last executing test programs: 1.940552823s ago: executing program 1 (id=3993): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$MON_IOCX_MFETCH(r1, 0xc00c9207, 0x0) 1.861235874s ago: executing program 1 (id=3995): syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_RECVMSG={0xa, 0x14, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x12060, 0x1, {0x1}}) r0 = io_uring_setup(0x5751, &(0x7f0000000100)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x19, &(0x7f0000000300), 0x0) 1.721734731s ago: executing program 1 (id=3997): r0 = socket$nl_generic(0x10, 0x3, 0x10) getpeername(r0, &(0x7f0000000100)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, &(0x7f00000000c0)=0x80) flock(r1, 0x2) 1.618208844s ago: executing program 1 (id=3998): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$netlink(r0, &(0x7f0000000240)={0x2}, 0x10) 1.549518453s ago: executing program 1 (id=4000): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) r1 = dup(r0) ioctl$SIOCGETSGCNT_IN6(r1, 0x89e1, 0x0) 1.391017123s ago: executing program 1 (id=4002): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = fcntl$dupfd(r0, 0x0, r0) read$smackfs_ptrace(r1, &(0x7f0000000200), 0x14) 459.273771ms ago: executing program 0 (id=4015): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000300), &(0x7f0000000340)='%-010d \x00'}, 0x1c) ioctl$BTRFS_IOC_FS_INFO(r1, 0x5450, 0x0) 376.436112ms ago: executing program 0 (id=4016): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = dup(r0) getsockopt$bt_hci(r1, 0x0, 0x2, 0x0, &(0x7f0000000000)) 278.269735ms ago: executing program 0 (id=4017): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8953, &(0x7f00000000c0)={0x2, 'team_slave_0\x00', {0x2000000}, 0x9c}) 168.499738ms ago: executing program 0 (id=4018): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14}, 0x14}}, 0x0) 79.27181ms ago: executing program 0 (id=4019): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000002, 0x13, r0, 0x0) mmap(&(0x7f0000ff8000/0x5000)=nil, 0x5000, 0xb635773f06ebbeee, 0x20010, r0, 0x0) 0s ago: executing program 0 (id=4020): mkdirat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2\x00', 0x1ff) r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder-control\x00', 0x186d, 0x408) write$P9_RCREATE(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:15740' (ED25519) to the list of known hosts. syzkaller login: [ 69.442260][ T3293] cgroup: Unknown subsys name 'net' [ 69.582425][ T3293] cgroup: Unknown subsys name 'cpuset' [ 69.596730][ T3293] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 70.081406][ T3293] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 77.757630][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.772284][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.785316][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.834687][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.744014][ T3313] hsr_slave_0: entered promiscuous mode [ 78.751493][ T3313] hsr_slave_1: entered promiscuous mode [ 78.917838][ T3314] hsr_slave_0: entered promiscuous mode [ 78.923821][ T3314] hsr_slave_1: entered promiscuous mode [ 78.933239][ T3314] debugfs: 'hsr0' already exists in 'hsr' [ 78.936775][ T3314] Cannot create hsr debugfs directory [ 79.854021][ T3313] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.883502][ T3313] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.908951][ T3313] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.943161][ T3313] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.137183][ T3314] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.168122][ T3314] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.211774][ T3314] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.235160][ T3314] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.963618][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.114088][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.633590][ T3313] veth0_vlan: entered promiscuous mode [ 83.667219][ T3313] veth1_vlan: entered promiscuous