syzkaller login: [ 284.628333][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 284.644109][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 284.677444][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 284.743631][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:33393' (ECDSA) to the list of known hosts. 1970/01/01 00:05:52 fuzzer started 1970/01/01 00:06:04 dialing manager at localhost:42439 [ 371.032478][ T2033] cgroup: Unknown subsys name 'net' [ 372.258677][ T2033] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:11 syscalls: 2918 1970/01/01 00:06:11 code coverage: enabled 1970/01/01 00:06:11 comparison tracing: enabled 1970/01/01 00:06:12 extra coverage: ioctl(KCOV_DISABLE) failed: invalid argument 1970/01/01 00:06:12 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:12 setuid sandbox: enabled 1970/01/01 00:06:12 namespace sandbox: enabled 1970/01/01 00:06:12 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:12 fault injection: enabled 1970/01/01 00:06:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:12 net packet injection: enabled 1970/01/01 00:06:12 net device setup: enabled 1970/01/01 00:06:12 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:12 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:12 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:12 USB emulation: enabled 1970/01/01 00:06:12 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:12 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:12 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:12 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:18 fetching corpus: 49, signal 33632/36497 (executing program) 1970/01/01 00:06:21 fetching corpus: 95, signal 46193/49857 (executing program) 1970/01/01 00:06:25 fetching corpus: 143, signal 53730/58068 (executing program) 1970/01/01 00:06:28 fetching corpus: 191, signal 60379/65246 (executing program) 1970/01/01 00:06:31 fetching corpus: 240, signal 66014/71296 (executing program) 1970/01/01 00:06:34 fetching corpus: 290, signal 71001/76599 (executing program) 1970/01/01 00:06:37 fetching corpus: 339, signal 75177/80999 (executing program) 1970/01/01 00:06:41 fetching corpus: 388, signal 79876/85656 (executing program) 1970/01/01 00:06:44 fetching corpus: 437, signal 84108/89862 (executing program) 1970/01/01 00:06:47 fetching corpus: 486, signal 88119/93675 (executing program) 1970/01/01 00:06:50 fetching corpus: 535, signal 91128/96570 (executing program) 1970/01/01 00:06:53 fetching corpus: 585, signal 94320/99478 (executing program) 1970/01/01 00:06:56 fetching corpus: 634, signal 96178/101243 (executing program) 1970/01/01 00:06:58 fetching corpus: 683, signal 98580/103381 (executing program) 1970/01/01 00:07:01 fetching corpus: 733, signal 100973/105444 (executing program) 1970/01/01 00:07:05 fetching corpus: 781, signal 103372/107419 (executing program) 1970/01/01 00:07:09 fetching corpus: 830, signal 106917/110117 (executing program) 1970/01/01 00:07:12 fetching corpus: 876, signal 109533/112048 (executing program) 1970/01/01 00:07:15 fetching corpus: 925, signal 111974/113814 (executing program) 1970/01/01 00:07:19 fetching corpus: 973, signal 114417/115492 (executing program) 1970/01/01 00:07:19 fetching corpus: 977, signal 114506/115601 (executing program) 1970/01/01 00:07:19 fetching corpus: 977, signal 114506/115640 (executing program) 1970/01/01 00:07:20 fetching corpus: 977, signal 114506/115696 (executing program) 1970/01/01 00:07:20 fetching corpus: 977, signal 114506/115739 (executing program) 1970/01/01 00:07:20 fetching corpus: 978, signal 114529/115820 (executing program) 1970/01/01 00:07:20 fetching corpus: 978, signal 114529/115879 (executing program) 1970/01/01 00:07:20 fetching corpus: 978, signal 114529/115927 (executing program) 1970/01/01 00:07:21 fetching corpus: 978, signal 114529/115974 (executing program) 1970/01/01 00:07:21 fetching corpus: 978, signal 114529/116026 (executing program) 1970/01/01 00:07:21 fetching corpus: 978, signal 114529/116073 (executing program) 1970/01/01 00:07:21 fetching corpus: 978, signal 114557/116153 (executing program) 1970/01/01 00:07:21 fetching corpus: 978, signal 114557/116204 (executing program) 1970/01/01 00:07:21 fetching corpus: 978, signal 114557/116261 (executing program) 1970/01/01 00:07:21 fetching corpus: 978, signal 114557/116311 (executing program) 1970/01/01 00:07:22 fetching corpus: 978, signal 114557/116373 (executing program) 1970/01/01 