last executing test programs: 14.974616036s ago: executing program 1 (id=24682): ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, 0x0) r0 = epoll_create1(0x0) ioctl$SIOCGIFHWADDR(r0, 0x5421, &(0x7f0000000000)={'vlan0\x00'}) 14.901951966s ago: executing program 1 (id=24683): r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000001080)='.pending_reads\x00', 0x62cc2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$smackfs_cipsonum(r0, 0x0, 0x0) 14.813167627s ago: executing program 1 (id=24684): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0xffffffff, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a) 14.603799004s ago: executing program 1 (id=24685): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x0, {{}, {}, {0x14}}}, 0x30}}, 0x0) 14.524070844s ago: executing program 1 (id=24686): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)=0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) 14.441525225s ago: executing program 1 (id=24687): r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SOUND_MIXER_READ_CAPS(r1, 0x80044dfc, &(0x7f0000000000)) 422.816035ms ago: executing program 0 (id=24804): r0 = openat$mixer(0xffffff9c, &(0x7f0000000000), 0x103100, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r0, 0xc0184800, &(0x7f0000000040)={0x3, r0}) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r1, 0x5452, &(0x7f00000000c0)={'sit0\x00', 0x0}) 337.112856ms ago: executing program 0 (id=24805): r0 = socket$inet6(0xa, 0x80801, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x8, 0x0, &(0x7f0000000000)) 263.182186ms ago: executing program 0 (id=24806): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) fcntl$lock(r1, 0x5, &(0x7f0000000300)) 184.497186ms ago: executing program 0 (id=24807): prlimit64(0x0, 0x1, &(0x7f00000000c0), 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$vhost_msg(r0, &(0x7f0000000380)={0x1, {0x0, 0x0, 0x0, 0x3, 0x2}}, 0x48) 103.939016ms ago: executing program 0 (id=24808): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2, 0x13, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001780)={0x3, 0x5, &(0x7f00000001c0)=@framed={{0x18, 0x2}, [@map_val={0x18, 0x2, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xb98e}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) 0s ago: executing program 0 (id=24809): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) read$usbfs(r1, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:24770' (ED25519) to the list of known hosts. syzkaller login: [ 85.386040][ T3312] cgroup: Unknown subsys name 'net' [ 85.632028][ T3312] cgroup: Unknown subsys name 'cpuset' [ 85.658781][ T3312] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.196424][ T3312] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 95.312389][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.333921][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.536426][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.559722][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.459973][ T3317] hsr_slave_0: entered promiscuous mode [ 96.468039][ T3317] hsr_slave_1: entered promiscuous mode [ 96.637631][ T3318] hsr_slave_0: entered promiscuous mode [ 96.641362][ T3318] hsr_slave_1: entered promiscuous mode [ 96.646487][ T3318] debugfs: 'hsr0' already exists in 'hsr' [ 96.647223][ T3318] Cannot create hsr debugfs directory [ 97.466421][ T3317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.512714][ T3317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.533066][ T3317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.579529][ T3317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.811161][ T3318] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 97.840905][ T3318] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 97.869978][ T3318] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 97.902043][ T3318] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 98.789817][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.016254][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.002531][ T3317] veth0_vlan: entered promiscuous mode [ 102.025948][ T3317] veth1_vlan: entered promiscuous mode [ 102.109665][ T3317] veth0_macvtap: entered promiscuous mode [ 102.132538][ T3317] veth1_macvtap: entered promiscuous mode [ 102.310466][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.333014][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.333600][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.333751][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.621763][ T3318] veth0_vlan: entered promiscuous mode [ 102.671900][ T3318] veth1_vlan: entered promiscuous mode [ 102.831463][ T3317] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 102.883715][ T3318] veth0_macvtap: entered promiscuous mode [ 102.937408][ T3318] veth1_macvtap: entered promiscuous mode [ 103.400877][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.401335][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.408821][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.409210][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.027161][ T3576] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 109.793528][ T3626] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 110.123547][ T3638] Zero length message leads to an empty skb [ 116.836464][ T3819] syz.0.174 uses obsolete (PF_INET,SOCK_PACKET) [ 127.138107][ T4084] xt_connbytes: Forcing CT accounting to be enabled [ 127.548968][ T4096] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 141.655409][ T4475] capability: warning: `syz.1.497' uses deprecated v2 capabilities in a way that may be insecure [ 213.670933][ T6405] dlm: no local IP address has been set [ 213.677565][ T6405] dlm: cannot start dlm midcomms -107 [ 225.539639][ T6718] capability: warning: `syz.1.1605' uses 32-bit capabilities (legacy support in use) [ 250.903113][ T7358] random: crng reseeded on system resumption [ 287.513006][ T8308] nvme_fabrics: missing parameter 'transport=%s' [ 287.515303][ T8308] nvme_fabrics: missing parameter 'nqn=%s' [ 292.637549][ T8469] random: crng reseeded on system resumption [ 304.638193][ T8817] kernel profiling enabled (shift: 4) [ 328.288800][ T9429] syz.1.2941 (9429): drop_caches: 0 [ 375.735799][T10651] ======================================================= [ 375.735799][T10651] WARNING: The mand mount option has been deprecated and [ 375.735799][T10651] and is ignored by this kernel. Remove the mand [ 375.735799][T10651] option from the mount to silence this warning. [ 375.735799][T10651] ======================================================= [ 415.794364][ C1] hrtimer: interrupt took 399760 ns [ 433.110403][T12108] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 433.112644][T12108] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 434.018664][T12132] TCP: TCP_TX_DELAY enabled [ 446.382133][T12466] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4444'. [ 449.256517][T12535] syz.0.4478 (12535): drop_caches: 0 [ 495.401399][T13814] random: crng reseeded on system resumption [ 514.756585][ T3743] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 515.016123][ T3743] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 515.019848][ T3743] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.023912][ T3743] usb 1-1: Product: syz [ 515.036233][ T3743] usb 1-1: Manufacturer: syz [ 515.037999][ T3743] usb 1-1: SerialNumber: syz [ 515.482658][ T3743] rtl8150 1-1:1.0: couldn't reset the device [ 515.495567][ T3743] rtl8150 1-1:1.0: probe with driver rtl8150 failed with error -5 [ 515.526131][ T3743] usb 1-1: USB disconnect, device number 2 [ 530.683739][T14781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 530.689876][T14781] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 546.949526][T15241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5819'. [ 608.079293][T16905] bond_slave_1: entered promiscuous mode [ 609.568563][T16953] random: crng reseeded on system resumption [ 738.597746][T20414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 738.599293][T20414] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 772.868271][T21459] random: crng reseeded on system resumption [ 779.749679][T21673] syz.0.9003(21673): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 