syzkaller login: [ 259.514451][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 259.553822][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 287.695453][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:37410' (ECDSA) to the list of known hosts. 1970/01/01 00:06:06 fuzzer started 1970/01/01 00:06:19 dialing manager at localhost:44085 [ 385.483090][ T2038] cgroup: Unknown subsys name 'net' [ 386.464951][ T2038] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:26 syscalls: 2918 1970/01/01 00:06:26 code coverage: enabled 1970/01/01 00:06:26 comparison tracing: enabled 1970/01/01 00:06:26 extra coverage: enabled 1970/01/01 00:06:26 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:26 setuid sandbox: enabled 1970/01/01 00:06:26 namespace sandbox: enabled 1970/01/01 00:06:26 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:26 fault injection: enabled 1970/01/01 00:06:26 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:26 net packet injection: enabled 1970/01/01 00:06:26 net device setup: enabled 1970/01/01 00:06:26 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:26 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:26 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:26 USB emulation: enabled 1970/01/01 00:06:26 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:26 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:26 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:26 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:31 fetching corpus: 49, signal 31280/34603 (executing program) 1970/01/01 00:06:34 fetching corpus: 99, signal 42915/47543 (executing program) 1970/01/01 00:06:38 fetching corpus: 147, signal 50954/56758 (executing program) 1970/01/01 00:06:41 fetching corpus: 197, signal 54931/61984 (executing program) 1970/01/01 00:06:43 fetching corpus: 247, signal 61669/69703 (executing program) 1970/01/01 00:06:45 fetching corpus: 296, signal 67408/76370 (executing program) 1970/01/01 00:06:47 fetching corpus: 346, signal 72555/82402 (executing program) 1970/01/01 00:06:49 fetching corpus: 396, signal 76287/87006 (executing program) 1970/01/01 00:06:51 fetching corpus: 445, signal 79092/90713 (executing program) 1970/01/01 00:06:53 fetching corpus: 495, signal 82712/95061 (executing program) 1970/01/01 00:06:55 fetching corpus: 545, signal 86362/99351 (executing program) 1970/01/01 00:06:58 fetching corpus: 594, signal 89157/102858 (executing program) 1970/01/01 00:07:01 fetching corpus: 642, signal 92241/106543 (executing program) 1970/01/01 00:07:02 fetching corpus: 690, signal 96004/110724 (executing program) 1970/01/01 00:07:05 fetching corpus: 740, signal 99761/114820 (executing program) 1970/01/01 00:07:07 fetching corpus: 790, signal 101875/117482 (executing program) 1970/01/01 00:07:11 fetching corpus: 839, signal 104340/120403 (executing program) 1970/01/01 00:07:15 fetching corpus: 889, signal 108445/124586 (executing program) 1970/01/01 00:07:17 fetching corpus: 938, signal 110971/127417 (executing program) 1970/01/01 00:07:20 fetching corpus: 988, signal 113408/130126 (executing program) 1970/01/01 00:07:23 fetching corpus: 1036, signal 114967/132110 (executing program) 1970/01/01 00:07:25 fetching corpus: 1086, signal 116640/134156 (executing program) 1970/01/01 00:07:28 fetching corpus: 1136, signal 119152/136805 (executing program) 1970/01/01 00:07:30 fetching corpus: 1185, signal 121282/139116 (executing program) 1970/01/01 00:07:33 fetching corpus: 1233, signal 122995/141103 (executing program) 1970/01/01 00:07:36 fetching corpus: 1281, signal 124813/143139 (executing program) 1970/01/01 00:07:39 fetching corpus: 1330, signal 126114/144714 (executing program) 1970/01/01 00:07:41 fetching corpus: 1379, signal 127935/146655 (executing program) 1970/01/01 00:07:43 fetching corpus: 1429, signal 129330/148292 (executing program) 1970/01/01 00:07:46 fetching corpus: 1479, signal 131243/150206 (executing program) 1970/01/01 00:07:49 fetching corpus: 1528, signal 132220/151522 (executing program) 