mode [ 83.772665][ T3313] veth0_macvtap: entered promiscuous mode [ 83.794560][ T3313] veth1_macvtap: entered promiscuous mode [ 83.899407][ T1017] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.899806][ T1017] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.899877][ T1017] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.899937][ T1017] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.133076][ T3314] veth0_vlan: entered promiscuous mode [ 84.168636][ T3314] veth1_vlan: entered promiscuous mode [ 84.229155][ T3313] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 84.293183][ T3314] veth0_macvtap: entered promiscuous mode [ 84.313797][ T3314] veth1_macvtap: entered promiscuous mode [ 84.654508][ T797] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.655928][ T797] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.661135][ T797] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.662491][ T797] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.168247][ T3474] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 87.652957][ T3532] Zero length message leads to an empty skb [ 88.331079][ T3550] capability: warning: `syz.0.43' uses 32-bit capabilities (legacy support in use) [ 98.698805][ T3784] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 99.894937][ T3814] capability: warning: `syz.1.171' uses deprecated v2 capabilities in a way that may be insecure [ 119.375016][ T4217] binfmt_misc: register: failed to install interpreter file ./file0/../file0 [ 119.561240][ T4222] rdma_op 00000000296b9581 conn xmit_rdma 0000000000000000 [ 128.217201][ T30] audit: type=1326 audit(128.050:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4455 comm="syz.1.482" exe="/syz-executor" sig=31 arch=c00000b7 syscall=172 compat=0 ip=0xffffbc153d8c code=0x0 [ 136.891951][ T4656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.581'. [ 146.008330][ T4914] random: crng reseeded on system resumption [ 164.075391][ T5375] random: crng reseeded on system resumption [ 169.847388][ T5525] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1007'. [ 177.309702][ T5709] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1097'. [ 177.311924][ T5709] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1097'. [ 220.387095][ T6755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.391360][ T6755] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 221.280152][ T6780] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1626'. [ 221.453457][ T6785] ucma_write: process 1601 (syz.1.1628) changed security contexts after opening file descriptor, this is not allowed. [ 221.788075][ T6799] ======================================================= [ 221.788075][ T6799] WARNING: The mand mount option has been deprecated and [ 221.788075][ T6799] and is ignored by this kernel. Remove the mand [ 221.788075][ T6799] option from the mount to silence this warning. [ 221.788075][ T6799] ======================================================= [ 232.527310][ T3421] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 232.743243][ T3421] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 232.744379][ T3421] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 232.744669][ T3421] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 232.744887][ T3421] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 232.745190][ T3421] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 232.804265][ T3421] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 232.804888][ T3421] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 232.808334][ T3421] usb 1-1: Product: syz [ 232.809629][ T3421] usb 1-1: Manufacturer: syz [ 232.809914][ T3421] usb 1-1: SerialNumber: syz [ 232.823352][ T3421] usb 1-1: config 0 descriptor?? [ 233.075565][ T3421] usb 1-1: USB disconnect, device number 2 [ 233.660760][ T7057] binder_alloc: binder_alloc_mmap_handler: 7056 20ffe000-20fff000 already mapped failed -16 [ 252.863916][ T7494] mmap: syz.1.1976 (7494) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 