syzkaller login: [ 285.491259][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 285.537523][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 285.591800][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 297.151055][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:21932' (ECDSA) to the list of known hosts. 1970/01/01 00:05:41 fuzzer started 1970/01/01 00:05:55 dialing manager at localhost:38611 [ 361.687354][ T2025] cgroup: Unknown subsys name 'net' [ 362.747657][ T2025] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:02 syscalls: 2853 1970/01/01 00:06:02 code coverage: enabled 1970/01/01 00:06:02 comparison tracing: enabled 1970/01/01 00:06:02 extra coverage: enabled 1970/01/01 00:06:02 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:02 setuid sandbox: enabled 1970/01/01 00:06:02 namespace sandbox: enabled 1970/01/01 00:06:02 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:02 fault injection: enabled 1970/01/01 00:06:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:02 net packet injection: enabled 1970/01/01 00:06:02 net device setup: enabled 1970/01/01 00:06:02 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:02 USB emulation: enabled 1970/01/01 00:06:02 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:02 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:02 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:02 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:08 fetching corpus: 49, signal 39797/42757 (executing program) 1970/01/01 00:06:13 fetching corpus: 97, signal 66752/70170 (executing program) 1970/01/01 00:06:17 fetching corpus: 145, signal 78061/82067 (executing program) 1970/01/01 00:06:22 fetching corpus: 192, signal 86626/91084 (executing program) 1970/01/01 00:06:25 fetching corpus: 239, signal 97242/101845 (executing program) 1970/01/01 00:06:32 fetching corpus: 289, signal 107206/111747 (executing program) 1970/01/01 00:06:36 fetching corpus: 335, signal 113427/118010 (executing program) 1970/01/01 00:06:39 fetching corpus: 385, signal 118016/122654 (executing program) 1970/01/01 00:06:42 fetching corpus: 434, signal 122414/127028 (executing program) 1970/01/01 00:06:45 fetching corpus: 481, signal 130418/134411 (executing program) 1970/01/01 00:06:48 fetching corpus: 530, signal 133709/137538 (executing program) 1970/01/01 00:06:50 fetching corpus: 580, signal 137836/141349 (executing program) 1970/01/01 00:06:54 fetching corpus: 630, signal 144038/146683 (executing program) 1970/01/01 00:06:56 fetching corpus: 676, signal 147061/149324 (executing program) 1970/01/01 00:06:59 fetching corpus: 725, signal 150843/152508 (executing program) 1970/01/01 00:07:02 fetching corpus: 774, signal 153381/154573 (executing program) 1970/01/01 00:07:04 fetching corpus: 805, signal 156221/156849 (executing program) 1970/01/01 00:07:05 fetching corpus: 805, signal 156223/156882 (executing program) 1970/01/01 00:07:05 fetching corpus: 806, signal 156236/156934 (executing program) 1970/01/01 00:07:05 fetching corpus: 806, signal 156236/156969 (executing program) 1970/01/01 00:07:05 fetching corpus: 806, signal 156236/157007 (executing program) 1970/01/01 00:07:05 fetching corpus: 806, signal 156236/157059 (executing program) 1970/01/01 00:07:06 fetching corpus: 806, signal 156236/157091 (executing program) 1970/01/01 00:07:06 fetching corpus: 806, signal 156236/157135 (executing program) 1970/01/01 00:07:06 fetching corpus: 806, signal 156236/157170 (executing program) 1970/01/01 00:07:06 fetching corpus: 806, signal 156236/157215 (executing program) 1970/01/01 00:07:06 fetching corpus: 806, signal 156236/157266 (executing program) 1970/01/01 00:07:07 fetching corpus: 807, signal 156238/157309 (executing program) 1970/01/01 00:07:07 fetching corpus: 807, signal 156238/157355 (executing program) 1970/01/01 00:07:07 fetching corpus: 807, signal 156238/157400 (executing program) 1970/01/01 