1970/01/01 00:07:52 fetching corpus: 1578, signal 133521/152979 (executing program) 1970/01/01 00:07:55 fetching corpus: 1625, signal 134905/154463 (executing program) 1970/01/01 00:07:57 fetching corpus: 1674, signal 136211/155860 (executing program) 1970/01/01 00:07:59 fetching corpus: 1724, signal 137439/157198 (executing program) 1970/01/01 00:08:02 fetching corpus: 1773, signal 139151/158780 (executing program) 1970/01/01 00:08:05 fetching corpus: 1822, signal 140250/159978 (executing program) 1970/01/01 00:08:06 fetching corpus: 1872, signal 141011/160935 (executing program) 1970/01/01 00:08:09 fetching corpus: 1922, signal 141887/161941 (executing program) 1970/01/01 00:08:12 fetching corpus: 1972, signal 143193/163166 (executing program) 1970/01/01 00:08:14 fetching corpus: 2022, signal 144887/164582 (executing program) 1970/01/01 00:08:16 fetching corpus: 2072, signal 146448/165888 (executing program) 1970/01/01 00:08:19 fetching corpus: 2121, signal 148257/167337 (executing program) 1970/01/01 00:08:21 fetching corpus: 2170, signal 149319/168330 (executing program) 1970/01/01 00:08:24 fetching corpus: 2220, signal 150348/169295 (executing program) 1970/01/01 00:08:25 fetching corpus: 2269, signal 151500/170293 (executing program) 1970/01/01 00:08:28 fetching corpus: 2319, signal 152389/171125 (executing program) 1970/01/01 00:08:31 fetching corpus: 2369, signal 153256/171898 (executing program) 1970/01/01 00:08:33 fetching corpus: 2418, signal 154260/172758 (executing program) 1970/01/01 00:08:34 fetching corpus: 2468, signal 155072/173501 (executing program) 1970/01/01 00:08:36 fetching corpus: 2517, signal 156321/174438 (executing program) 1970/01/01 00:08:39 fetching corpus: 2567, signal 157349/175257 (executing program) 1970/01/01 00:08:42 fetching corpus: 2616, signal 158492/176124 (executing program) 1970/01/01 00:08:43 fetching corpus: 2666, signal 159391/176787 (executing program) 1970/01/01 00:08:45 fetching corpus: 2716, signal 160198/177449 (executing program) 1970/01/01 00:08:48 fetching corpus: 2765, signal 161197/178134 (executing program) 1970/01/01 00:08:50 fetching corpus: 2815, signal 162274/178849 (executing program) 1970/01/01 00:08:53 fetching corpus: 2865, signal 163099/179403 (executing program) 1970/01/01 00:08:56 fetching corpus: 2915, signal 165049/180435 (executing program) 1970/01/01 00:08:58 fetching corpus: 2965, signal 165722/180918 (executing program) 1970/01/01 00:09:02 fetching corpus: 3014, signal 166405/181424 (executing program) 1970/01/01 00:09:04 fetching corpus: 3062, signal 167454/182050 (executing program) 1970/01/01 00:09:06 fetching corpus: 3112, signal 168429/182580 (executing program) 1970/01/01 00:09:08 fetching corpus: 3162, signal 169196/183021 (executing program) 1970/01/01 00:09:10 fetching corpus: 3211, signal 169931/183463 (executing program) 1970/01/01 00:09:12 fetching corpus: 3261, signal 170458/183806 (executing program) 1970/01/01 00:09:14 fetching corpus: 3310, signal 171087/184189 (executing program) 1970/01/01 00:09:16 fetching corpus: 3359, signal 171979/184608 (executing program) 1970/01/01 00:09:19 fetching corpus: 3409, signal 173325/185102 (executing program) 1970/01/01 00:09:21 fetching corpus: 3458, signal 174184/185477 (executing program) 1970/01/01 00:09:24 fetching corpus: 3508, signal 175297/185914 (executing program) 1970/01/01 00:09:26 fetching corpus: 3556, signal 175931/186224 (executing program) 1970/01/01 00:09:28 fetching corpus: 3606, signal 176845/186582 (executing program) 1970/01/01 00:09:31 fetching corpus: 3656, signal 177834/186930 (executing program) 1970/01/01 00:09:34 fetching corpus: 3706, signal 178412/187197 (executing program) 1970/01/01 00:09:36 fetching corpus: 3756, signal 179010/187440 (executing program) 1970/01/01 00:09:38 fetching corpus: 3806, signal 179801/187670 (executing program) 1970/01/01 00:09:40 fetching corpus: 3856, signal 180613/187909 (executing program) 1970/01/01 00:09:43 fetching corpus: 3905, signal 181377/188129 (executing program) 