00:07:22 fetching corpus: 978, signal 114557/116412 (executing program) 1970/01/01 00:07:22 fetching corpus: 978, signal 114557/116455 (executing program) 1970/01/01 00:07:22 fetching corpus: 978, signal 114557/116514 (executing program) 1970/01/01 00:07:22 fetching corpus: 980, signal 114634/116602 (executing program) 1970/01/01 00:07:22 fetching corpus: 980, signal 114634/116659 (executing program) 1970/01/01 00:07:23 fetching corpus: 980, signal 114634/116708 (executing program) 1970/01/01 00:07:23 fetching corpus: 980, signal 114634/116759 (executing program) 1970/01/01 00:07:23 fetching corpus: 980, signal 114634/116801 (executing program) 1970/01/01 00:07:23 fetching corpus: 980, signal 114634/116845 (executing program) 1970/01/01 00:07:23 fetching corpus: 980, signal 114634/116892 (executing program) 1970/01/01 00:07:23 fetching corpus: 980, signal 114634/116935 (executing program) 1970/01/01 00:07:23 fetching corpus: 980, signal 114634/116989 (executing program) 1970/01/01 00:07:23 fetching corpus: 980, signal 114634/117037 (executing program) 1970/01/01 00:07:24 fetching corpus: 980, signal 114634/117086 (executing program) 1970/01/01 00:07:24 fetching corpus: 980, signal 114634/117141 (executing program) 1970/01/01 00:07:24 fetching corpus: 980, signal 114634/117184 (executing program) 1970/01/01 00:07:24 fetching corpus: 980, signal 114634/117245 (executing program) 1970/01/01 00:07:24 fetching corpus: 980, signal 114634/117303 (executing program) 1970/01/01 00:07:24 fetching corpus: 980, signal 114634/117356 (executing program) 1970/01/01 00:07:24 fetching corpus: 980, signal 114634/117407 (executing program) 1970/01/01 00:07:25 fetching corpus: 980, signal 114634/117445 (executing program) 1970/01/01 00:07:25 fetching corpus: 980, signal 114634/117504 (executing program) 1970/01/01 00:07:25 fetching corpus: 980, signal 114634/117548 (executing program) 1970/01/01 00:07:25 fetching corpus: 980, signal 114634/117548 (executing program) 1970/01/01 00:09:24 starting 2 fuzzer processes 00:09:24 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000021c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @local}, 0x1c, 0x0}}], 0x1, 0x0) 00:09:24 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000040)=@security={'security\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x240, 0x0, 0x240, 0xffffffff, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3f2e3bbe49ebb26b6d236f45ee0076e9486d35f4eb35d2da5b7f090cecf7"}}, {{@ipv6={@mcast2, @remote, [], [], 'geneve0\x00', 'netpci0\x00'}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28}}, {{@ipv6={@remote, @private1, [], [], 'tunl0\x00', 'macvlan1\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 596.129541][ T2038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 596.715396][ T2038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 597.879171][ T2039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 598.453120][ T2039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 611.264493][ T2038] device hsr_slave_0 entered promiscuous mode [ 611.344337][ T2038] device hsr_slave_1 entered promiscuous mode [ 615.407233][ T2039] device hsr_slave_0 entered promiscuous mode [ 615.484575][ T2039] device hsr_slave_1 entered promiscuous mode [ 615.526458][ T2039] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 615.543531][ T2039] Cannot create hsr debugfs directory [ 622.167988][ T2038] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 622.495504][ T2038] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 622.762765][ T2038] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 622.907896][ T2038] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 624.206227][ T2039] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 624.727673][ T2039] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 624.948540][ T2039] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 625.091340][ T2039] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 634.933288][ T2038] 8021q: adding VLAN 0 to HW filter on device bond0 [ 635.946032][ T2609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 636.049202][ T2609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 636.486944][ T2039] 8021q: adding VLAN 0 to HW filter on device bond0 [ 636.995879][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 637.056241][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 643.463167][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 