last executing test programs: 8m28.230212981s ago: executing program 1 (id=31): socket$packet(0x11, 0x2, 0x300) 8m27.98586048s ago: executing program 1 (id=33): rt_sigreturn() 8m25.978349189s ago: executing program 1 (id=44): epoll_pwait2(0xffffffffffffffff, &(0x7f0000000000), 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 8m25.738222219s ago: executing program 1 (id=45): clock_adjtime(0x0, &(0x7f0000000000)) 8m25.647569432s ago: executing program 1 (id=47): signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 8m24.815793565s ago: executing program 1 (id=49): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 3.409164416s ago: executing program 0 (id=4332): r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0) fstat(r0, &(0x7f0000002980)) 3.228711732s ago: executing program 0 (id=4334): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x28, 0x0, 0x0, 0x0, 0x0, {{}, {}, {0xc, 0x14, 'syz0\x00'}}}, 0x28}}, 0x10) 2.976654752s ago: executing program 0 (id=4337): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0x80108906, 0x0) 2.810278519s ago: executing program 0 (id=4339): r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f00000001c0)={0x0, 0x0}) 738.03508ms ago: executing program 2 (id=4356): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000600)) 586.901206ms ago: executing program 2 (id=4357): r0 = syz_open_dev$vcsa(&(0x7f00000006c0), 0x1, 0x0) utimensat(r0, 0x0, 0x0, 0x0) 456.619251ms ago: executing program 2 (id=4358): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netstat\x00') write$P9_RCREATE(r0, 0x0, 0x0) 327.521566ms ago: executing program 2 (id=4359): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 190.489402ms ago: executing program 2 (id=4360): r0 = memfd_secret(0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) 96.690316ms ago: executing program 0 (id=4361): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)={0x14}, 0x14}}, 0x4000) 86.136266ms ago: executing program 2 (id=4362): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x17, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x8, 0x1, 0x7}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x80) fcntl$setflags(r0, 0x2, 0x0) 0s ago: executing program 0 (id=4363): r0 = socket$inet6_udp(0xa, 0x2, 0x0) fchownat(r0, &(0x7f0000000600)='\x00', 0x0, 0x0, 0x1000) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:58219' (ED25519) to the list of known hosts. syzkaller login: [ 130.613152][ T3310] cgroup: Unknown subsys name 'net' [ 130.874314][ T3310] cgroup: Unknown subsys name 'cpuset' [ 130.908595][ T3310] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 131.712898][ T3310] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 167.226080][ T3405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.329386][ T3405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.442653][ T3406] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.566942][ T3406] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.271851][ T3405] hsr_slave_0: entered promiscuous mode [ 169.283764][ T3405] hsr_slave_1: entered promiscuous mode [ 169.712591][ T3406] hsr_slave_0: entered promiscuous mode [ 169.721333][ T3406] hsr_slave_1: entered promiscuous mode [ 169.728474][ T3406] debugfs: 'hsr0' already exists in 'hsr' [ 169.733035][ T3406] Cannot create hsr debugfs directory [ 171.064307][ T3405] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 171.090634][ T3405] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 171.135536][ T3405] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 171.161367][ T3405] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 171.454885][ T3406] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 171.505375][ T3406] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 171.542132][ T3406] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 171.585609][ T3406] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 173.007129][ T3405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.327074][ T3406] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.148794][ T3405] veth0_vlan: entered promiscuous mode [ 178.216832][ T3405] veth1_vlan: entered promiscuous mode [ 178.428726][ T3405] veth0_macvtap: entered promiscuous mode [ 178.508496][ T3405] veth1_macvtap: entered promiscuous mode [ 178.551446][ T3406] veth0_vlan: entered promiscuous mode [ 178.718494][ T3406] veth1_vlan: entered promiscuous mode [ 178.778179][ T2331] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.787640][ T2331] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.824432][ T2331] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.825490][ T2331] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.190748][ T3406] veth0_macvtap: entered promiscuous mode [ 179.230842][ T3406] veth1_macvtap: entered promiscuous mode [ 179.347005][ T3405] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 179.494920][ T39] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.495688][ T39] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.496585][ T39] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.496971][ T39] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 181.912351][ T3593] syz.2.88 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 183.211113][ T3504] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 183.432884][ T3504] usb 1-1: Using ep0 maxpacket: 32 [ 183.520838][ T3504] usb 1-1: config 0 has an invalid interface number: 196 but max is 0 [ 183.521393][ T3504] usb 1-1: config 0 has no interface number 0 [ 183.522799][ T3504] usb 1-1: config 0 interface 196 has no altsetting 0 [ 183.637876][ T3504] usb 1-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 183.638546][ T3504] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.638771][ T3504] usb 1-1: Product: syz [ 183.638987][ T3504] usb 1-1: Manufacturer: syz [ 183.639203][ T3504] usb 1-1: SerialNumber: syz [ 183.737712][ T3504] usb 1-1: config 0 descriptor?? [ 184.040457][ T3504] ipheth 1-1:0.196: Unable to find endpoints [ 184.093671][ T3504] usb 1-1: USB disconnect, device number 2 [ 211.530770][ T4013] ======================================================= [ 211.530770][ T4013] WARNING: The mand mount option has been deprecated and [ 211.530770][ T4013] and is ignored by this kernel. Remove the mand [ 211.530770][ T4013] option from the mount to silence this warning. [ 211.530770][ T4013] ======================================================= [ 217.967082][ T4106] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 217.986452][ T4106] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 241.710197][ T934] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 241.950135][ T934] usb 1-1: not running at top speed; connect to a high speed hub [ 241.958610][ T934] usb 1-1: config 1 interface 0 altsetting 5 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 241.962891][ T934] usb 1-1: config 1 interface 0 has no altsetting 0 [ 242.013025][ T934] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 242.021576][ T934] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.027918][ T934] usb 1-1: Product: syz [ 242.040384][ T934] usb 1-1: Manufacturer: 먁㦘昉钇喤밥ꍤ肻帣렰ື뭶⍞⨄㧾ꠈᬧ㵹讌돐Ꙋ彶筯⨡瓏톺韺셲愣咨统웏ꊉ딯팜꾯현⅐첃젼ϗ칛圏Ἐꀾ㊂틨떊䭵蕃依䆁䭶檸ꯞ镃妗搚凹ꮯ૝ᤡ甬녻닐튺⒠ᄡ䠢퀱ᶘ쭖壯峅稜૚䓶糬棫專ᘣ㿆ᮭ테ኦ㧰뮮ﳁ讅㕐뚲䯵 [ 242.053876][ T934] usb 1-1: SerialNumber: syz [ 242.104967][ T4596] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 242.373178][ T934] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 242.423493][ T934] usb 1-1: USB disconnect, device number 3 [ 249.261278][ T4744] mmap: syz.0.645 (4744) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 255.648890][ T4897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 255.654627][ T4897] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 265.561443][ T5112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 265.582159][ T5112] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 307.267804][ T5993] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 307.276419][ T5993] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 320.003733][ T6154] could not allocate digest TFM handle ghash-clmulni [ 351.212172][ T6823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 351.235858][ T6823] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 369.512776][ T7162] can: request_module (can-proto-0) failed. [ 385.902307][ T7478] syz.2.1968 uses obsolete (PF_INET,SOCK_PACKET) [ 417.511055][ T40] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 417.751993][ T40] usb 1-1: unable to get BOS descriptor or descriptor too short [ 417.817654][ T40] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 417.818889][ T40] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 417.819203][ T40] usb 1-1: config 1 interface 1 has no altsetting 0 [ 417.946139][ T40] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 417.946770][ T40] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.947356][ T40] usb 1-1: Product: syz [ 417.947551][ T40] usb 1-1: Manufacturer: syz [ 417.947739][ T40] usb 1-1: SerialNumber: syz [ 418.314239][ T40] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor [ 418.315011][ T40] usb 1-1: found format II with max.bitrate = 2418, frame size=7 [ 418.315489][ T40] usb 1-1: 2:1: All rates were zero [ 418.663182][ T40] usb 1-1: USB disconnect, device number 4 [ 419.835763][ T3592] udevd[3592]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 425.438546][ T8220] capability: warning: `syz.2.2329' uses 32-bit capabilities (legacy support in use) [ 435.237794][ T8467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 435.254083][ T8467] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 450.854201][ T30] audit: type=1326 audit(450.580:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8782 comm="syz.0.2600" exe="/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a15b3a8 code=0x0 [ 462.748915][ T9007] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 462.757821][ T9007] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 477.564653][ T9299] Soft offlining pfn 0x42dd7 at process virtual address 0x20fff000 [ 477.654245][ T9299] Memory failure: 0x42dd7: unhandlable page. [ 506.360424][ T3091] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 506.549205][ T3091] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 506.549819][ T3091] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 506.551947][ T3091] usb 1-1: Product: syz [ 506.552071][ T3091] usb 1-1: Manufacturer: syz [ 506.552215][ T3091] usb 1-1: SerialNumber: syz [ 507.040502][ T3091] rtl8150 1-1:1.0: couldn't reset the device [ 507.041841][ T3091] rtl8150 1-1:1.0: probe with driver rtl8150 failed with error -5 [ 507.095420][ T3091] usb 1-1: USB disconnect, device number 5 [ 519.984978][T10157] can: request_module (can-proto-4) failed. [ 522.920847][ T3555] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 523.120768][ T3555] usb 1-1: Using ep0 maxpacket: 16 [ 523.157693][ T3555] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 523.162523][ T3555] usb 1-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 523.165972][ T3555] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.198930][ T3555] usb 1-1: config 0 descriptor?? [ 523.457424][ T3555] usbhid 1-1:0.0: can't add hid device: -71 [ 523.461442][ T3555] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 523.481177][ T3555] usb 1-1: USB disconnect, device number 6 [ 527.671567][T10303] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 546.870770][T10695] can: request_module (can-proto-0) failed. [ 555.670683][ T934] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 555.863410][ T934] usb 1-1: Using ep0 maxpacket: 16 [ 555.945544][ T934] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 156, changing to 11 [ 555.953338][ T934] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8 [ 555.961244][ T934] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 556.009217][ T934] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 556.015777][ T934] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 556.021802][ T934] usb 1-1: Product: syz [ 556.025428][ T934] usb 1-1: Manufacturer: syz [ 556.030444][ T934] usb 1-1: SerialNumber: syz [ 556.320254][ T934] cdc_ncm 1-1:1.0: bind() failure [ 556.335314][ T934] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 556.336814][ T934] cdc_ncm 1-1:1.1: bind() failure [ 556.348023][ T934] usb 1-1: USB disconnect, device number 7 [ 572.218877][T11101] Injecting memory failure for pfn 0x42dd7 at process virtual address 0x20ff9000 [ 572.227052][T11101] Memory failure: 0x42dd7: recovery action for reserved kernel page: Ignored [ 601.647375][T11565] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 606.930803][ T934] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 607.133541][ T934] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 607.146513][ T934] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 607.243876][ T934] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 607.246044][ T934] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 607.250075][ T934] usb 1-1: Product: syz [ 607.252155][ T934] usb 1-1: Manufacturer: syz [ 607.254301][ T934] usb 1-1: SerialNumber: syz [ 607.523517][ T934] usb 1-1: selecting invalid altsetting 1 [ 607.532418][ T934] cdc_ncm 1-1:1.0: bind() failure [ 607.575660][ T934] cdc_ncm 1-1:1.1: skipping garbage [ 607.586099][ T934] cdc_ncm 1-1:1.1: invalid descriptor buffer length [ 607.597306][ T934] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 607.610805][ T934] cdc_ncm 1-1:1.1: bind() failure [ 607.647187][ T934] usb 1-1: USB disconnect, device number 8 [ 622.016155][T11897] Zero length message leads to an empty skb [ 653.014391][T12437] ================================================================== [ 653.016683][T12437] BUG: KASAN: invalid-access in __memcpy+0xc/0x54 [ 653.018164][T12437] Write at addr f2ff8000831bd1b8 by task syz.2.4362/12437 [ 653.018534][T12437] Pointer tag: [f2], memory tag: [fe] [ 653.018618][T12437] [ 653.019076][T12437] CPU: 0 UID: 0 PID: 12437 Comm: syz.2.4362 Not tainted syzkaller #0 PREEMPT [ 653.019396][T12437] Hardware name: linux,dummy-virt (DT) [ 653.019678][T12437] Call trace: [ 653.019929][T12437] show_stack+0x18/0x24 (C) [ 653.020297][T12437] dump_stack_lvl+0x78/0x90 [ 653.020452][T12437] print_report+0x108/0x61c [ 653.020573][T12437] kasan_report+0x88/0xac [ 653.020687][T12437] __do_kernel_fault+0x170/0x1c8 [ 653.020804][T12437] do_bad_area+0x68/0x78 [ 653.020920][T12437] do_tag_check_fault+0x34/0x44 [ 653.021291][T12437] do_mem_abort+0x44/0x94 [ 653.021411][T12437] el1_abort+0x44/0x68 [ 653.021528][T12437] el1h_64_sync_handler+0x50/0xac [ 653.021643][T12437] el1h_64_sync+0x6c/0x70 [ 653.021827][T12437] __memcpy+0xc/0x54 (P) [ 653.021945][T12437] convert_ctx_accesses+0x694/0xb28 [ 653.022066][T12437] bpf_check+0x1330/0x2a04 [ 653.022210][T12437] bpf_prog_load+0x63c/0xcd0 [ 653.022332][T12437] __sys_bpf+0x2e0/0x1a88 [ 653.022448][T12437] __arm64_sys_bpf+0x24/0x34 [ 653.022563][T12437] invoke_syscall+0x48/0x110 [ 653.022680][T12437] el0_svc_common.constprop.0+0x40/0xe0 [ 653.022817][T12437] do_el0_svc+0x1c/0x28 [ 653.022934][T12437] el0_svc+0x34/0x10c [ 653.023052][T12437] el0t_64_sync_handler+0xa0/0xe4 [ 653.023184][T12437] el0t_64_sync+0x1a4/0x1a8 [ 653.023516][T12437] [ 653.023758][T12437] The buggy address belongs to a 1-page vmalloc region starting at 0xf2ff8000831bd000 allocated at bpf_check+0x88/0x2a04 [ 653.024829][T12437] The buggy address belongs to the physical page: [ 653.025076][T12437] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c36a [ 653.025377][T12437] flags: 0x1fff40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xd) [ 653.026067][T12437] raw: 01fff40000000000 0000000000000000 dead000000000122 0000000000000000 [ 653.026175][T12437] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 653.026300][T12437] page dumped because: kasan: bad access detected [ 653.026360][T12437] [ 653.026406][T12437] Memory state around the buggy address: [ 653.026717][T12437] Unable to handle kernel paging request at virtual address ffff8000831bcf00 [ 653.026862][T12437] Mem abort info: [ 653.026938][T12437] ESR = 0x0000000096000007 [ 653.027026][T12437] EC = 0x25: DABT (current EL), IL = 32 