syzkaller login: [ 260.379925][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 260.434972][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 260.481749][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 287.514801][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:43738' (ECDSA) to the list of known hosts. 1970/01/01 00:05:50 fuzzer started 1970/01/01 00:06:02 dialing manager at localhost:41559 [ 368.263142][ T2037] cgroup: Unknown subsys name 'net' [ 369.357989][ T2037] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:08 syscalls: 2918 1970/01/01 00:06:08 code coverage: enabled 1970/01/01 00:06:08 comparison tracing: enabled 1970/01/01 00:06:08 extra coverage: enabled 1970/01/01 00:06:08 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:08 setuid sandbox: enabled 1970/01/01 00:06:08 namespace sandbox: enabled 1970/01/01 00:06:08 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:08 fault injection: enabled 1970/01/01 00:06:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:08 net packet injection: enabled 1970/01/01 00:06:08 net device setup: enabled 1970/01/01 00:06:08 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:08 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:08 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:08 USB emulation: enabled 1970/01/01 00:06:08 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:08 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:08 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:09 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:12 fetching corpus: 50, signal 25556/29013 (executing program) 1970/01/01 00:06:15 fetching corpus: 100, signal 39106/43858 (executing program) 1970/01/01 00:06:20 fetching corpus: 149, signal 54085/59780 (executing program) 1970/01/01 00:06:22 fetching corpus: 199, signal 60434/67241 (executing program) 1970/01/01 00:06:24 fetching corpus: 249, signal 64250/72200 (executing program) 1970/01/01 00:06:26 fetching corpus: 298, signal 69272/78150 (executing program) 1970/01/01 00:06:29 fetching corpus: 347, signal 73326/83134 (executing program) 1970/01/01 00:06:32 fetching corpus: 397, signal 77751/88301 (executing program) 1970/01/01 00:06:35 fetching corpus: 446, signal 82471/93668 (executing program) 1970/01/01 00:06:38 fetching corpus: 496, signal 85305/97259 (executing program) 1970/01/01 00:06:39 fetching corpus: 545, signal 87413/100128 (executing program) 1970/01/01 00:06:42 fetching corpus: 595, signal 90426/103760 (executing program) 1970/01/01 00:06:45 fetching corpus: 645, signal 94448/108214 (executing program) 1970/01/01 00:06:47 fetching corpus: 695, signal 96085/110632 (executing program) 1970/01/01 00:06:50 fetching corpus: 745, signal 98929/113947 (executing program) 1970/01/01 00:06:52 fetching corpus: 795, signal 101754/117177 (executing program) 1970/01/01 00:06:55 fetching corpus: 844, signal 104037/119967 (executing program) 1970/01/01 00:06:59 fetching corpus: 894, signal 106644/122924 (executing program) 1970/01/01 00:07:01 fetching corpus: 943, signal 109290/125828 (executing program) 1970/01/01 00:07:05 fetching corpus: 992, signal 111010/127982 (executing program) 1970/01/01 00:07:09 fetching corpus: 1040, signal 112839/130221 (executing program) 1970/01/01 00:07:11 fetching corpus: 1090, signal 115527/133067 (executing program) 1970/01/01 00:07:14 fetching corpus: 1140, signal 117382/135210 (executing program) 1970/01/01 00:07:16 fetching corpus: 1190, signal 119581/137579 (executing program) 1970/01/01 00:07:18 fetching corpus: 1240, signal 121076/139378 (executing program) 1970/01/01 00:07:21 fetching corpus: 1289, signal 122602/141158 (executing program) 1970/01/01 00:07:23 fetching corpus: 1339, signal 123665/142613 (executing program) 1970/01/01 00:07:25 fetching corpus: 1389, signal 124554/143882 (executing program) 1970/01/01 00:07:27 fetching corpus: 1439, signal 126202/145639 (executing program) 1970/01/01 00:07:29 fetching corpus: 1489, signal 128838/148057 (executing program) 1970/01/01 00:07:32 fetching corpus: 1539, signal 130608/149853 (executing program) 1970/01/01 00:07:34 fetching corpus: 1588, signal 131641/151159 (executing