syzkaller login: [ 262.597255][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 269.604750][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 269.713997][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 315.749433][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:20166' (ECDSA) to the list of known hosts. 1970/01/01 00:05:43 fuzzer started 1970/01/01 00:05:58 dialing manager at localhost:43559 1970/01/01 00:05:59 checking machine... 1970/01/01 00:05:59 checking revisions... executing program executing program 1970/01/01 00:06:05 testing simple program... [ 367.792005][ T2050] cgroup: Unknown subsys name 'net' [ 368.776624][ T2050] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program executing program executing program executing program executing program executing program [ 392.508991][ T2054] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 392.604611][ T2054] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link executing program executing program executing program [ 402.034564][ T2054] device hsr_slave_0 entered promiscuous mode [ 402.079277][ T2054] device hsr_slave_1 entered promiscuous mode executing program executing program [ 407.341028][ T2054] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 407.451101][ T2054] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 407.536112][ T2054] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 407.601512][ T2054] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program executing program executing program [ 415.626607][ T2054] 8021q: adding VLAN 0 to HW filter on device bond0 [ 416.007548][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 416.075676][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready executing program executing program [ 421.280220][ T2051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 421.370529][ T2051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 421.530983][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 421.566626][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 421.820840][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 422.109434][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 423.168590][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 423.201639][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 423.239068][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 423.386078][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 423.481334][ T2054] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready executing program executing program [ 428.391519][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 428.398914][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready executing program executing program executing program executing program [ 440.159167][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 440.201200][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready executing program executing program [ 446.008087][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 446.085137][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 446.197979][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 446.241154][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 446.360865][ T2054] device veth0_vlan entered promiscuous mode [ 446.771204][ T2054] device veth1_vlan entered promiscuous mode executing program [ 447.880452][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 447.974138][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 448.201025][ T2054] device veth0_macvtap entered promiscuous mode [ 448.268750][ T2396] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 448.514552][ T2054] device veth1_macvtap entered promiscuous mode [ 449.247449][ T2051] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 449.340238][ T2051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 449.609705][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 449.661483][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 449.861588][ T2054] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.876132][ T2054] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.877436][ T2054] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.878707][ T2054] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program executing program 1970/01/01 00:07:34 building call list... executing program executing program [ 462.565897][ T2073] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 