[ 284.712696][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:22273' (ECDSA) to the list of known hosts. 1970/01/01 00:05:30 fuzzer started 1970/01/01 00:05:46 dialing manager at localhost:46069 [ 353.750052][ T2026] cgroup: Unknown subsys name 'net' [ 354.745268][ T2026] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:54 syscalls: 2870 1970/01/01 00:05:54 code coverage: enabled 1970/01/01 00:05:54 comparison tracing: enabled 1970/01/01 00:05:54 extra coverage: enabled 1970/01/01 00:05:54 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:54 setuid sandbox: enabled 1970/01/01 00:05:54 namespace sandbox: enabled 1970/01/01 00:05:54 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:54 fault injection: enabled 1970/01/01 00:05:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:54 net packet injection: enabled 1970/01/01 00:05:54 net device setup: enabled 1970/01/01 00:05:54 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:54 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:54 USB emulation: enabled 1970/01/01 00:05:54 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:54 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:54 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:54 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:00 fetching corpus: 50, signal 28704/32285 (executing program) 1970/01/01 00:06:03 fetching corpus: 100, signal 39804/44920 (executing program) 1970/01/01 00:06:07 fetching corpus: 150, signal 47474/54070 (executing program) 1970/01/01 00:06:10 fetching corpus: 199, signal 54550/62538 (executing program) 1970/01/01 00:06:12 fetching corpus: 249, signal 62768/72014 (executing program) 1970/01/01 00:06:16 fetching corpus: 299, signal 70501/80876 (executing program) 1970/01/01 00:06:19 fetching corpus: 349, signal 75044/86623 (executing program) 1970/01/01 00:06:22 fetching corpus: 399, signal 80822/93508 (executing program) 1970/01/01 00:06:24 fetching corpus: 449, signal 83904/97764 (executing program) 1970/01/01 00:06:26 fetching corpus: 499, signal 87951/102843 (executing program) 1970/01/01 00:06:30 fetching corpus: 549, signal 90553/106512 (executing program) 1970/01/01 00:06:33 fetching corpus: 599, signal 94075/110988 (executing program) 1970/01/01 00:06:36 fetching corpus: 649, signal 96989/114934 (executing program) 1970/01/01 00:06:39 fetching corpus: 699, signal 99315/118261 (executing program) 1970/01/01 00:06:41 fetching corpus: 749, signal 101478/121489 (executing program) 1970/01/01 00:06:45 fetching corpus: 798, signal 104313/125223 (executing program) 1970/01/01 00:06:48 fetching corpus: 847, signal 106347/128200 (executing program) 1970/01/01 00:06:51 fetching corpus: 897, signal 109513/132168 (executing program) 1970/01/01 00:06:53 fetching corpus: 947, signal 111587/135117 (executing program) 1970/01/01 00:06:56 fetching corpus: 997, signal 113862/138256 (executing program) 1970/01/01 00:06:58 fetching corpus: 1047, signal 115694/140972 (executing program) 1970/01/01 00:06:59 fetching corpus: 1097, signal 117648/143758 (executing program) 1970/01/01 00:07:02 fetching corpus: 1147, signal 119969/146786 (executing program) 1970/01/01 00:07:05 fetching corpus: 1196, signal 122385/149877 (executing program) 1970/01/01 00:07:07 fetching corpus: 1246, signal 123833/152194 (executing program) 