syzkaller login: [ 275.160483][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 275.203926][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 275.267106][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 275.334193][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:9005' (ECDSA) to the list of known hosts. 1970/01/01 00:05:23 fuzzer started 1970/01/01 00:05:37 dialing manager at localhost:39725 [ 344.693807][ T2026] cgroup: Unknown subsys name 'net' [ 346.367572][ T2026] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:46 syscalls: 2853 1970/01/01 00:05:46 code coverage: enabled 1970/01/01 00:05:46 comparison tracing: enabled 1970/01/01 00:05:46 extra coverage: enabled 1970/01/01 00:05:46 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:46 setuid sandbox: enabled 1970/01/01 00:05:46 namespace sandbox: enabled 1970/01/01 00:05:46 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:46 fault injection: enabled 1970/01/01 00:05:46 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:46 net packet injection: enabled 1970/01/01 00:05:46 net device setup: enabled 1970/01/01 00:05:46 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:46 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:46 USB emulation: enabled 1970/01/01 00:05:46 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:46 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:46 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:46 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:05:54 fetching corpus: 49, signal 29399/32394 (executing program) 1970/01/01 00:05:57 fetching corpus: 93, signal 40968/44897 (executing program) 1970/01/01 00:06:02 fetching corpus: 140, signal 54200/58597 (executing program) 1970/01/01 00:06:06 fetching corpus: 188, signal 60864/65766 (executing program) 1970/01/01 00:06:08 fetching corpus: 232, signal 66085/71479 (executing program) 1970/01/01 00:06:11 fetching corpus: 282, signal 70918/76697 (executing program) 1970/01/01 00:06:15 fetching corpus: 331, signal 75184/81262 (executing program) 1970/01/01 00:06:19 fetching corpus: 381, signal 80145/86245 (executing program) 1970/01/01 00:06:22 fetching corpus: 429, signal 82936/89233 (executing program) 1970/01/01 00:06:26 fetching corpus: 476, signal 85740/92211 (executing program) 1970/01/01 00:06:30 fetching corpus: 524, signal 90715/96834 (executing program) 1970/01/01 00:06:33 fetching corpus: 571, signal 93488/99577 (executing program) 1970/01/01 00:06:35 fetching corpus: 620, signal 96043/102030 (executing program) 1970/01/01 00:06:38 fetching corpus: 669, signal 98589/104380 (executing program) 1970/01/01 00:06:41 fetching corpus: 715, signal 103380/108362 (executing program) 1970/01/01 00:06:44 fetching corpus: 764, signal 105267/110101 (executing program) 1970/01/01 00:06:48 fetching corpus: 814, signal 107263/111775 (executing program) 1970/01/01 00:06:50 fetching corpus: 859, signal 109272/113406 (executing program) 1970/01/01 00:06:53 fetching corpus: 908, signal 111362/115054 (executing program) 1970/01/01 00:06:57 fetching corpus: 956, signal 114047/117003 (executing program) 1970/01/01 00:07:00 fetching corpus: 1003, signal 116537/118719 (executing program) 1970/01/01 00:07:04 fetching corpus: 1053, signal 118123/119839 (executing program) 1970/01/01 00:07:09 fetching corpus: 1099, signal 119673/120847 (executing program) 1970/01/01 00:07:12 fetching corpus: 1147, signal 121453/121960 (executing program) 1970/01/01 00:07:12 fetching corpus: 1148, signal 121465/122000 (executing program) 1970/01/01 00:07:13 fetching corpus: 1148, signal 121465/122044 (executing program) 1970/01/01 00:07:13 fetching corpus: 1148, signal 121465/122068 (executing program) 1970/01/01 00:07:13 fetching corpus: 1148, signal 121466/122089 (executing program) 1970/01/01 00:07:13 fetching corpus: 1148, signal 121466/122131 (executing program) 1970/01/01 00:07:13 fetching corpus: 1148, signal 121466/122169 (executing program) 1970/01/01 00:07:13 fetching corpus: 1148, signal 121466/122199 (executing program) 1970/01/01 00:07:13 fetching corpus: 1148, signal 121468/122248 (executing program) 1970/01/01 00:07:14 fetching corpus: 1148, signal 121468/122272 (executing program) 1970/01/01 00:07:14 fetching corpus: 1148, signal 121468/122301 (executing program) 1970/01/01 00:07:14 fetching corpus: 1148, signal 121468/122323 (executing program) 1970/01/01 00:07:14 fetching corpus: 1148, signal 121468/122362 (executing program) 1970/01/01 00:07:14 fetching