785.295269][T11857] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 785.471643][T11857] usb 1-1: config 0 has no interfaces? [ 785.513559][T11857] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 785.518556][T11857] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 785.520847][T11857] usb 1-1: Product: syz [ 785.522807][T11857] usb 1-1: Manufacturer: syz [ 785.528579][T11857] usb 1-1: SerialNumber: syz [ 785.549131][T11857] usb 1-1: config 0 descriptor?? [ 785.785328][T11857] usb 1-1: USB disconnect, device number 3 [ 909.678025][T25731] mmap: syz.1.11010 (25731) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 957.792002][T27198] random: crng reseeded on system resumption [ 959.283855][T27244] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 959.291959][T27244] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 962.512228][T27337] xt_NFQUEUE: number of queues (65535) out of range (got 65541) [ 988.746038][ T7415] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 988.960381][ T7415] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 988.960746][ T7415] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 988.997933][ T7415] usb 1-1: config 0 descriptor?? [ 989.522185][ T7415] usb 1-1: Cannot read MAC address [ 989.523542][ T7415] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 989.556438][ T7415] usb 1-1: USB disconnect, device number 4 [ 1040.710731][T29676] random: crng reseeded on system resumption [ 1057.182016][T30149] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1057.183422][T30149] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1072.843850][T30669] random: crng reseeded on system resumption [ 1081.888179][T30965] __vm_enough_memory: pid: 30965, comm: syz.1.13602, bytes: 4503599627366400 not enough memory for the allocation [ 1091.343914][T31251] snd_aloop snd_aloop.0: control 3:0:1361:syz0:7 is already present [ 1207.970051][ T2504] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1207.971531][ T2504] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1216.442015][ T2762] usb usb1: usbfs: process 2762 (syz.1.15681) did not claim interface 8 before use [ 1235.075310][ T3362] syz.0.15957 (3362): drop_caches: 0 [ 1308.686111][ T5616] syz.0.17061 (5616): /proc/5613/oom_adj is deprecated, please use /proc/5613/oom_score_adj instead. [ 1328.892231][ T6231] bond0: (slave bond_slave_1): Error: Device is in use and cannot be enslaved [ 1335.745704][ T24] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 1335.915735][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 1335.930322][ T24] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1335.930569][ T24] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1335.931971][ T24] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 1335.932028][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1335.938390][ T24] usb 1-1: config 0 descriptor?? [ 1335.962121][ T24] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 1336.165677][ T3901] usb 1-1: USB disconnect, device number 5 [ 1365.853551][ T7581] 8021q: VLANs not supported on wg2 [ 1368.888970][ T7715] binder: Bad value for 'max' [ 1380.106257][ T8196] veth0_to_team: entered allmulticast mode [ 1400.385215][T11857] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 1400.620833][T11857] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1400.621520][T11857] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1400.623792][T11857] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1400.660256][T11857] usb 1-1: config 0 descriptor?? [ 1401.161155][T11857] usbhid 1-1:0.0: can't add hid device: -71 [ 1401.162182][T11857] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1401.196262][T11857] usb 1-1: USB disconnect, device number 6 [ 1425.182535][T10169] misc userio: The device must be registered before sending interrupts [ 1435.645413][T10608] random: crng reseeded on system resumption [ 1465.292893][T11837] [U] ^@ [ 1511.648819][T13700] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.21041' sets config #1 [ 1517.818529][T13991] random: crng reseeded on