syzkaller login: [ 381.455050][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 394.375680][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 394.441542][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 444.860598][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:56615' (ECDSA) to the list of known hosts. 1970/01/01 00:07:59 fuzzer started 1970/01/01 00:08:18 dialing manager at localhost:42693 [ 507.956773][ T2046] cgroup: Unknown subsys name 'net' [ 509.648233][ T2046] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:08:29 syscalls: 2827 1970/01/01 00:08:29 code coverage: enabled 1970/01/01 00:08:29 comparison tracing: enabled 1970/01/01 00:08:29 extra coverage: enabled 1970/01/01 00:08:29 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:08:29 setuid sandbox: enabled 1970/01/01 00:08:29 namespace sandbox: enabled 1970/01/01 00:08:29 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:08:29 fault injection: enabled 1970/01/01 00:08:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:08:29 net packet injection: enabled 1970/01/01 00:08:29 net device setup: enabled 1970/01/01 00:08:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:08:29 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:08:29 USB emulation: enabled 1970/01/01 00:08:29 hci packet injection: /dev/vhci does not exist 1970/01/01 00:08:29 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:08:29 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:08:29 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:08:40 fetching corpus: 49, signal 41157/44340 (executing program) 1970/01/01 00:08:48 fetching corpus: 99, signal 56146/60559 (executing program) 1970/01/01 00:08:52 fetching corpus: 149, signal 62714/68389 (executing program) 1970/01/01 00:08:56 fetching corpus: 199, signal 70793/77525 (executing program) 1970/01/01 00:08:59 fetching corpus: 249, signal 76563/84283 (executing program) 1970/01/01 00:09:04 fetching corpus: 299, signal 81849/90525 (executing program) 1970/01/01 00:09:07 fetching corpus: 348, signal 86392/96013 (executing program) 1970/01/01 00:09:11 fetching corpus: 398, signal 91508/101839 (executing program) 1970/01/01 00:09:15 fetching corpus: 448, signal 95091/106250 (executing program) 1970/01/01 00:09:21 fetching corpus: 498, signal 98387/110319 (executing program) 1970/01/01 00:09:23 fetching corpus: 548, signal 101433/114072 (executing program) 1970/01/01 00:09:28 fetching corpus: 598, signal 104631/117952 (executing program) 1970/01/01 00:09:35 fetching corpus: 646, signal 109962/123625 (executing program) 1970/01/01 00:09:41 fetching corpus: 696, signal 113378/127549 (executing program) 1970/01/01 00:09:45 fetching corpus: 746, signal 117151/131661 (executing program) 1970/01/01 00:09:49 fetching corpus: 795, signal 120807/135645 (executing program) 1970/01/01 00:09:52 fetching corpus: 844, signal 122762/138109 (executing program) 1970/01/01 00:09:55 fetching corpus: 894, signal 125910/141617 (executing program) 1970/01/01 00:09:58 fetching corpus: 944, signal 127748/143981 (executing program) 1970/01/01 00:10:02 fetching corpus: 994, signal 130347/146867 (executing program) 1970/01/01 00:10:05 fetching corpus: 1044, signal 132287/149190 (executing program) 1970/01/01 00:10:07 fetching corpus: 1094, signal 133500/150913 (executing program) 1970/01/01 00:10:11 fetching corpus: 1144, signal 135366/153171 (executing program) 1970/01/01 00:10:15 fetching corpus: 1194, signal 137063/155264 (executing program) 1970/01/01 00:10:18 fetching corpus: 1244, signal 139032/157488 (executing program) 1970/01/01 00:10:21 fetching corpus: 1294, signal 140126/159013 (executing program) 1970/01/01 00:10:25 fetching corpus: 1344, signal 144071/162554 (executing program) 1970/01/01 00:10:29 