bits [ 653.027108][T12437] SET = 0, FnV = 0 [ 653.027172][T12437] EA = 0, S1PTW = 0 [ 653.027248][T12437] FSC = 0x07: level 3 translation fault [ 653.027325][T12437] Data abort info: [ 653.027378][T12437] ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000 [ 653.027444][T12437] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 653.027523][T12437] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 653.027694][T12437] swapper pgtable: 4k pages, 52-bit VAs, pgdp=000000004298c000 [ 653.027802][T12437] [ffff8000831bcf00] pgd=1000000042ebc003, p4d=1000000042ebd003, pud=1000000042ebe003, pmd=10000000439eb403, pte=0000000000000000 [ 653.028965][T12437] Internal error: Oops: 0000000096000007 [#1] SMP [ 653.064510][T12437] Modules linked in: [ 653.065594][T12437] CPU: 0 UID: 0 PID: 12437 Comm: syz.2.4362 Not tainted syzkaller #0 PREEMPT [ 653.066682][T12437] Hardware name: linux,dummy-virt (DT) [ 653.067478][T12437] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 653.068439][T12437] pc : kasan_metadata_fetch_row+0xc/0x28 [ 653.069709][T12437] lr : print_report+0x29c/0x61c [ 653.070550][T12437] sp : ffff800088c035e0 [ 653.071063][T12437] x29: ffff800088c035e0 x28: f8f000000b30b840 x27: f9ff80008322d060 [ 653.072271][T12437] x26: 0000000000000058 x25: ffff8000824531a0 x24: ffff8000824531a8 [ 653.073274][T12437] x23: ffff8000831bd1b8 x22: ffff800082423c58 x21: ffff8000831bd000 [ 653.074297][T12437] x20: 00000000fffffffe x19: ffff8000831bcf00 x18: 0000000000000010 [ 653.075624][T12437] x17: 0000000000000000 x16: 0000000000006200 x15: ffff800088c03460 [ 653.076684][T12437] x14: ffff800088c0365c x13: ffff800088c03649 x12: ffff8000829ff540 [ 653.077707][T12437] x11: 0000000000000001 x10: 0000000000000001 x9 : 000000000002ffe8 [ 653.078785][T12437] x8 : f8f000000b30b840 x7 : 0000000000000010 x6 : ffff800081c803f0 [ 653.079979][T12437] x5 : 0000000000000030 x4 : 0000000000000002 x3 : ffff8000831bd000 [ 653.080817][T12437] x2 : ffff8000831bcf00 x1 : ffff8000831bcf10 x0 : ffff800088c03638 [ 653.081690][T12437] Call trace: [ 653.082193][T12437] kasan_metadata_fetch_row+0xc/0x28 (P) [ 653.082837][T12437] kasan_report+0x88/0xac [ 653.083356][T12437] __do_kernel_fault+0x170/0x1c8 [ 653.083857][T12437] do_bad_area+0x68/0x78 [ 653.084310][T12437] do_tag_check_fault+0x34/0x44 [ 653.084732][T12437] do_mem_abort+0x44/0x94 [ 653.085143][T12437] el1_abort+0x44/0x68 [ 653.085585][T12437] el1h_64_sync_handler+0x50/0xac [ 653.086182][T12437] el1h_64_sync+0x6c/0x70 [ 653.086673][T12437] __memcpy+0xc/0x54 (P) [ 653.087096][T12437] convert_ctx_accesses+0x694/0xb28 [ 653.087539][T12437] bpf_check+0x1330/0x2a04 [ 653.087987][T12437] bpf_prog_load+0x63c/0xcd0 [ 653.088512][T12437] __sys_bpf+0x2e0/0x1a88 [ 653.088967][T12437] __arm64_sys_bpf+0x24/0x34 [ 653.089442][T12437] invoke_syscall+0x48/0x110 [ 653.090051][T12437] el0_svc_common.constprop.0+0x40/0xe0 [ 653.090520][T12437] do_el0_svc+0x1c/0x28 [ 653.090924][T12437] el0_svc+0x34/0x10c [ 653.091476][T12437] el0t_64_sync_handler+0xa0/0xe4 [ 653.092241][T12437] el0t_64_sync+0x1a4/0x1a8 [ 653.093478][T12437] Code: d65f03c0 91040023 aa0103e2 91004021 (d9600042) [ 653.094941][T12437] ---[ end trace 0000000000000000 ]--- [ 653.096174][T12437] Kernel panic - not syncing: Oops: Fatal exception [ 653.097314][T12437] SMP: stopping secondary CPUs [ 653.098868][T12437] Kernel Offset: disabled [ 653.099524][T12437] CPU features: 0x000000,0000d198,2fbe33e0,557ffebf [ 653.101348][T12437] Memory Limit: none [ 653.102387][T12437] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:06:33 Registers: info registers vcpu 0 CPU#0 PC=ffff8000808f8bd0 X00=0000000000000002 X01=0000000000000018 X02=ffff800082d05018 X03=ffff800082abf090 X04=fdf00000030dd880 X05=0000000000000050 X06=0000000000000020 X07=0000000000000000 X08=7f7f7f7f7f7f7f7f X09=ffff800082abf0c0 X10=0000000000000001 X11=ffff800088c03080 X12=ffff8000829ff540 X13=ffff800088c02e4d X14=ffff800088c02e58 X15=ffff800088c02cc0 X16=0000000000006200 X17=0000000000000000 X18=00000000ffffffff X19=f0f0000003043026 X20=ffff8000808f8c80 