last executing test programs: 14.118173524s ago: executing program 1 (id=47): socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c) connect$inet6(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0xc3, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x7c, 0x10, 0x1, 0x0, 0xeffffffc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0xd}, {0xe, 0x7}}, [@TCA_RATE={0x6}, @TCA_STAB={0x50, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}, {{0x1c, 0x1, {0x8, 0x80, 0x8, 0x6, 0x2, 0x4, 0x3, 0x3}}, {0xa, 0x2, [0x7, 0xc, 0x80]}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x400c010}, 0x0) 13.967361624s ago: executing program 1 (id=48): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x30, 0x68, 0x1, 0x100003, 0x25dfdbfc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0x4}, @NHA_GROUP_TYPE={0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) 13.861221071s ago: executing program 1 (id=49): syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mounts\x00') openat$incfs(r0, &(0x7f0000000000)='.log\x00', 0x101942, 0x80) 13.760849977s ago: executing program 1 (id=50): setns(0xffffffffffffffff, 0x66020000) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x80001) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 13.651173695s ago: executing program 1 (id=51): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1a003}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x6) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local}) 13.311062067s ago: executing program 1 (id=52): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) acct(&(0x7f0000000080)='./cgroup.cpu/cpuset.cpus\x00') sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) 13.310840717s ago: executing program 32 (id=52): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) acct(&(0x7f0000000080)='./cgroup.cpu/cpuset.cpus\x00') sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) 1.178468492s ago: executing program 0 (id=87): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="0000000000004a641c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001140)=@newlink={0x40, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x740}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast1}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000) 902.48015ms ago: executing program 0 (id=88): syz_emit_ethernet(0x5e, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x28, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x2, 0x0, 0x0, 0x0, {[@nop, @generic={0x13, 0xc, "1d64b1db738a9a682813"}, @generic={0x2, 0x4, "d32c"}]}}}}}}}}, 0x0) 790.468618ms ago: executing program 0 (id=89): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd23, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x20040084) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newqdisc={0x94, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffe00, {0x0, 0x0, 0x0, r6, {0x8}, {0xffff}, {0xfff2, 0xffe1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0xe, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x3, 0xf, 0x6, 0x6, 0x1, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x5, 0x7fff, 0x2002, 0x2, 0x4, 0x2, 0xd06, 0xff05, 0x8000, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0x2, 0x5, 0x2, 0xfff5, 0x4, 0x8, 0x7, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1, 0x1]}}]}}, @TCA_RATE={0x6, 0x5, {0x2, 0x4}}]}, 0x94}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) 221.030185ms ago: executing program 0 (id=90): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0xd2}]}, &(0x7f0000000180)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x8}, 0x94) 120.905792ms ago: executing program 0 (id=91): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x5, &(0x7f00000000c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7d}, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000880)={r0, 0x0, 0xe, 0x0, &(0x7f0000000640)="c1dfb080cd21d308098e00000800", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 0s ago: executing program 0 (id=92): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xb, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x8}, [@generic={0x91, 