program) 1970/01/01 00:07:38 fetching corpus: 1638, signal 132982/152585 (executing program) 1970/01/01 00:07:41 fetching corpus: 1687, signal 134566/154170 (executing program) 1970/01/01 00:07:43 fetching corpus: 1737, signal 136955/156220 (executing program) 1970/01/01 00:07:47 fetching corpus: 1786, signal 138434/157642 (executing program) 1970/01/01 00:07:49 fetching corpus: 1836, signal 139702/158909 (executing program) 1970/01/01 00:07:51 fetching corpus: 1885, signal 140673/159975 (executing program) 1970/01/01 00:07:54 fetching corpus: 1935, signal 141886/161197 (executing program) 1970/01/01 00:07:56 fetching corpus: 1985, signal 142817/162224 (executing program) 1970/01/01 00:07:59 fetching corpus: 2035, signal 143933/163296 (executing program) 1970/01/01 00:08:01 fetching corpus: 2085, signal 144684/164175 (executing program) 1970/01/01 00:08:03 fetching corpus: 2135, signal 145571/165060 (executing program) 1970/01/01 00:08:06 fetching corpus: 2184, signal 147251/166386 (executing program) 1970/01/01 00:08:08 fetching corpus: 2233, signal 148769/167578 (executing program) 1970/01/01 00:08:11 fetching corpus: 2283, signal 151589/169383 (executing program) 1970/01/01 00:08:13 fetching corpus: 2333, signal 153039/170524 (executing program) 1970/01/01 00:08:15 fetching corpus: 2383, signal 153958/171333 (executing program) 1970/01/01 00:08:18 fetching corpus: 2433, signal 154766/172034 (executing program) 1970/01/01 00:08:20 fetching corpus: 2483, signal 155968/172936 (executing program) 1970/01/01 00:08:22 fetching corpus: 2533, signal 156993/173722 (executing program) 1970/01/01 00:08:25 fetching corpus: 2582, signal 158048/174521 (executing program) 1970/01/01 00:08:27 fetching corpus: 2631, signal 159293/175297 (executing program) 1970/01/01 00:08:29 fetching corpus: 2679, signal 160241/176016 (executing program) 1970/01/01 00:08:32 fetching corpus: 2729, signal 161300/176722 (executing program) 1970/01/01 00:08:34 fetching corpus: 2779, signal 162152/177311 (executing program) 1970/01/01 00:08:36 fetching corpus: 2828, signal 163090/177958 (executing program) 1970/01/01 00:08:38 fetching corpus: 2877, signal 164001/178540 (executing program) 1970/01/01 00:08:41 fetching corpus: 2926, signal 164888/179146 (executing program) 1970/01/01 00:08:43 fetching corpus: 2976, signal 165900/179753 (executing program) 1970/01/01 00:08:46 fetching corpus: 3026, signal 167172/180450 (executing program) 1970/01/01 00:08:48 fetching corpus: 3076, signal 168046/180935 (executing program) 1970/01/01 00:08:50 fetching corpus: 3126, signal 168913/181387 (executing program) 1970/01/01 00:08:53 fetching corpus: 3175, signal 169778/181880 (executing program) 1970/01/01 00:08:55 fetching corpus: 3225, signal 170589/182269 (executing program) 1970/01/01 00:08:56 fetching corpus: 3275, signal 171296/182628 (executing program) 1970/01/01 00:08:59 fetching corpus: 3325, signal 171932/182982 (executing program) 1970/01/01 00:09:02 fetching corpus: 3375, signal 172953/183408 (executing program) 1970/01/01 00:09:05 fetching corpus: 3424, signal 173710/183729 (executing program) 1970/01/01 00:09:08 fetching corpus: 3474, signal 175009/184180 (executing program) 1970/01/01 00:09:10 fetching corpus: 3524, signal 175939/184528 (executing program) 1970/01/01 00:09:12 fetching corpus: 3574, signal 176420/184771 (executing program) 1970/01/01 00:09:14 fetching corpus: 3624, signal 177263/185069 (executing program) 1970/01/01 00:09:17 fetching corpus: 3674, signal 177899/185303 (executing program) 1970/01/01 00:09:19 fetching corpus: 3724, signal 178624/185572 (executing program) 1970/01/01 00:09:21 fetching corpus: 3774, signal 179485/185840 (executing program) 1970/01/01 00:09:23 fetching corpus: 3824, signal 180205/186095 (executing program) 1970/01/01 00:09:26 fetching corpus: 3873, signal 180982/186286 (executing program) 1970/01/01 00:09:28 fetching corpus: 3921, signal 181604/186445 (executing program) 1970/01/01 00:09:30 fetching corpus: 3971, signal 182366/186597 (executing program) 1970/01/01 00:09:34 fetching corpus: 4021, signal 183077/186740 (executing program) 1970/01/01 00:09:37 fetching corpus: 