fffff5ef0179f005 x31/t6 ffffaf800bcf8026 f0/ft0 0000000000000000 f1/ft1 408d2beb031efc88 f2/ft2 4140248800000000 f3/ft3 43e0000000000000 f4/ft4 3ffe000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff801165d6 mhartid 0000000000000001 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8011266c sepc ffffffff80d2b270 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff801165c2 x2/sp ffffaf8009a0f780 x3/gp ffffffff85863ac0 x4/tp ffffaf8009b2c8c0 x5/t0 ffffffff86bcb657 x6/t1 53548c8e43c46900 x7/t2 0000000000000000 x8/s0 ffffaf8009a0f8e0 x9/s1 ffffffff8343c840 x10/a0 ffffaf805a9c8840 x11/a1 0000000000000003 x12/a2 1ffff5f00b539108 x13/a3 ffffffff801165c2 x14/a4 0000000000000000 x15/a5 0000000000000020 x16/a6 0000000000f00000 x17/a7 ffffffff80dcc9fe x18/s2 ffffffff86c1a620 x19/s3 ffffaf805a9c8840 x20/s4 0000000000000000 x21/s5 ffffffff86e58918 x22/s6 0000000000000000 x23/s7 ffffaf8009b2c8c0 x24/s8 ffffffff80dcc9fe x25/s9 ffffffff85889780 x26/s10 1ffff5f001341ef8 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001341ed4 x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000