1970/01/01 00:07:10 fetching corpus: 1295, signal 125151/154356 (executing program) 1970/01/01 00:07:12 fetching corpus: 1345, signal 127504/157340 (executing program) 1970/01/01 00:07:14 fetching corpus: 1395, signal 128985/159544 (executing program) 1970/01/01 00:07:16 fetching corpus: 1445, signal 130312/161624 (executing program) 1970/01/01 00:07:18 fetching corpus: 1495, signal 131741/163786 (executing program) 1970/01/01 00:07:20 fetching corpus: 1545, signal 132853/165687 (executing program) 1970/01/01 00:07:22 fetching corpus: 1595, signal 133992/167602 (executing program) 1970/01/01 00:07:25 fetching corpus: 1645, signal 135357/169658 (executing program) 1970/01/01 00:07:26 fetching corpus: 1694, signal 136496/171530 (executing program) 1970/01/01 00:07:29 fetching corpus: 1744, signal 137632/173394 (executing program) 1970/01/01 00:07:32 fetching corpus: 1794, signal 138903/175281 (executing program) 1970/01/01 00:07:34 fetching corpus: 1844, signal 140723/177541 (executing program) 1970/01/01 00:07:36 fetching corpus: 1894, signal 142108/179500 (executing program) 1970/01/01 00:07:38 fetching corpus: 1944, signal 143360/181291 (executing program) 1970/01/01 00:07:41 fetching corpus: 1994, signal 145037/183347 (executing program) 1970/01/01 00:07:43 fetching corpus: 2044, signal 146358/185213 (executing program) 1970/01/01 00:07:46 fetching corpus: 2094, signal 147779/187123 (executing program) 1970/01/01 00:07:48 fetching corpus: 2144, signal 148611/188567 (executing program) 1970/01/01 00:07:49 fetching corpus: 2194, signal 149405/190021 (executing program) 1970/01/01 00:07:53 fetching corpus: 2244, signal 150589/191718 (executing program) 1970/01/01 00:07:57 fetching corpus: 2294, signal 151623/193241 (executing program) 1970/01/01 00:07:59 fetching corpus: 2344, signal 152515/194707 (executing program) 1970/01/01 00:08:03 fetching corpus: 2394, signal 153370/196124 (executing program) 1970/01/01 00:08:06 fetching corpus: 2444, signal 154413/197620 (executing program) 1970/01/01 00:08:08 fetching corpus: 2494, signal 155642/199264 (executing program) 1970/01/01 00:08:11 fetching corpus: 2544, signal 156594/200702 (executing program) 1970/01/01 00:08:13 fetching corpus: 2593, signal 157658/202196 (executing program) 1970/01/01 00:08:15 fetching corpus: 2643, signal 158549/203540 (executing program) 1970/01/01 00:08:18 fetching corpus: 2692, signal 159419/204889 (executing program) 1970/01/01 00:08:20 fetching corpus: 2742, signal 160602/206455 (executing program) 1970/01/01 00:08:22 fetching corpus: 2792, signal 161410/207769 (executing program) 1970/01/01 00:08:24 fetching corpus: 2842, signal 162090/209009 (executing program) 1970/01/01 00:08:27 fetching corpus: 2892, signal 163253/210474 (executing program) 1970/01/01 00:08:31 fetching corpus: 2942, signal 164384/211886 (executing program) 1970/01/01 00:08:34 fetching corpus: 2992, signal 165082/213084 (executing program) 1970/01/01 00:08:40 fetching corpus: 3042, signal 166172/214418 (executing program) 1970/01/01 00:08:42 fetching corpus: 3092, signal 166889/215592 (executing program) 1970/01/01 00:08:44 fetching corpus: 3142, signal 168188/217015 (executing program) 1970/01/01 00:08:47 fetching corpus: 3192, signal 170595/219051 (executing program) 1970/01/01 00:08:50 fetching corpus: 3241, signal 171917/220491 (executing program) 1970/01/01 00:08:53 fetching corpus: 3291, signal 172815/221697 (executing program) 1970/01/01 00:08:55 fetching corpus: 3341, signal 173937/223006 (executing program) 1970/01/01 00:08:58 fetching corpus: 3391, signal 174558/224043 (executing program) 1970/01/01 00:09:00 fetching corpus: 3441, signal 175297/225166 (executing program) 1970/01/01 00:09:03 fetching corpus: 3490, signal 176207/226276 (executing program) 1970/01/01 00:09:05 fetching corpus: 3540, signal 177248/227482 (executing program) 1970/01/01 00:09:08 fetching corpus: 3590, signal 178002/228523 (executing program) 1970/01/01 00:09:11 fetching corpus: 3640, signal 178878/229639 (executing program) 1970/01/01 00:09:13 fetching corpus: 3690, signal 179457/230645 (executing program) 1970/01/01 00:09:16 fetching corpus: 3740, signal 180308/231706 (executing program) 1970/01/01 00:09:19 fetching corpus: 3790, signal 180982/232675 (executing program) 1970/01/01 00:09:22 fetching corpus: 3840, signal 181540/233599 (executing program) 1970/01/01 00:09:24 fetching corpus: 3890, signal 182413/234596 (executing program) 1970/01/01 00:09:26 fetching corpus: 3940, signal 183053/235550 (executing program) 1970/01/01 00:09:28 fetching corpus: 3989, signal 183517/236427 (executing program) 1970/01/01 00:09:30 fetching corpus: 4039, signal 184344/237483 (executing program) 1970/01/01 00:09:33 fetching corpus: 4089, signal 184992/238411 (executing program) 1970/01/01 00:09:34 fetching corpus: 4139, signal 185583/239262 (executing program) 1970/01/01 00:09:36 fetching corpus: 4189, signal 186307/240176 (executing program) 1970/01/01 00:09:38 fetching corpus: 4239, signal 186973/241045 (executing program) 1970/01/01 00:09:40 fetching corpus: 4288, signal 187538/241879 (executing program) 1970/01/01 00:09:43 fetching corpus: 4338, signal 188002/242696 (executing program) 1970/01/01 00:09:45 fetching corpus: 4388, signal 188512/243500 (executing program) 1970/01/01 00:09:46 fetching corpus: 4437, signal 188987/244281 (executing program) [ 590.226433][ T2021] BUG: Bad page map in process syz-fuzzer pte:ffffffff8451f653 pmd:23a09c01 [ 590.232746][ T2021] addr:000000c0013fd000 vm_flags:00100073 anon_vma:ffffaf800f71c900 mapping:0000000000000000 index:c0013fd [ 590.234529][ T2021] file:(null) fault:0x0 mmap:0x0 readpage:0x0 [ 590.239983][ T2021] CPU: 1 PID: 2021 Comm: syz-fuzzer Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 590.241809][ T2021] Hardware name: riscv-virtio,qemu (DT) [ 590.243014][ T2021] Call Trace: [ 590.244049][ T2021] [] dump_backtrace+0x2e/0x3c [ 590.245402][ T2021] [] show_stack+0x34/0x40 [ 590.246752][ T2021] [] dump_stack_lvl+0xe4/0x150 [ 590.249066][ T2021] [] dump_stack+0x1c/0x24 [ 590.250483][ T2021] [] print_bad_pte+0x3d4/0x4a0 [ 590.251909][ T2021] [] vm_normal_page+0x20c/0x22a [ 590.253187][ T2021] [] __handle_mm_fault+0xdc8/0x23a4 [ 590.254523][ T2021] [] handle_mm_fault+0x296/0x674 [ 590.255740][ T2021] [] do_page_fault+0x308/0xa3c [ 590.257662][ T2021] [] ret_from_exception+0x0/0x10 [ 590.261909][ T2021] Disabling lock debugging due to kernel taint unexpected fault address 0x20a68 fatal error: fault [signal SIGSEGV: segmentation violation code=0x2 addr=0x20a68 pc=0x20a68] goroutine 1 [running]: runtime.throw({0x2eff63, 0x5}) /usr/local/go/src/runtime/panic.go:1198 +0x60 fp=0xc0024bb668 sp=0xc0024bb640 pc=0x4c5d0 runtime.sigpanic() /usr/local/go/src/runtime/signal_unix.go:742 +0x244 fp=0xc0024bb698 sp=0xc0024bb668 pc=0x667bc runtime.mapaccess2_fast32(0x2d20c0, 0xc00075a5a0, 0xcbac1382) /usr/local/go/src/runtime/map_fast32.go:84 +0x180 fp=0xc0024bb6c0 sp=0xc0024bb6a0 pc=0x20a68 github.com/google/syzkaller/pkg/signal.