corpus: 1148, signal 121468/122411 (executing program) 1970/01/01 00:07:14 fetching corpus: 1148, signal 121468/122449 (executing program) 1970/01/01 00:07:15 fetching corpus: 1148, signal 121468/122477 (executing program) 1970/01/01 00:07:15 fetching corpus: 1148, signal 121468/122502 (executing program) 1970/01/01 00:07:15 fetching corpus: 1148, signal 121469/122520 (executing program) 1970/01/01 00:07:15 fetching corpus: 1149, signal 121473/122553 (executing program) 1970/01/01 00:07:15 fetching corpus: 1149, signal 121473/122584 (executing program) 1970/01/01 00:07:16 fetching corpus: 1149, signal 121473/122611 (executing program) 1970/01/01 00:07:16 fetching corpus: 1149, signal 121473/122639 (executing program) 1970/01/01 00:07:16 fetching corpus: 1149, signal 121473/122675 (executing program) 1970/01/01 00:07:16 fetching corpus: 1149, signal 121473/122707 (executing program) 1970/01/01 00:07:16 fetching corpus: 1149, signal 121775/122840 (executing program) 1970/01/01 00:07:17 fetching corpus: 1149, signal 121775/122868 (executing program) 1970/01/01 00:07:17 fetching corpus: 1149, signal 121775/122902 (executing program) 1970/01/01 00:07:17 fetching corpus: 1149, signal 121775/122929 (executing program) 1970/01/01 00:07:17 fetching corpus: 1149, signal 121775/122957 (executing program) 1970/01/01 00:07:18 fetching corpus: 1149, signal 121775/122989 (executing program) 1970/01/01 00:07:18 fetching corpus: 1149, signal 121775/123016 (executing program) 1970/01/01 00:07:18 fetching corpus: 1149, signal 121775/123045 (executing program) 1970/01/01 00:07:18 fetching corpus: 1150, signal 121776/123066 (executing program) 1970/01/01 00:07:18 fetching corpus: 1150, signal 121780/123092 (executing program) 1970/01/01 00:07:19 fetching corpus: 1150, signal 121780/123112 (executing program) 1970/01/01 00:07:19 fetching corpus: 1150, signal 121780/123141 (executing program) 1970/01/01 00:07:19 fetching corpus: 1151, signal 121842/123170 (executing program) 1970/01/01 00:07:19 fetching corpus: 1151, signal 121842/123182 (executing program) 1970/01/01 00:07:19 fetching corpus: 1151, signal 121842/123182 (executing program) 1970/01/01 00:09:43 starting 2 fuzzer processes 00:09:43 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x5}, 0x4) r1 = memfd_secret(0x0) ioctl$NS_GET_PARENT(r1, 0x5460, 0xec000) r2 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r2, &(0x7f0000000000)='u', 0x34000, 0x0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) 00:09:43 executing program 0: r0 = memfd_secret(0x0) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) r4 = gettid() sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x8, 0x16, 0x0, 0x1, [{0x4}]}, @IFLA_BROADCAST={0xa}, @IFLA_NET_NS_PID={0x8, 0x13, r4}]}, 0x3c}}, 0x0) [ 611.693774][ T2037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 611.827827][ T2037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 615.037261][ T2039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 615.162854][ T2039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 629.616211][ T2037] device hsr_slave_0 entered promiscuous mode [ 629.692644][ T2037] device hsr_slave_1 entered promiscuous mode [ 631.913118][ T2039] device hsr_slave_0 entered promiscuous mode [ 631.930280][ T2039] device hsr_slave_1 entered promiscuous mode [ 631.967523][ T2039] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 631.977023][ T2039] Cannot create hsr debugfs directory [ 642.537714][ T2037] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 642.788439][ T2037] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 642.928605][ T2037] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 643.384317][ T2037] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 645.014422][ T2039] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 645.213894][ T2039] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 645.465582][ T2039] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 645.695906][ T2039] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 663.965750][ T2037] 8021q: adding VLAN 0 to HW filter on device bond0 [ 665.633211][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 665.708008][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 666.901611][ T2039] 8021q: adding VLAN 0 to HW filter on device bond0 [ 667.516519][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 667.602835][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 673.526751][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 