643.527048][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 643.823787][ T2185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 643.868476][ T2185] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 644.053954][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 644.106909][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 644.288993][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 644.474157][ T2609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 644.526892][ T2609] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 645.099120][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 645.176422][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 645.427896][ T2185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 646.776774][ T2039] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 646.778707][ T2039] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 647.137888][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 647.195629][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 647.245176][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 647.272010][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 647.292061][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 647.317610][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 647.367825][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 647.395939][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 647.622720][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 647.825895][ T2038] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 653.715981][ T2185] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 653.744123][ T2185] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 653.917339][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 653.944692][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 667.061402][ T2185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 667.117769][ T2185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 667.773779][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 667.813554][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 673.844092][ T833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 673.948122][ T833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 674.109610][ T2185] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 674.174064][ T2185] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 674.236992][ T2038] device veth0_vlan entered promiscuous mode [ 674.984549][ T2185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 675.025225][ T2185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 675.198397][ T2038] device veth1_vlan entered promiscuous mode [ 675.315261][ T833] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 675.342302][ T833] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 675.557501][ T2039] device veth0_vlan entered promiscuous mode [ 676.307186][ T2039] device veth1_vlan entered promiscuous mode [ 677.456965][ T2609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 677.506451][ T2609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 677.850925][ T2038] device veth0_macvtap entered promiscuous mode [ 678.231280][ T2038] device veth1_macvtap entered promiscuous mode [ 678.464205][ T2185] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 678.526831][ T2185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 678.594064][ T2185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 678.937533][ T2039] device veth0_macvtap entered promiscuous mode [ 679.429609][ T2039] device veth1_macvtap entered promiscuous mode [ 679.554184][ T833] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 679.946119][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 679.995604][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 680.417726][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 680.464778][ T2034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 680.855809][ T2038] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.888972][ T2038] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.892956][ T2038] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.894640][ T2038] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 681.197151][ T2609] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 681.252128][ T2609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 681.626714][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 681.698912][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 