fetching corpus: 1394, signal 145958/164562 (executing program) 1970/01/01 00:10:32 fetching corpus: 1443, signal 148074/166715 (executing program) 1970/01/01 00:10:36 fetching corpus: 1492, signal 151578/169856 (executing program) 1970/01/01 00:10:41 fetching corpus: 1542, signal 153239/171575 (executing program) 1970/01/01 00:10:46 fetching corpus: 1592, signal 154684/173136 (executing program) 1970/01/01 00:10:50 fetching corpus: 1641, signal 157380/175565 (executing program) 1970/01/01 00:10:55 fetching corpus: 1690, signal 159238/177332 (executing program) 1970/01/01 00:11:00 fetching corpus: 1740, signal 160906/178943 (executing program) 1970/01/01 00:11:04 fetching corpus: 1790, signal 163260/181014 (executing program) 1970/01/01 00:11:07 fetching corpus: 1839, signal 165596/182976 (executing program) 1970/01/01 00:11:09 fetching corpus: 1889, signal 166537/184048 (executing program) 1970/01/01 00:11:13 fetching corpus: 1939, signal 168443/185727 (executing program) 1970/01/01 00:11:16 fetching corpus: 1989, signal 171803/188187 (executing program) 1970/01/01 00:11:20 fetching corpus: 2039, signal 173078/189311 (executing program) 1970/01/01 00:11:24 fetching corpus: 2089, signal 174090/190308 (executing program) 1970/01/01 00:11:27 fetching corpus: 2139, signal 175598/191599 (executing program) 1970/01/01 00:11:31 fetching corpus: 2189, signal 179076/193967 (executing program) 1970/01/01 00:11:35 fetching corpus: 2239, signal 184554/197445 (executing program) 1970/01/01 00:11:39 fetching corpus: 2288, signal 186276/198653 (executing program) 1970/01/01 00:11:42 fetching corpus: 2338, signal 189154/200502 (executing program) 1970/01/01 00:11:45 fetching corpus: 2387, signal 189939/201169 (executing program) 1970/01/01 00:11:49 fetching corpus: 2437, signal 190739/201798 (executing program) 1970/01/01 00:11:52 fetching corpus: 2487, signal 191551/202458 (executing program) 1970/01/01 00:11:55 fetching corpus: 2537, signal 192963/203391 (executing program) 1970/01/01 00:11:59 fetching corpus: 2587, signal 197063/205588 (executing program) 1970/01/01 00:12:03 fetching corpus: 2637, signal 199954/207194 (executing program) 1970/01/01 00:12:07 fetching corpus: 2687, signal 200941/207800 (executing program) 1970/01/01 00:12:11 fetching corpus: 2736, signal 202377/208641 (executing program) 1970/01/01 00:12:13 fetching corpus: 2785, signal 203542/209316 (executing program) 1970/01/01 00:12:17 fetching corpus: 2835, signal 204485/209862 (executing program) 1970/01/01 00:12:21 fetching corpus: 2885, signal 205329/210312 (executing program) 1970/01/01 00:12:23 fetching corpus: 2935, signal 206185/210764 (executing program) 1970/01/01 00:12:27 fetching corpus: 2985, signal 207641/211445 (executing program) 1970/01/01 00:12:31 fetching corpus: 3035, signal 208583/211950 (executing program) 1970/01/01 00:12:34 fetching corpus: 3070, signal 209167/212291 (executing program) 1970/01/01 00:12:34 fetching corpus: 3070, signal 209167/212341 (executing program) 1970/01/01 00:12:35 fetching corpus: 3070, signal 209167/212390 (executing program) 1970/01/01 00:12:35 fetching corpus: 3070, signal 209167/212430 (executing program) 1970/01/01 00:12:35 fetching corpus: 3070, signal 209167/212470 (executing program) 1970/01/01 00:12:35 fetching corpus: 3070, signal 209167/212515 (executing program) 1970/01/01 00:12:35 fetching corpus: 3070, signal 209167/212549 (executing program) 1970/01/01 00:12:36 fetching corpus: 3070, signal 209167/212607 (executing program) 1970/01/01 00:12:36 fetching corpus: 3070, signal 209167/212649 (executing program) 1970/01/01 00:12:36 fetching corpus: 3070, signal 209167/212698 (executing program) 1970/01/01 00:12:36 fetching corpus: 3070, signal 209167/212749 (executing program) 1970/01/01 