(*Signal).Merge(0xc0001dc7f0, 0xc001540060) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/signal/signal.go:150 +0x128 fp=0xc0024bb760 sp=0xc0024bb6c0 pc=0x233690 main.(*Fuzzer).addInputToCorpus(0xc0001dc680, 0xc000fc36c0, 0xc001540060, {0xce, 0x97, 0x42, 0x2a, 0xcc, 0x3b, 0x6f, ...}) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:531 +0x2d0 fp=0xc0024bb7e0 sp=0xc0024bb760 pc=0x26c6b8 main.(*Fuzzer).addInputFromAnotherFuzzer(0xc0001dc680, {{0xc001fc9020, 0x4}, {0xc00207d080, 0xb6, 0xb6}, {{0xc000fb2000, 0x290, 0x290}, {0xc0001d0b00, ...}}, ...}) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:451 +0x108 fp=0xc0024bb858 sp=0xc0024bb7e0 pc=0x26ba40 main.(*Fuzzer).poll(0xc0001dc680, 0x0, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:423 +0x46c fp=0xc0024bba88 sp=0xc0024bb858 pc=0x26b7a4 main.main() /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:278 +0x15a4 fp=0xc0024bbf88 sp=0xc0024bba88 pc=0x26a14c runtime.main() /usr/local/go/src/runtime/proc.go:255 +0x268 fp=0xc0024bbfd8 sp=0xc0024bbf88 pc=0x4f0f0 runtime.goexit() /usr/local/go/src/runtime/asm_riscv64.s:507 +0x4 fp=0xc0024bbfd8 sp=0xc0024bbfd8 pc=0x8166c goroutine 9 [chan receive, 4 minutes]: github.com/google/syzkaller/pkg/osutil.HandleInterrupts.func1(0xc0000560c0) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/osutil/osutil_unix.go:79 +0xac created by github.com/google/syzkaller/pkg/osutil.HandleInterrupts /syzkaller/gopath/src/github.com/google/syzkaller/pkg/osutil/osutil_unix.go:76 +0x40 goroutine 10 [chan receive, 4 minutes]: main.main.func1(0xc0000560c0) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:174 +0x30 created by main.main /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:172 +0x5e8 goroutine 20 [syscall, 4 minutes]: os/signal.signal_recv() /usr/local/go/src/runtime/sigqueue.go:169 +0x134 os/signal.loop() /usr/local/go/src/os/signal/signal_unix.go:24 +0x24 created by os/signal.Notify.func1.1 /usr/local/go/src/os/signal/signal.go:151 +0x38 goroutine 13 [IO wait]: internal/poll.runtime_pollWait(0x7fff6b2ed398, 0x72) /usr/local/go/src/runtime/netpoll.go:229 +0xb8 internal/poll.(*pollDesc).wait(0xc00058a418, 0x72, 0x0) /usr/local/go/src/internal/poll/fd_poll_runtime.go:84 +0x40 internal/poll.(*pollDesc).waitRead(...) /usr/local/go/src/internal/poll/fd_poll_runtime.go:89 internal/poll.(*FD).Read(0xc00058a400, {0xc000144000, 0x1000, 0x1000}) /usr/local/go/src/internal/poll/fd_unix.go:167 +0x20c net.(*netFD).Read(0xc00058a400, {0xc000144000, 0x1000, 0x1000}) /usr/local/go/src/net/fd_posix.go:56 +0x48 net.(*conn).Read(0xc0002f1210, {0xc000144000, 0x1000, 0x1000}) /usr/local/go/src/net/net.go:183 +0x50 bufio.(*Reader).fill(0xc0002811a0) /usr/local/go/src/bufio/bufio.go:101 +0x118 bufio.(*Reader).ReadByte(0xc0002811a0) /usr/local/go/src/bufio/bufio.go:253 +0x38 compress/flate.(*decompressor).moreBits(0xc0006b2000) /usr/local/go/src/compress/flate/inflate.go:696 +0x34 compress/flate.