00:07:07 fetching corpus: 807, signal 156238/157442 (executing program) 1970/01/01 00:07:07 fetching corpus: 807, signal 156238/157474 (executing program) 1970/01/01 00:07:07 fetching corpus: 807, signal 156238/157508 (executing program) 1970/01/01 00:07:08 fetching corpus: 807, signal 156238/157542 (executing program) 1970/01/01 00:07:08 fetching corpus: 807, signal 156238/157582 (executing program) 1970/01/01 00:07:08 fetching corpus: 807, signal 156238/157619 (executing program) 1970/01/01 00:07:08 fetching corpus: 807, signal 156238/157661 (executing program) 1970/01/01 00:07:08 fetching corpus: 807, signal 156240/157699 (executing program) 1970/01/01 00:07:08 fetching corpus: 807, signal 156240/157741 (executing program) 1970/01/01 00:07:09 fetching corpus: 807, signal 156240/157785 (executing program) 1970/01/01 00:07:09 fetching corpus: 807, signal 156240/157818 (executing program) 1970/01/01 00:07:09 fetching corpus: 807, signal 156240/157860 (executing program) 1970/01/01 00:07:09 fetching corpus: 807, signal 156240/157898 (executing program) 1970/01/01 00:07:09 fetching corpus: 807, signal 156240/157934 (executing program) 1970/01/01 00:07:09 fetching corpus: 807, signal 156240/157975 (executing program) 1970/01/01 00:07:10 fetching corpus: 807, signal 156240/158011 (executing program) 1970/01/01 00:07:10 fetching corpus: 807, signal 156240/158063 (executing program) 1970/01/01 00:07:10 fetching corpus: 807, signal 156240/158098 (executing program) 1970/01/01 00:07:10 fetching corpus: 807, signal 156240/158135 (executing program) 1970/01/01 00:07:10 fetching corpus: 807, signal 156240/158175 (executing program) 1970/01/01 00:07:10 fetching corpus: 807, signal 156240/158214 (executing program) 1970/01/01 00:07:11 fetching corpus: 807, signal 156240/158245 (executing program) 1970/01/01 00:07:11 fetching corpus: 807, signal 156240/158286 (executing program) 1970/01/01 00:07:11 fetching corpus: 807, signal 156240/158331 (executing program) 1970/01/01 00:07:11 fetching corpus: 807, signal 156240/158381 (executing program) 1970/01/01 00:07:11 fetching corpus: 807, signal 156240/158427 (executing program) 1970/01/01 00:07:11 fetching corpus: 807, signal 156240/158468 (executing program) 1970/01/01 00:07:12 fetching corpus: 807, signal 156240/158505 (executing program) 1970/01/01 00:07:12 fetching corpus: 807, signal 156240/158554 (executing program) 1970/01/01 00:07:12 fetching corpus: 807, signal 156240/158592 (executing program) 1970/01/01 00:07:12 fetching corpus: 807, signal 156240/158640 (executing program) 1970/01/01 00:07:12 fetching corpus: 807, signal 156240/158676 (executing program) 1970/01/01 00:07:12 fetching corpus: 807, signal 156240/158719 (executing program) 1970/01/01 00:07:13 fetching corpus: 807, signal 156240/158755 (executing program) 1970/01/01 00:07:13 fetching corpus: 807, signal 156240/158797 (executing program) 1970/01/01 00:07:13 fetching corpus: 807, signal 156240/158832 (executing program) 1970/01/01 00:07:13 fetching corpus: 807, signal 156240/158914 (executing program) 1970/01/01 00:07:13 fetching corpus: 807, signal 156240/158967 (executing program) 1970/01/01 00:07:13 fetching corpus: 807, signal 156240/159020 (executing program) 1970/01/01 00:07:13 fetching corpus: 807, signal 156240/159099 (executing program) 1970/01/01 00:07:14 fetching corpus: 807, signal 156240/159161 (executing program) 1970/01/01 00:07:14 fetching corpus: 807, signal 156240/159212 (executing program) 1970/01/01 00:07:14 fetching corpus: 807, signal 156240/159252 (executing program) 1970/01/01 00:07:14 fetching corpus: 807, signal 156240/159308 (executing program) 1970/01/01 00:07:14 fetching corpus: 807, signal 156240/159348 (executing program) 1970/01/01 00:07:14 fetching corpus: 807, signal 156240/159426 (executing program) 1970/01/01 00:07:14 fetching corpus: 807, signal 156240/159456 (executing program) 1970/01/01 00:07:15 fetching