0x1, 0x1}]}, &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:19114' (ED25519) to the list of known hosts. syzkaller login: [ 79.283009][ T3316] cgroup: Unknown subsys name 'net' [ 79.457875][ T3316] cgroup: Unknown subsys name 'cpuset' [ 79.480941][ T3316] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 79.971204][ T3316] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.981154][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.046910][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.144627][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.200715][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.213208][ T3322] hsr_slave_0: entered promiscuous mode [ 90.223294][ T3322] hsr_slave_1: entered promiscuous mode [ 90.406833][ T3321] hsr_slave_0: entered promiscuous mode [ 90.412160][ T3321] hsr_slave_1: entered promiscuous mode [ 90.417337][ T3321] debugfs: 'hsr0' already exists in 'hsr' [ 90.419235][ T3321] Cannot create hsr debugfs directory [ 91.279545][ T3322] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.338978][ T3322] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.397581][ T3322] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.445071][ T3322] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.553986][ T3321] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.592439][ T3321] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.625928][ T3321] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.663620][ T3321] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.503118][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.839612][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.245094][ T3322] veth0_vlan: entered promiscuous mode [ 96.284981][ T3322] veth1_vlan: entered promiscuous mode [ 96.414849][ T3322] veth0_macvtap: entered promiscuous mode [ 96.442427][ T3322] veth1_macvtap: entered promiscuous mode [ 96.673875][ T66] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.674982][ T66] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.675149][ T66] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.675289][ T66] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.752318][ T3321] veth0_vlan: entered promiscuous mode [ 96.909016][ T3321] veth1_vlan: entered promiscuous mode [ 97.091735][ T3321] veth0_macvtap: entered promiscuous mode [ 97.150585][ T3321] veth1_macvtap: entered promiscuous mode [ 97.308478][ T3322] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.337512][ T991] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.348126][ T991] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.349855][ T991] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.363705][ T991] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.154430][ T3487] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7'. [ 103.148804][ T3511] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18'. [ 104.001897][ T3518] xt_recent: hitcount (4294967293) is larger than allowed maximum (65535) [ 104.208694][ T3522] netlink: 'syz.1.23': attribute type 4 has an invalid length. [ 104.258459][ T3522] netlink: 'syz.1.23': attribute type 4 has an invalid length. [ 111.915114][ T3544] Illegal XDP return value 14 on prog (id 4) dev N/A, expect packet loss! [ 112.280141][ T3550] IPv6: NLM_F_REPLACE set, but no existing node found! [ 112.411717][ T3552] af_packet: tpacket_rcv: packet too big, clamped from 3989 to 3944. macoff=96 [ 115.516582][ T3563] netlink: 'syz.0.38': attribute type 9 has an invalid length. [ 116.469999][ T3579] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 116.598362][ T3581] netlink: 'syz.1.47': attribute type 17 has an invalid length. [ 117.445312][ T2149] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.528506][ T2149] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.586681][ T2149] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.643612][ T2149] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.552144][ T2149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 118.589195][ T2149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 