673.613864][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 673.901906][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 673.967068][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 674.327680][ T2240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 674.611778][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 675.977866][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 676.046921][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 676.096154][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 676.152559][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 676.311241][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 676.341477][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 676.504502][ T2037] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 676.743805][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 676.776295][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 677.325544][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 677.703959][ T830] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 677.918346][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 677.924801][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 678.606858][ T2240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 678.681232][ T2240] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 679.147815][ T2039] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 679.253655][ T2039] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 679.557205][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 679.683917][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 680.535918][ T2660] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 680.543932][ T2660] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 701.382279][ T2660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 701.427331][ T2660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 703.287683][ T830] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 703.413368][ T830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 709.918145][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 709.963574][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 710.165766][ T2240] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 710.211770][ T2240] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 710.395927][ T2037] device veth0_vlan entered promiscuous mode [ 711.024437][ T2037] device veth1_vlan entered promiscuous mode [ 712.958764][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 713.088025][ T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 713.188211][ T2037] device veth0_macvtap entered promiscuous mode [ 713.608087][ T2037] device veth1_macvtap entered promiscuous mode [ 713.765188][ T2240] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 713.804449][ T2240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 713.837051][ T2240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 713.964464][ T2240] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 713.996118][ T2240] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 714.193145][ T2039] device veth0_vlan entered promiscuous mode [ 714.794781][ T2660] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 714.892878][ T2660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 715.124639][ T2039] device veth1_vlan entered promiscuous mode [ 715.463641][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 715.503992][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 716.014696][ T2037] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 716.018452][ T2037] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 716.031198][ T2037] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 716.032888][ T2037] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 717.877606][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 717.914396][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 718.198700][ T2039] device veth0_macvtap entered promiscuous mode [ 718.636844][ T2039] device veth1_macvtap entered promiscuous mode [ 719.902936][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 719.967759][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 720.037784][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 720.696136][ T2660] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 720.784085][ T2660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 721.054092][ T2039] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 