252.865397][ T7494] binder_alloc: binder_alloc_mmap_handler: 7493 20ffc000-20ffd000 already mapped failed -16 [ 276.697410][ T8081] 8021q: VLANs not supported on vcan0 [ 276.791307][ T8083] ptrace attach of "/syz-executor exec"[8084] was attempted by "/syz-executor exec"[8083] [ 285.222277][ T4814] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 285.222704][ T4814] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 285.224205][ T4814] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 285.224309][ T4814] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 285.224381][ T4814] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 285.224451][ T4814] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 285.224516][ T4814] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 285.224583][ T4814] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 285.224648][ T4814] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 285.224755][ T4814] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 285.253237][ T4814] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 285.712914][ T8301] fido_id[8301]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 316.126875][ T783] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 316.276772][ T783] usb 1-1: Using ep0 maxpacket: 8 [ 316.289183][ T783] usb 1-1: unable to get BOS descriptor or descriptor too short [ 316.323695][ T783] usb 1-1: config 5 has an invalid interface number: 88 but max is 0 [ 316.324018][ T783] usb 1-1: config 5 has no interface number 0 [ 316.326638][ T783] usb 1-1: config 5 interface 88 altsetting 8 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 316.327029][ T783] usb 1-1: config 5 interface 88 altsetting 8 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 316.327146][ T783] usb 1-1: config 5 interface 88 altsetting 8 has an endpoint descriptor with address 0xFC, changing to 0x8C [ 316.327219][ T783] usb 1-1: config 5 interface 88 altsetting 8 endpoint 0x8C has an invalid bInterval 212, changing to 11 [ 316.327320][ T783] usb 1-1: config 5 interface 88 altsetting 8 endpoint 0x8C has invalid maxpacket 9675, setting to 1024 [ 316.327453][ T783] usb 1-1: config 5 interface 88 altsetting 8 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 316.327574][ T783] usb 1-1: config 5 interface 88 has no altsetting 0 [ 316.345900][ T783] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=f8.09 [ 316.346579][ T783] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.346843][ T783] usb 1-1: Product: syz [ 316.346942][ T783] usb 1-1: Manufacturer: syz [ 316.347050][ T783] usb 1-1: SerialNumber: syz [ 316.372132][ T9025] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 316.605312][ T783] asix 1-1:5.88: probe with driver asix failed with error -22 [ 316.629386][ T783] usb 1-1: USB disconnect, device number 3 [ 318.166535][ T9067] syz.0.2742 uses obsolete (PF_INET,SOCK_PACKET) [ 374.049159][T10366] netlink: 'syz.1.3378': attribute type 1 has an invalid length. [ 374.050782][T10366] netlink: 157116 bytes leftover after parsing attributes in process `syz.1.3378'. [ 391.677384][ T3448] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 391.826750][ T3448] usb 1-1: Using ep0 maxpacket: 32 [ 391.846896][ T3448] usb 1-1: config 0 has an invalid interface number: 188 but max is 0 [ 391.847177][ T3448] usb 1-1: config 0 has no interface number 0 [ 391.853230][ T3448] usb 1-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 391.873123][ T3448] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 391.873400][ T3448] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.875344][ T3448] usb 1-1: Product: syz [ 391.875419][ T3448] usb 1-1: Manufacturer: syz [ 391.875472][ T3448] usb 1-1: SerialNumber: syz [ 391.904785][ T3448] usb 1-1: config 0 descriptor?? [ 391.909701][T10764] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 392.131237][T10764] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 392.343094][ T3448] asix 1-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 