1970/01/01 00:09:45 fetching corpus: 3954, signal 181982/188323 (executing program) 1970/01/01 00:09:46 fetching corpus: 4004, signal 182539/188502 (executing program) 1970/01/01 00:09:49 fetching corpus: 4052, signal 183576/188703 (executing program) 1970/01/01 00:09:52 fetching corpus: 4102, signal 184110/188823 (executing program) 1970/01/01 00:09:54 fetching corpus: 4152, signal 184688/188965 (executing program) 1970/01/01 00:09:56 fetching corpus: 4201, signal 185416/189087 (executing program) 1970/01/01 00:10:00 fetching corpus: 4251, signal 186460/189244 (executing program) 1970/01/01 00:10:04 fetching corpus: 4299, signal 187076/189336 (executing program) 1970/01/01 00:10:06 fetching corpus: 4345, signal 187668/189422 (executing program) 1970/01/01 00:10:06 fetching corpus: 4345, signal 187671/189441 (executing program) 1970/01/01 00:10:06 fetching corpus: 4345, signal 187671/189457 (executing program) 1970/01/01 00:10:07 fetching corpus: 4346, signal 187679/189482 (executing program) 1970/01/01 00:10:07 fetching corpus: 4346, signal 187679/189513 (executing program) 1970/01/01 00:10:07 fetching corpus: 4346, signal 187679/189547 (executing program) 1970/01/01 00:10:07 fetching corpus: 4346, signal 187679/189572 (executing program) 1970/01/01 00:10:07 fetching corpus: 4346, signal 187679/189572 (executing program) 1970/01/01 00:11:48 starting 2 fuzzer processes 00:11:48 executing program 0: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000001580)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000500)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000001740)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @local}, r1}}, 0x48) 00:11:48 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x9, 0x4, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) [ 739.565517][ T2045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 740.282289][ T2045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 740.358130][ T2046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 741.147335][ T2046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 756.368066][ T2046] device hsr_slave_0 entered promiscuous mode [ 756.407252][ T2046] device hsr_slave_1 entered promiscuous mode [ 756.557560][ T2045] device hsr_slave_0 entered promiscuous mode [ 756.578201][ T2045] device hsr_slave_1 entered promiscuous mode [ 756.604553][ T2045] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 756.609087][ T2045] Cannot create hsr debugfs directory [ 765.256353][ T2046] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 765.455232][ T2046] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 765.697338][ T2046] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 766.083088][ T2046] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 766.897165][ T2045] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 767.065362][ T2045] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 767.417647][ T2045] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 767.597499][ T2045] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 775.952370][ T2046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 776.778107][ T2357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 776.875724][ T2357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 779.088781][ T2045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 779.443875][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 779.506337][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 784.026029][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 784.082871][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 784.373287][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 784.423149][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 785.203776][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 785.249273][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 785.429280][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 785.485747][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 