4070, signal 183721/186863 (executing program) 1970/01/01 00:09:40 fetching corpus: 4120, signal 184415/186966 (executing program) 1970/01/01 00:09:42 fetching corpus: 4170, signal 185031/187043 (executing program) 1970/01/01 00:09:44 fetching corpus: 4203, signal 185306/187083 (executing program) 1970/01/01 00:09:44 fetching corpus: 4203, signal 185306/187110 (executing program) 1970/01/01 00:09:44 fetching corpus: 4203, signal 185306/187141 (executing program) 1970/01/01 00:09:44 fetching corpus: 4203, signal 185306/187164 (executing program) 1970/01/01 00:09:44 fetching corpus: 4203, signal 185306/187191 (executing program) 1970/01/01 00:09:45 fetching corpus: 4203, signal 185306/187215 (executing program) 1970/01/01 00:09:45 fetching corpus: 4203, signal 185306/187231 (executing program) 1970/01/01 00:09:45 fetching corpus: 4203, signal 185306/187247 (executing program) 1970/01/01 00:09:45 fetching corpus: 4203, signal 185306/187272 (executing program) 1970/01/01 00:09:45 fetching corpus: 4203, signal 185306/187272 (executing program) 1970/01/01 00:11:31 starting 2 fuzzer processes 00:11:31 executing program 0: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000044c0), 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f00000000c0)=0xf1030000) 00:11:32 executing program 1: r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000600)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) r1 = add_key(&(0x7f0000000400)='big_key\x00', &(0x7f0000000440)={'syz', 0x0}, &(0x7f0000000480)='X', 0x1, r0) keyctl$KEYCTL_MOVE(0x1e, r1, r0, 0xfffffffffffffffd, 0x0) keyctl$revoke(0x15, r0) [ 721.188052][ T2057] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 721.297335][ T2058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 721.413016][ T2057] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 721.514142][ T2058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 736.387374][ T2057] device hsr_slave_0 entered promiscuous mode [ 736.514161][ T2057] device hsr_slave_1 entered promiscuous mode [ 738.977269][ T2058] device hsr_slave_0 entered promiscuous mode [ 739.045510][ T2058] device hsr_slave_1 entered promiscuous mode [ 739.107353][ T2058] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 739.115560][ T2058] Cannot create hsr debugfs directory [ 745.963279][ T2057] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 746.142500][ T2057] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 746.261976][ T2057] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 746.541093][ T2057] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 747.666573][ T2058] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 748.234678][ T2058] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 748.511183][ T2058] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 748.647114][ T2058] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 758.101501][ T2057] 8021q: adding VLAN 0 to HW filter on device bond0 [ 758.593071][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 758.673558][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 760.143631][ T2058] 8021q: adding VLAN 0 to HW filter on device bond0 [ 760.433477][ T2122] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 760.486798][ T2122] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 767.223779][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 767.283325][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 767.512538][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 767.577395][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 767.753510][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 768.755027][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 768.804435][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 768.844402][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 768.887393][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 768.923253][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 769.151847][ T2122] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 769.187208][ T2122] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 769.400967][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 