118.632503][ T2149] bond0 (unregistering): Released all slaves [ 118.783431][ T2149] hsr_slave_0: left promiscuous mode [ 118.813338][ T2149] hsr_slave_1: left promiscuous mode [ 118.897985][ T2149] veth1_macvtap: left promiscuous mode [ 118.898674][ T2149] veth0_macvtap: left promiscuous mode [ 118.917292][ T2149] veth1_vlan: left promiscuous mode [ 118.917979][ T2149] veth0_vlan: left promiscuous mode [ 119.865720][ T3604] Zero length message leads to an empty skb [ 122.796826][ T3590] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 122.815323][ T3590] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 123.743935][ T3679] syzkaller0: tun_chr_ioctl cmd 62743 [ 123.766547][ T3679] syzkaller0: tun_chr_ioctl cmd 2147767506 [ 125.149031][ T2149] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.202881][ T2149] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.240199][ T2149] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.240708][ T2149] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.492110][ T3590] hsr_slave_0: entered promiscuous mode [ 125.495101][ T3590] hsr_slave_1: entered promiscuous mode [ 126.387256][ T3590] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 126.421462][ T3590] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 126.480043][ T3590] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 126.509499][ T3590] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 127.682846][ T3590] 8021q: adding VLAN 0 to HW filter on device bond0 [ 129.460445][ T3755] netlink: 12 bytes leftover after parsing attributes in process `syz.0.87'. [ 129.601785][ T3755] sit1: entered promiscuous mode [ 129.602891][ T3755] sit1: entered allmulticast mode [ 129.605119][ T3755] bond1: (slave sit1): The slave device specified does not support setting the MAC address [ 129.612200][ T3755] bond1: (slave sit1): Error -95 calling set_mac_address [ 130.703244][ T3781] ================================================================== [ 130.707278][ T3781] BUG: KASAN: invalid-access in __memcpy+0xc/0x54 [ 130.709998][ T3781] Write at addr faff800086159180 by task syz.0.92/3781 [ 130.710557][ T3781] Pointer tag: [fa], memory tag: [fe] [ 130.710638][ T3781] [ 130.711447][ T3781] CPU: 1 UID: 0 PID: 3781 Comm: syz.0.92 Not tainted syzkaller #0 PREEMPT [ 130.711805][ T3781] Hardware name: linux,dummy-virt (DT) [ 130.712102][ T3781] Call trace: [ 130.712434][ T3781] show_stack+0x18/0x24 (C) [ 130.712779][ T3781] dump_stack_lvl+0x78/0x90 [ 130.712890][ T3781] print_report+0x108/0x61c [ 130.712949][ T3781] kasan_report+0x88/0xac [ 130.712997][ T3781] __do_kernel_fault+0x170/0x1c8 [ 130.713048][ T3781] do_bad_area+0x68/0x78 [ 130.713097][ T3781] do_tag_check_fault+0x34/0x44 [ 130.713183][ T3781] do_mem_abort+0x44/0x94 [ 130.713233][ T3781] el1_abort+0x44/0x68 [ 130.713285][ T3781] el1h_64_sync_handler+0x50/0xac [ 130.713333][ T3781] el1h_64_sync+0x6c/0x70 [ 130.713499][ T3781] __memcpy+0xc/0x54 (P) [ 130.713555][ T3781] convert_ctx_accesses+0x698/0xb2c [ 130.713609][ T3781] bpf_check+0x1374/0x293c [ 130.713659][ T3781] bpf_prog_load+0x63c/0xd40 [ 130.713705][ T3781] __sys_bpf+0x2e0/0x1a88 [ 130.713749][ T3781] __arm64_sys_bpf+0x24/0x34 [ 130.713796][ T3781] invoke_syscall+0x48/0x110 [ 130.713848][ T3781] el0_svc_common.constprop.0+0x40/0xe0 [ 130.713897][ T3781] do_el0_svc+0x1c/0x28 [ 130.713947][ T3781] el0_svc+0x34/0x128 [ 130.713996][ T3781] el0t_64_sync_handler+0xa0/0xe4 [ 130.714073][ T3781] el0t_64_sync+0x1a4/0x1a8 [ 130.714347][ T3781] [ 130.714647][ T3781] The buggy address belongs to a 1-page vmalloc region starting at 0xfaff800086159000 allocated at bpf_check+0x8c/0x293c [ 130.716455][ T3781] The buggy address belongs to the physical page: [ 130.716867][ T3781] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4528b [ 130.717273][ T3781] flags: 0x1ffd40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x5) [ 130.718362][ T3781] raw: 01ffd40000000000 0000000000000000 dead000000000122 0000000000000000 [ 130.718427][ T3781] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 130.718567][ T3781] page dumped because: kasan: bad access detected [ 130.718618][ T3781] [ 130.718651][ T3781] Memory state around the buggy address: [ 130.719154][ T3781] Unable to handle kernel paging request at virtual address ffff800086158f00 [ 130.719278][ T3781] Mem abort info: [ 130.719317][ T3781] ESR = 0x0000000096000007 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 130.719393][ T3781] EC = 0x25: DABT (current EL), IL = 32 bits [ 130.719455][ T3781] SET = 0, FnV = 0 [ 130.719523][ T3781] EA = 0, S1PTW = 0 [ 130.719580][ T3781] FSC = 0x07: level 3 translation fault [ 130.719647][ T3781] Data abort info: [ 130.719692][ T3781] ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000 [ 130.719747][ T3781] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 130.719807][ T3781] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 130.719952][ T3781] swapper pgtable: 4k pages, 52-bit VAs, pgdp=0000000042a58000 [ 130.720035][ T3781] [ffff800086158f00] pgd=1000000042fcc003, p4d=1000000042fcd003, pud=1000000042fce003, pmd=10000000452f0403, pte=0000000000000000 [ 130.721832][ T3781] Internal error: Oops: 0000000096000007 [#1] SMP [ 130.745426][ T3781] Modules linked in: [ 130.746674][ T3781] CPU: 1 UID: 0 PID: 3781 Comm: syz.0.92 Not tainted syzkaller #0 PREEMPT [ 130.747799][ T3781] Hardware name: linux,dummy-virt (DT) [ 130.748460][ T3781] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 130.749029][ T3781] pc : kasan_metadata_fetch_row+0xc/0x28 [ 130.750209][ T3781] lr : print_report+0x29c/0x61c [ 130.750623][ T3781] sp : ffff80008612b5e0 [ 130.750962][ T3781] x29: ffff80008612b5e0 x28: f4f0000003de4200 x27: f4ff800086157060 [ 130.751723][ T3781] x26: 0000000000000060 x25: ffff800082517f10 x24: ffff800082517f18 [ 130.752391][ T3781] x23: ffff800086159180 x22: ffff8000824e87f0 x21: ffff800086159000 [ 130.753026][ T3781] x20: 00000000fffffffe x19: ffff800086158f00 x18: 0000000000000010 [ 130.753657][ T3781] x17: 0000000000000000 x16: 0000000000006400 x15: ffff80008612b460 [ 130.754505][ T3781] x14: ffff80008612b65c x13: ffff80008612b649 x12: ffff800082adf268 [ 130.755720][ T3781] x11: 0000000000000001 x10: 0000000000000001 x9 : 000000000002ffe8 [ 130.757014][ T3781] x8 : f4f0000003de4200 x7 : 0000000000000010 x6 : ffff800081ce18c0 [ 130.757736][ T3781] x5 : 0000000000000030 x4 : 0000000000000002 x3 : ffff800086159000 [ 130.758515][ T3781] x2 : ffff800086158f00 x1 : ffff800086158f10 x0 : ffff80008612b638 [ 130.759590][ T3781] Call trace: [ 130.760288][ T3781] kasan_metadata_fetch_row+0xc/0x28 (P) [ 130.761083][ T3781] kasan_report+0x88/0xac [ 130.761866][ T3781] __do_kernel_fault+0x170/0x1c8 [ 130.762573][ T3781] do_bad_area+0x68/0x78 [ 130.762925][ T3781] do_tag_check_fault+0x34/0x44 [ 130.763289][ T3781] do_mem_abort+0x44/0x94 [ 130.763659][ T3781] el1_abort+0x44/0x68 [ 130.764010][ T3781] el1h_64_sync_handler+0x50/0xac [ 130.764401][ T3781] el1h_64_sync+0x6c/0x70 [ 130.764954][ T3781] __memcpy+0xc/0x54 (P) [ 130.765334][ T3781] convert_ctx_accesses+0x698/0xb2c [ 130.765739][ T3781] bpf_check+0x1374/0x293c [ 130.766400][ T3781] bpf_prog_load+0x63c/0xd40 [ 130.766778][ T3781] __sys_bpf+0x2e0/0x1a88 [ 130.767307][ T3781] __arm64_sys_bpf+0x24/0x34 [ 130.767640][ T3781] invoke_syscall+0x48/0x110 [ 130.767964][ T3781] el0_svc_common.constprop.0+0x40/0xe0 [ 130.768447][ T3781] do_el0_svc+0x1c/0x28 [ 130.768751][ T3781] el0_svc+0x34/0x128 [ 130.769026][ T3781] el0t_64_sync_handler+0xa0/0xe4 [ 130.769337][ T3781] el0t_64_sync+0x1a4/0x1a8 [ 130.770040][ T3781] Code: d65f03c0 91040023 aa0103e2 91004021 (d9600042) [ 130.771144][ T3781] ---[ end trace 0000000000000000 ]--- [ 130.772096][ T3781] Kernel panic - not syncing: Oops: Fatal exception [ 130.772784][ T3781] SMP: stopping secondary CPUs [ 130.773856][ T3781] Kernel Offset: disabled [ 130.774173][ T3781] CPU features: 0x000000,00068cc1,7ef8cf80,957fff3f [ 130.774819][ T3781] Memory Limit: none [ 130.776044][ T3781] Rebooting in 86400 seconds.. VM DIAGNOSIS: 12:49:48 Registers: info registers vcpu 0 CPU#0 PC=ffff800080758788 X00=fff000007b0dabf0 X01=ffff800082deafc0 