785.748904][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 785.787373][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 786.216272][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 787.525611][ T2151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 787.601795][ T2151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 787.796604][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 787.856743][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 788.845454][ T2259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 788.896627][ T2259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 789.301775][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 789.356674][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 789.683335][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 789.732566][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 792.865291][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 792.868730][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 796.307941][ T2357] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 796.314647][ T2357] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 810.227078][ T2357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 810.305207][ T2357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 813.462474][ T2644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 813.474872][ T2644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 816.190960][ T2046] device veth0_vlan entered promiscuous mode [ 816.718214][ T2046] device veth1_vlan entered promiscuous mode [ 816.802271][ T2259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 816.863534][ T2259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 816.935801][ T2259] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 817.012262][ T2259] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 817.025746][ T2259] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 818.330401][ T2046] device veth0_macvtap entered promiscuous mode [ 818.564613][ T2046] device veth1_macvtap entered promiscuous mode [ 818.666494][ T2259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 818.728394][ T2259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 818.767896][ T2259] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 818.849281][ T2357] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 819.602428][ T2259] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 819.646916][ T2259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 820.054923][ T2046] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 820.057816][ T2046] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 820.059044][ T2046] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 820.082240][ T2046] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 820.408406][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 820.444897][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 822.718725][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 822.778825][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 822.895194][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 822.906784][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 822.960760][ T2045] device veth0_vlan entered promiscuous mode [ 823.584175][ T2045] device veth1_vlan entered promiscuous mode [ 825.617465][ T2045] device veth0_macvtap entered promiscuous mode [ 825.853359][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 825.859021][ T2046] BUG: Bad page map in process syz-executor.0 pte:ffffaf80214080b0 pmd:28581c01 [ 825.864400][ T2046] addr:00007fff8b9de000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab5ea68 index:116 [ 825.866360][ T2046] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 825.868414][ T2046] CPU: 1 PID: 2046 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 825.869434][ T2046] Hardware name: riscv-virtio,qemu (DT) [ 825.870493][ T2046] Call Trace: [ 825.871336][ T2046] [] dump_backtrace+0x2e/0x3c [ 825.872405][ T2046] [] show_stack+0x34/0x40 [ 