system resumption [ 1559.741627][T15782] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 1559.743565][T15782] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 1559.746745][T15782] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 1563.387199][T15895] random: crng reseeded on system resumption [ 1572.711634][ T8829] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 1572.713223][ T8829] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 1572.718046][ T8829] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 1572.721183][ T8829] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 1572.735260][ T8829] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 1572.737187][ T8829] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 1572.738504][ T8829] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 1572.739710][ T8829] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 1572.739948][ T8829] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 1572.740078][ T8829] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 1572.755700][ T8829] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.43 Device [syz1] on syz1 [ 1573.046293][T16304] fido_id[16304]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1573.242637][T16317] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1573.243466][T16317] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1574.375870][T16371] ucma_write: process 22091 (syz.0.22366) changed security contexts after opening file descriptor, this is not allowed. [ 1582.809802][ T9148] hid_parser_main: 82 callbacks suppressed [ 1582.814677][ T9148] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1582.816055][ T9148] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1582.829726][ T9148] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz1 [ 1583.260499][T16586] fido_id[16586]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1613.376962][T17621] netlink: 'syz.0.22975': attribute type 13 has an invalid length. [ 1613.418368][T17621] gretap0: refused to change device tx_queue_len [ 1613.420382][T17621] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1661.699379][T18968] team_slave_0: entered allmulticast mode [ 1665.223504][T19014] mmap: syz.1.23648 (19014): VmData 29106176 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 1665.498883][T19027] netlink: 32 bytes leftover after parsing attributes in process `syz.1.23655'. [ 1704.752851][T20132] loop7: detected capacity change from 0 to 7 [ 1704.768727][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1704.769604][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1704.776928][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1704.777327][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1704.778963][T20132] loop7: unable to read partition table [ 1704.788880][T20132] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 1704.872488][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1704.872889][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1704.880892][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1704.881326][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1704.898608][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1704.899040][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1704.902539][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1704.902880][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1704.909428][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1704.909778][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 1704.933327][T20096] udevd[20096]: symlink '../../loop7' '/dev/disk/by-diskseq/54.tmp-b7:7' failed: Read-only file system [ 1705.037149][T20096] udevd[20096]: symlink '../../loop7' '/dev/disk/by-diskseq/54.tmp-b7:7' failed: Read-only file system [ 1705.113128][T20096] udevd[20096]: symlink '../../loop7' '/dev/disk/by-diskseq/54.tmp-b7:7' failed: Read-only file system [ 1718.048094][T20563] netlink: 'syz.0.24402': attribute type 1 has an invalid length. [ 1718.048387][T20563] netlink: 157116 bytes leftover after parsing attributes in process `syz.0.24402'. [ 