769.671903][ T2121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 769.704796][ T2121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 769.971518][ T2121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 771.086639][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 771.135850][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 771.657664][ T2058] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 771.756112][ T2058] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 772.273540][ T2038] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 772.311778][ T2038] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 776.512224][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 776.516264][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 778.394202][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 778.398221][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 789.447633][ T2700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 789.484612][ T2700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 791.017472][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 791.057545][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 796.026505][ T2057] device veth0_vlan entered promiscuous mode [ 796.450907][ T2057] device veth1_vlan entered promiscuous mode [ 796.514650][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 796.586032][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 796.645040][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 796.721389][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 796.765637][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 797.675342][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 797.715759][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 797.837644][ T2057] device veth0_macvtap entered promiscuous mode [ 798.183127][ T2057] device veth1_macvtap entered promiscuous mode [ 798.576315][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 798.697755][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 799.430923][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 799.447802][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 799.938092][ T2058] device veth0_vlan entered promiscuous mode [ 800.066860][ T2057] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.071061][ T2057] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.072167][ T2057] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.073216][ T2057] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.175818][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 800.218023][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 800.262799][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 800.294077][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 800.431264][ T2038] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 800.455366][ T2038] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 800.834192][ T2058] device veth1_vlan entered promiscuous mode [ 802.757787][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 802.804916][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 803.117188][ T2058] device veth0_macvtap entered promiscuous mode [ 803.446544][ T2058] device veth1_macvtap entered promiscuous mode [ 803.953913][ T2747] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 805.306566][ T2058] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.345905][ T2058] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.347588][ T2058] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.361274][ T2058] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.593765][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 805.652077][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 805.708175][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 805.790150][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 00:13:28 executing program 0: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000044c0), 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f00000000c0)=0xf1030000) [ 812.341745][ T2058] BUG: Bad page map in process syz-executor.1 pte:ffffaf802075c0b0 pmd:28256c01 [ 812.345845][ T2058] addr:00007fffa89de000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab14c38 index:176 [ 812.350869][ T2058] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 812.353809][ T2058] CPU: 1 PID: 2058 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 812.355603][ T2058] Hardware name: riscv-virtio,qemu (DT) [ 812.356972][ T2058] Call Trace: [ 812.358232][ T2058] [] dump_backtrace+0x2e/0x3c [ 812.360777][ T2058] [] show_stack+0x34/0x40 [ 812.362055][ T2058] [] dump_stack_lvl+0xe4/0x150 [ 812.363860][ T2058] [] dump_stack+0x1c/0x24 [ 812.365878][ T2058] [] print_bad_pte+0x3d4/0x4a0 [ 812.367284][ T2058] [] vm_normal_page+0x20c/0x22a [ 812.369038][ T2058] [] copy_page_range+0x828/0x236c [ 812.371156][ T2058] [] dup_mm+0xb5c/0xe10 [ 812.372406][ T2058] [] copy_process+0x25da/0x3c34 [ 812.373849][ T2058] [] kernel_clone+0xee/0x920 [ 812.375165][ T2058] [] __do_sys_clone+0xf2/0x12e [ 812.376808][ T2058] [] sys_clone+0x32/0x44 [ 812.378995][ T2058] [] ret_from_syscall+0x0/0x2 [ 812.384432][ T2058] Disabling lock debugging due to kernel taint [ 812.385537][ T2058] BUG: Bad page map in process syz-executor.1 pte:ffffffff801110e4 pmd:28256c01 [ 812.386773][ T2058] addr:00007fffa89df000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab14c38 index:177 [ 812.388200][ T2058] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 812.390873][ T2058] CPU: 1 PID: 2058 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 812.392720][ T2058] Hardware name: riscv-virtio,qemu (DT) [ 812.393696][ T2058] Call Trace: [ 812.394246][ T2058] [] dump_backtrace+0x2e/0x3c [ 812.395838][ T2058] [] show_stack+0x34/0x40 [ 812.397341][ T2058] [] dump_stack_lvl+0xe4/0x150 [ 812.399577][ T2058] [] dump_stack+0x1c/0x24 [ 812.400755][ T2058] [] print_bad_pte+0x3d4/0x4a0 [ 812.401829][ T2058] [] vm_normal_page+0x20c/0x22a [ 812.402638][ T2058] [] copy_page_range+0x828/0x236c [ 812.403400][ T2058] [] dup_mm+0xb5c/0xe10 [ 812.404122][ T2058] [] copy_process+0x25da/0x3c34 [ 812.405205][ T2058] [] kernel_clone+0xee/0x920 [ 812.405959][ T2058] [] __do_sys_clone+0xf2/0x12e [ 812.406755][ T2058] [] sys_clone+0x32/0x44 [ 812.407464][ T2058] [] ret_from_syscall+0x0/0x2 [ 812.541682][ T2058] BUG: Bad page map in process syz-executor.1 pte:41b58ab3 pmd:28256c01 [ 812.542661][ T2058] addr:00007fffa89ec000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab14c38 index:184 [ 812.543793][ T2058] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 812.544833][ T2058] CPU: 1 PID: 2058 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 812.545843][ T2058] Hardware name: riscv-virtio,qemu (DT) [ 812.546310][ T2058] Call Trace: [ 812.546679][ T2058] [] dump_backtrace+0x2e/0x3c [ 812.547473][ T2058] [] show_stack+0x34/0x40 [ 812.548280][ T2058] [] dump_stack_lvl+0xe4/0x150 [ 812.549253][ T2058] [] dump_stack+0x1c/0x24 [ 812.550064][ T2058] [] print_bad_pte+0x3d4/0x4a0 [ 812.550989][ T2058] [] vm_normal_page+0x20c/0x22a [ 812.552429][ T2058] [] copy_page_range+0x828/0x236c [ 812.553389][ T2058] [] dup_mm+0xb5c/0xe10 [ 812.554343][ T2058] [] copy_process+0x25da/0x3c34 [ 812.555840][ T2058] [] kernel_clone+0xee/0x920 [ 812.556823][ T2058] [] __do_sys_clone+0xf2/0x12e [ 812.557598][ T2058] [] sys_clone+0x32/0x44 [ 812.558482][ T2058] [] ret_from_syscall+0x0/0x2 [ 812.560247][ T2058] BUG: Bad page map in process syz-executor.1 pte:ffffffff8451f630 pmd:28256c01 [ 812.561213][ T2058] addr:00007fffa89ed000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab14c38 index:185 [ 812.562227][ T2058] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 812.563149][ T2058] CPU: 1 PID: 2058 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 812.564158][ T2058] Hardware name: riscv-virtio,qemu (DT) [ 812.564686][ T2058] Call Trace: [ 812.565155][ T2058] [] dump_backtrace+0x2e/0x3c [ 812.565908][ T2058] [] show_stack+0x34/0x40 [ 812.567221][ T2058] [] dump_stack_lvl+0xe4/0x150 [ 812.567983][ T2058] [] dump_stack+0x1c/0x24 [ 812.569440][ T2058] [] print_bad_pte+0x3d4/0x4a0 [ 812.570266][ T2058] [] vm_normal_page+0x20c/0x22a [ 812.571002][ T2058] [] copy_page_range+0x828/0x236c [ 812.571734][ T2058] [] dup_mm+0xb5c/0xe10 [ 812.572442][ T2058] [] copy_process+0x25da/0x3c34 [ 812.573096][ T2058] [] kernel_clone+0xee/0x920 [ 812.574017][ T2058] [] __do_sys_clone+0xf2/0x12e [ 812.575178][ T2058] [] sys_clone+0x32/0x44 [ 812.575930][ T2058] [] ret_from_syscall+0x0/0x2 [ 812.577898][ T2058] Unable to handle kernel paging request at virtual address ffffaf847c9ffff8 [ 812.580154][ T2058] Oops [#1] [ 812.580683][ T2058] Modules linked in: [ 812.581331][ T2058] CPU: 1 PID: 2058 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 812.582500][ T2058] Hardware name: riscv-virtio,qemu (DT) [ 812.583140][ T2058] epc : copy_page_range+0x1ade/0x236c [ 812.583795][ T2058] ra : copy_page_range+0x1ade/0x236c [ 812.584591][ T2058] epc : ffffffff803dce04 ra : ffffffff803dce04 sp : ffffaf802075f680 [ 812.585476][ T2058] gp : ffffffff85863ac0 tp : ffffaf8009c448c0 t0 : ffffffff86bcb657 [ 812.586097][ T2058] t1 : fffffffef0b0dfa4 t2 : 0000000000000000 s0 : ffffaf802075f8e0 [ 812.587629][ T2058] s1 : ffffffff80110fdc a0 : ffffaf847c9ffff8 a1 : 0000000000000007 [ 812.588461][ T2058] a2 : 1ffff5f08f93ffff a3 : ffffffff803dce04 a4 : 0000000000000000 [ 812.589194][ T2058] a5 : ffffaf847c9ffff8 a6 : 0000000000f00000 a7 : ffffffff8586fd23 [ 812.589777][ T2058] s2 : ffffaf802075bf70 s3 : ffffaf800e5def70 s4 : 0000000000000010 [ 812.590500][ T2058] s5 : 7c1ffffffff00221 s6 : 001ffffffff00221 s7 : ffffaf847c9ffff8 [ 812.592119][ T2058] s8 : 000000000000001f s9 : 00007fffa8a00000 s10: ffffaf800e43d840 [ 812.592919][ T2058] s11: 00007fffa89ee000 t3 : 000000000000005b t4 : fffffffef0b0dfa4 [ 812.593750][ T2058] t5 : fffffffef0b0dfa5 t6 : ffffaf802075ee78 [ 812.594442][ T2058] status: 0000000000000120 badaddr: ffffaf847c9ffff8 cause: 000000000000000d [ 812.595387][ T2058] [] dup_mm+0xb5c/0xe10 [ 812.596382][ T2058] [] copy_process+0x25da/0x3c34 [ 812.597198][ T2058] [] kernel_clone+0xee/0x920 [ 812.598000][ T2058] [] __do_sys_clone+0xf2/0x12e [ 812.599429][ T2058] [] sys_clone+0x32/0x44 [ 812.600264][ T2058] [] ret_from_syscall+0x0/0x2 [ 812.602434][ T2058] ---[ end trace 0000000000000000 ]--- [ 812.603400][ T2058] Kernel panic - not syncing: Fatal exception [ 812.604191][ T2058] SMP: stopping secondary CPUs [ 812.605377][ T2058] Rebooting in 86400 seconds.. VM DIAGNOSIS: 02:00:27 Registers: info registers vcpu 0 pc ffffffff80dc337e mhartid 0000000000000000 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff803dbcb0 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc337e x2/sp ffffaf802075ef60 x3/gp ffffffff85863ac0 x4/tp ffffaf8009c448c0 x5/t0 ffffffff86bcb657 x6/t1 158306a889894300 x7/t2 0000000000000000 x8/s0 ffffaf802075ef90 x9/s1 ffffffff86e58900 x10/a0 ffffffff86e58948 x11/a1 ffff8f800066c000 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc9fe x18/s2 ffff8f800066c000 x19/s3 0000000000000020 x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb6bc x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0040ebd9c x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff802372da mhartid 0000000000000001 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80201140 sepc ffffffff80201140 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff802372d0 x2/sp ffffaf8007357bf0 x3/gp ffffffff85863ac0 x4/tp ffffaf8009d46100 x5/t0 0000000000046000 x6/t1 fffff5ef00e6afb5 x7/t2 0000000000000000 x8/s0 ffffaf8007357c30 x9/s1 0000000000000120 x10/a0 ffffaf805a9d43e8 x11/a1 0000000000000003 x12/a2 1ffff5f00b53a87d x13/a3 ffffffff802372d0 x14/a4 0000000000000000 x15/a5 0000000000000001 x16/a6 0000000000f00000 x17/a7 ffffaf8007357daf x18/s2 ffffaf805a9d43e8 x19/s3 ffffffff8000e866 x20/s4 ffffffff86c1a620 x21/s5 0000000000000120 x22/s6 0000000000000000 x23/s7 0000000000000001 x24/s8 0000000000000001 x25/s9 0000000000000001 x26/s10 0000000000000050 x27/s11 000000c000497a00 x28/t3 fffffffff3f3f300 x29/t4 fffff5ef00e6afb4 x30/t5 0000000000000010 x31/t6 0000000000040000 f0/ft0 3f8454b46e81fb12 f1/ft1 3f847ae147ae147b f2/ft2 41a683b1aa5a61ca f3/ft3 413d07a400000000 f4/ft4 412dc46000000000 f5/ft5 40388df988f4ae80 f6/ft6 3fe0000000000000 f7/ft7 3fb18ce88690142c f8/fs0 3feaaaaaaaaaaaab f9/fs1 bfc187ec0eed0a92 f10/fa0 3fc76263a50d92e5 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000