463.621752][ T2073] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.130611][ T2073] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 465.806762][ T2073] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program executing program executing program executing program [ 481.556917][ T2073] device hsr_slave_0 left promiscuous mode [ 481.716425][ T2073] device hsr_slave_1 left promiscuous mode [ 483.103823][ T2073] device veth1_macvtap left promiscuous mode [ 483.158228][ T2073] device veth0_macvtap left promiscuous mode [ 483.185041][ T2073] device veth1_vlan left promiscuous mode [ 483.189513][ T2073] device veth0_vlan left promiscuous mode executing program executing program executing program executing program executing program executing program executing program [ 506.847341][ T2073] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 507.333903][ T2073] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface executing program executing program [ 511.838667][ T2073] bond0 (unregistering): Released all slaves executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 568.795652][ T2048] can: request_module (can-proto-0) failed. [ 570.418374][ T2048] can: request_module (can-proto-0) failed. executing program [ 571.940545][ T2048] can: request_module (can-proto-0) failed. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 627.326125][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 627.401702][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 627.470475][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 627.549854][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program 1970/01/01 00:10:57 syscalls: 2870 1970/01/01 00:10:57 code coverage: enabled 1970/01/01 00:10:57 comparison tracing: enabled 1970/01/01 00:10:57 extra coverage: enabled 1970/01/01 00:10:57 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:10:57 setuid sandbox: enabled 1970/01/01 00:10:57 namespace sandbox: enabled 1970/01/01 00:10:57 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:10:57 fault injection: enabled 1970/01/01 00:10:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:10:57 net packet injection: enabled 1970/01/01 00:10:57 net device setup: enabled 1970/01/01 00:10:57 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:10:57 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:10:57 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:10:57 USB emulation: enabled 1970/01/01 00:10:57 hci packet injection: /dev/vhci does not exist 1970/01/01 00:10:57 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:10:57 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:10:58 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:10:58 fetching corpus: 2, signal 1016/2160 (executing program) 1970/01/01 00:10:58 fetching corpus: 2, signal 1016/2160 (executing program) 1970/01/01 00:13:10 starting 2 fuzzer processes 00:13:10 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x0) move_mount(0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file0\x00', 0xffffffffffffff9c, &(0x7f0000000400)='./file0/file0\x00', 0x0) 00:13:10 executing program 1: syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x6d, 0xc1, 0x41, 0x40, 0x19d2, 0x2002, 0xcaa9, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff}}]}}]}}, &(0x7f0000000600)={0x0, 0x0, 0x5, &(0x7f00000003c0)={0x5, 0xf, 0x5}}) [ 824.025585][ T2576] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 824.253501][ T2576] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 827.639114][ T2578] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 827.728670][ T2578] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 845.692082][ T2576] device hsr_slave_0 entered promiscuous mode [ 845.780069][ T2576] device hsr_slave_1 entered promiscuous mode [ 849.680634][ T2578] device hsr_slave_0 entered promiscuous mode [ 849.719942][ T2578] device hsr_slave_1 entered promiscuous mode [ 849.829505][ T2578] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 849.847059][ T2578] Cannot create hsr debugfs directory [ 862.155600][ T2576] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 862.396080][ T2576] netdevsim netdevsim1 netdevsim1: renamed from eth1 ps_bpf_recvbpf: Network is down ps_bpf_recvbpf: Network is down [ 864.029964][ T2576] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 864.739286][ T2576] netdevsim netdevsim1 netdevsim3: renamed from eth3 ps_bpf_recvbpf: Network is down ps_bpf_recvbpf: Network is down ps_bpf_recvbpf: Network is down ps_bpf_recvbpf: Network is down ps_bpf_recvbpf: Network is down ps_bpf_recvbpf: Network is down [ 875.591540][ T2578] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 875.841710][ T2578] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 876.114399][ T2578] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 876.430472][ T2578] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 883.701323][ T2576] 8021q: adding VLAN 0 to HW filter on device bond0 [ 884.477470][ T2400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 884.561612][ T2400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 893.450900][ T2578] 8021q: adding VLAN 0 to HW filter on device bond0 [ 894.053063][ T3066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 894.161726][ T3066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 897.087159][ T2400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 897.167083][ T2400] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 897.486647][ T3066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 897.547240][ T3066] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 898.346669][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 898.477067][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 898.865543][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 898.944299][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 899.441746][ T3066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 899.529121][ T3066] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 899.940264][ T2576] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 906.327198][ T3066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 906.399217][ T3066] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 906.920882][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 906.979076][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 907.489090][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 909.059577][ T2051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 909.401049][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 909.485497][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 910.391423][ T2578] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 910.451949][ T2578] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 911.339352][ T2051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 911.401172][ T2051] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 911.554832][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 911.559172][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 915.820028][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 921.967955][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 921.971169][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 938.695423][ T2051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 938.749679][ T2051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 946.056053][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 946.119690][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 948.149429][ T2400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 948.304716][ T2400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 948.508138][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 948.586182][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 948.800741][ T2576] device veth0_vlan entered promiscuous mode [ 949.452286][ T2576] device veth1_vlan entered promiscuous mode [ 951.667122][ T2576] device veth0_macvtap entered promiscuous mode [ 951.980932][ T2576] device veth1_macvtap entered promiscuous mode [ 952.175821][ T2051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 952.257335][ T2051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 952.307401][ T2051] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 952.431700][ T2051] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 953.300704][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 953.418114][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 953.691897][ T3066] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 953.730707][ T3066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 954.301293][ T2576] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 954.315701][ T2576] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 954.317812][ T2576] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 