392.344368][ T3448] asix 1-1:0.188: probe with driver asix failed with error -32 [ 392.373308][ T3448] usb 1-1: USB disconnect, device number 4 [ 399.102070][T10861] xt_hashlimit: max too large, truncated to 1048576 [ 401.134154][T10913] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3638'. [ 434.616095][T11646] binder: 11645:11646 ioctl c0306201 0 returned -14 [ 434.622977][T11646] binder: 11645:11646 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 434.623329][T11646] binder: 11646 RLIMIT_NICE not set [ 434.623778][T11646] binder: 11645:11646 ioctl c0306201 20000080 returned -11 [ 436.038408][ T797] ================================================================== [ 436.042579][ T797] BUG: KASAN: slab-use-after-free in defer_free+0x3c/0xbc [ 436.044700][ T797] Write at addr f9f000000f9b06e0 by task kworker/u8:6/797 [ 436.045205][ T797] Pointer tag: [f9], memory tag: [fe] [ 436.045299][ T797] [ 436.046581][ T797] CPU: 0 UID: 0 PID: 797 Comm: kworker/u8:6 Tainted: G L syzkaller #0 PREEMPT [ 436.047111][ T797] Tainted: [L]=SOFTLOCKUP [ 436.047159][ T797] Hardware name: linux,dummy-virt (DT) [ 436.047584][ T797] Workqueue: events_unbound bpf_map_free_deferred [ 436.048738][ T797] Call trace: [ 436.049092][ T797] show_stack+0x18/0x24 (C) [ 436.049426][ T797] dump_stack_lvl+0x78/0x90 [ 436.049544][ T797] print_report+0x108/0x61c [ 436.049596][ T797] kasan_report+0x88/0xac [ 436.049640][ T797] __do_kernel_fault+0x170/0x1c8 [ 436.049689][ T797] do_bad_area+0x68/0x78 [ 436.049735][ T797] do_tag_check_fault+0x34/0x44 [ 436.049781][ T797] do_mem_abort+0x44/0x94 [ 436.049826][ T797] el1_abort+0x44/0x68 [ 436.049870][ T797] el1h_64_sync_handler+0x50/0xac [ 436.049916][ T797] el1h_64_sync+0x6c/0x70 [ 436.050060][ T797] defer_free+0x3c/0xbc (P) [ 436.050110][ T797] kfree_nolock+0x1a0/0x1d4 [ 436.050155][ T797] range_tree_destroy+0x74/0x90 [ 436.050202][ T797] arena_map_free+0x64/0x90 [ 436.050251][ T797] bpf_map_free_deferred+0x70/0x180 [ 436.050297][ T797] process_one_work+0x178/0x2cc [ 436.050345][ T797] worker_thread+0x24c/0x354 [ 436.050390][ T797] kthread+0x130/0x1fc [ 436.050432][ T797] ret_from_fork+0x10/0x20 [ 436.050656][ T797] [ 436.050710][ T797] Allocated by task 11682: [ 436.050926][ T797] kasan_save_stack+0x3c/0x64 [ 436.051055][ T797] save_stack_info+0x40/0x158 [ 436.051087][ T797] kasan_save_alloc_info+0x14/0x20 [ 436.051117][ T797] __kasan_kmalloc+0xb4/0xb8 [ 436.051149][ T797] kmalloc_nolock_noprof+0x1dc/0x4fc [ 436.051183][ T797] range_tree_set+0x644/0x778 [ 436.051214][ T797] arena_map_alloc+0x11c/0x17c [ 436.051252][ T797] map_create+0x19c/0xa98 [ 436.051286][ T797] __sys_bpf+0x348/0x1a88 [ 436.051315][ T797] __arm64_sys_bpf+0x24/0x34 [ 436.051345][ T797] invoke_syscall+0x48/0x110 [ 436.051379][ T797] el0_svc_common.constprop.0+0x40/0xe0 [ 436.051414][ T797] do_el0_svc+0x1c/0x28 [ 436.051447][ T797] el0_svc+0x34/0x128 [ 436.051479][ T797] el0t_64_sync_handler+0xa0/0xe4 [ 436.051511][ T797] el0t_64_sync+0x1a4/0x1a8 [ 436.051569][ T797] [ 436.051724][ T797] Freed by task 797: [ 436.051792][ T797] kasan_save_stack+0x3c/0x64 [ 436.051838][ T797] save_stack_info+0x40/0x158 [ 436.051867][ T797] kasan_save_free_info+0x18/0x24 [ 436.051897][ T797] __kasan_slab_free+0x7c/0x8c [ 436.051926][ T797] kfree_nolock+0xcc/0x1d4 [ 436.051958][ T797] range_tree_destroy+0x74/0x90 [ 436.051991][ T797] arena_map_free+0x64/0x90 [ 436.052021][ T797] bpf_map_free_deferred+0x70/0x180 [ 436.052056][ T797] process_one_work+0x178/0x2cc [ 436.052091][ T797] worker_thread+0x24c/0x354 [ 436.052122][ T797] kthread+0x130/0x1fc [ 436.052151][ T797] ret_from_fork+0x10/0x20 [ 436.052189][ T797] [ 436.052227][ T797] The buggy address belongs to the object at fff000000f9b06c0 [ 436.052227][ T797] which belongs to the cache kmalloc-64 of size 64 [ 436.052321][ T797] The buggy address is located 32 bytes inside of [ 436.052321][ T797] 64-byte region [fff000000f9b06c0, fff000000f9b0700) [ 436.052360][ T797] [ 436.052553][ T797] The buggy address belongs to