825.874833][ T2046] [] dump_stack_lvl+0xe4/0x150 [ 825.876292][ T2046] [] dump_stack+0x1c/0x24 [ 825.877511][ T2046] [] print_bad_pte+0x3d4/0x4a0 [ 825.878671][ T2046] [] vm_normal_page+0x20c/0x22a [ 825.879472][ T2046] [] copy_page_range+0x828/0x236c [ 825.880786][ T2046] [] dup_mm+0xb5c/0xe10 [ 825.882026][ T2046] [] copy_process+0x25da/0x3c34 [ 825.883164][ T2046] [] kernel_clone+0xee/0x920 [ 825.884031][ T2046] [] __do_sys_clone+0xf2/0x12e [ 825.884834][ T2046] [] sys_clone+0x32/0x44 [ 825.885681][ T2046] [] ret_from_syscall+0x0/0x2 [ 825.888439][ T2046] Disabling lock debugging due to kernel taint [ 825.889107][ T2046] BUG: Bad page map in process syz-executor.0 pte:ffffffff801110e4 pmd:28581c01 [ 825.890925][ T2046] addr:00007fff8b9df000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab5ea68 index:117 [ 825.891750][ T2046] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 825.892784][ T2046] CPU: 1 PID: 2046 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 825.893963][ T2046] Hardware name: riscv-virtio,qemu (DT) [ 825.894615][ T2046] Call Trace: [ 825.895118][ T2046] [] dump_backtrace+0x2e/0x3c [ 825.896115][ T2046] [] show_stack+0x34/0x40 [ 825.896999][ T2046] [] dump_stack_lvl+0xe4/0x150 [ 825.898009][ T2046] [] dump_stack+0x1c/0x24 [ 825.898988][ T2046] [] print_bad_pte+0x3d4/0x4a0 [ 825.900636][ T2046] [] vm_normal_page+0x20c/0x22a [ 825.901603][ T2046] [] copy_page_range+0x828/0x236c [ 825.902546][ T2046] [] dup_mm+0xb5c/0xe10 [ 825.903532][ T2046] [] copy_process+0x25da/0x3c34 [ 825.904521][ T2046] [] kernel_clone+0xee/0x920 [ 825.905509][ T2046] [] __do_sys_clone+0xf2/0x12e [ 825.906530][ T2046] [] sys_clone+0x32/0x44 [ 825.907495][ T2046] [] ret_from_syscall+0x0/0x2 [ 825.918459][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 825.964607][ T2045] device veth1_macvtap entered promiscuous mode [ 825.995381][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 826.003868][ T2046] BUG: Bad page map in process syz-executor.0 pte:41b58ab3 pmd:28581c01 [ 826.004836][ T2046] addr:00007fff8b9ec000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab5ea68 index:124 [ 826.005739][ T2046] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 826.006630][ T2046] CPU: 1 PID: 2046 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 826.007708][ T2046] Hardware name: riscv-virtio,qemu (DT) [ 826.008340][ T2046] Call Trace: [ 826.008780][ T2046] [] dump_backtrace+0x2e/0x3c [ 826.009590][ T2046] [] show_stack+0x34/0x40 [ 826.010385][ T2046] [] dump_stack_lvl+0xe4/0x150 [ 826.011173][ T2046] [] dump_stack+0x1c/0x24 [ 826.011934][ T2046] [] print_bad_pte+0x3d4/0x4a0 [ 826.013811][ T2046] [] vm_normal_page+0x20c/0x22a [ 826.015521][ T2046] [] copy_page_range+0x828/0x236c [ 826.016354][ T2046] [] dup_mm+0xb5c/0xe10 [ 826.017075][ T2046] [] copy_process+0x25da/0x3c34 [ 826.017833][ T2046] [] kernel_clone+0xee/0x920 [ 826.019210][ T2046] [] __do_sys_clone+0xf2/0x12e [ 826.020592][ T2046] [] sys_clone+0x32/0x44 [ 826.021665][ T2046] [] ret_from_syscall+0x0/0x2 [ 826.024311][ T2046] BUG: Bad page map in process syz-executor.0 pte:ffffffff8451f630 pmd:28581c01 [ 826.025507][ T2046] addr:00007fff8b9ed000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab5ea68 index:125 [ 826.026601][ T2046] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 826.027684][ T2046] CPU: 1 PID: 2046 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 826.028803][ T2046] Hardware name: riscv-virtio,qemu (DT) [ 826.029240][ T2046] Call Trace: [ 826.029850][ T2046] [] dump_backtrace+0x2e/0x3c [ 826.030759][ T2046] [] show_stack+0x34/0x40 [ 826.031389][ T2046] [] dump_stack_lvl+0xe4/0x150 [ 826.032114][ T2046] [] dump_stack+0x1c/0x24 [ 826.032784][ T2046] [] print_bad_pte+0x3d4/0x4a0 [ 826.033455][ T2046] [] vm_normal_page+0x20c/0x22a [ 826.034071][ T2046] [] copy_page_range+0x828/0x236c [ 826.034712][ T2046] [] dup_mm+0xb5c/0xe10 [ 826.035336][ T2046] [] copy_process+0x25da/0x3c34 [ 826.036038][ T2046] [] kernel_clone+0xee/0x920 [ 826.036680][ T2046] [] __do_sys_clone+0xf2/0x12e [ 826.037331][ T2046] [] sys_clone+0x32/0x44 [ 826.038111][ T2046] [] ret_from_syscall+0x0/0x2 [ 826.042040][ T2046] Unable to handle kernel paging request at virtual address ffffaf847c9ffff8 [ 826.043657][ T2046] Oops [#1] [ 826.044161][ T2046] Modules linked in: [ 826.044719][ T2046] CPU: 1 PID: 2046 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 826.045506][ T2046] Hardware name: riscv-virtio,qemu (DT) [ 826.045982][ T2046] epc : copy_page_range+0x1ade/0x236c [ 826.046594][ T2046] ra : copy_page_range+0x1ade/0x236c [ 826.047202][ T2046] epc : ffffffff803dce04 ra : ffffffff803dce04 sp : ffffaf802140b680 [ 826.047840][ T2046] gp : ffffffff85863ac0 tp : ffffaf800ddc48c0 t0 : ffffffff86bcb657 [ 826.048518][ T2046] t1 : fffffffef0b0dfa4 t2 : 0000000000000000 s0 : ffffaf802140b8e0 [ 826.049125][ T2046] s1 : ffffffff80110fdc a0 : ffffaf847c9ffff8 a1 : 0000000000000007 [ 826.050401][ T2046] a2 : 1ffff5f08f93ffff a3 : ffffffff803dce04 a4 : 0000000000000000 [ 826.051500][ T2046] a5 : ffffaf847c9ffff8 a6 : 0000000000f00000 a7 : ffffffff8586fd23 [ 826.053315][ T2046] s2 : ffffaf8021407f70 s3 : ffffaf800c7c5f70 s4 : 0000000000000010 [ 826.056087][ T2046] s5 : 7c1ffffffff00221 s6 : 001ffffffff00221 s7 : ffffaf847c9ffff8 [ 826.056944][ T2046] s8 : 000000000000001f s9 : 00007fff8ba00000 s10: ffffaf800e4c2b58 [ 826.057730][ T2046] s11: 00007fff8b9ee000 t3 : 000000000000005b t4 : fffffffef0b0dfa4 [ 826.058554][ T2046] t5 : fffffffef0b0dfa5 t6 : ffffaf802140ae78 [ 826.059337][ T2046] status: 0000000000000120 badaddr: ffffaf847c9ffff8 cause: 000000000000000d [ 826.060991][ T2046] [] dup_mm+0xb5c/0xe10 [ 826.062023][ T2046] [] copy_process+0x25da/0x3c34 [ 826.063008][ T2046] [] kernel_clone+0xee/0x920 [ 826.063769][ T2046] [] __do_sys_clone+0xf2/0x12e [ 826.064571][ T2046] [] sys_clone+0x32/0x44 [ 826.065282][ T2046] [] ret_from_syscall+0x0/0x2 [ 826.067568][ T2046] ---[ end trace 0000000000000000 ]--- [ 826.068691][ T2046] Kernel panic - not syncing: Fatal exception [ 826.069398][ T2046] SMP: stopping secondary CPUs [ 826.071637][ T2046] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:50:02 Registers: info registers vcpu 0 pc ffffffff804cb89c mhartid 0000000000000000 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 00007fffbb2863c4 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff800bab70 x2/sp ffffaf800cbd7830 x3/gp ffffffff85863ac0 x4/tp ffffaf800d313080 x5/t0 ffffaf80081d0830 x6/t1 fffff5ef018b846a x7/t2 0000000000000009 x8/s0 ffffaf800cbd78c0 x9/s1 0000000000000001 x10/a0 ffffaf800d313088 x11/a1 0000000000000003 x12/a2 0000000000000000 x13/a3 ffffffff80be1504 x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffaf800c5c2353 x18/s2 ffffffff804eba74 x19/s3 0000000000008000 x20/s4 ffffaf800cbd7d20 x21/s5 0000000000001000 x22/s6 fffffffffffff000 x23/s7 0000000000000001 x24/s8 ffffaf800cbd7b20 x25/s9 0000000000000000 x26/s10 00007fffbb3e406a x27/s11 00007fffbb3e406b x28/t3 fffffffff3f3f300 x29/t4 fffff5ef018b846a x30/t5 fffff5ef018b846b x31/t6 0000000000000004 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff803cdc90 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000ff08 sepc ffffffff8011d6d4 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff803cdcbc x2/sp ffffaf802140b4a0 x3/gp ffffffff85863ac0 x4/tp ffffaf800ddc48c0 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef042815f0 x7/t2 0000000000000000 x8/s0 ffffaf802140b370 x9/s1 ffffaf805a9e487c x10/a0 0000000000000000 x11/a1 ffffaf800ddc58c0 x12/a2 0000000000000002 x13/a3 ffffffff801217c6 x14/a4 0000000000000003 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 fffffffff2000000 x18/s2 00000001f0d4b6a7 x19/s3 0000000000000000 x20/s4 ffffaf802140b468 x21/s5 0000000000000000 x22/s6 ffffffff836be040 x23/s7 ffffaf802140b468 x24/s8 0000000000000000 x25/s9 1ffff5f004281630 x26/s10 ffffffff85889780 x27/s11 00007fff8b9de000 x28/t3 1ffff5f004281678 x29/t4 fffff5ef042815f0 x30/t5 fffff5ef042815f1 x31/t6 ffffaf802140af98 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000