682.098390][ T2039] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.102112][ T2039] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.103887][ T2039] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.105581][ T2039] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 689.407647][ T2038] get_swap_device: Bad swap file entry 81ffff5f0041c80 [ 689.416919][ T2038] BUG: Bad page map in process syz-executor.0 pte:ffffffff801110e4 pmd:2840fc01 [ 689.418407][ T2038] addr:00007fff8c9d9000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab15648 index:6a [ 689.422975][ T2038] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 689.426546][ T2038] CPU: 1 PID: 2038 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 689.428283][ T2038] Hardware name: riscv-virtio,qemu (DT) [ 689.429559][ T2038] Call Trace: [ 689.430925][ T2038] [] dump_backtrace+0x2e/0x3c [ 689.432413][ T2038] [] show_stack+0x34/0x40 [ 689.434920][ T2038] [] dump_stack_lvl+0xe4/0x150 [ 689.437624][ T2038] [] dump_stack+0x1c/0x24 [ 689.440452][ T2038] [] print_bad_pte+0x3d4/0x4a0 [ 689.443847][ T2038] [] vm_normal_page+0x20c/0x22a [ 689.447496][ T2038] [] copy_page_range+0x828/0x236c [ 689.450077][ T2038] [] dup_mm+0xb5c/0xe10 [ 689.451769][ T2038] [] copy_process+0x25da/0x3c34 [ 689.453076][ T2038] [] kernel_clone+0xee/0x920 [ 689.454541][ T2038] [] __do_sys_clone+0xf2/0x12e [ 689.455961][ T2038] [] sys_clone+0x32/0x44 [ 689.457376][ T2038] [] ret_from_syscall+0x0/0x2 [ 689.464547][ T2038] Disabling lock debugging due to kernel taint [ 689.563742][ T2038] get_swap_device: Bad swap file entry c1ffff5f0041c80 [ 689.566455][ T2038] BUG: Bad page map in process syz-executor.0 pte:ffffffff801110e4 pmd:2840fc01 [ 689.571460][ T2038] addr:00007fff8c9e1000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab15648 index:72 [ 689.576155][ T2038] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 689.579476][ T2038] CPU: 0 PID: 2038 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 689.582018][ T2038] Hardware name: riscv-virtio,qemu (DT) [ 689.584357][ T2038] Call Trace: [ 689.585662][ T2038] [] dump_backtrace+0x2e/0x3c [ 689.587249][ T2038] [] show_stack+0x34/0x40 [ 689.588318][ T2038] [] dump_stack_lvl+0xe4/0x150 [ 689.590595][ T2038] [] dump_stack+0x1c/0x24 [ 689.591653][ T2038] [] print_bad_pte+0x3d4/0x4a0 [ 689.592760][ T2038] [] vm_normal_page+0x20c/0x22a [ 689.593847][ T2038] [] copy_page_range+0x828/0x236c [ 689.594993][ T2038] [] dup_mm+0xb5c/0xe10 [ 689.596116][ T2038] [] copy_process+0x25da/0x3c34 [ 689.597280][ T2038] [] kernel_clone+0xee/0x920 [ 689.598478][ T2038] [] __do_sys_clone+0xf2/0x12e [ 689.599727][ T2038] [] sys_clone+0x32/0x44 [ 689.600910][ T2038] [] ret_from_syscall+0x0/0x2 [ 689.667973][ T2038] BUG: Bad page map in process syz-executor.0 pte:41b58ab3 pmd:2840fc01 [ 689.669568][ T2038] addr:00007fff8c9e4000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab15648 index:75 [ 689.672250][ T2038] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 689.673683][ T2038] CPU: 0 PID: 2038 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 689.675076][ T2038] Hardware name: riscv-virtio,qemu (DT) [ 689.675613][ T2038] Call Trace: [ 689.676029][ T2038] [] dump_backtrace+0x2e/0x3c [ 689.676986][ T2038] [] show_stack+0x34/0x40 [ 689.678011][ T2038] [] dump_stack_lvl+0xe4/0x150 [ 689.679261][ T2038] [] dump_stack+0x1c/0x24 [ 689.681127][ T2038] [] print_bad_pte+0x3d4/0x4a0 [ 689.682212][ T2038] [] vm_normal_page+0x20c/0x22a [ 689.683221][ T2038] [] copy_page_range+0x828/0x236c [ 689.683746][ T2038] [] dup_mm+0xb5c/0xe10 [ 689.685907][ T2038] [] copy_process+0x25da/0x3c34 [ 689.686818][ T2038] [] kernel_clone+0xee/0x920 [ 689.687713][ T2038] [] __do_sys_clone+0xf2/0x12e [ 689.688861][ T2038] [] sys_clone+0x32/0x44 [ 689.690776][ T2038] [] ret_from_syscall+0x0/0x2 [ 689.694496][ T2038] BUG: Bad page map in process syz-executor.0 pte:ffffffff8451f630 pmd:2840fc01 [ 689.695450][ T2038] addr:00007fff8c9e5000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab15648 index:76 [ 689.696279][ T2038] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 689.697285][ T2038] CPU: 0 PID: 2038 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 689.698548][ T2038] Hardware name: riscv-virtio,qemu (DT) [ 689.699243][ T2038] Call Trace: [ 689.700216][ T2038] [] dump_backtrace+0x2e/0x3c [ 689.701400][ T2038] [] show_stack+0x34/0x40 [ 689.702083][ T2038] [] dump_stack_lvl+0xe4/0x150 [ 689.702810][ T2038] [] dump_stack+0x1c/0x24 [ 689.703512][ T2038] [] print_bad_pte+0x3d4/0x4a0 [ 689.704232][ T2038] [] vm_normal_page+0x20c/0x22a [ 689.704894][ T2038] [] copy_page_range+0x828/0x236c [ 689.705614][ T2038] [] dup_mm+0xb5c/0xe10 [ 689.706282][ T2038] [] copy_process+0x25da/0x3c34 [ 689.706989][ T2038] [] kernel_clone+0xee/0x920 [ 689.707842][ T2038] [] __do_sys_clone+0xf2/0x12e [ 689.708912][ T2038] [] sys_clone+0x32/0x44 [ 689.710000][ T2038] [] ret_from_syscall+0x0/0x2 [ 689.712403][ T2038] Unable to handle kernel paging request at virtual address ffffaf847c9ffff8 [ 689.713960][ T2038] Oops [#1] [ 689.714441][ T2038] Modules linked in: [ 689.715048][ T2038] CPU: 0 PID: 2038 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 689.715964][ T2038] Hardware name: riscv-virtio,qemu (DT) [ 689.716509][ T2038] epc : copy_page_range+0x1ade/0x236c [ 689.717239][ T2038] ra : copy_page_range+0x1ade/0x236c [ 689.718195][ T2038] epc : ffffffff803dce04 ra : ffffffff803dce04 sp : ffffaf800735f680 [ 689.719234][ T2038] gp : ffffffff85863ac0 tp : ffffaf8007460000 t0 : ffffffff86bcb657 [ 689.720489][ T2038] t1 : fffffffef0b0dfa4 t2 : 0000000000000000 s0 : ffffaf800735f8e0 [ 689.721466][ T2038] s1 : ffffffff80110fdc a0 : ffffaf847c9ffff8 a1 : 0000000000000007 [ 689.722450][ T2038] a2 : 1ffff5f08f93ffff a3 : ffffffff803dce04 a4 : 0000000000000000 [ 689.723409][ T2038] a5 : ffffaf847c9ffff8 a6 : 0000000000f00000 a7 : ffffffff8586fd23 [ 689.724401][ T2038] s2 : ffffaf8020e3ff30 s3 : ffffaf80073cef30 s4 : 0000000000000018 [ 689.725413][ T2038] s5 : 7c1ffffffff00221 s6 : 001ffffffff00221 s7 : ffffaf847c9ffff8 [ 689.726341][ T2038] s8 : 000000000000001f s9 : 00007fff8ca00000 s10: ffffaf800cfeca50 [ 689.727311][ T2038] s11: 00007fff8c9e6000 t3 : 000000000000005b t4 : fffffffef0b0dfa4 [ 689.728247][ T2038] t5 : fffffffef0b0dfa5 t6 : ffffaf800735ee78 [ 689.729100][ T2038] status: 0000000000000120 badaddr: ffffaf847c9ffff8 cause: 000000000000000d [ 689.730196][ T2038] [] dup_mm+0xb5c/0xe10 [ 689.731279][ T2038] [] copy_process+0x25da/0x3c34 [ 689.732019][ T2038] [] kernel_clone+0xee/0x920 [ 689.732697][ T2038] [] __do_sys_clone+0xf2/0x12e [ 689.745936][ T2038] [] sys_clone+0x32/0x44 [ 689.747437][ T2038] [] ret_from_syscall+0x0/0x2 [ 689.750915][ T2038] ---[ end trace 0000000000000000 ]--- [ 689.752373][ T2038] Kernel panic - not syncing: Fatal exception [ 689.753432][ T2038] SMP: stopping secondary CPUs [ 689.754901][ T2038] Rebooting in 86400 seconds.. VM DIAGNOSIS: 23:38:13 Registers: info registers vcpu 0 pc ffffffff8010b22c mhartid 0000000000000000 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475986 sepc ffffffff8011f054 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf800735ea90 x3/gp ffffffff85863ac0 x4/tp ffffaf8007460000 x5/t0 0000000000046000 x6/t1 4613e13875cc5d00 x7/t2 0000000000000000 x8/s0 ffffaf800735eaa0 x9/s1 0000000000001000 x10/a0 0000000000000120 x11/a1 ffffffffffffffff x12/a2 1ffff5f000e8c001 x13/a3 ffffffff80146d84 x14/a4 0000000000010004 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff8018e490 x18/s2 ffffaf800735ebc0 x19/s3 ffffffff84b73ec0 x20/s4 0000000000000001 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 ffffffff84b86688 x24/s8 ffffffff86c1a620 x25/s9 1ffff5f000e6bd68 x26/s10 ffffffff84b86688 x27/s11 ffffffff8018e490 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f000e6bd38 x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff8010b22c mhartid 0000000000000001 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8010b22c sepc ffffffff8010b26a mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf8020ed7400 x3/gp ffffffff85863ac0 x4/tp ffffaf800c529840 x5/t0 0000000000046000 x6/t1 ffffffff8545ae40 x7/t2 0000000000000032 x8/s0 ffffaf8020ed7410 x9/s1 0000000000001000 x10/a0 0000000000000120 x11/a1 ffffffffffffffff x12/a2 1ffff5f0018a5309 x13/a3 ffffffff80146d84 x14/a4 0000000000010003 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffffffffffff x18/s2 ffffaf800c529840 x19/s3 ffffffff84b73ec0 x20/s4 0000000000000000 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 ffffffff800c889c x24/s8 ffffffff86c1a620 x25/s9 ffffffff8588a420 x26/s10 ffffaf805a9cb400 x27/s11 ffffffff8018e412 x28/t3 fffffffff3f3f300 x29/t4 fffffffef0d81e13 x30/t5 fffffffef0d81e1a x31/t6 0000000000040000 f0/ft0 0000000000000000 f1/ft1 40b2ba8d805899b3 f2/ft2 416506ba00000000 f3/ft3 43e0000000000000 f4/ft4 3ffe000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000