syzkaller login: [ 350.046957][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 350.222227][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 350.319543][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 366.751440][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:3005' (ECDSA) to the list of known hosts. 1970/01/01 00:06:54 fuzzer started 1970/01/01 00:07:11 dialing manager at localhost:40805 [ 438.909445][ T2026] cgroup: Unknown subsys name 'net' [ 440.278569][ T2026] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:07:19 syscalls: 2818 1970/01/01 00:07:19 code coverage: enabled 1970/01/01 00:07:19 comparison tracing: enabled 1970/01/01 00:07:19 extra coverage: enabled 1970/01/01 00:07:19 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:07:19 setuid sandbox: enabled 1970/01/01 00:07:19 namespace sandbox: enabled 1970/01/01 00:07:19 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:07:19 fault injection: enabled 1970/01/01 00:07:19 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:07:19 net packet injection: enabled 1970/01/01 00:07:19 net device setup: enabled 1970/01/01 00:07:19 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:07:19 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:07:19 USB emulation: enabled 1970/01/01 00:07:19 hci packet injection: /dev/vhci does not exist 1970/01/01 00:07:19 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:07:19 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:07:20 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:07:26 fetching corpus: 50, signal 31475/34738 (executing program) 1970/01/01 00:07:31 fetching corpus: 100, signal 47371/51755 (executing program) 1970/01/01 00:07:35 fetching corpus: 150, signal 52516/58131 (executing program) 1970/01/01 00:07:39 fetching corpus: 200, signal 56292/63064 (executing program) 1970/01/01 00:07:43 fetching corpus: 249, signal 63241/70832 (executing program) 1970/01/01 00:07:45 fetching corpus: 299, signal 70295/78568 (executing program) 1970/01/01 00:07:50 fetching corpus: 349, signal 75889/84819 (executing program) 1970/01/01 00:07:53 fetching corpus: 398, signal 78605/88365 (executing program) 1970/01/01 00:07:56 fetching corpus: 448, signal 81819/92303 (executing program) 1970/01/01 00:08:00 fetching corpus: 498, signal 84508/95748 (executing program) 1970/01/01 00:08:03 fetching corpus: 548, signal 87416/99262 (executing program) 1970/01/01 00:08:10 fetching corpus: 598, signal 91542/103777 (executing program) 1970/01/01 00:08:19 fetching corpus: 646, signal 94678/107351 (executing program) 1970/01/01 00:08:23 fetching corpus: 694, signal 97118/110283 (executing program) 1970/01/01 00:08:26 fetching corpus: 743, signal 99092/112781 (executing program) 1970/01/01 00:08:29 fetching corpus: 793, signal 101498/115599 (executing program) 1970/01/01 00:08:33 fetching corpus: 843, signal 105409/119545 (executing program) 1970/01/01 00:08:38 fetching corpus: 893, signal 107695/122078 (executing program) 1970/01/01 00:08:44 fetching corpus: 941, signal 109609/124314 (executing program) 1970/01/01 00:08:47 fetching corpus: 991, signal 111245/126289 (executing program) 1970/01/01 00:08:50 fetching corpus: 1041, signal 113708/128817 (executing program) 1970/01/01 00:08:53 fetching corpus: 1091, signal 115348/130727 (executing program) 1970/01/01 00:08:57 fetching corpus: 1141, signal 116701/132373 (executing program) 