00:12:36 fetching corpus: 3070, signal 209167/212800 (executing program) 1970/01/01 00:12:37 fetching corpus: 3070, signal 209167/212857 (executing program) 1970/01/01 00:12:37 fetching corpus: 3070, signal 209167/212899 (executing program) 1970/01/01 00:12:37 fetching corpus: 3070, signal 209167/212945 (executing program) 1970/01/01 00:12:37 fetching corpus: 3070, signal 209167/212998 (executing program) 1970/01/01 00:12:39 fetching corpus: 3070, signal 209167/213052 (executing program) 1970/01/01 00:12:39 fetching corpus: 3070, signal 209167/213109 (executing program) 1970/01/01 00:12:40 fetching corpus: 3070, signal 209169/213163 (executing program) 1970/01/01 00:12:41 fetching corpus: 3070, signal 209169/213204 (executing program) 1970/01/01 00:12:41 fetching corpus: 3071, signal 209214/213268 (executing program) 1970/01/01 00:12:42 fetching corpus: 3071, signal 209214/213320 (executing program) 1970/01/01 00:12:42 fetching corpus: 3071, signal 209214/213356 (executing program) 1970/01/01 00:12:42 fetching corpus: 3071, signal 209214/213397 (executing program) 1970/01/01 00:12:43 fetching corpus: 3071, signal 209214/213438 (executing program) 1970/01/01 00:12:43 fetching corpus: 3071, signal 209214/213499 (executing program) 1970/01/01 00:12:43 fetching corpus: 3071, signal 209214/213548 (executing program) 1970/01/01 00:12:44 fetching corpus: 3071, signal 209214/213609 (executing program) 1970/01/01 00:12:44 fetching corpus: 3071, signal 209214/213657 (executing program) 1970/01/01 00:12:44 fetching corpus: 3071, signal 209214/213701 (executing program) 1970/01/01 00:12:45 fetching corpus: 3071, signal 209214/213751 (executing program) 1970/01/01 00:12:45 fetching corpus: 3071, signal 209214/213810 (executing program) 1970/01/01 00:12:45 fetching corpus: 3071, signal 209214/213853 (executing program) 1970/01/01 00:12:45 fetching corpus: 3071, signal 209214/213890 (executing program) 1970/01/01 00:12:45 fetching corpus: 3071, signal 209214/213938 (executing program) 1970/01/01 00:12:46 fetching corpus: 3071, signal 209214/213994 (executing program) 1970/01/01 00:12:46 fetching corpus: 3071, signal 209214/214045 (executing program) 1970/01/01 00:12:46 fetching corpus: 3071, signal 209214/214099 (executing program) 1970/01/01 00:12:46 fetching corpus: 3071, signal 209214/214136 (executing program) 1970/01/01 00:12:46 fetching corpus: 3071, signal 209214/214179 (executing program) 1970/01/01 00:12:47 fetching corpus: 3071, signal 209214/214233 (executing program) 1970/01/01 00:12:47 fetching corpus: 3071, signal 209214/214272 (executing program) 1970/01/01 00:12:47 fetching corpus: 3071, signal 209214/214319 (executing program) 1970/01/01 00:12:47 fetching corpus: 3071, signal 209214/214370 (executing program) 1970/01/01 00:12:47 fetching corpus: 3071, signal 209214/214419 (executing program) 1970/01/01 00:12:48 fetching corpus: 3071, signal 209214/214427 (executing program) 1970/01/01 00:12:48 fetching corpus: 3071, signal 209214/214427 (executing program) 1970/01/01 00:15:28 starting 2 fuzzer processes 00:15:28 executing program 0: r0 = socket$rds(0x15, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'veth0_to_team\x00', &(0x7f0000000080)=@ethtool_eee={0x44}}) 00:15:28 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000001a40)=[{{&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000040)="188d", 0x2}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) [ 966.686815][ T2058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 967.056198][ T2058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 971.447923][ T2059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 971.662083][ T2059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 984.797229][ T2058] device hsr_slave_0 