the physical page: [ 436.052994][ T797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xf8f000000f9b0c80 pfn:0x4f9b0 [ 436.053399][ T797] flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) [ 436.053796][ T797] page_type: f5(slab) [ 436.054393][ T797] raw: 01ffc00000000000 fbf0000003001600 dead000000000122 0000000000000000 [ 436.054492][ T797] raw: f8f000000f9b0c80 000000008040003f 00000000f5000000 0000000000000000 [ 436.054612][ T797] page dumped because: kasan: bad access detected [ 436.054646][ T797] [ 436.054673][ T797] Memory state around the buggy address: [ 436.054915][ T797] fff000000f9b0400: f3 f3 f3 fe f0 f0 f0 fe f8 f8 f8 f8 f9 f9 f9 f9 [ 436.055004][ T797] fff000000f9b0500: fa fa fa fe f8 f8 f8 fe fe fe fe fe fe fe fe fe [ 436.055058][ T797] >fff000000f9b0600: fe fe fe fe f8 f8 f8 fe fd fd fd fd fe fe fe fe [ 436.055117][ T797] ^ [ 436.055226][ T797] fff000000f9b0700: fe fe fe fe fe fe fe fe f6 f6 f6 fe fe fe fe fe [ 436.055270][ T797] fff000000f9b0800: f9 f9 f9 fe f6 f6 f6 f6 f8 f8 f8 f8 f9 f9 f9 fe [ 436.055345][ T797] ================================================================== [ 436.056696][ T797] Disabling lock debugging due to kernel taint VM DIAGNOSIS: 10:07:31 Registers: info registers vcpu 0 CPU#0 PC=ffff800080345354 X00=fbf00000032a9200 X01=00000000000a2820 X02=00000000ffffffff X03=0000000007ffffff X04=f9f00000048dc200 X05=000000000000002e X06=000000000000002e X07=f0f000000643d33c X08=f1f00000032a9100 X09=000000000000002f X10=ffff800082ddbd78 X11=0000000000000036 X12=ffff800082acf208 X13=ffff800083d136a8 X14=00000000ffffffea X15=ffff800083d13810 X16=ffff800082dd8000 X17=fff07ffffcf04000 X18=fffffffffff8f727 X19=fbf00000032a9200 X20=00000000ffffffff X21=00000000000a2820 X22=ffff8000829eab00 X23=00000000ffffffff X24=ffff8000816bd8c0 X25=0000000000000280 X26=f6f0000003ba3a80 X27=ffff8000829f1000 X28=faf000000e7ace10 X29=ffff800082ddba10 X30=ffff80008030d408 SP=ffff800082ddba10 PSTATE=40402009 -Z-- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffbc376438:0000ffffbc376450 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffbc376448:0000ffffbc376490 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffbcedca20:0000ffffbc376430 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffbc376468:0000ffffbc376440 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffbc376478:0000ffffbc376470 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffbc376478:0000ffffbc376470 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffbc376488:0000ffffbc376480 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffcd25ed60:0000ffffcd25ed60 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffcd25ed30 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff80008092e390 X00=0000000000000002 X01=0000000000000018 X02=ffff800082e05018 X03=ffff800082b9de30 X04=f7f0000003b81080 X05=0000000000000020 X06=0000000000000020 X07=0000000000000000 X08=7f7f7f7f7f7f7f7f X09=ffff800082b9de60 X10=0000000000000001 X11=ffff8000831dbe20 X12=ffff800082acf208 X13=ffff8000831dbb8d X14=ffff8000831dbb98 X15=ffff8000831dba00 X16=0000000000000000 X17=0000000000000000 X18=00000000ffffffff X19=f5f0000003248011 X20=ffff80008092e534 X21=f7f0000003b81080 X22=f5f0000003248011 X23=ffff80008092e534 X24=0000000000000075 X25=fbf00000031ae300 X26=0000000000000001 X27=0000000000000000 X28=0000000000000000 X29=ffff8000831dbca0 X30=ffff80008092e55c SP=ffff8000831dbca0 PSTATE=814020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2525252525252525:2525252525252525 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000756c6c257a79:732f74656e2f7075 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffff000000ff0000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ff000f0000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00524f5252450040:0000000000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffff1d683e0:0000fffff1d683e0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000fffff1d683b0 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000