X02=0000000000000025 X03=00000000dc8edabf X04=0000000000000003 X05=0000000000000009 X06=0000000000000009 X07=f6f000000686e65c X08=0000000000000128 X09=000000000000000a X10=0000000000000000 X11=0000000000000000 X12=0000000000000003 X13=0000000000000000 X14=000000000000035f X15=ffff800081bd4430 X16=ffff800082de8000 X17=fff07ffffcef4000 X18=0000000000000001 X19=f5f0000008e2e400 X20=0000000000000820 X21=f1f0000003ead198 X22=f5f0000008e2e400 X23=000000000000ffff X24=0000000000000004 X25=f1f0000003ead000 X26=ffff80008272cf58 X27=0000000000000000 X28=00000000000329d8 X29=ffff800082deb2b0 X30=ffff8000816c6bfc SP=ffff800082deb2b0 PSTATE=20402009 --C- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00524f5252450040:0000000000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00524f5252450040:0000000000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffdcc3efa0:0000ffffdcc3efa0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffdcc3ef70 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff8000809305b4 X00=ffff800082e15000 X01=0000000000000002 X02=0000000000000000 X03=ffff800082badf28 X04=f2f00000030e5880 X05=0000000000000030 X06=000000000000003a X07=0000000000000000 X08=7f7f7f7f7f7f7f7f X09=ffff800082badf58 X10=0000000000000001 X11=ffff80008612b100 X12=ffff800082adf268 X13=ffff80008612aedd X14=ffff80008612aee8 X15=ffff80008612ad50 X16=0000000000006400 X17=0000000000000000 X18=00000000ffffffff X19=f2f0000003043006 X20=ffff80008093056c X21=f2f00000030e5880 X22=f2f0000003043023 X23=0000000000000000 X24=0000000000000000 X25=00000000000000c0 X26=ffffffffffffffff X27=ffff800082751000 X28=ffffffffffffffff X29=ffff80008612b000 X30=ffff800080930594 SP=ffff80008612b000 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:e9b5dba5b5c0fbcf:71374491428a2f98 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ab1c5ed5923f82a4:59f111f13956c25b Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:550c7dc3243185be:12835b01d807aa98 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c19bf1749bdc06a7:80deb1fe72be5d74 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:240ca1cc0fc19dc6:efbe4786e49b69c1 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:76f988da5cb0a9dc:4a7484aa2de92c6f Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bf597fc7b00327c8:a831c66d983e5152 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:1429296706ca6351:d5a79147c6e00bf3 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:53380d134d2c6dfc:2e1b213827b70a85 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:92722c8581c2c92e:766a0abb650a7354 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c76c51a3c24b8b70:a81a664ba2bfe8a1 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:106aa070f40e3585:d6990624d192e819 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:34b0bcb52748774c:1e376c0819a4c116 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:682e6ff35b9cca4f:4ed8aa4a391c0cb3 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:8cc7020884c87814:78a5636f748f82ee Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c67178f2bef9a3f7:a4506ceb90befffa Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b375c495c93bdbe3:2177654deb2c724c Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:e5d010368444f1fb:f7e248e67806f91a Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:a965d9c6eb6cc225:d9979971db729f6a Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2d689d986395aa96:fb92e1f2dabf00bb Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d777c53de322d475:1167b8adcb2f1010 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:a68fac754fc640ad:3c40cfeeab2caa35 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:362cdbce70353a39:523cfce050022258 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f3da168a228f4e8d:9fe34edd6b7e00b5 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3227d003a6b3e103:56000a28612529a9 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:4aaedf5c30426702:a13b67625a1e57b6 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:5da39acb9366b177:af98e182740701e2 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000