corpus: 807, signal 156240/159502 (executing program) 1970/01/01 00:07:15 fetching corpus: 807, signal 156240/159535 (executing program) 1970/01/01 00:07:15 fetching corpus: 807, signal 156240/159550 (executing program) 1970/01/01 00:07:15 fetching corpus: 807, signal 156240/159550 (executing program) 1970/01/01 00:09:06 starting 2 fuzzer processes 00:09:07 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000002a80)={&(0x7f0000002a40)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @private=0xa010102}]}, 0x1c}}, 0x0) 00:09:07 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) sendto$inet(r0, 0x0, 0x700000000000000, 0x0, 0x0, 0x0) [ 574.673925][ T2031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 574.782861][ T2031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 577.220595][ T2032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 577.362612][ T2032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 586.961877][ T2031] device hsr_slave_0 entered promiscuous mode [ 587.043123][ T2031] device hsr_slave_1 entered promiscuous mode [ 589.123727][ T2032] device hsr_slave_0 entered promiscuous mode [ 589.178270][ T2032] device hsr_slave_1 entered promiscuous mode [ 589.195249][ T2032] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 589.201437][ T2032] Cannot create hsr debugfs directory [ 596.131509][ T2031] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 596.502452][ T2031] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 596.665608][ T2031] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 596.995444][ T2031] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 598.529204][ T2032] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 598.680335][ T2032] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 598.784686][ T2032] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 598.903052][ T2032] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 611.941574][ T2031] 8021q: adding VLAN 0 to HW filter on device bond0 [ 612.291721][ T2032] 8021q: adding VLAN 0 to HW filter on device bond0 [ 612.739083][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 612.781742][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 613.020091][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 613.035253][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 621.902712][ T2136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 621.949969][ T2136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 622.139829][ T2136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 622.185090][ T2136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 622.520229][ T2136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 622.663995][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 622.701844][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 623.487702][ T2651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 623.600346][ T2651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 623.628429][ T2651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 623.654717][ T2651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 624.045457][ T2651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 624.493268][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 624.535301][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 625.053543][ T2031] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 625.177999][ T2031] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 625.293360][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 625.329082][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 625.711041][ T2651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 625.748223][ T2651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 626.238630][ T2136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 626.284413][ T2136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 626.471094][ T2032] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 