1732.759122][T20891] binder_alloc: binder_alloc_mmap_handler: 20890 20ffe000-20fff000 already mapped failed -16 [ 1733.172278][T20850] udevd[20850]: symlink '../../loop5' '/dev/disk/by-diskseq/56.tmp-b7:5' failed: Read-only file system [ 1736.141490][T20984] ptrace attach of "/syz-executor exec"[20985] was attempted by "/syz-executor exec"[20984] [ 1750.711637][T21237] netlink: 12 bytes leftover after parsing attributes in process `syz.0.24731'. [ 1757.217261][ T39] ================================================================== [ 1757.222092][ T39] BUG: KASAN: slab-use-after-free in defer_free+0x3c/0xbc [ 1757.225117][ T39] Write at addr fdf0000006464f60 by task kworker/u8:2/39 [ 1757.225657][ T39] Pointer tag: [fd], memory tag: [fe] [ 1757.225756][ T39] [ 1757.227030][ T39] CPU: 0 UID: 0 PID: 39 Comm: kworker/u8:2 Tainted: G L syzkaller #0 PREEMPT [ 1757.227636][ T39] Tainted: [L]=SOFTLOCKUP [ 1757.227691][ T39] Hardware name: linux,dummy-virt (DT) [ 1757.228133][ T39] Workqueue: events_unbound bpf_map_free_deferred [ 1757.229458][ T39] Call trace: [ 1757.229801][ T39] show_stack+0x18/0x24 (C) [ 1757.230155][ T39] dump_stack_lvl+0x78/0x90 [ 1757.230293][ T39] print_report+0x108/0x61c [ 1757.230354][ T39] kasan_report+0x88/0xac [ 1757.230417][ T39] __do_kernel_fault+0x170/0x1c8 [ 1757.230521][ T39] do_bad_area+0x68/0x78 [ 1757.230573][ T39] do_tag_check_fault+0x34/0x44 [ 1757.230712][ T39] do_mem_abort+0x44/0x94 [ 1757.230776][ T39] el1_abort+0x44/0x68 [ 1757.230883][ T39] el1h_64_sync_handler+0x50/0xac [ 1757.230930][ T39] el1h_64_sync+0x6c/0x70 [ 1757.231149][ T39] defer_free+0x3c/0xbc (P) [ 1757.231213][ T39] kfree_nolock+0x1a0/0x1d4 [ 1757.231262][ T39] range_tree_destroy+0x74/0x90 [ 1757.231312][ T39] arena_map_free+0x64/0x90 [ 1757.231356][ T39] bpf_map_free_deferred+0x70/0x180 [ 1757.231414][ T39] process_one_work+0x178/0x2cc [ 1757.231462][ T39] worker_thread+0x24c/0x354 [ 1757.231503][ T39] kthread+0x130/0x1fc [ 1757.231550][ T39] ret_from_fork+0x10/0x20 [ 1757.231804][ T39] [ 1757.231898][ T39] Allocated by task 21395: [ 1757.232281][ T39] kasan_save_stack+0x3c/0x64 [ 1757.232473][ T39] save_stack_info+0x40/0x158 [ 1757.232518][ T39] kasan_save_alloc_info+0x14/0x20 [ 1757.232558][ T39] __kasan_kmalloc+0xb4/0xb8 [ 1757.232598][ T39] kmalloc_nolock_noprof+0x1dc/0x4fc [ 1757.232640][ T39] range_tree_set+0x644/0x778 [ 1757.232679][ T39] arena_map_alloc+0x11c/0x17c [ 1757.232718][ T39] map_create+0x19c/0xa98 [ 1757.232757][ T39] __sys_bpf+0x348/0x1a88 [ 1757.232799][ T39] __arm64_sys_bpf+0x24/0x34 [ 1757.232837][ T39] invoke_syscall+0x48/0x110 [ 1757.232874][ T39] el0_svc_common.constprop.0+0x40/0xe0 [ 1757.232911][ T39] do_el0_svc+0x1c/0x28 [ 1757.232947][ T39] el0_svc+0x34/0x128 [ 1757.232980][ T39] el0t_64_sync_handler+0xa0/0xe4 [ 1757.233014][ T39] el0t_64_sync+0x1a4/0x1a8 [ 1757.233097][ T39] [ 1757.233149][ T39] Freed by task 39: [ 1757.233206][ T39] kasan_save_stack+0x3c/0x64 [ 1757.233250][ T39] save_stack_info+0x40/0x158 [ 1757.233286][ T39] __kasan_save_free_info+0x18/0x24 [ 1757.233323][ T39] __kasan_slab_free+0x80/0x84 [ 1757.233358][ T39] kfree_nolock+0xcc/0x1d4 [ 1757.233393][ T39] range_tree_destroy+0x74/0x90 [ 1757.233445][ T39] arena_map_free+0x64/0x90 [ 1757.233479][ T39] bpf_map_free_deferred+0x70/0x180 [ 1757.233513][ T39] process_one_work+0x178/0x2cc [ 1757.233607][ T39] worker_thread+0x24c/0x354 [ 1757.233677][ T39] kthread+0x130/0x1fc [ 1757.233720][ T39] ret_from_fork+0x10/0x20 [ 1757.233774][ T39] [ 1757.233819][ T39] The buggy address belongs to the object at fff0000006464f40 [ 1757.233819][ T39] which belongs to the cache kmalloc-64 of size 64 [ 1757.234008][ T39] The buggy address is located 32 bytes inside of [ 1757.234008][ T39] 64-byte region [fff0000006464f40, fff0000006464f80) [ 1757.234084][ T39] [ 1757.234351][ T39] The buggy address belongs to the physical page: [ 1757.234966][ T39] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x46464 [ 1757.235466][ T39] flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) [ 1757.235932][ T39] page_type: f5(slab) [ 1757.236558][ T39] raw: 01ffc00000000000 fbf0000003001600 