last executing test programs: 1.379123814s ago: executing program 0 (id=117): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="340001002cbd7000fddbdf250220102d000000040300010008000b009806000008000b000700000008"], 0x34}, 0x1, 0x0, 0x0, 0x1}, 0xc31fe084736598c) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="340000001100010029bd7000ffdbdf2507000000", @ANYRES32=r2, @ANYBLOB="000009319034000014001a"], 0x34}, 0x1, 0x0, 0x0, 0x20004000}, 0x20000044) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20040040) 1.321273017s ago: executing program 1 (id=118): socket(0x10, 0x3, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x0, 0x0, 0x148, 0x0, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xed, 0x10000007}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xf, [0x10, 0x32, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'tunl0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x1, 0x61, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x4d, 0x0, @wg=@initiation={0x1, 0x1, "65a252e7cb7a5918c004a9971a46afced2c32642b1ec9fe34818d8ccd82041b7", "c930713c550e74ee13c2638ac75b2a9666efd31a34fce4498df8105d8bd8ed283a220c3a9becd8a70d3607ea8270d351", "ae12e16b560f2f8ac4ca3e745ce285f12f6e8719e7f1e7f286a68f76", {"980aa8fb8f80d69f1fb587086447e93e", "55e824bb69e833bd36300b088233545a"}}}}}}}, 0x0) 1.139842424s ago: executing program 0 (id=119): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000040)) 1.031748548s ago: executing program 1 (id=120): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009e0000000b"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x4}, 0x18) fsopen(&(0x7f0000000100)='configfs\x00', 0x0) 801.669047ms ago: executing program 0 (id=121): r0 = io_uring_setup(0x4238, &(0x7f0000000180)={0x0, 0x0, 0x40, 0x3}) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r0, 0xc, 0x0, 0x0) 801.500167ms ago: executing program 1 (id=122): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001300)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@enum, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0xfffffffd, [{0x0, 0x3}]}, @volatile={0x0, 0x0, 0x0, 0x9, 0x1}]}}, 0x0, 0x4a, 0x0, 0x1}, 0x28) 588.578466ms ago: executing program 1 (id=123): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f00000010c0)={@local}) 588.340286ms ago: executing program 0 (id=124): prctl$PR_SET_IO_FLUSHER(0x39, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000600)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000400), 0x12) syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r2 = openat$cgroup_int(r0, &(0x7f0000000240)='memory.high\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f00000003c0)=0x1000, 0x12) 359.480855ms ago: executing program 0 (id=125): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x82600, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f00000001c0)={0x3, 0x6, 0x52, 0x56, 0x1b, "dbbac9f77fbc8e6382a15fb19971b55e341a3e"}) 289.999118ms ago: executing program 1 (id=126): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x86}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x10}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r1, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 78.303977ms ago: executing program 0 (id=127): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r1, r0, 0x26}, 0x10) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map, 0xffffffffffffffff, 0x5}, 0x10) 0s ago: executing program 1 (id=128): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x8008af00, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:49326' (ED25519) to the list of known hosts. syzkaller login: [ 107.507634][ T3312] cgroup: Unknown subsys name 'net' [ 107.762298][ T3312] cgroup: Unknown subsys name 'cpuset' [ 107.808779][ T3312] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 108.658501][ T3312] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 121.629563][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 121.704059][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 121.852355][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 121.953707][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 123.791722][ T3318] hsr_slave_0: entered promiscuous mode [ 123.808410][ T3318] hsr_slave_1: entered promiscuous mode [ 123.964522][ T3317] hsr_slave_0: entered promiscuous mode [ 123.985429][ T3317] hsr_slave_1: entered promiscuous mode [ 123.994326][ T3317] debugfs: 'hsr0' already exists in 'hsr' [ 123.995111][ T3317] Cannot create hsr debugfs directory [ 125.967583][ T3318] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 126.043307][ T3318] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 126.112180][ T3318] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 126.179578][ T3318] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 126.404845][ T3317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 126.460644][ T3317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 126.491056][ T3317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 126.544562][ T3317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 127.911040][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.074795][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.764033][ T3318] veth0_vlan: entered promiscuous mode [ 133.834255][ T3317] veth0_vlan: entered promiscuous mode [ 133.851095][ T3318] veth1_vlan: entered promiscuous mode [ 133.928852][ T3317] veth1_vlan: entered promiscuous mode [ 134.090232][ T3318] veth0_macvtap: entered promiscuous mode [ 134.133133][ T3318] veth1_macvtap: entered promiscuous mode [ 134.283153][ T3317] veth0_macvtap: entered promiscuous mode [ 134.325391][ T3317] veth1_macvtap: entered promiscuous mode [ 134.493309][ T40] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.495620][ T40] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.511991][ T40] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.512519][ T40] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.689367][ T118] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.698404][ T118] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.699151][ T118] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.699436][ T118] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.119833][ T3318] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 137.341848][ T3467] infiniband syz1: set active [ 137.346153][ T3467] infiniband syz1: added bond0 [ 137.558831][ T3467] RDS/IB: syz1: added [ 138.257040][ C0] hrtimer: interrupt took 638030 ns [ 139.849136][ T3481] netlink: 14 bytes leftover after parsing attributes in process `syz.0.7'. [ 139.873712][ T3481] veth1_macvtap: left promiscuous mode [ 140.548760][ T3491] !€ÿ: renamed from bond_slave_0 (while UP) [ 141.522474][ T3505] netlink: 'syz.0.18': attribute type 21 has an invalid length. [ 141.739776][ T3509] netlink: 40 bytes leftover after parsing attributes in process `syz.1.19'. [ 141.745858][ T3509] netlink: 40 bytes leftover after parsing attributes in process `syz.1.19'. [ 141.780727][ T3509] netlink: 40 bytes leftover after parsing attributes in process `syz.1.19'. [ 142.938594][ T3523] netlink: 'syz.0.26': attribute type 29 has an invalid length. [ 142.952527][ T3523] netlink: 'syz.0.26': attribute type 29 has an invalid length. [ 142.974408][ T3523] netlink: 'syz.0.26': attribute type 29 has an invalid length. [ 144.454460][ T3547] capability: warning: `syz.1.35' uses