X21=fdf00000030dd880 X22=f0f0000003043063 X23=0000000000000000 X24=0000000000000000 X25=ffff8000829211f0 X26=00000000000000c0 X27=0000000000000000 X28=ffffffffffffffff X29=ffff800088c02f70 X30=ffff8000808f8ca8 SP=ffff800088c02f70 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:e9b5dba5b5c0fbcf:71374491428a2f98 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ab1c5ed5923f82a4:59f111f13956c25b Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:550c7dc3243185be:12835b01d807aa98 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c19bf1749bdc06a7:80deb1fe72be5d74 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:240ca1cc0fc19dc6:efbe4786e49b69c1 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:76f988da5cb0a9dc:4a7484aa2de92c6f Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bf597fc7b00327c8:a831c66d983e5152 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:1429296706ca6351:d5a79147c6e00bf3 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:53380d134d2c6dfc:2e1b213827b70a85 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:92722c8581c2c92e:766a0abb650a7354 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c76c51a3c24b8b70:a81a664ba2bfe8a1 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:106aa070f40e3585:d6990624d192e819 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:34b0bcb52748774c:1e376c0819a4c116 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:682e6ff35b9cca4f:4ed8aa4a391c0cb3 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:8cc7020884c87814:78a5636f748f82ee Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c67178f2bef9a3f7:a4506ceb90befffa Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ba9305b9bdf9399a:ba5ccd4a8c5ba54d Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c4986097fd93bca5:966bd7f9532398f8 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3a9a5dd59594862e:2cc68a849e4492c9 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ceff2b7e9703e6b8:f3eed8040ae4195e Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6444e07cb7aad874:ee28f7c283abe1a9 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2478d4ba936d723d:f379ce7d2ec43e33 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c7615fdd1a5cfe42:a56bedf312d415b7 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:9570a47055fd8aaf:983f44ef9ba31958 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bef4eb427b3be502:32c1493d19a1fb42 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c89807a173e99892:587465f1ddb5ebb4 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6d2573cf1d63a61e:7eb03129ff830a02 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff800080305314 X00=ffffc1ffc0218580 X01=ffffc1ffc0226308 X02=000000000000000c X03=0000000000001000 X04=0000000000000004 X05=00000000ffffff84 X06=0000000000000000 X07=0000000000000000 X08=ffff800088eb39b8 X09=0000000000000044 X10=0000ffffc0001000 X11=00000000000000f5 X12=0000ffffc1cfc000 X13=0000000000000002 X14=0000ffff9a370000 X15=0000000000000001 X16=ffff800082ce0000 X17=fff07ffffcfec000 X18=ffff800088eb3b70 X19=ffffc1ffc0218640 X20=000000000000000f X21=ffff800088eb393c X22=00000000000001fd X23=0000000000000001 X24=ffff800088eb39c0 X25=0000000000000014 X26=f1f000000e2f9010 X27=f2f000000b30adb8 X28=0000000000000001 X29=ffff800088eb38e0 X30=ffff800080305488 SP=ffff800088eb38e0 PSTATE=40402009 -Z-- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:742064656c696166:000000000000000a Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffffffffff00 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000000fffffff0 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3333333333333333:3333333333333333 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000000cccccc00 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaaaeffe7c90 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaaaeffe4f70 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffcdb01390:0000ffffcdb01390 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffcdb01360 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000