ffffc1ffc03425c0 dead000000000002 [ 1757.236622][ T39] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 1757.236762][ T39] page dumped because: kasan: bad access detected [ 1757.236811][ T39] [ 1757.236850][ T39] Memory state around the buggy address: [ 1757.237140][ T39] fff0000006464d00: fd fd fd fe fd fd fd fe f6 f6 f6 f6 f0 f0 f0 fe [ 1757.237243][ T39] fff0000006464e00: f1 f1 f1 fe f7 f7 f7 fe fb fb fb fb f6 f6 f6 f6 [ 1757.237311][ T39] >fff0000006464f00: f3 f3 f3 fe fe fe fe fe fa fa fa fa fb fb fb fe [ 1757.237375][ T39] ^ [ 1757.237506][ T39] fff0000006465000: f6 f6 f6 f6 f6 f6 f6 f0 f0 f0 f0 f0 f0 f0 f5 f5 [ 1757.237539][ T39] fff0000006465100: f5 f5 f5 f5 f5 f1 f1 f1 f1 f1 f1 f1 fc fc fc fc [ 1757.237615][ T39] ================================================================== [ 1757.239839][ T39] Disabling lock debugging due to kernel taint VM DIAGNOSIS: 17:23:59 Registers: info registers vcpu 0 CPU#0 PC=ffff8000800fd550 X00=f8f000000314a190 X01=0000000000155cc0 X02=f8f000000314a180 X03=000000f09f281183 X04=0000000000000000 X05=f7f00000068a8e00 X06=0000000000155cc0 X07=000000f09ee6c001 X08=fffffffffff68d22 X09=0000000000155cc0 X10=ffffffffff20239d X11=0000000000000001 X12=0000000000000000 X13=0000000000000000 X14=0000000000000018 X15=ffff800081bd4230 X16=ffff800082dd8000 X17=fff07ffffcf04000 X18=0000000000000000 X19=fff000007f8d7c00 X20=fbf000000a15ca00 X21=fbf000000a15ca10 X22=0000000000000001 X23=0000000000000001 X24=fbf00000043c1080 X25=ffff80008321bc88 X26=fbf0000003024028 X27=fbf00000043c1770 X28=fff000007f8d7b80 X29=ffff80008321bb20 X30=ffff8000800fd6f4 SP=ffff80008321bb20 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2525252525252525:2525252525252525 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:732528746174736c:00000073252f7325 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000f000000000f0 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00ff000000000000:ffffff00ff0000ff Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0f000000fff0f00f Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffd40d6ea0:0000ffffd40d6ea0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffd40d6e70 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff8000809280a0 X00=0000000000000002 X01=0000000000000018 X02=ffff800082e05018 X03=ffff800082b9dda0 X04=f3f00000032dc880 X05=000000000000005b X06=ffff8001031dbc15 X07=00000000ffffffff X08=ffff8000831dbc1a X09=ffff800082b9ddd0 X10=0000000000000001 X11=ffff8000831dbe20 X12=ffff800082acf248 X13=ffff8000831dbb8d X14=ffff8000831dbb98 X15=ffff8000831dba00 X16=ffff800082de0000 X17=fff07ffffcf1d000 X18=00000000ffffffff X19=fdf00000032c900f X20=ffff800080928244 X21=f3f00000032dc880 X22=fdf00000032c900f X23=ffff800080928244 X24=0000000000000018 X25=f4f00000043a8000 X26=0000000000000001 X27=0000000000000000 X28=0000000000000000 X29=ffff8000831dbca0 X30=ffff80008092826c SP=ffff8000831dbca0 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b1bb18780525024f:00388dd2b890325e Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6b36b8f7427a3f82:df4f39bc4641723c Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:59062e15ecb94562:c967f98868fb9978 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f476f3b4f98cd9d0:81ffd8007c1dfc6d Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:9f0962b94eb54519:2c0c7e6bbbdd7a3a Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ebabf4677b957d1d:7610dc32c7d5695a Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:8d37ecb2b382e87f:1c0dbef759aef729 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d35521d60fb880ea:19eb0d5455a64bf3 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b1b718780529024b:00308dd2b89f324e Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6b36b8f7427a3c82:df4f39bc464d723c Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:e52a6cb233271137:d2510cab458f2b4e Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:746a9b436739c760:b7a7e87bae4f1b50 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2607ebca53c8e9bd:2dde90cf6fd736b5 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:fd5cbc426e375ce3:4ebfa10362ccd5fe