(*decompressor).nextBlock(0xc0006b2000) /usr/local/go/src/compress/flate/inflate.go:303 +0x38 compress/flate.(*decompressor).Read(0xc0006b2000, {0xc000158000, 0x1000, 0x1000}) /usr/local/go/src/compress/flate/inflate.go:347 +0x88 github.com/google/syzkaller/pkg/rpctype.(*flateConn).Read(0xc000283d40, {0xc000158000, 0x1000, 0x1000}) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpctype/rpc.go:136 +0x4c bufio.(*Reader).Read(0xc000281200, {0xc0002a45c0, 0x1, 0x9}) /usr/local/go/src/bufio/bufio.go:227 +0x210 io.ReadAtLeast({0x4bb620, 0xc000281200}, {0xc0002a45c0, 0x1, 0x9}, 0x1) /usr/local/go/src/io/io.go:328 +0xa4 io.ReadFull(...) /usr/local/go/src/io/io.go:347 encoding/gob.decodeUintReader({0x4bb620, 0xc000281200}, {0xc0002a45c0, 0x9, 0x9}) /usr/local/go/src/encoding/gob/decode.go:120 +0x54 encoding/gob.(*Decoder).recvMessage(0xc000570200) /usr/local/go/src/encoding/gob/decoder.go:81 +0x50 encoding/gob.(*Decoder).decodeTypeSequence(0xc000570200, 0x0) /usr/local/go/src/encoding/gob/decoder.go:143 +0x40 encoding/gob.(*Decoder).DecodeValue(0xc000570200, {0x295860, 0xc000283ec0, 0x16}) /usr/local/go/src/encoding/gob/decoder.go:214 +0x178 encoding/gob.(*Decoder).Decode(0xc000570200, {0x295860, 0xc000283ec0}) /usr/local/go/src/encoding/gob/decoder.go:191 +0x1ac net/rpc.(*gobClientCodec).ReadResponseHeader(0xc000283e30, 0xc000283ec0) /usr/local/go/src/net/rpc/client.go:228 +0x44 net/rpc.(*Client).input(0xc0002812c0) /usr/local/go/src/net/rpc/client.go:109 +0xac created by net/rpc.NewClientWithCodec /usr/local/go/src/net/rpc/client.go:206 +0xb0 [ 591.121033][ T2018] BUG: Bad page map in process syz-fuzzer pte:ffffaf800e628130 pmd:23a09c01 [ 591.122073][ T2018] addr:000000c0013ee000 vm_flags:00100073 anon_vma:ffffaf800f71c900 mapping:0000000000000000 index:c0013ee [ 591.122981][ T2018] file:(null) fault:0x0 mmap:0x0 readpage:0x0 [ 591.123941][ T2018] CPU: 1 PID: 2018 Comm: syz-fuzzer Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 591.124779][ T2018] Hardware name: riscv-virtio,qemu (DT) [ 591.125207][ T2018] Call Trace: [ 591.125625][ T2018] [] dump_backtrace+0x2e/0x3c [ 591.126326][ T2018] [] show_stack+0x34/0x40 [ 591.127021][ T2018] [] dump_stack_lvl+0xe4/0x150 [ 591.127812][ T2018] [] dump_stack+0x1c/0x24 [ 591.128484][ T2018] [] print_bad_pte+0x3d4/0x4a0 [ 591.129166][ T2018] [] vm_normal_page+0x20c/0x22a [ 591.129852][ T2018] [] unmap_page_range+0x6d0/0x13f0 [ 591.130586][ T2018] [] unmap_vmas+0x1d0/0x366 [ 591.131192][ T2018] [] exit_mmap+0x15c/0x412 [ 591.131953][ T2018] [] mmput+0xee/0x2c2 [ 591.132668][ T2018] [] do_exit+0x6f2/0x18fc [ 591.133348][ T2018] [] do_group_exit+0x90/0x17e [ 591.134027][ T2018] [] get_signal+0x3b8/0x1754 [ 591.134726][ T2018] [] do_notify_resume+0x11a/0xa56 [ 591.135441][ T2018] [] ret_from_exception+0x0/0x10 [ 591.137213][ T2018] BUG: Bad page map in process syz-fuzzer pte:ffffffff801110e4 pmd:23a09c01 [ 591.138424][ T2018] addr:000000c0013ef000 vm_flags:00100073 anon_vma:ffffaf800f71c900 mapping:0000000000000000 index:c0013ef [ 591.139684][ T2018] file:(null) fault:0x0 mmap:0x0 readpage:0x0 [ 591.140756][ T2018] CPU: 1 PID: 2018 Comm: syz-fuzzer Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 591.142146][ T2018] Hardware name: riscv-virtio,qemu (DT) [ 591.142800][ T2018] Call Trace: [ 591.143314][ T2018] [] dump_backtrace+0x2e/0x3c [ 591.144451][ T2018] [] show_stack+0x34/0x40 [ 591.145365][ T2018] [] dump_stack_lvl+0xe4/0x150 [ 591.146424][ T2018] [] dump_stack+0x1c/0x24 [ 591.147520][ T2018] [] print_bad_pte+0x3d4/0x4a0 [ 591.148506][ T2018] [] vm_normal_page+0x20c/0x22a [ 591.149562][ T2018] [] unmap_page_range+0x6d0/0x13f0 [ 591.150377][ T2018] [] unmap_vmas+0x1d0/0x366 [ 591.151082][ T2018] [] exit_mmap+0x15c/0x412 [ 591.151840][ T2018] [] mmput+0xee/0x2c2 [ 591.152571][ T2018] [] do_exit+0x6f2/0x18fc [ 591.153278][ T2018] [] do_group_exit+0x90/0x17e [ 591.153983][ T2018] [] get_signal+0x3b8/0x1754 [ 591.154782][ T2018] [] do_notify_resume+0x11a/0xa56 [ 591.155615][ T2018] [] ret_from_exception+0x0/0x10 [ 591.160226][ T2018] BUG: Bad page map in process syz-fuzzer pte:ffffaf800e628170 pmd:23a09c01 [ 591.161626][ T2018] addr:000000c0013f6000 vm_flags:00100073 anon_vma:ffffaf800f71c900 mapping:0000000000000000 index:c0013f6 [ 591.163093][ T2018] file:(null) fault:0x0 mmap:0x0 readpage:0x0 [ 591.164306][ T2018] CPU: 1 PID: 2018 Comm: syz-fuzzer Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 591.165745][ T2018] Hardware name: riscv-virtio,qemu (DT) [ 591.166514][ T2018] Call Trace: [ 591.167496][ T2018] [] dump_backtrace+0x2e/0x3c [ 591.169148][ T2018] [] show_stack+0x34/0x40 [ 591.170329][ T2018] [] dump_stack_lvl+0xe4/0x150 [ 591.171748][ T2018] [] dump_stack+0x1c/0x24 [ 591.172904][ T2018] [] print_bad_pte+0x3d4/0x4a0 [ 591.174092][ T2018] [] vm_normal_page+0x20c/0x22a [ 591.175316][ T2018] [] unmap_page_range+0x6d0/0x13f0 [ 591.177142][ T2018] [] unmap_vmas+0x1d0/0x366 [ 591.178503][ T2018] [] exit_mmap+0x15c/0x412 [ 591.179222][ T2018] [] mmput+0xee/0x2c2 [ 591.179903][ T2018] [] do_exit+0x6f2/0x18fc [ 591.180593][ T2018] [] do_group_exit+0x90/0x17e [ 591.181380][ T2018] [] get_signal+0x3b8/0x1754 [ 591.182376][ T2018] [] do_notify_resume+0x11a/0xa56 [ 591.183313][ T2018] [] ret_from_exception+0x0/0x10 [ 591.186258][ T2018] BUG: Bad page map in process syz-fuzzer pte:ffffffff801110e4 pmd:23a09c01 [ 591.188092][ T2018] addr:000000c0013f7000 vm_flags:00100073 anon_vma:ffffaf800f71c900 mapping:0000000000000000 index:c0013f7 [ 591.189002][ T2018] file:(null) fault:0x0 mmap:0x0 readpage:0x0 [ 591.189800][ T2018] CPU: 1 PID: 2018 Comm: syz-fuzzer Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 591.191004][ T2018] Hardware name: riscv-virtio,qemu (DT) [ 591.191737][ T2018] Call Trace: [ 591.192352][ T2018] [] dump_backtrace+0x2e/0x3c [ 591.193487][ T2018] [] show_stack+0x34/0x40 [ 591.194496][ T2018] [] dump_stack_lvl+0xe4/0x150 [ 591.195656][ T2018] [] dump_stack+0x1c/0x24 [ 591.196801][ T2018] [] print_bad_pte+0x3d4/0x4a0 [ 591.198358][ T2018] [] vm_normal_page+0x20c/0x22a [ 591.199165][ T2018] [] unmap_page_range+0x6d0/0x13f0 [ 591.199956][ T2018] [] unmap_vmas+0x1d0/0x366 [ 591.200630][ T2018] [] exit_mmap+0x15c/0x412 [ 591.201400][ T2018] [] mmput+0xee/0x2c2 [ 591.202201][ T2018] [] do_exit+0x6f2/0x18fc [ 591.202960][ T2018] [] do_group_exit+0x90/0x17e [ 591.203690][ T2018] [] get_signal+0x3b8/0x1754 [ 591.204412][ T2018] [] do_notify_resume+0x11a/0xa56 [ 591.205204][ T2018] [] ret_from_exception+0x0/0x10 [ 591.208200][ T2018] BUG: Bad page map in process syz-fuzzer pte:41b58ab3 pmd:23a09c01 [ 591.209010][ T2018] addr:000000c0013fc000 vm_flags:00100073 anon_vma:ffffaf800f71c900 mapping:0000000000000000 index:c0013fc [ 591.209989][ T2018] file:(null) fault:0x0 mmap:0x0 readpage:0x0 [ 591.211115][ T2018] CPU: 1 PID: 2018 Comm: syz-fuzzer Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 591.212670][ T2018] Hardware name: riscv-virtio,qemu (DT) [ 591.213422][ T2018] Call Trace: [ 591.214035][ T2018] [] dump_backtrace+0x2e/0x3c [ 591.215328][ T2018] [] show_stack+0x34/0x40 [ 591.216344][ T2018] [] dump_stack_lvl+0xe4/0x150 [ 591.217622][ T2018] [] dump_stack+0x1c/0x24 [ 591.218636][ T2018] [] print_bad_pte+0x3d4/0x4a0 [ 591.219433][ T2018] [] vm_normal_page+0x20c/0x22a [ 591.220191][ T2018] [] unmap_page_range+0x6d0/0x13f0 [ 591.221016][ T2018] [] unmap_vmas+0x1d0/0x366 [ 591.221749][ T2018] [] exit_mmap+0x15c/0x412 [ 591.222511][ T2018] [] mmput+0xee/0x2c2 [ 591.223255][ T2018] [] do_exit+0x6f2/0x18fc [ 591.223988][ T2018] [] do_group_exit+0x90/0x17e [ 591.224714][ T2018] [] get_signal+0x3b8/0x1754 [ 591.225459][ T2018] [] do_notify_resume+0x11a/0xa56 [ 591.226252][ T2018] [] ret_from_exception+0x0/0x10 [ 591.229090][ T2018] BUG: Bad page map in process syz-fuzzer pte:ffffffff8451f653 pmd:23a09c01 [ 591.230037][ T2018] addr:000000c0013fd000 vm_flags:00100073 anon_vma:ffffaf800f71c900 mapping:0000000000000000 index:c0013fd [ 591.231639][ T2018] file:(null) fault:0x0 mmap:0x0 readpage:0x0 [ 591.232888][ T2018] CPU: 1 PID: 2018 Comm: syz-fuzzer Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 591.234510][ T2018] Hardware name: riscv-virtio,qemu (DT) [ 591.235294][ T2018] Call Trace: [ 591.235919][ T2018] [] dump_backtrace+0x2e/0x3c [ 591.237701][ T2018] [] show_stack+0x34/0x40 [ 591.238962][ T2018] [] dump_stack_lvl+0xe4/0x150 [ 591.239830][ T2018] [] dump_stack+0x1c/0x24 [ 591.240651][ T2018] [] print_bad_pte+0x3d4/0x4a0 [ 591.241450][ T2018] [] vm_normal_page+0x20c/0x22a [ 591.242263][ T2018] [] unmap_page_range+0x6d0/0x13f0 [ 591.243362][ T2018] [] unmap_vmas+0x1d0/0x366 [ 591.244500][ T2018] [] exit_mmap+0x15c/0x412 [ 591.245692][ T2018] [] mmput+0xee/0x2c2 [ 591.246539][ T2018] [] do_exit+0x6f2/0x18fc [ 591.247557][ T2018] [] do_group_exit+0x90/0x17e [ 591.248372][ T2018] [] get_signal+0x3b8/0x1754 [ 591.249109][ T2018] [] do_notify_resume+0x11a/0xa56 [ 591.249893][ T2018] [] ret_from_exception+0x0/0x10 [ 591.253149][ T2018] Unable to handle kernel paging request at virtual address ffffaf847c9ffff8 [ 591.254768][ T2018] Oops [#1] [ 591.255269][ T2018] Modules linked in: [ 591.255909][ T2018] CPU: 1 PID: 2018 Comm: syz-fuzzer Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 591.257113][ T2018] Hardware name: riscv-virtio,qemu (DT) [ 591.258349][ T2018] epc : unmap_page_range+0xb18/0x13f0 [ 591.259330][ T2018] ra : unmap_page_range+0xb18/0x13f0 [ 591.260222][ T2018] epc : ffffffff803d2158 ra : ffffffff803d2158 sp : ffffaf800e79b610 [ 591.261433][ T2018] gp : ffffffff85863ac0 tp : ffffaf800ea748c0 t0 : ffffaf800e79b710 [ 591.262528][ T2018] t1 : fffff5ef01cf36e1 t2 : 0000000000000000 s0 : ffffaf800e79b7c0 [ 591.263469][ T2018] s1 : ffffaf800e627ff0 a0 : ffffaf847c9ffff8 a1 : 0000000000000007 [ 591.264446][ T2018] a2 : 1ffff5f08f93ffff a3 : ffffffff803d2158 a4 : 0000000000000000 [ 591.265370][ T2018] a5 : ffffaf847c9ffff8 a6 : 0000000000f00000 a7 : ffffaf800e79b70f [ 591.266566][ T2018] s2 : 000000c0013ff000 s3 : ffffffff80110fdc s4 : 7c1ffffffff00221 [ 591.268256][ T2018] s5 : 000000c001400000 s6 : ffffaf847c9ffff8 s7 : 0000000000000000 [ 591.269266][ T2018] s8 : ffffaf800e79b740 s9 : ffffaf800e79b920 s10: 000000c0013fe000 [ 591.270225][ T2018] s11: 001ffffffff00221 t3 : 0000000066663c5b t4 : fffff5ef01cf36e0 [ 591.271217][ T2018] t5 : fffff5ef01cf36e2 t6 : ffffaf800e79adf8 [ 591.272037][ T2018] status: 0000000000000120 badaddr: ffffaf847c9ffff8 cause: 000000000000000d [ 591.273143][ T2018] [] unmap_vmas+0x1d0/0x366 [ 591.274145][ T2018] [] exit_mmap+0x15c/0x412 [ 591.275292][ T2018] [] mmput+0xee/0x2c2 [ 591.276359][ T2018] [] do_exit+0x6f2/0x18fc [ 591.277896][ T2018] [] do_group_exit+0x90/0x17e [ 591.279061][ T2018] [] get_signal+0x3b8/0x1754 [ 591.280137][ T2018] [] do_notify_resume+0x11a/0xa56 [ 591.281249][ T2018] [] ret_from_exception+0x0/0x10 [ 591.284002][ T2018] ---[ end trace 0000000000000000 ]--- [ 591.285266][ T2018] Kernel panic - not syncing: Fatal exception [ 591.286175][ T2018] SMP: stopping secondary CPUs [ 591.288304][ T2018] Rebooting in 86400 seconds.. VM DIAGNOSIS: 19:29:50 Registers: info registers vcpu 0 pc ffffffff80200f00 mhartid 0000000000000000 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 0000000000082a4c mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80174a74 x2/sp ffffaf800efe3b60 x3/gp ffffffff85863ac0 x4/tp ffffaf800b5c48c0 x5/t0 0000000000000388 x6/t1 d4cc6cd6dcb7fc00 x7/t2 0000000000000032 x8/s0 ffffaf800efe3cc0 x9/s1 0000000000000000 x10/a0 ffffaf800b5c48c8 x11/a1 0000000000000003 x12/a2 0000000000000002 x13/a3 ffffffff80111e1e x14/a4 ffffaf800b5c58c0 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff8017f3cc x18/s2 000000000001cbac x19/s3 ffffffff84b86680 x20/s4 0000000000013380 x21/s5 ffffaf800efe3e60 x22/s6 0000000000000000 x23/s7 0000000000000018 x24/s8 0000000000000038 x25/s9 00000000000000f6 x26/s10 0000000000000000 x27/s11 000000c0000004e0 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001dfc748 x31/t6 0000000000082368 f0/ft0 0000000000000000 f1/ft1 40707777178808e3 f2/ft2 41021c4000000000 f3/ft3 43e0000000000000 f4/ft4 3ffe000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff801a7b6c mhartid 0000000000000001 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff80121626 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80c30ab8 x2/sp ffffaf800e62b190 x3/gp ffffffff85863ac0 x4/tp ffffaf800ec60000 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef01cc563c x7/t2 0000000000000000 x8/s0 ffffaf800e62b530 x9/s1 0000000000000005 x10/a0 0000000000000000 x11/a1 00000000000f0000 x12/a2 0000000000000002 x13/a3 ffffffff80c2d56c x14/a4 ffffaf800ec61000 x15/a5 0000000000000025 x16/a6 0000000000f00000 x17/a7 ffffaf800e62b687 x18/s2 ffffffff836be054 x19/s3 ffffaf800e62b6c0 x20/s4 0000000000000002 x21/s5 ffffffff836be05a x22/s6 ffffaf800e62ba78 x23/s7 0000000000000001 x24/s8 ffffffff85889780 x25/s9 0000000000000070 x26/s10 0000000000000040 x27/s11 ffffffff838d6d80 x28/t3 1ffff5f001cc560c x29/t4 fffff5ef01cc56b0 x30/t5 fffff5ef01cc56b1 x31/t6 ffffaf800e62b302 f0/ft0 0000000000000000 f1/ft1 40a79b4467dabec4 f2/ft2 415bff1a00000000 f3/ft3 403a000000000000 f4/ft4 412d9dd000000000 f5/ft5 40392b803473f7ad f6/ft6 3fe0ac56157b7a4c f7/ft7 3fa7922e24847190 f8/fs0 3fedd6a1fe6ef7a5 f9/fs1 3f9f12bf810b83a0 f10/fa0 3f922af40e036499 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000