626.960526][ T2136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 626.964564][ T2136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 627.659971][ T2136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 627.664304][ T2136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 648.443776][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 648.529592][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 650.082687][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 650.171245][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 656.388570][ T2031] device veth0_vlan entered promiscuous mode [ 656.495320][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 656.581489][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 656.908499][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 656.977963][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 657.288259][ T2031] device veth1_vlan entered promiscuous mode [ 657.788067][ T2032] device veth0_vlan entered promiscuous mode [ 658.171777][ T2136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 658.243464][ T2136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 658.300088][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 658.312644][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 658.492238][ T2032] device veth1_vlan entered promiscuous mode [ 658.959295][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 658.994921][ T2026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 659.284845][ T2031] device veth0_macvtap entered promiscuous mode [ 659.575006][ T2031] device veth1_macvtap entered promiscuous mode [ 660.202380][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 660.250346][ T2652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 660.519786][ T2032] device veth0_macvtap entered promiscuous mode [ 660.863191][ T2032] device veth1_macvtap entered promiscuous mode [ 661.140741][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 661.173883][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 661.634655][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 661.665375][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 662.051065][ T2031] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 662.069781][ T2031] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 662.073731][ T2031] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 662.075426][ T2031] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 662.299706][ T2136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 662.334173][ T2136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 662.831448][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 662.874098][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 663.468226][ T2032] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 663.472464][ T2032] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 663.474368][ T2032] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 663.491194][ T2032] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 671.151357][ T2032] get_swap_device: Bad swap file entry 141ffff5f003f268 [ 671.161697][ T2032] BUG: Bad page map in process syz-executor.0 pte:ffffffff801110e4 pmd:27eccc01 [ 671.163401][ T2032] addr:00007fffbe5f1000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab15140 index:10f [ 671.168544][ T2032] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 671.171990][ T2032] CPU: 0 PID: 2032 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 671.173813][ T2032] Hardware name: riscv-virtio,qemu (DT) [ 671.175045][ T2032] Call Trace: [ 671.176409][ T2032] [] dump_backtrace+0x2e/0x3c [ 671.178365][ T2032] [] show_stack+0x34/0x40 [ 671.179707][ T2032] [] dump_stack_lvl+0xe4/0x150 [ 671.182831][ T2032] [] dump_stack+0x1c/0x24 [ 671.184539][ T2032] [] print_bad_pte+0x3d4/0x4a0 [ 671.186184][ T2032] [] vm_normal_page+0x20c/0x22a [ 671.188004][ T2032] [] copy_page_range+0x828/0x236c [ 671.189447][ T2032] [] dup_mm+0xb5c/0xe10 [ 671.190787][ T2032] [] copy_process+0x25da/0x3c34 [ 671.192196][ T2032] [] kernel_clone+0xee/0x920 [ 671.193575][ T2032] [] __do_sys_clone+0xf2/0x12e [ 671.194991][ T2032] [] sys_clone+0x32/0x44 [ 671.196955][ T2032] [] ret_from_syscall+0x0/0x2 [ 671.202662][ T2032] Disabling lock debugging due to kernel taint [ 671.307056][ T2032] get_swap_device: Bad swap file entry 181ffff5f003f268 [ 671.308390][ T2032] BUG: Bad page map in process syz-executor.0 pte:ffffffff801110e4 pmd:27eccc01 [ 671.309531][ T2032] addr:00007fffbe5f9000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab15140 index:117 [ 671.310787][ T2032] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 671.312412][ T2032] CPU: 0 PID: 2032 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 671.314143][ T2032] Hardware name: riscv-virtio,qemu (DT) [ 671.315015][ T2032] Call Trace: [ 671.315737][ T2032] [] dump_backtrace+0x2e/0x3c [ 671.317067][ T2032] [] show_stack+0x34/0x40 [ 671.318097][ T2032] [] dump_stack_lvl+0xe4/0x150 [ 671.319324][ T2032] [] dump_stack+0x1c/0x24 [ 671.320598][ T2032] [] print_bad_pte+0x3d4/0x4a0 [ 671.321886][ T2032] [] vm_normal_page+0x20c/0x22a [ 671.323102][ T2032] [] copy_page_range+0x828/0x236c [ 671.324429][ T2032] [] dup_mm+0xb5c/0xe10 [ 671.325556][ T2032] [] copy_process+0x25da/0x3c34 [ 671.327001][ T2032] [] kernel_clone+0xee/0x920 [ 671.328112][ T2032] [] __do_sys_clone+0xf2/0x12e [ 671.329345][ T2032] [] sys_clone+0x32/0x44 [ 671.330518][ T2032] [] ret_from_syscall+0x0/0x2 [ 671.388203][ T2032] BUG: Bad page map in process syz-executor.0 pte:41b58ab3 pmd:27eccc01 [ 671.390128][ T2032] addr:00007fffbe5fc000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab15140 index:11a [ 671.392828][ T2032] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 671.394168][ T2032] CPU: 1 PID: 2032 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 671.395539][ T2032] Hardware name: riscv-virtio,qemu (DT) [ 671.397162][ T2032] Call Trace: [ 671.397780][ T2032] [] dump_backtrace+0x2e/0x3c [ 671.398874][ T2032] [] show_stack+0x34/0x40 [ 671.399969][ T2032] [] dump_stack_lvl+0xe4/0x150 [ 671.401187][ T2032] [] dump_stack+0x1c/0x24 [ 671.402372][ T2032] [] print_bad_pte+0x3d4/0x4a0 [ 671.403615][ T2032] [] vm_normal_page+0x20c/0x22a [ 671.404870][ T2032] [] copy_page_range+0x828/0x236c [ 671.406593][ T2032] [] dup_mm+0xb5c/0xe10 [ 671.407833][ T2032] [] copy_process+0x25da/0x3c34 [ 671.408951][ T2032] [] kernel_clone+0xee/0x920 [ 671.410082][ T2032] [] __do_sys_clone+0xf2/0x12e [ 671.411514][ T2032] [] sys_clone+0x32/0x44 [ 671.412666][ T2032] [] ret_from_syscall+0x0/0x2 [ 671.414900][ T2032] BUG: Bad page map in process syz-executor.0 pte:ffffffff8451f630 pmd:27eccc01 [ 671.417125][ T2032] addr:00007fffbe5fd000 vm_flags:100400fb anon_vma:0000000000000000 mapping:ffffaf800ab15140 index:11b [ 671.418482][ T2032] file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0 [ 671.419731][ T2032] CPU: 1 PID: 2032 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 671.421210][ T2032] Hardware name: riscv-virtio,qemu (DT) [ 671.422109][ T2032] Call Trace: [ 671.422734][ T2032] [] dump_backtrace+0x2e/0x3c [ 671.423876][ T2032] [] show_stack+0x34/0x40 [ 671.424976][ T2032] [] dump_stack_lvl+0xe4/0x150 [ 671.426657][ T2032] [] dump_stack+0x1c/0x24 [ 671.427737][ T2032] [] print_bad_pte+0x3d4/0x4a0 [ 671.428861][ T2032] [] vm_normal_page+0x20c/0x22a [ 671.429918][ T2032] [] copy_page_range+0x828/0x236c [ 671.430801][ T2032] [] dup_mm+0xb5c/0xe10 [ 671.431863][ T2032] [] copy_process+0x25da/0x3c34 [ 671.432830][ T2032] [] kernel_clone+0xee/0x920 [ 671.433779][ T2032] [] __do_sys_clone+0xf2/0x12e [ 671.434797][ T2032] [] sys_clone+0x32/0x44 [ 671.435816][ T2032] [] ret_from_syscall+0x0/0x2 [ 671.511716][ T2032] Unable to handle kernel paging request at virtual address ffffaf847c9ffff8 [ 671.514450][ T2032] Oops [#1] [ 671.515255][ T2032] Modules linked in: [ 671.516725][ T2032] CPU: 1 PID: 2032 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 671.518140][ T2032] Hardware name: riscv-virtio,qemu (DT) [ 671.518958][ T2032] epc : copy_page_range+0x1ade/0x236c [ 671.520036][ T2032] ra : copy_page_range+0x1ade/0x236c [ 671.521185][ T2032] epc : ffffffff803dce04 ra : ffffffff803dce04 sp : ffffaf801f937680 [ 671.522312][ T2032] gp : ffffffff85863ac0 tp : ffffaf800e430000 t0 : ffffaf801f937830 [ 671.523498][ T2032] t1 : fffff5ef03f26f05 t2 : 00007ffff47a51b7 s0 : ffffaf801f9378e0 [ 671.524778][ T2032] s1 : ffffffff80110fdc a0 : ffffaf847c9ffff8 a1 : 0000000000000007 [ 671.526317][ T2032] a2 : 1ffff5f08f93ffff a3 : ffffffff803dce04 a4 : 0000000000000000 [ 671.527495][ T2032] a5 : ffffaf847c9ffff8 a6 : 0000000000f00000 a7 : ffffaf801f93782f [ 671.528603][ T2032] s2 : ffffaf801f933ff0 s3 : ffffaf80081b6ff0 s4 : 0000000000000000 [ 671.529823][ T2032] s5 : 7c1ffffffff00221 s6 : 001ffffffff00221 s7 : ffffaf847c9ffff8 [ 671.531036][ T2032] s8 : 000000000000001f s9 : 00007fffbe600000 s10: ffffaf800e680d68 [ 671.532182][ T2032] s11: 00007fffbe5fe000 t3 : 000000007fffffff t4 : fffff5ef03f26f04 [ 671.533380][ T2032] t5 : fffff5ef03f26f06 t6 : 0000000000040000 [ 671.534446][ T2032] status: 0000000000000120 badaddr: ffffaf847c9ffff8 cause: 000000000000000d [ 671.535799][ T2032] [] dup_mm+0xb5c/0xe10 [ 671.537046][ T2032] [] copy_process+0x25da/0x3c34 [ 671.538254][ T2032] [] kernel_clone+0xee/0x920 [ 671.539423][ T2032] [] __do_sys_clone+0xf2/0x12e [ 671.540315][ T2032] [] sys_clone+0x32/0x44 [ 671.541100][ T2032] [] ret_from_syscall+0x0/0x2 [ 671.543563][ T2032] ---[ end trace 0000000000000000 ]--- [ 671.544658][ T2032] Kernel panic - not syncing: Fatal exception [ 671.545413][ T2032] SMP: stopping secondary CPUs [ 671.547598][ T2032] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:22:10 Registers: info registers vcpu 0 pc ffffffff8010b22c mhartid 0000000000000000 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475ab2 sepc ffffffff80475ab2 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf800ff37a80 x3/gp ffffffff85863ac0 x4/tp ffffaf800bcb9840 x5/t0 0000000000046000 x6/t1 60b6d2c92135cc00 x7/t2 0000000000000032 x8/s0 ffffaf800ff37a90 x9/s1 0000000000001000 x10/a0 0000000000000120 x11/a1 ffffffffffffffff x12/a2 1ffff5f001797309 x13/a3 ffffffff80146d84 x14/a4 0000000000010001 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff80133e3c x18/s2 0000000000000001 x19/s3 ffffffff84b73ec0 x20/s4 ffffffff86c1a628 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 ffffffff84deb200 x24/s8 ffffffff86c1a620 x25/s9 000000000069d5c0 x26/s10 0000040000a00001 x27/s11 000000c0000004e0 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001fe6f1c x31/t6 0000000000082368 f0/ft0 0000000000000000 f1/ft1 40b6f4bd8a547a9d f2/ft2 4169983c00000000 f3/ft3 43e0000000000000 f4/ft4 3ffe000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80115baa mhartid 0000000000000001 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff803cdc32 sepc ffffffff803cdc32 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80115b96 x2/sp ffffaf801f9369a0 x3/gp ffffffff85863ac0 x4/tp ffffaf800e430000 x5/t0 0000000000046000 x6/t1 60b6d2c92135cc00 x7/t2 0000000000000000 x8/s0 ffffaf801f936ac0 x9/s1 ffffffff8343c840 x10/a0 ffffaf805a9c8840 x11/a1 0000000000000003 x12/a2 1ffff5f00b539108 x13/a3 ffffffff80115b96 x14/a4 0000000000000000 x15/a5 0000000000000120 x16/a6 0000000000f00000 x17/a7 ffffffff800d6f9e x18/s2 ffffaf805a9c8840 x19/s3 ffffaf800e430000 x20/s4 ffffaf800e430a18 x21/s5 9966e13d2babbce3 x22/s6 ffffffff86c1a620 x23/s7 0000000000000007 x24/s8 ffffffff85889780 x25/s9 1ffff5f003f26d38 x26/s10 0000000000000006 x27/s11 ffffaf800e431000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f003f26d08 x31/t6 ffffaf801f936f98 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000