721.056285][ T2039] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 721.057932][ T2039] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 721.072055][ T2039] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 725.484068][ T2726] A link change request failed with some changes committed already. Interface vxcan1 may have been left with an inconsistent configuration, please check. [ 725.864639][ T2039] get_swap_device: Bad swap file entry 101ffff5f00414e0 [ 725.876752][ T2039] BUG: Bad page map in process syz-executor.1 pte:ffffffff801110e4 pmd:2831bc01 [ 725.878466][ T2039] addr:00007fffa15e9000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800abbe058 index:76 [ 725.884050][ T2039] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 725.887242][ T2039] CPU: 1 PID: 2039 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 725.889261][ T2039] Hardware name: riscv-virtio,qemu (DT) [ 725.891115][ T2039] Call Trace: [ 725.892175][ T2039] [] dump_backtrace+0x2e/0x3c [ 725.893491][ T2039] [] show_stack+0x34/0x40 [ 725.894734][ T2039] [] dump_stack_lvl+0xe4/0x150 [ 725.896051][ T2039] [] dump_stack+0x1c/0x24 [ 725.897270][ T2039] [] print_bad_pte+0x3d4/0x4a0 [ 725.898579][ T2039] [] vm_normal_page+0x20c/0x22a [ 725.900362][ T2039] [] copy_page_range+0x828/0x236c [ 725.901671][ T2039] [] dup_mm+0xb5c/0xe10 [ 725.902927][ T2039] [] copy_process+0x25da/0x3c34 [ 725.904142][ T2039] [] kernel_clone+0xee/0x920 [ 725.905825][ T2039] [] __do_sys_clone+0xf2/0x12e [ 725.907069][ T2039] [] sys_clone+0x32/0x44 [ 725.909178][ T2039] [] ret_from_syscall+0x0/0x2 [ 725.915001][ T2039] Disabling lock debugging due to kernel taint [ 726.002942][ T2039] get_swap_device: Bad swap file entry 141ffff5f00414e0 [ 726.004133][ T2039] BUG: Bad page map in process syz-executor.1 pte:ffffffff801110e4 pmd:2831bc01 [ 726.005187][ T2039] addr:00007fffa15f1000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800abbe058 index:7e [ 726.007377][ T2039] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 726.009031][ T2039] CPU: 1 PID: 2039 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 726.011506][ T2039] Hardware name: riscv-virtio,qemu (DT) [ 726.012312][ T2039] Call Trace: [ 726.012892][ T2039] [] dump_backtrace+0x2e/0x3c [ 726.013978][ T2039] [] show_stack+0x34/0x40 [ 726.015141][ T2039] [] dump_stack_lvl+0xe4/0x150 [ 726.016247][ T2039] [] dump_stack+0x1c/0x24 [ 726.017336][ T2039] [] print_bad_pte+0x3d4/0x4a0 [ 726.018482][ T2039] [] vm_normal_page+0x20c/0x22a [ 726.020102][ T2039] [] copy_page_range+0x828/0x236c [ 726.021250][ T2039] [] dup_mm+0xb5c/0xe10 [ 726.022362][ T2039] [] copy_process+0x25da/0x3c34 [ 726.023995][ T2039] [] kernel_clone+0xee/0x920 [ 726.025085][ T2039] [] __do_sys_clone+0xf2/0x12e [ 726.026763][ T2039] [] sys_clone+0x32/0x44 [ 726.027788][ T2039] [] ret_from_syscall+0x0/0x2 [ 726.042177][ T2039] BUG: Bad page map in process syz-executor.1 pte:41b58ab3 pmd:2831bc01 [ 726.043533][ T2039] addr:00007fffa15f4000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800abbe058 index:81 [ 726.045506][ T2039] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 726.046824][ T2039] CPU: 1 PID: 2039 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 726.048189][ T2039] Hardware name: riscv-virtio,qemu (DT) [ 726.049121][ T2039] Call Trace: [ 726.049799][ T2039] [] dump_backtrace+0x2e/0x3c [ 726.050913][ T2039] [] show_stack+0x34/0x40 [ 726.051848][ T2039] [] dump_stack_lvl+0xe4/0x150 [ 726.052927][ T2039] [] dump_stack+0x1c/0x24 [ 726.053933][ T2039] [] print_bad_pte+0x3d4/0x4a0 [ 726.055073][ T2039] [] vm_normal_page+0x20c/0x22a [ 726.056074][ T2039] [] copy_page_range+0x828/0x236c [ 726.057085][ T2039] [] dup_mm+0xb5c/0xe10 [ 726.058102][ T2039] [] copy_process+0x25da/0x3c34 [ 726.059564][ T2039] [] kernel_clone+0xee/0x920 [ 726.060676][ T2039] [] __do_sys_clone+0xf2/0x12e [ 726.061863][ T2039] [] sys_clone+0x32/0x44 [ 726.063377][ T2039] [] ret_from_syscall+0x0/0x2 [ 726.066376][ T2039] BUG: Bad page map in process syz-executor.1 pte:ffffffff8451f630 pmd:2831bc01 [ 726.067625][ T2039] addr:00007fffa15f5000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800abbe058 index:82 [ 726.069645][ T2039] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 726.070987][ T2039] CPU: 1 PID: 2039 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 726.072254][ T2039] Hardware name: riscv-virtio,qemu (DT) [ 726.073006][ T2039] Call Trace: [ 726.073552][ T2039] [] dump_backtrace+0x2e/0x3c [ 726.074600][ T2039] [] show_stack+0x34/0x40 [ 726.075607][ T2039] [] dump_stack_lvl+0xe4/0x150 [ 726.076666][ T2039] [] dump_stack+0x1c/0x24 [ 726.077733][ T2039] [] print_bad_pte+0x3d4/0x4a0 [ 726.078820][ T2039] [] vm_normal_page+0x20c/0x22a [ 726.079974][ T2039] [] copy_page_range+0x828/0x236c [ 726.081021][ T2039] [] dup_mm+0xb5c/0xe10 [ 726.082083][ T2039] [] copy_process+0x25da/0x3c34 [ 726.083182][ T2039] [] kernel_clone+0xee/0x920 [ 726.084180][ T2039] [] __do_sys_clone+0xf2/0x12e [ 726.085323][ T2039] [] sys_clone+0x32/0x44 [ 726.086403][ T2039] [] ret_from_syscall+0x0/0x2 [ 726.088746][ T2039] Unable to handle kernel paging request at virtual address ffffaf847c9ffff8 [ 726.092070][ T2039] Oops [#1] [ 726.092775][ T2039] Modules linked in: [ 726.093681][ T2039] CPU: 1 PID: 2039 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 726.095138][ T2039] Hardware name: riscv-virtio,qemu (DT) [ 726.096358][ T2039] epc : copy_page_range+0x1ade/0x236c [ 726.097888][ T2039] ra : copy_page_range+0x1ade/0x236c [ 726.099273][ T2039] epc : ffffffff803dce04 ra : ffffffff803dce04 sp : ffffaf8020a73680 [ 726.100471][ T2039] gp : ffffffff85863ac0 tp : ffffaf800d8e1840 t0 : ffffffff86bcb657 [ 726.101415][ T2039] t1 : fffffffef0b0dfa4 t2 : 0000000000000000 s0 : ffffaf8020a738e0 [ 726.102475][ T2039] s1 : ffffffff80110fdc a0 : ffffaf847c9ffff8 a1 : 0000000000000007 [ 726.103450][ T2039] a2 : 1ffff5f08f93ffff a3 : ffffffff803dce04 a4 : 0000000000000000 [ 726.104465][ T2039] a5 : ffffaf847c9ffff8 a6 : 0000000000f00000 a7 : ffffffff8586fd23 [ 726.105501][ T2039] s2 : ffffaf8020a6ffb0 s3 : ffffaf802132afb0 s4 : 0000000000000018 [ 726.106584][ T2039] s5 : 7c1ffffffff00221 s6 : 001ffffffff00221 s7 : ffffaf847c9ffff8 [ 726.107709][ T2039] s8 : 000000000000001f s9 : 00007fffa1600000 s10: ffffaf8007532318 [ 726.108744][ T2039] s11: 00007fffa15f6000 t3 : 000000000000005b t4 : fffffffef0b0dfa4 [ 726.110581][ T2039] t5 : fffffffef0b0dfa5 t6 : ffffaf8020a72e78 [ 726.111591][ T2039] status: 0000000000000120 badaddr: ffffaf847c9ffff8 cause: 000000000000000d [ 726.112777][ T2039] [] dup_mm+0xb5c/0xe10 [ 726.113892][ T2039] [] copy_process+0x25da/0x3c34 [ 726.115087][ T2039] [] kernel_clone+0xee/0x920 [ 726.116241][ T2039] [] __do_sys_clone+0xf2/0x12e [ 726.117339][ T2039] [] sys_clone+0x32/0x44 [ 726.118567][ T2039] [] ret_from_syscall+0x0/0x2 [ 726.121837][ T2039] ---[ end trace 0000000000000000 ]--- [ 726.123232][ T2039] Kernel panic - not syncing: Fatal exception [ 726.124206][ T2039] SMP: stopping secondary CPUs [ 726.126218][ T2039] Rebooting in 86400 seconds.. VM DIAGNOSIS: 15:23:16 Registers: info registers vcpu 0 pc ffffffff8010b22c mhartid 0000000000000000 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000ff08 sepc ffffffff80121626 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf8020a72c40 x3/gp ffffffff85863ac0 x4/tp ffffaf800d8e1840 x5/t0 0000000000046000 x6/t1 3868e4e1fb6fa600 x7/t2 0000000000000000 x8/s0 ffffaf8020a72c50 x9/s1 0000000000001000 x10/a0 0000000000000120 x11/a1 ffffffffffffffff x12/a2 1ffff5f001b1c309 x13/a3 ffffffff80146d84 x14/a4 0000000000010003 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff80b09d26 x18/s2 ffffaf800d8e1840 x19/s3 ffffffff84b73ec0 x20/s4 0000000000000002 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 ffffffff80188ddc x24/s8 ffffffff86c1a620 x25/s9 ffffffff8588a420 x26/s10 ffffaf805a9e7768 x27/s11 ffffaf805a9e7448 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f00414e528 x31/t6 ffffffff86bdaa9e f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff826ee03c mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff801165e0 mcause 0000000000000009 scause 8000000000000001 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80162946 x2/sp ffffaf800741b5c0 x3/gp ffffffff85863ac0 x4/tp ffffaf8007409840 x5/t0 fffff5ef011f64bd x6/t1 3868e4e1fb6fa600 x7/t2 000000005471a940 x8/s0 ffffaf800741b5f0 x9/s1 ffffaf8007409840 x10/a0 ffffaf800741b770 x11/a1 ffffaf800741c000 x12/a2 0000000000000001 x13/a3 ffffffff80009fb4 x14/a4 0000000000000003 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 3868e4e1fb6fa600 x18/s2 ffffaf800741c000 x19/s3 0000000000000000 x20/s4 0000000000000003 x21/s5 ffffffff80473bb6 x22/s6 0000000000003fff x23/s7 0000000000000001 x24/s8 ffffffff80473bb6 x25/s9 ffffffffffffc000 x26/s10 ffffaf800741b6e0 x27/s11 0000000000000008 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f000e836dc x31/t6 ffffaf8021746026 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000