1970/01/01 00:09:00 fetching corpus: 1191, signal 118932/134584 (executing program) 1970/01/01 00:09:03 fetching corpus: 1240, signal 122684/137872 (executing program) 1970/01/01 00:09:06 fetching corpus: 1290, signal 124261/139524 (executing program) 1970/01/01 00:09:10 fetching corpus: 1340, signal 125712/141056 (executing program) 1970/01/01 00:09:13 fetching corpus: 1390, signal 127082/142534 (executing program) 1970/01/01 00:09:17 fetching corpus: 1439, signal 128664/144133 (executing program) 1970/01/01 00:09:20 fetching corpus: 1489, signal 129737/145329 (executing program) 1970/01/01 00:09:23 fetching corpus: 1539, signal 130825/146540 (executing program) 1970/01/01 00:09:26 fetching corpus: 1589, signal 131950/147760 (executing program) 1970/01/01 00:09:29 fetching corpus: 1639, signal 134033/149518 (executing program) 1970/01/01 00:09:33 fetching corpus: 1689, signal 135321/150768 (executing program) 1970/01/01 00:09:36 fetching corpus: 1739, signal 136682/152006 (executing program) 1970/01/01 00:09:41 fetching corpus: 1789, signal 137914/153150 (executing program) 1970/01/01 00:09:43 fetching corpus: 1838, signal 139070/154265 (executing program) 1970/01/01 00:09:46 fetching corpus: 1888, signal 140372/155365 (executing program) 1970/01/01 00:09:49 fetching corpus: 1938, signal 141385/156338 (executing program) 1970/01/01 00:09:52 fetching corpus: 1987, signal 142534/157339 (executing program) 1970/01/01 00:09:56 fetching corpus: 2037, signal 143687/158296 (executing program) [ 597.450192][ T2020] BUG: Bad page map in process syz-fuzzer pte:ffffffff801110d3 pmd:231e6c01 [ 597.456796][ T2020] addr:00007fff81ff5000 vm_flags:00100073 anon_vma:ffffaf800b744500 mapping:0000000000000000 index:7fff81ff5 [ 597.461522][ T2020] file:(null) fault:0x0 mmap:0x0 readpage:0x0 [ 597.466291][ T2020] CPU: 1 PID: 2020 Comm: syz-fuzzer Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 597.469580][ T2020] Hardware name: riscv-virtio,qemu (DT) [ 597.471473][ T2020] Call Trace: [ 597.473147][ T2020] [] dump_backtrace+0x2e/0x3c [ 597.475499][ T2020] [] show_stack+0x34/0x40 [ 597.476845][ T2020] [] dump_stack_lvl+0xe4/0x150 [ 597.478346][ T2020] [] dump_stack+0x1c/0x24 [ 597.479815][ T2020] [] print_bad_pte+0x3d4/0x4a0 [ 597.481284][ T2020] [] vm_normal_page+0x20c/0x22a [ 597.482629][ T2020] [] __handle_mm_fault+0xdc8/0x23a4 [ 597.484880][ T2020] [] handle_mm_fault+0x296/0x674 [ 597.486233][ T2020] [] do_page_fault+0x308/0xa3c [ 597.487700][ T2020] [] ret_from_exception+0x0/0x10 [ 597.490723][ T2020] Disabling lock debugging due to kernel taint [ 597.499869][ T2022] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 597.501280][ T2022] CPU: 0 PID: 2022 Comm: syz-fuzzer Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 597.502384][ T2022] Hardware name: riscv-virtio,qemu (DT) [ 597.503909][ T2022] Call Trace: [ 597.504591][ T2022] [] dump_backtrace+0x2e/0x3c [ 597.505598][ T2022] [] show_stack+0x34/0x40 [ 597.506507][ T2022] [] dump_stack_lvl+0xe4/0x150 [ 597.507601][ T2022] [] dump_stack+0x1c/0x24 [ 597.508547][ T2022] [] panic+0x24a/0x634 [ 597.509466][ T2022] [] schedule+0x0/0x14c [ 597.510587][ T2022] [] preempt_schedule_common+0x4e/0xde [ 597.512245][ T2022] [] preempt_schedule+0x34/0x36 [ 597.514191][ T2022] [] __local_bh_enable_ip+0x29e/0x2a4 [ 597.515653][ T2022] [] ip_finish_output2+0x57c/0x1720 [ 597.516865][ T2022] [] __ip_finish_output+0x25a/0x3ee [ 597.518112][ T2022] [] ip_finish_output+0x3e/0x176 [ 597.519425][ T2022] [] ip_output+0x1d0/0x2d0 [ 597.520464][ T2022] [] __ip_queue_xmit+0x4a0/0xeb2 [ 597.521665][ T2022] [] ip_queue_xmit+0x36/0x44 [ 597.522975][ T2022] [] __tcp_transmit_skb+0xce4/0x1f5e [ 597.524353][ T2022] [] tcp_write_xmit+0xd40/0x3344 [ 597.525269][ T2022] [] __tcp_push_pending_frames+0x7a/0x22c [ 597.526475][ T2022] [] tcp_push+0x19c/0x3b4 [ 597.527565][ T2022] [] tcp_sendmsg_locked+0x5fc/0x1d9e [ 597.528769][ T2022] [] tcp_sendmsg+0x32/0x4e [ 597.529893][ T2022] [] inet_sendmsg+0x74/0x94 [ 597.531013][ T2022] [] sock_sendmsg+0xa0/0xc4 [ 597.532175][ T2022] [] sock_write_iter+0x1c0/0x272 [ 597.533676][ T2022] [] new_sync_write+0x296/0x3aa [ 597.535090][ T2022] [] vfs_write+0x2de/0x334 [ 597.536065][ T2022] [] ksys_write+0x1c4/0x224 [ 597.537782][ T2022] [] sys_write+0x28/0x36 [ 597.539079][ T2022] [] ret_from_syscall+0x0/0x2 [ 597.540373][ T2022] SMP: stopping secondary CPUs [ 597.542833][ T2022] Rebooting in 86400 seconds.. VM DIAGNOSIS: 11:58:15 Registers: info registers vcpu 0 pc ffffffff80119d94 mhartid 0000000000000000 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff8013f2cc mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80b07a88 x2/sp ffffaf800c59e190 x3/gp ffffffff85863ac0 x4/tp ffffaf800c1bc8c0 x5/t0 fffff5ef0180af0d x6/t1 fffff5ef017ec190 x7/t2 0000000000000000 x8/s0 ffffaf800c59e190 x9/s1 ffffaf800c0578c0 x10/a0 ffffaf800c057930 x11/a1 ffffaf800c1bc8c0 x12/a2 1ffff5f00183799e x13/a3 ffffffff8010efc8 x14/a4 0000000000000003 x15/a5 0000000000000103 x16/a6 0000000000f00000 x17/a7 ffffaf800bf60c83 x18/s2 ffffaf800c1bc8c0 x19/s3 0000000000000000 x20/s4 ffffffff838a0620 x21/s5 ffffffff84b73e00 x22/s6 ffffffff84b73e00 x23/s7 0000000000000000 x24/s8 ffffaf800c1bd358 x25/s9 ffffffff82aebb24 x26/s10 ffffaf800c1bd2e0 x27/s11 ffffaf800c1bc8c0 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0018b3bb4 x31/t6 ffffaf800b600aa0 f0/ft0 0000000000000000 f1/ft1 408389c607b0bafb f2/ft2 4135695000000000 f3/ft3 403a000000000000 f4/ft4 411680ac00000000 f5/ft5 4039359ebc5b69d9 f6/ft6 3fe172d298071c92 f7/ft7 3fb1fcfb269f4af8 f8/fs0 3fee0ec830260005 f9/fs1 3f8e2a77a62bb8c0 f10/fa0 3face4866f8254bc f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80dc15ca mhartid 0000000000000001 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff8011f054 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc15ca x2/sp ffffaf800c8f3570 x3/gp ffffffff85863ac0 x4/tp ffffaf800c1b9840 x5/t0 ffffffff86bcb657 x6/t1 8db3bcb1f9397d00 x7/t2 0000000000000000 x8/s0 ffffaf800c8f3590 x9/s1 ffffffff86e58900 x10/a0 ffff8f800066c001 x11/a1 0000000000000007 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc15ca x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc9fe x18/s2 0000000000000001 x19/s3 ffffaf800c8f3680 x20/s4 ffffffff86e58900 x21/s5 0000000000000000 x22/s6 ffffffff86e58950 x23/s7 ffffffff8588c3e0 x24/s8 ffffffff8588c220 x25/s9 ffffffff84a88520 x26/s10 ffffffff858655c0 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f00191e65c x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 40a60d8bfb4e6164 f2/ft2 41570f0c00000000 f3/ft3 403a000000000000 f4/ft4 4115671800000000 f5/ft5 4038ceaecfea8086 f6/ft6 3fe16e6968c556f0 f7/ft7 3fb1d9b1ac911de8 f8/fs0 3ff069c3f6919577 f9/fs1 3f8b3bbf92cfd6c0 f10/fa0 3facb7720b2a1a7e f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000