deprecated v2 capabilities in a way that may be insecure [ 149.720048][ T30] audit: type=1326 audit(149.500:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3593 comm="syz.1.56" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ef5b3a8 code=0x7ffc0000 [ 149.728430][ T30] audit: type=1326 audit(149.530:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3593 comm="syz.1.56" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ef5b3a8 code=0x7ffc0000 [ 149.738586][ T30] audit: type=1326 audit(149.550:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3593 comm="syz.1.56" exe="/syz-executor" sig=0 arch=c00000b7 syscall=453 compat=0 ip=0xffff8ef5b3a8 code=0x7ffc0000 [ 149.748215][ T30] audit: type=1326 audit(149.550:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3593 comm="syz.1.56" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ef5b3a8 code=0x7ffc0000 [ 151.549147][ T3619] KVM: debugfs: duplicate directory 3619-4 [ 152.021018][ T3628] Illegal XDP return value 1510404429 on prog (id 6) dev N/A, expect packet loss! [ 152.382539][ T3635] netlink: 'syz.1.75': attribute type 1 has an invalid length. [ 152.698889][ T3635] 8021q: adding VLAN 0 to HW filter on device bond1 [ 152.799764][ T3635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.839427][ T3635] bond1: (slave bond0): making interface the new active one [ 152.854472][ T3635] bond1: (slave bond0): Enslaving as an active interface with an up link [ 152.883536][ T3635] bond1: entered promiscuous mode [ 152.886330][ T3635] bond0: entered promiscuous mode [ 152.891609][ T3635] !€ÿ: entered promiscuous mode [ 152.896652][ T3635] bond_slave_1: entered promiscuous mode [ 152.908798][ T3633] bond1: left promiscuous mode [ 152.912203][ T3633] bond0: left promiscuous mode [ 152.913780][ T3633] !€ÿ: left promiscuous mode [ 152.914854][ T3633] bond_slave_1: left promiscuous mode [ 167.176016][ T3725] netlink: 12 bytes leftover after parsing attributes in process `syz.0.108'. [ 170.789749][ T3749] netlink: 28 bytes leftover after parsing attributes in process `syz.0.116'. [ 171.158900][ T3753] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 172.355903][ T3772] ================================================================== [ 172.359993][ T3772] BUG: KASAN: invalid-access in __memcpy+0xc/0x54 [ 172.362305][ T3772] Write at addr f8ff8000834351b7 by task syz.0.127/3772 [ 172.362929][ T3772] Pointer tag: [f8], memory tag: [fe] [ 172.363095][ T3772] [ 172.363970][ T3772] CPU: 1 UID: 0 PID: 3772 Comm: syz.0.127 Not tainted syzkaller #0 PREEMPT [ 172.364471][ T3772] Hardware name: linux,dummy-virt (DT) [ 172.364883][ T3772] Call trace: [ 172.365265][ T3772] show_stack+0x18/0x24 (C) [ 172.365787][ T3772] dump_stack_lvl+0x78/0x90 [ 172.366077][ T3772] print_report+0x108/0x61c [ 172.366310][ T3772] kasan_report+0x88/0xac [ 172.366531][ T3772] __do_kernel_fault+0x170/0x1c8 [ 172.366772][ T3772] do_bad_area+0x68/0x78 [ 172.366999][ T3772] do_tag_check_fault+0x34/0x44 [ 172.367262][ T3772] do_mem_abort+0x44/0x94 [ 172.367528][ T3772] el1_abort+0x44/0x68 [ 172.367768][ T3772] el1h_64_sync_handler+0x50/0xac [ 172.368005][ T3772] el1h_64_sync+0x6c/0x70 [ 172.368323][ T3772] __memcpy+0xc/0x54 (P) [ 172.368508][ T3772] convert_ctx_accesses+0x694/0xb28 [ 172.368677][ T3772] bpf_check+0x1338/0x2a24 [ 172.368870][ T3772] bpf_prog_load+0x63c/0xcd4 [ 172.369059][ T3772] __sys_bpf+0x2e0/0x1a88 [ 172.369247][ T3772] __arm64_sys_bpf+0x24/0x34 [ 172.369471][ T3772] invoke_syscall+0x48/0x110 [ 172.369694][ T3772] el0_svc_common.constprop.0+0x40/0xe0 [ 172.369927][ T3772] do_el0_svc+0x1c/0x28 [ 172.370148][ T3772] el0_svc+0x34/0x10c [ 172.370369][ T3772] el0t_64_sync_handler+0xa0/0xe4 SYZFAIL: failed to recv rpc [ 172.370611][ T3772] el0t_64_sync+0x1a4/0x1a8 [ 172.371061][ T3772] [ 172.371357][ T3772] The buggy address belongs to a 1-page vmalloc region starting at 0xf8ff800083435000 allocated at bpf_check+0x8c/0x2a24 [ 172.373045][ T3772] The buggy address belongs to the physical page: [ 172.373492][ T3772] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xf6f0000000000000 pfn:0x4c676 [ 172.373997][ T3772] flags: 0x1ffdc0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x7) [ 172.375145][ T3772] raw: 01ffdc0000000000 0000000000000000 dead000000000122 0000000000000000 [ 172.375347][ T3772] raw: f6f0000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 172.375562][ T3772] page dumped because: kasan: bad access detected [ 172.375678][ T3772] [ 172.375784][ T3772] Memory state around the buggy address: [ 172.376513][ T3772] Unable to handle kernel paging request at virtual address ffff800083434f00 [ 172.376764][ T3772] Mem abort info: [ 172.376863][ T3772] ESR = 0x0000000096000007 [ 172.377026][ T3772] EC = 0x25: DABT (current EL), IL = 32 bits [ 172.377186][ T3772] SET = 0, FnV = 0 [ 172.377384][ T3772] EA = 0, S1PTW = 0 [ 172.377527][ T3772] FSC = 0x07: level 3 translation fault [ 172.377677][ T3772] Data abort info: [ 172.377788][ T3772] ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000 [ 172.377913][ T3772] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 172.378040][ T3772] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 172.378371][ T3772] swapper pgtable: 4k pages, 52-bit VAs, pgdp=0000000042981000 [ 172.378520][ T3772] [ffff800083434f00] pgd=1000000042ed3003, p4d=1000000042ed4003, pud=1000000042ed5003, pmd=100000004320e403, pte=0000000000000000 [ 172.380528][ T3772] Internal error: Oops: 0000000096000007 [#1] SMP [ 172.421549][ T3772] Modules linked in: [ 172.422919][ T3772] CPU: 1 UID: 0 PID: 3772 Comm: syz.0.127 Not tainted syzkaller #0 PREEMPT [ 172.424158][ T3772] Hardware name: linux,dummy-virt (DT) [ 172.425064][ T3772] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 172.425993][ T3772] pc : kasan_metadata_fetch_row+0xc/0x28 [ 172.427595][ T3772] lr : print_report+0x29c/0x61c [ 172.428336][ T3772] sp : ffff80008977b5e0 fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 172.428918][ T3772] x29: ffff80008977b5e0 x28: f3f000000a6a92c0 x27: f4ff80008342d060 [ 172.430477][ T3772] x26: 0000000000000058 x25: ffff800082448bd0 x24: ffff800082448bd8 [ 172.431848][ T3772] x23: ffff8000834351b7 x22: ffff800082419660 x21: ffff800083435000 [ 172.433253][ T3772] x20: 00000000fffffffe x19: ffff800083434f00 x18: 0000000000000010 [ 172.434554][ T3772] x17: ffff8000828ffa60 x16: 0000000000006200 x15: ffff80008977b460 [ 172.435733][ T3772] x14: ffff80008977b65c x13: ffff80008977b649 x12: ffff8000829ff3c0 [ 172.437143][ T3772] x11: 0000000000000001 x10: 0000000000000001 x9 : 000000000002ffe8 [ 172.438500][ T3772] x8 : f3f000000a6a92c0 x7 : 0000000000000010 x6 : ffff800081c70640 [ 172.439584][ T3772] x5 : 0000000000000030 x4 : 0000000000000002 x3 : ffff800083435000 [ 172.440762][ T3772] x2 : ffff800083434f00 x1 : ffff800083434f10 x0 : ffff80008977b638 [ 172.442177][ T3772] Call trace: [ 172.442993][ T3772] kasan_metadata_fetch_row+0xc/0x28 (P) [ 172.444086][ T3772] kasan_report+0x88/0xac [ 172.444849][ T3772] __do_kernel_fault+0x170/0x1c8 [ 172.445656][ T3772] do_bad_area+0x68/0x78 [ 172.446396][ T3772] do_tag_check_fault+0x34/0x44 [ 172.447294][ T3772] do_mem_abort+0x44/0x94 [ 172.448047][ T3772] el1_abort+0x44/0x68 [ 172.448914][ T3772] el1h_64_sync_handler+0x50/0xac [ 172.449590][ T3772] el1h_64_sync+0x6c/0x70 [ 172.450430][ T3772] __memcpy+0xc/0x54 (P) [ 172.451153][ T3772] convert_ctx_accesses+0x694/0xb28 [ 172.451961][ T3772] bpf_check+0x1338/0x2a24 [ 172.452716][ T3772] bpf_prog_load+0x63c/0xcd4 [ 172.453563][ T3772] __sys_bpf+0x2e0/0x1a88 [ 172.454290][ T3772] __arm64_sys_bpf+0x24/0x34 [ 172.454967][ T3772] invoke_syscall+0x48/0x110 [ 172.455680][ T3772] el0_svc_common.constprop.0+0x40/0xe0 [ 172.456510][ T3772] do_el0_svc+0x1c/0x28 [ 172.457205][ T3772] el0_svc+0x34/0x10c [ 172.458024][ T3772] el0t_64_sync_handler+0xa0/0xe4 [ 172.458738][ T3772] el0t_64_sync+0x1a4/0x1a8 [ 172.459890][ T3772] Code: d65f03c0 91040023 aa0103e2 91004021 (d9600042) [ 172.461294][ T3772] ---[ end trace 0000000000000000 ]--- [ 172.462433][ T3772] Kernel panic - not syncing: Oops: Fatal exception [ 172.463488][ T3772] SMP: stopping secondary CPUs [ 172.464829][ T3772] Kernel Offset: disabled [ 172.465151][ T3772] CPU features: 0x000000,0000d198,2fbe33e0,557ffebf [ 172.465743][ T3772] Memory Limit: none [ 172.466551][ T3772] Rebooting in 86400 seconds.. VM DIAGNOSIS: 03:55:48 Registers: info registers vcpu 0 CPU#0 PC=ffff800080336770 X00=0000000000000000 X01=0000000000000280 X02=fff0000005e5a500 X03=000000000003d210 X04=0000000000000140 X05=f9f000000a868000 X06=000000000000000d X07=f3f0000006065bbc X08=fcf00000033a6600 X09=0000000000082820 X10=f8f000000ad6b400 X11=0000001c7b05b3a9 X12=0000000000000005 X13=0000000000000001 X14=f8f00000067fb000 X15=0000000000000000 X16=ffff800082ce8000 X17=fff07ffffcfd3000 X18=0000000000000000 X19=0000000000082820 X20=0000000000000003 X21=f9f000000a868000 X22=0000000000000000 X23=fbaf800080169eb8 X24=0000000000000000 X25=0000000000000280 X26=0000000000000001 X27=fcf00000033a6600 X28=f9f000000afd7d00 X29=ffff800082ceb2c0 X30=ffff800081b12e3c SP=ffff800082ceb2c0 PSTATE=80402009 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc262b760:0000ffffc262b760 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd8:0000ffffc262b730 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00f000f0000000f0 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff000000ff00:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:fff000f000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bb448243222c92da:e3914ed4e87380b0 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc262b760:0000ffffc262b760 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffc262b730 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff8000809005f0 X00=0000000000000002 X01=0000000000000018 X02=ffff800082d15018 X03=ffff800082abef10 X04=f5f00000030e5880 X05=0000000000000037 X06=0000000000000020 X07=0000000000000000 X08=7f7f7f7f7f7f7f7f X09=ffff800082abef40 X10=0000000000000001 X11=ffff80008977b090 X12=ffff8000829ff3c0 X13=ffff80008977ae5d X14=ffff80008977ae68 X15=ffff80008977acd0 X16=0000000000006200 X17=ffff8000828ffa60 X18=00000000ffffffff X19=f6f0000003043005 X20=ffff800080900794 X21=f5f00000030e5880 X22=f6f0000003043061 X23=0000000000000000 X24=0000000000000000 X25=ffff8000829211f0 X26=00000000000000c0 X27=ffff80008267c000 X28=ffffffffffffffff X29=ffff80008977af80 X30=ffff8000809007bc SP=ffff80008977af80 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2525252525252525:2525252525252525 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000756c6c2570:6f6f6c2f7665642f Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:fff000f0000000f0 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff000000ff00:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:fff000f000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bb448243222c92da:e3914ed4e87380b0 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffca6be3b0:0000ffffca6be3b0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffca6be380 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000