954.326688][ T2576] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 962.326989][ T2578] device veth0_vlan entered promiscuous mode [ 963.418902][ T2578] device veth1_vlan entered promiscuous mode [ 963.588380][ T3250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 963.681146][ T3250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 963.802035][ T3250] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 964.798580][ T2909] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 964.860041][ T2909] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 966.417164][ T2578] device veth0_macvtap entered promiscuous mode [ 966.857640][ T2135] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 966.875223][ T3066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 967.060904][ T3066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 967.200084][ T3066] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 967.316618][ T2578] device veth1_macvtap entered promiscuous mode [ 968.163779][ T2135] usb 2-1: New USB device found, idVendor=19d2, idProduct=2002, bcdDevice=ca.a9 [ 968.168618][ T2135] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 968.170307][ T2135] usb 2-1: Product: syz [ 968.171518][ T2135] usb 2-1: Manufacturer: syz [ 968.219813][ T2135] usb 2-1: SerialNumber: syz [ 968.710664][ T2135] usb 2-1: config 0 descriptor?? [ 968.940609][ T2135] option 2-1:0.0: GSM modem (1-port) converter detected [ 969.635192][ T2135] usb 2-1: USB disconnect, device number 2 [ 969.729589][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 969.835822][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 969.915321][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 969.957422][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 970.089343][ T2135] option 2-1:0.0: device disconnected [ 970.409152][ T2578] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 970.411115][ T2578] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 970.445321][ T2578] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 970.446749][ T2578] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:16:14 executing program 1: syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x6d, 0xc1, 0x41, 0x40, 0x19d2, 0x2002, 0xcaa9, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff}}]}}]}}, &(0x7f0000000600)={0x0, 0x0, 0x5, &(0x7f00000003c0)={0x5, 0xf, 0x5}}) [ 979.468773][ T20] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 980.438994][ T2073] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 980.727719][ T20] usb 2-1: New USB device found, idVendor=19d2, idProduct=2002, bcdDevice=ca.a9 [ 980.729731][ T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 980.731334][ T20] usb 2-1: Product: syz [ 980.764537][ T20] usb 2-1: Manufacturer: syz [ 980.765580][ T20] usb 2-1: SerialNumber: syz [ 980.971648][ T20] usb 2-1: config 0 descriptor?? [ 981.348911][ T20] option 2-1:0.0: GSM modem (1-port) converter detected [ 983.095972][ T2052] usb 2-1: USB disconnect, device number 3 [ 983.281013][ T2052] option 2-1:0.0: device disconnected [ 985.898690][ T2073] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 987.340258][ T2073] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 989.041967][ T2073] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 991.650859][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 1003.955583][ T2073] device hsr_slave_0 left promiscuous mode [ 1004.047456][ T2073] device hsr_slave_1 left promiscuous mode [ 1004.860068][ T2073] device veth1_macvtap left promiscuous mode [ 1004.887710][ T2073] device veth0_macvtap left promiscuous mode [ 1004.899119][ T2073] device veth1_vlan left promiscuous mode [ 1004.933954][ T2073] device veth0_vlan left promiscuous mode 00:17:06 executing program 1: syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x6d, 0xc1, 0x41, 0x40, 0x19d2, 0x2002, 0xcaa9, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff}}]}}]}}, &(0x7f0000000600)={0x0, 0x0, 0x5, &(0x7f00000003c0)={0x5, 0xf, 0x5}}) [ 1029.429032][ T2073] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1029.436802][ T20] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 1030.060414][ T2073] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1030.237768][ T20] usb 2-1: New USB device found, idVendor=19d2, idProduct=2002, bcdDevice=ca.a9 [ 1030.239873][ T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1030.241652][ T20] usb 2-1: Product: syz [ 1030.287642][ T20] usb 2-1: Manufacturer: syz [ 1030.289681][ T20] usb 2-1: SerialNumber: syz [ 1030.719654][ T20] usb 2-1: config 0 descriptor?? [ 1030.996542][ T20] option 2-1:0.0: GSM modem (1-port) converter detected [ 1031.935201][ T2052] usb 2-1: USB disconnect, device number 4 [ 1032.040303][ T2052] option 2-1:0.0: device disconnected [ 1034.589382][ T2073] bond0 (unregistering): Released all slaves 00:17:19 executing program 1: syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x6d, 0xc1, 0x41, 0x40, 0x19d2, 0x2002, 0xcaa9, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff}}]}}]}}, &(0x7f0000000600)={0x0, 0x0, 0x5, &(0x7f00000003c0)={0x5, 0xf, 0x5}}) 00:17:19 executing program 0: syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x6d, 0xc1, 0x41, 0x40, 0x19d2, 0x2002, 0xcaa9, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff}}]}}]}}, &(0x7f0000000600)={0x0, 0x0, 0x5, &(0x7f00000003c0)={0x5, 0xf, 0x5}}) [ 1043.419698][ T3250] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 1044.376425][ T3250] usb 2-1: New USB device found, idVendor=19d2, idProduct=2002, bcdDevice=ca.a9 [ 1044.377848][ T3250] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1044.378905][ T3250] usb 2-1: Product: syz [ 1044.380194][ T3250] usb 2-1: Manufacturer: syz [ 1044.381032][ T3250] usb 2-1: SerialNumber: syz [ 1044.681314][ T3250] usb 2-1: config 0 descriptor?? [ 1044.981358][ T3250] option 2-1:0.0: GSM modem (1-port) converter detected [ 1046.278465][ T3250] usb 2-1: USB disconnect, device number 5 [ 1046.340382][ T3250] option 2-1:0.0: device disconnected 00:17:34 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r1, 0x0, 0x0, 0x400) fallocate(r1, 0x50, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000d92000/0x2000)=nil, &(0x7f0000990000/0x1000)=nil, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = fcntl$dupfd(r2, 0x0, r3) read$FUSE(r4, &(0x7f0000005240)={0x2020}, 0x2020) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x7ffffffd) sendfile(r2, r0, 0x0, 0x7ffffffd) [ 1058.306619][ T27] audit: type=1804 audit(1057.150:2): pid=3416 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir2558344654/syzkaller.XF8XbR/4/file1" dev="vda" ino=639 res=1 errno=0 00:17:43 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r1, 0x0, 0x0, 0x400) fallocate(r1, 0x50, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000d92000/0x2000)=nil, &(0x7f0000990000/0x1000)=nil, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = fcntl$dupfd(r2, 0x0, r3) read$FUSE(r4, &(0x7f0000005240)={0x2020}, 0x2020) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x7ffffffd) sendfile(r2, r0, 0x0, 0x7ffffffd) [ 1066.822114][ T27] audit: type=1804 audit(1065.730:3): pid=3426 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir2558344654/syzkaller.XF8XbR/5/file1" dev="vda" ino=639 res=1 errno=0 00:17:53 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r1, 0x0, 0x0, 0x400) fallocate(r1, 0x50, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f0000d92000/0x2000)=nil, &(0x7f0000990000/0x1000)=nil, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = fcntl$dupfd(r2, 0x0, r3) read$FUSE(r4, &(0x7f0000005240)={0x2020}, 0x2020) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0x7ffffffd) sendfile(r2, r0, 0x0, 0x7ffffffd) ps_bpf_recvmsg: No such device or address [ 1076.092050][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 1077.119603][ T27] audit: type=1804 audit(1075.910:4): pid=3435 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir2558344654/syzkaller.XF8XbR/6/file1" dev="vda" ino=639 res=1 errno=0 [ 1099.550085][ T3419] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1099.707244][ T3419] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1112.459889][ T3419] device hsr_slave_0 entered promiscuous mode [ 1112.491253][ T3419] device hsr_slave_1 entered promiscuous mode [ 1112.581725][ T3419] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1112.585746][ T3419] Cannot create hsr debugfs directory [ 1121.741343][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 1123.659034][ T3419] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1123.789698][ T3419] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1123.921945][ T3419] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1124.070626][ T3419] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1135.929503][ T3419] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1136.301974][ T3308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1136.349805][ T3308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1143.654200][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1143.716251][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1144.024482][ T2052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1144.079923][ T2052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1144.295206][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1144.546863][ T3308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1145.107833][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1145.155869][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1145.421130][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1145.460413][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1145.630864][ T3419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1149.647093][ T2052] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1149.650299][ T2052] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1161.879093][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1161.929721][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1171.267273][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1171.299106][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1171.484312][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1171.499401][ T2135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1171.540708][ T3419] device veth0_vlan entered promiscuous mode [ 1171.921191][ T3419] device veth1_vlan entered promiscuous mode [ 1173.479126][ T3419] device veth0_macvtap entered promiscuous mode [ 1173.690433][ T3419] device veth1_macvtap entered promiscuous mode [ 1173.778092][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1173.834978][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1173.895001][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1173.964707][ T2052] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1174.677828][ T3317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1174.750568][ T3317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1175.331185][ T3419] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1175.354720][ T3419] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1175.357095][ T3419] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1175.359243][ T3419] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1175.562029][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1175.651173][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1178.320657][ T3419] BUG: Bad page map in process syz-executor.0 pte:ffffaf80111fc070 pmd:244fec01 [ 1178.326139][ T3419] addr:00007fffb65d6000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab29648 index:76 [ 1178.328304][ T3419] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 1178.330737][ T3419] CPU: 0 PID: 3419 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1178.331897][ T3419] Hardware name: riscv-virtio,qemu (DT) [ 1178.333118][ T3419] Call Trace: [ 1178.333963][ T3419] [] dump_backtrace+0x2e/0x3c [ 1178.335143][ T3419] [] show_stack+0x34/0x40 [ 1178.336014][ T3419] [] dump_stack_lvl+0xe4/0x150 [ 1178.336895][ T3419] [] dump_stack+0x1c/0x24 [ 1178.337733][ T3419] [] print_bad_pte+0x3d4/0x4a0 [ 1178.338600][ T3419] [] vm_normal_page+0x20c/0x22a [ 1178.339399][ T3419] [] copy_page_range+0x828/0x236c [ 1178.340247][ T3419] [] dup_mm+0xb5c/0xe10 [ 1178.341070][ T3419] [] copy_process+0x25da/0x3c34 [ 1178.341963][ T3419] [] kernel_clone+0xee/0x920 [ 1178.343195][ T3419] [] __do_sys_clone+0xf2/0x12e [ 1178.344559][ T3419] [] sys_clone+0x32/0x44 [ 1178.345476][ T3419] [] ret_from_syscall+0x0/0x2 [ 1178.349131][ T3419] Disabling lock debugging due to kernel taint [ 1178.349891][ T3419] BUG: Bad page map in process syz-executor.0 pte:ffffffff801110e4 pmd:244fec01 [ 1178.350575][ T3419] addr:00007fffb65d7000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab29648 index:77 [ 1178.351361][ T3419] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 1178.353195][ T3419] CPU: 0 PID: 3419 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1178.354530][ T3419] Hardware name: riscv-virtio,qemu (DT) [ 1178.355266][ T3419] Call Trace: [ 1178.355904][ T3419] [] dump_backtrace+0x2e/0x3c [ 1178.357638][ T3419] [] show_stack+0x34/0x40 [ 1178.358638][ T3419] [] dump_stack_lvl+0xe4/0x150 [ 1178.360731][ T3419] [] dump_stack+0x1c/0x24 [ 1178.361963][ T3419] [] print_bad_pte+0x3d4/0x4a0 [ 1178.363233][ T3419] [] vm_normal_page+0x20c/0x22a [ 1178.364352][ T3419] [] copy_page_range+0x828/0x236c [ 1178.365386][ T3419] [] dup_mm+0xb5c/0xe10 [ 1178.366421][ T3419] [] copy_process+0x25da/0x3c34 [ 1178.367535][ T3419] [] kernel_clone+0xee/0x920 [ 1178.368704][ T3419] [] __do_sys_clone+0xf2/0x12e [ 1178.369886][ T3419] [] sys_clone+0x32/0x44 [ 1178.371007][ T3419] [] ret_from_syscall+0x0/0x2 [ 1178.423320][ T3419] BUG: Bad page map in process syz-executor.0 pte:ffffaf80111fc0b0 pmd:244fec01 [ 1178.424663][ T3419] addr:00007fffb65de000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab29648 index:7e [ 1178.426546][ T3419] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 1178.427977][ T3419] CPU: 0 PID: 3419 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1178.429340][ T3419] Hardware name: riscv-virtio,qemu (DT) [ 1178.430253][ T3419] Call Trace: [ 1178.430867][ T3419] [] dump_backtrace+0x2e/0x3c [ 1178.432208][ T3419] [] show_stack+0x34/0x40 [ 1178.433244][ T3419] [] dump_stack_lvl+0xe4/0x150 [ 1178.434438][ T3419] [] dump_stack+0x1c/0x24 [ 1178.435594][ T3419] [] print_bad_pte+0x3d4/0x4a0 [ 1178.437016][ T3419] [] vm_normal_page+0x20c/0x22a [ 1178.438112][ T3419] [] copy_page_range+0x828/0x236c [ 1178.439201][ T3419] [] dup_mm+0xb5c/0xe10 [ 1178.440325][ T3419] [] copy_process+0x25da/0x3c34 [ 1178.441439][ T3419] [] kernel_clone+0xee/0x920 [ 1178.443524][ T3419] [] __do_sys_clone+0xf2/0x12e [ 1178.444794][ T3419] [] sys_clone+0x32/0x44 [ 1178.445915][ T3419] [] ret_from_syscall+0x0/0x2 [ 1178.448094][ T3419] BUG: Bad page map in process syz-executor.0 pte:ffffffff801110e4 pmd:244fec01 [ 1178.449077][ T3419] addr:00007fffb65df000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab29648 index:7f [ 1178.450516][ T3419] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 1178.451825][ T3419] CPU: 0 PID: 3419 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1178.454711][ T3419] Hardware name: riscv-virtio,qemu (DT) [ 1178.455518][ T3419] Call Trace: [ 1178.456174][ T3419] [] dump_backtrace+0x2e/0x3c [ 1178.457732][ T3419] [] show_stack+0x34/0x40 [ 1178.458824][ T3419] [] dump_stack_lvl+0xe4/0x150 [ 1178.460028][ T3419] [] dump_stack+0x1c/0x24 [ 1178.461235][ T3419] [] print_bad_pte+0x3d4/0x4a0 [ 1178.463276][ T3419] [] vm_normal_page+0x20c/0x22a [ 1178.464400][ T3419] [] copy_page_range+0x828/0x236c [ 1178.465944][ T3419] [] dup_mm+0xb5c/0xe10 [ 1178.467075][ T3419] [] copy_process+0x25da/0x3c34 [ 1178.468541][ T3419] [] kernel_clone+0xee/0x920 [ 1178.469937][ T3419] [] __do_sys_clone+0xf2/0x12e [ 1178.471164][ T3419] [] sys_clone+0x32/0x44 [ 1178.472843][ T3419] [] ret_from_syscall+0x0/0x2 [ 1178.476158][ T3419] BUG: Bad page map in process syz-executor.0 pte:41b58ab3 pmd:244fec01 [ 1178.477267][ T3419] addr:00007fffb65e4000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab29648 index:84 [ 1178.478502][ T3419] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 1178.479844][ T3419] CPU: 0 PID: 3419 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1178.481270][ T3419] Hardware name: riscv-virtio,qemu (DT) [ 1178.482040][ T3419] Call Trace: [ 1178.483255][ T3419] [] dump_backtrace+0x2e/0x3c [ 1178.484476][ T3419] [] show_stack+0x34/0x40 [ 1178.485564][ T3419] [] dump_stack_lvl+0xe4/0x150 [ 1178.486991][ T3419] [] dump_stack+0x1c/0x24 [ 1178.488144][ T3419] [] print_bad_pte+0x3d4/0x4a0 [ 1178.489330][ T3419] [] vm_normal_page+0x20c/0x22a [ 1178.490698][ T3419] [] copy_page_range+0x828/0x236c [ 1178.491881][ T3419] [] dup_mm+0xb5c/0xe10 [ 1178.493791][ T3419] [] copy_process+0x25da/0x3c34 [ 1178.495005][ T3419] [] kernel_clone+0xee/0x920 [ 1178.496222][ T3419] [] __do_sys_clone+0xf2/0x12e [ 1178.497383][ T3419] [] sys_clone+0x32/0x44 [ 1178.498476][ T3419] [] ret_from_syscall+0x0/0x2 [ 1178.501994][ T3419] BUG: Bad page map in process syz-executor.0 pte:ffffffff8451f630 pmd:244fec01 [ 1178.504550][ T3419] addr:00007fffb65e5000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab29648 index:85 [ 1178.505915][ T3419] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 1178.507230][ T3419] CPU: 0 PID: 3419 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1178.508640][ T3419] Hardware name: riscv-virtio,qemu (DT) [ 1178.509464][ T3419] Call Trace: [ 1178.510075][ T3419] [] dump_backtrace+0x2e/0x3c [ 1178.511165][ T3419] [] show_stack+0x34/0x40 [ 1178.512542][ T3419] [] dump_stack_lvl+0xe4/0x150 [ 1178.513685][ T3419] [] dump_stack+0x1c/0x24 [ 1178.514771][ T3419] [] print_bad_pte+0x3d4/0x4a0 [ 1178.515977][ T3419] [] vm_normal_page+0x20c/0x22a [ 1178.517044][ T3419] [] copy_page_range+0x828/0x236c [ 1178.518138][ T3419] [] dup_mm+0xb5c/0xe10 [ 1178.519217][ T3419] [] copy_process+0x25da/0x3c34 [ 1178.520364][ T3419] [] kernel_clone+0xee/0x920 [ 1178.521447][ T3419] [] __do_sys_clone+0xf2/0x12e [ 1178.523672][ T3419] [] sys_clone+0x32/0x44 [ 1178.524943][ T3419] [] ret_from_syscall+0x0/0x2 [ 1178.531812][ T3419] Unable to handle kernel paging request at virtual address ffffaf847c9ffff8 [ 1178.534885][ T3419] Oops [#1] [ 1178.535651][ T3419] Modules linked in: [ 1178.536567][ T3419] CPU: 0 PID: 3419 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1178.537990][ T3419] Hardware name: riscv-virtio,qemu (DT) [ 1178.538825][ T3419] epc : copy_page_range+0x1ade/0x236c [ 1178.540002][ T3419] ra : copy_page_range+0x1ade/0x236c [ 1178.541067][ T3419] epc : ffffffff803dce04 ra : ffffffff803dce04 sp : ffffaf80111ff680 [ 1178.542112][ T3419] gp : ffffffff85863ac0 tp : ffffaf800f128000 t0 : ffffffff86bcb657 [ 1178.544335][ T3419] t1 : fffffffef0b0dfa4 t2 : 0000000000000000 s0 : ffffaf80111ff8e0 [ 1178.545475][ T3419] s1 : ffffffff80110fdc a0 : ffffaf847c9ffff8 a1 : 0000000000000007 [ 1178.546584][ T3419] a2 : 1ffff5f08f93ffff a3 : ffffffff803dce04 a4 : 0000000000000000 [ 1178.547715][ T3419] a5 : ffffaf847c9ffff8 a6 : 0000000000f00000 a7 : ffffffff8586fd23 [ 1178.548829][ T3419] s2 : ffffaf80111fbf30 s3 : ffffaf8013833f30 s4 : 0000000000000010 [ 1178.549907][ T3419] s5 : 7c1ffffffff00221 s6 : 001ffffffff00221 s7 : ffffaf847c9ffff8 [ 1178.551032][ T3419] s8 : 000000000000001f s9 : 00007fffb6600000 s10: ffffaf800af66318 [ 1178.552171][ T3419] s11: 00007fffb65e6000 t3 : 000000000000005b t4 : fffffffef0b0dfa4 [ 1178.554170][ T3419] t5 : fffffffef0b0dfa5 t6 : ffffaf80111fee78 [ 1178.555135][ T3419] status: 0000000000000120 badaddr: ffffaf847c9ffff8 cause: 000000000000000d [ 1178.556393][ T3419] [] dup_mm+0xb5c/0xe10 [ 1178.557534][ T3419] [] copy_process+0x25da/0x3c34 [ 1178.558639][ T3419] [] kernel_clone+0xee/0x920 [ 1178.559814][ T3419] [] __do_sys_clone+0xf2/0x12e [ 1178.560878][ T3419] [] sys_clone+0x32/0x44 [ 1178.561908][ T3419] [] ret_from_syscall+0x0/0x2 [ 1178.564779][ T3419] ---[ end trace 0000000000000000 ]--- [ 1178.566078][ T3419] Kernel panic - not syncing: Fatal exception [ 1178.567022][ T3419] SMP: stopping secondary CPUs [ 1178.568726][ T3419] Rebooting in 86400 seconds.. VM DIAGNOSIS: 15:26:29 Registers: info registers vcpu 0 pc ffffffff80dc15ca mhartid 0000000000000000 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff8011f054 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc15ca x2/sp ffffaf80111fef70 x3/gp ffffffff85863ac0 x4/tp ffffaf800f128000 x5/t0 ffffffff86bcb657 x6/t1 668dbef9726ef000 x7/t2 0000000000000000 x8/s0 ffffaf80111fef90 x9/s1 ffffffff86e58900 x10/a0 ffff8f800066c001 x11/a1 0000000000000007 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc15ca x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc9fe x18/s2 0000000000000001 x19/s3 ffffaf80111ff080 x20/s4 ffffffff86e58900 x21/s5 0000000000000000 x22/s6 ffffffff86e58950 x23/s7 ffffffff8588c3e0 x24/s8 ffffffff8588c220 x25/s9 ffffffff84a88520 x26/s10 ffffffff858655c0 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f00223fd9c x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff8000b598 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff801165e0 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80c0ac00 x2/sp ffffaf80142a3860 x3/gp ffffffff85863ac0 x4/tp ffffaf800cebe100 x5/t0 fffff5ef0190d1ca x6/t1 fffff5ef02854712 x7/t2 00007ffffd8a81b7 x8/s0 ffffaf80142a3940 x9/s1 0000000000000002 x10/a0 ffffffff8465b6a8 x11/a1 0000000000000007 x12/a2 0000000000000002 x13/a3 ffffffff80c0abe2 x14/a4 ffffaf800cebf100 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffaf80142a3897 x18/s2 0000000000000001 x19/s3 0000000000000001 x20/s4 0000000000000000 x21/s5 0000000000000002 x22/s6 0000000000000000 x23/s7 0000000000000000 x24/s8 ffffffff8588a420 x25/s9 ffffffff8465b6a8 x26/s10 0000000000000001 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 fffff5ef02854712 x30/t5 fffff5ef02854713 x31/t6 0000000000000002 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000