entered promiscuous mode [ 984.877426][ T2058] device hsr_slave_1 entered promiscuous mode [ 989.187723][ T2059] device hsr_slave_0 entered promiscuous mode [ 989.235740][ T2059] device hsr_slave_1 entered promiscuous mode [ 989.305590][ T2059] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 989.312502][ T2059] Cannot create hsr debugfs directory [ 998.328411][ T2058] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 999.048373][ T2058] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 999.452844][ T2058] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 999.971953][ T2058] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1001.775263][ T2059] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1002.041861][ T2059] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1002.418480][ T2059] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1002.743177][ T2059] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1020.288415][ T2058] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1021.182453][ T2059] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1021.742496][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1021.867354][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1022.676208][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1022.785382][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1035.254967][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1035.346427][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1035.396944][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1035.420361][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1035.457819][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1035.975918][ T1965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1036.100075][ T1965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1036.128217][ T1965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1036.493913][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1036.571424][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1038.816213][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1038.915756][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1038.985242][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1039.085804][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1040.625693][ T2058] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1040.851995][ T2058] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1041.855091][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1041.945414][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1042.051206][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1042.112750][ T2667] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1042.756805][ T2681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1042.825902][ T2681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1044.691655][ T2122] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1044.697093][ T2122] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1046.257301][ T1965] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1046.278260][ T1965] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1097.821326][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1097.955769][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1101.314230][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1101.348068][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1111.676175][ T2122] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1111.831992][ T2122] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1111.866463][ T2059] __swap_info_get: Bad swap file entry 81ffff5f003eed8 [ 1111.874566][ T2059] BUG: Bad page map in process syz-executor.0 pte:ffffaf801f76c090 pmd:27e5ac01 [ 1111.876731][ T2059] addr:00007fffac7da000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf8007644c38 index:7e [ 1111.883586][ T2059] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 1111.887611][ T2059] CPU: 0 PID: 2059 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1111.890335][ T2059] Hardware name: riscv-virtio,qemu (DT) [ 1111.891767][ T2059] Call Trace: [ 1111.892842][ T2059] [] dump_backtrace+0x2e/0x3c [ 1111.895045][ T2059] [] show_stack+0x34/0x40 [ 1111.896549][ T2059] [] dump_stack_lvl+0xe4/0x150 [ 1111.899877][ T2059] [] dump_stack+0x1c/0x24 [ 1111.902044][ T2059] [] print_bad_pte+0x3d4/0x4a0 [ 1111.903508][ T2059] [] unmap_page_range+0xee0/0x13f0 [ 1111.904878][ T2059] [] unmap_vmas+0x1d0/0x366 [ 1111.906119][ T2059] [] exit_mmap+0x15c/0x412 [ 1111.907468][ T2059] [] mmput+0xee/0x2c2 [ 1111.909113][ T2059] [] do_exit+0x6f2/0x18fc [ 1111.910927][ T2059] [] do_group_exit+0x90/0x17e [ 1111.912805][ T2059] [] get_signal+0x3b8/0x1754 [ 1111.914173][ T2059] [] do_notify_resume+0x11a/0xa56 [ 1111.915454][ T2059] [] ret_from_exception+0x0/0x10 [ 1111.920903][ T2059] Disabling lock debugging due to kernel taint [ 1111.977022][ T2122] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1112.042609][ T2122] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1112.114799][ T2059] BUG: Bad page map in process syz-executor.0 pte:ffffffff801110e4 pmd:27e5ac01 [ 1112.116429][ T2059] addr:00007fffac7db000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf8007644c38 index:7f [ 1112.118242][ T2059] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 1112.121822][ T2059] CPU: 1 PID: 2059 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1112.123538][ T2059] Hardware name: riscv-virtio,qemu (DT) [ 1112.124409][ T2059] Call Trace: [ 1112.125120][ T2059] [] dump_backtrace+0x2e/0x3c [ 1112.126429][ T2059] [] show_stack+0x34/0x40 [ 1112.127630][ T2059] [] dump_stack_lvl+0xe4/0x150 [ 1112.129702][ T2059] [] dump_stack+0x1c/0x24 [ 1112.131787][ T2059] [] print_bad_pte+0x3d4/0x4a0 [ 1112.133274][ T2059] [] vm_normal_page+0x20c/0x22a [ 1112.134476][ T2059] [] unmap_page_range+0x6d0/0x13f0 [ 1112.135726][ T2059] [] unmap_vmas+0x1d0/0x366 [ 1112.137042][ T2059] [] exit_mmap+0x15c/0x412 [ 1112.138243][ T2059] [] mmput+0xee/0x2c2 [ 1112.140339][ T2059] [] do_exit+0x6f2/0x18fc [ 1112.141520][ T2059] [] do_group_exit+0x90/0x17e [ 1112.142810][ T2059] [] get_signal+0x3b8/0x1754 [ 1112.144457][ T2059] [] do_notify_resume+0x11a/0xa56 [ 1112.145916][ T2059] [] ret_from_exception+0x0/0x10 [ 1112.254291][ T2059] __swap_info_get: Bad swap file entry c1ffff5f003eed8 [ 1112.255912][ T2059] BUG: Bad page map in process syz-executor.0 pte:ffffaf801f76c0d0 pmd:27e5ac01 [ 1112.257263][ T2059] addr:00007fffac7e2000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf8007644c38 index:86 [ 1112.261661][ T2059] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 1112.263527][ T2059] CPU: 1 PID: 2059 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1112.264970][ T2059] Hardware name: riscv-virtio,qemu (DT) [ 1112.265789][ T2059] Call Trace: [ 1112.266375][ T2059] [] dump_backtrace+0x2e/0x3c [ 1112.267627][ T2059] [] show_stack+0x34/0x40 [ 1112.269469][ T2059] [] dump_stack_lvl+0xe4/0x150 [ 1112.271337][ T2059] [] dump_stack+0x1c/0x24 [ 1112.272624][ T2059] [] print_bad_pte+0x3d4/0x4a0 [ 1112.274004][ T2059] [] unmap_page_range+0xee0/0x13f0 [ 1112.275201][ T2059] [] unmap_vmas+0x1d0/0x366 [ 1112.276311][ T2059] [] exit_mmap+0x15c/0x412 [ 1112.277517][ T2059] [] mmput+0xee/0x2c2 [ 1112.279160][ T2059] [] do_exit+0x6f2/0x18fc [ 1112.280417][ T2059] [] do_group_exit+0x90/0x17e [ 1112.281550][ T2059] [] get_signal+0x3b8/0x1754 [ 1112.282733][ T2059] [] do_notify_resume+0x11a/0xa56 [ 1112.284013][ T2059] [] ret_from_exception+0x0/0x10 [ 1112.350118][ T2059] BUG: Bad page map in process syz-executor.0 pte:ffffffff801110e4 pmd:27e5ac01 [ 1112.351715][ T2059] addr:00007fffac7e3000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf8007644c38 index:87 [ 1112.353051][ T2059] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 1112.354431][ T2059] CPU: 1 PID: 2059 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1112.355889][ T2059] Hardware name: riscv-virtio,qemu (DT) [ 1112.356647][ T2059] Call Trace: [ 1112.357267][ T2059] [] dump_backtrace+0x2e/0x3c [ 1112.358554][ T2059] [] show_stack+0x34/0x40 [ 1112.359761][ T2059] [] dump_stack_lvl+0xe4/0x150 [ 1112.361006][ T2059] [] dump_stack+0x1c/0x24 [ 1112.362220][ T2059] [] print_bad_pte+0x3d4/0x4a0 [ 1112.363513][ T2059] [] vm_normal_page+0x20c/0x22a [ 1112.364661][ T2059] [] unmap_page_range+0x6d0/0x13f0 [ 1112.365837][ T2059] [] unmap_vmas+0x1d0/0x366 [ 1112.366946][ T2059] [] exit_mmap+0x15c/0x412 [ 1112.368101][ T2059] [] mmput+0xee/0x2c2 [ 1112.370079][ T2059] [] do_exit+0x6f2/0x18fc [ 1112.371413][ T2059] [] do_group_exit+0x90/0x17e [ 1112.373352][ T2059] [] get_signal+0x3b8/0x1754 [ 1112.374941][ T2059] [] do_notify_resume+0x11a/0xa56 [ 1112.376686][ T2059] [] ret_from_exception+0x0/0x10 [ 1112.460135][ T2059] BUG: Bad page map in process syz-executor.0 pte:41b58ab3 pmd:27e5ac01 [ 1112.461546][ T2059] addr:00007fffac7e8000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf8007644c38 index:8c [ 1112.462908][ T2059] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 1112.464345][ T2059] CPU: 1 PID: 2059 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1112.465774][ T2059] Hardware name: riscv-virtio,qemu (DT) [ 1112.466514][ T2059] Call Trace: [ 1112.467646][ T2059] [] dump_backtrace+0x2e/0x3c [ 1112.469751][ T2059] [] show_stack+0x34/0x40 [ 1112.470866][ T2059] [] dump_stack_lvl+0xe4/0x150 [ 1112.472877][ T2059] [] dump_stack+0x1c/0x24 [ 1112.474916][ T2059] [] print_bad_pte+0x3d4/0x4a0 [ 1112.476568][ T2059] [] vm_normal_page+0x20c/0x22a [ 1112.477724][ T2059] [] unmap_page_range+0x6d0/0x13f0 [ 1112.479600][ T2059] [] unmap_vmas+0x1d0/0x366 [ 1112.480868][ T2059] [] exit_mmap+0x15c/0x412 [ 1112.481987][ T2059] [] mmput+0xee/0x2c2 [ 1112.483299][ T2059] [] do_exit+0x6f2/0x18fc [ 1112.484453][ T2059] [] do_group_exit+0x90/0x17e [ 1112.485557][ T2059] [] get_signal+0x3b8/0x1754 [ 1112.486720][ T2059] [] do_notify_resume+0x11a/0xa56 [ 1112.488138][ T2059] [] ret_from_exception+0x0/0x10 [ 1112.560945][ T2059] BUG: Bad page map in process syz-executor.0 pte:ffffffff8451f630 pmd:27e5ac01 [ 1112.562425][ T2059] addr:00007fffac7e9000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf8007644c38 index:8d [ 1112.563915][ T2059] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 1112.565404][ T2059] CPU: 1 PID: 2059 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1112.566933][ T2059] Hardware name: riscv-virtio,qemu (DT) [ 1112.567778][ T2059] Call Trace: [ 1112.568533][ T2059] [] dump_backtrace+0x2e/0x3c [ 1112.571143][ T2059] [] show_stack+0x34/0x40 [ 1112.572018][ T2059] [] dump_stack_lvl+0xe4/0x150 [ 1112.573010][ T2059] [] dump_stack+0x1c/0x24 [ 1112.574274][ T2059] [] print_bad_pte+0x3d4/0x4a0 [ 1112.575604][ T2059] [] vm_normal_page+0x20c/0x22a [ 1112.576862][ T2059] [] unmap_page_range+0x6d0/0x13f0 [ 1112.578065][ T2059] [] unmap_vmas+0x1d0/0x366 [ 1112.580088][ T2059] [] exit_mmap+0x15c/0x412 [ 1112.581613][ T2059] [] mmput+0xee/0x2c2 [ 1112.582787][ T2059] [] do_exit+0x6f2/0x18fc [ 1112.584282][ T2059] [] do_group_exit+0x90/0x17e [ 1112.585674][ T2059] [] get_signal+0x3b8/0x1754 [ 1112.586835][ T2059] [] do_notify_resume+0x11a/0xa56 [ 1112.588017][ T2059] [] ret_from_exception+0x0/0x10 [ 1112.701496][ T2059] Unable to handle kernel paging request at virtual address ffffaf847c9ffff8 [ 1112.704525][ T2059] Oops [#1] [ 1112.705304][ T2059] Modules linked in: [ 1112.706260][ T2059] CPU: 0 PID: 2059 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1112.707685][ T2059] Hardware name: riscv-virtio,qemu (DT) [ 1112.708584][ T2059] epc : unmap_page_range+0xb18/0x13f0 [ 1112.710333][ T2059] ra : unmap_page_range+0xb18/0x13f0 [ 1112.711717][ T2059] epc : ffffffff803d2158 ra : ffffffff803d2158 sp : ffffaf801f76f610 [ 1112.712938][ T2059] gp : ffffffff85863ac0 tp : ffffaf8009bce100 t0 : ffffaf801f76f710 [ 1112.714208][ T2059] t1 : fffff5ef03eedee1 t2 : ffffffff83604ca0 s0 : ffffaf801f76f7c0 [ 1112.715466][ T2059] s1 : ffffaf801f76bf50 a0 : ffffaf847c9ffff8 a1 : 0000000000000007 [ 1112.716635][ T2059] a2 : 1ffff5f08f93ffff a3 : ffffffff803d2158 a4 : 0000000000000000 [ 1112.717901][ T2059] a5 : ffffaf847c9ffff8 a6 : 0000000000f00000 a7 : ffffaf801f76f70f [ 1112.720545][ T2059] s2 : 00007fffac7eb000 s3 : ffffffff80110fdc s4 : 7c1ffffffff00221 [ 1112.722422][ T2059] s5 : 00007fffac800000 s6 : ffffaf847c9ffff8 s7 : 0000000000000000 [ 1112.723944][ T2059] s8 : ffffaf801f76f740 s9 : ffffaf801f76f920 s10: 00007fffac7ea000 [ 1112.725020][ T2059] s11: 001ffffffff00221 t3 : 0000000000000000 t4 : fffff5ef03eedee0 [ 1112.726021][ T2059] t5 : fffff5ef03eedee2 t6 : 00007fffa84041a8 [ 1112.726876][ T2059] status: 0000000000000120 badaddr: ffffaf847c9ffff8 cause: 000000000000000d [ 1112.728140][ T2059] [] unmap_vmas+0x1d0/0x366 [ 1112.729970][ T2059] [] exit_mmap+0x15c/0x412 [ 1112.731249][ T2059] [] mmput+0xee/0x2c2 [ 1112.732452][ T2059] [] do_exit+0x6f2/0x18fc [ 1112.733633][ T2059] [] do_group_exit+0x90/0x17e [ 1112.735162][ T2059] [] get_signal+0x3b8/0x1754 [ 1112.736630][ T2059] [] do_notify_resume+0x11a/0xa56 [ 1112.737933][ T2059] [] ret_from_exception+0x0/0x10 [ 1112.742612][ T2059] ---[ end trace 0000000000000000 ]--- [ 1112.744343][ T2059] Kernel panic - not syncing: Fatal exception [ 1112.745513][ T2059] SMP: stopping secondary CPUs [ 1112.747574][ T2059] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:43:06 Registers: info registers vcpu 0 pc ffffffff80dc337e mhartid 0000000000000000 mstatus 00000000000000a0 mip 0000000000000080 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff8011f054 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc337e x2/sp ffffaf801f76efc0 x3/gp ffffffff85863ac0 x4/tp ffffaf8009bce100 x5/t0 ffffffff86bcb657 x6/t1 43eec55fb01fbb00 x7/t2 0000000000000000 x8/s0 ffffaf801f76eff0 x9/s1 ffffffff86e58900 x10/a0 ffffffff86e58948 x11/a1 ffff8f800066c000 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc9fe x18/s2 ffff8f800066c000 x19/s3 0000000000000030 x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb6bb x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f003eedda8 x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff802372a2 mhartid 0000000000000001 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000a028 sepc ffffffff8000a028 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8023729e x2/sp ffffaf800f2f3580 x3/gp ffffffff85863ac0 x4/tp ffffaf800e1c3080 x5/t0 0000000000046000 x6/t1 43eec55fb01fbb00 x7/t2 000000c000039e5c x8/s0 ffffaf800f2f35c0 x9/s1 0000000000000000 x10/a0 0000000000000000 x11/a1 00000000000f0000 x12/a2 0000000000000002 x13/a3 ffffffff8023729e x14/a4 ffffaf800e1c4080 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 43eec55fb01fbb00 x18/s2 ffffffff834483e8 x19/s3 ffffffff8000e866 x20/s4 ffffffff86c1a620 x21/s5 0000000000000120 x22/s6 0000000000000000 x23/s7 ffffaf800f2f3cf0 x24/s8 ffffffff800a0530 x25/s9 ffffffffffffc000 x26/s10 ffffaf800f2f37e0 x27/s11 0000000000000008 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001e5e6fc x31/t6 0000000000082960 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000